Google, Facebook working to undermine Do Not Track privacy protections

189101113

Comments

  • Reply 241 of 264
    tallest skiltallest skil Posts: 43,388member
    Quote:
    Originally Posted by lfmorrison View Post


    At the very least, it is possible to globally disable all cookies for all web sites. If cookies are globally disabled, then tracking cookies (of which Google's IFrame hack is just one example) would also be disabled, despite all Google's protestations to the contrary.



    I've just had a google-analytics.com cookie be added to my cookie list.



    I have "Always" selected under blocking.



    Quote:

    Having done that, you'd end up with a web browser that was literally incapable of satisfying Google's attempts to send you any tracking cookies.



    So why doesn't everyone (browser makers, that is) just do this as part of the process that happens when we set our settings for browsers?
  • Reply 242 of 264
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by Tallest Skil View Post


    I've just had a google-analytics.com cookie be added to my cookie list.



    I have "Always" selected under blocking.







    So why doesn't everyone (browser makers, that is) just do this as part of the process that happens when we set our settings for browsers?



    I don't believe any of the browser developers would want that, Apple included. They all find value in placing cookies and doing away with them altogether isn't going to happen until they have something at least as effective to replace them with.
  • Reply 243 of 264
    tallest skiltallest skil Posts: 43,388member
    Quote:
    Originally Posted by Gatorguy View Post


    I don't believe any of the browser developers would want that, Apple included. They all find value in placing cookies and doing away with them altogether isn't going to happen until they have something at least as effective to replace them with.



    As an alternative, then, how about we (as users) get to tell the browser from what sites and what sources we take cookies, and then NOTHING ELSE gets through?



    "I want all cookies from Apple to get through. I want all cookies from www._____.com, www._____.com, www._____.com, www._____.com, www._____.net, www._____.net, www._____.com, www._____.org, and www._____.org to get through. BLOCK EVERYTHING ELSE."



    And the browser's all, "Sure thing, Jethro," and does it.



    A cookie whitelist, not blacklist. Since the latter has been proven to be breakable.
  • Reply 244 of 264
    mj1970mj1970 Posts: 9,002member
    Quote:
    Originally Posted by Tallest Skil View Post


    As an alternative, then, how about we (as users) get to tell the browser from what sites and what sources we take cookies, and then NOTHING ELSE gets through?



    "I want all cookies from Apple to get through. I want all cookies from www._____.com, www._____.com, www._____.com, www._____.com, www._____.net, www._____.net, www._____.com, www._____.org, and www._____.org to get through. BLOCK EVERYTHING ELSE."



    And the browser's all, "Sure thing, Jethro," and does it.



    A cookie whitelist, not blacklist. Since the latter has been proven to be breakable.



    I think the white list concept would be a great idea actually.
  • Reply 245 of 264
    blah64blah64 Posts: 993member
    Quote:
    Originally Posted by Tallest Skil View Post


    I've just had a google-analytics.com cookie be added to my cookie list.



    I have "Always" selected under blocking.



    Trivially solved:



    edit /etc/hosts to include:



    Quote:

    127.0.0.1 www.google-analytics.com

    127.0.0.1 ssl.google-analytics.com



    you could also add things like:



    Quote:

    127.0.0.1 googleads.g.doubleclick.net

    127.0.0.1 pagead2.googlesyndication.com

    127.0.0.1 pagead.googlesyndication.com



    and



    Quote:

    127.0.0.1 .doubleclick.net

    127.0.0.1 doubleclick.net

    127.0.0.1 ad.doubleclick.net

    127.0.0.1 ad-g.doubleclick.net

    127.0.0.1 fls.doubleclick.net

    127.0.0.1 pubads.g.doubleclick.net

    127.0.0.1 ad-emea.doubleclick.net

    127.0.0.1 cm.g.doubleclick.net

    127.0.0.1 ad.uk.doubleclick.net



    how do you find these things? Little Snitch makes it easy.



    Of course it's a pain to do this on an individual basis, site by site, but you're guaranteed nothing will come to your machine from the given sites.
  • Reply 246 of 264
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by Blah64 View Post


    Trivially solved:



    edit /etc/hosts to include:







    you could also add things like:







    and







    how do you find these things? Little Snitch makes it easy.



    Of course it's a pain to do this on an individual basis, site by site, but you're guaranteed nothing will come to your machine from the given sites.



    What do Facebook cookies appear like? Is Facebook always part of the string? Any others that are commonly seen but perhaps not understood to be tracking cookies by most users?



    Very helpful post BTW. Thanks
  • Reply 247 of 264
    bongobongo Posts: 158member
    WIth adblock plus, Firefox, and a couple other addons (to kill flash cookies), you can be about as anonymous as possible and still have great functionality. If you want to go to the next level, set up or use various anonymous proxies to route all your traffic, or something like the the Tor project stuff.
  • Reply 248 of 264
    palominepalomine Posts: 362member
    Quote:
    Originally Posted by jragosta View Post


    I have a better idea.



    There's a "do not call" registry that you can sign up for which bans telemarketers from calling you. I'd favor the same thing for the Internet. If you sign up for the registry and install a token on your computer, they're not allowed to track you AT ALL.



    If only that would work. The Do Not Call list is a joke and is widely disregarded. Even if you sign up for an unlisted number...I just got interrupted typing this by a lawn care service trolling for business on our unlisted private brand new number. There will always be places on the Internet where you can look up new phone numbers, hell, those get called MORE. The DNC list is a crock as cable phone service is EXEMPT from that law...nice loophole. Also, there are always people willing to call anyway on the DNC list, they will simply say they are doing a 'survey'.

    I would pay DOUBLE to have the ability to stop all commercial calls except those I specifically pre-approve



    Then there are the robocalls that go to nothing nowhere, in the middle of the night so you can't even sleep. You can't get through to buy what they are selling let alone complain, it's just mindless. I think those come from people who pay a lot of money to go to a seminar, set up the equipment and expect the money to come rolling in. They only get stopped when somebody gets mad enough to physically track them down and have a lawyer and a federal agency shut them down.



    Yep, we are getting rid of all land lines now. As you can guess, the phone that prevents sleep is the phone I don't want.



    The Internet will just sit there collecting reams of data on every one of us. God only knows what particular constellation of traits will become 'undesirable' due to crackpot political movements and whom among us will be put on a 'special watch' list and hope to hell its only a list and not an actual roundup of 'bad people' some day.



    That said, I ain't got time to worry about far fetched things like that.



    It just oughta be a democratic principle, that's all.
  • Reply 249 of 264
    palominepalomine Posts: 362member
    Quote:
    Originally Posted by Tallest Skil View Post


    I still receive calls and I've been on the list for years. There also needs to be a Do Not Text list. I get spam texts all the time. I don't have a texting plan. This trash costs me money.



    They'll still track us. Unless browsers are built specifically with this in mind or with Little Snitch-esque functionality built in to show us what's happening and allow us to choose on our own, they will always be able to track us.







    I realize this isn't exactly what we're talking about, but it's close.







    Doesn't stop Google.







    Didn't stop them from circumventing with iFrames.



    Same here, we pay per SMS message. I looked up 'spam text' under my phone provider. They say to check the texts for 'opt out' links and use them. If that doesn't work, you can 'reply' on the iPhone by hitting the 'edit' button, which allows you to select the message and Forward it...to a special number where it will be purged from your line. For AT&T in our area the number is 7726. They send you back a message that texter is now blocked and you won't be charged. If it is a bigger problem than that you can call them and they will set up a special pay plan that gives you more control over the problem. I haven't had to do that though.
  • Reply 250 of 264
    palominepalomine Posts: 362member
    Quote:
    Originally Posted by Tallest Skil View Post


    He's arguing the Internet is not a natural right, and legally it isn't. You can certainly live without using the Internet in any fashion whatsoever.



    But that's not the point of this argument at all, so it's moot.



    I'll go on record to state that i think that the Internet IS a natural right. Not having Internet connectivity in this day and age is worse than not having a phone number.



    If we had a supreme court that gave a shit they would take it up and say so. The Internet has become part of our private effects and our household. Just like you can't cyberstalk or bully, neither should you be allowed to commercially harrass in an intrusive way via the net.
  • Reply 251 of 264
    blah64blah64 Posts: 993member
    Quote:
    Originally Posted by Gatorguy View Post


    What do Facebook cookies appear like? Is Facebook always part of the string? Any others that are commonly seen but perhaps not understood to be tracking cookies by most users?



    Very helpful post BTW. Thanks



    Using /etc/hosts to block stuff is extremely effective, but it's not subtle. Unlike various browser plugins and such, it's all or nothing for a given host (server). It would take some care to block facebook cookies without blocking the whole site (although blocking the entire site sounds like a great idea to me). Most of the stuff I see has either 'facebook' or 'fbcdn.net' as part of the host name, but I have no idea which is site data vs. cookie or other, I just block it all.



    The thing with facebook in particular is that if you don't want them to track you, you can't just block the cookies, you need to block their javascript "Like buttons" and such, that are pervasive all over the net. They might seem harmless, or even fun, but those buttons give facebook massive insights into individuals' behavior. It's literally facebook's code running on your computer, sending data back to their servers for each and every page you load on every site that has a Like button.



    As for using /etc/hosts, personally, I like to use Little Snitch to see what all is coming from certain sites and then only throw individual /etc/hosts roadblocks for the most obnoxious stuff that I know I'll never, ever want to load.
  • Reply 252 of 264
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by Blah64 View Post


    Using /etc/hosts to block stuff is extremely effective, but it's not subtle. Unlike various browser plugins and such, it's all or nothing for a given host (server). It would take some care to block facebook cookies without blocking the whole site (although blocking the entire site sounds like a great idea to me). Most of the stuff I see has either 'facebook' or 'fbcdn.net' as part of the host name, but I have no idea which is site data vs. cookie or other, I just block it all.



    The thing with facebook in particular is that if you don't want them to track you, you can't just block the cookies, you need to block their javascript "Like buttons" and such, that are pervasive all over the net. They might seem harmless, or even fun, but those buttons give facebook massive insights into individuals' behavior. It's literally facebook's code running on your computer, sending data back to their servers for each and every page you load on every site that has a Like button.



    As for using /etc/hosts, personally, I like to use Little Snitch to see what all is coming from certain sites and then only throw individual /etc/hosts roadblocks for the most obnoxious stuff that I know I'll never, ever want to load.



    So then a Safari user trying to keep from being tracked by turning off cookies might keep Google themselves out of the picture, but Facebook may still be tracking them with javascript? Geesh. . .
  • Reply 253 of 264
    anonymouseanonymouse Posts: 6,857member
    Quote:
    Originally Posted by Gatorguy View Post


    Don't bother. He's proven to me to be dishonest and will probably continue to accuse you of being paid to post here no matter what you say.



    He asked me point blank last year if I worked for Google. I told him no, and not for the first time either, and even went so far as to tell him I served as a moderator at three other sites and what I did for a living (Note: He's not willing to do the same). Did that stop him from continuing to claim I worked for Google? Of course not so I gave up responding to him months ago as it serves no purpose. You should do the same.



    IMO he's a one trick pony when it comes to disputing what you might write. He won't argue that I'm wrong but instead claim that I have an advantage over him since I'm paid to do it. So ignore him. Otherwise the thread gets derailed by personal problems rather than holding intelligent discussion/disagreements on real issues.



    Oh, Gatorguy, do we really need to review the number of times you've been caught twisting or misrepresenting the facts, and outright lying? I gave up trying to keep you on the straight and narrow long ago, you're just too prolific in your fictions for me to keep up with you.



    But, it's still fun to watch you do your PR job here. The way you always try to misdirect the conversation when it's bad news for Google, your little link posts that you hope no one will actually read because they don't really address the issue, or my favorite, the hit and run, where you post some bullshit and then pull the old, "I was just putting it out there for discussion" routine when you get called on it.



    So, no, maybe you aren't technically employed by Google, but it's pretty clear to everyone here that you are a PR hack who's job it is to spin what you can in their favor and throw mud on everyone else when you can't.



    Now, about that privacy thing, sorry guys, there's just no way to spin that in Google's favor, they are Big Brother on the Internet, they are an unethical and criminal enterprise, and there's just no way around that
  • Reply 254 of 264
    blah64blah64 Posts: 993member
    Quote:
    Originally Posted by Gatorguy View Post


    So then a Safari user trying to keep from being tracked by turning off cookies might keep Google themselves out of the picture, but Facebook may still be tracking them with javascript? Geesh. . .



    Absolutely. But it's not just facebook. Facebook may be the "evilest" of the lot, but Google is by far the scariest. The same process is happening with google tools as well, i.e. every site you see with a Google+ button is loading Google's javascript code onto your computer which sends information back to Google.



    The difference is Google has LOTS of these things, and the list is growing all the time.

    - google analytics

    - adsense/adwords

    - embedded google maps

    - hosted "include files", such as jquery, jqueryui, etc.



    This last category is perhaps the most insidious. People are just minding their own business, loading various web sites, but the sites, under the guise of saving a few cents of bandwidth, are pulling the code from google's servers, thus google gains even more insights into people's behavior, likes, dislikes, etc.



    It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.
  • Reply 255 of 264
    welshdogwelshdog Posts: 1,897member
    Quote:
    Originally Posted by Blah64 View Post


    It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.



    This is why I don't use my real name or any personal data on Facebook or Twitter. Plus there is a certain somebody (stalker) who would be on me like sauerkraut on a Bavarian's lederhosen if I used my real info.
  • Reply 256 of 264
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by Blah64 View Post


    Absolutely. But it's not just facebook. Facebook may be the "evilest" of the lot, but Google is by far the scariest. The same process is happening with google tools as well, i.e. every site you see with a Google+ button is loading Google's javascript code onto your computer which sends information back to Google.



    The difference is Google has LOTS of these things, and the list is growing all the time.

    - google analytics

    - adsense/adwords

    - embedded google maps

    - hosted "include files", such as jquery, jqueryui, etc.



    This last category is perhaps the most insidious. People are just minding their own business, loading various web sites, but the sites, under the guise of saving a few cents of bandwidth, are pulling the code from google's servers, thus google gains even more insights into people's behavior, likes, dislikes, etc.



    It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.



    So then cookies are just the most obvious way website visits are recorded or data gathered but far from the biggest issue. Java code, where the links are served from, individual websites requirements for them to display properly, and "other" are pretty much impossible to avoid if you use the internet no matter what browser settings you use. Certainly an eye-opener! Thanks for the very informative posts.
  • Reply 257 of 264
    blah64blah64 Posts: 993member
    Quote:
    Originally Posted by Gatorguy View Post


    So then cookies are just the most obvious way website visits are recorded or data gathered but far from the biggest issue. Java code, where the links are served from, individual websites requirements for them to display properly, and "other" are pretty much impossible to avoid if you use the internet no matter what browser settings you use. Certainly an eye-opener! Thanks for the very informative posts.



    You're certainly welcome. Most times it feels like no one is listening. The people who care about such things continue to care and those who don't, don't.



    My main goal is to disseminate information so people can make educated decisions about their privacy (or at least understand that they are actually making decisions about their privacy!) when using any kind of online tools, from web to mobile apps to email.



    Don't even get me started on mobile apps!



    As for the "pretty much impossible to avoid", I'm not sure it's quite that bad, but it's certainly more effort than most people are going to make. There's relatively easy stuff, like refusing all cookies except when you're signing into a service that requires one, or using DNT+/Ghostery-type tools. The next level is Little Snitch, which is incredibly enlightening; everyone should install this for the free one-month trial. Then there's /etc/hosts and other more technical tools that I rely on personally. But probably the biggest thing is simply user behavior. What kind of things people write on their blogs, post on facebook, or even send in email. The scary thing about "free" email is that every single word people type in their gmail is saved forever, and helps google (or yahoo or microsoft or whoever) profile individuals in incredible detail.



    Sigh. I'll quit now.
  • Reply 258 of 264
    lfmorrisonlfmorrison Posts: 698member
    Quote:
    Originally Posted by Tallest Skil View Post


    I've just had a google-analytics.com cookie be added to my cookie list.



    I have "Always" selected under blocking.



    Tested using Safari 5.1.5 on Windows XP. I can confirm your results, just from visiting Apple's own homepage, and from visiting www.google.com.



    For comparison, in Firefox 3.6.28, with "Accept Cookies From Sites" turned off, I can confirm that NO cookies are added when I visit the same small subset of sites.



    This appears to be a straightforward case of a bug in Safari.
  • Reply 259 of 264
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by lfmorrison View Post


    Tested using Safari 5.1.5 on Windows XP. I can confirm your results, just from visiting Apple's own homepage, and from visiting www.google.com.



    For comparison, in Firefox 3.6.28, with "Accept Cookies From Sites" turned off, I can confirm that NO cookies are added when I visit the same small subset of sites.



    This appears to be a straightforward case of a bug in Safari.



    To be clear you're saying that Apple themselves served up a cookie when visiting Apple's site and using Safari with cookie's turned off?
  • Reply 260 of 264
    lfmorrisonlfmorrison Posts: 698member
    Quote:
    Originally Posted by Gatorguy View Post


    To be clear you're saying that Apple themselves served up a cookie when visiting Apple's site and using Safari with cookie's turned off?



    Ironically enough, yes that's exactly what I'm saying.
Sign In or Register to comment.