Slashdot Mirror
Ask Slashdot: Should I Expect Tracking When Subscribing To News Sites?
Long-time Slashdot reader robot5x writes: I'm a fan of online privacy and, where possible, don't automatically permit cookies and tend to set Ghostery to block all trackers in my browser. This rarely causes a problem -- I have lots of subscriptions to various sites which require me to login and have only rarely encountered minor issues. Recently I had a present of a Slate Plus membership. I really like their content and was keen on supporting it financially. Activating it from the email they sent required me to first register as a user. I clicked on the icon, and nothing happened. Ghostery picked up 7 trackers which I had blocked.
Assuming that one of these was the cause, I activated each in turn and reloaded. None of them made any difference, except a single tracker from JanRain. Accepting this tracker let everything work perfectly. Reading more about JanRain though -- and particularly its interaction with Adobe analytics (which it also tries to load) -- I discovered that they wanted to "create a holistic view of your business by collecting, analyzing and reporting all customer interactions. To derive the most actionable insights, you must link your customers' actions with who they are and what their interests are. Janrain bridges the gap by connecting demographic and psychographic data, collected through traditional and social login, with Adobe's behavioral data, so you understand the whole customer journey".
I do not want them to do any of this, and don't think I should have to. Interactions with Slate's 'support' were excruciating and -- while they at least didn't ask me to restart my computer -- they actually ended up saying that allowing these trackers is tied to their login process and I have to either accept or get a refund.
Robot 5x asks: Is it unacceptable to have to accept being tracked as a paying customer for new sites? "Or am I just being a big baby?"
Assuming that one of these was the cause, I activated each in turn and reloaded. None of them made any difference, except a single tracker from JanRain. Accepting this tracker let everything work perfectly. Reading more about JanRain though -- and particularly its interaction with Adobe analytics (which it also tries to load) -- I discovered that they wanted to "create a holistic view of your business by collecting, analyzing and reporting all customer interactions. To derive the most actionable insights, you must link your customers' actions with who they are and what their interests are. Janrain bridges the gap by connecting demographic and psychographic data, collected through traditional and social login, with Adobe's behavioral data, so you understand the whole customer journey".
I do not want them to do any of this, and don't think I should have to. Interactions with Slate's 'support' were excruciating and -- while they at least didn't ask me to restart my computer -- they actually ended up saying that allowing these trackers is tied to their login process and I have to either accept or get a refund.
Robot 5x asks: Is it unacceptable to have to accept being tracked as a paying customer for new sites? "Or am I just being a big baby?"
They say it costs twice the amount to win a customer back than to keep and existing one . HOWEVER, the marketing people know their bonuses come from winning a customer back and they get nothing for keeping one. Me, I have ghostery turn up to the max, I also have a large hosts list, I have zero interest in being tracked/spammed/harassed . If I can't get to their site...I go else where....easy choice to make.
So they're going to "build up a profile on you." BFD. What are they going to do with it? Either sell it to advertisers, or sell you stuff. Unless you're someone who goes "oh shiny - must have" it doesn't affect you, and if advertising affects you that much, you have bigger problems. REALLY bigger problems.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
The short answer to the original question is "Yes, they can and will track you."
However, you can making tracking very difficult. The following is what I do. This for those who use Firefox or SeaMonkey as their browser on a Windows system. NOTE WELL the exception.
1. Mark the file cookies.sqlite as read-only. For "smooth" Web browsing, I do want some cookies. To set or update them, I terminate my browser, mark cookies read-write, launch my browser to visit ONLY the Web site for which I want cookies, terminate my browser to eliminate session-only cookies, and restore the read-only setting for cookies.sqlite. Web site might act as if they were setting cookies, but those cookies are lost when I terminate my browser.
2. Disable geolocation. For all of my profiles, I insert the following into file user.js:
user_pref("geo.enabled", false);
The semi-colon (;) at the end of the line is mandatory. You can insert an adjacent comment line indicating why you did this; just begin the comment with two virgules (//).
3. Install the Secret Agent extension from https://www.dephormation.org.u.... Each time I request a Web page, my outgoing Internet headers are different. Some sites that try to use those headers to determine my location have me bouncing all over the world. Every time I go to Panopticlick at https://panopticlick.eff.org/, I get a different result. Two NOTES: (1) Because some Web sites require consistent user agents as you navigate through them, I disabled the extension's capability to vary my user agent string. (2) Because Firefox now requires extensions to be signed by Mozilla and the developer of Secret Agent refuses to submit his extension for signature, this cannot be installed in Firefox. Unsigned extensions can still be installed in SeaMonkey.
Why is Slashdot participating in the tracking?
Glancing at Ghostery, it's blocking 7 trackers. AdBlock Plus is blocking 3 elements. Right here on Slashdot.
And what's with all the freaking third-party Javascript on /. (including the aforementioned janrain) -- seems to be more Javascript now that they've been bought out. I've got NoScript blocking the below and Disconnect reporting 4 advertising requests and 25 Google content requests. What the hell /. Why is all this crap necessary?
It must have been something you assimilated. . . .
Unless you're someone who goes "oh shiny - must have" it doesn't affect you, and if advertising affects you that much, you have bigger problems.
I work in the micro-targeting business and we love people like you. It is the ones who think they are immune to the work we do that are actually the most susceptible because you'll never see it coming. It hasn't been about in-your-face advertising for at least a decade.
It is about swaying you without you even realizing you are being swayed. Here's an egregious example: One of our clients sells alcohol. They use our data to figure out who has alcoholics in their family and then we send them snail-mail coupons for significant discounts on their products, sometimes even completely free, because we know that alcoholism has genetic and environmental components that family members often share and because 10% of the population accounts for 50% of the industry's profits. Those are the people they want to sucker in. And guess what? When the data shows that a heavy drinker has stopped drinking, we send them coupons for freebies too. But we don't just mail them out directly, we have them printed up in their newspaper or their magazine subscription. So it isn't obvious that they've been singled out.
And then there are the politicians (and their superpacs). They use our service to figure out exactly what people's hot button issues are so their campaign and best push those buttons to make them vote for their candidate. Or if there is little chance of getting them to vote for their guy, they do their best to make the voter disgusted with "the other guy" so that they just stay home and don't vote at all. All the big ticket campaigns - presidential and congress do this now and some of the in-state races for important districts are doing it too because it is getting cheaper and cheaper every day.
And that is just the tip of the iceberg. This is the largest industry on planet earth. Facebook alone is valued at 350 BILLION DOLLARS predicated solely on their ability to manipulate people. It doesn't matter how much mental fortitude you have, you will succumb at some point. My company alone has a 10 million dollar budget for pure research in the field of psychology as it applies to swaying people. As the apocryphal saying goes, "You can fool all the people some of the time and some of the people all the time..."
The only way to win this game is not to play.
Slashdot content detected by Privacy Badger:
cdn-social.janrain.com - tracker, block
ads.pro-market.net - ad network, tracker, block
analytics.slashdotmedia.com - seems to be some kind of internal tracker, for additional data beyond what is associated with your account and for ACs
cdn.taboola.com - clickbait and malware delivery platform, block
s3-us-west-2.amazonaws.com - CDN, safe
d29usylhdk1xyu.cloudfront.net - part of Amazon CDN, safe
d3ezl4ajpp2zy8.cloudfront.net
d3hmp0045zy3cs.cloudfront.net
tag.crsspxl.com - tracker/analytics, block
a.fsdn.com - CDN that serves Slashdot's images
www.googletagservices.com - Google ad services, block
s.ntv.io - Seems to be an Amazon DNS server, presumably part of their CDN
rpxnow.com - Login via Facebook etc.
image-assets.stackcommerce.com - tracking and profiling to recommend shit you don't want, block
images.stackcommerce.com
api.stacksocial.com
consent.truste.com - Security services for sites, but also tracks do block
consent-st.truste.com
trackerapi.truste.com
In addition, uBlock Origin also kills:
pro-market.net - Ads/tracking, block
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC