Brave takes the spring out of creepy bounce tracking Browser maker Brave has developed a new way to ground "bounce tracking," a sneaky technique for bypassing privacy defenses in order to track people across different websites. Bounce tracking, also known as redirect tracking, dates back at least to 2014 when ad companies were looking for ways to avoid third-party cookie …
Brave is working toward a future where web users' activities don't have to be remembered.
It is sad that this is needed. The spirit of GDPR is that all users should be in control of their data and must give informed permission before second and third parties are allowed to handle direct/indirect PI data (and not even getting into the problem of shadow profiles). So, yes, it is sad that we need technological measures to create more privacy.
We should consider a reverse burden of proof for websites when they employ any form of tracker technology on their website(s). They should be the ones to proof that your data is not being used for anything else than explicitly advertised.
I agree. Its unfortunate that the spirit of GDPR was side-lined in the implementation. Whilst I am normally against legislative solutions, I think the time has come to just out-right ban tracking that uses 3rd parties.
The desperation to make an extra few pennies out of us is sickening and advertising is the scourge of the internet
Whilst I completely agree with you that the onus should be on the firms to justify why they need third party tracking (in truth 99.99999% dont!), but the Problem is Enforcement.
There is basically no government department with the resources to go visiting every company behind every website and demanding to know why they are using third party tracking. Even a scatter gun approach of just approaching those that are most complained about, would be completely ineffective. Big firms would just consider it a cost of doing business to make the fines go away (whilst they continued with the tracking), and only the small guys would get hit.
A law that's not enforced properly may as well not exist...
Say I'm using Firefox with NoScript.
Problem solved.
Or say that I'm blocking info.tracker's IP address at the firewall.
Problem solved again.
But I'm happy that there are people who are thinking about the deep mechanics of ad tracking. The more ways we have to block that, the better.
Hard blocking all connection attempts or cookie setting doesn't always work. As you get redirected (bounced) to the tracker site, which then redirects back to the site you are trying to access, a hard block just means that you get a browser failure message when it can't load the tracker site, and you never get the site you wanted.
Likewise, hard blocking cookies from the bounce tracker site can lead to you being constantly bounced between the site you want and the tracker site (site you want checks if third party tracker cookie exists, finds it doesn't and redirects to the tracker site, which tries and fails to set a first party cookie, before redirecting back the the site you want, which checks to see if the third party tracking cookie is there, finds it isn't and redirects you to the tracking site...) so you just get nothing happening in your browser for a few seconds, followed by a browser "too many redirects" failure message.
If you've ever struggled to load a site as your browser just gives you a "too many redirects" error, and you use some sort of ad or cookie blocking tool this is likely what's happening behind the scenes.
You've missed the point here - if you've got Adblock, they decide to redirect you to get your data. If you've blocked the tracker's IP in your firewall, your browsing session will come to a dead stop, due to the redirection target being unreachable.
This workaround instead permits the redirect to the tracker, but expunges the data as son as the redirect is complete, so your browsing session can continue as normal.
Better with Firefox and self destructing cookies that are set to expire after around 20 seconds (unless a whitelisted site). That way stuff can load, they can think they're tracking you, and the garbage will be nuked in short order.
Firefox's is not quite the same as what brave are doing, its subtly similar yes. Mozilla implemented protection from middle men drive by cookies so they did it to prevent you picking up a pervert cookie en route so to speak.
Brave's method is whereby you land on the site you want to browse and the tracker JavaScript then does things in order to inject pervert cookie after the browser done its blocking, assuming I've understood correctly.
The next thing on the list for Firefox and Brave developers perhaps even ublock origin and ghostery devs too is to prevent sites breaking when sites are using javascript tracking/telemetry events which breaks the site when whichever tracker is blocked.
Well, the advertising industry is clearly mass producing fairy dust zero going by the sort of turnover and profits that keep getting mentioned.
Since they're using other people's electricity and bandwidth, I think a tax of, oh I don't know sixty percent? Yeah, tax them sixty percent of their turnover (not profit, that can be creatively made near zero) and use that money for all the green schemes out there.
Let's have advertising fund something useful...
Rather than delete the cookies replacing them with junk would be better. Even if your browser and mine deletes cookies most people's won't so their cookies will still be seen and have value*. Poison the cookie well and let it be known it's poisoned and all cookies are devalued.
* As priced up by those selling the data and perceived by those buying it.
Poisoned cookies may very well be a good way to destroy effective commercial tracking. We need to add as much noise as possible. Swamp them with junk.
Imagine that privacy badger hooks into the requests and every tracking cookie gets different content. Different every time a request is made. Should be fun to have _ga cookies to start filling the database with just junk. A new ID for every request.
This is actually a good idea as an additional add-on. I'd install it for poisoning all those sites that are not blocked by default.
@AC "What am I missing?"
Bounce tracking makes the tracking cookies first party.
From article:-
"Say a website embeds a third-party script from info.tracker. When the website is visited, the third-party script tries to read third-party cookies from info.tracker that have been stored in the visitor's browser.
If it can't – because third-party cookies are blocked – the script redirects to the info.tracker domain by writing a new URL to the browser's window.location object or via some link hijacking method like injecting an info.tracker iframe into the original website.
Doing so puts info.tracker into a first-party context, enabling it to set tracking cookies."
I get how the initial cookie is set, but it continues to say:
"Info.tracker then redirects back to the original website URL and info.tracker cookies can then be read in third-party contexts"
This implies to me that once the info.tracker has set it's cookie the browser then allows it to continue to use cookies as a third party, so it does the first-part bounce, and from then on, 3rd party cookies work.
Is this not the case? If not, then they'd have to "bounce" for every update!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
