back to article What if everyone just said 'Nah' to tracking?

Sitting quietly in the upper corner of my browser's address bar, a counter rises as Disconnect thwarts requests to track me. Visiting well-behaved sites (such as El Reg), those numbers tick up more slowly. On others - I won't name and shame, except to note that they're a bit tired - the counter ticks up and over the two digits …

  1. Anonymous Coward
    Anonymous Coward

    But How ?

    I agree with the sentiment, but how we do actually say "no" without privacy becoming an all consuming hobby is the challenge, (at least to me)

    1. big_D

      Re: But How ?

      Given that this data gathering has to be opt-in and access to a site or service can't be denied if you don't opt-in, it is technically illegal for the trackers to collect the data.

      If you explicitly tell them (paper letter, cc and the local DPO) , that they can't collect your data, then they have been explicitly informed that you do not agree to have your data collected and they should stop forthwith, they will have to stop tracking all websites that you might visit (as they don't know, they would have to remove all tracking from all sites).

      That is the theory, in practice, it probably wouldn't work...

      I just use a Pi-Hole at home, which blocks around 2.5 million known tracking and malvertising sites, including all of Facebook's over 2,000 domains.

      On the move, with the smartphone, it is a little more difficult, but I use NoScript and uBlock Origin in my mobile browser.

      1. Martin Marv

        Re: But How ?

        I use Blokada on my Android device. It's a "VPN" that blocks DNS requests for known tracking/ad domains. It does rely on me trusting a random third party - but it's a specific single random third party rather than hundreds of unknown ones

        1. Christopher Reeve's Horse

          Re: But How ?

          I use Blokada too. It appears to be very good, and blocks 10's if not 100's of THOUSANDS of connections every month.

          1. adam 40

            Re: But How ?

            I was thinking rather than blocking, why not feed it random (believable) crap?

            If the date being fed into the machine becomes unreliable, the advertisers will be paid for irrelevant 'hits' and the model will fail in a much better way.

            1. lglethal Silver badge
              Go

              Re: But How ?

              You're making the assumption that the data that advertisers get now is relevant in any way for what they actually want. In 99% of cases, thats just not the case. So feeding bollocks to it, is not going to change anything...

              1. Anonymous Coward
                Anonymous Coward

                Re: But How ?

                As fae as I'm aware XPrivacy (Android) just does that. You can decide which "crap" to feed back.

                However, getting it installed is daunting for your average user.

            2. Christopher Reeve's Horse

              Re: But How ?

              "I was thinking rather than blocking, why not feed it random (believable) crap?"

              I've thought about this before. It would only really have an effect on the advertisers if a large proportion of people do it, aside from all the difficult issues of making it 'believable'. Whereas blocking is currently a more effective strategy as an individual.

              1. Anonymous Coward
                Anonymous Coward

                Re: But How ?

                "would only really have an effect on the advertisers if a large proportion of people do it"

                So all we need to do is convince Google to add this to Chrome. Simple!

                1. RegGuy1 Silver badge

                  Re: But How ?

                  Or use the power of the EU to force them to install it.

                  Oh, now I think about it I can see a problem with that.

                2. The obvious

                  Re: add this to Chrome...

                  You’re assuming that the worst privacy abuser of the lot would add this feature... interesting.

                3. kotipalvelu@hotmail.com

                  Re: But How ?

                  it's even worse, Google has blocked extension AdNauseam from their store that does just that so is clicking every tracking link in the background eventually polluting those databases if used widely enough. You still can use it with manually installation (download binary from web, Google still finds that which is curious) by using Developer settings or just use Firefox like every one else privacy seeker.

                  1. Kiwi
                    Pint

                    Re: But How ?

                    it's even worse, Google has blocked extension AdNauseam from their store that does just that so is clicking every tracking link in the background eventually polluting those databases if used widely enough.

                    Adnauseum upsets google?

                    I... I didn't know.. I'm so sorry... I honestly did not know it was upsetting to Google. If I had known that, I'd've installed it on this machine ages ago!

                    TYVM for the heads up! It is now installed on here!

                4. Flak
                  FAIL

                  Re: But How ?

                  Is that the same Google that collects a large slice of the advertising cake or a different one?

                  If I didn't pick up on the tongue in cheek there - my apologies...

              2. Richocet

                Re: But How ?

                Feeding crap into the tracking and surveillance system has much more impact than blocking. If 20% of people fed crap in, it would be devastating. Perhaps as little as 10% might reduce the viability of the whole data mining, selling, and targeting advertising business (once word gets out*). A clean but incomplete data set just limits the size of the data set that can be sold for revenue. A polluted set of data is worth less, and is harder to assess the risks and value. An analogy is if you find out your local petrol station is diluting the fuel it sells. Would you pay them less, stop buying fuel completely or buy your fuel elsewhere at the previous price?

                * The players in this business however would try hard to keep this issue quiet so that people would continue to pay for the data.

                Savvy advertisers already take click fraud for online advertising into account in their return on investment (ROI) calculations. If their targeting of advertisements also became inaccurate this would further drive down the ROI and take billions out of the online advertising market.

              3. AVee

                Re: But How ?

                I'd say feeding them invalid data is just as effective as blocking, also for an individual. It protects your privacy, wasn't that the primary goal? If on top of that it annoys the advertisers a bit, that's a nice bonus.

                Besides, they are constantly trying to hide the fact they are tracking me. I think it's fair game to hide the fact you are blocking them by just sending crap, it doesn't even need to be believable to achieve that.

              4. Psmo

                Re: But How ?

                Right now, most advertiser clicks and views come from bots.

                Do they care? No, they still get paid.

                Some clients are waking up to the uselessness of most ad brokers, but until they start moving nothing will change.

            3. Snorlax Silver badge

              Re: But How ?

              "I was thinking rather than blocking, why not feed it random (believable) crap?"

              Too much work for no gain on my part.

              Block and forget.

              1. Fungus Bob

                Re: But How ?

                Unfortunately for those of us in the US, the FCC has allowed ISPs to sell their subscribers' browsing history so there may be some value in poisoning the well.

            4. Richocet

              Re: But How ?

              I work in the area of collecting analysing, profiling and acting on customer data. Feeding dodgy data into the system is a very effective way to damage it. There is no realistic way to filter this data from coming in and once it is in the system, the difficulty of finding it and removing it is so high that it's best just to tolerate the impacts it has.

              A good analogy is pouring sugar into a petrol tank. It's not easy to get the sugar out of the petrol, and the sugar will be discovered by engine damage.

              1. jake Silver badge

                Re: But How ?

                Bad analogy. Sugar doesn't dissolve in gasoline/petrol, so if you have a working fuel filter it will never reach the engine. The sugar simply drops to the bottom of the tank and stays there (barring sloshing about). Getting it out is simply a matter of draining the tank, dropping it, and flushing it out. The petrol is still usable, so don't dispose of it.

            5. sad_loser

              Poison the well

              use Ad Nauseum

              a special version of ublock origin which blocks ads but clicks on all the ads in the background

              https://adnauseam.io/

              this then makes your tracking data meaningless as it cannot tell the difference between a fake click and a real one.

              1. Charles 9

                Re: Poison the well

                Isn't that detectable, though, due to lack of follow-through? For a click to truly count, the follow-through had to load up on your rnd, which costs bandwidth and raises risks. Since the detection is server-side, it's also hard to fool.

              2. quartzz

                Re: Poison the well

                https://adnauseam.io/free-adnauseam.html stuff...?

            6. Anonymous Coward
              Anonymous Coward

              Re: But How? random crap

              The "internet economy" is yet another scam built on BS, whilst no one looks too hard then it will continue but like the US housing market scam that ruined the world economy where authority just waved through whatever they said, the reality is that none of the profiteers care so long as they keep get paid.

              If you want to do it piecemeal then why not demand that any advertising include if they used collected data so you can chose to buy from people who feel the same as you about privacy.

              That no-one is ever held responsible for what the data is used for is where the actual problem begins, to my mind if you sell data then you should be accountable to the data owner if it damages them. At the moment if you do not become a complete recluse then just walking down the street is enough to loose complete control of your data and when it hurts you then typically you have no idea who asside from yourself started the avalanche that fell on you.

              So rather then attempting to poison the well for at best a vague annoyance would it not be better to change the law across the world so that the individual is finally recognised as being the owner of their own identity and not allowing anyone to pressure them into giving up their anonymity. Nothing else will address the issue because the people who profit from selling you have enough wealth to subvert any law that is not absolute so as to continue pimping.

              1. Anonymous Coward
                Anonymous Coward

                Re: But How? random crap

                "would it not be better to change the law across the world"

                Well yeh, but . . . money!

        2. Wade Burchette

          Re: But How ?

          I have Blokada. And it is amazing how the block count goes up even though I have no running apps, except for my email. The block count in the morning is always several hundred higher than when I went to bed at night.

          1. Christopher Reeve's Horse

            Re: But How ?

            Is there a Blockada equivalent for Windows?

            1. JetSetJim

              Re: But How ?

              Edit your hosts file

      2. Wade Burchette

        Re: But How ?

        I use NoScript on my desktop browser. It is amazing how much faster web sites are with it enabled, even on my Ryzen 3700X. On some websites, they will try to load 20 or more 3rd party scripts. I've also seen third party scripts from websites like unequalbrake.com, nervoussummer.com, untidyrice.com, and other domains of two unrelated words. When you go to the website, you get an image with text saying this domain detects DMCA violations. That is a blatant lie. These websites are used to detect adblockers. Whenever you are shamed for protecting your privacy, look and see if there is a domain of two unrelated words -- and then block it at the router.

        1. big_D

          Re: But How ?

          I use NoScript on my smartphone as well. Same speed bonus.

          It can just be a pain on the first visit to a site, working out which domains have to be allowed. But I'd rather go through that than do without it.

        2. Electronics'R'Us
          Thumb Up

          Re: But How ?

          I also use NoScript along with the facebook container. I like the container - it refuses to let the 'like' buttons capture anything as I am not on their site (and I do not have a fb account anyway).

          I have a paid subscription to a well known national newspaper and the only domain I permit for scripting is their own.

          I do use Chrome on occasion (for those times when the site operator doesn't clearly state what other domains may need scripts enabled - in the UK a lot of them are like that, particularly gov domains) and if I load said newspaper site in Chrome, it maxes out a logical core on my laptop (7th gen i7) and takes a long time to load. When I look at the NoScript information panel, there are 2 pages of blocked domains.

          Yes, for casual browsing I use FF with NoScript for El Reg as well. When I permit scripting I see lots of ads for Analog Devices (hint to El Reg - there is no need for that).

          Faster loading, less tracking - what's not to like?

          I solved the issue with flash locally stored objects long ago without having to ask nicely to not have flash objects locally stored - it involves removing a directory and making a file of the same name and then making that read only; no performance issues I can see.

          Doing a regular clean of cookies is also wonderful (lets me view more than the 'permitted' number of articles from given news sources per month).

          1. fidodogbreath

            Re: But How ?

            Doing a regular clean of cookies is also wonderful (lets me view more than the 'permitted' number of articles from given news sources per month).

            I have FF set to clear all cookies on exit, except for a very short whitelist -- mostly financial sites, so I don't keep triggering extra verification. That prevents any cookies that slip past Adguard and FF's built-in defenses from persisting across sessions.

            1. Anonymous Coward
              Anonymous Coward

              Firefox, clear all cookies on exit, except for a very short whitelist

              "clear all cookies on exit, except for a very short whitelist"

              How do you get Firefox to do that now? They changed the cookie preferences interface some time ago, and I now find it rather confusing.

              Similarly, I used to have an add-on which helped me manage which cookies would remain between sessions, etc, but it sadly didn't survive the Great Leap Forward to WebExtensions, and I haven't yet had time to search for and test a suitable replacement (if one exists).

              (Hands up who else is really annoyed about having to try to find replacements for about three quarters of our previously reliable installed add-ons which had been around for years, had been developed to be mature programs, and then which Mozilla just threw off the back of the cart... :-( )

              1. MarkTriumphant

                Re: Firefox, clear all cookies on exit, except for a very short whitelist

                For your last comment - many, many of us. I still miss Tab Mix Plus.

              2. Anonymous Coward
                Anonymous Coward

                How do you get Firefox to do that now?

                Seriously? It's right there in preferences/privacy. You can't have been looking very hard.

              3. Kiwi

                Re: Firefox, clear all cookies on exit, except for a very short whitelist

                (Hands up who else is really annoyed about having to try to find replacements for about three quarters of our previously reliable installed add-ons which had been around for years, had been developed to be mature programs, and then which Mozilla just threw off the back of the cart... :-( )

                GoogleWaterfox is your friend.

      3. Gordon861

        Re: But How ?

        Another Pi-Hole fan here, been running it since LTT did a setup tutorial last year.

        Built a second one and added it to my parents home network and have been slowly moving devices over to it over the last few weeks, in case it turns out to block something they 'need'. Android phones are a pain to change the DNS lookup though as they all seem to require you to delete the wifi connection and then re-add it with a new DNS rather than allowing you to edit the settings.

        The only addition I would like to see to the Pi-Hole is a simple way to VPN into it so that a mobile phone could be connected to it when using data and still have the same protections.

        1. sofaspud

          Re: But How ?

          If you're running an Android phone, DNS66 is what I've been using and been quite happy with. It routes all your phone traffic through a VPN hosted by your phone that blackholes all requests to analytics/tracking domains. (You can turn this off for individual apps as desired)

          As a very nice side benefit, my data usage has dropped enormously since I started using it. Never quite realized how much slurpage was going on behind the scenes until I hooked it up.

        2. katrinab Silver badge

          Re: But How ?

          Configure your dhcp to have your pihole as the dns server, or in my case, the domain controller is the dns server advertised by dhcp, and it is configured to use pihole as the upstream server.

        3. The obvious

          Re: But How ?

          Android devices will attempt to bypass the given DNS server to connect to DoH. Certain apps on iOS are also doing it too.

        4. Barrie Shepherd

          Re: But How ?

          "The only addition I would like to see to the Pi-Hole is a simple way to VPN into it so that a mobile phone could be connected to it when using data and still have the same protections."

          Add PiVPN/OpenVPN to your Pi, then you can log in when away from home as though you were at home.

        5. Kiwi
          Thumb Up

          Re: But How ?

          The only addition I would like to see to the Pi-Hole is a simple way to VPN into it so that a mobile phone could be connected to it when using data and still have the same protections.

          I have PiHole + OpenVPN set up on a Devuan-based server running off a Dell D630 laptop. The server was set up for Nextcloud so the bulk of it was already done. Getting OpenVPN + PiHole working IIRC took me less than 20 minutes, probably including searching for a "how to" (which I expect was in general for VPN).

          Alas the machine that I did that from is many miles from here so I won't be near it for some days. However, there is a very good chance the tutorial I used starts at https://docs.pi-hole.net/guides/vpn/overview/

          One running, create a profile file for your Android device, copy the file to the device, install the OpenVPN app, import the profile, done. As far as I've checked it works perfectly.

      4. Gerlad Dreisewerd

        Re: But How ?

        Just a thought. How about an app that feeds erroneous data to tracking apps. All of a sudden you're in New York and Peoria at the same time.

        1. mevets

          Re: But How ?

          I don't know that its necessary. Without taking any extraordinary effort to hide, various web sites try to entice me with effortless hookups in Chatham (Ontario, CA). Good for them, I am in Canada, given that I mainly type in English, with enough French thrown in to be pretentious and the odd British spelling, it didn't exactly take Sherlock to spot that. I am not in Chatham, have never been to Chatham, and could just barely drive there in a day.

          My ISP is in Chatham, I suspect that is the confusion; however I do not hide that I want to shop at the local IKEA, RONA or Canada Computers (not the most creative bunch), and every time I visit the respective websites, I seem to have to adjust my preferred store to be nowhere near Chatham.

          All said, I have nothing against Chatham, and maybe this is part of a concerted effort to indoctrinate me in some Bacchanalian counter culture. A bit more likely is that all this tracking software is about as good as the rest of the software in the world. If I switch my cellphone to FIDO, will g00gle start pushing dog ads at me? Hookup with wild bitches in Chatham?

          1. Jamie Jones Silver badge

            Re: But How ?

            All these geoiplocators still haven't worked out how the UK's ADSL works.

            Very rarely I'm located as being in Swansea (where I actually am)

            Bridgend and the Rhondda are apparently places I frequent, as are various English and Scottish towns.

            Oh, and "speedtest", asks permission to use my (real) location to find the closest server, and thus chooses Cardiff, despite the fact my connection enters "the internet" at Telehouse in London...

        2. Richocet

          Re: But How ?

          One challenge is that they figure out where you are without GPS by which Wifi networks are visible to your device and which cell towers are nearby. Both of these are challenging to fake.

          A very clever white hat may be able to find a solution to this - consider this a challenge.

          1. Jamie Jones Silver badge

            Re: But How ?

            An app shouldn't have such low level access to GPS/wifi information.

            Mind you, it's still possible to grok wifi location without privs even on the latest androids...

      5. Zzzzzzz

        Re: But How ?

        Just fire up a VPN server on your Pi and let your mobile/laptop/tablet connect to that whilst you're away. Extra points if you give your Pi-Hole DNS-Over-HTTPS (using cloudflare or similar) to stop your ISP also collecting and selling your data ;-)

        https://docs.pi-hole.net/guides/dns-over-https/

        1. AVee

          Re: But How ?

          Why would I allow Cloudflare (or any other DNS-Over-HTTPS) provider to collect and sell my data instead of my ISP? Worse, my ISP will still mostly be able to collect the same data from the traffic (yes, the may be multiple sites behind a certain IP, but SNI headers will be nicely visible to the ISP). So switching to DoH just means there's now two parties with the ability to track me. (see also: VPN)

          1. Kiwi

            Re: But How ?

            So switching to DoH just means there's now two parties with the ability to track me. (see also: VPN)

            First, I fully agree on clodfool and hate that any data of mine ever gets seen by them.. Websites please note I have never "opted in" to your giving this 3rd party my data and very explicitly opt-out.

            That aside... The VPN can easily be your own. If a clod like me can do it pretty much anyone can. Yes I have my own domain but there's still free domains available.

            When I'm away from home, my VPN takes all my traffic. Whoever else in between only sees I am connected to the VPN server, not what sites etc I call up. Obviously the ISP can still see the IP's I connect too (would love to have my tunnel meet someone like Nord - a my VPN over another VPN - but that's beyond my level of hunting thus far), but everything is HTTPS where possible and I also run my own DNS server which doesn't talk to my ISP for upstream requests. (Personally I dislike the "https=everything" idea but I value my privacy - I wish I didn't have to faff around with it and wish others the same, but while miscreants (ie most advertisers/all data gatherers) have a interest in my data I have a greater interest in stopping them).

            Er where was I.. Oh yeah, at home enjoying warm post-curry feelings on a recliner with a keyboard in my lap and a cat curled on my feet... But I digress...

            By running my own VPN I block every other ISP. By running my own DNS I limit what my ISP can tell, dropping them to IP only levels. And then since the same house houses a long-running seedbox I suspect my IP data is both interesting and irrelevant, I have that much traffic on the poor wee system...

            (better check the poor cat... May not be so much "sleeping" as "unconscious due to soxogen')

      6. Kiwi
        Alert

        Re: But How ?

        I just use a Pi-Hole at home, which blocks around 2.5 million known tracking and malvertising sites, including all of Facebook's over 2,000 domains.

        On the move, with the smartphone, it is a little more difficult, but I use NoScript and uBlock Origin in my mobile browser.

        PiHole couples very nicely with OpenVPN - and there is an Android and likely an IOS app for OpenVPN.

        I'd love to know where your list comes from. Mine "only" blocks around 120,000 domains (including all of FB's excessive amount of domains!). Think El Reg will let you paste it into a comment? :)

        There there is 120,000 out there is scary enough.

    2. bombastic bob Silver badge
      Linux

      Re: But How ?

      Here's what I've been doing... it requires Linux or FreeBSD to work properly though

      a) normal browsing [including posts to El Reg] has NoScript plugin running in as restrictive a mode as I can manage for normal things. Fortunately, even Amazon usually works in this mode [I white-listed one or two of their things though]. [amazon seems to track itself, not others, so kudos for that]

      b) For everything ELSE, I 'su - differentuser' and then 'export DISPLAY=localhost:0.0'. Since I'm listening on TCP port 6000 with the X server [not hard to set it up that way, but I don't wanna repeat myself with full instructions, just make sure you do NOT use '-nolisten tcp' in the X server command line and block external incoming connections on port 6000] i can THEN run Firefox as a different user's context, ON THE LOGGED IN DESKTOP. Easily. And it even plays videos properly!

      c) in the 'differentuser' context, Firefox is configured to automatically DELETE ALL HISTORY AND CACHE whenever I close it. I have NOT figured out how to do that with chrome, but you can always delete its entire cache directory yourself and ONLY run chrome with a shell script that does this for you... [and the cache stuff is always in the logged-in user's /home directory so it only affects that user]

      d) with FULL awareness of this I do not surf from site to site unless I don't care if site 'A' tracks me looking at site 'B'. If it's all on the same set of servers, who cares. If Faece-book (for example) is tracking me surfing the New York Times web site (for example) then I'll view them with separate browser sessions, so that no cookie/history/cache exists when I open up the NYT site. [an El Reg article from a while ago suggested that even cached vs uncachedd pages CAN track where you've been...]

      Sure, my IP address will be known. Ideally it won't be traced back to me. But it could. So the next step would be Tor or a VPN. But for now, what I described is "secure enough" for me.

      And THIS way, I can STILL view those sites that _INSIST_ I promiscuously allow javascript... and then I exit the browser and ALL of their tracking B.S. goes byebye!

      Not sure what Firefox's 'private browsing' does but I expect it's LESS than what I just described.

      1. Anonymous Coward
        Anonymous Coward

        Re: But How ?

        Not sure what Firefox's 'private browsing' does but I expect it's LESS than what I just described.

        Private browsing is c) on your list. You can turn it on by default in "about:config" at "browser.privatebrowsing.autostart" with it set to "true" or open a window with Ctrl + Shift + P. In chrome, you can only open incognito browser manually with Ctrl + Shift + N.

      2. Dave559

        Amazon and no scripts

        Amazon is one of those websites that has been around for such a long time (in web terms), and, as far as I can tell, has been augmented by gradual accretion rather than a ground-up rewrite, that it pre-dates widespread availability of JavaScript, and so at least the core functionality of the site simply has to work without any expectation of JavaScript being available (and long may this continue).

        Sadly, I rather suspect that the main reason for this still being the case is just that they haven't done a widespread rewrite (but, on the other hand, if it ain't broke, why fix it), rather than desire and commitment from the devs to the ethos of degrade gracefully/progressive enhancement, although it would be nice to be proven wrong about that...

        I'm sure I read somewhere that the core of the Amazon system was and probably still is written in Perl, and, if it still works, and still is secure, why not?

    3. JetSetJim

      Re: But How ?

      All that reading the comments section here tells me is that the world might be crying out for a website that gives you simple instructions on setting something up on <MY_DEVICE>, for <MY_WEB_BROWSER>, a way of blocking all the shite. Bonus marks for making it compatible with <MY_LIST_OF_DEVICES> and <MY_LIST_OF_BROWSERS>, and <MY_LEVEL_OF_EXPERTISE>.

      Perhaps it exists?

      1. Gordon861

        Re: But How ?

        PiHole is very simple to setup and can stop a lot.

        LTT did a video and tutorial on it last year, link for convenience below:

        https://linustechtips.com/main/topic/1094810-pi-hole-setup-tutorial/

  2. rmacd

    Another privacy extension

    Look up Privacy Badger by the EFF. It's cross-browser, open source and developed by a trustworthy organisation.

    "Privacy extensions" by dubious third parties give me the heebie-jeebies.

    1. vagabondo

      Re: Privacy Badger

      “It's cross-browser” = Chrome, Firefox and Opera only. Does not seem to be available for Falkon (QtWebengine) or Safari.

      1. not.known@this.address

        Re: Privacy Badger

        Vagabondo, is there any point trying to use any sort of tracking-blocker on Safari??

        1. vagabondo

          Re: Privacy Badger

          not.known@this.address

          You might ask Ghostery, who produce versions for MacOS Safari and iOS. They claim that the latest Apple products permit JavaScript and advertising trackers and data-mining. I very rarely use MacOS; but Falkon (on openSUSE) is my regular second browser.

          What I find difficult to understand is why news and magazine organisations, that have their own advertising departments and decades of experience in serving first-party advertising to print and broadcast customers,, find it necessary to give so much of their on-line income to the likes of Google.

          1. Charles 9

            Re: Privacy Badger

            Have you tracked the recent trend of print publications? The shutdowns and mergers?

            That may be a good reason why. The Internet is eating print publications for lunch.

            1. Anonymous Coward
              Anonymous Coward

              Re: Privacy Badger

              I think the point was that news and magazine organisations are well aware of the transition from print to web, and are doing so themselves, but having been around for decades, they do know a lot about advertising, so why aren't they arranging their own self-hosted web advertising on their own publications' websites instead of giving most of the advertising income to third-parties unnecessarily?

              1. Charles 9

                Re: Privacy Badger

                Because print ads and web ads are two different kettles of fish that don't necessarily work well together. For example, why are more and more ads animated? Because static ads tended to get overlooked and ignored more and more often. Readers' eyes start to habitually gloss over them and they start losing effectiveness.

                1. Number6

                  Re: Privacy Badger

                  Anyone who manages to get an animated ad in front of my eyeballs pretty much guarantees that I'm not going to buy their product.

                  1. Kiwi
                    Holmes

                    Re: Privacy Badger

                    Anyone who manages to get an animated ad in front of my eyeballs pretty much guarantees that I'm not going to buy their product.

                    I and many others I know are the same. Some of us even let customers know.

                    Animated ads are the main reason for ad blockers. They're annoying and drive customers away.

                    The most effective advertising is having a good service, and letting your customers spread the word. Likewise, shit on your customers and they get their shit elsewhere.

                    1. Charles 9

                      Re: Privacy Badger

                      Unless they've cornered the market and are the ONLY providers of something in an area. Like food in a sporting arena or cinema. Expensive as hell, crappy as cardboard, but good like trying to bring your own in without getting read the riot act for health and contamination reasons...

        2. fidodogbreath

          Re: Privacy Badger

          is there any point trying to use any sort of tracking-blocker on Safari??

          Adguard can block Safari ads, but it requires a helper app. My understanding is that due to recent changes in Safari's plug-in model, Adguard had to get split into an external proxy (the helper app) and an extension. It works, but I didn't want to have the helper app running forever so I just stopped using Safari for anything. I like FF better anyway.

          1. kiwi13
            Happy

            Re: Privacy Badger

            Maybe Adguard DNS will work

            https://adguard.com/en/adguard-dns/overview.html

            1. Kiwi
              Pint

              Re: Privacy Badger

              The more I see where people are from, the more I am convinced NZ is very over-represented here on El Reg.

              Welcome Cuz.. Tui?

  3. Joe Drunk

    Long time Ghostery user here.

    Fun fact: If you disable javascript and run the browser fingerprinting test on EFF's website all browser fingerprinting fails except for user agent. I wish I could keep javascript disabled for every website.

    1. Corin

      I use uMatrix, set to disable javascript everywhere but it allows me to express which domains can load javascript on which sites (so I can allow first-party JS on a particular domain)

      I think that strikes a sensible balance; by default everything is blocked apart from what I specifically allow.

      1. Jim 40
        Alert

        I use the Epic browser with it's built in proxy switched on, alongside several other browsers, to block/minimise tracking.

        Checking it against the EFF's Panopticlick browser checker https://panopticlick.eff.org shows that the fingerprinting test is unable to run. It scores well on the Browser Leaks webite as well. https://browserleaks.com/

        As best I can tell it is the quickest and easiest way to navigate the web without being tracked.

        If I need more security/anonimity I run Tor in a VM via a VPN.

    2. SVV

      I wish I could keep javascript disabled for every website

      You can. If you use Firefox, type about:config in the address bar, OK the warning message and search for javascript.enabled. Double click the entry to toggle between true and false. I keep it disabled most of the time, except for specific sites I need it for that I'm OK with. I also do lots of other preventative things that entailed too much time and configuration in order to be fairly happy about privacy and protection from nasties and snoopy bigcorps, and quite frankly browser makers should be putting much more effort into making these things as easy and safe as possible. But of course, most people choose to use Chrome and use Facebook and merrily let the megasnoops have everything............

      1. Cynic_999

        Re: I wish I could keep javascript disabled for every website

        "

        You can.

        "

        I think you may be missing the point. I am perfectly aware that it is possible to block all js, but there are a so many web sites that become unusable when js is blocked that it is simply not *practical* to have it disabled for all websites.

        1. JohnFen

          Re: I wish I could keep javascript disabled for every website

          This is why I use NoScript to do this. By default, I don't allow any website to run any JS at all. If a website is important to me and won't function without JS, I can selectively allow it. However, the site has to be pretty important. If it's not, and it doesn't function without JS, then I just don't use that website.

      2. fidodogbreath
        Mushroom

        Re: I wish I could keep javascript disabled for every website

        If you use Firefox, type about:config in the address bar, OK the warning message and search for javascript.enabled. Double click the entry to toggle between true and false.

        The Disable JavaScript extension does that very easily. You just click a switch on the menu bar to toggle JS on the fly. When you turn it off with a site loaded in the active tab, the extension remembers that and automatically switches off JS whenever you revisit that domain.

        Nuke icon, because that's what should happen to trackers.

  4. Chronos

    PiHole

    A little box that goes "bzzt!" (as Kryten would say) as it cattle-prods ad hosts and data fetishists. You just plonk it on your network and make it the default gateway and DNS. A Raspberry Pi III model B+ with the switching regulator will barely read on your electricity bill (you have refused a "smart" meter, I assume? One more gateway to let them know when you're home and when you put the kettle on) and it's pretty much self-maintaining.

    You'll still want the uMatrix, uBlock and HTTPS everywhere extensions and you'll also want to think about your browsing habits and how much of that form you truthfully answer, i.e. do they really need my real DoB? A PiHole will take much of the grunt out of sticking a finger or two up to the data thieves, though.

    Also, please remember that your e-mail client and many other applications probably also use The Web. Make sure that these doesn't spaff your willy size to the web at large...

    1. macjules

      Re: PiHole

      Thanks. Your comment should be included in the original post IMO.

    2. big_D

      Re: PiHole

      Yes, I mentioned it above in my first post. Pi-Hole is excellent, for when you are on your own network.

      I've thought about setting up a VPN and running my smartphone through that when I'm out-and-about, so that it also benefits from the Pi-Hole when it isn't on the local Wi-Fi.

      1. Captain Hogwash

        Re: setting up a VPN and running my smartphone through

        I tried this for a while. It works but it's very slow and runs the battery down very quickly.

        1. Drone Pilot

          Re: setting up a VPN and running my smartphone through

          You're using the wrong VPN then. I do exactly this for the exact reasons.

          At home I have pfSense (with OpenVPN) and PI-Hole.

          As soon as I leave the house my VPN turns on and stays on until I am safely back home on the WiFi.

          I can't say I notice a speed issue (it's as fast as the 4G is) and can't say I notice a difference in battery.

          I use OpenVPN on the phone. YMMV.

          1. Captain Hogwash

            Re: setting up a VPN and running my smartphone through

            L2TP/IPsec VPN on a Draytek router. Definitely slower than the 4G.

          2. Captain Hogwash

            Re: setting up a VPN and running my smartphone through

            Tried again with SSL VPN. The speed results are much improved (as you say, pretty much the 4G speed.) I'll run it constantly connected for a day or two and see how the battery fares. Thanks for the tip.

          3. Anonymous Coward
            Anonymous Coward

            Re: setting up a VPN and running my smartphone through

            If you are already running pfSense, I would recommend you investigate one of its (free) third party packages called pfblockerNG, which I can only describe as a PiHole on steroids. Its developer/maintainer is active and helpful.

            Not only can you block by domain but also via IP including by ASN. Very hand for those firms that hard code IP addresses to bypass DNS blocking.

            BTW I have been successfully using the next development version of pfblockerNG - 2.2.5_28 on pfsense (2.4.4.4 release P3) and despite its development status appears totally stable.

            More here https://forum.netgate.com/category/62/pfblockerng

      2. Christopher Reeve's Horse

        Re: PiHole

        I like Pi-Hole too. Although I'm not sure what the future holds in this area. DOH will circumvent it completely, and more and more connected devices are using direct IP addresses rather than rely on DNS.

        1. big_D

          Re: PiHole

          I have set up my USG to block DoH to known hosts, like Cloudflare. It also advertises itself as a local DoH server.

      3. rmacd

        Re: PiHole

        PiHole also runs nicely in docker for when you’re out and about

    3. tiggity Silver badge

      Re: PiHole

      And to reitearte on DOB truthful answers.

      The only places with my real DOB are those taht need it - my bank, govt for passport / tax i.e. where legal requirement for it.

      Everywhere else gets a random one - its easy enough to use a rule for this so you can remember what you enter if they ever want DOB validation

      Pick DOB that always uses same month and year, and remember what they are (not your real ones obv!) - make the day part of DOB based on first letter of website (A=01 etc.) - for English 26 char alphabet works well

      1. Anonymous Coward
        Anonymous Coward

        fake DOB

        Or, put the fake DOB info in your password manager's notes for the site.

        1. Chronos

          Re: fake DOB

          This is exactly what I do. Add to that a unique <email>@my-domain for every vendor/business and it becomes almost too easy to see who is flogging off your data.

          1. 's water music

            Re: fake DOB

            This is exactly what I do. Add to that a unique <email>@my-domain for every vendor/business and it becomes almost too easy to see who is flogging off your data.

            here is an even simpler heuristic:

            Who is selling my data=everyone

            1. Anonymous Coward
              Anonymous Coward

              Re: fake DOB

              Problem with that heuristic is that "everyone" includes "the government," who necessarily has your data anyway AND have the sovereign power to prevent you from doing a damn thing about it.

              IOW, if "everyone" is selling your data, then you're already screwed.

    4. Robigus
      Thumb Up

      Re: PiHole

      You don't even need a Pi to run it; I run it as a docker container on an old Linux PC that acts as a the household file server.

      I agree with other's sentiment expressed here that the web is almost unusable without these protections.

      Surveillence Capitalism can't be smothered fast enough.

      1. big_D

        Re: PiHole

        Yes, if you already have a server running 24/7, putting Pi-Hole on that is an option.

        A Pi makes sense if you don't already have a server or want a dedicated device, as it is very frugal with electricity.

        1. DoctorPaul

          Re: PiHole

          Been running PiHole for a while now, must get round to setting up DNS over HTTPS some time!

          My only caveat is that you need to run TWO of them to be fully reliable. In my case each Pi seems to lock up every few weeks, taking down DNS. Running two of them seems to provide a reliable fail-over.

          1. Charles 9

            Re: PiHole

            Considered adding a con job to reboot it, say, once a week? I do that for my pi-powered caller ID screener.

  5. Snorlax Silver badge
    Black Helicopters

    We see that you're using an ad blocker

    74% of those who use an ad blocker will leave a site - rather than disable their ad blocker - when they see this message.

    uBlock Origin and Ghostery ftw.

    1. theOtherJT Silver badge

      Re: We see that you're using an ad blocker

      Every time that happens I just ban the site from running javascript as well. If that stops the site loading, then so be it. I'll not go there. It exactly this kind of intrusive bullshit that made me add-block in the first place. Cut. That. Shit. Out.

      1. 0laf Silver badge
        Mushroom

        Re: We see that you're using an ad blocker

        Yep tis true.

        I've run ad blockers, script blockers and tracking blockers for so long now I've forgotten what the web actually looks like.

        The few times I accidentally stumble online without a raft of protections I have to wonder why anyone bothers, really the web is pretty much unusable without take at least some action.

        1. adam 40

          Re: We see that you're using an ad blocker

          I can usually hit "refresh" and read what I need to in between pop-up windows ;^)

          1. GnuTzu

            Re: We see that you're using an ad blocker

            Our <u>proxy</u> blocks for entire organization... because ad services are known to have hosted content on behalf of their customers--and we don't want users consenting on behalf of the entire organization.

      2. Doctor Syntax Silver badge

        Re: We see that you're using an ad blocker

        "Every time that happens I just ban the site from running javascript as well."

        You're doing it wrong. Default to not running Javascript and use the ad-blocker warning as an indication not to unblock the script.

    2. Anonymous Coward
      Anonymous Coward

      Re: We see that you're using an ad blocker

      Obligatory thumbs-up for the excellent NoScript (yes, I have donated to it), but a slightly queasy wavey-hand for uBlock Origin, I'm afraid. I find it very confusing as to how to configure it to selectively block or allow content (and it's UI even more confusing, but that might be because of Firefox's cruddy WebExtensions API, which sadly seems to restrict all new add-ons to looking extremely ugly, basic, and confusing? A new spawn of XUL must rise again!).

      I really really miss RequestPolicy, which lets you permit or deny content on a per-site-visited basis (so, that, in effect, in conjunction with NoScript, you could, say, allow (needed) content from other Google sites to load on YouTube only, but be blocked on all other sites). There is a project to try to make a WebExtension version of RequestPolicy, but unfortunately, it looks as though it could really use a few more developers to help with it...

      1. bombastic bob Silver badge
        Devil

        Re: We see that you're using an ad blocker

        "A new spawn of XUL must rise again!"

        if *ANYONE* wants to fork Firefox to use the OLD INTERFACE (pre-Australis) I'd LOVE to participate in the development. Sadly I lack time (or funding to PAY myself) to do all of that work myself...

        I suppose it'd have to be re-named, and merged frequently with the 'master' branch on Firefox for fixes and whatnot but the MAIN IRRITATION I have with FF is what you described as a crappy-looking interface, and plugin config is only PART of the problem!

        Possible new name: "Rebellion" [I've been wanting to use that name for a long time, for this very purpose]

        1. nagyeger

          Re: We see that you're using an ad blocker

          Doesn't PaleMoon qualify?

          1. Charles 9

            Re: We see that you're using an ad blocker

            Tried. Too many newer sites break under it. And before you say, "Don't go there, then," that includes government websites for which no alternatives exist (and no, I don't have the time anymore to camp outside the Social Security office all night--I have bills to pay).

    3. Anonymous Coward
      Anonymous Coward

      Re: We see that you're using an ad blocker

      Also, detecting ad-blocking software and displaying a message based upon that is regarded as unlawful within the EU (according to advice issued by the Advocate General).

      1. bombastic bob Silver badge
        Meh

        Re: We see that you're using an ad blocker

        unfortunately the Advocate General needs to do what's necessary to PROSECUTE OFFENDERS or his advice is meaningless... and does he have the GONADS to do it?

      2. Prst. V.Jeltz Silver badge
        Mushroom

        Re: We see that you're using an ad blocker

        Also, detecting ad-blocking software and displaying a message based upon that is regarded as unlawful within the EU

        IS IT? You people are illegally accessing peoples websites by blocking their ad-revenue content of those sites that the content creators depend on ?

        AND THEY ARE THE BAD GUYS?????

        Look people,.tracking and adverts are what the net runs on , and everything you do with the noScript and adblock is essentially pirating the content of the web.

        You wouldnt steal a car would you?

        you wouldn't steal a policemans helmet?

        You wouldn't then take a shit in that helmet would you?

        At the moment the internet is basicaly free, if you privacy freaks get your way no one will be able to afford to host servers , let alone do anything on them , and everything will be a pay-for-it model.

        I for one dont give a fuck if the adverts I see are more relevent than they might have been because of tracking , if it means I get The internet for free.

        The Internet! and everything that entails

        instant ,always there ,communication with anyone in the world!

        Access to all the information about everything ever!

        worldwide maps , with satellite imagery

        not to mention photos of every inch of every street in the world!

        FOR FREE!

        Just view a goddam personalised advert ffs.

        p.s.

        I'm gonna guess 20:1 downvote ratio

        1. Dave559

          Re: We see that you're using an ad blocker

          I remember when the internet was mostly usenet and mailing lists, and it was "basically free", and "instant, always there, communication with anyone in the world" and "access to all the information about everything ever"... ;-)

          Yes, the web has made it more accessible, and has allowed a whole new range of innovative web applications, but we really don't need the sort of advertising that profiles us and spies on us. And, yes, I have no objection to paying for useful services (the people who buy the products ultimately financially pay for the cost of the advertising anyway).

        2. JohnFen

          Re: We see that you're using an ad blocker

          "You people are illegally accessing peoples websites by blocking their ad-revenue content of those sites that the content creators depend on ?"

          There's nothing illegal about doing that.

          > AND THEY ARE THE BAD GUYS?

          Yes.

          > At the moment the internet is basicaly free,

          In my view, the ad-driven portion of the web is incredibly expensive.

          > if you privacy freaks get your way no one will be able to afford to host servers , let alone do anything on them , and everything will be a pay-for-it model.

          This is certainly false, as evidenced by the still large number of websites that don't carry ads (or carry ads that aren't from the spying marketing companies), don't track you, and don't charge money.

          > Just view a goddam personalised advert ffs.

          I have no problem with seeings ads. I have a problem with being spied on.

        3. ecofeco Silver badge

          Re: We see that you're using an ad blocker

          3 words: not my problem.

          1. Prst. V.Jeltz Silver badge

            Re: We see that you're using an ad blocker

            is it still not your problem when you the site refuses to do anything else because of your adblocker?

            1. Kiwi

              Re: We see that you're using an ad blocker

              is it still not your problem when you the site refuses to do anything else because of your adblocker?

              Yes.

              Because there are sites out there that won't attempt to offend me. I can easily go elsewhere. Drive me away and I'll go away.

              (case in point, DropShots has become quite nasty about advertising - I'm moving my stuff from them to Vimeo - and DS's 'detector' is a 3rd party site I'd never trust and is probably in breach of NZ and other country's laws - I had no issues with DS showing me ads BUT their 'detector' script falls foul of some malwaresite blocker. They've lost me and my few viewers (measured in the dozens but not likely more than a hundred - but lots of views meaning many ads in front of eyes - all Vimeo's now till they piss me off and drive me off)

        4. Two Lips
          FAIL

          Re: We see that you're using an ad blocker

          >"I'm gonna guess 20:1 downvote ratio"<

          Try x:0. Immeasureably *against* your points of view.

    4. fidodogbreath

      Re: We see that you're using an ad blocker

      More often than not, you can just click the Reader View icon and read the article. Failing that, turn off JavaScript for the domain and reload the page.

      1. Charles 9

        Re: We see that you're using an ad blocker

        They're getting smart to that by pulling the actual content through JavaScript. No JS, no content, and they don't care what the law says; that's why they have lawyers.

    5. Number6

      Re: We see that you're using an ad blocker

      As I've said before, anyone who wants to run ads brokered from one of the big (or not so big) sites is out of luck. They're not going to indemnify me if, due to malware on the big site (which does happen), my PC is compromised, so I choose to go elsewhere rather than access their site if they want me to allow that code to run. Now if they ran the ads in-house, even if they hauled the static images from a broker, with all the stuff done server-side instead of using javascript on my machine, it would be easy to produce something that would get those images past an ad blocker unless the user chose to disable all images. Of course, it would require a lot more CPU cycles on their servers, but rather there than on my machine slowing down my browser.

      1. Kiwi

        Re: We see that you're using an ad blocker

        Of course, it would require a lot more CPU cycles on their servers, but rather there than on my machine slowing down my browser.

        I don't think it would make a huge difference TBH. A little bit of PHP and some database requests, small images and decent server speeds - you can do a hell of a lot with a shopping site with little server overhead and NO JS. Cookies or server-side storage to hold "shopping carts", history of other's carts to get an idea of what often goes together so you can run an "other stuff you might like" portion of the page. Image sliders/scrollers can be done in HTML/CSS (quite nicely I might add) so a customer could skip from item to item in a "commonly brought with" or 'other stuff..." easily enough.

        There really is no need for JS for any of this. And you can pull in static ads (even pictures) from other servers.

  6. alain williams Silver badge

    Two conflated things

    1) We are told that advertising is important as it pays for the web sites that we visit.

    2) Analytics: building up a profile of who has visited which pages.

    I can live with (1) as long as they: are discrete; don't make my browser slow or download large files; etc. If a web site were to serve these up along with what I came to look at I would probably be OK with it - as long as it did not tell the advertiser who I was.

    One trouble with (1) is that 3rd party advertisers do not trust web site owners when they say that they have served an ad up X thousand times. This is one reason that they are served up as links back to the advertiser's web site - bang goes my privacy, the advertiser can track me as I browse the web. They also set cookies, etc, to help them track me.

    What is worse is that most adverts are served up by first running some Javascript in my browser; very often this will also snarf information about me and send this to the advertiser - so they know even more about me. This is also how the Internet data vampires work (eg Google, Facebook), they build up bigger pictures of who/what I am - far more detailed than individual web sites can do.

    Then there is also the Javascript in many web sites which is just (2). This is pure evil. Much can be easily stopped with NoScript or similar, but this can make some sites fail to load properly - thus most of my friends will disable NoScript quite quickly, that is if I persuaded them to install it in the first place.

    1. Hemmels

      Re: Two conflated things

      I love that you started the sentence with "One trouble with (1)". Of course there are many.

      What's wrong with how DuckDuckGo et al operate whereby adverts are old fashioned (non-targeted and static image+links)?

      No need to do any browser callbacks or anything, a page view count by IP will do just fine for "number of times the advert has been served)

      1. Anonymous Coward
        Anonymous Coward

        Re: Two conflated things

        "What's wrong with how DuckDuckGo et al operate whereby adverts are old fashioned (non-targeted and static image+links)?"

        Is this actually their only source of revenue AND is this actually keeping them in the black?

        "No need to do any browser callbacks or anything, a page view count by IP will do just fine for "number of times the advert has been served)"

        Not with bots all over the place making tons of fake clicks, and not without proof of actual follow-through (to filter click spamming).

    2. Anonymous Coward
      Anonymous Coward

      Re: Two conflated things

      Exactly. I don't object to advertising per se, as long as it is locally hosted by the website that I am visiting, and is reasonably unobtrusive and completely unannoying. Unfortunately, most advertising is hosted externally, and then comes all the tracking and profiling crap that comes with that.

      Why should advertisers need to know every detail about site visitors individually? On a tech site like The Reg, potential advertisers can surely surmise that readers are interested in tech, and so show tech-related ads, using the same reasoning that they would use when deciding whether to or what to advertise in a printed publication or tv show, etc?

      I very much doubt that creepily profiled and targeted adverts actually result in very much greater recollection or clicks by readers at all, so why go to all that extremely creepy effort?

      And, while I'm here: yet again, if there actually were a Reg tip jar, I would certainly donate to it every so often...

      1. Anonymous Coward
        Anonymous Coward

        Re: tip jar

        "if there actually were a Reg tip jar, I would certainly donate to it every so often..."

        Same here.

        Earlier in the week, while looking for a less-unfriendly news source on (I forget, maybe Travelex?), one mainstreamish news site said to me something along the lines of: "you're using an adblocker. We sympathise, but we hope you'll accept that without income, this website won't exist. If you don't want to disable your adblocker we offer various levels of subscription, starting at (something quite small) for a 24hour pass."

        First time I'd seen it written so blatantly.

        I could live with that, if the financial side of things was trustworthy. Which it almost certainly isn't yet, and that is sad, given that "micropayments" have been discussed extensively since last century.

        And that's assuming anyone still believes that the real purpose of the adflingers is generating revenue for the website operators. I'm not confident that's the case, hence I've stopped bothering with TrackMeNot in FireFox [1]. I can't help feeling that the combination of Facebook, Cambridge Analytica, Paypal, Amazon, Google, etc isn't really working for the public these days. Maybe it never was.

        [1] https://trackmenot.io/

        1. Anonymous Coward
          Anonymous Coward

          Re: tip jar

          "you're using an adblocker. We sympathise, but we hope you'll accept that without income, this website won't exist. If you don't want to disable your adblocker we offer various levels of subscription, starting at (something quite small) for a 24hour pass"

          You're using third parties ads. We sympathise, but we hope you'll accept that without checking third parties, this is how we get inflicted with ransomware. If you don't want us to enable our adblocker we offer various level of hosting the ads as first party, starting by telling the ads industry to get their PoS off your website.

        2. tel2016

          Re: tip jar

          Consider the 'Brave' browser:

          https://www.theregister.co.uk/2019/11/15/brave_web_browser_hits_version_1/

          I'm gradually transferring over to it, and yes, el_reg has joined up

      2. Ben Cockburn

        Re: Two conflated things

        Because the value of you in that non-targeted state is so low that El Reg couldn't actually make a living if it survived on those. The value of an untargeted ad to an Advertiser is an order of magnitude less than a targeted one. I read people talking about 'data vampires', but it's more like a data soup kitchen, with advertisers spooning out a thin gruel to publishers because that is all the average visitor is worth.

        As it stands now numerous sites are being slowly strangled by the increasing privacy restrictions. But El Reg's readership won't hear of that nonsense, until you wake up one day and realise that you get what you PAY for.

        1. JohnFen

          Re: Two conflated things

          "The value of an untargeted ad to an Advertiser is an order of magnitude less than a targeted one."

          True, which is why we really need to find a way to kill tracking across the board. If targeted ads are impossible, then the untargeted ones will rise in value because that sort will be the only way.

          "As it stands now numerous sites are being slowly strangled by the increasing privacy restrictions. But El Reg's readership won't hear of that nonsense, until you wake up one day and realise that you get what you PAY for."

          Oh, I think most people here are well aware of it. I can't speak for the readership in general of course, but my perspective is that I don't actually care about the fate of sites that depend on abusing their users to make a profit.

          1. Anonymous Coward
            Anonymous Coward

            ...or to break even, which is still a net loss for the species.

      3. Qumefox

        Re: Two conflated things

        Advertisers don't generally slurp much user data for their own use. They slurp it to resell to others as an additional revenue stream. Why? Because it's easy money. Beyond writing and maintaining the tracking scripts, it's very little work for them.

      4. Richocet

        Re: Two conflated things

        I very much doubt that creepily profiled and targeted adverts actually result in very much greater recollection or clicks by readers at all, so why go to all that extremely creepy effort?

        Profiled and targeted ads save the advertiser money as follows:

        • Ad targeting people who want to buy a new PC. Cost 30c per view. Needs to be shown to 100 people to generate one sale. Average cost: $30 per sale.
        • The same ad untargetted: Cost 10c per view. Needs to be shown to 2000 random people to generate one sale. Average cost: $200 per sale.

        For the website owner, getting more revenue per visitor for targeted ads is much more attractive than untargetted ads because the number of visitors is something they can't easily change.

        1. jake Silver badge

          Re: Two conflated things

          And of those 100 people who were shown the add for the new PC, 80 bought one 6 months ago when the ad-shyster-agency slirped their info. The rest bought one in the prior 6 months. None of the supposedly "targeted" people really need a PC at the moment. The one purchase would have bought the exact same PC without the advert because his kid spilled a coke on the first one.

          My wife had to temporarily drop the blocks in order to view a client's facebook page (or instagram, or whatever it was), along with associated youtube stuff. After viewing it, she forgot to turn the blocks back on, and went looking for who had her favorite "work" bras on sale.

          She remembered to turn the blocks back on after a couple minutes, maybe five, probably after looking at eight or ten pages. But the rot had already set in. For MONTHS after simply going to the store and making her purchase, the bright sparks at advertising agencies across the planet decided she needed to see bra adverts whenever possible. It was surreal, she'd look up horse blankets or forklift parts or muck forks and get bra adverts ...

          I wonder how much longer the ad-pushers are going to be able to carry on their con? P.T. Barnum lived a century or so too early ...

          1. 's water music
            Happy

            Re: Two conflated things

            I tell a similar story to my partner whenever she sees an 'unexpected' ad popup

      5. Prst. V.Jeltz Silver badge
        Trollface

        Re: Two conflated things

        Exactly. I don't object to advertising per se, as long as it is locally hosted by the website that I am visiting, and is reasonably unobtrusive and completely unannoying. Unfortunately, most advertising is hosted externally, and then comes all the tracking and profiling crap that comes with that.

        Why should advertisers need to know every detail about site visitors individually? On a tech site like The Reg, potential advertisers can surely surmise that readers are interested in tech, and so show tech-related ads, using the same reasoning that they would use when deciding whether to or what to advertise in a printed publication or tv show, etc?

        I very much doubt that creepily profiled and targeted adverts actually result in very much greater recollection or clicks by readers at all, so why go to all that extremely creepy effort?

        sound like a load of whiney bitching to me , just watch the ads the site puts up if you want to access that site. The cant be more annoying than those traditional adverts you get on TV where:

        , get this ,

        its hilarious ,

        They actually stop the movie mid flow - and make you watch several full screen adverts for several minutes!

        and they do this about 6 times per movie!

        compare that to seeing adverts about things you're interested in , that dont halt what iyou're doing

        1. Dave559

          Re: Two conflated things

          Live-scheduled tv? How quaint!

          Advert breaks in movies on tv let you go for a pee break, or to get a drink or some munchies (and thanks to whoever sponsors the "bumpers", whose name you do see, for that public service), and to make sure you're back in time not to miss any of the movie, you'll usually end up seeing at least one or two ads, which is not a problem.

          Ad breaks in shorter programmes? Annoying if they are too long or there are too many of them (waves to the USA), 2 or 3 minutes at most every 15 minutes is tolerable (just). So, most of the time I watch the BBC or other online tv that «shock» I actually subscribe to and pay for (no adverts, and much more time efficient for series binge-viewing).

          1. SImon Hobson Bronze badge
            Unhappy

            Re: Two conflated things

            So, most of the time I watch the BBC or ...

            And don't forget that we are (yet again) in a position where the status of the BBC is being "re evaluated". If they lose their licence fee and have to use adverts, then expect a race to the bottom of the swamp and all we'll have left will be endless carp filling in the small gaps between adverts.

            And, IMO but many agree, it's only the standard set by the BBC who don't have to chase ratings in the same way as those financed by advertising that forces others to at least pretend to keep up their own standards. Ie, you can't get away with complete and utter carp quite the same if there's a half decent alternative for people to compare with.

        2. JohnFen

          Re: Two conflated things

          "compare that to seeing adverts about things you're interested in , that dont halt what iyou're doing"

          Meh. I'll take the ad system that doesn't require spying on me over the alternative any day of the week.

        3. WolfFan

          Re: Two conflated things

          I usually record shows on my DVR. This means that I can watch the show when I want to, not when the TV execs want me to. It also means that I can and do bypass all the ads, except for the ones which look interesting to me. I’ve been doing this kind of thing since the days of VHS. No, I don’t have to view ads on TV if I don’t want to.

        4. Number6

          Re: Two conflated things

          On TV, that's a thoughtfully scheduled pee-and-tea break, gives you chance to go do those things, or let the dog out (or back in) etc. Not needed on the web because you're free to go pee any time without missing anything.

          1. Charles 9

            Re: Two conflated things

            More DVRs block fast forwarding, plus there's the product placements and INLINE ads slapped in the middle of the content.

            1. Kiwi

              Re: Two conflated things

              More DVRs block fast forwarding, plus there's the product placements and INLINE ads slapped in the middle of the content.

              "Product placements" are like static web ads. They don't track, aren't annoying (unless you're "triggered" by the memory of that tragic time your friend died drinking a delicious refreshing PepsiTM), and are just 'there'. Sometimes they also make the scene a little more natural - eg briefly I switched to TV and the movie Cobra is on. Muted so no idea what was said, but Stallone was in a dairy ('convenience store' I think the Yanks call it) with bottles of Pepsi and 7-up visible as well as other items (real or made-up brands I know not).

              Some of the inline ads, especially for other shows, can be quite annoying and are a reason why I don't tend to watch live TV. If it blocks the show I am watching then you just made me hate your show/product, and I'll happily spend my money with your competition.

              My last DVR was a TV card in one of my computers. Can neither recall why I stopped using it nor why I used it, but might've been WW1 centenary stuff (family history 'n all that). Oh, I actually have one a friend loaned me several years back - he never got round to collecting it. Just gathers dust (I don't need the DVD player either).

              We don't get the more annoying aspects over this way much, except the odd bit for upcoming shows (usually over the end credits). The channel "C4" I think tried some of it some years back. Note that some years back the nation collectively said "Get stuffed" and C4 is no longer around...

              (I find most cola's disgusting actually. I do sometimes partake of some Royal Crown draft cola, but haven't touched Pepsi in decades and haven't poisoned myself with Coke in years)

  7. MHZawadi
    Alien

    activating tin-foil hat

    I have found no-script and Ghostery to be very good for blocking 99.99% of tracking, I have no-script setup to block javascript, objects and media by default.

    When at home I also use pi-hole.

    that works so well the EFF fingerprinting site doesn't even run - https://panopticlick.eff.org/tracker-nojs

  8. Crisp

    Like most people on here I run anti-tracking software at home

    So I'm always surprised at how much advertising carp there is when I visit the same websites at work.

    I should be able to say to advertisers that they are not allowed to run code or interfere with the normal operation of my computing device. If they violate that then they should be prosecuted as criminals under the Computer Misuse Act (1990).

  9. Anonymous Coward
    Anonymous Coward

    On the GDPR-front

    This piece https://2040infolawblog.com/2019/11/10/hare-brained/ might be of some relevance regarding your comment that GDPR doesn't deal with collection of date.

    TL;DR - GDPR does deal with collection.

    1. Anonymous Coward
      Anonymous Coward

      Re: On the GDPR-front

      Right - GDPR asks to collect only data needed for processing, and anyway any data access must be opt-in.

      "Article 5(1) requires that personal data shall be:

      [...]

      (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

      (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

      "

      (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/)

      "The GDPR is clearer that an indication of consent must be unambiguous and involve a clear affirmative action (an opt-in). It specifically bans pre-ticked opt-in boxes. It also requires distinct (‘granular’) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service."

      (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/)

      That's the big difference between EU and US approach. The fact that the big US data slurpers keep on ignoring it is another issue - I hope Vestager will start soon to enforce GDPR fully even if the Trumpet menaces to bomb Brussels. The problem is enforcement, which will put EU in a collision course with US companies (not only them , of course, but they are the bigger issue), and the actual US administration will take even the most sensible rule as a direct attack to the idea "US has the biggest dick and must be free to show it around".

      1. Anonymous Coward
        Anonymous Coward

        Re: On the GDPR-front

        "[GDPR] specifically bans pre-ticked opt-in boxes."

        Sadly, the ICO seems to then have taken a contradictory (and unhelpful) stance elsewhere and has said that anyone who has enquired to a company's about their products or has made a purchase can be regarded as having an "existing customer" relationship and so they can spam you without your explicit consent, as long as the spam includes an "opt out" option, «grrrr»... :-(

        1. Anonymous Coward
          Anonymous Coward

          Re: On the GDPR-front

          That's not just an ICO position. The Privacy and Electronic Communications Regulation 2003 sets it out -http://www.legislation.gov.uk/uksi/2003/2426/regulation/22/made

          The big problem is that companies either ignore s.22.3(c) of that legislation (giving individuals a simple means of opting out at the point of collection) or make their order/enquiry process complicated enough that people skip over that option because they're so tired of jumping through hoops.

  10. GnuTzu
    Megaphone

    DMCA For Users -- My Usual Rant

    Chime in if you've seen my rants on this before.

    Super cookies and the like are their technologies for circumventing our right to block tracking. They are free to refuse us content if they find that conventional tracking isn't working. That's how consent works. This legal shuffle that hides implied consent terms in convoluted Kafkaesque EULA's is abusive and is meant to wear consumers down into submissive sheeple. Did I hear recently that there are products for which it is recommended that your read over a thousand third-party EULA's to fully understand what is being agreed to?

    Well, we need our own DMCA. If they can put us in jail for circumventing their protections, then we should be able to put them in jail for circumventing ours. Again, they are free to refuse to serve us content when we refuse to be tracked. But, implied consent in Kafkaesque EULA's does not make for a free market in which consumers are on the same legal footing as corporations.

    Oh, and my list of tools as is the tradition in these discussions: No Script, DuckDuckGo Privacy Essentials, Ghostery, EFF Privacy Badger, uBlock, (and might as well throw in WoT, though it's kind of off topic). Yes, this many tools is more work, and I'm not trying to win any contests. But, I actually find it very educational to pair Ghostery and Privacy Badger, as the former has better categorization while the later has fine grained temporary cookie handling.

  11. Chris Gray 1
    Meh

    {AOL}

    (Me too! :-) )

    I'm on Firefox with NoScript here, similar to many. Since I'm not web-dependent it works fine for me.

    Over the holidays I was using my sister's Windows 10 computer with Chrome, and it was shocking. Since she doesn't have users set up, I was seeing ads targeted at her, and they made sense in that context. But sheesh!!!

  12. Anonymous Coward
    Anonymous Coward

    Maybe the economic basis for the web should implode...

    It was a lot better when people ran websites at their own cost as a public service. And websites that operate as front ends to actual businesses (not ad-slingers) would still have an economic basis.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe the economic basis for the web should implode...

      So if you're too poor, you lose your freedoms of speech and press? My, how Darwinist of you...

      1. Kiwi
        Paris Hilton

        Re: Maybe the economic basis for the web should implode...

        So if you're too poor, you lose your freedoms of speech and press? My, how Darwinist of you...

        Most people I know qualify as "poor".

        Not an issue for us. There's lots of simple options out there, if you engage brain for a couple of milliseconds and look. If you can afford to view a free page you can afford to put up content.

        (I've had times where I could not afford 3 decent meals a day yet could still keep a site running - use the free Library computers and free hosting/free DNS providers)

  13. t0m5k1

    Privacy is dying

    All the time people say: "I've got nothing to hide as I don't do anything wrong" and then agree with their Gov. Who say: "We need lawful access to encrypted connections" Privacy will continue to be degraded to the point where anyone can get what they want regardless of you. Add to that the tracking adverts and targeted profiling you see a picture of degraded privacy even clearer.

    Then in the UK we get news that NHS techs are in talk with other companies to sell our health data for a profit and you then get an even bigger picture that privacy has no hope of ever getting promoted.

    I could continue but I'm sure you already have some flippant statement to knock down what I've said...

    1. JohnFen

      Re: Privacy is dying

      As the old saying goes: find the amount of oppression that people will tolerate, and you've found the amount of oppression that they suffer under.

  14. JohnFen

    Indeed

    "Yet each overlooks a basic fact: collection happens to be where the damage gets done. Passing laws to do something about it after the fact, while well-intentioned, does nothing to prevent the injury."

    Precisely this. The Bad Thing is the collection of the data without the user's informed consent. What happens after the data is collected is a separate problem. I find it notable (but entirely unsurprising) that the businesses who depend on spying on people for their income like to pretend that the issue is all about what happens post-collection, and ignore the fact that it's the collection itself that is the problem.

    Me? I prevent data collection (without my consent) to the greatest degree I can -- just as I prevent all other forms of attack to the greatest degree that I can. Collecting data about me or my machines without my consent is no different than any other form of malicious activity.

    1. Charles 9

      Re: Indeed

      Even if it's the government, against whom one has no real power to stop?

      1. Kiwi
        Paris Hilton

        Re: Indeed

        Even if it's the government, against whom one has no real power to stop?

        Plenty of ways to stop the government collecting data about you if you don't wish them do so. Takes a little bit of engaging brain to figure it out though.

        (I live in NZ under a socialist government, whereas you live in the US under a Republican government - why is it that you seem to have this trouble and I don't????????????????)

  15. Doctor Syntax Silver badge

    "Advertisers need eyeballs, and they'll buy them"

    It's the intermediaries, the advertising industry, who are the problem. The more snake oil they can sell the more money they make but that snake-oil is their "service" and the people they're selling it to are the advertisers.

    John Wanamaker is reputed to have said "Half the money I spend on advertising is wasted; the trouble is I don't know which half." If he'd been alive now he'd have loved ad-blockers because they would have solved his problem. It's no surprise the ad-industry hates them - they want their customers to keep on wasting that money.

    1. Ben Cockburn

      Quite laughable your understanding of the advertising industry on which you profess such insight.

      Digital advertising is the first example where John Wanamaker's universal truth is being challenged. The waste is, in an objective and granular way, quantifiable and can be removed. Day-in, day-out, people and algorithms work to remove non-responsive target audiences from who they advertise to. It's only by doing that that publishers make any advertising money online at all.

      The mere fact that the selection of adverts you are presented with in your social feeds, search engine searches and banner advertising changes over time is proof of this ongoing optimisation.

      1. Prst. V.Jeltz Silver badge

        yeah! how dare they show you ads that you might be interested in!

        bring back the PPI adverts!

      2. Doctor Syntax Silver badge

        "The mere fact that the selection of adverts you are presented with in your social feeds, search engine searches and banner advertising changes over time is proof of this ongoing optimisation."

        You just don't get it, do you?

        To go all Bob: I BLOCK ADS.

        And I HAVE NO SOCIAL FEEDS. Zilch.

        Don't let this stop you telling your clients you can send me advertising. If you could your selection would undoubtedly be for those things I've already bought or stuff I don't want.

        An example of the latter. If, for geographical reasons, I search for a place name, the results will be swamped with estate agents sites for that area despite the fact that I have no intention whatsoever of even going there let alone buying a house there. It's not a phrase I'd use often but I feel sorry for those estate agents who are being bilked for fees to put that crap in front of me.

      3. JohnFen

        " Day-in, day-out, people and algorithms work to remove non-responsive target audiences from who they advertise to."

        They do a really terrible job of it, though, considering that they expend a great deal of time and effort to continue to target people who are actively and energetically trying to evade them. That's a ton of wasted money right there.

        1. Anonymous Coward
          Anonymous Coward

          Not if they only need ONE hit to make it all worthwhile...

      4. find users who cut cat tail

        Day-in, day-out, people and algorithms work to remove non-responsive target audiences from who they advertise to.

        Perhaps, but if it is so they then add those audiences right back. Otherwise everyone would have stopped advertising to me long time ago.

      5. Kiwi
        FAIL

        The mere fact that the selection of adverts you are presented with in your social feeds, search engine searches and banner advertising changes over time is proof of this ongoing optimisation.

        So.. Why do I so often see adverts for properties I could never afford in countries or cities I don't even visit let alone live in? Why do I never see ads for motorbike stuff (when I spend a lot of my other internet time in Biker forums) but see a lot of ads for SUVs (which I clearly would never buy)?

        Why do I see so many ads for 'girls in your area" (which isn't my area) when I'm clearly gayer than the Pope's favourite alter boy? Why no "fat sloppy bears in your area" ads?

        I gets lots of Scamscum and lots more crApple product adverts - the spelling should tell you how likely I am to buy from those companies. Where are the "cheap generic crappy tablet" ads? The "basic no-name laptop" ads?

        Why does GoT get pushed my way often (closet I've come to seeing it is the South Park documentary on it) yet stuff like The Expanse and Mr Robot never show up (yet I'd actually pay for more of them!)?

        Why does Spewboob want me watching utterly boring videos of people wandering around in old mines (some actual accuracy in a Freudian sense?) or suggesting I want ads about dogs (hate them love pussy) and halloween costumes (Christian, no kids, and tend to be 'elsewhere' when brats come knocking)? Hell, why no cat videos? My cat and I used to go to sleep watching those on the tablet, yet they never show in the suggestions, I have to search for them if I want them. And yes, on the tablet I have a single account (no real details not even IP/location) that stays logged in on YT. Wanted to comment on something, made the account, never bothered to sign out.

        "Ongoing optimisation?" HAH! At least Mitre10 show me relevant ads on their site - but then lets face it, they're a hardware store and I like my hardware so pretty much everything they sell at least has some potential to be of interest to me. Oh, and I have made purchases because of those ads. No tracking, no profiles, just a basic pairing of items that often go together. Buying irrigation kit? Probably a gardener. "Hey, we're doing a special on compost, interested?". Not "Buying irrigation kit? Hey, want a new Xbox? Clearly you must spend your life inside!".

        </rant>

        Bloody hell. You must work for one of those firms. How else could your mind be so messed up?

  16. Persona Silver badge

    I just don't care.

    I'm in the minority here but I just don't care. People are harvesting my data, and building a profile of me. If they are any good their research will tell them they are wasting their time. Throwing adverts at me tailored or otherwise isn't go to influence my behaviour. My personal data probably gets traded for good money. Somebody is making a profit out of it but the people who buy it are making a loss. It doesn't cost me anything. I just don't care.

    1. Snorlax Silver badge

      Re: I just don't care.

      I don’t know how anybody with more than a passing interest in technology and current affairs could fail to grasp the many, many problems which are caused by tech company greed.

      Cambridge Analytica have interfered with multiple elections thanks to their profiling of Facebook users.

      Facebook itself? Do I need to go there?

      Google know everything about you from what time you get out of bed, to your physical location throughout the day, every call, text, email.

      The NHS wants to sell your medical records to the US.

      Genealogy companies in the US share your DNA with police. Speaking of DNA, I wonder how long before we have to give a sample before we can access healthcare or buy health insurance.

      Anyway, tinfoil hat mode deactivated. If you don’t give a shit about your privacy, best of luck to you...

      1. Persona Silver badge

        Re: I just don't care.

        "If you don’t give a shit about your privacy, best of luck to you..."

        Thanks, but no I still don't care about any of those things you mentioned. I came to the opinion at least 15 years ago that the direction of technology made erosion of privacy inevitable, and I planned accordingly. The fact that people are falling over themselves to put "Alexa" in their living rooms tells me that privacy really is dead.

    2. Anonymous Coward
      Anonymous Coward

      Re: I just don't care.

      My personal data probably gets traded for good money

      For the hackers who drained your account? Yes indeed. The main problem is not tracking, but the common factor that those ads industry who harvested your data often leak your data to hackers.

      Hopefully when it comes the days where you had to constantly monitor your account from getting drained, you had already enjoyed your life time worth of cheap ads.

      1. Persona Silver badge

        Re: I just don't care.

        "the common factor that those ads industry who harvested your data often leak your data to hackers"

        That makes no tangible difference. Your data has already been leaked countless times by everyone you have given it to including HMRC (who have leaked mine twice to my knowledge). You must always assume that people who want to drain your accounts already have data on you. Actually what they really want is a list of gullible people as that makes draining your account so much easier, and it's very easy to get a list of gullible people with a couple of SPAM emails.

    3. Prst. V.Jeltz Silver badge

      Re: I just don't care.

      Well said persona! if those people make some money of that data , that they use to provide a usefull website - who are we to dent them?

      better than paying for the site

    4. Doctor Syntax Silver badge

      Re: I just don't care.

      " If they are any good their research will tell them they are wasting their time."

      The people who are building that profile aren't wasting their time. They're using it to sell services to advertisers. The advertisers are, however, wasting their money.

    5. JohnFen

      Re: I just don't care.

      There are plenty of people who feel as you do.

      That's why tracking should be 100% opt-in -- that way, people who want the tracking can have it, and those of use who don't want it can avoid it.

      It's a win-win.

    6. SImon Hobson Bronze badge
      Megaphone

      Re: I just don't care.

      I just don't care

      And if it was as simple as that only affecting you then I'd say - your choice.

      But a big part of the problem is not what I choose to do or not do, the profiles these scum build on me also include information "leaked" by others who "don't care". So called "friends" who post information about you on Faecesborg. So called friends who blindly comply when Faecesborg and others ask them for the password to their emails and contacts "so that they can invite your friends". So called friends who ...

      I have never consented to Faecesborg harvesting the information I know they will have on me. Doesn't stop them getting it from people who "don't care".

      And by the time all this leaked information has been merged, correlated, etc - others who "don't care" will have given them more than I know about myself.

      1. Charles 9

        Re: I just don't care.

        But that's as it's always been: all the way back to the days of the village gossip. You can't control what other people know about you, especially that gleaned from their own senses.

        1. Kiwi

          Re: I just don't care.

          But that's as it's always been: all the way back to the days of the village gossip. You can't control what other people know about you, especially that gleaned from their own senses.

          1) "Village gossip" was very seldom compiled and built into a profile on people.

          2) This isn't stuff they've gleaned from their own senses - it's often stuff they've gleaned via illegal means (eg in Simon's post RE other people giving FB their email login - where this is a company and they've allowed FB to get other people's addresses, this is an offence under many countries' privacy laws including NZ's laws - if a business has given my details to others other than as a part of the actual trading (eg the firm that sent me a re-furb laptop from Auckland giving the courier my delivery address) then they've committed an offence under the act.

          Some of this info has been gained by criminal means. In my case, where FB, Google, almost every advertising company and any data harvesting company, my information has not been legally gained. I have not consented to give it, I have not consented for it to be retained, I have not been properly informed as to what is gathered, how it is gathered, how it is to be used or who it is to be shared with. It doesn't matter if it's a supermarket I have a loyalty card with (I don't) or a site I sign up to or any of that, the information has not been gained in accordance with NZ law thus has not been legally gained. EG wth the supermarket, I can grab the loyalty card over the counter and start using it there and then for "savings". I've not been given a chance to view the T&Cs etc nor even told such a thing exists. When I pay by EFT-POS it's tied to my bank account, thus personally identifying information is not shared with a 3rd party (and more) whom I don't know exists. Data sharing starts before I actually get a chance to make an informed decision, and I am encouraged to give up that data without being warned to read the information first - I'm not even told there is info to read.

          This stuff is done illegally and why should I not object to people using unlawful methods to get unlawful data about me?

          And yes, my friends volunteering information would also come under this as I have not consented to that data being held. Hmm, I wonder.. Think I might see a lawyer this week... (sadly I'll probably forget - but anyone in NZ who has FB friends, or android-using friends who txt you, or who don't use android but txt you where their telco might harvest the txts - you might be able to make a case for suing under the act since you did not consent to that information being held about you nor were you informed it was being collected!)

          1. Charles 9

            Re: I just don't care.

            "And yes, my friends volunteering information would also come under this as I have not consented to that data being held."

            Ah, but there's the rub. THEY consented, AND they can argue it's THEIR data, collected from their own senses. Now you have an argument: data collected about a third party, but collected firsthand. So here's a question. Who owns someone's birthday when it's provided by someone who figured it out by the simple precedent of being at his or her birthday party recently?

            1. Kiwi
              Facepalm

              Re: I just don't care.

              "And yes, my friends volunteering information would also come under this as I have not consented to that data being held."

              Ah, but there's the rub. THEY consented, AND they can argue it's THEIR data,

              Actually no, they can't. But if you can cite a relevant law or court ruling to back up your claim?

  17. Anonymous Coward
    Angel

    FF 72

    The latest Firefox now attempts to block fingerprinting by blocking third-party requests to companies that are known to participate in fingerprinting (using the Disconnect database). That, uBlock Origin, and auto deleting cookies when I exit Firefox keeps me happy.

    1. Charles 9

      Re: FF 72

      They'll just disguise the third-party stuff as FIRST-PARTY stuff...but still keep the plausible deniability through foreign sovereignty and degrees of separation...

  18. IGotOut Silver badge
    Mushroom

    Visiting well-behaved sites (such as El Reg),

    Reg, have you actually every tried to manage your cookie options? Go ahead, its a day of your life you'll never get back.

    1. mevets

      Re: Visiting well-behaved sites (such as El Reg),

      Try profiles. It takes a bit of work, but you can partition the sites you visit into different privacy classes then launch browsers as needed.

      I wish it were automagic, so I could tell it use this profile for this domain, but so far I haven't found anything that does that. I would be more likely to write a C->JavaScript backend than learn JavaScript; but probably won't do that either, so I wait....

  19. John Gamble
    Big Brother

    McNealy Said This Ten Years Earlier Though

    Back in January of 1999. Here's a Wired article on it: Sun on Privacy: 'Get Over It'.

    So we've had an over twenty year warning.

    (I want to make some observation about Google feeding you the Google CEO's observation over another CEO, but I've come to expect dishonesty from Google rankings, so it wouldn't be edgy at all now.)

    1. jake Silver badge

      Re: McNealy Said This Ten Years Earlier Though

      I came here to say much the same thing.

      Fucking gookids ... they think they've invented everything, but in reality all they've done is recycle the unsavory bits. Kinda like rabbits and coprophagia, but at least the rabbits produce their own shit before consuming it.

  20. captain veg Silver badge

    agree with the article, but

    > Eric Schmidt's hideous pronouncement "privacy is dead, get over it,"

    Er, do you mean Scott McNealy's hideous pronouncement "you have zero privacy anyway, get over it"?

    -A.

  21. Anonymous Coward
    Anonymous Coward

    Work has blocked ads, for security reasons

    My current employment (a large DoD vendor) has blocked ads completely, for security reasons.

    A small bastion of sanity.

    1. Charles 9

      Re: Work has blocked ads, for security reasons

      So what happens when not if the policy borks a site needed by someone up top? That's always been the problem with that approach: eventually insanity meets someone with the power to go, "Who hired this clown?"

  22. Mike 137 Silver badge

    "Knowing everything about a user does not make them a better customer"

    Making idiotic misuse of the info does even worse. You just bought a bed online, so for weeks you get ads for beds thrust at you...

    The real dirty secret is that none of this snooping is for the benefit of advertisers or you - it's primarily for the benefit of the ad brokers. They make money regardless of the effectiveness of the advertising.

  23. Combat Epistomologist

    Two notes:

    1. I wouldn't mind quite as much if they offered to share the proceeds. It's MY data; if they're going to use it, they should pay me for the privilege.

    2. Advertising has totally run amuck and become the tail wagging the commerce dog. 99% — LITERALLY 99% — of the ads that I *do* still see are for shit I don't want in the first place. Bombarding me with invasive, obnoxious ads just makes sure that I'm going to boycott your product and never, ever buy it if I can find an alternative. Is all this advertising really WORTH it?

    It's like spam. The real money in spamming has never been in sending spam. It's been selling tools and services to idiots who think that sending spam will make them rich. Modern advertising? The same damn thing, I'd bet. The money isn't in advertising the products. It's in selling the accursed advertising.

  24. Epitune

    "The smartphone, indispensable and irreplaceable"

    Who in their right mind is DUMB enough to have a smartphone?!?

    Have you not paid any attention AT ALL?!?

    I've worked in the IT business since '94, NO ONE in know is STUPID enough to have on

    Not ONE co-worker, not ONE professional, I believe maybe the people cleaning our office space has.

    There are millennials, and then there are adults, smart intelligent people.

    It's a toy for people with a lazy mind, useless for the rest of us.

    If you are gonna write technical stuff, get technical and knowledgeable, step out of the teenage shoes.

    1. Charles 9

      You've apparently never been saved by on-the-spot research or needed impromptu directions or whatever because your vaunted written directions failed you.

      IOW, you've obviously never actually met Murphy...

      1. Kiwi

        You've apparently never been saved by on-the-spot research or needed impromptu directions or whatever because your vaunted written directions failed you.

        Kid, I've been driving for years longer than up-to-date maps have been around (that said, IIRC TomTom took over a year to show the Kapiti Expressway but I digest...). Got lost? Work it out, learn to read a map, or use basic survival skills - like find someone and ask or backtrack or... Been driving just long enough that you had to carefully plan your return trip from Auckland if it was on a weekend as most in-between service stations closed at 12pm, so you had very very few options. Oh and the big central open-late service stations? 6pm on a Sunday and not a second later.

        I use a GPS that's reasonably up-to-date anyway - I update the maps once a year which is plenty enough.

        Last minute research - well in the fields I've worked in that's way too late. The only 'last minute research' is the names of the chemicals for the hazmat team to come in and deal with later. You don't need to worry about it, even though you might be breathing at that stage you wouldn't survive long enough (and besides, things like phones are strictly verboten - the life of everyone in your area depends on that rule being obeyed and any higher up trying to rule otherwise would not be working for the firm by the end of the day, even the owner would be forcibly removed (and yes, I mean knocked unconscious and dragged out if they refused).

        Where I was making IT-related house calls, the idea of looking stuff up online was considered 'bad form'. You either knew your stuff, had some notes with you, or apologised and brought the machine back to base. Very rarely was there an excuse for looking anything up (that usually came from a customer giving the wrong information - hint - the customers who got house calls were trusted and generally gave the right information).

        Murphy? He was that guy who kicked my bike out from under me on the Maungatooks, and I was already on my way back later than anyone else. I remember working out what was wrong with the ignition and patching it by feel in almost total darkness. This is well out in the bush and before the days of cell phones. Still got the gap in my teeth where I couldn't see the knot on the end of the bit of wire I was stripping with my teeth (had some wire stowed in the tool box - wish I had some wire cutters and a torch there instead of just wire!). Also on a Sunday evening in an area only visited on weekends, many miles from houses. And I don't think my family were aware where I was, so I'd be on my own for some time.

        If you think you need your smart phone as a survival tool then kiddo, you have some nasty shocks coming. Learn to rely on your self, not your brainless toys. Be able to get your self out of trouble, don't rely on others who don't have your best interests at heart.

        Bloody kids these days. Don't know they're born. Oh yeah, GET OFF MY LAWN!

  25. Anonymous Coward
    Anonymous Coward

    And then there's all the stuff WE KNOW NOTHING ABOUT!

    Many of the comments here focus on "targeted advertising" as "one of the problems".

    *

    That's only the tip of the iceberg!!

    *

    There are commercial firms aggregating data from lots of sources -- aggregation into databases which we KNOW NOTHING ABOUT:

    * credit card data

    * driving licence data

    * property tax data

    * births, marriages and deaths

    * ...and who knows what else

    So GDPR is a joke -- WHEN WE DO NOT KNOW the location or scope of the data collected about us.

    *

    And that's before we get to government agencies hoovering up all of the above and who knows what else.

    *

    Is there a privacy crisis? YES! Do we know anything about the scope of the crisis? NO!!

    1. Anonymous Coward
      Anonymous Coward

      Re: And then there's all the stuff WE KNOW NOTHING ABOUT!

      @AC

      For example this piece from The Register, January 9 2020:

      - https://www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/

  26. Mads Skjern

    An alternative with mail

    I was IT manager for more than 40 years, and when the problem with spam and other things became unbearable with almost 60% of circulatied mails being spam, we made a drastic change. We started blocking entire topdomains and a lot of mailservers. With 200 countries worldwide this was time-consuming, so we changed tactics and blocked everything, and opened for the domains we knew were business related. We had no customers in Nigeria, Tuvalu, Kazakhstan, Upper Volta and many other places, and we didn't need any from those countries. That stopped almost all spam. Naturally we had anti-spam measures too, but we got rid of a lot.

    I like the idea of fighting back, by giving them garbage (or hell) when they try to steal my personal data, fighting back.

    My private PC is locked more than most - I get almost no advertising and very few fraudulent mails, although it happens. I also use another OS than Windows, and have done so for more than ten years. I visited a website recently that wanted to place 350 marketing and tracking cookies, and naturally I found somewhere else to spend my money - and I wrote them and told why they missed a sale.

    Imagine going into a Supermarket where they open your bag, trying to get your personal info and where you have been recently. Everybody would be offended, so why do people accept it if it is digigital - and much more dangerous?

    1. Anonymous Coward
      Anonymous Coward

      Re: An alternative with mail

      @Mads Skjern

      Good comment......but the REAL privacy problem is elsewhere.

      *

      We simply DO NOT KNOW who is aggregating personal data. This link describes the threat clearly -- and it comes from the current CES in Las Vegas:

      - https://www.bloomberg.com/news/articles/2020-01-07/amazon-intel-and-ford-chase-automotive-data-dollars-at-ces?srnd=premium-europe

      *

      Yes....some time soon you will buy a car....and ALL THE DATA GENERATED IN THE CAR will belong to someone else....likely MULTIPLE somone_elses....all tagged back to your account, and then aggregated with your credit card records, your mortgage records and your Amazon purchase history.

      *

      But wait.....the aggregators will be cross-compiling with records of your family, your email connections, the people you sent Amazon presents to, and who knows who else. Note that these third parties ALSO HAVE NO IDEA THAT THIS AGGREGATION IS GOING ON, nor the location of the owners of the aggregated data.

      *

      GDPR is a joke, and the privacy nightmare is real.

    2. Anonymous Coward
      Anonymous Coward

      Re: Imagine going into a Supermarket

      "Imagine going into a Supermarket where they open your bag, trying to get your personal info and where you have been recently. "

      No need to imagine it if you're in the UK - just get yourself a Nectar multi-retailer "loyalty" card and use it (online in many cases) with any of the participating organisations (lots of retailers, and more):

      https://en.wikipedia.org/wiki/Nectar_loyalty_card#Participating_companies

      Other 'loyalty' schemes may be available in the UK and elsewhere:

      https://en.wikipedia.org/wiki/Loyalty_program

      1. Will Godfrey Silver badge
        Happy

        Re: Imagine going into a Supermarket

        Guess who doesn't have, and never has had any kind of loyalty tracking card?

        1. STOP_FORTH Silver badge

          Re: Imagine going into a Supermarket

          Santa?

        2. Anonymous Coward
          Anonymous Coward

          Re: Imagine going into a Supermarket

          Guess who could care less now? They'll get you from payment details and eventually body and face tracking (granted the latter is still new, but it's also improving).

  27. Anonymous Coward
    Anonymous Coward

    So say "NO" Regtard writer

    El Reg is not well behaved in any sort of the matter when it comes to privacy, so follow your own advice and tell your RegTurd overlords to say "NO"!

    **ALL** tracking off on El Reg.

    El Reg to not partner with **ANY** business or advertiser that works with any form of tracker or data harvesting (whether it is utilized on this site or not).

    The writer to pledge to do the same.

    Or as we say on this side of the pond: Put your money where your mouth is.

    1. Anonymous Coward
      Anonymous Coward

      Re: So say "NO" Regtard writer

      Then watch El Reg go bye-bye.

      Beware the Law of Unintended Consequences.

      1. Kiwi
        Paris Hilton

        Re: So say "NO" Regtard writer

        Then watch El Reg go bye-bye.

        Beware the Law of Unintended Consequences.

        What makes you think that would happen?

        Beware the laws of living in reality.

        1. Charles 9

          Re: So say "NO" Regtard writer

          Publishing costs money. How do they pay the bills without ad revenues?

          And don't say subscriptions are the solution, either

          1. Kiwi
            Holmes

            Re: So say "NO" Regtard writer

            Publishing costs money. How do they pay the bills without ad revenues?

            Across the world many millions of blog pages exist where the people "publishing" them don't pay a cent.

            Hell, I have potential access to unlimited Fibre broadband (not installed for #reasons but could be), I have access to machines on 24/7 (including a 'large seed box' I have access to but do not own, one that sees significant amounts of traffic each month). If I wanted to publish something today, then like most people around the world I could do it for "free".

            And there's the many who consider facebook/twitter etc to be the only news sources worth reading. Aside from the potential loss of private data, what's the general cost of using FB etc?

            Maybe I couldn't do something the size of El Reg, but I can publish material at no extra cost to me. Hell, I publish a LOT on El Reg and that costs me nothing more than time. Often I'm here as a filler while I'm waiting on someone to take a crap or finish a meal or... so it really is at no cost to me.

  28. croc

    "Knowing everything about a user does not make them a better customer. Offering a better product and better service at a better price - that might. And you don't need analytics to tell you that."

    You seem to have misunderstood your Economics 2020 classes... Knowing everything about a user makes them a better product. The issue is not blocking tracking, but making the sale of personal information illegal - with serious fines awarded to the users Go after the rot cause and make it unprofitable.

    1. Charles 9

      They have a defense against that: take on the ROOT root cause and have them change things to make it bulletproof their way, with no possible recourse except maybe emigration.

      1. Kiwi
        Facepalm

        They have a defense against that: take on the ROOT root cause and have them change things to make it bulletproof their way, with no possible recourse except maybe emigration.

        Meanwhile, in the real world....

        1. Charles 9
          FAIL

          Donald Trump is President and what I'm saying is happening before my eyes.

  29. Number6

    What we need is a proxy server type of thing that doesn't block things as such, it'll go fetch them, with a bit of randomisation in the cookie data it sends back, does all the processing required and serves a sanitised script-less page to the user. So the ads get requested but the user is never bothered by them. No doubt some helpful person will come along and point me at a project that's been doing this for some years.

    1. Anonymous Coward
      Anonymous Coward

      @Number 6 re "doing this for some years"

      What you describe sounds a bit like Phorm was supposedly going to be - the adflingers serve their adverts, the Phorm-compatible advertisers and their ISP partners replace the originals with Something Completely Different.

      Or maybe I'm misremememembering.

  30. Trollslayer
    Thumb Up

    Privacy Badger

    A good extension for Chrome.

    1. Kiwi
      Pint

      Re: Privacy Badger

      Privacy Badger

      A good extension for Chrome.

      Waterfox is a much better 'extension'!

      --> For the Waterfox dev. And hopefully I'll remember to fling you some real cash real soon instead of virtual beers and well-wishes.

  31. This post has been deleted by its author

    1. Inkey
      Flame

      Re: What if everybody said 'Meh! `Track me, I care not'?

      And commenting anonymously justly shows how much you don't care.... you must be a plant that works for the shitty industry that benefits from advertising and profiling.

      The right to autonomy and privacy is and should always stay a human right.

      1. Charles 9

        Re: What if everybody said 'Meh! `Track me, I care not'?

        Privacy was never a right as long as we had communities privacy died with the village gossip. It's not like we have the ability to make people UNSEE what they saw with their own two eyes or UNHEAR what they heard with their own two ears.

        Or to put it more succinctly, who owns the image of someone burning oneself on one's own front lawn?

  32. Inkey

    Lest we forget

    Let's not forget how and who set the stage for the trajectory we now find ourselves at.

    As far as product awareness goes I can deal with a new ad splash to inform Joe public of a new product service etc.... And if you have a good product that's affordable and lasts longer than the warranty you would not have any need to advertise as people will advertise for said products by word of mouth...

    But this goes way beyond the need for advertising, let's face it the margins on click bait ads are an aside to the reason or need for a viable revenue stream, the reason it proliferated is more to do with normalising the intrusion and profiling than actually making a sale... At best the advertising part of it attempts to flog me something I've already bought or have no intention of buying.

    The profiling however is another more insidious thing altogether... And worth way more.. Not to advertisers mind you... Corporate intelligence is where the biggest money is and is the reason why data is so valuable, at a macro level this is older than and indeed how advertising got its leg up.. Or over as it stands...

    "If you can influence the leaders, either with or without their conscious cooperation, you automatically influence the group which they sway", he said" Edward Bernays...

    Its how the third riech came to be an acceptable political entity, just so happend that it was useful for selling bacon as well...

    Personally I can't wait for the inevitable misuse of said data coming to head.. Think TSA bum wipe using the access they have to black mail, sell on to hackers or other wise socially engineer themselves into a situation that privacy would avoid.

    I'll leave this for all the "I don't care track me I've nothing to hide" dolts out there who frankly don't really understand what's happening.

    A) Bernays argued that the covert use of third parties was morally legitimate because those parties were morally autonomous actors.[60]

    Advert... Subvert hmm double speak?

    And for good measure...

    B) Describing the response to his campaign for Ivory Soap, Bernays wrote: "As if actuated by the pressure of a button, people began working for the client instead of the client begging people to buy."

  33. Forclaz20
    Mushroom

    So much fail

    For a load of guys all thinking there privacy conscious using firefox, you epic fail - Try GNU / IceCat with LibreJS and the CyDec Anti-finger-printing addon with NoScript Suite and the CyDec OS Spoofer and now your speaking my language.

    See that new firefox vulnerability making the rounds in 72.1 maybe if you'd been using LibreJS in the first place and stopped using googles propriety flaky java license, you would have been immune in the first place!

    1. Kiwi
      Headmaster

      Re: So much fail

      "and now your[sic] speaking my language."

      Erm. I'm not sure exactly which language you are speaking. It almost looks like English tainted with Geek, but the constructs you've used seem more like double-dutch.

      I'm so very tempted to go nuclear with the ear worm on this one....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like