back to article Alert: Using a web ad blocker may identify you – to advertisers

The recent explosion in people installing ad blockers for their browsers may have an ironic side effect: identifying them to advertisers. French researchers digging into online privacy issues have built on a 2010 study by the EFF that used people's browser configurations to identify individuals. The researchers account for the …

  1. Andy Non Silver badge
    Facepalm

    Duh

    So people using ad-blockers who don't see online ads are vulnerable to advertisers tracking you and putting targetted ads on websites you visit that you still won't see as you are using an ad-blocker. And this is a bonus to advertisers how?

    1. Charles 9

      Re: Duh

      If they know you're using an ad-blocker, they'll profile you as a leech and perhaps start using ad-gates. Either that or they'll see that as a cue to get more aggressive with the ads by triggering the original website to insert inline same-domain ads, which will be tougher to block without collateral damage. Plus since they'll be able to track you across websites, they can wait for other opportunities to bombard you which you may not always be able to block. Heck, if they can tie you to a social account or e-mail address, they can probably use them to get to you as well.

      1. Anonymous Coward
        Anonymous Coward

        Re: Duh

        There is nothing the client can't ignore.

        It can disable scripts, css, images, cookies, all 3rd party content, or simply copy blocks of text from either HTML, or the modified DOM.

        Sites going down that route will look scummy, and alienate legitimate readers.

      2. Andy Non Silver badge

        Re: Duh

        @ Charles 9. If people are using ad-blockers in the first place it likely indicates they are not receptive to internet adverts anyway, so using alternate means to shove them in your face is likely to have a negative brand image effect for the product and website rather than induce a sale. If websites block me for using an ad-blocker I go elsewhere, there are very few sites that have exclusive content that I absolutely must see. Similarly, if adverts manage to sneak past my ad-blocker and make a site too annoying, then I'll simply stop visiting that site.

        Note: I also use No-Script too and block third party cookies etc so have even less exposure to advertisers and trackers. I also use a throwaway email address on social media.

        1. Charles 9

          Re: Duh

          What about a manufacturer's website for drivers? You can't trust anyone else to not insert malware/aware and the only other alternative would involve plunking down money (maybe A LOT of money).

          1. JulieM Silver badge
            Linux

            Re: Duh

            You can get device drivers from your kernel distributor. No need to go near the manufacturer's site.

            Besides, the manufacturers' drivers may contain proprietary "enhancements" over the GPL ones in the kernel.

          2. Doctor Syntax Silver badge

            Re: Duh

            "What about a manufacturer's website for drivers?"

            You keep raising that. Let's look at it.

            Where do these manufacturers make their money?

            By selling the H/W that their drivers support.

            What would happen if they poisoned their drivers?

            They'd burn their main business. (Remember how quickly HP had to row back after the shit-storm they raised by playing silly buggers with their ink cartridges.)

            Why would they want to do that?

            1. Charles 9

              Re: Duh

              Why wouldn't they? Plus I'm not talking the drivers themselves but the sites on which they're hosted: packed full of mandatory scripts and so on ripe to be drive-by'ed with no viable alternatives if they don't provide high performance drivers to kernels (kernel can't do that themselves many times due to patent-based black-boxing, and as for Windows...).

              1. Danny 14

                Re: Duh

                I wish them the best of luck. I block ads at my gateway. EVERYTHING behind my gateway is served adless pages on their browsers (that may or may not have addons).

              2. Doctor Syntax Silver badge

                Re: Duh

                "Why wouldn't they[want to burn their business]?"

                For investors, an aversion to losing their investment. For the executives an aversion to being sacked by the investors.

    2. An nonymous Cowerd

      Re: Duh, well they could charge you more for holidays/hotels

      so only 48 others are using the single extension Privacy Badger on a locked-down chrome?

      >PB logo.gif identified in only 49/~6000 Browser tests,

      >whilst on FF 52 there were around 2000 Privacy Badger blocker users, so a bit more dilution

      >Safari - a locked down Ghostery (without Evidon direct tracking) seemed OK - but I don't really trust it

      however the standard fingerprinting, OS, resolution, fonts canvas etc individualised me in all cases.,

      then there's server side cookies, evercookies, telemetry [Apple still get a packet with your UUID everytime you query "About this Mac" on your own desktop/laptop!]

      1. John Brown (no body) Silver badge

        Re: Duh, well they could charge you more for holidays/hotels

        "however the standard fingerprinting, OS, resolution, fonts canvas etc individualised me in all cases.,"

        Not sure why you got down voted. I found the same, even after make sure I wasn't logged into anything, changed the browers id string to remove all reference to X, FreeBSD and AMD, ie plain old Firefox ID string, remove all add-ons and yet it still identified my as unique. I'm betting it's my font list.

        On the other hand, the test only runs if I whitelist scripting for the testsite domain.

    3. Stuart 22

      Blow 'em a Raspberry!

      As it hasn't been mentioned and almost everybody here will have an old redundant 1st generation RaspberryPi gathering dust in their drawer - You can give it a great second life using https://pi-hole.net/ on it to replace your network DNS. Works a treat for all connected devices. No need for browser add-ons and works within your smartphone apps (when using wi-fi).

      I've found it the most effective way of blocking all ads - and if any ad does show up it will be the most obvious product/service to avoid purely on being so subversive.

      The only issue so far was the TfL website would omit tube/trains from its journey planner. But by checking the easily view-able blocking log, whitelisting solved that problem immediately.

      1. Gotno iShit Wantno iShit
        Pint

        Re: Blow 'em a Raspberry! @Stuart 22

        Cheers for the tip, pi-hole added to my to do list.

      2. Charles 9

        Re: Blow 'em a Raspberry!

        "I've found it the most effective way of blocking all ads - and if any ad does show up it will be the most obvious product/service to avoid purely on being so subversive."

        Even if it's the ONLY source of something? And yes, there ARE sole sources on the Internet?

  2. Anonymous Coward
    Anonymous Coward

    So, uhm...

    "The researchers account for the 2017 internet: they look at what browser extensions people have and what social media services they are logged into."

    This seems more like a (well known) social media issue than something related to ad blockers. I'd thought it was common knowledge by now that if you visit a website you're often also downloading 3rd party contents, which allows said 3rd party to perform a bit of tracking. Especially when it's being used on multiple places (such as social media like buttons, Google Analytics javascript, etc.).

    It's for that reason why I use both an Ad blocker but also the StopSocial plugin; a small plugin which prevents my browser from contacting any social media website whenever I'm on a website other than the social media site itself. Next using a reference blocker (NoRef) also does miracles.

    The only risk is that some websites might break (sometimes they rely on references) but that's easily fixed with setting up a (small) whitelist.

    Happy tracking that :)

    1. Black Rat

      Re: Happy Tracking

      Never hurts to check your browser fingerprint with a visit to https://panopticlick.eff.org/

      as many machines running Adblock & NoScript can still be uniquely identified. Even with 3rd party plugins, Cookies, Javascript & Flash disabled it's fascinating how much data can be gleaned.

  3. AegisPrime
    Meh

    That's the trade-off for ad-blocking/privacy - running your connection through a VPN, using an 'exotic' browser (Vivaldi in my case), using uBlock or similar (TunnelBear Blocker's nice by the way) all give you a relatively unique fingerprint in comparison to the proles - given that my ISP has no clue what websites I'm looking at and that I'm ad/malware free whilst I do it, I think that's a worthwhile trade*

    Of course, if you're doing something naughty and you get tracked down as a consequence of trying to be anonymous you may consider otherwise.

    *That doesn't mean I wouldn't be keen to adopt anti-fingerprinting though - I'm hopeful that's coming in the next round of the privacy wars.

  4. lordphil

    Test

    Just tried the test - it showed I was unique to 4403 so far tested. HOWEVER, it did say that I appeared to be logged in to LinkedIn (never had an account - ever) and logged into Forbes (whomever they may be). So, the question is: As I did try to find someone through LinkedIn - quite some time ago - has it left a marker somewhere on my laptop and how do I get rid of it?

    And what about Forbes - I've never heard of them let alone knowingly been there. I don't 'do' any social media.

    Running Firefox with AdBlockerPlus.

    An inquiring mind would like to know.

    Phil

    1. Doctor Syntax Silver badge

      Re: Test

      "As I did try to find someone through LinkedIn - quite some time ago - has it left a marker somewhere on my laptop and how do I get rid of it?"

      Why would you want to? It's disinformation.

    2. ShortStuff

      Re: Test

      Install 'Self-Destructing Cookies' ... one of the greatest add-ons ever, next to No-Script, Ghostery, and AdBlockerPlus

    3. tiggity Silver badge

      Re: Test

      @Phil - Forbes do news (FSVO news), you may have picked up a cookie from there by following a news story from somewhere

      I never bother with Forbes as they have served malware via ads on their site in the past yet have the temerity to tell you to disable ad blockers!

      Like most people main role of ad blocker is as part of a series of measures (e.g. scripts run from sites on whitelists only) to reduce malware risk, loss of in your face / page rearranging ads is just a bonus side effect

      1. Charles 9

        Re: Test

        I've never been able to use Forbes because of an ad-blocker-blocker. And they're becoming distressingly more common.

  5. Mage Silver badge

    Rage!

    WHY does my Browser tell the website what fonts I have?

    How can I block that on Firefox?

    1. TaabuTheCat

      Re: Rage!

      http://www.ghacks.net/2016/12/28/firefox-52-better-font-fingerprinting-protection/

      Kind of an ugly solution, but it works.

      1. Mage Silver badge

        Re: Rage!

        "Kind of an ugly solution, but it works."

        I'll try that.

        I have a HUGE number of fonts, to duplicate fonts to replicate vintage packaging / labels.

        Also for other graphic design tasks.

        I also use NoScript, not an ad blocker, as I'm more concerned about security & privacy, so 3rd party cookies are blocked, I log out of evil tracking orgs, and I only white list enough to make a site work. Some sites, even though used regularly, are only getting scripts Temporarily allowed.

        1. Mage Silver badge

          Re: Rage! Fonts

          Rats!

          Courier, Helvetica, Times New Roman, Verdana, MONO

          Unique out of 7501 browsers that were tested so far!

          Maybe install User Agent and pretend I'm on Windows and not Linux. I needed that on last PC to download Kindle Reader for Wine, but I decided it's spyware, so I convert Kindle to ePub with Calibre now. (a plug in uses my real Kindle's serial number).

          1. Mage Silver badge

            Re: Rage! Fonts

            What I need is to add the default list of Linux or Windows fonts, depending on if pretending I'm on Linux or Windows.

            However since I never enable 3rd party javascript, not needed to work a site, I doubt many ad agencies can track me.

          2. RegGuy1 Silver badge

            Re: Rage! Fonts

            Nope, user-agent makes no difference. Info is still leaked via the plugins. So I pretend to be anything but Unix, but the plugin descriptions tell another story. :(

          3. MondoMan
            Trollface

            Re: Rage! Fonts

            Mage Against The Machine? :)

          4. Mage Silver badge
            Unhappy

            Re: Rage! Fonts

            Whitelisting feature in Firefox 52 and later is no use to limit Browser Fingerprinting:

            1) It's whitelisting the fonts the browser uses, which only incidentally affects reporting of fonts to a website.

            2) Whitelisting ALSO blocks fonts loaded from websites (I think this is the reason for the feature, if so it's a broken idea, whitelisting/blocking the domain providing makes more sense?)

            3) Makes too many websites look rubbish that use "wingding"/"symbol" fonts as Icons

            4) I already downloaded and installed lots of commonly used 3rd party on the fly fonts on websites to reduce tracking via font providers. There is website for them. This also speeds up page loading.

            My conclusion is that currently this is a lost cause. Browsers should only report current browser window size and perhaps resolution, though physical DPI is more useful than X by Y screen pixels, it's the window X by Y needed for "responsive" sites / served image sizes etc.). Browsers are simply reporting too much. It was good that Mozilla backtracked and removed the battery state.

            For now the best solution against tracking is:

            1: Block all 3rd party cookies always (Default sadly is allow on Firefox).

            2: Install Noscript and only whitelist enough to make a site work. Some sites best only temporarily whitelist, such as Twitter, Facebook, Google applications.

            3: Always log out of social media and Google. Sometimes restart the browser so as to lose the temporary whitelistings that Social Media icons use on other sites.

            4: If maintaining a website, DO NOT copy/past "code" offered for icons and widgets. Download image of icon/widget, upload to your site and put a simple HTML link (maybe set to open in new window/tab). These 3rd party icons/widgets (with javascript) may even be illegal for you to put on your site if you are in EU.

            5: If building / maintaining a website, put copies of all fonts, images, javascript etc in your own domain (or ideally same site) to make whitelisting easier for users, make your site self contained and avoid leaking the user's history / browser to 3rd parties.

            6: Install your own analytics on your own site. Google's Analytics are a privacy slurp. They can't be trusted.

            7: Only implement cookies for users that login. Do not use 3rd party log in APIs such as Facebook or Google.

            8: If the site captures unique user data or has a login, then use HTTPS.

            9: Use a Mozilla based browser, such as Firefox, Seamonkey etc. Not Edge, Safari, IE, Chrome or Opera. I don't know what the story is on Chromium. Not ideal, but better than some of the spyware.

            10: Change firefox setting so URL bar fails if you mistype, no search or autocorrect. Don't use a browser without a separate search box and url bar.

            11: Do not install toolbars.

            1. Anonymous Coward
              Anonymous Coward

              Re: Rage! Fonts

              1. Because more and more sites won't work AT ALL without cookies. More and more sites won't let you get past the front page, and that includes sites I used to frequent.

              2. More sites tie basic site function to those scripts. No scripts, no content. And other sites like Forbes use ad-blocker-blockers that deny you access. If they're the ONLY source of something (like a manufacturer's website that protects its property, so no internal drivers for you), God help you.

              4. Those widgets are often copyrighted and impose terms on their use, meaning NOT copying/pasting them is in violation. It's THEIR way (copy/paste) or NO way.

              5. Same problem. Some fonts, etc. ONLY allow you to source them from the official source.

              9. Mozilla captures user data, too. So do IE, Edge, and Opera. Last I heard, Vivaldi also records stuff. Basically, unless you can roll your own from scratch or use a pre-commercialization browser like NetSurf, don't trust the browser.

              10. ISPs tend to screw up this solution these days, and some of them are bold enough to intercept requests to third-party resolvers (easy enough to do, as DNS uses a fixed port number). And let's not get started with resolutions hard-coded into the clients.

          5. Jonathan 27

            Re: Rage! Fonts

            Great, now they can track you uniquely. You know that's even worse than them being able to ID your OS right?

    2. An nonymous Cowerd

      Re: Rage!

      Yep, a neat font trick, by adding just a handful of fonts and by setting my FF52 to this user agent

      Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0

      I was finally able to get 2 similar users, so three of us in total, that's a bit better than unique

      1. TaabuTheCat

        Re: Rage!

        Well, now I'm not so sure this new FF whitelist setting fully works. EFF's Panopticlick is still able to enumerate fonts (unless it's just guessing?), although the site referenced in this article now only sees what's in the whitelist. Not quite sure what Panopticlick is doing to get around the whitelisting - assuming it really is.

  6. Martin an gof Silver badge

    Noscript...

    I, too, just tried the test and... nowt. nada, zero, dim byd o gwbl. The button, she no work.

    No Javascript, courtesy of Noscript.

    Temporarily enable script and... the browser's fingerprint is unique among 4,473. Ho hum.

    M.

    1. Brian Miller

      Re: Noscript...

      That's what happened to me, too! And I have Exploding Cookies, too. So: no cookies, no JavaScript, and thus certainly not much of a trackable foot print. If a website that I don't need to use doesn't work, I don't care.

      1. VinceH

        Re: Noscript...

        Ditto - NoScript meant NoTest until I allowed it.

        Having done so, unique amongst 6114 so far. However, my extensions came up N/A and I got a 'no' for being identifiable by logins (this will be because cookies don't survive a browsing session, and I've only visited three sites this morning since switching on - including El Reg and the test). It's my browser fingerprint that gets a yes - but that's all.

        (Okay, the combination of all three gets a yes as well, but that's as much because of the browser fingerprint as anything else!)

        With such a small number of people having run the test, this is not that much of a surprise. So meh.

        1. Anonymous Coward
          Anonymous Coward

          I've only visited three sites this morning since switching on

          Get back to work!

  7. Shadow Systems

    Dear Advertisers, here's my fingerprint...

    *A double handed TheFinger*

    Signed, Me.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear Advertisers, here's my fingerprint...

      Agreed.

      And to those sites that serve ad's that autoplay sound very loudly, a massive f**k you.

      (el Reg, I'm looking at you - you were part of the reason I installed an ad blocker in the first damn place.)

  8. Kapudan-i Derya

    Tor on GNU/Linux with systemwide trusted VPN

    Can it protect us? At least from tracking of advertisers?

    1. katrinab Silver badge

      Re: Tor on GNU/Linux with systemwide trusted VPN

      Not really. It will stop them knowing which country you are browsing from and which ISP you use, but other than that, no.

    2. red03golf

      Re: Tor on GNU/Linux with systemwide trusted VPN

      Don't use TOR - TOR isn't safe.

  9. Anonymous Coward
    Anonymous Coward

    Why should a browser report extensions in use?

    When I tried it, it couldn't detect them. Apparently only Google is stupid enough to allow that, since it said it only works in Chrome.

    In the login leak, I was one of 1532 collisions among 4650 browsers, so hardly unique there.

    In the standard fingerprint I was unique as I guessed I would be - I'm running Firefox on Linux! But that's easily fixed by changing my user agent string, if I cared to bother.

    1. inmypjs Silver badge

      Re: Why should a browser report extensions in use?

      "since it said it only works in Chrome"

      But using Chrome means you don't care about privacy anyway.

      The logins and extensions usages is irrelevant anyway, their browser fingerprinting is completely rubbish.

      It told me I was the same as about 680 among 5200 while this https://panopticlick.eff.org tells me my browser is unique among 213k.

  10. Wensleydale Cheese

    Blocking at the firewall, then?

    Shiny new firewall winging it's way to me after Easter.

    1. Charles 9

      Re: Blocking at the firewall, then?

      Doesn't it use an encrypted connection?

  11. Anonymous Coward
    Anonymous Coward

    Doesn't really surprise me that Chrome is so 'chatty', it is a Google spyware product after all...

  12. Anonymous Coward
    Anonymous Coward

    LOL - I get unsupported Browser :-D

    I guess that makes me a shadowy character ... what's wrong with Chromium, anyway ??

    1. Anonymous Coward
      Anonymous Coward

      Re: LOL - I get unsupported Browser :-D

      Me too.

    2. DJGM

      Re: LOL - I get unsupported Browser :-D

      Same here ... and I'm using SeaMonkey which is using most of the same under the hood stuff as Firefox.

  13. Anonymous Coward
    Anonymous Coward

    F**k em.

    They can try to track me all they want, but I'm not seeing their ads and I'm not buying their shit.

    1. Anonymous Coward
      Anonymous Coward

      Re: F**k em.

      Well Said!

      And any ads that get through are a complete waste of time. I never buy anything that is advertised to me.

      All part of me being a true 'Grumpy Old Man' and proud of it.

      Adverts are a disease that needs eradicating.

      Sorry El Reg, I know that Ads kees this site alive but I worked at an Ad Agency for 18months and what they did with your data was shocking. That turned me off them for good.

      1. Doctor Syntax Silver badge

        Re: F**k em.

        "I worked at an Ad Agency for 18months and what they did with your data was shocking."

        What, if anything, did they or could they do to measure negative effects of advertising campaigns?

        I can't see how they could do that other than going round with clip-boards and we know how that can be subverted by the way the interview is constructed.

  14. zemerick

    Chrome not so "Chatty" after all

    My report disagrees with others. I'm using Chrome, with several extensions ( 1 being uBlock, not exactly a rare fringe case they didn't test ), and it reported no extensions.

    I have other questions about this being so amazing for tracking: For example, they try to claim I have a 0 on the scale of how unidentifiable I am, yet they were not able to identify me by my extensions. ( For the obvious reason of them detecting none. ) So, it seems when you don't have any...instead of counting that as 0 extensions found, and being unidentifiable, they just throw it altogether.

    Also, according to a post a bit above, about 1 in 3 people so far were NOT identifiable. With such an insignificant sample size, it seems that this would quickly get to the point where virtually no one was identifiable. I mean, they supposedly identified me because I was logged into 5 of the most popular websites in the entire world, and a 6th that is still quite common. ( Yahoo, Gmail, Reddit, Youtube, Twitter and Github. )

    I have a distinct feeling that even just with a few more Reg people checking, that I will no longer be identifiable by my sites either.

    NTM: This ignores the part where say you log out of a website, or log into a new one. Suddenly you are now a whole different person according to this.

    Finally, I think the main thing that narrowed me down for properties was probably my timezone. Mountain time is by far the least populated us timezone. How many people do you think have visited this french domain site from Mountain timezone? ( Especially when it's only had about 4700 people test it so far. )

    The principle of it is all fairly sound though. It's just mainly the execution at this point. It's sort of the tech equivalent of identifying a person based on their likes and dislikes. Get enough to check, and eventually you can tell pretty much every one apart.

  15. Anonymous Coward
    Anonymous Coward

    Tested again from same PC and same browser, still claims i'm unique (which is true, but not the point) my browser is still Palemoon with the same extensions - ABP, Stylish & Adblock Latitude and the counter incremented by +1 so either it's counting tests (and getting the test wrong) or visitors (and incrementing incorrectly)...

  16. Florida1920
    Headmaster

    ScriptBlock

    Went to Panopticlick with same extension settings I use everywhere, and it just sat there ticking, doing nothing. Had to successively allow four scripts before it would scan my system. Chrome + ScriptBlock, making the web great again.

  17. Anonymous Coward
    Anonymous Coward

    Interesting, when I clicked on the link (https://extensions.inrialpes.fr/ ) all I get is firefox telling me that the server was reset and try again.

    I don't know what they are doing but it appears that they can't see me.

  18. Will Godfrey Silver badge
    Meh

    Not going there

    I don't even want them to know that I don't want them to know

  19. Kev99 Silver badge

    And set your browser to clear ALL history whenever it is closed and periodically runn something CCleaner, Glary Utilities, etc to rig deep cookies.

    1. Primus Secundus Tertius

      Clearly unique (?)

      I do clear all history, usually between visiting different websites; and I bar third-pary cookies. I declined to turn them on for this test. But I was unique among 6000+.

      1. Primus Secundus Tertius

        Clearly unique (?) part 2

        Since it recognised my normal setup with all its fonts, I tried two small Linux systems that were a standard CD image, no further installations or changes.

        1. System Rescue Disk v4.1 + Midori browser. Could not connect to site, SSH handshake failure.

        2. Tiny Core Linux + Firefox v52. I am in 26 out of 10,000+ users.

        So to be anonymous, use a small Linux system.

  20. Number6

    Interestingly it didn't find me logged into any social media sites, despite Twitter and Facebook being present. From another comment, it ought to have found Forbes too, so I guess whatever I've done to Chrome has stopped that bit leaking. It only found one extension too, so I guess the rest are well behaved or obscure enough not to be tested (I don't believe that). My browser fingerprint is unique though.

    I had the initial defence up though, NoScript stopped the site doing anything until I gave it permission.

  21. Winkypop Silver badge
    Devil

    Social media

    Now there's ya problem.

  22. Anonymous Coward
    Happy

    Corner shop

    Sod the internet, I'm off to buy a newspaper.

    1. Steve Davies 3 Silver badge

      Re: Corner shop

      Don't get caught out like Danny Baker reported on Radio 5 this morning.

      The newsagent wanted to charge him 65p for using a card to pay for his paper and stuff. I wonder if it was a contactless payment?

      Anyway, Cash rules then the Ad agencies and the spooks can't track you (unless the new £1 coin has RFID inside it)

      1. VinceH

        Re: Corner shop

        "(unless the new £1 coin has RFID inside it)"

        Stop suggesting things!

        1. Fruit and Nutcase Silver badge
          Alert

          Re: Corner shop

          "(unless the new £1 coin has RFID inside it)"

          One could file one down carefully...

      2. Tom 7

        Re: Corner shop

        I'd charge him a fiver just for soiling my lino.

      3. Martin an gof Silver badge

        Re: Corner shop

        (unless the new £1 coin has RFID inside it)

        I thought that right at the outset when they said it had a special "hidden, high security" feature which - one report said - would be readable by the likes of vending machines.

        Having visited the Royal Mint Experience (Blue Peter badge holders get in free) last week, the "exploded diagrams" of the coin do have a kind of "radio wavey" thing going on, and if you watch the video here you'll see something similar.

        M.

      4. illiad

        Re: Corner shop

        (why are peeps talking about the coin? this is about the web..)

        Most newsagents and small shops have to PAY to process card transactions!!

        A lot I know will NOT accept a card for less than £5 ...

        THINK about that when you are buying your 50p paper...

        1. Charles 9

          Re: Corner shop

          It isn't just the newsagents and small shops. EVERY retailer has to pay to process card transactions (that's how the processors make their living), and it's usually the larger of a certain percentage of the sale (say %2-3 if your sales are slow) or a flat minimum fee. Because of that, most firms pay too much for small transactions which is why the minimum transaction. Larger retailers have the benefit of a lower percentage because of higher overall sales (economies of scale, basically) and the balancing effect of that high activity making small transactions bearable (somewhere there'll be a big transaction to offset small ones). Plus many retailers if they can do it will prefer bank debit to credit transactions (the percentage is lower).

  23. Anonymous Coward
    Anonymous Coward

    One tiny problem here..

    As I work in countries where privacy is still deemed of some value by the population, the problem with such identifications is that there is thus ample evidence I wanted to protect my privacy. Circumventing that in any way does not negate the expression of my desire, and thus, by extension the total absence of my permission.

    That's not going to work much with US companies which don't even bother complying with US legislation for as long as they can get away with it (AFAIK, for companies like Microsoft, Google, Facebook and Uber that appears to be a default operating stance), but any outfit in Europe can get into big trouble if they're found out.

    And they will.

  24. Anonymous Coward
    Anonymous Coward

    'logging out of websites – especially social media websites'

    After logout, a Facebook etc cookie remains though... So can't it be read by a FB widget sitting on a 3rd party page somewhere anyway???

    1. Charlie Clark Silver badge

      Re: 'logging out of websites – especially social media websites'

      Depends on the cookie: any session cookies will be deleted when you logout and any decent blocker should stop running (including making a call to the FB server) in the first place.

  25. Fruit and Nutcase Silver badge

    Self-destructing cookies

    This Firefox addon removes cookies for a site when you close the tab. Another tool in the arsenal with which to fight back/regain privacy

    https://addons.mozilla.org/en-GB/firefox/addon/self-destructing-cookies

  26. Doctor Syntax Silver badge

    Roll on May next year. 4% global turnover fines on the entire ad industry.

  27. Mr_Pitiful

    'Unsupported Browser'

    So it doesn't like Internet Explorer!

    That''s me safe then!

    1. DJGM

      Re: 'Unsupported Browser'

      You're not safe by using IE anyway!

  28. janimal
    Big Brother

    Only by resolution

    I did some tests using my usual web browsing configuration: VM, never logged-in to mail or social, over vpn. Running an ad-blocker with some sites white-listed & no script.

    I visited multiple times from different IP addresses. First I changed nothing but IP address (and cleared browser history in between)

    attempt 1) unique

    2) 2

    3) 3

    So each consecutive visit from different IPs reduced my uniqueness. Then I did what I normally do which is arbitrarily modify the resolution of the VM. All consequent visits I was unique, but differentiated only by resolution.

    For all visits, including the 1st three I was in a non-standard resolution.

    So my fonts are the default installed with Mint, I have ad-block & no-script & flash - for those I was 1 of 2-3 thousand. Only my ever changing resolution identified me, which only works if I keep it the same really?

    So whilst I will never feel secure against law enforcement, shady government agencies or determined criminals, I'm probably a bit too much effort for advertisers.

    As others have mentioned though. Any advert that encroaches on my consciousness without me explicitly seeking information, only serves to make me avoid that brand.

    Now, where did I put my tinfoil?

  29. Mr Flibble
    FAIL

    Firefox (stock build) demands that I install and use PulseAudio if I want it to play any audio. No, not doing that.

  30. red03golf

    * * * Don't Use Commercial GUI Browsers * * *

    1) Don't use any version of Windows on your computer,

    2) Edit the DNS servers which your computer(s) and also your gateway use,

    3) Change your MAC addy,

    4) Use a VPN (remember to test for VPN and IPV6 leaks),

    5) Use the w3m text browser

  31. Anonymous Coward
    Anonymous Coward

    Bring it on...

    The battle between geeks and ad slingers is the greatest on the net.

  32. Tom 7

    Sorted.

    Just ritted an extension to randomly load and delete fonts!

    1. Paul Crawford Silver badge

      Re: Sorted.

      That has been my thought, we need a browser that deliberately randomises things like canvas drawing and reported fonts, plugins, etc, so every site you visit has something a bit different.

      OK, your IP address is an issue but you can use an IP-sharing VPN to anonymise that if you really need to and typically IPv4s get shared in many cases as a few machines behind NAT, and ISPs typically change them anyway.

      IPv6 could be a whole nasty bag of worms though if folk get a fixed block so advertisers know that they can ignore the bottom 16 bits and the rest is basically fixed by your ISP and not CG-NAT'd or anything..

      1. Vic

        Re: Sorted.

        advertisers know that they can ignore the bottom 16 bits and the rest is basically fixed by your ISP and not CG-NAT'd or anything

        s/16/64/ ...

        Vic.

  33. Jonathan 27

    I think this article is kinda misleading, yes you might get identified based on an ad blocker. But if you don't have an ad blocker you WILL be identified, immediately.

    P.S. I did get a good laugh out of all the comments of people who are worried about being tracked online and the lengths they're willing to try not to be tracked... And still not doing everything necessary not to be tracked. I've given up at this point. The Web is basically unusable if you actually make yourself untraceable and doing so is an enormous pain.

  34. myhandler

    I'm unidenitfiable on my old Vista machine, but not on my W7 - I think it's the fonts.

    Firefox user and don't do social waste of time.

    For plugins I have Adblock Edge, BetterPrivacy and SelectiveCookieDelete - that deletes every cookie when I close the browser, apart from any I've nominated to keep. How long before ISPs let them slurp IP to address..?

  35. psychochief

    use vivaldi ??

    use vivaldi, its not supported on the test site, so i assume the slurpers have trouble too ??

  36. alain williams Silver badge

    Computer misuse act ?

    All that code that these ad slingers are running on my machine (in my browser). Did they ask me permission to do that ? No! I give implicit permission for Javascript to help with the page layout, form manipulation, ... but not for them to Sherlock who I am, if I want to let them do that then I agree to keep one of their cookies -- all else is without my permission.

    Having said that our chocolate teapot that is the ICO would just find an excuse to not do anything.

    So: should they have to ask permission to run this stuff, how many users would that turn away ?

  37. 0laf Silver badge

    Meh

    It's a trade off.

    Run an ad blocker and they might identify you as a browser with an ad blocker.

    Don't run an ad blocker and they'll identify you and the internet is practically unusable.

    Left field idea, why not use advertising on your sites in a way that isn't so intrusive and disruptive. Then I might not need an ad blocker at all. But right now on many sites if I can't block the ads I won't visit the site

    1. Charles 9

      Re: Meh

      They tried many years ago. Remember banner ads? They got ignored.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like