Slashdot Mirror
Ask Slashdot: How Much of Your Online Browsing Can Advertisers See?
dryriver writes: We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B. Logic suggests that some kind of advertising system is following you from site A to B, and possibly onto subsequent sites C, D and E as well. Logic also suggests that this advertising system can now put together a nice long list of whatever you are looking at online. So here's the question: How much of your online browsing is "monitored" or "logged" this way by advertisers? Can there be any realistic expectation of privacy on the internet if the default behavior of advertisers is to track you as much as they can?
of it
Advertising content puts tracking cookies in your browser. Due to how cookies work, they are associated with the advertiser, not the website you're looking at. This means that the advertiser will see the *same* tracking ID whenever their content appears regardless of the site they're advertising on. Since they know what sites they're advertising on, they can match that with the tracking ID they've dropped on you to assemble a history of what sites you're browsing through. Including giving you the same ads.
This is the "forgotten" reason why people run ad-blockers: to nix the tracking data across websites!
Install the firefox self destructing cookies plugin. This is how cookies should work. Unless you whitelist the domain, its cookies are destroyed 10 seconds after you leave their page. Others go further with adblock, but just this with kill the tracking.
Want more privacy, absolutely do not run windows anal probe 10 because if you do, you have already lost. Next up run add ons to control your internet experience, the first up a script blocker to block scripts you do not like especially bad advertiser scripts add to that a cookie control add on to either block cookies from particular sites or make them session only and delete them when you leave.
I prefer to control what is allowed to run and what is blocked. So for advertisers, show me shit ads and you are blocked, just one shit ad advertising crap products or services and that also includes ending up at a bad site, those providing ads services to that bad site and you are done, from there on in. You behave yourself with those ads and fine, they might even be informative.
Google search is becoming nothing but google ads, it is starting to look very much like the old asta la vista and MSN, all you see is ads on first the screen, drop to the bottom and look the fucking arse holes have dumped all ads at the bottom, you now have to try to find the bit in between to see your actual search and the shit fucks did that on purpose to force you to read the ads. Google is just becoming more and more shite, from the YouTube advertiser friendly horse shit to google advertiser search bullshit. M$ would have a chance now with MSN search but they decide to be douche bags with Windows anal probe 10.
Why is it, that old tech companies must go down, to be replaced by new client respecting companies, whom then become douche bag corporatists and must again be replaced. Why the crazy stupid business style, is it an American thing, is that the norm for American business, start small and customer orientated become big and become customer abusive.
Chaos - everything, everywhere, everywhen
Advertisers are idiots.
I go on line and search for something. I find a good deal and buy it. NOW they start popping up ads for that thing*.
*A specialty tool for fixing my car. It's likely I will never need another.
Have gnu, will travel.
I change my online identity on a regular basis. That's the best strategy. They can keep terabytes of tracking logs about jdoe411 if that amuses them, when I switch to redsoxfan4life it's going to be a blank slate. The first few times that I did that I was mostly annoyed by the bookmarks I was losing, but I long stopped copying them over. The fresh start is always great.
lucm, indeed.
98% slashdot, 2% everything else. Slashdotters don't deny it, be proud of it.
How much can the trackers/advertisers on your own site see? There are enough: rpxnow.com, crsspxl.com, google-analytics.com, janrain.com, pro-market.net, taboola.com, ml314.com, and (lol) analytics.slashdotmedia.com.
Trolling is a art,
Unless you take extreme measures, which only a small minority do, they can see all of it, or so near as not to matter.
The measures you must take increasingly break web sites, because we the public have trained the sites that it is acceptable to require privacy invading features for basic functionality. The more sites are broken in this way, the less people are willing to take the measures that might cause them a tiny bit of inconvenience, and so the cycle continues.
The only way for this to be avoided was if the public would have had a backbone. That is something it did not have. So here we are.
I'm only tracked by the large number of privacy-guard and productivity extensions installed into Firefox running under a fringe open source OS. I've checked before, it's a highly unique fingerprint.
Yeah, so I'm sure there are some companies out there tracking me as the man with seven middle fingers, all extended in the direction of the company tracking me.
Thus, I only ever see advertising for the Armsel Striker.
Haha. Just kidding. Though I might actually click through if they did take a hint.
you might return it and buy a similar item
your friend might want one too and the ad reminds you to tell him you just bought one and it was an awesome product
you might break the one you bought and need another
you buying one makes you more valuable to advertise the same item to then someone who didn't
Same here, I change it up every year or so. I've collected about 12 different Gmail accounts along the way. The only pain in the ass is finding an old website I used to visit and having to go through all of them to find the password change request email.
Right-click, copy address, open new tab, paste?
I feel fantastic, and I'm still alive.
I think I get one spam mail every second month using Gmail, and I don't even see text ads because my ad-blocker filters it, so I have no idea what you are talking about.
Now that the majority of web traffic is HTTPS, Privoxy isn't any better than a DNS-based blocker such as /etc/hosts or Pi-hole.
Want more privacy, absolutely do not run windows anal probe 10
Yet Windows 10 comes on the majority of laptops in U.S. showrooms. Staples and Best Buy have zero GNU/Linux laptops. So what's the alternative? MacBook? Chromebook? I don't see how a Chromebook is any better privacy-wise; it just has Google's tendrils in it instead of Microsoft's. Or ought everyone to research a Windows laptop's Linux compatibility, buy it, format it, and install Linux?
I used to use all that crap until I found out about PiHole. Now I just have my networks clients use it for the primary name server. The DNS requests to the ad servers never make it out of my network, so they never see any requests from me. For the few things that do make it through, uBlock Origin gets those until the PiHole lists get updated. It's also pretty damned effective at eliminating telemetry data from making it outside the network.
Now, PiHole is basically just a glorified hosts file, but it allows me to handle things for the entire network instead of a device by device basis, as well as protecting those devices where I can't get at a hosts file (ie, mobiles)
Of course, this doesn't do anything about websites that set cookies and share their own data with advertisers, but there are other tools for dealing with that.
But I always consider that a good thing. They fixed on something I was interested in at least once, then used that instead of poking ads for other things in my face all the time. After that times out or whatever, they eventually default back to advertising dating sites for asian chicks... my internet profile must make me look lonely or something.
If I had a DeLorean... I would probably only drive it from time to time.
or a 1 pixel x 1 pixel gif https://www.monster.com/career...
When was there an expectation of privacy in the internet?
If you visit Site A, Site A has your browsing history of Site A. They're free to share that information with who ever they please.
When you visit Site B, they're free to share it all too.
If Site A and Site B both share that information with Adverting Network A, then Advertising Network A has your browsing history of Site A and Site B
It's like rocket science, only not quite.
More like brain surgery.
According to "Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley" by Antonio Garcia Martinez, who combined Facebook data with third-party demographic data to determine the identity of a user either logged in or browsing anonymously, quite a bit. And he ain't sorry for compromising user privacy in this podcast.
I watch Netflix exclusively on my PS3 and yet Pornhub shows me ads on my laptop based on what I watched on my PS3. I'm not logged into my Netflix account on my laptop. In fact, the only account that's shared between the two is Amazon. Netflix must be sharing my viewing habits by IP address to an advertiser who has a relationship with Pornhub. Does that strike anyone as unexpected and creepy?
This leaves only a couple options for privacy on the Internet:
1. Use TOR to do all your browsing.
2. Demand regulations that prohibit sharing with 3rd parties without opt-in consent that isn't a condition of accessing a service.
Think globally but act within local variable scope.
because I don't see advertisements.
Yes, but there is research showing that browsing habits are a good enough fingerprint to identify people. It is hard to change your browsing habits, hence the name, "habit".
Drakonblayde is right - PiHole is excellent. It can run on any Debian system (not just on a Raspberry Pi), and Red Hat/Fedora too (though I use Debian).
https://pi-hole.net/
The devs have a great attitude. I donated to further their cause. Maybe you will too, once you try it.
The major limitation of PiHole, and hosts lists in general, is that they can't re-write HTML on the fly like uBlock can. All they can do is block certain domains, they can't do pattern matching or collapse the holes where the advertising used to be.
PrivacyBadger has a big advantage over hosts files too - it does real-time analysis and automatically blocks sites that appear to be tracking you, without the need for someone to manually check and update a hosts file.
Hosts is becoming ineffective anyway as advertisers get wise to it and either register new domains constantly or start serving the advertising/malware from the same server as the content. uBlock can also defeat anti-adblocking measures that check for content loading.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
They can serve up all the ads based on my browsing habits they want. They just get ignored like TV/print ads and more often than not they advertise stuff to either after you've bought it or decided you don't want it. If by chance they do manage to serve up an ad for something you're after for a good price then all's the better, if you even notice.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
This article has brief descriptions of six secure browsers and a secure plug-in. The article is pretty recent (August 1, 2007). The browsers and plug-in are
Epic Privacy Browser
Comodo Dragon/Ice Dragon
Brave
Tor
Dooble
HTTPS Everywhere (plug-in)
Yandex Browser
They often have your IP geolocatable to your house, or at least the neighborhood. That's how they always manage to have sexy singles available to chat in your tiny-ass town.
That's funny, because they seem to think I live in a place that is actually 200 miles from here. I have not corrected them. Also I get notified, with nice pictures, of lonely sex-starved MILFs who live "Only 400 away". 400 yards? 400 miles? Must be miles because no-one lives with 400 yards of me except an old farmer.
Everytime you block something, they've accomplished their mission - getting it before your eyes... - they only need to win once.
If they only need once why do they keep showing the same advert on TV for months or years? Eg everyone in the UK must have seen a certain particularly annoying advert for insurance over a thousand times. If you are right they could have saved themselves a lot of money by showing it just for a few days, say.
And what have they achived by getting it before my eyes? I am more likely to be pissed off by it, the more so the more intrusive it is. There are certain brands I make a point of not buying because their adverts were so annoying.
There were a couple presentations at Defcon around this very topic. I took from it there is good news and bad news. The bad news is the answer is probably not. You can certainly reduce the tracking considerably with all the countermeasures mentioned here. But there is always going to be some leakage, especially once the primary domains start hosting the trackers themselves then sharing the data on the backend. I think that is inevitable as ad/script blockers become more and more prevalent. The good news is that the blockers are effective enough for now that a lot of snoops are turning to 'anonymized usage data' from various browser extensions to get around them. Maybe not such good news if you have one of those extensions installed. e.g. Web of Trust
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Yes.
A mile away when it's 10 miles to the next house.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Seriously, don't we all have adblocking software installed by now? I haven't seen an ad in years - because I do not want to run the risk of infection through malware ads, because I do not care to be tracked, because I don't want to spend the resources to download them and render them, because they draw my attention to things I don't care about in the first place, and finally... because I can.
Ads could have been an acceptable form of commercialisation on the internet. It's entirely on the companies that load up their sites with blinking, jumping, animating, corrupting, and tracking BS ads, and barely any content, that I choose to block them entirely.
Apk is a spammer anyway.
The alternative to blocking ads is to click them every time because each click costs the advertiser a certain amount.
Ad clicking bots...
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I'm using a customized hosts file and use an ad-blocker. If some ad company still finds it's way I'll just block it. If an ad finds its way to my inbox I'll flag and report it as spam. Gmail has always been very good at that. Bottom line is that ad companies can track me all day long but they wont get anything out of it besides being blocked further.
Ah, the irony! All of your email goes through the world's largest advertising company. They get plenty out of it.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
it's like drinking water from a fire hose. Too much of anything and you get lost in the sea of what you are looking for.
Also I get notified, with nice pictures, of lonely sex-starved MILFs who live "Only 400 away". 400 yards? 400 miles? Must be miles because no-one lives with 400 yards of me except an old farmer.
What you don't know is your old farmer neighbor is a pervert with a basement stocked with women.
"That's the way to do it" - Punch
Shameless self-promotion of my master's thesis on third-party tracking follows; see full PDF for numbers backing up claims. A paper based on the thesis also got published by IEEE.
I'm uncomfortable being "monitored" and "logged" -- but worry less about visible advertisements, and more about either hidden web beacons or visible (but desirable) content served by known tracker organizations. Adblockers can block most visible ads, and you'll notice if one slips through -- but fewer care about less blinky-flashy tracking.
Google is the king here; they have embedded fonts, videos, maps, analytics scripts -- and own one or more ad networks. Google alone has resources present and loaded from 85%+ of global top sites. That includes domains protected by HTTPS, which doesn't actually protect against "active tracking." Among others, these numbers dwarf those of Facebook and Twitter -- and any other ad/tracker network that I know of; see Table C.14 for some Google services such as DoubleClick, Analytics, Maps, Youtube, Fonts, APIs.
For my master's thesis (2014-2015) I asked a similar, but broader, question: how prevalent are third-party resources on websites/domains? Turns out most domains in Alexa's top 10.000 sites have some kind of resource (image, script, video, fonts, ads, and so on) from another domain (internal/external CDN, content provider, advertising network, etcetera). Downloaded the front page of some 150.000 domains to compare; the pattern continues across other sets of domains. See Appendix C in the PDF for lots of numbers and graphs.
My personal tips: if you're stubborn, use uMatrix to block/unblock resources per origin domain and resource type. If you're even more stubborn, edit the settings to blacklist all non-first party resources and only whitelist what you'd like to see -- but expect a steep learning curve. Your boss is probably more comfortable with uBlock Origin.
joelpurra.com
My Windows setup also requires no interaction because block lists are automatically updated through Chrome,
Wow, you are secure! Windows and Chrome.
The cesspool just got a check and balance.
It depends on how strong your countermeasures are. But it's a safe bet that, even with very strong defenses, some advertisers will see some of it.
the ad reminds you to tell him you just bought one and it was an awesome product
If I see an obviously targeted ad, it reminds me to never buy products from that company again. I certainly won't be recommending it, even if it's the best thing ever.
Disable javascript except for sites you really, really, really, trust
What should the developer of a web application do to earn prospective users' trust? Or should the developers of a web application give up, develop a native app for each of six operating systems, and guide visitors to the developer's website to said native apps?
There are Linux InstallFests [whose participants] will spend a month of Sundays helping you install it yourself for $0.
I don't see that working so well on a laptop whose backlight brightness, suspend, audio, and WLAN are broken in some way in Linux (source). What should the owner of such a laptop do?
The "unstated" goal is to make MS-Office a hassle to use, so people will just use libreoffice instead.
I don't see how that's practical in the industry that my day job is in. Both Amazon and Walmart provide Excel spreadsheets with macros to help a seller pre-validate a product definition before uploading it to the store's API endpoint for authoritative validation. The stores really want sellers to run the macros, as they count the feeds that a seller uploads against a quota whether or not they pass authoritative validation, but feeds that fail pre-validation in Excel don't count against the seller's quota because they don't get uploaded in the first place. Or has LibreOffice Calc gained reliable compatibility with Excel macros recently?
they only need to win once.
Not if they want the ad to actually work. The standard rule of thumb is that you have to be exposed to an ad about seven times before it affects behavior enough to matter.
First, people are a little too paranoid.
How so?
unless you actually visit the site (and provide private information like a name), the advertiser doesn't get that sales lead.
That's not relevant. Whether or not a sales lead is generated has no impact on these issues.
Your IP address is not what is used for this, the cookie is, and that cookie is married to the ad network.
That's right (especially if you expand the definition of "cookie" to include their stronger forms). I'm pretty sure that most people here understand that.
Why does that make the situation more acceptable?
nothing can be hidden in them that you can't decode. You can also erase them incredibly easy.
They usually just contain some sort of tracking ID, so you can see them -- but they're meaningless to you.
Erasing them is easy. Getting rid of them is hard, when you take into account supercookies and beacons.
Unless you are doing criminal activity, eg pirating movies, you should not be concerned by the average ad, because a lot of the individual data isn't stored, only aggregate data on a much macro level.
If no individual data is stored, then whether or not you're doing something illegal doesn't enter into it. So why did you mention it? Besides, this isn't about hiding nefarious deeds.
Also, the whole "aggregation" thing doesn't make everything OK at all. Perhaps what you're not understanding is that your opinion of what we should or should not be OK with isn't incredibly relevant.
The only thing that's relevant is what we decide for ourselves. If I don't want to be tracked, I shouldn't be. The reasons why don't matter at all.
Non sequitur much? Did you reply to the wrong post?
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
But if you like Windows go with 7 or 8.1 [for the time being] and see what developments there have been as they approach those end dates.
Which raises the question of where to get a Windows 7 license for a newly purchased PC that came with Windows 10 Home. Windows Home has no downgrade rights according to this table. Would you recommend that everybody who buys a new PC with Windows spring for the Pro upgrade just for the downgrade rights?
"We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B."
Yeah, uh...no. We don't. I've never experienced this, because I've been running some variety of ad blocker for the past...14 years. Not to mention protecting myself from tracking cookies for the last 10.
This type of user behaviour monitoring is unacceptable. I can't fathom how any user could ever go on the web without protection against it. Of course there are many other tricks like browser fingerprinting that I'm sure I've been susceptible to at various points, and that is even more frustrating. We need a universal declaration of user rights for the internet to outlaw this kind of behaviour and make it criminally punishable in all courts around the world.
But seriously, I would use a plugin that clicked ads in the background. I would pledge bandwidth and join a botnet that spent all day long clicking on every random ad on the internet. Someone needs to make this a real thing.
file:
lucm, thanks for this advice. Can you provide some more info on the risks associated? e.g. email accounts going stale and not being able to access password reset info later. In other words what, if any, problems you've encountered or process efficiencies or hacks have you found that you could share? I'm very interested in doing this myself. Thanks!
Aryl - Thanks for this advice. Would you be kind enough to share any problems or pitfalls I should look to avoid by adopting this strategy? Also would be great if you suggested any hacks, better processes or insights. I'd like to adopt this and learning from someone who's already done it would be helpful. I'd like to avoid problems like account lockouts/deletions from lack of activity, for example. Best, Marcus
AmiMojo - thanks for this. I always look forward to your informative and useful posts. What suite of apps would you recommend to implement for reasonably high protection? Generalized information like you've already given is best, since many people will be reading the post. This is why I am not burdening you with my config. Whatever you think would be good additions to a PiBadgerBlock solution would be great to hear. Thanks!
...The average user as far as demographics go?
Most of us bothering to /. are seen as statistical noise.