"there were 112 companies slurping up information"
This sounds like an emergency!
All but three of the European Union member states' government websites are littered with undisclosed adtech trackers from Google and other firms, with many piggy-backing on third-party scripts, according to an analysis of almost 200,000 webpages. The report (PDF), published today by Cookiebot in collaboration with civil rights …
112 is guaranteed to connect you to the emergency services throughout the EU, which includes the UK (and hopefully will continue to include the UK).
Where a country also has other, local, emergency numbers, these of course continue to work, but the point of 112 is so that we don't have to try to remember different numbers in different countries in the event of an actual emergency, when we might be stressed or panicked.
112 is also the standard emergency number for GSM mobile phones around the world, and so, hopefully for that reason alone, it will also remain valid for UK landlines, regardless of what might happen over the next few months...
But don't blame the IT engineers, they are managed by knobs most of the time. The amount of times I made suggestions regarding security and the massive flaw an engineer found and was ignored regarding gsuite. When forced to carry on using Outlook due to in house software still requiring it and linking this with G Suite Sync. It was pointed out that this then downloads and UNENCRYPTED copy of all the persons e-mails. All you then have to do, assuming you've managed to get a domain admin password or local admin account, is grab the .OST file and load it into any of the free tools available. You now have free access to that persons gsuite mail. Offline ones obviously but still can make interesting reading.
Local government IT and I suspect main government IT is normally managed by self serving knobs. Yes men and women cause they just want an easy life until they can either retire or find something else. And they have no issues fucking over their engineers.
I think he was meaning the OST file is not encrypted.
If your files on disk are important enough to need encryption then surely you should be using full disk encryption.
Using the if someone had domain or local admin passwords holds no water. You could say the same regarding any system. For example: if you had the users password to their GSuite accont you could download everything on their GSuite account (emails, docs etc.) un-encrypted!
>If your files on disk are important enough to need encryption then surely you should be using full disk encryption.
This doesn't actually address the privacy issue raised.
The issue is that a user's OST/PST file is by default stored unencrypted within their user folders. Hence another user on that system with relevant persmissions to access the fully encrypted disk, will be able to view the contents of the OST/PST folder. The solution to this is to either enable the Windows Encrypting File System (EFS) or force the use (via Group Policy?) of Outlook's built-in encryption.
Not getting the downvotes.
I think those may be due to the commenter's lazy assumption that all government is wasteful and inefficient, and that no-one at any level of management gives a toss.
While there are certainly instances you can point to which indicate there are problems, and you can easily fill your day watching the proceedings of the various Parliamentary committees digging away at them, you'll find those instances in any walk of life. Away from headline projects the majority of day-to-day functions tick over smoothly and the majority of people in the Civil Service and in local government do definitely give a toss and take public service seriously, however much the government of the day does it's best to demoralise and demonise them and to outsource their jobs.
Door knobs?
"Local government IT and I suspect main government IT is normally managed by self serving knobs. "
A few quiet words (via a proxy if need be) to the ICO would be in order then.
Alternatively a few quiet words with a group of lawyers explaining how useful this would be whilst executing a Norwich Pharmaceutical order might have an even more interesting effect.
Hmm. Not seeing the ads is not really the issue.
Suppose you go to a site to get information about abortion. Using cookies these companies will detect this and add that to your profile. Later your profile may be leaked, leaving you the target of anti-abortionists.
Suppose that in the future, we do not have such a benevolent government. Perhaps, our reading of The Register at that time will be seen as dangerous, and we all get sent to the gulag.
My browser tells me that on this page there 2 cookies from doubleclick, 2 from google, and 2 from regmedia, even when the 3 ads are blocked.
@RegW
"Suppose you go to a site to get information about abortion. Using cookies these companies will detect this and add that to your profile. Later your profile may be leaked, leaving you the target of anti-abortionists."
Ok. So? If my profile is leaked others will too and this is more of a problem with the mob mentality than the useful service of leading people to abortion information and services. This isnt a tracking cookie problem which has dubious success at identifying someone but an education problem that mobs of idiots are useful for a cause.
"Suppose that in the future, we do not have such a benevolent government. Perhaps, our reading of The Register at that time will be seen as dangerous, and we all get sent to the gulag."
That is possible. And a tracking cookie is not likely to be enough to be certain so in such a dystopia possibly USSR/N.Korea/Communist China scenario we would have other things to worry about by that point.
"My browser tells me that on this page there 2 cookies from doubleclick, 2 from google, and 2 from regmedia, even when the 3 ads are blocked."
Ok. But you can still access what you want and maybe, just maybe at some point in the future you might get adverts relevant to you. Its flaky enough not to achieve it well yet but imagine actually getting relevant results for things your looking for.
These people are trying to make the web somewhat useful (and might fail at their efforts). We already have governments trying to make the web less useful. I know this cookie thing seems to bother some people, and I am not arguing against them, its just that I dont care. I dont have a problem with it.
I'm not sure I follow your argument.
Yes, it is your prerogative as an informed individual to not care which private details are collected about you and who they are shared with. But this is the reason why others might feel alarm.
And yes, cookies do make the web more useful. Although the role of governments in this story is that the outside organisation mentioned above, has found some government websites are riddled with cookies unrelated to their function. Making the web less useful by incompetently coding their own sites seems unlikely - but I could be wrong.
However, the bit I don't get is: why is your use of an ad blocker relevant? Especially as you seem to imply that ad tracking cookies make the web better.
@RegW
"And yes, cookies do make the web more useful. Although the role of governments in this story is that the outside organisation mentioned above, has found some government websites are riddled with cookies unrelated to their function"
But this is where I dont follow the argument. So what?
"However, the bit I don't get is: why is your use of an ad blocker relevant? Especially as you seem to imply that ad tracking cookies make the web better."
Basically the point of this tracking is for better advertising. Of course I block ads since what I get shown is only a little more relevant that the rubbish on TV between the show I want to watch. But so far the worst I hear is some hypothetical but never seemingly substantiated idea of profiling by men in the shadows. Funnily those men are the governments efforts already with more blunt methods.
The report authors said this was of "special concern" because Google can cross-reference trackers with its first-party account details via its widely used consumer services such as Mail, Search and Android apps.
Yes, they might. But to do so would be a flagrant breach of GDPR and would come with a hefty fine or even a ban. Years ago Google refused not to do this but has since become willing to be contractually bound not to do so, though this might cost cash! It even provides the relevant Javascript to anonymise the last octet of an ip address. So, in these cases it's clearly the commissioning departments, or more likely the agencies that are at fault. And further evidence that every citizen should use an ad blocker.
in the US my script blocker (uMatrix) lights up like a Christmas tree showing trackers for Facebook, Yahoo and others when I log into my bank used mainly by active duty and retired military members.
uMatrix also alerted me to the fact that there was several hidden tracking pixels for Facebook, Linkedin and more when paying rent over a well known payment system used by apartments across the nation.
At least in the UK you have GDPR.
> When I log into Chase, I get cookies and scripts from .ru and .cn
In the USA there may not be _federal_ privacy legislation, but a significant number of the states have privacy legislation that is almost as good as GDPR and has long-arm statutes. Everyone focusses on California because of its population and misses the others with even tougher laws.
If you live in one of those states it's worth notifying the local privacy commissioner
Has anyone done a feasibility and benefits study on nuking Gargle, Faecebook et al from space?
I use several browsers: my main browser blocks everything I can (NoScript, Ghostery, AdNauseam, Qwant...) and I have other browsers that are very permissive but that I use only for special purposes: Opera, Konqerror, and I even have Chrome to do Google-Maps and Google-Conference. But only Google, and no Gmail ever.
I work in local government IT and this stuff comes from the propaganda communication team; - "we've commissioned a 3rd party marketing agency for a campaign to stop teenagers sniffing pokemon and they want to add this tag to the site - it doesn't add any cookies it just 'drops a beacon' or 'tags a pixel' so that's OK isn't it? can you just insert this script into the website"
With the introduction of GDPR last year, users who choose not accept cookies find themselves subject to an incessant tirade of NAGs: "We value your privacy, so please accept cookies or we will hide your current window until you do, or find the obscure way to disable the nags."
The aims of GDPR are laudable but the marketing fraternity have cynically turned the tables on privacy and made simple anti-tracking measures (e.g. disable cookies) unworkable for most users.
the directive is not stupid, it's their implementation of it that is stupid, and actually not in compliance
the GDPR is clear: the user needs to be able to reject tracking, the tracking must be opt-in, and unless it's necessary to providing the service, rejection of it must not cause the service access to be denied
but of course the markedroids need the graphs to masturbate over so they are trying out how far they can push and get away with
""We value your privacy blabla". Bollocks, no you don't.
Of course they value your privacy. They value it at the level of access (or not) they will give to their site if you don't pay them with your valuable privacy. This is why they use the word "value" instead of "respect".
GDPR is a cookie own-goal
I don't agree. It's more like those sites have overtly exposed themselves to Darwinism. That is, when I find sites that do this, I block the site entirely, as it is not a site I wish to visit. The site doing this is doing me a service by making it blatantly obvious that it is a shite site I want nothing to do with. If enough people follow suit, the site will either change its practices, or shut down.
> the governments supposedly fighting the good fight against excess stalking of netizens
Sorry? Government are fond of surveillance. They love being able to keep tabs on those unruly great unwashed, so don't expect too much enthusiasm.
.
> it has been stuck in discussions between member states for more than a year, and privacy activists fear it is being watered down
Of course it is. A tool is a tool, and who will complain if adtech spends money developing it, if you can afterwards use it as you please for weeding out people you don't like, like political adversaries terrorists and perverts.
I take this as proof that those who legislate should not try to control the situation. They, and those associated with them, tend not to have much clue, they only make things worse. For those, who are concerned enough to act, I see their their jobs as letting us do our own filtering, to eliminate the unwanted surveillance.
Me I want to tell sites (in the request) what surveillance I will or won't accept so they can just do it without annoying me. In the process I want to know what surveillance they would otherwise try, that way I'm able to switch them off, in my DNS, even if they do the right thing when asked.
It's not hard, it's not rocket science, it's all doable. DNT failed because there are too many scum, if something like that were legislated it would do a better job.
Would help avoid things like:
1. Those dumb cookie warning idiocies.
2. GDPR legislation that has made surveillance arguably worse by strengthening the hands of Google and Facebook.
3. Things like all these clueless government web sites would be more of a non-issue, if you could skewer the surveillance.
4. If you look at the medical government web sites, they may be auctioning off selected searches, different in each country. This would stop that, for those who took the time AND show visitors which ones are corrupt.
One of the issues is that is so difficult nowadays to keep systems safe and private. Just off the top of my head - antivirus / antimalware, ad blocker, 'privacy' browser and search engine, secure email, VPN...
It's a lot to keep on top of even for an IT pro let alone for a layperson. And many of the vendors I've tried have multiple seperate products that they keep trying to cross-sell / push on you and / or highlight 'threats' that can be solved by said product upgrades.
I currently use a combination of Proton Mail / VPN, Brave (on mobile) and Firefox + Adblock (desktop), Duckduckgo search and malwarebytes... I wish there were a cleaner / simpler combination of effective tools. Suggestions?
I've had increasing concerns over Ghostery over the last few months - since it started 'asking' me to get the paid-for version, i've nuked it from a low orbit on several devices.
I do find that the paid-for AdGuard works well on mobile devices though, despite being UK based, I bought heavily discounted licences from an American site - makeuseof.com. There is some duplication of filters with uBlock Origin though, removing some of the larger lists in uBlock speeds up the first page load time no end!
"JavaScript is essential for the correct operation of this static page site"
That of course supposes you even get this message. Some sites present a blank page if scripting is turned off, but many just fail to respond to clicks on apparent links and buttons.
We should loudly point out to those enamoured of JS that it's for years been the primary vector for data breaches triggered via the browser and for illict trawling and snooping.
We should loudly point out to those enamoured of JS that it's for years been the primary vector for data breaches triggered via the browser and for illict trawling and snooping.
Also that JavaScript should be used to enhance a website and not to pointlessly recreate standard HTML+CSS and then wonder why everything goes to shit across different browsers, spectacularly fails legal accessibility requirements and has appalling SEO. All this is easily fixable by employing competent developers who know the difference between browsers and desktop applications, understand that there are many (better) ways than "the microsoft way" and that following every fad JS library is not a good idea. Unfortunately 99% of developers that I now see have no concept that a web application is different to a desktop application and are unable to understand the value in simplicity rather than recreating standard interfaces, badly, in JavaScript.
/rant
I have a Linux VM for that which gets deleted and restored from a read-only copy once used.
It also uses a VPN for all outbound traffic. Amazon for some strange reason seem to think that my system is in [somewhere a long way from where I really am located]
Obviously that all changes when I log in but there is nothing there for their bots to hoover up when I do decide to buy some [redacted] [redcated] from their mega tat store.
Using amazon like going into Currys/{whatever they are called this week} is a last resort for me these days.
Posting AC naturally.
Beyond words. Beyond contempt.
I've thought for some time that the final link in the chain that enslaves us will be our private-commercial digital self being linked to our official digial selves which we are forced to maintain by the state (via tax etc.). Corporate bizgov will be our feudal overlords.
I don't bother with links to the local papers now... they are 99% advertising, full of all the usual pseudo-article lies (X in your ares found this in their basement, and so on), utterly intrusive and then started relying on JS overlays for intrusive gateways to access the poor quality, if vaguely relevant, content.
Seriously people, anybody who runs a script blocker can see this things popping up everywhere. Your outsourced company pay and benefits website: found. Your outsourced time logging site: found. Your outsourced IT ticket site: found (and being used to generate pretty graphics that do nothing to improve the service). Your outsourced job-training and personal development site: found (useless graphics come with the territory there. No use complaining).
Google might as well have two seats on the board of every company in the US.
The past 12 months, we've seen a big increase of tracking and targeting by IP address instead of browser. So in a multi-device, multi-person household you get targeting 'leaking' between the devices, some of which are locked down and some which are generally open to being tracked. For instance if my daughter browses for jewellery that then seems to result in ads and recommendations appearing on other devices in feeds and suggestions. It also seems there might be some leakage from neighbours - things they are interested in that we're not - based on location.
The risk is that if Google or other tracking company monitors say visits to family planning sites, or health advice sites, or unemployment advice, the system could easily leak this information inadvertently to family or neighbours simplying by displaying the wrong ad to the wrong person.