Interview With Mozilla's Ryan Merkley: Tracking the Trackers

← Back to Stories (view on slashdot.org)

Interview With Mozilla's Ryan Merkley: Tracking the Trackers

Posted by samzenpus on Thursday June 21, 2012 @09:33PM from the listen-but-don't-track dept.

colinneagle writes "Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. Our voices matter and our actions matter even more.' After you download and install Collusion in Firefox, you can 'see who is tracking you across the Web and following you through the digital woods,' Kovacs stated. 'Going forward, all of our voices need to be heard. Because what we don't know can actually hurt us. Because the memory of the Internet is forever. We are being watched. It's now time for us to watch the watchers.' I've been using Collusion for some time now and it is jaw-dropping to watch all the sites that still stalk us across the web even with DNT and privacy add-ons. The Collusion page states: 'The Ford Foundation is supporting Mozilla to develop the Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to.'"

28 of 165 comments (clear)

Min score:

Reason:

Sort:

Download/Demo here by saibot834 · 2012-06-21 21:47 · Score: 5, Informative

Collusion Download/Demo. Looks like a pretty nifty tool. And completely without flash!
1. Re:Download/Demo here by Inda · 2012-06-21 22:13 · Score: 5, Interesting
  
  You don't need that to see how we're being tracked (although I do have it installed).
  
  I'd been looking at having laser eye surgery for some time. Money was the only thing stopping me from doing real research.
  
  There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.
  
  I went through the process of consultation, price negotiation and all that stuff. I was happy with everything offered, and went ahead with the surgery (two weeks ago, best thing I've ever done).
  
  Top of Slashdot today? Adverts for laser eye surgery at Optical Express. In fact, every blinking website I visit at work is trying to show me adverts for Optical Express. This has been going on for nearly two months!
  
  I'm sure it must happen to everyone, everywhere.
  
  --
  This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
2. Re:Download/Demo here by Sviams · 2012-06-21 22:18 · Score: 5, Funny
  
  And here you are, posting an advert for Optical Express...oh the irony :)
3. Re:Download/Demo here by Anonymous Coward · 2012-06-21 22:22 · Score: 5, Funny
  
  Those ads have always been there - maybe you can only see them after you had the surgery!
4. Re:Download/Demo here by R_Dorothy · 2012-06-21 23:08 · Score: 4, Insightful
  
  Yep, I've noticed that ad networks are very good at trying to sell me something I've already bought.
  
  --
  Stupid flounders!
5. Re:Download/Demo here by bitt3n · 2012-06-21 23:52 · Score: 4, Funny
  
  you wonder why Optical Express gave you such a good deal on laser surgery, and next you're going to start seeing advertisements on your walls, in your shower, in the blue sky, whenever you close your eyes....
  
  --
  how many pairs of boxer shorts should you own?
6. Re:Download/Demo here by cffrost · 2012-06-22 07:46 · Score: 4, Informative
  
  There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.
  
  Here, you've admitted to two newbie mistakes that culminate in your tale of woe.
  
  Top of Slashdot today? Adverts for laser eye surgery at Optical Express.
  
  These ads (and the attack/tracking vector they signify) will persist until you properly secure your browser.
  
  In fact, every blinking website I visit at work is trying to show me adverts for Optical Express.
  
  In Firefox, open about:config and set browser.blink_allowed to False . If the blinking continues, return to Optical Express and demand a refund.
  
  I'm sure it must happen to everyone, everywhere.
  
  I assure you, that is not the case.
  
  --
  Thank you, Edward Snowden.
  
  "Arguments from authority are worthless." —Carl Sagan
How long until Google notices? by pegasustonans · 2012-06-21 21:52 · Score: 5, Insightful

The Mozilla Foundation reportedly receives ~$300 million annually from Google.
Google is certainly an interested party when it comes to tracking user behavior.
Is this really a good move for Mozilla strategically?

--
And all our yesterdays have lighted fools The way to dusty death. --Will
1. Re:How long until Google notices? by Anonymous Coward · 2012-06-21 22:06 · Score: 3, Insightful
  
  Is this really a good move for Mozilla strategically?
  Yes because the general public do value privacy, and being on the side of public opinion is priceless.
2. Re:How long until Google notices? by Anonymous Coward · 2012-06-21 22:17 · Score: 4, Insightful
  
  Of course it is. Just because they're funded, doesn't mean they're controlled. And I don't think transparency is bad for Google's main business model. People more or less know what Google gets when it is used for searching. I predict they'll jump on board with this one and provide something similar in Chrome. It's the right kind of tool to win over the masses.
3. Re:How long until Google notices? by Jahta · 2012-06-21 22:20 · Score: 5, Insightful
  
  The Mozilla Foundation reportedly receives ~$300 million annually from Google.
  Google is certainly an interested party when it comes to tracking user behavior.
  Is this really a good move for Mozilla strategically?
  The key issue here is informed consent. The "Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to."
  I've no problem allowing cookies and scripts from sites I trust and who are providing me with a service I want. The problem is the number of "drive-by" cookies and scripts you can get hit with.
  When I started using NoScript I was amazed at amount of content I was being silently served from third-party sites without my knowledge or consent.
4. Re:How long until Google notices? by RivenAleem · 2012-06-21 22:30 · Score: 3, Interesting
  
  And if Google withdraw their funding over this Collusion addon, how do you think that will look?
  As far as I know, Google have been very upfrontabout what they have on me and what they use that information for. Collusion doesn't change anything for Google, especially if they respect the DNT option. I think Google would be quite alright with this, as what it really does is reveal how much OTHER people are tracking about you, and not telling you about it. Especially if OTHER people are ignoring DNT.
  Like it is said, if you have nothing to hide from Collusion, then you have nothing to fear.
5. Re:How long until Google notices? by Barefoot+Monkey · 2012-06-22 00:18 · Score: 4, Informative
  
  A nice trick is to set your browser to keep cookies only for the session, clear your cookies and then grab an extension like Cookie Monster or something similar to manage exceptions for the sites where you explicitly want permanent cookies.
6. Re:How long until Google notices? by Hatta · 2012-06-22 01:11 · Score: 2, Interesting
  
  As far as I know
  Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.
  
  --
  Give me Classic Slashdot or give me death!
7. Re:How long until Google notices? by Barefoot+Monkey · 2012-06-22 02:12 · Score: 4, Informative
  
  Those sort of extensions just provide a convenient way of interacting with Mozilla's mechanism. You get a statusbar icon which changes depending on if the site you're viewing has no cookies, blocked cookies, persistent cookies or session cookies. You can click on the icon to change the default action for that site or domain. It's so much simpler than opening the options and adding exceptions manually.
8. Re:How long until Google notices? by swillden · 2012-06-22 02:51 · Score: 4, Informative
  
  As far as I know
  Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.
  Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them. Cookies are kept for 18 months, and many have noted that the cookies can be used to recover the full IP address going back 18 months, assuming you're always connecting from the same IP, but if you've opted out then there are no cookies stored to provide that linkage (I'm not sure if the opt-out cookie is itself anonymous, or if it's stripped before logging, or what, but it's something like that).
  I don't know if browser information is anonymized; I'm sure at least enough is kept to identify the browser version.
  Although you almost certainly won't believe me (since I work for Google), I'll tell you that Google tries very hard to honor tracking opt outs. If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug and it would get fixed. If it couldn't be fixed, controls would be put in place to ensure that the data is not used for tracking in any systematic way, and that individual employees can't access it without specific permissions, and the use of those who actually have a demonstrated need to use it would be audited.
  The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked. Google wants to convince you that you do want to be tracked, of course, that Google's services (including targeted advertising!) are actually sufficiently valuable to you that you want Google to have the data. But if you don't agree, Google provides the tools to allow you to opt out, and honors your choice.
  This isn't to say that bad things will never happen, or that mistakes will never be made. Google is composed of people, and people screw up. Hence things like the Wifi packet capture, and Safari privacy workaround. But violations of the principles of user privacy are treated as errors to be corrected.
  From an information-theoretic standpoint, the best way to be sure that Google never screws up with your privacy is to ensure it is impossible for Google to know anything about you, so opt out of tracking and avoid Google services, or even just block Google at your router. IMO, given its track record, trusting Google to behave responsibly isn't at all unreasonable, and I think Google offers good value in trade for your information (assuming that Google behaves responsibly). But it's your choice, and Google wants it to be possible for you to make that choice.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
9. Re:How long until Google notices? by cusco · 2012-06-22 03:53 · Score: 2
  
  I just find it extremely intriguing that the Ford Foundation is involved in this, since they've been a money conduit for the CIA since at least the early 1960s (Project Mockingbird funding flowed to journalists through Ford Foundation and later Lyla Wallace Fund).
  
  --
  "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
New friends by Anonymous Coward · 2012-06-21 21:58 · Score: 3, Insightful

"Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet.
Evidently, Gary has never met Mark Zuckerberg.
Go Ahead, Track Tor Exit Nodes! by Anonymous Coward · 2012-06-21 22:02 · Score: 5, Interesting

I'm just a random Tor exit node, up one day, down the next, replaced by another random exit node.
Use the Tor Browser Bundle:
- https://www.torproject.org/
Read the Tor OPSEC article:
- http://cryptome.org/0005/tor-opsec.htm
- https://www.schneier.com/blog/archives/2012/01/tor_opsec.html
"HUGE Security Resource" - enjoy a smart selection of Security
Blogs and other security related information
- http://pastebin.com/Cm2ZHuz3
1. Re:Go Ahead, Track Tor Exit Nodes! by Anonymous Coward · 2012-06-21 22:28 · Score: 2, Informative
  
  Wikipedia bans offensive exit nodes from *editing*, not *viewing* their site.
  Oh, and use bridges, always:
  https://bridges.torproject.org/
  for reasons mentioned in the Tor OPSEC document.
  For sites which ban a lot of Tor exit nodes (like godlikeproductions), Startpage's free web proxy evades 99% of these bans, but you can't post with Startpage's proxy, just read.
  Using Tor, you can also run through a lot of free web proxies to evade bans on Tor exit node IPs.
  Some exit nodes remain for awhile (though your circuit is not the same all of the time) others are up one day and down the next.
  PS: two hidden services message boards:
  http://tinyurl.com/hackbbonion
  http://tinyurl.com/onionforum2
2. Re:Go Ahead, Track Tor Exit Nodes! by buchner.johannes · 2012-06-21 22:45 · Score: 4, Insightful
  
  Tor won't help you if the website puts a cookie in your browser (which this discussion is about). What you need is a selective cookie policy (like Ghostery) -- it makes my Collusion graph blank.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Neat... by hey_popey · 2012-06-21 22:10 · Score: 2, Informative

This is nice as a tool to increase users' awareness, but Idon't see the point of using this add-on more than a couple of minutes
Then you install ghostery if not already done, and you forget about trackers...
Who is (really) watching? by k(wi)r(kipedia) · 2012-06-21 22:41 · Score: 2

Okay we know that Google, Facebook and other companies have a tracking system in place. But who's really watching? Is it possible that Larry Page or Mark Zuckerberg is reading this post right now and will click his iAmWatchingU app to find out who typed these words? Or is some other sentient entity looking over me like the deity of some theistic religion.
Maybe the greater danger isn't that we are being watched, but that algorithms are now in control of our lives, processing, analyzing, bankrupting us in a way where sometimes the only human intervention is someone clicking OK.
1. Re:Who is (really) watching? by Zero__Kelvin · 2012-06-21 23:35 · Score: 3, Funny
  
  "Maybe the greater danger isn't that we are being watched, but that algorithms are now in control of our lives"
  (if) you use a (bunch) if (parenthesis) psudeo-randomly in your subject (and) u(ser)n(ame) you can fool the algorithms((!!!!))
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re:Who? by dna_(c)(tm)(r) · 2012-06-21 22:43 · Score: 3, Funny

Title says interview with Ryan Merkly, TFS says Gary Kovaks at TED talk. Maybe I'm just new here, but does anyone read anymore?
Merkly quotes Kovaks.
Now I can quote oodaloop quoting samzenpus quoting Merkly quoting Kovaks. You can quote me on that.
Ghostery? (does the same thing?) by FudRucker · 2012-06-21 23:08 · Score: 4, Informative

http://www.ghostery.com/

--
Politics is Treachery, Religion is Brainwashing
poison with false positives by PopeRatzo · 2012-06-22 00:27 · Score: 3, Insightful

Does anyone know what ever happened to that project for salting the tracking data with false positives? I think it was called "Antiphormlite" and it had gotten up to version 1.3 I think.
I see it talked about on teh google but there doesn't seem to be any place it can be downloaded.
I love the idea of fouling tracking data. It's not enough to "track the trackers". I want to make sure they go away unless they reform themselves.
This is one of those areas where the "free market" is not going to come up with a solution. People say, "I want privacy" and the Free Market says, "Fuck you, pay me."
It's going to take vandalism on a massive scale to fix this one.

--
You are welcome on my lawn.
Ghostery's true background by Anonymous Coward · 2012-06-22 03:36 · Score: 3, Interesting

Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.
Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.
When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something that’s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.
To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy.