Google, Facebook working to undermine Do Not Track privacy protections - Page 7

Originally Posted by Tallest Skil

I already said that's not possible.

Originally Posted by lfmorrison

At the very least, it is possible to globally disable all cookies for all web sites. If cookies are globally disabled, then tracking cookies (of which Google's IFrame hack is just one example) would also be disabled, despite all Google's protestations to the contrary.

Having done that, you'd end up with a web browser that was literally incapable of satisfying Google's attempts to send you any tracking cookies.

Originally Posted by Tallest Skil

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.



So why doesn't everyone (browser makers, that is) just do this as part of the process that happens when we set our settings for browsers?

Originally Posted by Gatorguy

I don't believe any of the browser developers would want that, Apple included. They all find value in placing cookies and doing away with them altogether isn't going to happen until they have something at least as effective to replace them with.

Originally Posted by Tallest Skil

As an alternative, then, how about we (as users) get to tell the browser from what sites and what sources we take cookies, and then NOTHING ELSE gets through?

"I want all cookies from Apple to get through. I want all cookies from www._____.com, www._____.com, www._____.com, www._____.com, www._____.net, www._____.net, www._____.com, www._____.org, and www._____.org to get through. BLOCK EVERYTHING ELSE."

And the browser's all, "Sure thing, Jethro," and does it.

A cookie whitelist, not blacklist. Since the latter has been proven to be breakable.

Originally Posted by Tallest Skil

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.

127.0.0.1 www.google-analytics.com
127.0.0.1 ssl.google-analytics.com

127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 pagead.googlesyndication.com

127.0.0.1 .doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad-g.doubleclick.net
127.0.0.1 fls.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 ad-emea.doubleclick.net
127.0.0.1 cm.g.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net

Originally Posted by Blah64

Trivially solved:

edit /etc/hosts to include:



you could also add things like:



and



how do you find these things? Little Snitch makes it easy.

Of course it's a pain to do this on an individual basis, site by site, but you're guaranteed nothing will come to your machine from the given sites.

Originally Posted by jragosta

I have a better idea.

There's a "do not call" registry that you can sign up for which bans telemarketers from calling you. I'd favor the same thing for the Internet. If you sign up for the registry and install a token on your computer, they're not allowed to track you AT ALL.

Originally Posted by Tallest Skil

I still receive calls and I've been on the list for years. There also needs to be a Do Not Text list. I get spam texts all the time. I don't have a texting plan. This trash costs me money.

They'll still track us. Unless browsers are built specifically with this in mind or with Little Snitch-esque functionality built in to show us what's happening and allow us to choose on our own, they will always be able to track us.



I realize this isn't exactly what we're talking about, but it's close.



Doesn't stop Google.



Didn't stop them from circumventing with iFrames.

Originally Posted by Tallest Skil

He's arguing the Internet is not a natural right, and legally it isn't. You can certainly live without using the Internet in any fashion whatsoever.

But that's not the point of this argument at all, so it's moot.

Originally Posted by Gatorguy

What do Facebook cookies appear like? Is Facebook always part of the string? Any others that are commonly seen but perhaps not understood to be tracking cookies by most users?

Very helpful post BTW. Thanks

Originally Posted by Blah64

Using /etc/hosts to block stuff is extremely effective, but it's not subtle. Unlike various browser plugins and such, it's all or nothing for a given host (server). It would take some care to block facebook cookies without blocking the whole site (although blocking the entire site sounds like a great idea to me). Most of the stuff I see has either 'facebook' or 'fbcdn.net' as part of the host name, but I have no idea which is site data vs. cookie or other, I just block it all.

The thing with facebook in particular is that if you don't want them to track you, you can't just block the cookies, you need to block their javascript "Like buttons" and such, that are pervasive all over the net. They might seem harmless, or even fun, but those buttons give facebook massive insights into individuals' behavior. It's literally facebook's code running on your computer, sending data back to their servers for each and every page you load on every site that has a Like button.

As for using /etc/hosts, personally, I like to use Little Snitch to see what all is coming from certain sites and then only throw individual /etc/hosts roadblocks for the most obnoxious stuff that I know I'll never, ever want to load.

Originally Posted by Gatorguy

Don't bother. He's proven to me to be dishonest and will probably continue to accuse you of being paid to post here no matter what you say.

He asked me point blank last year if I worked for Google. I told him no, and not for the first time either, and even went so far as to tell him I served as a moderator at three other sites and what I did for a living (Note: He's not willing to do the same). Did that stop him from continuing to claim I worked for Google? Of course not so I gave up responding to him months ago as it serves no purpose. You should do the same.

IMO he's a one trick pony when it comes to disputing what you might write. He won't argue that I'm wrong but instead claim that I have an advantage over him since I'm paid to do it. So ignore him. Otherwise the thread gets derailed by personal problems rather than holding intelligent discussion/disagreements on real issues.

Originally Posted by Gatorguy

So then a Safari user trying to keep from being tracked by turning off cookies might keep Google themselves out of the picture, but Facebook may still be tracking them with javascript? Geesh. . .

Originally Posted by Blah64

It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.

Originally Posted by Blah64

Absolutely. But it's not just facebook. Facebook may be the "evilest" of the lot, but Google is by far the scariest. The same process is happening with google tools as well, i.e. every site you see with a Google+ button is loading Google's javascript code onto your computer which sends information back to Google.

The difference is Google has LOTS of these things, and the list is growing all the time.
- google analytics
- adsense/adwords
- embedded google maps
- hosted "include files", such as jquery, jqueryui, etc.

This last category is perhaps the most insidious. People are just minding their own business, loading various web sites, but the sites, under the guise of saving a few cents of bandwidth, are pulling the code from google's servers, thus google gains even more insights into people's behavior, likes, dislikes, etc.

It's gone far beyond people knowingly sharing personal information in exchange for services. This is non-transparent stuff that most people just have no clue about.

Originally Posted by Gatorguy

So then cookies are just the most obvious way website visits are recorded or data gathered but far from the biggest issue. Java code, where the links are served from, individual websites requirements for them to display properly, and "other" are pretty much impossible to avoid if you use the internet no matter what browser settings you use. Certainly an eye-opener! Thanks for the very informative posts.

Originally Posted by Tallest Skil

I've just had a google-analytics.com cookie be added to my cookie list.

I have "Always" selected under blocking.

Originally Posted by lfmorrison

Tested using Safari 5.1.5 on Windows XP. I can confirm your results, just from visiting Apple's own homepage, and from visiting www.google.com.

For comparison, in Firefox 3.6.28, with "Accept Cookies From Sites" turned off, I can confirm that NO cookies are added when I visit the same small subset of sites.

This appears to be a straightforward case of a bug in Safari.

Originally Posted by Gatorguy

To be clear you're saying that Apple themselves served up a cookie when visiting Apple's site and using Safari with cookie's turned off?

Originally Posted by lfmorrison

Ironically enough, yes that's exactly what I'm saying.

Originally Posted by MJ1970

It is an action you can take.

You want to leverage all of the free resources that are being provided but want to give nothing in return. That's fine, but then you ought to do the work. Block cookies. Setup your browser to not send anything out. It can be done.

Originally Posted by Grouty2

1st of all, If I have to give something in return then it is not "free".

It seems to me that Google, and others, have commercialised the Internet so that it is no longer free in the way that it once was. We have become inured to this to such an extent that those like yourself now believe that to want it any other way is unreasonable. It is true that Google doesn't charge users for services such as Gmail but it does serve ads to users based on its 'bots reading of the emails it delivers. To my mind this is just as much "requiring payment" as TV advertisers who sponsor TV shows inserting ads in breaks. We do not have to read the ads, or click on them, but then neither do we have to sit through TV ads these days.

Google is an all pervading presence on the web today. Your insistence that those of us who don't like this should "stop using Google sites" is a little disingenuous. Of course using Google sites - as in those owned by Google - like Picasa, Youtube etc. - is inviting Google onto your computer. However, it is not possible to traverse the web in any way that could be considered "freely" without accessing sites that are not openly owned/influenced/sponsored/paid by Google. From each of those sites Google will harvest information about my browsing habits, my computer type, my location etc. if I do not go to considerable lengths to obfuscate these details. Putting this onus on me, to hide my behaviour, is relieving me of some level of freedom. To pretend otherwise is being a stranger to the truth.

I use Gmail and consider the tradeoff in being presented with ads as reasonable in the same way I sometimes watch commercial TV. I have never considered this as taking advantage of Google nor do I view it as free. There are more ways to pay than with mammon.

Originally Posted by zeromeus

Thank goodness for FireFox.

Google Analytics and a whole bunch of other advertisement scripts are being blocked by the NO SCRIPT add on!