Slashdot Mirror
Even the Ad Industry Doesn't Know Who's Tracking You
jfruh writes "The Internet advertising industry is keen to stave off government privacy rules and opt-in-only browsers by loudly proclaiming its adherence to a self-imposed code of conduct. Yet a little digging shows that even "self-regulated" advertisers link to services that link to other services that nobody's really sure what they do. That's why, for instance, when you visit a page on the Sears website, your web browsing behavior is being collected by a company that sells ringtones and won't return emails asking about their privacy policy."
And that is why Ghostery and other such tools should be used until all tracking is banned.
for instance, when you visit a page on the Sears website, your web browsing behavior is being collected by a company that sells ringtones
The NoScript list of blocked domains on many (even legitimate) websites is scary indeed. One of my favorites is Javascript from ru4.com required to be able login into your banking account on chase.com. Based on the name, it looks like a phishing website to me...
All we need is a form with a couple of checkboxes.
1. Are you Evil? [ ] Yes [ ] No
Then we just need a few people to define Evil
for several contexts, add a followup question for kicks,
and we're done.
... and yet they whine and moan about people using adblockers and such.
Shut up, bitches. You made your bed, now you get to sleep in it.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
And according to DoNotTrackMe, TFA has beacons for 5 tracking companies, plus two social media sites. So ITWorld are just as guilty of this shit as everyone else.
I swear, between NoScript, AdBlockPlus, DoNotTrackMe, and blocking/deleting cookies -- I'm *still* not sure how much crap is out there I'm missing.
I don't feel the slightest bit of guilt for blocking these sites so some marketing asshole can collect data.
Lost at C:>. Found at C.
Great idea! You could even raise additional funds by collecting and reselling info about what your users are browsing. Maybe even insert some relevant product-based sponsored informational links into the proxied pages?
Install Collusion add-on into your Firefox browser and monitor it while surfing. After visiting a few web sites you will see links forming to ten other sites. etc...
It becomes apparent that everyone is telling everyone else about you.
looks like this...
http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2012/4/13/1334309538603/Collusion1.jpg
The government which is strong enough to protect you from everything is strong enough to take everything from you.
"Self Regulated"
Good! They don't need government intervention, soon the free market will offer a privacy-friendly service and the free market will eventually choose that over these other services that don't respect my privacy.
But, don't regulate! Keep your government off my information-tracking ad service!
The only thing that can stop a bad guy with a spying/tracking ad service is a good guy with a spying/tracking ad service.
Sorry for the cynicism. I agree that stripping out all the junk is a great idea. The question is where to do this. Working through a third-party proxy as described above is great if the proxy is trustworthy. Unfortunately, it just adds another link in the chain that, if the idea takes off, would be attractive to scumsucking privacy invaders to exploit with their own deceptive variants. Working towards privacy-by-default on the browser side seems to me a better approach. Wouldn't it be cool if a default Firefox install would require the user to add a bunch of plugins if they wanted to unblock ads and tracking? Better browser privacy design to prevent "data leaks" (like what the EFF is trying to study with Panopticlick) can provide much of the benefit of proxies without requiring extra layers of trust (and costs for proxy operation).
There's extensions for just about every browser. Good stuff.
http://www.ghostery.com/
Maybe that company that sells ringtones is really a front for the CIA/NSA? That's what I would do if I were them. Pretend to be an advertiser whilst collecting/building profiles.
You wouldn't believe how much tracking is going on within a typical website. Even /. has some strange tracking service scorecardresearch.com. I'm not saying they are marketing scums of the earth, but their privacy policy doesn't say much. More 'mainstream' sites, e.g. huffingtonpost.com has no less than 11 3rd party tracking/login cookies.
(Hmm... scorecardresearch.com seems to be everywhere, btw)
Oh come on! Major web sites have vetted these advertisers to ensure their accounts have sufficient funds to pay for the advertising.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
You realize you just did the equivalent of saying "Beetlejuice" three times, right?
Quo usque tandem abutere, Nimbus, patientia nostra?
I think all trackers should be removed from the (U.S.) internet immediately, because:
(A) Tracking of those 13 years of age and younger is illegal, and
(B) trackers can't possibly know for sure who is 13 and who is not.
It lets the sites set their cookies, waits a few seconds (or until tab is closed), then nukes 'em. There's a whitelist for sites you actually use.
https://addons.mozilla.org/En-us/firefox/addon/self-destructing-cookies/
I like this solution because you don't have to wait for Ghostery to add support for an advertiser, or an updated filter definition for adblock. EVERYTHING gets nuked, except the sites you care enough about to whitelist. It's a better default cookie policy.
If I visit a vendor's site and can't browse unless I enable the spy sites, I don't buy.
I caught one of the cable companies (and state offices) doing this on the wrong side of an HTTPS connection
and let them know that allowing those companies visibility on a secure connection was a bad idea.
At best, (in the U.S.) it could be considered a HIPPA violation. It changed after I mentioned that.
I built a script to generate a graph of third-party resources a web page loads, which often represent advertising and tracking (sample output for Spiegel Online, a German newspaper).
I also wrote a blog post about how advertising and tracking make sites slow (in German) that contains even more graphs from when I ran the script in January 2013.
Yeah, I admit I use Ghostery as an intermediate step. I got to like their organized layout, and haven't put in the 20 hours to really nail down a pure replacement. For me it's important not just to block junk, but to know *who was there in the first place* (and then block them!) I have learned a lot about which "magazine sites" etc use more or less trackers from Ghostery. It's taught me a lot. So no, not perfect at all, but not bad for a beginner to the topic.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Because they like the current state of affairs. In a sense it's "sorta not that hard" of a problem, but they benefit from the current weak environment.
I bet any couple of guys in these companies know who does what, but they can carefully keep them separate from "corporate knowledge" and play dumb. For example, using the (I know, imperfect) Ghostery, in twelve seconds it gives you the list of all *seventeen* trackers on a typical page of IT World, but I bet 10 out of 12 PR reps couldn't name the complete list off the top of their heads. (But you know ONE of them can, because that's how they got there at all, see?)
Meanwhile "not responding to emails about privacy"?! Really?! Again They/We don't want to know. All you have to do is call "any company that doesn't disclose all privacy info to be aiding child kidnapping terrorists upon threat of subpoena by perjury subject to independent audit" and Boom! Here comes your info!
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
This firefox addon blocks anything from 3rd party domains on any site you visit, but with a configurable whitelist for any sites you actually care about.
https://www.requestpolicy.com/
Stuff like this just makes me panic, and even more so when I see this: http://www.statista.com/statistics/192740/global-data-requests-from-google-by-federal-agencies-and-governments/
Wow, a post about cookies from a privacy nut which I actually agree with!
Expiring at the end of a browser session is indeed a good default cookie policy, and I see nothing wrong with a pop-up at the top of the browser window, similar to the "Do you want to save your password?", ActiveX warnings, etc, which states "The website at xnd.garbledgunk.adserver.goo[NOT VERIFIED] would like us to send data [view data] whenever this site is accessed, until September 1st, 2013. It gives the reason "Enhanced Browsing Experience". Do you want to allow this? [Yes] [No] [Send data, but forget it when I close my browser]"
-- 'The' Lord and Master Bitman On High, Master Of All
I think I'm equally divided on the agree/disagree factor here, and it's probably a little of both...
1. The company is too disorganized / doesn't know what they're doing, but they have enough sense to see the value of information, so they grab as much as they can, while valuable, they still don't really know what they have / what they're doing with it, these are prime hacker targets (iOS location tracking fiasco).
2. The company has bigger aspirations with the data they mine, the data is mined as thoroughly as possible, categorized, data mined, and formed into trend statistics that the FBI / NSA are very interested in (facebook).
As I said, it's probably a little of both that drives these unethical data collection practices.