
DoNotTrack HTTP header provides almost no protection
I am shocked.
Looking for browser privacy? A group of researchers in France and Japan say RequestPolicyContinued and NoScript have the toughest policies, while Ghostery and uBlock Origin offer good blocking performance and a better user experience. The study also gave a nod to the EFF's Privacy Badger, which uses heuristics rather than …
What I'm somewhat surprised about is that there is no consideration and/ or evaluation of the fact that Ghostery is the product of... <drum roll> Cliqz. Yep, that Cliqz. The one everybody was up in arms about when it started harvesting data from (German) Mozilla users.
And as far as I know it always has been a product of "an ad agency".
Doesn't that smell a bit like the butcher testing his own meat?
After all, as a product of an ad agency, it tries to "enhance the browsing experience" by gathering personal data, phoning it home, and sticking it a huge database... of an ad agency?
The new UI is terrible though. I had to switch to uMatrix, at least until they get it back up to scratch next year (the WebExt version's missing a bunch of stuff). I also never noticed that NoScript doesn't have domain scope. If you block twitter on another website it blocks twitter on twitter, uMatrix doesn't.
I noticed recently on a forum I frequent that whenever you clicked on a link someone posted it would redirect through an ad agency called viglink and certain sites would have an affiliate link added, despite the fact that when you view the html source the links are unaltered.
I didn't like that crap so I added the two culprit viglink api websites to my HOSTS file pointing them at 127.0.0.1 and the redirects don't happen there anymore.
But I only noticed the redirects were happening because the URL you end up at was not always the same as the one you clicked on, but sometimes you couldn't see the redirect happening even though it was, so it makes me wonder how much this invisible redirect practice is going on over the entire web without people knowing.
I don't really trust an advertising company's opt out system, so I put these two lines into my "c:\windows\system32\drivers\etc\hosts" file:
127.0.0.1 api.viglink.com
127.0.0.1 cdn.viglink.com
It stops the redirect code from loading in the first place, and also eliminates viglink's ability to track every link clicked on a site that uses them.
.
Oh and on the subject of redirects, I keep getting redirected to CloudFlare's captcha site to prove I'm not a robot every time I press the Preview or Submit button on this post. WTF is going on?
"so I put these two lines into my... hosts file:
127.0.0.1 api.viglink.com
127.0.0.1 cdn.viglink.com"
These have been included in the hosts file available through the link below from at least mid-September of this year.
http://winhelp2002.mvps.org/hosts.htm
Edit: using the full path for hosts, in single quotes, seems to require that I jump through a Captcha hoop. Me no like, as it seems to require something from google.something, and I just cannot be arsed to find out what... I have to update my hosts files.
If they do not let you past the home page then it's their loss as you won't be recommending their web site - there's nearly always an alternative option for news..
Still waiting for widespread adoption of micro payments so you can support web sites you like without the big security risk of ads.
As security is a key reason to block ads due to the many instances of malware served via ads.
Most of them just cover the page with their own ad, which is nice, since you can just block their ad-blocker detection script and they'll never know the difference. Unfortunately, I've seen one or two that use the ad-blocker detection script to actually load the page content. Those are more annoying to deal with if you actually want the content.
The stupid thing is that nine times out of ten I have found that these so-called "anti adblocker" measures can be thwarted with a little bit of web know-how: a quick "display: none" on the whinge message and black-out overlays, usually with an "overflow: auto" on the body in your browser's dev tools and you're back to full functionality.
Of course, there are some that do some funky javascripty page corruption, but they just get added to my "do not allow javascript" list.
The stupid thing is, I am not anti-adverts - I appreciate web pages have to make some kind of return somehow. But until the size, positioning, total on-page space and allowed content are severely restricted, my blockers will stay on.
It seems updating to 57 also broke Request Policy (continued). :( This is why I dread updating Firefox. While any apparent change tends be just some rearrangement of the UI (usually pointless and annoying as such) you can be pretty sure that they have somehow managed to make existing addons incompatible and I'm at least forced to update those as well - if I'm lucky - if not, there is no compatible version.
I had the same initial reaction, but then NoScript was ported to the new Firefox and most of the annoying initial issues got resolved. I was trying to compare the way it works in Palemoon/ESR vs FF 57+ and most of the functionality (that I care) seems to present. Drop some coin this holiday for the man behind NS as his work has no substitute (no matter what flavor of FF you preferred).
I could be wrong but I believe that Mozilla changed it's API's because of a serious bug that could allow a malicious browser extension to use legitimate extensions to Pwn your device.
https://arstechnica.com/information-technology/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/
(But I hate the new Firefox anyways)
I'm currently using a combination of Adblocker ulitmate, Privacy badger, Disconnect and Noscript... In the past I did also use ghostery, but dropped it because it wasn't doing it's job very well, and then discovering it could be phoning back data to it's devs.
Noscript is an essential tool for everyone in my opinion, and whilst the new version has some flaws, it's improved a lot since it was updated to work with the new Firefox Quantum.
Any website that shows an adblock complaint, is normally ignored and immediately added to the noscript block lists... as are sites that try to load dozens of scripts. My mum asked me to send an xmas card to her niece in Canada... but when moonpig wanted to load more than 40 scripts... I refused.