Slashdot Mirror
Ask Slashdot: How Much of Your Online Browsing Can Advertisers See?
dryriver writes: We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B. Logic suggests that some kind of advertising system is following you from site A to B, and possibly onto subsequent sites C, D and E as well. Logic also suggests that this advertising system can now put together a nice long list of whatever you are looking at online. So here's the question: How much of your online browsing is "monitored" or "logged" this way by advertisers? Can there be any realistic expectation of privacy on the internet if the default behavior of advertisers is to track you as much as they can?
of it
I used to work for them. They have no respect for the scientific method, and when forced to choose between no data and bad data, they consistently choose to rely on bad data.
I'm using a customized hosts file and use an ad-blocker. If some ad company still finds it's way I'll just block it. If an ad finds its way to my inbox I'll flag and report it as spam. Gmail has always been very good at that. Bottom line is that ad companies can track me all day long but they wont get anything out of it besides being blocked further.
Advertising content puts tracking cookies in your browser. Due to how cookies work, they are associated with the advertiser, not the website you're looking at. This means that the advertiser will see the *same* tracking ID whenever their content appears regardless of the site they're advertising on. Since they know what sites they're advertising on, they can match that with the tracking ID they've dropped on you to assemble a history of what sites you're browsing through. Including giving you the same ads.
This is the "forgotten" reason why people run ad-blockers: to nix the tracking data across websites!
All of it, including "anonymous" browser modes (see browser fingerprinting).
Install the firefox self destructing cookies plugin. This is how cookies should work. Unless you whitelist the domain, its cookies are destroyed 10 seconds after you leave their page. Others go further with adblock, but just this with kill the tracking.
Want more privacy, absolutely do not run windows anal probe 10 because if you do, you have already lost. Next up run add ons to control your internet experience, the first up a script blocker to block scripts you do not like especially bad advertiser scripts add to that a cookie control add on to either block cookies from particular sites or make them session only and delete them when you leave.
I prefer to control what is allowed to run and what is blocked. So for advertisers, show me shit ads and you are blocked, just one shit ad advertising crap products or services and that also includes ending up at a bad site, those providing ads services to that bad site and you are done, from there on in. You behave yourself with those ads and fine, they might even be informative.
Google search is becoming nothing but google ads, it is starting to look very much like the old asta la vista and MSN, all you see is ads on first the screen, drop to the bottom and look the fucking arse holes have dumped all ads at the bottom, you now have to try to find the bit in between to see your actual search and the shit fucks did that on purpose to force you to read the ads. Google is just becoming more and more shite, from the YouTube advertiser friendly horse shit to google advertiser search bullshit. M$ would have a chance now with MSN search but they decide to be douche bags with Windows anal probe 10.
Why is it, that old tech companies must go down, to be replaced by new client respecting companies, whom then become douche bag corporatists and must again be replaced. Why the crazy stupid business style, is it an American thing, is that the norm for American business, start small and customer orientated become big and become customer abusive.
Chaos - everything, everywhere, everywhen
fonts.google.com
safebrowsing-cache.google.
safebrowsing.google.
98% slashdot, 2% everything else. Slashdotters don't deny it, be proud of it.
How much can the trackers/advertisers on your own site see? There are enough: rpxnow.com, crsspxl.com, google-analytics.com, janrain.com, pro-market.net, taboola.com, ml314.com, and (lol) analytics.slashdotmedia.com.
Trolling is a art,
Unless you take extreme measures, which only a small minority do, they can see all of it, or so near as not to matter.
The measures you must take increasingly break web sites, because we the public have trained the sites that it is acceptable to require privacy invading features for basic functionality. The more sites are broken in this way, the less people are willing to take the measures that might cause them a tiny bit of inconvenience, and so the cycle continues.
The only way for this to be avoided was if the public would have had a backbone. That is something it did not have. So here we are.
You know, if you run a browser which is in "bend over and get fucked mode" you deserve what you get ... because the premise of the modern internet is so fundamentally broken as to assume you should allow any third party to set a cookie, run scripts, let them run scripts, let them run plugins.
We need to re-tune browsers to basically say "sorry, but only self-served content is allowable, and what you can do with scripts and cookies is very limited". But everyone is lazy and wants free and convenient and doesn't give a fuck about privacy.
Block all of the goddamned trackers, shoot all of the people who run the tracking companies in the head, refuse to let the asshole trackers set cookies, run scripts, or even load a web-bug which lets them track you anyway.
All it takes is a couple of browser plugins, and you too can block the parasites, block their ads, and block the tracking which comes with their ads.
And then you can stop worrying about how much Facebook is tracking you, because Facebook gets no goddamned fucking data about you.
You are getting tracked because you're fucking allowing it, and you're letting your asshole politicians tell companies that your data is something they're allowed to monetize.
Fucking wankers today, put on a couple of fucking layers of tinfoil and learn about just what the fuck you're allowing to happen and learn how to fix it.
God has Slashdot become pathetic.
I'm only tracked by the large number of privacy-guard and productivity extensions installed into Firefox running under a fringe open source OS. I've checked before, it's a highly unique fingerprint.
Yeah, so I'm sure there are some companies out there tracking me as the man with seven middle fingers, all extended in the direction of the company tracking me.
Thus, I only ever see advertising for the Armsel Striker.
Haha. Just kidding. Though I might actually click through if they did take a hint.
Setup some adblocking in the router level and you'll learn how much of your bandwidth are wasted by the advertisings and trackings.
Right-click, copy address, open new tab, paste?
I feel fantastic, and I'm still alive.
First, people are a little too paranoid. It is true that the ad is following you , known as retargeting (typically done by the pulsepoint ad network), however unless you actually visit the site (and provide private information like a name), the advertiser doesn't get that sales lead. Your IP address is not what is used for this, the cookie is, and that cookie is married to the ad network. So you might see the same ad from Amazon.com, but it gets served through a dozen different networks to get to you cheaply. Hence if you have ever logged into Amazon, Amazon might personalize that, otherwise you're just a sales lead that expires in a day.
The most invasive ones have always been the ads that use flash. This is because the trackers can be immortal through flash due to default settings allowing storage. With HTML, local storage and cookies can be inspected and deleted, and nothing can be hidden in them that you can't decode. You can also erase them incredibly easy.
Unless you are doing criminal activity, eg pirating movies, you should not be concerned by the average ad, because a lot of the individual data isn't stored, only aggregate data on a much macro level. Advertisers don't care about selling to joe hobo using public wifi, he is not going to buy. They care about selling cars and smartphones to wealthy users, hence you can tell what "income level" you are tiered into by the type of things you are being shown.
The best thing you can do to fight PII collection is to take surveys and lie, particularly about income and gender.
Now that the majority of web traffic is HTTPS, Privoxy isn't any better than a DNS-based blocker such as /etc/hosts or Pi-hole.
Want more privacy, absolutely do not run windows anal probe 10
Yet Windows 10 comes on the majority of laptops in U.S. showrooms. Staples and Best Buy have zero GNU/Linux laptops. So what's the alternative? MacBook? Chromebook? I don't see how a Chromebook is any better privacy-wise; it just has Google's tendrils in it instead of Microsoft's. Or ought everyone to research a Windows laptop's Linux compatibility, buy it, format it, and install Linux?
Thus the advent of AdBlocking, element blocking, and javascript blocking shortly after the massive unwashed were permitted to connect to the Internet in the arly 1990's.
There really is nothing to see here. Of course, if you are the type of person who does not give a shit and clicks on everything they can see anyway, whats the problem?
Blocking all the malicious crap makes a significant portion of websites completely unuseable and unviewable. The solution is simple -- do not do business with turds that participate in such carp. Eventually they will learn.
or a 1 pixel x 1 pixel gif https://www.monster.com/career...
When was there an expectation of privacy in the internet?
If you visit Site A, Site A has your browsing history of Site A. They're free to share that information with who ever they please.
When you visit Site B, they're free to share it all too.
If Site A and Site B both share that information with Adverting Network A, then Advertising Network A has your browsing history of Site A and Site B
It's like rocket science, only not quite.
More like brain surgery.
According to "Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley" by Antonio Garcia Martinez, who combined Facebook data with third-party demographic data to determine the identity of a user either logged in or browsing anonymously, quite a bit. And he ain't sorry for compromising user privacy in this podcast.
I watch Netflix exclusively on my PS3 and yet Pornhub shows me ads on my laptop based on what I watched on my PS3. I'm not logged into my Netflix account on my laptop. In fact, the only account that's shared between the two is Amazon. Netflix must be sharing my viewing habits by IP address to an advertiser who has a relationship with Pornhub. Does that strike anyone as unexpected and creepy?
This leaves only a couple options for privacy on the Internet:
1. Use TOR to do all your browsing.
2. Demand regulations that prohibit sharing with 3rd parties without opt-in consent that isn't a condition of accessing a service.
Think globally but act within local variable scope.
because I don't see advertisements.
In 2015, it was a USD$25 Billion business to track users on the carriers backbones and sell that data to ad-tech companies.
Its so profitable that Verizon bought Yahoo, AOL and other content companies to improve the data to generate more revenue from tracking users. Because it is done "in the network" and Verizon has your personal details, they can provide hi-fidelity data for improved ad performance.
http://adage.com/article/datadriven-marketing/24-billion-data-business-telcos-discuss/301058/
They can serve up all the ads based on my browsing habits they want. They just get ignored like TV/print ads and more often than not they advertise stuff to either after you've bought it or decided you don't want it. If by chance they do manage to serve up an ad for something you're after for a good price then all's the better, if you even notice.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
This article has brief descriptions of six secure browsers and a secure plug-in. The article is pretty recent (August 1, 2007). The browsers and plug-in are
Epic Privacy Browser
Comodo Dragon/Ice Dragon
Brave
Tor
Dooble
HTTPS Everywhere (plug-in)
Yandex Browser
If you allow javascript, they watch the mouse move. If you've ever seen the tools used, it is scary. Basically, they see your browser. People move their mice where their focus is. Doesn't work as much for touchpads, however.
Basically, they get to watch you use a browser, 100%.
So ... run Linux. Disable javascript except for sites you really, really, really, trust and use Pi-Hole (or a 300K+ /etc/hosts blocklist).
But everyone should have basic Linux skills these days. It is a matter of privacy.
There are Linux InstallFests around the world every month. My group has a weekly meeting, but the key is that we will not do it for you. If you want to pay someone, I'm $150/hr, but the group will spend a month of Sundays helping you install it yourself for $0.
This weeds out the "tell me what to click" people - by design. People like that don't do well with a full linux system. They are better off running a chromebook and letting google have everything. True - google wants to know everything, but they are stingy about giving out that data to anyone else and they know about security. It is possible to use a chromebook without linking to a gmail/google account, BTW. I did for 4 months - before wiping the SSD and loading Linux. Of course, chromebooks have some major limitations, but they do handle all OS updates, all data is online, and you can use any chromebook as your own. Just login (which is a serious issue).
I've never seen Win10 up close - actually, haven't seen Win8+ up close. We are on Win7 at work and looking to migrate off Windows completely on the desktops. We'll keep a few Windows terminal servers to run productivity applications where libreoffice doesn't work well enough. The "unstated" goal is to make MS-Office a hassle to use, so people will just use libreoffice instead. Google docs isn't an option for us, BTW. Just too many faults.
There were a couple presentations at Defcon around this very topic. I took from it there is good news and bad news. The bad news is the answer is probably not. You can certainly reduce the tracking considerably with all the countermeasures mentioned here. But there is always going to be some leakage, especially once the primary domains start hosting the trackers themselves then sharing the data on the backend. I think that is inevitable as ad/script blockers become more and more prevalent. The good news is that the blockers are effective enough for now that a lot of snoops are turning to 'anonymized usage data' from various browser extensions to get around them. Maybe not such good news if you have one of those extensions installed. e.g. Web of Trust
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Yes.
Seriously, don't we all have adblocking software installed by now? I haven't seen an ad in years - because I do not want to run the risk of infection through malware ads, because I do not care to be tracked, because I don't want to spend the resources to download them and render them, because they draw my attention to things I don't care about in the first place, and finally... because I can.
Ads could have been an acceptable form of commercialisation on the internet. It's entirely on the companies that load up their sites with blinking, jumping, animating, corrupting, and tracking BS ads, and barely any content, that I choose to block them entirely.
it's like drinking water from a fire hose. Too much of anything and you get lost in the sea of what you are looking for.
Who cares? I never look at nor click on any ad, so why should I care of the advertisers waste resources on implementing trackers?
Or do you mean that there are people who actually click on adverts?
We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B.
I certainly don't know that phenomenon. I'm honestly not that familiar with the phenomenon of online advertising. Why are you?
Sounds like crazy talk to me. I'm pretty sure those are only on TV.
Shameless self-promotion of my master's thesis on third-party tracking follows; see full PDF for numbers backing up claims. A paper based on the thesis also got published by IEEE.
I'm uncomfortable being "monitored" and "logged" -- but worry less about visible advertisements, and more about either hidden web beacons or visible (but desirable) content served by known tracker organizations. Adblockers can block most visible ads, and you'll notice if one slips through -- but fewer care about less blinky-flashy tracking.
Google is the king here; they have embedded fonts, videos, maps, analytics scripts -- and own one or more ad networks. Google alone has resources present and loaded from 85%+ of global top sites. That includes domains protected by HTTPS, which doesn't actually protect against "active tracking." Among others, these numbers dwarf those of Facebook and Twitter -- and any other ad/tracker network that I know of; see Table C.14 for some Google services such as DoubleClick, Analytics, Maps, Youtube, Fonts, APIs.
For my master's thesis (2014-2015) I asked a similar, but broader, question: how prevalent are third-party resources on websites/domains? Turns out most domains in Alexa's top 10.000 sites have some kind of resource (image, script, video, fonts, ads, and so on) from another domain (internal/external CDN, content provider, advertising network, etcetera). Downloaded the front page of some 150.000 domains to compare; the pattern continues across other sets of domains. See Appendix C in the PDF for lots of numbers and graphs.
My personal tips: if you're stubborn, use uMatrix to block/unblock resources per origin domain and resource type. If you're even more stubborn, edit the settings to blacklist all non-first party resources and only whitelist what you'd like to see -- but expect a steep learning curve. Your boss is probably more comfortable with uBlock Origin.
joelpurra.com
Q: "How Much of Your Online Browsing Can Advertisers See?"
A: "depends on how deep their pocketbook is".
With noscript, adblock and ghostery the problem goes away.
Also much faster since since my browser doesn't have to download a dozen slow javascript files...
It depends on how strong your countermeasures are. But it's a safe bet that, even with very strong defenses, some advertisers will see some of it.
But if you like Windows go with 7 or 8.1 [for the time being] and see what developments there have been as they approach those end dates.
Which raises the question of where to get a Windows 7 license for a newly purchased PC that came with Windows 10 Home. Windows Home has no downgrade rights according to this table. Would you recommend that everybody who buys a new PC with Windows spring for the Pro upgrade just for the downgrade rights?
"We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B."
Yeah, uh...no. We don't. I've never experienced this, because I've been running some variety of ad blocker for the past...14 years. Not to mention protecting myself from tracking cookies for the last 10.
This type of user behaviour monitoring is unacceptable. I can't fathom how any user could ever go on the web without protection against it. Of course there are many other tricks like browser fingerprinting that I'm sure I've been susceptible to at various points, and that is even more frustrating. We need a universal declaration of user rights for the internet to outlaw this kind of behaviour and make it criminally punishable in all courts around the world.
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
(Want more? Ask)
* It's recommended/hosted by Malwarebytes' hpHosts!
APK
P.S.=> China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ ... apk
Hosts files are more efficient than browser based addons in memory use as well as operating out of kernelmode (vs. slower usermode layering) & hosts aren't easily detected by native browser methods for blocking them (as addons are).
APK
P.S.=> Hosts = better, by FAR, & you have EASY direct control of their data (try that for MOST folks using regular expressions addons use like Ublock etc.) apk
See subject & APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script/malware rob speed/security/privacy (bandwidth too).
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99.999% of ISP DNS != patched vs. it) + lighten DNS load & resolve faster from local system RAM!
* Via what u NATIVELY have in the FASTER kernelmode IP stack!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
The safe assumption is that everything you do, every site you browse, every post you make is known -to everyone. If you wouldn't shout it down the hall, don't put it on the internet.
Z00L00K you wish you were me & could manage this (small partial sampling only) https://yro.slashdot.org/comments.pl?sid=11033545&cid=55085539/ but you also KNOW that "your kind" (FAKE NAME FUCKS ONLINE) never can or will... period.
APK
P.S.=> You're a loser motherfucker. - a FAKE NAME ONLINE for your FAKE LIFE "ne'er-do-well" DO NOTHING ZERO nothing nobody (which you also know about your pitiful self).. apk
Malwarebytes hpHosts' hosts/RECOMMENDS me!
Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/
Brocke Wilders of WILDERS' SECURITY does inferior clone of MY work http://www.wilderssecurity.com/threads/hosts-block.378901/
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/ "Host file accessing the Internet - particularly browsing the Web - is actually faster... Spybot Search & Destroy offer lists of known malicious servers to add a layer of defense against trojans & other forms of malware"
OReilly hosts security -> http://oreilly.com/pub/a/windows/2004/03/30/hosts.html/ & hosts speed -> http://www.oreillynet.com/pub/a/network/excerpt/winxphacks_chap1/index1.html?page=3/
Steve Gibson endorses hosts https://www.grc.com/sn/sn-045.htm/
APK
P.S.=> China = imitation = flattery http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
* It's recommended/hosted by Malwarebytes' hpHosts!
APK
P.S.=> See subject & those quotes above - I can supply more on demand easily... apk
Malwarebytes hpHosts' hosts/RECOMMENDS me!
Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/
Brocke Wilders of WILDERS' SECURITY does inferior clone of MY work http://www.wilderssecurity.com/threads/hosts-block.378901/
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/ "Host file accessing the Internet - particularly browsing the Web - is actually faster... Spybot Search & Destroy offer lists of known malicious servers to add a layer of defense against trojans & other forms of malware"
OReilly hosts security -> http://oreilly.com/pub/a/windows/2004/03/30/hosts.html/ & hosts speed -> http://www.oreillynet.com/pub/a/network/excerpt/winxphacks_chap1/index1.html?page=3/
Steve Gibson endorses hosts https://www.grc.com/sn/sn-045.htm/
APK
P.S.=> China = imitation = flattery http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/
lucm, thanks for this advice. Can you provide some more info on the risks associated? e.g. email accounts going stale and not being able to access password reset info later. In other words what, if any, problems you've encountered or process efficiencies or hacks have you found that you could share? I'm very interested in doing this myself. Thanks!
Aryl - Thanks for this advice. Would you be kind enough to share any problems or pitfalls I should look to avoid by adopting this strategy? Also would be great if you suggested any hacks, better processes or insights. I'd like to adopt this and learning from someone who's already done it would be helpful. I'd like to avoid problems like account lockouts/deletions from lack of activity, for example. Best, Marcus
AmiMojo - thanks for this. I always look forward to your informative and useful posts. What suite of apps would you recommend to implement for reasonably high protection? Generalized information like you've already given is best, since many people will be reading the post. This is why I am not burdening you with my config. Whatever you think would be good additions to a PiBadgerBlock solution would be great to hear. Thanks!
...The average user as far as demographics go?
Most of us bothering to /. are seen as statistical noise.