Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview With Mozilla's Ryan Merkley: Tracking the Trackers

Posted by samzenpus on from the listen-but-don't-track dept.

colinneagle writes "Among the eye-opening statements in his recent TED talk, Mozilla CEO Gary Kovacs said, 'Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. Our voices matter and our actions matter even more.' After you download and install Collusion in Firefox, you can 'see who is tracking you across the Web and following you through the digital woods,' Kovacs stated. 'Going forward, all of our voices need to be heard. Because what we don't know can actually hurt us. Because the memory of the Internet is forever. We are being watched. It's now time for us to watch the watchers.' I've been using Collusion for some time now and it is jaw-dropping to watch all the sites that still stalk us across the web even with DNT and privacy add-ons. The Collusion page states: 'The Ford Foundation is supporting Mozilla to develop the Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to.'"

16 of 165 comments (clear)

  1. Download/Demo here by saibot834 · · Score: 5, Informative

    Collusion Download/Demo. Looks like a pretty nifty tool. And completely without flash!

    1. Re:Download/Demo here by Inda · · Score: 5, Interesting

      You don't need that to see how we're being tracked (although I do have it installed).

      I'd been looking at having laser eye surgery for some time. Money was the only thing stopping me from doing real research.

      There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.

      I went through the process of consultation, price negotiation and all that stuff. I was happy with everything offered, and went ahead with the surgery (two weeks ago, best thing I've ever done).

      Top of Slashdot today? Adverts for laser eye surgery at Optical Express. In fact, every blinking website I visit at work is trying to show me adverts for Optical Express. This has been going on for nearly two months!

      I'm sure it must happen to everyone, everywhere.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
    2. Re:Download/Demo here by Sviams · · Score: 5, Funny

      And here you are, posting an advert for Optical Express...oh the irony :)

    3. Re:Download/Demo here by Anonymous Coward · · Score: 5, Funny

      Those ads have always been there - maybe you can only see them after you had the surgery!

    4. Re:Download/Demo here by R_Dorothy · · Score: 4, Insightful

      Yep, I've noticed that ad networks are very good at trying to sell me something I've already bought.

      --
      Stupid flounders!
    5. Re:Download/Demo here by bitt3n · · Score: 4, Funny

      you wonder why Optical Express gave you such a good deal on laser surgery, and next you're going to start seeing advertisements on your walls, in your shower, in the blue sky, whenever you close your eyes....

      --
      how many pairs of boxer shorts should you own?
    6. Re:Download/Demo here by cffrost · · Score: 4, Informative

      There was an advert for an Optical Express laser clinic, with a competition for free treatment, so I clicked. It's probably the only time I've ever clicked, and this was at work with no Ad-block installed.

      Here, you've admitted to two newbie mistakes that culminate in your tale of woe.

      Top of Slashdot today? Adverts for laser eye surgery at Optical Express.

      These ads (and the attack/tracking vector they signify) will persist until you properly secure your browser.

      In fact, every blinking website I visit at work is trying to show me adverts for Optical Express.

      In Firefox, open about:config and set browser.blink_allowed to False . If the blinking continues, return to Optical Express and demand a refund.

      I'm sure it must happen to everyone, everywhere.

      I assure you, that is not the case.

      --
      Thank you, Edward Snowden.

      "Arguments from authority are worthless." —Carl Sagan
  2. How long until Google notices? by pegasustonans · · Score: 5, Insightful

    The Mozilla Foundation reportedly receives ~$300 million annually from Google.

    Google is certainly an interested party when it comes to tracking user behavior.

    Is this really a good move for Mozilla strategically?

    --
    And all our yesterdays have lighted fools The way to dusty death. --Will
    1. Re:How long until Google notices? by Anonymous Coward · · Score: 4, Insightful

      Of course it is. Just because they're funded, doesn't mean they're controlled. And I don't think transparency is bad for Google's main business model. People more or less know what Google gets when it is used for searching. I predict they'll jump on board with this one and provide something similar in Chrome. It's the right kind of tool to win over the masses.

    2. Re:How long until Google notices? by Jahta · · Score: 5, Insightful

      The Mozilla Foundation reportedly receives ~$300 million annually from Google.

      Google is certainly an interested party when it comes to tracking user behavior.

      Is this really a good move for Mozilla strategically?

      The key issue here is informed consent. The "Collusion add-on so it will enable users to not only see who is tracking them across the Web, but also to turn that tracking off when they want to."

      I've no problem allowing cookies and scripts from sites I trust and who are providing me with a service I want. The problem is the number of "drive-by" cookies and scripts you can get hit with.

      When I started using NoScript I was amazed at amount of content I was being silently served from third-party sites without my knowledge or consent.

    3. Re:How long until Google notices? by Barefoot+Monkey · · Score: 4, Informative

      A nice trick is to set your browser to keep cookies only for the session, clear your cookies and then grab an extension like Cookie Monster or something similar to manage exceptions for the sites where you explicitly want permanent cookies.

    4. Re:How long until Google notices? by Barefoot+Monkey · · Score: 4, Informative

      Those sort of extensions just provide a convenient way of interacting with Mozilla's mechanism. You get a statusbar icon which changes depending on if the site you're viewing has no cookies, blocked cookies, persistent cookies or session cookies. You can click on the icon to change the default action for that site or domain. It's so much simpler than opening the options and adding exceptions manually.

    5. Re:How long until Google notices? by swillden · · Score: 4, Informative

      As far as I know

      Which is only what Google tells you. You don't think they're tracking you by IP address too? You don't think they're using browser fingerprinting? Google's cookie is one tiny part of the problem.

      Google logs all IP addresses initially but after nine months zeros the bottom octet to anonymize them. Cookies are kept for 18 months, and many have noted that the cookies can be used to recover the full IP address going back 18 months, assuming you're always connecting from the same IP, but if you've opted out then there are no cookies stored to provide that linkage (I'm not sure if the opt-out cookie is itself anonymous, or if it's stripped before logging, or what, but it's something like that).

      I don't know if browser information is anonymized; I'm sure at least enough is kept to identify the browser version.

      Although you almost certainly won't believe me (since I work for Google), I'll tell you that Google tries very hard to honor tracking opt outs. If someone discovered a way that Google could recover individualized tracking about a user who had opted out, that would be considered a bug and it would get fixed. If it couldn't be fixed, controls would be put in place to ensure that the data is not used for tracking in any systematic way, and that individual employees can't access it without specific permissions, and the use of those who actually have a demonstrated need to use it would be audited.

      The tinfoil hat crowd will simply dismiss this post, but the truth is that Google really doesn't want to track you if you don't want to be tracked. Google wants to convince you that you do want to be tracked, of course, that Google's services (including targeted advertising!) are actually sufficiently valuable to you that you want Google to have the data. But if you don't agree, Google provides the tools to allow you to opt out, and honors your choice.

      This isn't to say that bad things will never happen, or that mistakes will never be made. Google is composed of people, and people screw up. Hence things like the Wifi packet capture, and Safari privacy workaround. But violations of the principles of user privacy are treated as errors to be corrected.

      From an information-theoretic standpoint, the best way to be sure that Google never screws up with your privacy is to ensure it is impossible for Google to know anything about you, so opt out of tracking and avoid Google services, or even just block Google at your router. IMO, given its track record, trusting Google to behave responsibly isn't at all unreasonable, and I think Google offers good value in trade for your information (assuming that Google behaves responsibly). But it's your choice, and Google wants it to be possible for you to make that choice.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Go Ahead, Track Tor Exit Nodes! by Anonymous Coward · · Score: 5, Interesting

    I'm just a random Tor exit node, up one day, down the next, replaced by another random exit node.

    Use the Tor Browser Bundle:
    - https://www.torproject.org/

    Read the Tor OPSEC article:
    - http://cryptome.org/0005/tor-opsec.htm
    - https://www.schneier.com/blog/archives/2012/01/tor_opsec.html

    "HUGE Security Resource" - enjoy a smart selection of Security
    Blogs and other security related information
    - http://pastebin.com/Cm2ZHuz3

    1. Re:Go Ahead, Track Tor Exit Nodes! by buchner.johannes · · Score: 4, Insightful

      Tor won't help you if the website puts a cookie in your browser (which this discussion is about). What you need is a selective cookie policy (like Ghostery) -- it makes my Collusion graph blank.

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  4. Ghostery? (does the same thing?) by FudRucker · · Score: 4, Informative

    http://www.ghostery.com/

    --
    Politics is Treachery, Religion is Brainwashing