Slashdot Mirror
Stanford, Mozilla, Opera Launch Web Privacy Initiative
An anonymous reader writes "Stanford Law School has kicked off a 'Cookie Clearinghouse' web privacy initiative that brings together researchers and browsers. The project aims to provide a centralized and trusted repository for whitelist and blacklist data on web tracking, much like StopBadware does for malware. Mozilla and Opera are collaborating on the initiative, and Mozilla plans to integrate it into Firefox's new default third-party cookie blocking. The leader of an advertising trade group has, of course, denounced the participating browsers as 'oligopolies.'"
Finally! Using add-ons like "RequestPolicy" and "CookieMonster", without a whitelist/blacklist is a pain, especially on forums where people put pictures that could be hosted anywhere.
"Exxxxeeeelent" *rub hands*
“There are billions and billions of dollars and tens of thousands of jobs at stake in this supply chain,” said Rothenberg, who called the browser makers “oligopolies” with excessive power to make decisions affecting the workings of the Internet. “It should be done with stakeholders’ input.”
Mr. Rothenberg, you keep using that word. I do not think that it means what you think it means. The "stakeholders" in this are the users of the browsers, not the web site operators. Get that part right, at least. It is my browser, not the web site operators. If I don't want it to allow me to be tracked through the use of third-party cookies, I should have that choice, just like it's the web site operator's choice to deny me access if I don't allow such tracking. It's all about choice and when it comes to what my browser should or should not do, that choice is mine.
Now if only Safari would allow the handling of cookies on a site-by-site basis, like Camino used to. For most sites I want to allow the cookies but have them wiped at the end of the session.
That behaviour works for me, and is only slightly annoying when I encounter one of those clusterfuck websites that want to set lots of cookies.
The twins of Mammon quarrelled. Their warring plunged the world into a new darkness, and the beast
abhorred the darkness. So it began to move swiftly, and grew more powerful, and went forth and multiplied.
And the beasts brought fire and light to the darkness.
from The Book of Mozilla, 15:1
The group in question is the Interactive Advertising Bureau, which is paid to rail against pretty much anything that makes it harder for advertisers to track people online.
I don't want these shitbags tracking my browsing history, which is why I block or otherwise restrict most cookies, and block web bugs. I'm fine though with adverts - just not Randall Rothenberg's view of spying being an acceptable price for free content. Bloody hell, even his name makes him sound like some 19th century mad industrialist, busy earning a fortune from grinding childrens' bones in to cosmetics.
-- Using the preview button since 2005
An oligopoly that between them has around 20% of the market?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
See http://superuser.com/questions/257792/how-can-i-block-ads-in-internet-explorer
Not that I use IE, but I tried that immediately and it works great. No need to install any add-ons, it works right out of the box, you just have to subscribe to one of those lists (like in Adblock+). And the page with those lists is provided by Microsoft!
You know what Mr Rothenberg, we don't give a shit.
Because also at stake is our privacy, and our right to not have some douchebag advertising company know every detail of our lives.
I don't want doubleclick, quantserve, google analytics, scorecard research, and all of these other assholes to get a phone-home beacon on every page I visit -- which is why between my firewall and various things like NoScript/ScriptSafe, these sites are blocked.
I don't owe you marketing data, and I'm not interested in your product. Don't act like it's your right for me to provide you this data, because it isn't.
The advertising companies who do this are the oligopolies, Mozilla is just putting some more freedom in the hands of their consumers ... or maybe you don't like it when consumers exercise their right to be not interested in what you're selling and your just a corporate mouthpiece who is only interested in corporate freedom?
I don't have any more sympathy for advertisers than I do for telemarketers. They can both go eat shit and die.
Lost at C:>. Found at C.
As an experiment, I recently tried setting Chrome to keep cookies only for each session (ie delete everything when I close the browser). So far I have not noticed any substantial difference to my browsing experience - all the sites I go to still seem to work normally. It seems like a good compromise - if cookies are disabled completely, lots of sites do not work properly, and do not report why they are not working, and maintaining a manual exception list is a pain.
I'm not convinced that's true .. because if you set Safari to block 3rd party cookies, and go to a web site, you still get 3rd party cookies.
So, whatever 'fix' Apple did seems pretty useless to me. Which is why Safari for me is used only to host Facebook -- I don't trust either of them, and if the browser never visits any other sites, there's no other information to be gleaned.
Lost at C:>. Found at C.
Firefox with ABP (load up the subscriptions, uncheck 'allow some advertising), NoScript (take out all the whitelisted URLs which are there by default) and Ghostery. Add in an extension which forces HTTPS.
Stop visiting sites that make you add any of their shitware scripts to the whitelists in NoScript or Ghostery.
There's a reason advertisers hate, hate, HATE those three plugins. It's because they are like holy water being poured on the foreheads of obese, slovenly vampires which want to devour your personal data.
We just class the companies who do all this tracking as a security threat, i mean how can you not ? we have a financially orientated team or people (lets call them a gang) coming together for the sole purpose of obtaining data and perform said activities covertly by way of obfuscation and hidden web bugs
thats the very definition of what a security threat is, just because they wear a suit and call it "metrics analytics" doesnt change the nature of their business, spying on people for cash, funny how all the big players in that space are all creepy American companies again, maybe the NSA incident is a cultural issue not political
So Rothenberg doesn't want the companies he represents to have their activities tracked and to be profiled without their consent? I seem to remember reading a rule about that. Golden something-or-other ...
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Not according to the whole way the Internet works. These are two completely unrelated domains. If you wanted the system to work for you, call your images server images.stanford.edu. Now see how simple your decision to allow or deny Stanford cookies is?
a) A general end to end encryption mechanism, as opposed to the current end to server mechanism. If I send a message to Bob using FaceBook, that is between me and bob, not Bob, Facebook, NSA, CIA, or any other law breaking faction of government that might have the technical means to grab it.
So it should be encrypted with Bob's certs, not Facebooks certs.
b) Thunderbird to support public key exchanges like SSH does. So a public key is attached to outgoing mail, a client that supports it, records that key the first time it sees it, and from then on send to my email are encrypted with that key. i.e. removing the public certificate authority, and relying on the first key exchange to encrypt mail end to end.
c) A HTML extension, declaring an encrypted edit field, with a second extension declaring the recipient. The browser only allows javascript and send to see the encrypted edit text, encrypted with the public key of the recipient (which you obtained on the first key exchange, see a). The edit field needs a visual indicator so we know its encrypted. So webmail can support end to end encryption.
d) An add on to force sites like Yahoo, Hotmail and Gmail into encrypted mode. So we can webmail encrypted even if the site refuses to cooperate.
e) Better control of certificates, I'd like to remove all the cert authorities that have a US base as untrusted (untrustable), but I'm reduced to going through them one by one. Also SSH has warned me in the past of attempts to substitute a certificate, does Firefox do the same?
f) File send data encrypted. People upload zip files with their banking passwords, and other details, thinking they're trusting Google or Yahoo or Dropbox or whatever with a backup copy of their data, not realizing they're handing it to a Dr Strangelove. They should have an easy way to upload it encrypted with their own key.
g) ISPs, can I have the old Deutsch Telekom trick of renewing an IP address every 2am. Making tracking more difficult.
h) ISP's if you're putting in Super NATs can we have them using a session id, and not some constant mechanism that reveals the end point after the NAT.
I am hoping they can fix the very long outstanding security bug for the Thunderbird chat - enable the ability for people to use plugins like OTR in Thunderbird chat. So far It is like they are dragging their feet on it/don't want encryption/privacy is not a priority:
https://bugzilla.mozilla.org/show_bug.cgi?id=779052
https://getsatisfaction.com/mozilla_messaging/topics/otr_support_in_instant_messaging_chat
https://getsatisfaction.com/mozilla_messaging/topics/deleting_chat_conversations_or_going_off_the_record
But how do you get more privacy out of a centralized repository? Centralization and privacy don't mix. And that word... trusted... please...
“He’s not deformed, he’s just drunk!”
Tough tits, toots.
Advertisers are of course, free to create their own extra-spiffy browsers, just chock full of advertising.
Please do not read this sig. Thank you.
Stories of doom and gloom were also spewed by the Phone telemarketers and they are doing just fine.
Jack of all trades,master of none
What happens next?
See what we have planned ( click link )
404 — Fancy meeting you here!
Don't panic, we'll get through this together. Let's explore our options here.
Nothing changes LOL
There's SuperCookies such as Flash cookies. They track you across browsers.
Even with defenses against Supercookies, and with 3rd-Cookies OFF. There's still plenty of ways to track you.
I highly recommend everyone to download and use TorBrowser as much as it's practically possible.
Be nice if the EFF could find a way for anyone on metered bandwidth to be able to charge advertisers with theft of services. Honestly, how much bandwidth do these uniinvited guests burn? Heck, even with NoScript, AdBlocker, Ghostery etc running advertisers are stealing bandwidth, processor cycles and electricity.
Definitely! TorBrowsers a great browsing experience and about as anonymous as you can get connecting from home. A couple of things to look for though:
1) Some sites, like Google won't let you. Just use DuckDuckGo instead. Even when using !google bang, it gets past the Google block on the exit relay IP.
2) Don't set yourself up as an exit relay. Really, don't do this! A non-exit relay is safe and helpful from any computer, but you really do not want the computer/IP address you use to be an exit relay. Bad things will probably happen.
-- Using the preview button since 2005
I think it would be awesome if browser vendors would create a list of domains which when referenced the browser simply would treat the same as if it looked up the domain and no address records were found. Obviously there should be more fine grained tools but sometimes if you cut it off any later then DNS fingerprinting cannot be averted.
We have such a list in our local DNS cache and it is quite awesome.
Not if I don't have Flash installed on my machine it won't. I trust Flash about as much as I trust politicians -- which is to say not at all.
Lost at C:>. Found at C.
The issue infonnis most things used to block adds and stop cookies is that more often than not companies pay to be on an exceptions list. Hence you will still have this problem..?
Hi. I'm running the Cookie Clearinghouse. I'd like to do a good job with it. From prior experience with Do Not Track, I notice two things: (1) it's impossible to actually get anything *done* with too many people in the room, yet (2) users are basically not part of the discussions, yet alone decisions. How, if at all, would you like to be involved? What's a good way to get more smart voices into the discussion without it being a DDOS on my time?
> There's SuperCookies such as Flash cookies. They track you across browsers.
touch .adobe .adobe .macromedia .macromedia
chmod 000
touch
chmod 000
ll -og .adobe .macromedia .adobe .macromedia
---------- 1 0 Nov 17 2011
---------- 1 0 Nov 17 2011
So much for Flash cookies on linux. A similar approach should work in Windows, depending on which directory Flash cookies are stored there. And many browsers have an option to refuase/allow Flash cookies and/or HTTP5 storage.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user