Brave browser first to nix CNAME deception, the sneaky DNS trick used by marketers to duck privacy controls The Brave web browser will soon block CNAME cloaking, a technique used by online marketers to defy privacy controls designed to prevent the use of third-party cookies. The browser security model makes a distinction between first-party domains – those being visited – and third-party domains – from the suppliers of things like …
Brave rewords users who accept adverts. I find this disturbing because it implies users can be bribed to watch/interact with potentially harmful influence bodies . Well at least it will put a hole in Googles bucket of cash and start spreading it around.
Brave rewords users who accept adverts. I find this disturbing ...
But at least when you turn 'rewards' off, it stays off when the browser gets upgraded. This is unlike the so-called "privacy protection features" provided by certain other browsers where the privacy protection controls just get more carefully hidden and reset to default values which, oddly enough, always seem to be 'protection disabled', by the next release.
Must be lazy programmers: surely no company would ever think of doing that reset deliberately. .
Why not show the same ad to everyone, like in the dead-tree newspaper days.
YouTubers for example make way more money from sponsorships than they do from Adsense. Picking a one size fits all ad that they think is relevant and interesting to their viewers seems to work a lot better than all this AI stuff.
funny that. The few ads that I see are ALL for things I was looking for. I had one from Amazon today that was trying to sell me a travel guide for somewhere I visited in 2014 and given the current situation, it will be highly unlikely that I'll be even thinking of going back before 2024.
Anyway, who wants the 2014 version of a travel guide?
First party ads, no tracking. Simple.
I'm happy for an ad to be shown to me, based on the site I am visiting.
I am totally against people tracking me from site to site and building a (faulty) profile about me. Let the site I'm visiting handle the showing of the ad.
“ Now if Apple only provided a way to specify a default browser”
Brave should prompt you about the new iOS 14 feature that lets you set a default browser.
If not it’s in settings.
I don’t use brave as I don’t like the rewards feature.
If they did a paid for version I may reconsider
Not forced to use Rewards but obviously rewards must track you to earn rewards.
Believe what you want. But if rewards is not built into the browser then it shouldn’t track you, if rewards is built in, even if turned off, you can be tracked by brave.
I have a choice to use brave or not. I chose to not use it.
I switched to Brave on all my Androids as Firefox sort of broke their GUI. I switched long ago on 64 bit Linux from Firefox to Waterfox due to stupid changes. I use Classic Theme restorer to make the Waterfox GUI sane, but I think Firefox disabled that and lots of other stuff which is why I switched to Waterfox. Still using uMatrix for blocking scripts, though I used to use NoScript.
I used Brave on Win 10 and found that their file chooser locked up file explorer when selecting images to upload.
This was pretty nasty an unless you already had a command window open, so you could restart explorer.exe, or else the machine locked up and you had to reboot.
I went to the trouble of filing a bug through their arcane bug system (which won't accept bugs unless you use Brave to file them - which when your machine is locking up with Brave, is pretty difficult (so I filed another bug for that too)).
The upshot? Brave ignored the bugs for a month then automatically closed them.
So I went back to Chrome, which uses more memory, but at least it's stable.
APNIC performed a comparison of the main browsers with and without the main ad blockers in August 2020. Looks like I'll be switching from Ghostery to uBlock Origin. Full report at end of article.
https://blog.apnic.net/2020/08/04/characterizing-cname-cloaking-based-tracking/
IMHO I believe that if a user has gone out of their way to adjust the settings of their web browser to limit tracking then anything that tries to circumvent the users settings should be considered unlawful under the Computer Misuse ACT and offenders fined and or even face criminal prosecution on repeated offenses.
for some reason Content securtiy policies aren't cutting it
there should be a part of the page that lists the cdns, alternate domains, that host the actual content of the site, so you can automagically allow just those connections for a specific page, I hate having to unblock <RandomString>.$CDN.com and about six variants of the hosting company, 3 more of the site owner and some random js library, just to get the page to actually load.
/me goes to write a web crawler and build a browser extension .....
All they need to do is change the CNAME to an A.
Ultimately, it's the site owner that determines whether a site is part of his domain or not.
Possibly breaking legitimate CNAME usage with a dodgy bandaid fix is counterproductive.
If you want to block 3rd party cookies, you need to block all cookies from a different *site* not just a different domain (that would also get rid of the need for that database of which top level domains give public domains at the second level, and which at the third etc. - a noble project, but the fact it's needed is a big hack)
Why would someone be using a CNAME to disguise third-party content as first-party? Answer: Because they know people object to third-party content. It's straight-up deception; trying to sneak in the back door because you correctly guessed you would not be welcome via the front door.
Instead of just passively blocking third-party content, it's time browser manufacturers started taking a harder line; for instance, returning altered cookies to poison the trackers and invalidate what they are collecting.
If you are going to play silly buggers, don't take on an Olympic medallist.
The CNAME would have to be created within the original first site domain, so this means that domain administrators from the first site would have to be complicit. As such, we should treat the first site as a malicious actor and not worry about putting the burden on web browsers to "uncloak" CNAMES, I would think ....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
