Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking the Web Trackers

Posted by timothy on from the let's-track-ann-from-account-services dept.

itwbennett writes "Do you know what data the 1300+ tracking companies have on you? Privacy blogger Dan Tynan didn't until he had had enough of being stalked by grandpa-friendly Jitterbug phone ads. Tracking company BlueKai and its partners had compiled 471 separate pieces of data on him. Some surprisingly accurate, some not (hence the Jitterbug ad). But what's worse is that opting out of tracking is surprisingly hard. On the Network Advertising Initiative Opt Out Page you can ask the 98 member companies listed there to stop tracking you and on Evidon's Global Opt Out page you can give some 200 more the boot — but that's only about 300 companies out of 1300. And even if they all comply with your opt-out request, it doesn't mean that they'll stop collecting data on you, only that they'll stop serving you targeted ads."

54 of 97 comments (clear)

  1. Give Us A List by Anonymous Coward · · Score: 3, Informative

    Give us a list of all companies and their affili-shit domains and I'll block them. I'll even add them to my 'Hosts' file just to make apk happy.

    1. Re:Give Us A List by eksith · · Score: 4, Informative

      It doesn't always work that way. Sometimes, these companies use their own sites, but other times, it's a no-name domain and sometimes a random IP. It's almost a kin to a botnet herder where they all report to a root domain where they get their instructions.

      And other times these are from publicly available records; no direct connection to your web browser. If you buy a car, apply for a credit card or even register a new phone number, expect to get spammed shortly. The only way to not get included in a dossier of some sort is to not exist. But even that's no guarantee.

      --
      If computers were people, I'd be a misanthrope.
    2. Re:Give Us A List by Anonymous Coward · · Score: 1

      Which is why I use RequestPolicy. It blocks all third-party browser requests by default. It's a mild PITA because practically every site seems to use a separate domain for static content nowadays, and you need to configure this in RequestPolicy, but once you've done that it's effortless.

      Of course, there's not much I can do about my credit history, but I'm fairly confident these companies know jack-shit about my browsing habits.

    3. Re:Give Us A List by noh8rz10 · · Score: 4, Informative

      THe Ghostery plug in accomplishes the same thing... It automatically blocks trackers against a big black list. Something cool, it does a subtle pop up wheyou visit a page listing all the trackers on that page. Eye opening, for sure! Some pages ,a dozen different trackers! I know Ghostery is available for safari, not sure about other browsers.

    4. Re:Give Us A List by hedwards · · Score: 1

      I tend to use noscript default to allow, requestpolicy and ghostery, privacy is one issue, but another issue is security, how do any of these sites know what sort of security holes the code they're linking to has? What's more, it's completely transparent to the end user unless they're blocking all that crap.

    5. Re:Give Us A List by Sporkinum · · Score: 2

      Yeah, if you read the article, you'd see Ghostery is run by and advertising company.
      " About Evidon
      Evidon reveals the invisible web.

      Its technology gives brands, publishers, networks and other businesses around the world unique insight into the digital ecosystem—including unparalleled intelligence on the marketing technologies that underpin the commercial web —and the power to control their impact on business.

      Evidon's technology includes Ghostery®, the industry-leading browser tool that reports on data collection across 26 million websites and informs the company’s business control solutions. Evidon also provides market-leading privacy controls for more than $1 billion of display media annually that empower more than 150 million people a day to control how their information is used online.

      Companies make smarter decisions, protect their businesses and consumer privacy, and grow revenue as a result. www.evidon.com "

      --
      "He's lost in a 'floyd hole"
    6. Re:Give Us A List by AmiMoJo · · Score: 1

      They sound smart. Give users an effective blocking tool, sell companies advice on how not to get blocked.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. So why aren't you protecting yourself? by popo · · Score: 2

    You could be using Tor, or surfing through a proxy, denying cookies, etc.

    Why make it easy for them?

    --
    ------ The best brain training is now totally free : )
    1. Re:So why aren't you protecting yourself? by Anonymous Coward · · Score: 1, Insightful

      You obviously haven't used tor, it's slow as molasses

    2. Re:So why aren't you protecting yourself? by Anonymous Coward · · Score: 1

      Because that kind of passive measures are not very effective.
      Also, the enemy has so much money which they are paying to some top programmers in the world, that they are just immensely more powerful technically.
      What we need is a new kind of company who will work for the people's protection. I for one would gladly pay a subscription fee to have that information poisoned. The real problem is not that there is no protection; the real problem is that noone cares. Most people want to be tracked. If they didn't, it would be a matter of short time to develop the necessary countermeasures. For example, how much resilient are the tracking systems against bogus cookies? How easy is it to render their database inoperative by sending them a negative screen resolution which is one of the things that they use for tracking? Problem is, no one is working on it, because no one cares.

    3. Re:So why aren't you protecting yourself? by Desler · · Score: 1

      Because browsing through Tor does jack and shit?

    4. Re:So why aren't you protecting yourself? by the_B0fh · · Score: 1

      you actually think using Tor prevents them from tracking you? Your IP address is only *one* of the multiple things they track.

    5. Re:So why aren't you protecting yourself? by lucm · · Score: 1

      I do something even better than using Tor for browsing internet: I use a stolen MacBook, and I make sure to get a new one every week. On the plus side I get to listen to different music all the time, without this approach I would have never guessed Justin Bieber has so many different songs.

      --
      lucm, indeed.
    6. Re:So why aren't you protecting yourself? by DNX+Blandy · · Score: 1

      I disable cookies and ONLY allow the sites I want. I use Firefox and ABP (Ad Block Plus). They can have my IP but that's all they will get. I hate the advertising companies as on some sites, especially when downloading, they swamp the whole page with "Download" buttons which look like the download buttons from the actual website they are advertising on. Total nightmare!

  3. It's over. Privacy war lost. by Anonymous Coward · · Score: 3, Interesting

    Enough to drive an honest man to fraud.

  4. Use Ghostery! by Anonymous Coward · · Score: 5, Informative

    Ghostery (Firefox plugin) allows you to block these trackers, it works great and you can also see when sites are loading the tracking code.

    1. Re:Use Ghostery! by Anonymous Coward · · Score: 1

      Posting anonymously because I just modded you up. :)

      But I have to agree. I use Ghostery.

    2. Re:Use Ghostery! by Nyder · · Score: 4, Informative

      Ghostery (Firefox plugin) allows you to block these trackers, it works great and you can also see when sites are loading the tracking code.

      https://www.ghostery.com/

      --
      Be seeing you...
    3. Re:Use Ghostery! by Anonymous Coward · · Score: 5, Interesting

      I use ghostery and love it and all. But I wonder if passive resistance is the wrong way to go about this. Maybe what we need is to allow all those tracking cookies. But run a program on your computer which replaces the data in those cookies every 5-10 seconds. That is, instead of denying the marketers data (meaning the data they do get is still good), pollute their data so this whole business of tracking is less effective.

    4. Re:Use Ghostery! by Onkel+Ringelhuth · · Score: 1

      And Firefox mobile is not available on iOS. However, the Ghostery App is. It's a free WebKit-based (has to be) bare-bones browser that automatically keeps itself up to date with Ghostery's block list.

    5. Re:Use Ghostery! by martin-boundary · · Score: 2
      That's a great idea, but how can you ensure that the fake data still "looks right"? If it's completely random, it's going to be relatively easy to filter out. It needs to be consistent so that the cookie data is well formed according to the tracking company's system, I guess.

      One possibility might be to set up a server that 1) receives tracking cookies from people, and 2) returns a random tracking cookie from its collection whenever asked by anyone. Think of it like a cookie swap exchange, where your browser gives your cookie to random people, and they give theirs to you automatically.

    6. Re:Use Ghostery! by AmiMoJo · · Score: 2

      I'm gonna name my kid Spartacus.

      I wonder how many of these cookies would be vulnerable to an SQL injection attack? Has anyone tried replacing all strings in all their tracking cookies with "drop tables;"?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Use Ghostery! by theCoder · · Score: 1

      Maybe, but even the act of sending the cookie back, even if it seems to have bad data in it, can give information about you -- what sites you visit, how long you spend there, etc.

      Now, maybe a script that made random HTTP requests with random cookie data. It still would be tricky, and blocking the stalkers (especially facebook) seems much safer.

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  5. Right... by rmdingler · · Score: 2

    Who watches the Watchmen?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  6. Simple way to not be tracked by Tepar · · Score: 1

    Disable third party cookies in your browser.

    1. Re:Simple way to not be tracked by Anonymous Coward · · Score: 1

      There are also flash cookies and also fingerprinting. I noticed that some use javascript to create a 'fingerprint' eg: http://mpsnare.iesnare.com/snare.js

    2. Re:Simple way to not be tracked by DaveGod · · Score: 1

      So, does NoScript work then? It disables flash unless you whitelist the domain it is coming from.

  7. Data by Anonymous Coward · · Score: 5, Interesting

    Does anyone know how he got the data they had on him? I'm looking at the opt out pages he listed and I don't see data recovery functions.

    1. Re:Data by PuZZleDucK · · Score: 1

      Same here... maybe if your not in the US you're not interesting enough for them to collect data.

      --
      Can a person program a new solution to a problem? Why should anyone be able to stop such a thing? -Richard Stallman
  8. Only Opt out of Being Reminded by Jah-Wren+Ryel · · Score: 5, Informative

    And even if they all comply with your opt-out request, it doesn't mean that they'll stop collecting data on you, only that they'll stop serving you targeted ads."

    That line is the most important part of the story. The phrase "opt out" has been redefined by the marketers. You can not opt out of being tracked, you can only opt out of being reminded that you are being tracked. That is more than useless because it defuses the people most likely to be unhappy about these trackers with a false sense of safety.

    Your only way to avoid being tracked is not to ever talk to the trackers in the first place. For the less technically inclined, the Ghostery plugin for firefox is pretty much set it and forget it. If you can handle looking underneath the hood of the internet, check out Request Policy which gives you extremely fine grained control over what stuff a webpage can pull in from other webservers. I default block all cross-site includes from other domains and white-list them on an individual basis and it really isn't too inconvenient. Besides the privacy benefits, it makes web pages load super fast when they don't have to pull in crap from 15 other servers.

    --
    When information is power, privacy is freedom.
    1. Re:Only Opt out of Being Reminded by akanouras · · Score: 1

      First steps I do after creating a new Firefox profile:

      1. Set Firefox to reject 3rd party cookies and remove all cookies on session end
      2. Disable all Plugins except Flash and your favorite media player's plugin; gecko-mediaplayer for example.The point is them not even appearing in navigator.plugins. (If you're on Windows(/Mac?), you'll have to repeat this check after every Skype/Office/.NET/Adobe Reader/whatever update. My condolences).
      3. Install Ghostery, RefControl, "Click to Play switch", Scriptish - all from addons.mozilla.org.
      4. Install ViewTube & LinkTube from userscripts.org
      5. Set Ghostery (twice - the intial configuration wizard is not enough!) to
        • Block all 3pes by default
        • Not display the Alert Bubble
        • Auto-update the library and block new elements by default
        • Not use GhostRank (it sends every single URL you visit to their servers, right when you visit it)
        • Delete Flash cookies on browser exit
      6. Set RefControl to block sending referers to 3rd party sites

      After all of this, I can enable referer sending or cookie/other data persistence per site using RefControl or Firefox's Page Info dialog.

      Also, I try to restart the browser at least once a day.

      It should be obvious from the above that a) I'm only against being tracked across the web, not ads or analytics done on the same site, and b) it's an uphill battle, and ultimately futile as most browsers (and especially Plugins) leak information in any way they can (plugin/font/javascript feature lists and many more) by default.

      Browsers other than Firefox are even worse at this, as they don't allow Extensions to interfere with requests as much. And of course, as soon as you run a Plugin it is game over for privacy on that site at best.

  9. why are you letting them? by Mr.+Slippery · · Score: 1

    1.) Install Ghostery. 2) Install AdBlock Plus. 3) Only accept cookies from sites you trust, and for best results clean those out regularly.

    You can go the extra mile with NoScript, Tor, and so on, but even just doing Ghostery and turning off third-party cookies will knock out much of the problem.

    --
    Tom Swiss | the infamous tms | my blog
    You cannot wash away blood with blood
  10. Hosts file on the router... by Holistic+Missile · · Score: 3, Interesting

    I use some domain blocking entries, plus a hosts file from http://pgl.yoyo.org/as/serverlist.php?showintro=0;hostformat=hosts on my router, with local DNS enabled. It redirects about 2500 URLs to 127.0.0.1. DD-WRT for the win! I would imagine other third-party firmware allows this, too. When I have company, they sometimes comment how much better the web pages look and how fast they load on their laptops when they use my AP. They also wonder why Facebook and Twitter don't work... :-)

    --
    When you're dead, you don't know you're dead. It only affects the people around you. Same thing when you're stupid.
  11. Went to his blog site - was covered with ads by Anonymous Coward · · Score: 1

    So many ads on this guys site, that I couldn't read the whole thing, that ads were distracting me

  12. Tail your proxy by Nethead · · Score: 4, Informative

    I had a few users at work that were spending too much time on facebook, etc. and management asked me to block it except during breaks. So I fire up an old box and put squid on it and tell AD to force them to proxy through it.

    I then did a tail -f on the /var/log/squid3/access.log file and howdy boy do some sites have a lot of crap called when you load a page. Even our small town local newspaper site would call up about 30 different domains on each page load. Some of them would put a java script in to refresh each minute to see how long one stayed on the page.

    Now I see why I run no-script and ABP on my boxes.

    I started blocking a lot of them but real work called and I'm guessing that I only got about a third of them.

    The unfortunate thing is almost all the stuff on the web these days has a no-cache flag so running a proxy for web-cache/bandwidth reduction is almost useless. I only get about 2% cache hits.

    --
    -- I have a private email server in my basement.
    1. Re:Tail your proxy by Opportunist · · Score: 1

      Hmm... any chance to make the proxy ignore the no-cache flag with pages where you know they serve no purpose other than increasing their hits? It's not like I have to play nice if they don't.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Tail your proxy by 31eq · · Score: 2

      Yes, you can override the no-cache headers in Squid. Use a refresh pattern and ignore or override the headers the server sends to defeat the cache:

      http://www.squid-cache.org/Doc/config/refresh_pattern/

    3. Re:Tail your proxy by drinkypoo · · Score: 1

      Now I see why I run no-script and ABP on my boxes.

      I know better than to wish javascript were never invented, but when I have to deal with sites that don't work with javascript because they shit on themselves and sites that don't work without javascript because the web developers are incompetent in the space of about five seconds, I want to imminentize the eschaton.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:Tail your proxy by AmiMoJo · · Score: 1

      It's a shame Ghostery doesn't work at the proxy/router level because they have done all this hard work for you. You could probably use their list as a good place to start though.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  13. Opt out does no good by Trax3001BBS · · Score: 1

    If you use a different browser or delete your cookies, your back in. Best just use a HOSTS file and say screw it
    to sites that ask you to receive ads. I am starting to see thank you for not using Adware banners but blocking most of the ads.

    HOSTS files don't protect vs. IP addressed adbanners (rare) &/or IP address utilizing malwares (rare too, most used domain/host names because they're "RECYCLABLE/REUSEABLE"), so here, you must couple HOSTS files w/ firewall rules tables (either in software firewalls OR router firewall rules table lists)

    Knew you'd show up, as this is your area of expertise.

    I was very disappointed I was able to log into evidon.com or adroll.com.
    Can't find APK just yet but just might use a 1+ meg HOSTS file and do it backwards;
    remove the sites I wish to visit as the HOSTS file blocks them.

  14. Minimum kit for browsing by taucross · · Score: 1
    1. Install SRWare Iron (Chrome without usage tracking)
    2. Add NotScripts
    3. Add FlashBlock
    4. Add HTTPS Everywhere
    5. Add Ghostery
    6. Add AdBlock (cos why not)

    That's your minimum kit to browse the web these days.

    Ghostery's plan is to sell all of your information to advertising companies. This isn't a bad thing necessarily, but you should probably know that before you install it.

    --
    "In the absence of the ability to establish the attribute of truth they tried to establish the noble attributes."
  15. Opting out just confirms your data by Opportunist · · Score: 3, Insightful

    It's not like we didn't notice yet that all sending an "opt-out" EMail accomplishes is to increase the value of your mail address because now it is confirmed to be one you actually use.

    The only way to stop trackers is to mislead them with false information and block as many tracking as you possibly can. Relying on those that benefit from tracking to comply with your requests is naive at best.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  16. I wish there was a button marked... by alanshot · · Score: 1

    "I already bought this shit. GTFO!"

    Nothing more annoying than searching for a product, BUYING said product, and then for weeks/months later being shown ads for said product that I no longer have an interest in... BECAUSE I'VE ALREADY GOT ONE, YOU SEE?!?!" /French accent

  17. Holy Crap by wibblewibble · · Score: 3, Interesting

    If you want to see Ghostery at work, try that link to the first opt-out site http://www.networkadvertising.org/choices/ with Ghostery running - the list of blocks scrolled right off the bottom of my page.

  18. Re:Want to know why most post is downmoded unjustl by OffTheWallSoccer · · Score: 1

    Hey APK,

    Protip:

    It's not the truth or value (or lack of) in your post that gets it modded into oblivion, it's the fucking insane length. In addition to TL;DR (which goes without saying for a post of such length), how about irritating readers by requiring them to scroll through 20+ screenfuls just to get to the next post.

    If you want to publish a short story like this, please do everyone a favor and blog it somewhere, then provide a brief summary and link to your blog. Readers intrigued by your summary will go read your blog, and everyone else will just move along at normal /. speed.

  19. Re:Want to know why most post is downmoded unjustl by lucm · · Score: 1

    Are you sure you are replying to a real person and not a script?

    This being said, if a script has a blog I would definitely be intrigued by it!

    --
    lucm, indeed.
  20. Does it really matter? by lucm · · Score: 2

    I don't see what is actually the problem. Isn't that better to have somehow targeted ads?

    As for breaching my privacy: I'm just a record in billions of records for those companies. I'm pretty sure they don't give a shit about me as an individual, they care about categories and segments and groups. So what if they know which website I look at and how frequently. We are not talking about companies using my facebook pictures or my wishlist on Amazon, it's just ads.

    --
    lucm, indeed.
    1. Re:Does it really matter? by Ash-Fox · · Score: 1

      I find targeted ads and search results invasive.

      You failed to give a reason as to why.

      --
      Change is certain; progress is not obligatory.
    2. Re:Does it really matter? by lucm · · Score: 3, Insightful

      Showing ads is fine when I am actually looking for something; no need to stalk me all the time. If I'm not looking for something I am not going to buy anything either. Oh and make it text ads only because I block everything else and I can't click on blocked ads, can I? Thanks!

      Is this a letter for Santa Claus?

      It's wonderful that you agree to see ads when you are looking for something; this is how Google makes money. But who pays for all the other websites that you visit for free? They are hosted somewhere on a server that has been purchased by someone, that has its power and cooling paid by someone, and is online because someone is paying the ISP. If you don't want paywalls everywhere, then so far the ads are the only viable solution to help those people pay for this infrastructure.

      Or maybe you are one of those people who think that because you pay $35 a month for your internet access you should get all content for free. That reminds me of a girl I knew in college who was making and selling pirate copies of movies but according to her it was legal because she was paying for the blank DVDs and for her internet connection.

      There is a serious flaw in the internet business model, everyone knows it. Ads are awful and even targeted ads have a very low conversion rate. Yet for most people there is so far no other way to make money. So why don't you stop whining like an entitled brat and instead start thinking about realistic solutions to this problem? If you find a good one you could make millions.

      --
      lucm, indeed.
  21. Re:Custom host file inferior to custom host file by myowntrueself · · Score: 1

    Dear Mr Coward, I read through your entire post but saw no mention of MyCleanPC anywhere. Surely this is the ultimate in PC threat prevention and cure?

    --
    In the free world the media isn't government run; the government is media run.
  22. Those opt-out pages don't work. by drinkypoo · · Score: 2

    On the Network Advertising Initiative Opt Out Page you can ask the 98 member companies listed there to stop tracking you and on Evidon's Global Opt Out page you can give some 200 more the boot

    No, no you can't. I just tried the Network Advertising Initiative opt out page. It doesn't work. Out of 96 sites, 0 worked. I also tried Evidon. Looks like about only 80% of them can be shut off from that page. And now I have a horrible suspicion that all I've done is confirmed my existence to spammers.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  23. Re:Want to know why most post is downmoded unjustl by OffTheWallSoccer · · Score: 1

    Good point! :-)

  24. You do all that work of opting out by Stan92057 · · Score: 1

    You do all that work of opting out and with a single click of the delete cookies button all your work and 200 different cookies just hit the shit fan. Google had a program that was installed to block tracking but i forgot what it was for. But opting out with a cookie is useless. It needs to reside somewhere other then the internet folder.

    --
    Jack of all trades,master of none
  25. Re:Someone impersonated me here 5x... apk by OffTheWallSoccer · · Score: 1

    NOW - As to myself on that very note??

    Yes - I have been, a dozen times or more in actual respected WRITTEN PUBLICATIONS in the art & science of computing (would you like a partial list?)...

    I enjoy a good read. Please enlighten me with some of your published works.