Come the revolution...
We're going to need a big wall.....
Social media exec's, advertising exec's, lawyers, patent trolls.....
Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques. A method to block this so-called unblockable tracker has been developed by the team, though it only works in Firefox, leaving Chrome and possibly other …
"Social media exec's, advertising exec's, lawyers, patent trolls....."
it's always going to be difficult to keep up with careful (read: tricky and malicious) use of DNS
A 301 "moved permanently" response could be cached. It could return a small graphic, like a logo, but re-direct to a unique URL that identifies you, like "http://tracker.example.com/" re-directing to "http://tracker.example.com/alphabet-soup-identifier". Making that URL consistent every time might simply involve your IP address, the web browser's cache, and a few other minor details. And if the DNS records for each of those web sites point to the SAME set of IP addresses, and the web server supports virtual hosting, there's now a way to have a "single point of tracking" for a LOT of web sites... and nothing can really stop that UNLESS you have a black list of tracker sites.
Legislation might help fix it, as long as PROSECUTIONS HAPPEN and they happen PROMINENTLY, with VERY STIFF FINES against the violators. And, it MUST be OPT-IN ONLY to be tracked.
Legislation might help fix it, as long as PROSECUTIONS HAPPEN and they happen PROMINENTLY, with VERY STIFF FINES against the violators.
I don't often find myself in agreement, but I'm 100% with this one, with one extra: fines must start to include board member jail time. It's their responsibility, and making sure it stays there will (a) encourage a bit more attention/budget and (b) prevent the usual scapegoating which ultimately means that nothing changes.
I wish the R'Pi was accessible so I could create a Pi Hole of my own. There's the ViPi project which supposedly gets the Pi to be accessible, but I've been unable to get it to work.
I'd love to be able to blackhole all the ads, tracking, & social media bullshit, if only I could see to get an R'Pi working & easily configureable to do my bidding.
Of course, if I could get computers to do my bidding I'd probably raise an army of Roombas outfitted with laser pointers on their foreheads so I could start theKittyArmeggeddon...
*Cackle*
I'm also blind and I've been using the pi since it launched eight years ago. Speakup and orca are both completely supported if you need speech from it, BRLTTY if braille is your thing. But you don't need either to run a DNS blocker on one. Write an image to the card, "touch /boot/ssh", and then use an SSH client and web browser from your local machine. You've already got all you need.
"Of course, if I could get computers to do my bidding I'd probably raise an army of Roombas outfitted with laser pointers on their foreheads so I could start theKittyArmeggeddon..."
I wish the R'Pi was accessible so I could create a Pi Hole of my own. There's the ViPi project which supposedly gets the Pi to be accessible, but I've been unable to get it to work.
Late to the party sorry. I have PiHole running with OpenVPN on Devuan on an old laptop (Dell D630) sitting in an unused closet (no signs yet about leopards (not even the death kind). Works wonders, and protects me (largely) when out from home.
Cannot recall the details off hand but used a basic script likely from PiHole's website.
Another marketing analytics biz, Wizaly, also advocates this technique to bypass Apple's ITP 2.2 privacy protections.
As if we needed another reason to hate bastards like Wizaly. Those tossers really piss me off - they really don't give a flying fuck about user privacy and will do anything and everything in their power to subvert it.
uBlockOrigin for the win. And screw Google for deliberately helping advertisers trace everything we do, even when where we go has fuck all to do with them.
This technique is depressing. No doubt Google will shortly (if not already use it).
In reality, there is no reliable way to block it.
1) Use random subdomains of 1st party site.
2) Even with cname lookup in the blocker/browser you need a list of <evil domains>, but Google, Facebook, other advertisers etc can use any domain.
3) The alias on a 1st party page/site could exist for a valid reason such as DDNS protection, load balancing, rentacloud etc, not just tracking.
4) It's not just cookies. Can be any sort of thing that gets loaded.
Ah, but taking this to it's logical conclusion, what do you do when I delegate a zone out rather than use a CNAME?
So you visit www.example.com and I serve you tracking code from content.example.com, but if you look closer at my DNS the following records are there:
content. IN NS adfling.google.com
content. IN NS adfling2.google.com
Then, beyond that we can go even further if we don't mind being really, really evil.
You visit www.example.com and I serve the tracking content from www.example.com/imgs. But, on my server the location /imgs is a reverse proxy back to adfling.google.com.
In neither case will cookies be too much of a concern (repeat visits aside) because if you then go to othersite.com, your cookies from content.example.com won't get presented. What *is* an issue though is browser fingerprinting (as well as things like your IP allowing the 2 profiles to be tied together) etc
You start getting into having to check more and more stuff, which gets quite expensive and slows page loads (although, inevitably, still less than the ads do)
#3 is the key there ... it's not as though subdomains pointing outward are new. They are used for all sorts of things. E.g. events.whatever.com points to some cloudy event registration service.
This is going to end with some star chamber deciding "what is an ad"?
This post has been deleted by its author
What always amazes me is that the advertising companies must have technical folk working for them. Why then do those technical people assist the marketroids? I couldn't in good conscience do that kind of deep analysis work to assist an ad-slinger - and I find it near incomprehensible that others sell their souls that way.
You know what keeps really surprising me? What part of "user opt in" is so difficult to understand?
It's not only these geezers, but also take for example what I read today on the changes LinkedIn will do in 2020. They also seem to have no problems marrying "we respect GDPR" with "you can opt out ads and tracking".
I mean, if governments are cash strapped, suing the shit out these companies would complement the increased taxation they want to do nicely, right?
It's not difficult to understand, it's just of no interest, and that's primarily because enforcement is so lax.
I've just been informed officially by the UK supervisory authority that "examples" of processing on the basis of Legitimate Interest are "sufficient" in an Article 13 or 14 disclosure. As legitimate Interest confers a statutory right to object, it seems to me that not declaring all processing on that basis denies a data subject that statutory right. But despite this it's apparently OK to conceal some Legitimate Interest processing from the data subject.
Compared with this, opt in for cookies is a minor matter.
We need not go any further than the explicit stipulation of the GDPR that websites are motherfucking forbidden to refuse service simply due to a visitor not consenting to tracking. Because 98% of all websites very much actively prevent any service unless you click "accept", and any other button (if any is present) only goes to "how to contact XYZ in the hopes of not getting tracked" or "how to disable cookies in your browser, at which point our site won't even load anymore" for the more brazenly unashamed ones. If I was a millionaire I would make a point out of suing hundreds of them to bankruptcy, and Disqus would be the first...
you're an extremely small minority then. Millions of people work happily in jobs that stink, more or less. They take their monthly paycheck and 99.99% of them declare - strongly - there's nothing wrong with doing what they're doing.
p.s. no, I'm not one of those millions any longer, but I once was and I remember those endless excuses I could produce on the spot, when my conscience tried to gently tap me on the shoulder. Thanks God for hypocrisy, our daily saviour!
That's one aspect, but there are also plenty of technical people who don't care about people, honesty, or really anything. Just look at all the people writing malware. If you find those people and offer them enough money, they'll do whatever you ask. The world is a very big place. It doesn't matter if fifty thousand of us decide we'll never work on advertiser tracking; the companies just have to increase the salary a little bit and they'll find people ready, willing, and able.
Perhaps not so small. I'm currently working for a pittance in an absolute shit job because I actively refused to work for a company doing something I could not accept being part of when I had to leave my previous job. I'd love something better, but not at that price.
What really amazes me is that the actual advertisers - those people who buy from the advertising industry - don't realise that they're not just wasting money spending on advertising to people who don't want to be advertised at; they're actually spending that money to drive away potential customers.
If I get their unwanted advertising shoved in my face any time I want the sort of thing I'm selling I'll research the market and, if at all possible, buy from their competition.
@Doc - In my experience Ad spend isn't wasted. It's carefully tracked and if it didn't give value for money the advertisers would go out of business. I've worked in consumer goods companies with combinations of brick and web presences. Their marketing and advertising budgets were a significant proportion of their costs and as such were planned, managed and analysed very carefully. They all got significant (and expected) increases in sales and reach after their campaigns. If they don't then a years' worth of product could be binned and heads roll. Sometimes it goes wrong, but the companies I worked for wouldn't piss money away if they didn't get a return on it.
Of course, their campaigns were more extensive than just hijacking a sidebar and filling it with flashing pics of their product - but a chunk of their spend was on this type of ad because they work.
Incomprehensible to the likes of us (I have a no-buy blacklist) but we're probably not representative of the wider product-buying public.
Because they *think* they work, and have been sold it as working so have very high priors forcing belief in whatever they paid for.
Where's the actual evidence?
You can't run the universe again with a different campaign, but you can do research afterwards to attempt to measure the impact.
I've taken part in several pieces of market research that tried to answer the question as to whether a campaign actually worked, and it was abysmal. The research was very obviously designed to prove that it had worked, regardless of actual effect - leading questions, careful phrasing, limited range of answers. All the usual tricks.
I presume this was because heads would roll if the campaign hadn't worked - whether the product sold "well" seemed to be irrelevant.
What you won't see from that is that A, B, C & D all pissed of some prospects and maybe current customers. You only see the relevant upsides. The downsides are invisible to that sort of comparison. Yes you can see that some customers didn't return but you've no idea that that was because of whatever crap you shoved in their face with your "campaigns" and not for some other reason. As Richard says nobody is going to do that particular bit of research, not if it costs them their jobs.
"It's carefully tracked and if it didn't give value for money the advertisers would go out of business."
What is very unlikely to be tracked - and it's actually quite difficult to see how unless you actually listen to people like me telling you how they behave - is the people who walk because of it.
For example, yesterday I had to ring up my car insurer to give them an updated card number. The agent then promptly tried to upsell on other insurance products. That annoys me. When renewal time comes around I'll go elsewhere. It won't be the first time I've done that and I don't suppose it will be the last. Their marketing won't have the faintest idea that that's why they've lost this customer. They'll be able to show the positive results of their upselling but they won't know how many customers like me that they've lost. Their figures will be slanted to the optimistic side.
@Doc - for the companies I worked with it's much simpler. Product not shifting - run ad campaign - product shifts. Sales increase, bottom line increases. They didn't rely on surveys to tell them if their advertising worked, they looked at their actual sales and over time (tens of years of actuals) their sales correlated highly with advertising campaigns. Surveys just provide evidence of causation.
Your example about the insurance is interesting, but if you're not the target market for the technique then don't be surprised when it fails. For every person like you (and me) who is annoyed by this there are 2,3, 4.... people who buy the products. The spiel takes time, time they could be dealing with another customer, and they wouldn't waste it if it didn't make them money. The fact that they lose your custom will be hidden in the extra money they make from the people who buy the add-ons. They don't care about you, they only care about money - and everybody's money looks the same to them.
Advertisers' targets are carefully chosen, characterized, grouped and, ahem, targeted by different selling techniques. When you see an ad that annoys you it's probably because it's not targeted at you. It's interesting to think about products/services one's bought over the past couple of years and identify why one chose that particular product and whether or not it was due to one's clever research and selection or if some neat "advertising" was partly responsible. Placement (magazine/newspaper articles, forum posts and 'independent' reviews) is a good technique for tecchies
As a coincidental example..
At Christmas I ignore all those charity ads on the telly cos I feel I'm being manipulated. I've just read a great article in the Grauniad about a bus driver and it led me to the charity mentioned in the article and I've made a donation. It wasn't an "ad" as such, but I bet it wasn't an article that the Grauniad came up with all on its own. It'll be part of a campaign in the run up to Christmas to cash in on people feeling the spirit of the season. In reality I've been targeted and manipulated just as much as the puppy-dog-eyes ads at Christmas manipulate their targets, but it doesn't feel the same and they've got my money. Job done.
And, the campaign will also have an assumed element of people like me sharing the article online and generating more donations. I'm not going to give any more details cos if people find it themselves.........
It's not ads which are "not targetted at me" which piss me off; it's ads which I'm forced to watch which piss me off.
I used to go straight to the "coming attractions" section the first time I put a new DVD in my player, and have bought other DVDs based on what I saw.
Then the marketeers made it so I had to sit through the entire "coming attractions" section (it's not skippable) EVERY SINGLE TIME I put the DVD in the player!
So, I no longer buy DVDs, instead getting ad-free, illegal downloads.
If I get their unwanted advertising shoved in my face any time I want the sort of thing I'm selling I'll research the market and, if at all possible, buy from their competition.
Unless, of course, the ad was actually supplied by the competition. Somewhere out there must already someone be working on that.
The older I get, the more I start appreciating the guillotine..
when firefox and other browsers (not anything google based, for obvious reasons!) will default - or even provide a setting - to forbid setting any cookies at all without permission. Possibly make those cookies you choose to allow the option to be permanent, and ban everything else.
Alternatively, and probably less of a user pain, change the 'erase cookies on exit' to 'erase cookies when tab is closed'. Or as well as 'new tab', allow opening to a safe mode separate window with a separate instance for each tab, so that closing the tab/window nukes the cookies.
Am I missing something blindingly obvious here, or (whisper it) could it be that browser makers really really want me to have lots of sticky cookies?
"A lot of useful functionality requires first-party cookies."
Agreed, but not much. And it would be easy and clear to get consent for these useful cookies. Login - get a dialogue "will you accept a cookie to keep you logged in for x days', etc.
If they had to ask consent for every cookie, with an explanation of why it's needed then I believe that much if the "useful" functionality would be rejected by users when they found out exactly who finds it useful.
I get that sometimes when doing the allow-reload-allow-reload-allow cycle of the uMatrix incremental permission process to play media on some cross domain whored up affiliate TV station site. Usually the DRM stuff wants you to give a wide-on into your cabbage patch before you can watch a thirty second segment which was on youtube the whole time.
But usually I'm beligerent. Or I'll fire up Qubes and have a fresh browser VM each time which gets discarded after the media has played.
Yes, but you should be able to allow these explicitly. That functionality is unfortunately now missing (or buried deep in some options in a sub-menu saying 'beware of the leopard'), and when I still used it (... a decade ago) the sheer number of cookies per website was overwhelming. So: good idea, but not (currently) feasible.
I think this is tied to the browser session. My session lasts for days, weeks sometimes. It only gets interrupted by browser updates and OS updates demanding a reboot.
As mentioned further down, use the Cookie AutoDelete addon in Firefox. With this addon the session ends, and cookies deleted, a few seconds after you close the last tab on that site or navigate away.
I wouldn't be too surprised if Firefox add something like this as a native feature soon.
If you're logged into a site like a bank, then yes they will keep your session short. It is far from rare. Cookies for tracking will be much longer lived.
For example, going The Register's homepage sets a cookie called __cfduid with an expiry one month in the future. So without taking some other action to remove the cookie you'd need to avoid the site for a month to break the tracking.
"My session lasts for days, weeks sometimes. It only gets interrupted by browser updates and OS updates demanding a reboot."
Yup. For some people convenience beats security any time. Some of us close down sessions we're not using. We even log off when we're not using the computer. We go further still - we switch the computer off.
And be careful about shutting that computer off. There's a chance it won't turn on again.
A very very slim chance, and not something I've known to be a problem for many years (unless one uses WD HDDs and pulls the plug rather than does a graceful shut down).
My oldest drive gives a SMART powercycle count over 4,600. In the years I've had it (a 640gb Samsung, thus also my oldest and smallest in-service drive) it's had hundreds if not thousands of shutdowns, and spends a lot of it's time turned off.
Even after our electrical storms last night, the machine boots happily.
It's not just cookies.
I could today block all cookies, not just 3rd party (why are they on by default?) except for sites I log into, which is not that many and per month virtually no extra ones.
The 1st party and the advertisers should have an AUTOMATIC 4% of turnover fine when any GDPR violation is detected.
ALL "targeted" advertising should be illegal. Not just tracking etc without permission. Default "opted in" is without permission. Blocking user and/or ONLY offering accept is surely illegal?
Then use an active protocol like VNC instead of shoehorning state into what was mostly a passive protocol.
Frankly, what's needed is to reduce web functionality drastically so that we go back to a mostly-passive environment. Anyone who complains get their Internet access cut off by their ISP (on pain of fines and possible criminal culpability) until they re-earn their Internet License.
You can get a feeling of how that would work by using Lynx and pointing it at a website. Lynx will ask what to do with every single cookie, unless you already told it that cookies from such and such domain are OK.
It gets annoying very quickly. Because sites use a buttload of cookies --which is to say: there are loads of widgets and trinkets that, for some obscure reason, want you to persist.
A very pleasant exception is El Reg, which is actually usable from Lynx. Comments included. After you loaded the home page and allowed the cookie for logging in, that is about it. This impression is without Javascript support, though, as Lynx does not support it (and that's a reason to love it).
Firefox has had this for years. Options > Privacy & Security > Cookies and Site Data. Check "Delete Cookies and Site Data when Firefox is closed" then click "Manage Permissions" and note any sites that you want to "Allow" to retain cookies after you close Firefox.
You will no doubt need to clear all existing cookies to start fresh.
Voila! All functionality (logins, shopping baskets, whatever) works during a session. But when you close Firefox everything is gone unless you agreed to retain it. No distinction between first-party and third-party.
It does not solve every problem - you probably need NoScript to block fingerprinting, for example - but it consistently wipes out persistent cookies that you did not ask for.
Dear advertisers:
If we are trying to block you it is because we are not interested in you. If you try and force yourself on us when we don’t want you, then you are going to lose any goodwill and cause us to actively boycott whatever you are going to sell. Several of you are already on my blacklist. Stop wasting your money.
@werdsmith - I've sometimes thought of a boycott campaign. Every week users vote for the most annoying ad and the following week everyone boycotts that particular company, service or product.
Hmmmmm.....if I set up a website and got enough members I could probably make a decent whack out of advertising as well.
I like the idea of such a campaign but I can see a couple of problems.
1. Different ads and types of ads annoy different people.
2. Lawyers will get involved if we link to the offending adverts.
3. We will not know which advert we are talking about if we don't and lawyers might still see a way of making money by messing it up.
oh, but they are (trying to stop wasting their money). Only IN NO WAY related to your advice, more like, if you can't pick a lock, try another pick, and if this fails, borrow a pick from your pal, if this fails, tapping with a hammer might do it, and if a gentle tap won't, then, well, tap harder, or try a bigger hammer...
Unfortunately the "they" who are using the lock picks aren't the "they" who stand to lose money. The lock pickers are the advertising industry whose sole objective is to take money from the advertisers. It's the latter who stand to lose money. Ultimately the advertising industry has no interest at all in whether the advertisers lose money so long as they keep buying and don't actually go down the drain and can no longer buy at all. And it's entirely against the industry's interests in letting their mugs know how much of their money is being spent counter-productively.
A CNAME record identifies the destination, which an adblocker can either block because it's linked to a different root domain, or if that's too blunt, apply the usual blacklisting to the destination and block the first party sub-domain accordingly.
A records produce an IP, but I assume it's less practical for tracking if the third party server needs to be set up to respond to a bunch of other domains. Probably creates an issue with HTTPS, as well; the third party won't have a legit cert for the sub-domain.
>A records produce an IP, but I assume it's less practical for tracking if the third party server needs to be set up to respond to a bunch of other domains.
It'd need to be setup that way anyway.
A CNAME changes the destination for the DNS lookup *only* so the HTTP host header (and SNI if using HTTPS) will still be for the original name.
As the name implies, an A record points to an IP address, not another domain. It's possible, but less practical, the tracker slingers would have to get the other party to update the record any time the IP address of their tracker server changes, which can be quite often when using cloud services.
I prefer a simple approach: given that the sites themselves are providing subdomains expressly for this nefarious purpose (and are therefore complicit in any GDPR breach that results), all it needs is a list of such sites. I would rather just block them and take my interest elsewhere.
I prefer a simple approach: given that the sites themselves are providing subdomains expressly for this nefarious purpose (and are therefore complicit in any GDPR breach that results), all it needs is a list of such sites. I would rather just block them and take my interest elsewhere.
Hmm. This brings to mind the "web phishing" filter blocklist.
Doing another for "This site has been reported to be using web tracking without user consent" would probably quite strongly discourage this sort of thing.
I think we need someone to start making a public list of the companies using this process so we can all make GDPR complaints against them. It will only take a few '4% of global turnover' fines for them to go bust and maybe encourage the others to stop the practise. At worst the fines could be used for socially acceptable projects across Europe.
When Libération was first founded (by, inter alia, Jean-Paul Sartre), its principles/principals didn't permit any paid advertising at all.
Although the advertising industry deserves some of our condemnation, the moral flexibility of those that host the advertisements in the first place should not go unremarked
Adverts should ONLY be a static image (same URL for every request) and a URL for those that really want to click on it. But what percentage of clicks are bots run by agency selling the adverts or the dodgy website operator wanting click revenue from eventual seller?
The ultimate seller of what ever is advertised is often ALSO being exploited by Google, Facebook and the other web advert agencies.
Also "targeted adverts" may break discrimination laws (gender, age, ethnicity, location etc).
"The ultimate seller of what ever is advertised is often ALSO being exploited by Google, Facebook and the other web advert agencies."
Very much this. FB, G etc market themselves as the place o be... as if your business id dead if you don't use their adverts. But they themselves know that they are vastly overestimating the amounts of clicks / page impressions etc that they are selling to their clients
The ironic/funny part that El Reg missed is how this discovery seems to have initially originated from Liberation.fr boasting about being the first news website that doesn't track its readers, which obviously pissed off the technical-inclined news websites that did it years ago, and so pushed them to dig around to try to find some mistake with those claims :
https://reflets.info/articles/liberation-a-traqueur-vaillant-rien-d-impossible
(in French, paywalled, but the partial text from that article and the previous ones should give you the idea !)
D'you think they know what it symbolizes when she holds her hands like that?
https://www.liberation.fr/checknews/2019/11/26/est-il-vrai-que-philippine-hubin-tete-de-liste-de-benjamin-griveaux-a-pris-des-positions-tres-a-droi_1765617
I'm waiting for the day the ad and the content are part and parcel, either due to Product Placement like in TV shows, or by ad companies BECOMING the content providers. Either way, ads become articlrs, articles become ads, and your only recourse is to go, "Stop the Internet! I wanna get off!"...and go back to your junk mails, billboards, product placements, etc.
Actually that's a good deal more sensible. The page can carry advertising appropriate to the content. No tracking but then no tracking services to be sold to advertisers. If I search for advice on something and find a useful page which has a link to a page of relevant vendors I'm very much likely to follow that up if I'm looking to buy than I am to follow up tracked ads about something I bought weeks ago. I'm also, BTW, more likely to read that page, and hence follow through to the ads than I am to read a page with the same content hidden in a mass of display ads. The latter is likely to have me mousing over to the Back button PDQ.
I'm waiting for the day the ad and the content are part and parcel, either due to Product Placement like in TV shows, or by ad companies BECOMING the content providers.
That is actually the most successful way to advertise (short of word-of-mouth). The adverts must be relevant to the text, the text must be of good quality as anyone with only marginally better quality can steal your potential revenue.
As Doc Syntax says, relevant links in a decent article are quite likely to be followed. I've done it myself, both as an advertiser and as a buyer.
Make people want your content, sell stuff related to your content, and watch people flock to the ads on your page rather than go out of their way to avoid them.
This is inevitable if you allow arbitrary code to execute automatically which can open new connections to another server, either by async requests, web sockets or modifying the page DOM to refer to another resource (which will be auto-loaded by the browser). You could do all the tracking aggregation first-party, with scripts fetched from the primary domain and data exfiltrated to the primary domain, and then send to third parties from the server. There would be no way to stop it without disabling JavaScript, which breaks most websites. Even with JavaScript disabled, you could fingerprint the client with various techniques, like using IP addresses, HTTP headers, and first-party cookies and other side-channels, and send the data out to trackers from the server.
Yesterday I received an email purportedly from CVS, some kind of cheap drugs platform I think.
It arrived in my Outlook spam box, I usually rollover the sender to see the address, this one had no address so I just clicked on the outlook block function but it too could not read an address so it couldn't block it.
That is the first time I have seen an addressless email.
Just deleted permanently but nothing on the block list.
Don't just block the fuckers - send them back with mountains of shit data. Maybe I will get off my arse and write a plugin that does just that.
If you devalue the process, it'll stop soon enough. When FatCatCorps marketing budget is returning just one sold packet of Everton mints, you'll have done your job.
While Google is the main contributor to Chromium they are never going to be willing to implement anything that could ultimately undermine the ability to fling ads and collect data from its users.
So for the moment if you want to avoid these tracking techniques you need to ditch Chrome and its variants and move to a Firefox based browser.
How about some enterprising developer design an add-on that deletes all cookies, cache and offline storage at predetermined intervals.
As it is I manually delete all the offline storage every time the browser gets started. Cookie and cache gets deleted at close. But I also have to close and restart and close my browser every time I logon to facebook, google, microsoft and any website that knows my real name. It gets to be a pain but it works to a certain level. If that add-on existed I could be a little more care-free and set it to delete all every 5 minutes or so. Or even pause it if what I'm doing takes longer. I know the offline storage may be tricky to implement, but if there is a way to create them files, there's gotta be a way to kill them.
But the golden add-on will be the one that does the above tasks and also scramble the browser fingerprinting. Periodically change my screen size, my fonts, my plugins and all the other evil ways the browser developers have provided to the advertisers to track you. Mozilla may look good on this instance, but I'm sure some one in the company is looking at it more like a bug and is determined to fix it.
Firefox addon "Temporary Containers" is awesome - set it to open links to any new domain in a new sandboxed tab.
Whenever the last tab for a given domain is closed, all storage for it is wiped - localStorage as well as cookies.
Not only does it stop tracking between each session - it also stops tracking between any 2 sites.
Probably not what you want, but I posted the following here a couple of years ago - Caveat: I am no longer involved with using Chrome on Windows, so I have not run this for a year or so:-
A tip for Windows users of Chrome - Delete the local Google Appdata folder to get rid of crap, and don't log in to your Google Acc.
‘ ————————————————————
' A simple vbs script that you can run at logon
Dim delFolderPath(1)
delFolderPath(0)="C\:SomeOtherFolderThatYouWantGone"
delFolderPath(1)="C:\Users\Your_Account\AppData\Local\Google\Chrome"
Dim fso
Dim objFolder
Dim objFile
Dim objSubfolder
For Each x In delFolderPath
'Set objects & error catching
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
Set objFolder = fso.GetFolder(x)
'DELETE files in path unless they are ReadOnly, or set to True for All
For Each objFile In objFolder.files
objFile.Delete False
Next
'DELETE all subfolders in delFolder Path even if they are ReadOnly
For Each objSubfolder In objFolder.Subfolders
objSubfolder.Delete True
Next
Next
Set objSubfolder = Nothing
Set objFile = Nothing
Set objFolder = Nothing
Set fso = Nothing
' The usual warnings apply if you run some VBS file you copied from the Internet!
I'd like to nominate "This is yet another example of the 'badtech industrial complex' protecting its river of gold." as sentence of the year on el Reg. (If there is no such thing, there should be. You used to have "Flame of the Week." Or was it month?)
Use a live LINUX CD for browsing. This allows you to have statefulness whilst browsing so your shopping carts etc will work. All of the locally stored cookies/supercookies etc disappear when you switch off machine. Of course, you have to then type in your address and credit card details every single time, but that's the price you have to pay for wearing a tinfoil hat.
I believe the kewl kids use live LINUX USB sticks but these will happily store cookies (probably).
"Of course, you have to then type in your address and credit card details every single time, but that's the price you have to pay for wearing a tinfoil hat."
So what do you tell people with bad memories who can't recall stuff like that to save their lives, to say nothing of stuff like passwords (Now was it correcthorsebatterystaple or donkeyenginepaperclipwrong)?
You tell those people to write that stuff down in a small notebook OR you tell them they are going to be tracked all over the web.
Solutions don't have to work for everybody. More than one solution may be possible.
Whataboutism can be a useful rhetorical device to further a discussion. It can also reveal a passive, defeatist approach to life's problems. Just because greedy, corporatists are seizing control of an engineering toy, doesn't mean we have to give up and go home.
"Whataboutism can be a useful rhetorical device to further a discussion. It can also reveal a passive, defeatist approach to life's problems. Just because greedy, corporatists are seizing control of an engineering toy, doesn't mean we have to give up and go home."
The thing about edge cases is that they don't STAY edge cases. And there are people out there who encounter Murphy more often than most. Not to mention people who have to live with people with terrible memories (as in sometimes they can't recall their name yet are too proud to ask for help).
As for solutions, I always recall my favorite whine: "I want it all, and I want it yesterday! Now JFDIE!" Thus ICU to me isn't Intensive Care Unit but Instructed to Chase Unicorns.
I am not ignoring the plight of those with terrible memories.
Now that I have been off statins for a few years I can now remember lots of things. PIN numbers (no more credit card refusal), the name of the guy I sat next to at work, many proper nouns etc.
Wholesale prescription of water-soluble statins is going to produce a large number of people with severe memory problems. These will all probably be misdiagnosed as Alzheimers.
Having recently sat in on a "memory test" of a relative administered by a specialist, I am not convinced that the current assessment techniques are effective.
All the best to you and yours.
Charles, those of us who work in these industries know what goes on, and what steps to take to deal with their issues.
We don't live in your funny little world where solutions that work for most people cannot be used because of a few edge cases. We live in a place where we use solutions that work for most people most of the time, and specially tailored solutions for those few times we need something specifically tailored to a person's situation.
Why not join us in the real world instead of that weird loser-land you keep yourself locked into?
"Why not join us in the real world instead of that weird loser-land you keep yourself locked into?"
Because the world you describe doesn't exist. Believe me, I tried. The thing is, edge cases don't STAY edge cases. I see this problem every day with my own two eyes. If what you say applies to you then we must be communicating through a dimensional gateway and I'll just have to agree to disagree; my firsthand experience is apparently completely contrary to yours, and as it's the only experience I can trust, either it applies or nothing applies, in which case it's STWIWGO time.
This is already illegal and the companies doing it presumably know that and are happy to continue until such time as there's an effective prosecution, hoping they'll have found another loophole by then. The only effective response to that would be to make the individuals liable rather than the companies.
"The lowest-level of penalty is applied if you are found guilty of gaining access to a computer without permission (or officially known as “unauthorised access to a computer”). This crime holds a penalty of up to two years in prison and a £5,000 fine"
Applying £5k PER infringement should force even the largest corporation take note. Of course, sending the CEO down for a couple of years wouldn't hurt too :)
... the Tor Browser would be useful here. No permanent cookies, no user's IP address, circuit and identity changes whenever the user wants...
It will break many sites or turn using them into a PITA, but those sites usually are the ones trying harder to buttfuck the users, so... to hell with them!
Working on a government adjacent website atm. One requirement driving all the youngsters up the wall is "must work perfectly with no client js". So simple ad blocking should work if you disable js.
I'm taking about uk gov, your country may vary....
What I find ironic is that when I set my preferences on a website to tell it not to store cookies, it stores this preference ... in a cookie! A cookie that will be deleted automatically as soon as I close the browser.
Wouldn't it be nice if browsers provided a separate form of storage just for the storage of a very limited set of preferences, so that they could survive the inevitable end-of-session purge. It would be hard to persuade website owners to use such a mechanism, though.
I think the Browser could just send a header specifying the types of Cookies it accepts, configurable by the user. One might come up with a few of categories of cookies, and there is already the Do-Not-Track header. The site then doesn't have to store the preferences in a Cookie. The problem here is that some Browser manufacturers might just set default consent (it really should be asked of the user once a new profile is created and changed later, with a per-site override).
Should surprise noone.
Like so many things abused by advertisers and marketers (not least the WWW itself), DNS delegation has been widely used by techies for many years for entirely legitimate purposes. In fact DNS delegation is older than the WWW - though back then aliases were (by convention, at least) CNAME records, rather than very-slightly-naughty duplicated A records that proliferated from the mid-1990s with the rise of Virtual Domains.
A similar story can be found in email headers, if you look up the quaint distinction between "From" and "Sender" headers, when we trusted that they wouldn't be abused, and forging them was a student prank.
This post has been deleted by its author
Actually, pi-hole could prevent this easily:
1. Resolve DNS alias to real A-record
2. Check if on block list
3. Optionally add new record to blocklist
So if x-d.example.com really points to tracking.doubleclick.net, x-d.example.com would be added to the pi-hole block list and eventually all of these faked subdomains aliases would just become additional blocked entries
Their website is written by the typical bunch of marketing morons.
Talking about adblockers - "In response to this climate of mistrust but also to the growing importance of user data protection and the pressure of the European institutions (GDPR)"
Their response to this mistrust is - "using subdomains....increase in the amount of data collected and, therefore, a much more real and accurate view of what is happening"
That will sort out the mistrust!
If I was to go into a Tesco store, and whilst in they attached a GPS tracker to me so they could see where I go after I left the store, this would be probably deemed illegal and it would be stamped out in the courts very quickly. So why is it allowed to happen online? If I go to the Tesco website, no doubt trackers will be attached to me to follow me about the web. What's the difference between that and the real real world? We just need our government to grow a set and simply make it illegal to track us online.