Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Jams Facebook's Web-Tracking Tools (bbc.com)

Posted by BeauHD on from the right-to-privacy dept.

The next version of iOS and macOS "will frustrate tools used by Facebook to automatically track web users," reports BBC. At the company's developer conference, Apple's software chief Craig Federighi said, "We're shutting that down," adding that Safari would ask owners' permission before allowing the social network to monitor their activity. BBC reports: At the WWDC conference - held in San Jose, California - Mr Federighi said that Facebook keeps watch over people in ways they might not be aware of. "We've all seen these - these like buttons, and share buttons and these comment fields. "Well it turns out these can be used to track you, whether you click on them or not." He then pointed to an onscreen alert that asked: "Do you want to allow Facebook.com to use cookies and available data while browsing?" "You can decide to keep your information private."

Apple also said that MacOS Mojave would combat a technique called "fingerprinting", in which advertisers try to track users who delete their cookies. The method involves identifying computers by the fonts and plug-ins installed among other configuration details. To counter this, Apple will present web pages with less details about the computer. "As a result your Mac will look more like everyone else's Mac, and it will be dramatically more difficult for data companies to uniquely identify your device," Mr Federighi explained.

15 of 117 comments (clear)

  1. Browsers and OS should do this by AHuxley · · Score: 2

    Not a member of a social media brand?
    Ban it from the browser, OS until a user wants to register a social media account and be spied on.

    --
    Domestic spying is now "Benign Information Gathering"
  2. Re:Do this by AmiMoJo · · Score: 4, Interesting

    Firefox can do this already, but it's not that effective unfortunately.

    The real problem these days is fingerprinting. Particularly installed fonts and user agent strings. Those two alone are often pretty unique, and combined with canvas fingerprinting and IP address are very powerful tracking mechanisms.

    Unfortunately no browser can block them, and I have not found any plug-in except for NoScript that can block getting a list of installed fonts. There is a tool called "fluxfonts" that randomly installs and removes fake fonts in the background, but it would be nice if a mainstream browser did something about this.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Re:Do this by Mordaximus · · Score: 5, Informative

    The real problem these days is fingerprinting. Particularly installed fonts and user agent strings. Those two alone are often pretty unique, and combined with canvas fingerprinting and IP address are very powerful tracking mechanisms.

    They are addressing this as well in Mojave. Slimmed down system information, it only reports system fonts. Essentially one MacBook will look like the next, etc. In theory, anyway

  4. Native in Browsers by johnsie · · Score: 3

    Various plugins do a good job of this, but some sort of blocking should be a native optional feature in major browsers. I've already refused to accept the new privacy policy from Facebook as I refuse to let that company turn my data into a product. People let them go to far. There must be an option to choose which companies are not allowed to collect your data, and that's why GDPR is a good thing. Facebook tried to avoid data privacy by moving millions of accounts out of Europe/

  5. Don't think this is the right way to fight it by Solandri · · Score: 4, Interesting
    There are two ways to fight this:
    • Try to stop these tracking methods. Which just results in the people doing the tracking coming up with new tracking methods. That kicks off an endless arms race where each side keeps countering the move the other side makes.
    • Pollute the data. Let them collect the data, but the browser should surreptitiously add fake data. Either generated by randomly crawling linked pages in the background, or by sharing anonymized sites other users have browsed. The moment the "user's" browsing data is no longer an accurate representation of the sites the user is actually browsing, that data loses its advertising value. And advertisers will be forced to place ads based on the type of people who like to visit a certain site (e.g. GPU ads on a gaming site), rather than trying to display ads targeted at the person browsing regardless of what site they visit.

    The first method is a never-ending game of leapfrog. The second method favors users because there are a lot more of them than companies tracking this data. They can generate fake browsing data faster (up to the limit of their Internet bandwidth) than these companies can filter it out.

    1. Re:Don't think this is the right way to fight it by johnsie · · Score: 4, Informative

      It'll still be an arms race. They'll try and find ways around it. GDPR has shown that strong legislation is probably going to be the best way to prevent this sort of tracking.

    2. Re:Don't think this is the right way to fight it by alvinrod · · Score: 2

      The problem with your proposed solution is that you assume that these same tracking companies would be wholly incapable of cleaning the polluted data. All they would need is access to the browser that does the polluting and enough time to see how it works and they could probably get above 95% accuracy in terms of removing the fake, polluted data.

      It's always a game of cat and mouse. The only way to really stop it is to make a user's data so worthless as to remove the economic incentive to attempt to track them. Unfortunately, that doesn't seem all that likely either.

    3. Re:Don't think this is the right way to fight it by AmiMoJo · · Score: 3, Interesting

      Pollution is quite effective. For example, there are various add-ons for popular browsers that add random noise to canvas elements, changing the fingerprint every time. Even if they are tracking you by other means such as detecting installed fonts, the random canvas fingerprint and maybe a random user-agent pollutes their data.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. For other platforms... by Gravis+Zero · · Score: 3, Informative

    If you aren't already, you should be using SafeScript which allows you to block lots of fingerprinting stuff. If you think you don't need it then you should check out BrowserLeaks to see how horribly wrong you are. :)

    --
    Anons need not reply. Questions end with a question mark.
  7. Re:Do this by theweatherelectric · · Score: 5, Informative

    Hey Firefox, looking for something else to copy?

    What, you mean like how Firefox provides built-in tracking protection? Or how Firefox provides a Facebook Container which isolates Facebook from the rest of your browsing activity? Or how Firefox is developing an anti-fingerprinting mode? Or how Firefox is integrating Tor as a built-in feature?

    I don't think you know what you're talking about. The web browser is the most commonly used piece of application software. If there's one type of software you should educate yourself about, it's web browsers.

  8. Here's why I'm looking sideways at this - by sabbede · · Score: 3, Interesting

    I'm using pfBlocker to filter DNS on my home network. You know what doesn't work without being able to talk to tracking and ad-serving servers (including google's for some reason)? The iTunes App Store.

  9. Legislation by JBMcB · · Score: 2

    Legislation may help, but the GDPR is a nightmare. This Week In Law had an entire episode critiquing it.

    --
    My Other Computer Is A Data General Nova III.
  10. Re:Do this by cascadingstylesheet · · Score: 2

    The real problem these days is fingerprinting. Particularly installed fonts and user agent strings. Those two alone are often pretty unique, and combined with canvas fingerprinting and IP address are very powerful tracking mechanisms.

    They are addressing this as well in Mojave. Slimmed down system information, it only reports system fonts. Essentially one MacBook will look like the next, etc. In theory, anyway

    Wouldn't that mean you only get to see system fonts then? (Assuming the reported list of fonts actually does something?)

    (I'd be fine with that, but will the public at large be fine with it)?

    Actually, since CSS lets you specify a list of fallbacks, why does the browser have to report fonts anyway? I have neglected to look into this little corner of madness ...

  11. Re:Do this by spire3661 · · Score: 2

    All webpages should have an html fallback. If they dont, its not really a webpage.

    --
    Good-bye
  12. Re:Do this by TheFakeTimCook · · Score: 2

    Firefox can do this already, but it's not that effective unfortunately.

    The real problem these days is fingerprinting. Particularly installed fonts and user agent strings. Those two alone are often pretty unique, and combined with canvas fingerprinting and IP address are very powerful tracking mechanisms.

    Unfortunately no browser can block them, and I have not found any plug-in except for NoScript that can block getting a list of installed fonts. There is a tool called "fluxfonts" that randomly installs and removes fake fonts in the background, but it would be nice if a mainstream browser did something about this.

    Apple has a solution to "fingerprinting". They return random data.