Slashdot Mirror
Even the Ad Industry Doesn't Know Who's Tracking You
jfruh writes "The Internet advertising industry is keen to stave off government privacy rules and opt-in-only browsers by loudly proclaiming its adherence to a self-imposed code of conduct. Yet a little digging shows that even "self-regulated" advertisers link to services that link to other services that nobody's really sure what they do. That's why, for instance, when you visit a page on the Sears website, your web browsing behavior is being collected by a company that sells ringtones and won't return emails asking about their privacy policy."
And that is why Ghostery and other such tools should be used until all tracking is banned.
for instance, when you visit a page on the Sears website, your web browsing behavior is being collected by a company that sells ringtones
The NoScript list of blocked domains on many (even legitimate) websites is scary indeed. One of my favorites is Javascript from ru4.com required to be able login into your banking account on chase.com. Based on the name, it looks like a phishing website to me...
Now we just have to wait for apk to show up and tell us how only HOST files can protect us.
All we need is a form with a couple of checkboxes.
1. Are you Evil? [ ] Yes [ ] No
Then we just need a few people to define Evil
for several contexts, add a followup question for kicks,
and we're done.
... and yet they whine and moan about people using adblockers and such.
Shut up, bitches. You made your bed, now you get to sleep in it.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
And according to DoNotTrackMe, TFA has beacons for 5 tracking companies, plus two social media sites. So ITWorld are just as guilty of this shit as everyone else.
I swear, between NoScript, AdBlockPlus, DoNotTrackMe, and blocking/deleting cookies -- I'm *still* not sure how much crap is out there I'm missing.
I don't feel the slightest bit of guilt for blocking these sites so some marketing asshole can collect data.
Lost at C:>. Found at C.
I'm thinking of setting up a HTTP/S proxy service that strips out all of this nonsense so people can enjoy a clean WWW.
I block everything, so all sites I visit are really clean as they should be. I already pay to use the Internet. I will not be an unwitting partner in unsound data collection practices. People need to stop trying to monetize everything. Really? I would like to see an entirely new "Internet" that is ad-free, tracker-free, and just serves up content paid for via small subscription fee.
Install Collusion add-on into your Firefox browser and monitor it while surfing. After visiting a few web sites you will see links forming to ten other sites. etc...
It becomes apparent that everyone is telling everyone else about you.
looks like this...
http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2012/4/13/1334309538603/Collusion1.jpg
The government which is strong enough to protect you from everything is strong enough to take everything from you.
"Self Regulated"
Good! They don't need government intervention, soon the free market will offer a privacy-friendly service and the free market will eventually choose that over these other services that don't respect my privacy.
But, don't regulate! Keep your government off my information-tracking ad service!
The only thing that can stop a bad guy with a spying/tracking ad service is a good guy with a spying/tracking ad service.
There's extensions for just about every browser. Good stuff.
http://www.ghostery.com/
Maybe that company that sells ringtones is really a front for the CIA/NSA? That's what I would do if I were them. Pretend to be an advertiser whilst collecting/building profiles.
You wouldn't believe how much tracking is going on within a typical website. Even /. has some strange tracking service scorecardresearch.com. I'm not saying they are marketing scums of the earth, but their privacy policy doesn't say much. More 'mainstream' sites, e.g. huffingtonpost.com has no less than 11 3rd party tracking/login cookies.
(Hmm... scorecardresearch.com seems to be everywhere, btw)
Oh come on! Major web sites have vetted these advertisers to ensure their accounts have sufficient funds to pay for the advertising.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I think all trackers should be removed from the (U.S.) internet immediately, because:
(A) Tracking of those 13 years of age and younger is illegal, and
(B) trackers can't possibly know for sure who is 13 and who is not.
It lets the sites set their cookies, waits a few seconds (or until tab is closed), then nukes 'em. There's a whitelist for sites you actually use.
https://addons.mozilla.org/En-us/firefox/addon/self-destructing-cookies/
I like this solution because you don't have to wait for Ghostery to add support for an advertiser, or an updated filter definition for adblock. EVERYTHING gets nuked, except the sites you care enough about to whitelist. It's a better default cookie policy.
You typed all that with one hand?
If I visit a vendor's site and can't browse unless I enable the spy sites, I don't buy.
I caught one of the cable companies (and state offices) doing this on the wrong side of an HTTPS connection
and let them know that allowing those companies visibility on a secure connection was a bad idea.
At best, (in the U.S.) it could be considered a HIPPA violation. It changed after I mentioned that.
I built a script to generate a graph of third-party resources a web page loads, which often represent advertising and tracking (sample output for Spiegel Online, a German newspaper).
I also wrote a blog post about how advertising and tracking make sites slow (in German) that contains even more graphs from when I ran the script in January 2013.
Yeah, I admit I use Ghostery as an intermediate step. I got to like their organized layout, and haven't put in the 20 hours to really nail down a pure replacement. For me it's important not just to block junk, but to know *who was there in the first place* (and then block them!) I have learned a lot about which "magazine sites" etc use more or less trackers from Ghostery. It's taught me a lot. So no, not perfect at all, but not bad for a beginner to the topic.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Because they like the current state of affairs. In a sense it's "sorta not that hard" of a problem, but they benefit from the current weak environment.
I bet any couple of guys in these companies know who does what, but they can carefully keep them separate from "corporate knowledge" and play dumb. For example, using the (I know, imperfect) Ghostery, in twelve seconds it gives you the list of all *seventeen* trackers on a typical page of IT World, but I bet 10 out of 12 PR reps couldn't name the complete list off the top of their heads. (But you know ONE of them can, because that's how they got there at all, see?)
Meanwhile "not responding to emails about privacy"?! Really?! Again They/We don't want to know. All you have to do is call "any company that doesn't disclose all privacy info to be aiding child kidnapping terrorists upon threat of subpoena by perjury subject to independent audit" and Boom! Here comes your info!
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
They do it on purpose for plausible deniability, the same as spam e-mails or opt-out lists. The web of who does what is so confusing that if you do try to blame someone, they'll do so much finger pointing you'll never find it out. This is like a GOF Design Pattern, only for organizational structure.
Until you go to a site using a 3rd party payment system (unbeknownst to you), and the site's cookie check passes allowing you to proceed to payment, which then occurs after the cookie has been nuked so your payment is charged but not credited on the site.
I'm sure after a couple of hours on the phone or spent emailing that it can all be sorted out, but your net +/- in time is probably pretty far in the red after something like this.
This firefox addon blocks anything from 3rd party domains on any site you visit, but with a configurable whitelist for any sites you actually care about.
https://www.requestpolicy.com/
this is such 1960's TV /radio commercial thinking. if you allow moderate cookies by well-behaved advertising (ie, in the best interest of the market), you form HELPFUL advertisements actually TARGETED to things you actually might want! imagine that!
slashdot.orf - of course, the protagonist
fsdn.com
rpxnow.com
doubleclick.net
google-analytics.com
And this is everywhere now! The really anoying thing is that they often cascade, so Ok-ing one entry suddenly doubles the number of parasites in the list.
Stuff like this just makes me panic, and even more so when I see this: http://www.statista.com/statistics/192740/global-data-requests-from-google-by-federal-agencies-and-governments/
Wow, a post about cookies from a privacy nut which I actually agree with!
Expiring at the end of a browser session is indeed a good default cookie policy, and I see nothing wrong with a pop-up at the top of the browser window, similar to the "Do you want to save your password?", ActiveX warnings, etc, which states "The website at xnd.garbledgunk.adserver.goo[NOT VERIFIED] would like us to send data [view data] whenever this site is accessed, until September 1st, 2013. It gives the reason "Enhanced Browsing Experience". Do you want to allow this? [Yes] [No] [Send data, but forget it when I close my browser]"
-- 'The' Lord and Master Bitman On High, Master Of All
You fail it, Paul. Your skill is not enough.
THIS is why he's doing it & proof of it, here -> http://interviews.slashdot.org/comments.pl?sid=3585927&cid=43295193 when others pointed out Jeremiah Cornelius forgot to submit one of the "first post spams" masquerading as myself as AC, & mistakenly submitted one of the impersonations of myself as his registered 'luser' name here on /. forums.
Pretty pitiful actually, but like every up to no good idiot does? He screwed up & submitted it under his registered 'luser' name here.
* Jeremiah Cornelius: DO YOURSELF, and the rest of us, A GIANT FAVOR MAN: Seek professional psychiatric help!
(Since Jeremiah Cornelius obviously can't get over the fact he made a spelling error on what it is HE ALLEGEDLY DID FOR A LIVING? That's not MY fault... it's HIS!)
APK
P.S.=> I seriously must have dusted JC (in his mind @ least) for his BAD spelling error & it "got his goat"...
I.E.-> Catching what he claimed to do as a job, for YEARS he left "PENETRATION" (correct) spelled as "PENTRATION" (incorrect) on his resume on LinkedIn & I pointed it out as he & his friends trolled me as usual (webmistressrachel, gmhowell, & crew (probably ALL JC no doubt using alterate emails or TOR to do it as a possible - I've caught "them & theirs" doing it before, ala Barbara, not Barbie = TomHudson (same person))).
So THAT is what has gotten his goat in a technical debate & his "geek angst" could only come up with *trying* to "impersonate me" in every news thread on /. for the month of March 2013 so far!
(Just to attempt to 'discredit me' as a spammer here obviously)
Doing so, by posting that "$10,000 challenge" &/or reposts of my old posts on hosts file value to end users into EVERY SINGLE NEWS ARTICLE POSTED on /. ...
It's all I can think of that *might* cause such a mentally troubled 'reaction' like the Jeremiah Cornelius is doing & there's NO QUESTION he's the one doing this spamming of nearly every posted article masquerading as myself...!
... apk
You're embarassing yourself Jeremiah Cornelius http://slashdot.org/comments.pl?sid=3581857&cid=43276741 since you posted that using your registered username by mistake (instead of your usual anonymous coward submissions by the 100's the past 2-3 months now on slashdot) giving away it's you spamming this forums almost constantly, just as you have in the post I just replied to.
I think I'm equally divided on the agree/disagree factor here, and it's probably a little of both...
1. The company is too disorganized / doesn't know what they're doing, but they have enough sense to see the value of information, so they grab as much as they can, while valuable, they still don't really know what they have / what they're doing with it, these are prime hacker targets (iOS location tracking fiasco).
2. The company has bigger aspirations with the data they mine, the data is mined as thoroughly as possible, categorized, data mined, and formed into trend statistics that the FBI / NSA are very interested in (facebook).
As I said, it's probably a little of both that drives these unethical data collection practices.