or Connect
AppleInsider › Forums › Software › Mac Software › Google, Facebook working to undermine Do Not Track privacy protections
New Posts  All Forums:Forum Nav:

Google, Facebook working to undermine Do Not Track privacy protections - Page 7

post #241 of 265
Quote:
Originally Posted by Tallest Skil View Post

I already said that's not possible.

At the very least, it is possible to globally disable all cookies for all web sites. If cookies are globally disabled, then tracking cookies (of which Google's IFrame hack is just one example) would also be disabled, despite all Google's protestations to the contrary.

Your web browsing experience will be severely compromised, but it is most definitely possible.

If you really wanted to take it to the extreme, you could take one of the open-source web browsers, and expunge all the code relating to inserting cookie data in the headers of outgoing HTTP requests. Having done that, you'd end up with a web browser that was literally incapable of satisfying Google's attempts to send you any tracking cookies.
post #242 of 265
Quote:
Originally Posted by lfmorrison View Post

At the very least, it is possible to globally disable all cookies for all web sites. If cookies are globally disabled, then tracking cookies (of which Google's IFrame hack is just one example) would also be disabled, despite all Google's protestations to the contrary.

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.

Quote:
Having done that, you'd end up with a web browser that was literally incapable of satisfying Google's attempts to send you any tracking cookies.

So why doesn't everyone (browser makers, that is) just do this as part of the process that happens when we set our settings for browsers?

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #243 of 265
Quote:
Originally Posted by Tallest Skil View Post

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.



So why doesn't everyone (browser makers, that is) just do this as part of the process that happens when we set our settings for browsers?

I don't believe any of the browser developers would want that, Apple included. They all find value in placing cookies and doing away with them altogether isn't going to happen until they have something at least as effective to replace them with.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #244 of 265
Quote:
Originally Posted by Gatorguy View Post

I don't believe any of the browser developers would want that, Apple included. They all find value in placing cookies and doing away with them altogether isn't going to happen until they have something at least as effective to replace them with.

As an alternative, then, how about we (as users) get to tell the browser from what sites and what sources we take cookies, and then NOTHING ELSE gets through?

"I want all cookies from Apple to get through. I want all cookies from www._____.com, www._____.com, www._____.com, www._____.com, www._____.net, www._____.net, www._____.com, www._____.org, and www._____.org to get through. BLOCK EVERYTHING ELSE."

And the browser's all, "Sure thing, Jethro," and does it.

A cookie whitelist, not blacklist. Since the latter has been proven to be breakable.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #245 of 265
Quote:
Originally Posted by Tallest Skil View Post

As an alternative, then, how about we (as users) get to tell the browser from what sites and what sources we take cookies, and then NOTHING ELSE gets through?

"I want all cookies from Apple to get through. I want all cookies from www._____.com, www._____.com, www._____.com, www._____.com, www._____.net, www._____.net, www._____.com, www._____.org, and www._____.org to get through. BLOCK EVERYTHING ELSE."

And the browser's all, "Sure thing, Jethro," and does it.

A cookie whitelist, not blacklist. Since the latter has been proven to be breakable.

I think the white list concept would be a great idea actually.

The state is nothing more than a criminal gang writ large.

Reply

The state is nothing more than a criminal gang writ large.

Reply
post #246 of 265
Quote:
Originally Posted by Tallest Skil View Post

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.

Trivially solved:

edit /etc/hosts to include:

Quote:
127.0.0.1 www.google-analytics.com
127.0.0.1 ssl.google-analytics.com

you could also add things like:

Quote:
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 pagead.googlesyndication.com

and

Quote:
127.0.0.1 .doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad-g.doubleclick.net
127.0.0.1 fls.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 ad-emea.doubleclick.net
127.0.0.1 cm.g.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net

how do you find these things? Little Snitch makes it easy.

Of course it's a pain to do this on an individual basis, site by site, but you're guaranteed nothing will come to your machine from the given sites.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #247 of 265
Quote:
Originally Posted by Blah64 View Post

Trivially solved:

edit /etc/hosts to include:



you could also add things like:



and



how do you find these things? Little Snitch makes it easy.

Of course it's a pain to do this on an individual basis, site by site, but you're guaranteed nothing will come to your machine from the given sites.

What do Facebook cookies appear like? Is Facebook always part of the string? Any others that are commonly seen but perhaps not understood to be tracking cookies by most users?

Very helpful post BTW. Thanks
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #248 of 265
WIth adblock plus, Firefox, and a couple other addons (to kill flash cookies), you can be about as anonymous as possible and still have great functionality. If you want to go to the next level, set up or use various anonymous proxies to route all your traffic, or something like the the Tor project stuff.
post #249 of 265
Quote:
Originally Posted by jragosta View Post

I have a better idea.

There's a "do not call" registry that you can sign up for which bans telemarketers from calling you. I'd favor the same thing for the Internet. If you sign up for the registry and install a token on your computer, they're not allowed to track you AT ALL.

If only that would work. The Do Not Call list is a joke and is widely disregarded. Even if you sign up for an unlisted number...I just got interrupted typing this by a lawn care service trolling for business on our unlisted private brand new number. There will always be places on the Internet where you can look up new phone numbers, hell, those get called MORE. The DNC list is a crock as cable phone service is EXEMPT from that law...nice loophole. Also, there are always people willing to call anyway on the DNC list, they will simply say they are doing a 'survey'.
I would pay DOUBLE to have the ability to stop all commercial calls except those I specifically pre-approve

Then there are the robocalls that go to nothing nowhere, in the middle of the night so you can't even sleep. You can't get through to buy what they are selling let alone complain, it's just mindless. I think those come from people who pay a lot of money to go to a seminar, set up the equipment and expect the money to come rolling in. They only get stopped when somebody gets mad enough to physically track them down and have a lawyer and a federal agency shut them down.

Yep, we are getting rid of all land lines now. As you can guess, the phone that prevents sleep is the phone I don't want.

The Internet will just sit there collecting reams of data on every one of us. God only knows what particular constellation of traits will become 'undesirable' due to crackpot political movements and whom among us will be put on a 'special watch' list and hope to hell its only a list and not an actual roundup of 'bad people' some day.

That said, I ain't got time to worry about far fetched things like that.

It just oughta be a democratic principle, that's all.
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
post #250 of 265
Quote:
Originally Posted by Tallest Skil View Post

I still receive calls and I've been on the list for years. There also needs to be a Do Not Text list. I get spam texts all the time. I don't have a texting plan. This trash costs me money.

They'll still track us. Unless browsers are built specifically with this in mind or with Little Snitch-esque functionality built in to show us what's happening and allow us to choose on our own, they will always be able to track us.



I realize this isn't exactly what we're talking about, but it's close.



Doesn't stop Google.



Didn't stop them from circumventing with iFrames.

Same here, we pay per SMS message. I looked up 'spam text' under my phone provider. They say to check the texts for 'opt out' links and use them. If that doesn't work, you can 'reply' on the iPhone by hitting the 'edit' button, which allows you to select the message and Forward it...to a special number where it will be purged from your line. For AT&T in our area the number is 7726. They send you back a message that texter is now blocked and you won't be charged. If it is a bigger problem than that you can call them and they will set up a special pay plan that gives you more control over the problem. I haven't had to do that though.
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
post #251 of 265
Quote:
Originally Posted by Tallest Skil View Post

He's arguing the Internet is not a natural right, and legally it isn't. You can certainly live without using the Internet in any fashion whatsoever.

But that's not the point of this argument at all, so it's moot.

I'll go on record to state that i think that the Internet IS a natural right. Not having Internet connectivity in this day and age is worse than not having a phone number.

If we had a supreme court that gave a shit they would take it up and say so. The Internet has become part of our private effects and our household. Just like you can't cyberstalk or bully, neither should you be allowed to commercially harrass in an intrusive way via the net.
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
What is really factored into the price is a kind of perpetual sense of disbelief that any company could be as good as Apple is. ~Retrogusto
Reply
post #252 of 265
Quote:
Originally Posted by Gatorguy View Post

What do Facebook cookies appear like? Is Facebook always part of the string? Any others that are commonly seen but perhaps not understood to be tracking cookies by most users?

Very helpful post BTW. Thanks

Using /etc/hosts to block stuff is extremely effective, but it's not subtle. Unlike various browser plugins and such, it's all or nothing for a given host (server). It would take some care to block facebook cookies without blocking the whole site (although blocking the entire site sounds like a great idea to me). Most of the stuff I see has either 'facebook' or 'fbcdn.net' as part of the host name, but I have no idea which is site data vs. cookie or other, I just block it all.

The thing with facebook in particular is that if you don't want them to track you, you can't just block the cookies, you need to block their javascript "Like buttons" and such, that are pervasive all over the net. They might seem harmless, or even fun, but those buttons give facebook massive insights into individuals' behavior. It's literally facebook's code running on your computer, sending data back to their servers for each and every page you load on every site that has a Like button.

As for using /etc/hosts, personally, I like to use Little Snitch to see what all is coming from certain sites and then only throw individual /etc/hosts roadblocks for the most obnoxious stuff that I know I'll never, ever want to load.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #253 of 265
Quote:
Originally Posted by Blah64 View Post

Using /etc/hosts to block stuff is extremely effective, but it's not subtle. Unlike various browser plugins and such, it's all or nothing for a given host (server). It would take some care to block facebook cookies without blocking the whole site (although blocking the entire site sounds like a great idea to me). Most of the stuff I see has either 'facebook' or 'fbcdn.net' as part of the host name, but I have no idea which is site data vs. cookie or other, I just block it all.

The thing with facebook in particular is that if you don't want them to track you, you can't just block the cookies, you need to block their javascript "Like buttons" and such, that are pervasive all over the net. They might seem harmless, or even fun, but those buttons give facebook massive insights into individuals' behavior. It's literally facebook's code running on your computer, sending data back to their servers for each and every page you load on every site that has a Like button.

As for using /etc/hosts, personally, I like to use Little Snitch to see what all is coming from certain sites and then only throw individual /etc/hosts roadblocks for the most obnoxious stuff that I know I'll never, ever want to load.

So then a Safari user trying to keep from being tracked by turning off cookies might keep Google themselves out of the picture, but Facebook may still be tracking them with javascript? Geesh. . .
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #254 of 265
Quote:
Originally Posted by Gatorguy View Post

Don't bother. He's proven to me to be dishonest and will probably continue to accuse you of being paid to post here no matter what you say.

He asked me point blank last year if I worked for Google. I told him no, and not for the first time either, and even went so far as to tell him I served as a moderator at three other sites and what I did for a living (Note: He's not willing to do the same). Did that stop him from continuing to claim I worked for Google? Of course not so I gave up responding to him months ago as it serves no purpose. You should do the same.

IMO he's a one trick pony when it comes to disputing what you might write. He won't argue that I'm wrong but instead claim that I have an advantage over him since I'm paid to do it. So ignore him. Otherwise the thread gets derailed by personal problems rather than holding intelligent discussion/disagreements on real issues.

Oh, Gatorguy, do we really need to review the number of times you've been caught twisting or misrepresenting the facts, and outright lying? I gave up trying to keep you on the straight and narrow long ago, you're just too prolific in your fictions for me to keep up with you.

But, it's still fun to watch you do your PR job here. The way you always try to misdirect the conversation when it's bad news for Google, your little link posts that you hope no one will actually read because they don't really address the issue, or my favorite, the hit and run, where you post some bullshit and then pull the old, "I was just putting it out there for discussion" routine when you get called on it.

So, no, maybe you aren't technically employed by Google, but it's pretty clear to everyone here that you are a PR hack who's job it is to spin what you can in their favor and throw mud on everyone else when you can't.

Now, about that privacy thing, sorry guys, there's just no way to spin that in Google's favor, they are Big Brother on the Internet, they are an unethical and criminal enterprise, and there's just no way around that
post #255 of 265
Quote:
Originally Posted by Gatorguy View Post

So then a Safari user trying to keep from being tracked by turning off cookies might keep Google themselves out of the picture, but Facebook may still be tracking them with javascript? Geesh. . .

Absolutely. But it's not just facebook. Facebook may be the "evilest" of the lot, but Google is by far the scariest. The same process is happening with google tools as well, i.e. every site you see with a Google+ button is loading Google's javascript code onto your computer which sends information back to Google.

The difference is Google has LOTS of these things, and the list is growing all the time.
- google analytics
- adsense/adwords
- embedded google maps
- hosted "include files", such as jquery, jqueryui, etc.

This last category is perhaps the most insidious. People are just minding their own business, loading various web sites, but the sites, under the guise of saving a few cents of bandwidth, are pulling the code from google's servers, thus google gains even more insights into people's behavior, likes, dislikes, etc.

It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #256 of 265
Quote:
Originally Posted by Blah64 View Post

It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.

This is why I don't use my real name or any personal data on Facebook or Twitter. Plus there is a certain somebody (stalker) who would be on me like sauerkraut on a Bavarian's lederhosen if I used my real info.
post #257 of 265
Quote:
Originally Posted by Blah64 View Post

Absolutely. But it's not just facebook. Facebook may be the "evilest" of the lot, but Google is by far the scariest. The same process is happening with google tools as well, i.e. every site you see with a Google+ button is loading Google's javascript code onto your computer which sends information back to Google.

The difference is Google has LOTS of these things, and the list is growing all the time.
- google analytics
- adsense/adwords
- embedded google maps
- hosted "include files", such as jquery, jqueryui, etc.

This last category is perhaps the most insidious. People are just minding their own business, loading various web sites, but the sites, under the guise of saving a few cents of bandwidth, are pulling the code from google's servers, thus google gains even more insights into people's behavior, likes, dislikes, etc.

It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.

So then cookies are just the most obvious way website visits are recorded or data gathered but far from the biggest issue. Java code, where the links are served from, individual websites requirements for them to display properly, and "other" are pretty much impossible to avoid if you use the internet no matter what browser settings you use. Certainly an eye-opener! Thanks for the very informative posts.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #258 of 265
Quote:
Originally Posted by Gatorguy View Post

So then cookies are just the most obvious way website visits are recorded or data gathered but far from the biggest issue. Java code, where the links are served from, individual websites requirements for them to display properly, and "other" are pretty much impossible to avoid if you use the internet no matter what browser settings you use. Certainly an eye-opener! Thanks for the very informative posts.

You're certainly welcome. Most times it feels like no one is listening. The people who care about such things continue to care and those who don't, don't.

My main goal is to disseminate information so people can make educated decisions about their privacy (or at least understand that they are actually making decisions about their privacy!) when using any kind of online tools, from web to mobile apps to email.

Don't even get me started on mobile apps!

As for the "pretty much impossible to avoid", I'm not sure it's quite that bad, but it's certainly more effort than most people are going to make. There's relatively easy stuff, like refusing all cookies except when you're signing into a service that requires one, or using DNT+/Ghostery-type tools. The next level is Little Snitch, which is incredibly enlightening; everyone should install this for the free one-month trial. Then there's /etc/hosts and other more technical tools that I rely on personally. But probably the biggest thing is simply user behavior. What kind of things people write on their blogs, post on facebook, or even send in email. The scary thing about "free" email is that every single word people type in their gmail is saved forever, and helps google (or yahoo or microsoft or whoever) profile individuals in incredible detail.

Sigh. I'll quit now.
No Matte == No Sale :-(
Reply
No Matte == No Sale :-(
Reply
post #259 of 265
Quote:
Originally Posted by Tallest Skil View Post

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.

Tested using Safari 5.1.5 on Windows XP. I can confirm your results, just from visiting Apple's own homepage, and from visiting www.google.com.

For comparison, in Firefox 3.6.28, with "Accept Cookies From Sites" turned off, I can confirm that NO cookies are added when I visit the same small subset of sites.

This appears to be a straightforward case of a bug in Safari.
post #260 of 265
Quote:
Originally Posted by lfmorrison View Post

Tested using Safari 5.1.5 on Windows XP. I can confirm your results, just from visiting Apple's own homepage, and from visiting www.google.com.

For comparison, in Firefox 3.6.28, with "Accept Cookies From Sites" turned off, I can confirm that NO cookies are added when I visit the same small subset of sites.

This appears to be a straightforward case of a bug in Safari.

To be clear you're saying that Apple themselves served up a cookie when visiting Apple's site and using Safari with cookie's turned off?
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #261 of 265
Quote:
Originally Posted by Gatorguy View Post

To be clear you're saying that Apple themselves served up a cookie when visiting Apple's site and using Safari with cookie's turned off?

Ironically enough, yes that's exactly what I'm saying.
post #262 of 265
Quote:
Originally Posted by lfmorrison View Post

Ironically enough, yes that's exactly what I'm saying.

If Apple isn't respecting their own users requests that cookies be blocked I would think you must be correct and it's a Safari bug unless Apple has some reason to ignore user's browser settings.

Or perhaps Apple never intended for Safari to block any cookies from Apple, just everyone else and that's the source of the workaround (and maybe the reason a patch hasn't yet been promised or offered). Strange indeed.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #263 of 265
Quote:
Originally Posted by MJ1970 View Post

It is an action you can take.

You want to leverage all of the free resources that are being provided but want to give nothing in return. That's fine, but then you ought to do the work. Block cookies. Setup your browser to not send anything out. It can be done.

1st of all, If I have to give something in return then it is not "free".

It seems to me that Google, and others, have commercialised the Internet so that it is no longer free in the way that it once was. We have become inured to this to such an extent that those like yourself now believe that to want it any other way is unreasonable. It is true that Google doesn't charge users for services such as Gmail but it does serve ads to users based on its 'bots reading of the emails it delivers. To my mind this is just as much "requiring payment" as TV advertisers who sponsor TV shows inserting ads in breaks. We do not have to read the ads, or click on them, but then neither do we have to sit through TV ads these days.

Google is an all pervading presence on the web today. Your insistence that those of us who don't like this should "stop using Google sites" is a little disingenuous. Of course using Google sites - as in those owned by Google - like Picasa, Youtube etc. - is inviting Google onto your computer. However, it is not possible to traverse the web in any way that could be considered "freely" without accessing sites that are not openly owned/influenced/sponsored/paid by Google. From each of those sites Google will harvest information about my browsing habits, my computer type, my location etc. if I do not go to considerable lengths to obfuscate these details. Putting this onus on me, to hide my behaviour, is relieving me of some level of freedom. To pretend otherwise is being a stranger to the truth.

I use Gmail and consider the tradeoff in being presented with ads as reasonable in the same way I sometimes watch commercial TV. I have never considered this as taking advantage of Google nor do I view it as free. There are more ways to pay than with mammon.
post #264 of 265
Quote:
Originally Posted by Grouty2 View Post

1st of all, If I have to give something in return then it is not "free".

It seems to me that Google, and others, have commercialised the Internet so that it is no longer free in the way that it once was. We have become inured to this to such an extent that those like yourself now believe that to want it any other way is unreasonable. It is true that Google doesn't charge users for services such as Gmail but it does serve ads to users based on its 'bots reading of the emails it delivers. To my mind this is just as much "requiring payment" as TV advertisers who sponsor TV shows inserting ads in breaks. We do not have to read the ads, or click on them, but then neither do we have to sit through TV ads these days.

Google is an all pervading presence on the web today. Your insistence that those of us who don't like this should "stop using Google sites" is a little disingenuous. Of course using Google sites - as in those owned by Google - like Picasa, Youtube etc. - is inviting Google onto your computer. However, it is not possible to traverse the web in any way that could be considered "freely" without accessing sites that are not openly owned/influenced/sponsored/paid by Google. From each of those sites Google will harvest information about my browsing habits, my computer type, my location etc. if I do not go to considerable lengths to obfuscate these details. Putting this onus on me, to hide my behaviour, is relieving me of some level of freedom. To pretend otherwise is being a stranger to the truth.

I use Gmail and consider the tradeoff in being presented with ads as reasonable in the same way I sometimes watch commercial TV. I have never considered this as taking advantage of Google nor do I view it as free. There are more ways to pay than with mammon.

Then this one should bother you even more: It seems nearly every site I visit (I use FireFox as my browser) wants to offer up Facebook cookies/code, a service I don't use at all and thus derive zero benefit from. What does Facebook do with details it harvests from my web travels since I'm not a Facebook member?

At least Google can make the argument, true or not, they need something from me to offer better search results or in return for Gmail or Google Docs, Google Maps or Google Reader or whatever. What is Facebooks explanation and what are they offering me? Why do they need to know anything about me??
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #265 of 265
Quote:
Originally Posted by zeromeus View Post

Thank goodness for FireFox.

Google Analytics and a whole bunch of other advertisement scripts are being blocked by the NO SCRIPT add on!

Many many thanks for the mention of No Scripts. The program's default is to distrust all Facebook scripts (the developer is apparently pretty smart), and the control it offers in allowing others, temp or permanent, blocking or adding to the global distrust, customizing website permissions, and letting me know just what scripts are attempting to run is wonderful.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Google, Facebook working to undermine Do Not Track privacy protections