Slashdot Mirror
Nine Out of Ten of the Internet's Top Websites Are Leaking Your Data
merbs writes: The vast majority of websites you visit are sending your data to third-party sources, usually without your permission or knowledge. That's not exactly breaking news, but the sheer scale and ubiquity of that leakage might be. Tim Libert, a privacy researcher, has published new peer-reviewed research that sought to quantify all the "privacy compromising mechanisms" on the one million most popular websites worldwide. His conclusion? "Findings indicate that nearly 9 in 10 websites leak user data to parties of which the user is likely unaware."
Not leaking it so much as shooting out of a firehouse.
... don't have my data.
Just skimmed the paper -- and it's talking about the "10 most common top-level domains" -- not websites.
It was clearly not a long-contemplated ethical conundrum for the bigger share of them.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
One out of ten of the Internet's top web sites doesn't leak your information!
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Stop typing your own fucking personal information into websites! It's not like they're kicking in your door and raiding your house. STOP HANDING IT TO THEM!
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
Code that just still works as it was never updated.
The heat saved, the cooling not needed as the intensive new encryption was not turned up.
The cash saved in not having expert staff add new encryption that only modern browsers could really use.
All that tracking adds to deeper understanding of the consumers and earns a profit.
All a browser can do is load up on the more useful add ons to try and block most of the more direct site based tracking.
Domestic spying is now "Benign Information Gathering"
Here is an alternate link that won't feed Vice and here is the linked article. (pdf) The study is very broad but they consider as much as a Google tracking cookie to be "leaking your data", so it doesn't really say much.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
... don't have my data.
And you think Slashdot doesn't share it for some reason? Don't give me this "they didn't say they would share" excuse...
If you do ANYTHING on the big "I" net, you are giving up information, like it or not... It's worse for you, you are posting on Slashdot for Pete's sake....
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Especially with your mobile site with three rows of full-page-height (at 1920x1200 even) ads and a script popping an ad at the bottom that's almost comically impossible to retract?
Chas - The one, the only.
THANK GOD!!!
All reported on a site with links to Facebook Pinterest, Twitter, Tumblr, YouTube, and is most definitely using Google Analytics.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
What makes you think slashdot is in the top ten?
File under 'M' for 'Manic ranting'
[nt]
File under 'M' for 'Manic ranting'
And you think Slashdot doesn't share it for some reason?
Ghostery is blocking the following on Slashdot:
Doubleclick (advertising)
Google Adwords Conversion (advertising)
Google Analytics
Janrain
Scorecard Research Beacon
Taboola
It's on Slashdot, and everywhere else.
Here's a quote from TFA:
Most troubling is that if you use your browser setting to say 'Do Not Track' me, the explicitly stated policy of nearly all the companies is to flat-out ignore you
What we need is 9 out of 10 users to start explicitly blocking tracking and advertising, and then flat-out ignore the companies who complain about their bottom line. That article from the advertising industry group talking about how they screwed up rings a little hollow when they are obviously not interested in respecting the requests of consumers to not track them. Enabling Do Not Track is fine, but that only works with the good actors. For everyone else, see below.
https://www.ghostery.com/
https://www.ublock.org/
https://adblockplus.org/
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Doesn't Adblock/Plus whitelist companies that pay them?
640k ought to be enough for anyone.
I'm 40 to 50 percent of the way (at least; it's a conservative estimate) towards just not using the Internet for anything, anymore, for that very reason. Even using an alias (as I do here), I know that at the very least my ISP can put together enough to track everywhere I go and everything I do, assuming they break all the rules, decrypt https, etc. Of course we now live in a world where, if you go too far off the grid (remove your Internet presence, start paying in cash for everything instead of using plastic) you trigger all sorts of three-letter agency attention that you don't want, because it's now considered a sign of possible criminal activity if you actually have the gall to protect your privacy.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Damn it, I thought I was logged in when I posted that. If you reply to the "does anti-tracknig [sic] software protect against this?" topic, please reply to this so I get a notification.
One story [here] just answered another on
Table-ized A.I.
What we need is 9 out of 10 users to start explicitly blocking tracking and advertising, and then flat-out ignore the companies who complain about their bottom line.
I'll tell you exactly what sort of response that would evoke from pretty much everyone, because I've already seen it: They start moving actual content and functionality for their sites to the same servers that are serving ads and things to track you, leaving you with two choices: accept their ads and tracking, or don't use their site at all. What's your response going to be when >90% of the Internet is denied to you, because you won't give in to their ads and tracking techniques? That's likely what's coming.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
This is a crap article and just pushing for the tool the guy built.
All the tool tells you is that the site makes 3rd party requests (Ghostery does a lot better job at this than some random bundle of python scripts). It does not tell what any of those 3rd party requests are doing, nor whether any personal data is being "leaked" by the site itself. Nor does it tell you if the site is pushing data wholesale on the backend to 3rd parties.
I'm out of my mind right now, but feel free to leave a message.....
Here's proof:
https://www.facebook.com/moron
Table-ized A.I.
As far as I know they give you the option of seeing "trusted" ads (or whatever the terminology is), but last I knew they ask if you want to enable or disable that during setup. At this point I don't think they're turning it on without telling you, and they don't hide the option to turn it off.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
A few add on suggestions got listed in "Firefox 42 Arrives With Tracking Protection, Tab Audio Indicators" (November 04, 2015)
http://yro.slashdot.org/story/...
The Fingerprinting wiki https://wiki.mozilla.org/Finge... has some of the more unique methods to track users.
Soon tracking and ads will just be part of the site as functionality. Try and remove ads, tracking and the page, site is reduced to a title. No text, video, comments unless all tracking blockers are removed. Hard work for creators per page, per hour, per day but the consumer is fully tracked.
Domestic spying is now "Benign Information Gathering"
The website isn't the leak. It just politely asks your browser to leak, and the browser naively complies. FWIW, people are sort of finally on this (e.g. PrivacyBadger) though we're still in the very early days of people-giving-a-fuck.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
What's your response going to be when >90% of the Internet is denied to you, because you won't give in to their ads and tracking techniques? That's likely what's coming.
We'll have to find out what will happen when >90% of the internet sees large drops in their traffic. People in general are becoming more aware to ad-blockers, it's no longer relegated to niche Firefox extensions. That day is coming. I expect to see new revenue models, which may be a way to continue the tracking, e.g. you pay a monthly subscription to a single "content network" that provides access to thousands of sites if you're logged in, rather than paying sites individually. Obviously that parent network would be able to track which of its sites you're on because you need to authenticate.
They start moving actual content and functionality for their sites to the same servers that are serving ads
I don't think we'll see that happen all over the internet. The lure of advertisers and trackers for site operators is that they get paid for putting a little bit of Javascript on their site. If they have more significant setup, hosting, and maintenance costs then it's not going to be as attractive. If they are paying for the bandwidth for third-party ads to be shown on their site then that is no longer negligible. Only the largest sites which would already have their entire operation hosted on a CDN would be fine with that. People buying virtual hosting to host their small-business site or blog aren't going to be bothered to set up something like that.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Even better, install Privacy Badger and it will block player.ooyala.com and the cookies it uses to track you from one site to another.
Good, inexpensive web hosting
As a longtime user of NoScript, this has not even come close to happening yet. I'm not even against ads, but I'm not going to let them run Javascript. If they want to show a banner then be my guest, if they want fingerprint my browser so they can track me across different websites then no thanks.
I read the internet for the articles.
I thought the point of https was that isps and others could not decrypt it?
This. In addition, the ad networks like this because they can build a profile on you. I've never had an issue with a side bar or banner ad or whatever being served up from teh same machine as the content I am reading.
Of course, if it gets too bad, since 99% of my web browsing is *reading* I can go back to a plain old text based browser like elinks
Don't blame me, I voted for Kodos
The other option is to mass-pollute the data. Create an App that sends off dummy web requests from your device so that no matter who is tracking, their data is useless.
They start moving actual content and functionality for their sites to the same servers that are serving ads and things to track you, leaving you with two choices: accept their ads and tracking, or don't use their site at all.
I've already been experiencing this already, not so much because a site is commingling its content and ads, but because my suite of advertisement/tracker/flash blockers break a small portion of the internet. Specifically, I've noticed:
* forbes: I can never click past their "quote of the day"
* politico: the drop down menu bar doesn't work
* lots of sites have comment boxes disabled
* occassionally I come across a video that won't load.
So, my response: some sites just fall off my radar like forbes, but I don't miss them too much. Some sites I used with limited funcitonality, like politico. if i must see a video like if its a cat or something I open the link in a different browser.
dude, there's a lot of content out there. very little is omg I gotta have type of content. if a site isn't loading, just move on.
extending this... I haven't seen this mentioned on the thread to-date. Some browsers have features to help protect your privacy. Safari and Firefox have a setting to block cookies from third-party sites. So if you visit amazon.com and login, the site can put a login cookie on your computer, but you won't get third-party trackers from omg.zzoba321.gov.co.ru.in.
I'm not going name names, but some browsers notably omit this function, possibly because the browser's developer makes all its money from tracking peoples behavior...
You know.../. tracks the fuck out of you. Try sSoylentnews.org (the Red site). No trackers. period. The people are nice, informed, and decisions are made on a community level.
https://soylentnews.org/
Your privacy matters
Your community matters
No trackers. Period.
also note: https
A Good Troll is better than a Bad Human.
What we need is 9 out of 10 users to start explicitly blocking tracking and advertising, and then flat-out ignore the companies who complain about their bottom line.
Yes, and this is part one of the strategy. Already, if I go to a site, and see "We see you are using an ad blocker. Please unblock to access our content.
NONONONONONO assholes! You can just go out of business for all I care. I just click back to where I was, and move on. If enough of them analyze how many people just say a collective "Eat shit mofo's!", that will be the first stage.
The second stage is to give them what they want. lots and lots and lots of data, all spoofed, all the time. Enough to make their data mining completely useless.
The internet is very sick brothers. Time to make it well again.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I'll tell you exactly what sort of response that would evoke from pretty much everyone, because I've already seen it: They start moving actual content and functionality for their sites to the same servers that are serving ads and things to track you, leaving you with two choices: accept their ads and tracking, or don't use their site at all. What's your response going to be when >90% of the Internet is denied to you, because you won't give in to their ads and tracking techniques? That's likely what's coming.
Good. Then I'll usse the ten percent of the sites that are left. Or not at all. Teh intertoobz are mighty damn sick these days, and are rapidly losing any semblance of usefulness. So if it reaches that point, then it will reach zero usefuness for many. Then business and the trackers will have won - sorta.
All I know is I already don't go to sites that demand I turn off my adblocker software.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
We'll have to find out what will happen when >90% of the internet sees large drops in their traffic. People in general are becoming more aware to ad-blockers, it's no longer relegated to niche Firefox extensions. That day is coming.
Pretty much this. I've installed it on a lot of regular folks computers, usually after a demonstration of the difference in loading times enabled and disabled. I'm usually looking at them in the first place because of compliaints of slow loading.
And I'm pretty certain it is having some effect already, as a number of sites that I no longer ever go to pop up screens that tell me to disable my ad blocker software......
Umm no folks, you'll never have even the chance to infect my machine ever again. ESAD baby.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Are you so sure of that? Are you actually taking steps to stop it? Are you verifying it?
Right now on Slashdot as I type this, there are 12 external domains being referenced, 8 of which want to run scripts. All of them are ad or analytics companies.
A massive amount of sites have references to the big ad sites (usually multiple), as well as references and/or cookies to social media sites ... which means a lot of ad companies trivially track you across sites, know where you visit, how often, and the pages you're reading.
Unless you are actively blocking this crap, and unless you're looking at the sites which are being blocked and adding which you've missed ... and clearing any cookies and shit they've added as you go ... you should really assume that these sites are seeing your data even if you don't subscribe to them or realize you're interacting with them.
You have to be fairly aggressively blocking this shit to believe those companies aren't seeing some of your data.
And, quite frankly, if you are aggressively blocking this shit, your friends and family are probably tired of you ranting about how fucked up the internet is. I know mine are.
The problem is so many people don't know this, and even if you try to tell them they don't care.
Lost at C:>. Found at C.
My impression was ISPs didn't look at much data because they potentially lose the safe harbor protections for copyright and other criminal acts their customers might engage in, but with some of the monitoring of usage type the lines may be a little blurred.
Has this changed in some meaningful way?
... requires you reveal information. The laws of physics aren't going to change for anyone.
Not only that, but a good portion of a leakage makes you more secure and is better for the user. How many millions of sites have a facebook login option? So Facebook can see your IP from that... because your browser is loading their javascript.
Would you really rather have a million copies of that javascript file out there that don't get updated when Facebook discovers a vulnerability or improves a security feature? Let's pretend you're not *you*, the tech guy running noscript, but a normal user.
Pretty soon instead of blackholing domains I don't trust, I'm going to to have to start whitelisting the few that I do trust. Nice job corporate assholes, you ruined the internet.
That returns randomly generated crap when websites retrieve their cookies?
We all make sure to lie a lot online. Click random ads, just for the hell of it. Act like a different person, really roleplay, say on random days, but not too random, surprise yourself. If everybody did this there would be no value in your data. Sour the milk.
I expect to see new revenue models, which may be a way to continue the tracking, e.g. you pay a monthly subscription to a single "content network" that provides access to thousands of sites if you're logged in, rather than paying sites individually. Obviously that parent network would be able to track which of its sites you're on because you need to authenticate.
Hmm, seems like what the ISPs are doing righ now. Your point is?
There's an interesting browser for Windows users called OffByOne. I've not used it in years but it wasn't too bad for text-only browsing. I think it displayed pictures as an option. Scripting simply doesn't work in it. At least it didn't years ago. Google indicates it is still around.
"So long and thanks for all the fish."
For instance Slashdot: (orginally posted as AC)
jadserve.postrelease.com
cdn.taboola.com
The following domains don't appear to be tracking you
www.googleadservices.com
cdn-social.janrain.com
cdn.quilt.janrain.com
player.ooyala.com
widget-cdn.rpxnow.com
slashcdn.com
s.ntv.io
you trigger all sorts of three-letter agency attention that you don't want, because it's now considered a sign of possible criminal activity if you actually have the gall to protect your privacy.
This. People are considered criminals and engaging in suspicious activity if they try to arrange their lives so people can't develop dossiers on them, attach derogatory information on whim and then share that dossier with just anyone.
That's insane.
Ask anyone from any dictatorship - and I have- especially read history how democracies turn into dictatorships. It all starts with lists. Lists of people and their supposed attrtibutes and governments encouraging people to turn each other in.
This is exactly what went down in Iraq. Iraqis used the US government's hunger for terorists as an opportunity to get even. A lot of the people arrested and jailed and some tortured did nothing more wrong than be distateful in some way to their neighbor. Other's had ho-hum run of the mill grudges that they'd been nursing.
But it all gets written down and once it's written down, it's true to the next guy who read the dossier.
elinks is better, it can be compiled with both mouse and image support...
Don't blame me, I voted for Kodos
...which means it's failing to block ooyala.com, ntv.io, and rxpnow.com. You might want to get a better browser extension (such as RequestPolicy).
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
...which means it's failing to block ooyala.com, ntv.io, and rxpnow.com. You might want to get a better browser extension (such as RequestPolicy).
Privacy Badger from EFF catches them all.
My point is that what I suggested is completely different from what ISPs are doing right now. When you host a site, does some random ISP pay you when their customer visits it? No? Then it's not the same thing, is it? What I suggested is more along the lines of what cable TV was supposed to be when it started, not ISPs that provide access to the internet in the first place. I don't expect an ISP to create what I'm talking about, that's not their job.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I just moved from an address where I was finally getting a handle on the junk mail is was getting. It had been a nightmare! Junk mail would find it's way into my mailbox yet the truly important stuff would get lost or delayed! Perhaps this is a result of the specific postal office for that address - bad local management, et al... HOWEVER - since I invoked permanent forwarding to my new address, I am getting deluged with junk mail again! Obviously, the default is for the USPS to opt-in my 'new' address to every junk mail service they can sell my address to. I vehemently object! I want a say in that! The default SHOULD be to be opt-ed out, with a option to opt-in when I file for the forwarding. Does this not seem like the sensible, logical thing to do 'by the people, for the people'? As opposed to 'by non-human entities, too the people'! My point is that privacy has been abused ever since constitutional rights have been getting abused. And now it is merely standard practice. It is now up to you, the individual, to protect your self; because our corporate government is failing to do so.
Self-importance and self-indulgence is the root of ALL evil.
...why not every other entity. After all, isn't the government now a corporate entity?!
Self-importance and self-indulgence is the root of ALL evil.
Ghostery does help some, but I highly doubt it will ever near 100% in terms of stopping tracking. As posted elsewhere in this thread, Privacy Badger would be another extension to look into. I don't see a problem with running multiple extensions. Adblock plus is fine for just stopping ads, and obviously Noscript is the heavy-handed way to stop a lot of this stuff also.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I read an article at least a year ago the subject of which was that some ISPs were experimenting with the notion of Institutional man-in-the-middle attacks for the purpose of compressing communications for greater throughput. So carriers such as Verizon could conceivably be proxying HTTPS from one POP to another.