Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
What private data is Firefox allowing Google to have in Google scripts?
272 views
Skip to first unread message
Ann Dunham
Jan 24, 2017, 8:47:41 AM1/24/17
to mozilla-sup...@lists.mozilla.org
On Mon, 23 Jan 2017 20:32:09 -0600, in mozilla.support.firefox Paul in
Houston, TX wrote:
> Some pages work with FF and some don't.
> Never took time to analyze any source codes.
> That particular page has 5998 lines of code,
> including a lot of JS and Google tracking.
> Notice that Printfriendly did not get all of it.
On the topic of data mining, what kind of data do such web pages mine?
http://forums.mtbr.com/california-norcal
I know about panopticlick, so if that's the data that they are mining, then
that's the simple answer to the question (eg browser fingerprint, fonts
installed, screen size, etc).
But you also mentioned "Google Tracking", which is different, isn't it?
What specifically are they tracking by Google (especially if we're not
logged into Google at the time that we visit their web page)?
Here's a specific web page but I suspect any page on the site tracks the
same stuff (whatever it is that is being tracked of our privacy).
http://forums.mtbr.com/california-norcal/i-keep-thinking-about-all-blow-downs-1032803.html
Is there anything "private" that they're tracking?
What data should we be worried about that is accessed by such sites?
Houston, TX wrote:
> Some pages work with FF and some don't.
> Never took time to analyze any source codes.
> That particular page has 5998 lines of code,
> including a lot of JS and Google tracking.
> Notice that Printfriendly did not get all of it.
On the topic of data mining, what kind of data do such web pages mine?
http://forums.mtbr.com/california-norcal
I know about panopticlick, so if that's the data that they are mining, then
that's the simple answer to the question (eg browser fingerprint, fonts
installed, screen size, etc).
But you also mentioned "Google Tracking", which is different, isn't it?
What specifically are they tracking by Google (especially if we're not
logged into Google at the time that we visit their web page)?
Here's a specific web page but I suspect any page on the site tracks the
same stuff (whatever it is that is being tracked of our privacy).
http://forums.mtbr.com/california-norcal/i-keep-thinking-about-all-blow-downs-1032803.html
Is there anything "private" that they're tracking?
What data should we be worried about that is accessed by such sites?
Mayayana
Jan 24, 2017, 10:43:34 AM1/24/17
to mozilla-sup...@lists.mozilla.org
"Ann Dunham" <AnnDunh...@spammenot.gmail.com> wrote
| I know about panopticlick, so if that's the data that they are mining,
then
| that's the simple answer to the question (eg browser fingerprint, fonts
| installed, screen size, etc).
|
......
Someome wanted to know about Firefox private browsing
mode. I haven't used it, but from the description it appears
to be ahead of its time in terms of protecting privacy.
The data collected is not so much in the details as in
the handling. Disparate facts can be tied together in
ways that didn't used to be possible. Google is only the
biggest and most obvious dataminer. They have a number
of techniques. The 3 major ones are 1) Google/Doubleclick
ads, which appear on many major sites, 2) Google search
and 3) freebies they give away to webmasters. Google
analytics code, Google fonts, Google javascript libraries....
The majority of websites now use at least one of those.
That means that Google can follow you around online even
if you never use any of their products. The power of that
is not in the tracking but in the organizing and analysis. They
can combine their data, and share data with others, to know
just about everything you do online.
A dramatic example of that was shown when AOL released
search data for research purposes and it was quickly shown to
enable identification of individuals:
https://web.archive.org/web/20060811124534/http://www.nwfdailynews.com/articleArchive/aug2006/googlecont.php
(I didn't post the original link because it seems to be gone and
the page they gave me is broken without javascript. It also
contains lots of references to Google, Chartbeat, Doubleclick,
etc.)
Here's another good example of how information can be
assembled and analyzed with computers in ways that didn't used
to be possible. It's about a 16-year-old girl who Target knew
was pregnant before her parents did:
https://web.archive.org/web/20120216215914/http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
(This is also an archive.org link. Forbes no longer allows any
viewing of their site at all unless you allow their script,
spying and ads.)
There's lots to learn if you want to protect privacy. If
that makes you groan, you could do worse than to use
Firefox private browsing mode. Details here:
https://support.mozilla.org/en-US/kb/tracking-protection-pbm
| I know about panopticlick, so if that's the data that they are mining,
then
| that's the simple answer to the question (eg browser fingerprint, fonts
| installed, screen size, etc).
|
| But you also mentioned "Google Tracking", which is different, isn't it?
......
| Is there anything "private" that they're tracking?
| What data should we be worried about that is accessed by such sites?
A similar question was asked yesterday in the Win7 group.
| What data should we be worried about that is accessed by such sites?
Someome wanted to know about Firefox private browsing
mode. I haven't used it, but from the description it appears
to be ahead of its time in terms of protecting privacy.
The data collected is not so much in the details as in
the handling. Disparate facts can be tied together in
ways that didn't used to be possible. Google is only the
biggest and most obvious dataminer. They have a number
of techniques. The 3 major ones are 1) Google/Doubleclick
ads, which appear on many major sites, 2) Google search
and 3) freebies they give away to webmasters. Google
analytics code, Google fonts, Google javascript libraries....
The majority of websites now use at least one of those.
That means that Google can follow you around online even
if you never use any of their products. The power of that
is not in the tracking but in the organizing and analysis. They
can combine their data, and share data with others, to know
just about everything you do online.
A dramatic example of that was shown when AOL released
search data for research purposes and it was quickly shown to
enable identification of individuals:
https://web.archive.org/web/20060811124534/http://www.nwfdailynews.com/articleArchive/aug2006/googlecont.php
(I didn't post the original link because it seems to be gone and
the page they gave me is broken without javascript. It also
contains lots of references to Google, Chartbeat, Doubleclick,
etc.)
Here's another good example of how information can be
assembled and analyzed with computers in ways that didn't used
to be possible. It's about a 16-year-old girl who Target knew
was pregnant before her parents did:
https://web.archive.org/web/20120216215914/http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
(This is also an archive.org link. Forbes no longer allows any
viewing of their site at all unless you allow their script,
spying and ads.)
There's lots to learn if you want to protect privacy. If
that makes you groan, you could do worse than to use
Firefox private browsing mode. Details here:
https://support.mozilla.org/en-US/kb/tracking-protection-pbm
Ann Dunham
Jan 24, 2017, 1:07:12 PM1/24/17
to mozilla-sup...@lists.mozilla.org
Mayayana replied:
> There's lots to learn if you want to protect privacy. If
> that makes you groan, you could do worse than to use
> Firefox private browsing mode. Details here:
>
> https://support.mozilla.org/en-US/kb/tracking-protection-pbm
But does all that tracking work if you have Firefox set to never remember
anything, including cookies? And if you're not logged into anything (like
Google)?
The data mining sites have your IP address of course.
And the panopticlick-style fingerprint, for sure.
But other than that obvious stuff, what else can they possibly data mine if
you always close firefox before going to their script-filled web site?
> There's lots to learn if you want to protect privacy. If
> that makes you groan, you could do worse than to use
> Firefox private browsing mode. Details here:
>
> https://support.mozilla.org/en-US/kb/tracking-protection-pbm
anything, including cookies? And if you're not logged into anything (like
Google)?
The data mining sites have your IP address of course.
And the panopticlick-style fingerprint, for sure.
But other than that obvious stuff, what else can they possibly data mine if
you always close firefox before going to their script-filled web site?
Mayayana
Jan 24, 2017, 2:06:02 PM1/24/17
to mozilla-sup...@lists.mozilla.org
"Ann Dunham" <AnnDunh...@spammenot.gmail.com> wrote
| > https://support.mozilla.org/en-US/kb/tracking-protection-pbm
|
| But does all that tracking work if you have Firefox set to never remember
| anything, including cookies? And if you're not logged into anything (like
| Google)?
|
If you read the page about tracking protection you'll
see some info. You can be tracked with web bugs, which
are basically fake images. Most commercial sites will
have code from one or more trackers that uses javascript
if you enable it and feeds you a web bug if you don't.
Unless you block 3rd-party images you're affected by
that.
| The data mining sites have your IP address of course.
| And the panopticlick-style fingerprint, for sure.
|
Your IP address is like your license plate. It doesn't
say for certain who's driving the car, but along with
other data they can pretty much guess.
If you try the Panopticlick site with script disabled
you'll see that a great deal of the tracking requires
javascript.
It might be tempting to say that all this obscure tracking
stuff is farfetched; that surely they can't be going to
such great lengths. But it's not great lengths. With
computer databases and computer analytics, tracking
you, even with convoluted methods, is effortless.
| But other than that obvious stuff, what else can they possibly data mine
if
| you always close firefox before going to their script-filled web site?
I don't know what you mean by closing Firefox.
Maybe that you've set cookies and history cache
to be deleted at close? That certainly helps. Private
browsing should help more. But....
You don't seem to have really read my post.
fonts.googleapis.com? google-analytics.com? Have
you blocked those in your HOSTS file? Do you block
Google script libraries? How about *.1e100.*,
*.doubleclick.*, *.gstatic.*, googleadservices.com,
googletagmanager.com....? If you don't block those
and more then Google is tracking you at nearly every
site you visit. And that's just Google! Probably
Facebook, too:
http://www.cbc.ca/news/technology/facebook-tracking-of-online-activity-breaches-eu-law-report-says-1.3019435 You can't assume that you've stopped it by deletingcookies. That was tracking in the 90s. Their entire business is dedicated to figuring out whoyou are when you arrive and showing you ads. Did youknow that Google was caught collecting data fromunprotected wifi connections in their streetview carsand then lied about doing it? Who might have guessedthat? Evan Akamai, which sells bandwidth to bigcompanies, now spies and sells the data. You mightgo to Microsoft.com and have the whole thing routedthrough Akamai. That's pretty much impossible to stopbecause adding Akamai to your HOSTS file won't blockthem. You're never actually visiting Akamai, even thoughyou may have 3 windows open that are all connecting toAkamai. That's not even getting into plugins or the problemof phone security. Or tricks like putting hidden links ona page and telling whether you've visited those
sites bythe color of the links. (Which can be checked via script.) So yes, they can still track you. But if you don'twant to research all of that for yourself then FFprivate browsing is a good bet. You might also trythe Secret Agent extension. But be aware that ifyou enable script you're really a sitting duck. Siteswith script enabled, especially these days, are likerunning unknown software on your computer. Pageswith script can be far more functional and intrusivethan those without it.
| > https://support.mozilla.org/en-US/kb/tracking-protection-pbm
|
| But does all that tracking work if you have Firefox set to never remember
| anything, including cookies? And if you're not logged into anything (like
| Google)?
|
see some info. You can be tracked with web bugs, which
are basically fake images. Most commercial sites will
have code from one or more trackers that uses javascript
if you enable it and feeds you a web bug if you don't.
Unless you block 3rd-party images you're affected by
that.
| The data mining sites have your IP address of course.
| And the panopticlick-style fingerprint, for sure.
|
say for certain who's driving the car, but along with
other data they can pretty much guess.
If you try the Panopticlick site with script disabled
you'll see that a great deal of the tracking requires
javascript.
It might be tempting to say that all this obscure tracking
stuff is farfetched; that surely they can't be going to
such great lengths. But it's not great lengths. With
computer databases and computer analytics, tracking
you, even with convoluted methods, is effortless.
| But other than that obvious stuff, what else can they possibly data mine
if
| you always close firefox before going to their script-filled web site?
Maybe that you've set cookies and history cache
to be deleted at close? That certainly helps. Private
browsing should help more. But....
You don't seem to have really read my post.
fonts.googleapis.com? google-analytics.com? Have
you blocked those in your HOSTS file? Do you block
Google script libraries? How about *.1e100.*,
*.doubleclick.*, *.gstatic.*, googleadservices.com,
googletagmanager.com....? If you don't block those
and more then Google is tracking you at nearly every
site you visit. And that's just Google! Probably
Facebook, too:
http://www.cbc.ca/news/technology/facebook-tracking-of-online-activity-breaches-eu-law-report-says-1.3019435 You can't assume that you've stopped it by deletingcookies. That was tracking in the 90s. Their entire business is dedicated to figuring out whoyou are when you arrive and showing you ads. Did youknow that Google was caught collecting data fromunprotected wifi connections in their streetview carsand then lied about doing it? Who might have guessedthat? Evan Akamai, which sells bandwidth to bigcompanies, now spies and sells the data. You mightgo to Microsoft.com and have the whole thing routedthrough Akamai. That's pretty much impossible to stopbecause adding Akamai to your HOSTS file won't blockthem. You're never actually visiting Akamai, even thoughyou may have 3 windows open that are all connecting toAkamai. That's not even getting into plugins or the problemof phone security. Or tricks like putting hidden links ona page and telling whether you've visited those
sites bythe color of the links. (Which can be checked via script.) So yes, they can still track you. But if you don'twant to research all of that for yourself then FFprivate browsing is a good bet. You might also trythe Secret Agent extension. But be aware that ifyou enable script you're really a sitting duck. Siteswith script enabled, especially these days, are likerunning unknown software on your computer. Pageswith script can be far more functional and intrusivethan those without it.
Ann Dunham
Jan 24, 2017, 5:12:07 PM1/24/17
to mozilla-sup...@lists.mozilla.org
Mayayana replied:
> I don't know what you mean by closing Firefox.
> Maybe that you've set cookies and history cache
> to be deleted at close? That certainly helps. Private
> browsing should help more. But....
>
> You don't seem to have really read my post.
> fonts.googleapis.com? google-analytics.com? Have
> you blocked those in your HOSTS file? Do you block
> Google script libraries? How about *.1e100.*,
> *.doubleclick.*, *.gstatic.*, googleadservices.com,
> googletagmanager.com....? If you don't block those
> and more then Google is tracking you at nearly every
> site you visit. And that's just Google! Probably
> Facebook, too:
>
> http://www.cbc.ca/news/technology/facebook-tracking-of-online-activity-breaches-eu-law-report-says-1.3019435 You can't assume that you've stopped it by deletingcookies. That was tracking in the 90s. Their entire business is dedicated to figuring out whoyou are when you arrive and showing you ads. Did youknow that Google was caught collecting data fromunprotected wifi connections in their streetview carsand then lied about doing it? Who might have guessedthat? Evan Akamai, which sells bandwidth to bigcompanies, now spies and sells the data. You mightgo to Microsoft.com and have the whole thing routedthrough Akamai. That's pretty much impossible to stopbecause adding Akamai to your HOSTS file won't blockthem. You're never actually visiting Akamai, even thoughyou may have 3 windows open that are all connecting toAkamai. That's not even getting into plugins or the problemof phone security. Or tricks like putting hidden links ona page and telling whether you've visited thos
e
> sites bythe color of the links. (Which can be checked via script.) So yes, they can still track you. But if you don'twant to research all of that for yourself then FFprivate browsing is a good bet. You might also trythe Secret Agent extension. But be aware that ifyou enable script you're really a sitting duck. Siteswith script enabled, especially these days, are likerunning unknown software on your computer. Pageswith script can be far more functional and intrusivethan those without it.
I did read what you wrote but I'm not sure if I understood it all.
I have Firefox set up to be as private as any human can make it based on
pure intuition. By pure intuition, I mean that I went through every setting
that is in the "Firefox: Tools > Options" menus, and set them for privacy.
It's too many settings to describe here but I set obvious thinks like:
a. When Firefox starts, show a blank page (so no phoning home)
b. Provide search suggestions is off
c. Always use private browsing mode
d. Firefox will use custom settings for history
e. Accept cookies from sites (this is a reality, unfortunately)
f. Accept third-party cookies never
g. Keep until I close Firefox
h. Clear history when Firefox closes
i. When using the location bar, suggest absolutely nothing
j. Warn me when sites try to install addons
k. Block dangerous and deceptive content is off
l. Enable Firefox Health Report is off
m. Enable Crash Reporter is off
n. Never check for updates
o. Automatic update of search engines is off
p. Query OCSP responder servers to confirm certificates is off
q. All plugins are set to "never activate" except flash
r. Flash is set to "ask to activate" (which I usually don't accept)
s. There are no extensions or services
t. Use tracking protection in private windows is turned off
u. There is no sync set up
v. I never go to any web site after logging into any other site
w. I try to change the size of the browser each time (but not always)
x. I used to use NoScript, GhostScript, etc., but it drove me nuts
y. CCleaner "Startup" is set so that nothing is enabled for the Firefox tab
z. CCleaner "Applications" are set to delete all (including Flash cookies)
What else is obvious to prevent data mining on sites such as the one we
referenced in this thread?
The hosts file is based on the MVP Hosts File (with select additions)
As you must be aware, it's not obvious how to add asterisks to the hosts
file. So adding every single *.1e100.* would be problematic.
But I do have the following key in my registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\edithosts.exe
Which points to: c:\windows\system32\drivers\etc\hosts.txt
Which, when I edit and save, I save into:
c:\windows\system32\drivers\etc\hosts
(I added the step with the *.txt file because I couldn't figure out how to
edit the HOSTS file in my preferred text editor without the txt extension.)
Searching for doubleclick, I see, for google stuff:
::1 localhost #[IPv6]
# [Google / DoubleClick][AS15169][209.85.128.0 - 209.85.255.255]
127.0.0.1 analytics-api-samples.googlecode.com #[Google Analytics social
tracking]
127.0.0.1 tpc.googlesyndication.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 google.tucows.com
127.0.0.1 fonts.googleapis.com # google adds this
127.0.0.1 googleadapis.l.google.com # google adds this
127.0.0.1 ssl.gstatic.com # google adds this
127.0.0.1 plusone.google.com # google adds this
127.0.0.1 cse.google.com # google adds thi
And for doubleclick stuff, I see:
127.0.0.1 marketing.doubleclickindustries.com
127.0.0.1 anon.doubleclick.speedera.net
127.0.0.1 dp.g.doubleclick.net
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria]
127.0.0.1 ad-g.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad.ae.doubleclick.net
127.0.0.1 ad.ar.doubleclick.net
127.0.0.1 ad.at.doubleclick.net
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.cl.doubleclick.net
127.0.0.1 ad.cn.doubleclick.net
127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie]
127.0.0.1 ad.dk.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.gr.doubleclick.net
127.0.0.1 ad.hk.doubleclick.net
127.0.0.1 ad.hr.doubleclick.net
127.0.0.1 ad.hu.doubleclick.net
127.0.0.1 ad.ie.doubleclick.net
127.0.0.1 ad.in.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.nz.doubleclick.net
127.0.0.1 ad.pl.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.ro.doubleclick.net
127.0.0.1 ad.ru.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.si.doubleclick.net
127.0.0.1 ad.terra.doubleclick.net
127.0.0.1 ad.th.doubleclick.net
127.0.0.1 ad.tw.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad.za.doubleclick.net
127.0.0.1 ad.n2434.doubleclick.net
127.0.0.1 ad-emea.doubleclick.net
127.0.0.1 creatives.doubleclick.net
127.0.0.1 dfp.doubleclick.net
127.0.0.1 feedads.g.doubleclick.net
127.0.0.1 fls.doubleclick.net
127.0.0.1 fls.uk.doubleclick.net
127.0.0.1 ir.doubleclick.net
127.0.0.1 iv.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 motifcdn.doubleclick.net
127.0.0.1 motifcdn2.doubleclick.net
127.0.0.1 n4052ad.doubleclick.net
127.0.0.1 n4403ad.doubleclick.net
127.0.0.1 n479ad.doubleclick.net
127.0.0.1 paypalssl.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 s2.video.doubleclick.net
127.0.0.1 survey.g.doubleclick.net
127.0.0.1 doubleclick.ne.jp
127.0.0.1 www3.doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 doubleclick.com
127.0.0.1 www2.doubleclick.com
127.0.0.1 www3.doubleclick.com
127.0.0.1 www.doubleclick.com
# 127.0.0.1 www.youtube-nocookie.com #[affects various videos]
# [Google / DoubleClick][AS15169][66.249.64.0 - 66.249.95.255]
127.0.0.1 ad.rs.doubleclick.net
# [Google / DoubleClick][AS15169][72.14.192.0 - 72.14.255.255]
127.0.0.1 affiliate.2mdn.net
# 127.0.0.1 s0.2mdn.net #[affects video stream]
# 127.0.0.1 static.2mdn.net #[affects Youtube]
127.0.0.1 clickserve.us2.dartsearch.net #[www3.l.google.com]
127.0.0.1 ad-apac.doubleclick.net
127.0.0.1 ad.mo.doubleclick.net
127.0.0.1 adclick.g.doubleclick.net
127.0.0.1 gan.doubleclick.net
127.0.0.1 googleads2.g.doubleclick.net
127.0.0.1 n4061ad.hk.doubleclick.net
127.0.0.1 securepubads.g.doubleclick.net
# [Google / DoubleClick][AS15169][74.125.0.0 - 74.125.255.255]
127.0.0.1 ip-geo.appspot.com
127.0.0.1 nojsstats.appspot.com
127.0.0.1 ad-ace.doubleclick.net
127.0.0.1 ad.bg.doubleclick.net
127.0.0.1 bid.g.doubleclick.net
127.0.0.1 cm.g.doubleclick.net
127.0.0.1 stats.g.doubleclick.net
127.0.0.1 fls.au.doubleclick.net
127.0.0.1 log2.quintelligence.com
# [Google / DoubleClick][AS6432][216.73.80.0 - 216.73.95.255]
127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net]
But that stuff doesn't answer my question in the least since everyone does
that simple and obvious stuff (it's all done for me in the MVP HOSTS file
for example).
My main question is that I have Firefox set to forget everything that I can
have it set to forget from the GUI. Given that, and assuming that
fingerprinting can be done (which I accept), what else can they data mine?
> I don't know what you mean by closing Firefox.
> Maybe that you've set cookies and history cache
> to be deleted at close? That certainly helps. Private
> browsing should help more. But....
>
> You don't seem to have really read my post.
> fonts.googleapis.com? google-analytics.com? Have
> you blocked those in your HOSTS file? Do you block
> Google script libraries? How about *.1e100.*,
> *.doubleclick.*, *.gstatic.*, googleadservices.com,
> googletagmanager.com....? If you don't block those
> and more then Google is tracking you at nearly every
> site you visit. And that's just Google! Probably
> Facebook, too:
>
> http://www.cbc.ca/news/technology/facebook-tracking-of-online-activity-breaches-eu-law-report-says-1.3019435 You can't assume that you've stopped it by deletingcookies. That was tracking in the 90s. Their entire business is dedicated to figuring out whoyou are when you arrive and showing you ads. Did youknow that Google was caught collecting data fromunprotected wifi connections in their streetview carsand then lied about doing it? Who might have guessedthat? Evan Akamai, which sells bandwidth to bigcompanies, now spies and sells the data. You mightgo to Microsoft.com and have the whole thing routedthrough Akamai. That's pretty much impossible to stopbecause adding Akamai to your HOSTS file won't blockthem. You're never actually visiting Akamai, even thoughyou may have 3 windows open that are all connecting toAkamai. That's not even getting into plugins or the problemof phone security. Or tricks like putting hidden links ona page and telling whether you've visited thos
e
> sites bythe color of the links. (Which can be checked via script.) So yes, they can still track you. But if you don'twant to research all of that for yourself then FFprivate browsing is a good bet. You might also trythe Secret Agent extension. But be aware that ifyou enable script you're really a sitting duck. Siteswith script enabled, especially these days, are likerunning unknown software on your computer. Pageswith script can be far more functional and intrusivethan those without it.
I have Firefox set up to be as private as any human can make it based on
pure intuition. By pure intuition, I mean that I went through every setting
that is in the "Firefox: Tools > Options" menus, and set them for privacy.
It's too many settings to describe here but I set obvious thinks like:
a. When Firefox starts, show a blank page (so no phoning home)
b. Provide search suggestions is off
c. Always use private browsing mode
d. Firefox will use custom settings for history
e. Accept cookies from sites (this is a reality, unfortunately)
f. Accept third-party cookies never
g. Keep until I close Firefox
h. Clear history when Firefox closes
i. When using the location bar, suggest absolutely nothing
j. Warn me when sites try to install addons
k. Block dangerous and deceptive content is off
l. Enable Firefox Health Report is off
m. Enable Crash Reporter is off
n. Never check for updates
o. Automatic update of search engines is off
p. Query OCSP responder servers to confirm certificates is off
q. All plugins are set to "never activate" except flash
r. Flash is set to "ask to activate" (which I usually don't accept)
s. There are no extensions or services
t. Use tracking protection in private windows is turned off
u. There is no sync set up
v. I never go to any web site after logging into any other site
w. I try to change the size of the browser each time (but not always)
x. I used to use NoScript, GhostScript, etc., but it drove me nuts
y. CCleaner "Startup" is set so that nothing is enabled for the Firefox tab
z. CCleaner "Applications" are set to delete all (including Flash cookies)
What else is obvious to prevent data mining on sites such as the one we
referenced in this thread?
The hosts file is based on the MVP Hosts File (with select additions)
As you must be aware, it's not obvious how to add asterisks to the hosts
file. So adding every single *.1e100.* would be problematic.
But I do have the following key in my registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\edithosts.exe
Which points to: c:\windows\system32\drivers\etc\hosts.txt
Which, when I edit and save, I save into:
c:\windows\system32\drivers\etc\hosts
(I added the step with the *.txt file because I couldn't figure out how to
edit the HOSTS file in my preferred text editor without the txt extension.)
Searching for doubleclick, I see, for google stuff:
::1 localhost #[IPv6]
# [Google / DoubleClick][AS15169][209.85.128.0 - 209.85.255.255]
127.0.0.1 analytics-api-samples.googlecode.com #[Google Analytics social
tracking]
127.0.0.1 tpc.googlesyndication.com
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 google.tucows.com
127.0.0.1 fonts.googleapis.com # google adds this
127.0.0.1 googleadapis.l.google.com # google adds this
127.0.0.1 ssl.gstatic.com # google adds this
127.0.0.1 plusone.google.com # google adds this
127.0.0.1 cse.google.com # google adds thi
And for doubleclick stuff, I see:
127.0.0.1 marketing.doubleclickindustries.com
127.0.0.1 anon.doubleclick.speedera.net
127.0.0.1 dp.g.doubleclick.net
127.0.0.1 googleads.g.doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria]
127.0.0.1 ad-g.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad.ae.doubleclick.net
127.0.0.1 ad.ar.doubleclick.net
127.0.0.1 ad.at.doubleclick.net
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.cl.doubleclick.net
127.0.0.1 ad.cn.doubleclick.net
127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie]
127.0.0.1 ad.dk.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.gr.doubleclick.net
127.0.0.1 ad.hk.doubleclick.net
127.0.0.1 ad.hr.doubleclick.net
127.0.0.1 ad.hu.doubleclick.net
127.0.0.1 ad.ie.doubleclick.net
127.0.0.1 ad.in.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.nz.doubleclick.net
127.0.0.1 ad.pl.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.ro.doubleclick.net
127.0.0.1 ad.ru.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.si.doubleclick.net
127.0.0.1 ad.terra.doubleclick.net
127.0.0.1 ad.th.doubleclick.net
127.0.0.1 ad.tw.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad.za.doubleclick.net
127.0.0.1 ad.n2434.doubleclick.net
127.0.0.1 ad-emea.doubleclick.net
127.0.0.1 creatives.doubleclick.net
127.0.0.1 dfp.doubleclick.net
127.0.0.1 feedads.g.doubleclick.net
127.0.0.1 fls.doubleclick.net
127.0.0.1 fls.uk.doubleclick.net
127.0.0.1 ir.doubleclick.net
127.0.0.1 iv.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 motifcdn.doubleclick.net
127.0.0.1 motifcdn2.doubleclick.net
127.0.0.1 n4052ad.doubleclick.net
127.0.0.1 n4403ad.doubleclick.net
127.0.0.1 n479ad.doubleclick.net
127.0.0.1 paypalssl.doubleclick.net
127.0.0.1 pubads.g.doubleclick.net
127.0.0.1 s2.video.doubleclick.net
127.0.0.1 survey.g.doubleclick.net
127.0.0.1 doubleclick.ne.jp
127.0.0.1 www3.doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 doubleclick.com
127.0.0.1 www2.doubleclick.com
127.0.0.1 www3.doubleclick.com
127.0.0.1 www.doubleclick.com
# 127.0.0.1 www.youtube-nocookie.com #[affects various videos]
# [Google / DoubleClick][AS15169][66.249.64.0 - 66.249.95.255]
127.0.0.1 ad.rs.doubleclick.net
# [Google / DoubleClick][AS15169][72.14.192.0 - 72.14.255.255]
127.0.0.1 affiliate.2mdn.net
# 127.0.0.1 s0.2mdn.net #[affects video stream]
# 127.0.0.1 static.2mdn.net #[affects Youtube]
127.0.0.1 clickserve.us2.dartsearch.net #[www3.l.google.com]
127.0.0.1 ad-apac.doubleclick.net
127.0.0.1 ad.mo.doubleclick.net
127.0.0.1 adclick.g.doubleclick.net
127.0.0.1 gan.doubleclick.net
127.0.0.1 googleads2.g.doubleclick.net
127.0.0.1 n4061ad.hk.doubleclick.net
127.0.0.1 securepubads.g.doubleclick.net
# [Google / DoubleClick][AS15169][74.125.0.0 - 74.125.255.255]
127.0.0.1 ip-geo.appspot.com
127.0.0.1 nojsstats.appspot.com
127.0.0.1 ad-ace.doubleclick.net
127.0.0.1 ad.bg.doubleclick.net
127.0.0.1 bid.g.doubleclick.net
127.0.0.1 cm.g.doubleclick.net
127.0.0.1 stats.g.doubleclick.net
127.0.0.1 fls.au.doubleclick.net
127.0.0.1 log2.quintelligence.com
# [Google / DoubleClick][AS6432][216.73.80.0 - 216.73.95.255]
127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net]
But that stuff doesn't answer my question in the least since everyone does
that simple and obvious stuff (it's all done for me in the MVP HOSTS file
for example).
My main question is that I have Firefox set to forget everything that I can
have it set to forget from the GUI. Given that, and assuming that
fingerprinting can be done (which I accept), what else can they data mine?
Mayayana
Jan 24, 2017, 6:01:58 PM1/24/17
to mozilla-sup...@lists.mozilla.org
"Ann Dunham" <AnnDunh...@spammenot.gmail.com> wrote
|
| What else is obvious to prevent data mining on sites such as the one we
| referenced in this thread?
|
It looks like you know what you're doing. The only
other notable thing I can think of is to stop prefetching
in about:config. I also remove most URL strings in about:
config. I disable 3rd-party images and frames
in Pale Moon and use that most of the time. Then I use
Firefox (with NoScript) only if I must enable script. But PM
can be a hassle with a lot of websites. I increasingly find
myself viewing with "no style" in order to see the page.
Not because PM is a problem but because blocking all
script, cookies and 3rd-party files can sometimes make
a mess of sites. For instance, many now serve their own
images from a different server. And many pages now try
to use script to sniff the screen size and pick an image
accordingly.
| The hosts file is based on the MVP Hosts File (with select additions)
|
| As you must be aware, it's not obvious how to add asterisks to the hosts
| file. So adding every single *.1e100.* would be problematic.
|
Yes. I use Acrylic DNS. It's OSS. A small DNS middleman
program. You set your DNS IP to 127.0.0.1 then configure
Acrylic to use the DNS server of your choice. Acrylic has
its own HOSTS file that allows wilcards. Here's my list for
only Google:
127.0.0.1 *.googlesyndication.com
127.0.0.1 *.googleadservices.com
127.0.0.1 *.googlecommerce.com
127.0.0.1 *.scorecardresearch.com
127.0.0.1 1e100.com
127.0.0.1 1e100.net
127.0.0.1 *.1e100.com
127.0.0.1 *.1e100.net
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com
127.0.0.1 *.googletagservices.com
127.0.0.1 *.googletagmanager.com
127.0.0.1 *.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1 fonts.googleapis.com
127.0.0.1 googleadapis.l.google.com
127.0.0.1 ssl.gstatic.com
127.0.0.1 plusone.google.com
127.0.0.1 cse.google.com
127.0.0.1 www.google.com/cse
But I don't have a lot of listings altogether
in both HOSTS files. Maybe 300. Far less than
the MVPS HOSTS file. The majority of tracking
and ads are coming from just a few operators,
and you're unlikely to deal with Doubleclick from
Sweden or S. Africa. :)
On the other hand, finding a given string in
a file of even several MB takes only a few
milliseconds, so a big HOSTS file shouldn't be
a problem.
| But that stuff doesn't answer my question in the least since everyone does
| that simple and obvious stuff
I think that actually very, very few people do
that stuff, which is why the tracking and targetted
ads work so well. If most people, or even half,
blocked only basic tracking then targetted ads
would be unworkable.
| My main question is that I have Firefox set to forget everything that I
can
| have it set to forget from the GUI. Given that, and assuming that
| fingerprinting can be done (which I accept), what else can they data mine?
It looks like you've got most of it. Maybe I
should be asking you. :) You might want to
try Secret Agent and NoScript. Both are helpful
and the settings in each are educational.
|
| What else is obvious to prevent data mining on sites such as the one we
| referenced in this thread?
|
other notable thing I can think of is to stop prefetching
in about:config. I also remove most URL strings in about:
config. I disable 3rd-party images and frames
in Pale Moon and use that most of the time. Then I use
Firefox (with NoScript) only if I must enable script. But PM
can be a hassle with a lot of websites. I increasingly find
myself viewing with "no style" in order to see the page.
Not because PM is a problem but because blocking all
script, cookies and 3rd-party files can sometimes make
a mess of sites. For instance, many now serve their own
images from a different server. And many pages now try
to use script to sniff the screen size and pick an image
accordingly.
| The hosts file is based on the MVP Hosts File (with select additions)
|
| As you must be aware, it's not obvious how to add asterisks to the hosts
| file. So adding every single *.1e100.* would be problematic.
|
program. You set your DNS IP to 127.0.0.1 then configure
Acrylic to use the DNS server of your choice. Acrylic has
its own HOSTS file that allows wilcards. Here's my list for
only Google:
127.0.0.1 *.googlesyndication.com
127.0.0.1 *.googleadservices.com
127.0.0.1 *.googlecommerce.com
127.0.0.1 *.scorecardresearch.com
127.0.0.1 1e100.com
127.0.0.1 1e100.net
127.0.0.1 *.1e100.com
127.0.0.1 *.1e100.net
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com
127.0.0.1 *.googletagservices.com
127.0.0.1 *.googletagmanager.com
127.0.0.1 *.google-analytics.com
127.0.0.1 google-analytics.com
127.0.0.1 fonts.googleapis.com
127.0.0.1 googleadapis.l.google.com
127.0.0.1 ssl.gstatic.com
127.0.0.1 plusone.google.com
127.0.0.1 cse.google.com
127.0.0.1 www.google.com/cse
But I don't have a lot of listings altogether
in both HOSTS files. Maybe 300. Far less than
the MVPS HOSTS file. The majority of tracking
and ads are coming from just a few operators,
and you're unlikely to deal with Doubleclick from
Sweden or S. Africa. :)
On the other hand, finding a given string in
a file of even several MB takes only a few
milliseconds, so a big HOSTS file shouldn't be
a problem.
| But that stuff doesn't answer my question in the least since everyone does
| that simple and obvious stuff
that stuff, which is why the tracking and targetted
ads work so well. If most people, or even half,
blocked only basic tracking then targetted ads
would be unworkable.
| My main question is that I have Firefox set to forget everything that I
can
| have it set to forget from the GUI. Given that, and assuming that
| fingerprinting can be done (which I accept), what else can they data mine?
should be asking you. :) You might want to
try Secret Agent and NoScript. Both are helpful
and the settings in each are educational.
Ann Dunham
Jan 24, 2017, 6:33:24 PM1/24/17
to mozilla-sup...@lists.mozilla.org
Mayayana replied:
> It looks like you know what you're doing.
Not really. I just go through the settings turning off anything that seems
like it's going to throw my privacy under the bus.
> The only
> other notable thing I can think of is to stop prefetching
> in about:config.
Googling, I find this:
http://www.ghacks.net/overview-firefox-aboutconfig-security-privacy-preferences/
Which says to set:
network.prefetch-next = false
so I did that.
That article had a TON of other privacy stuff, so, I guess I'll be saving
the preferences.js and then comparing after setting each of those, and then
trying to create a master user.js file. Sigh. So much work this privacy
stuff.
I've done that before but over time, I never know if my user.js is what's
causing problems in Firefox, and every version of firefox changes
preferences, so, I stopped messing with the user.js years ago.
Last I tried, as I recall, there was a master user.js out there, which, if
I google for it now ... I find ... this "ghacks" user.js thing.
http://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/
The problem with that user.js is that it's setting a thousand things, so
you never know what is causing a failure when things fail with each new
release of Firefox. Sigh.
In that google search, I also found this:
http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs
So I guess I have a LOT of reading to catch up upon! Sigh.
> I also remove most URL strings in about:
> config.
I do understand. I have done that in the past, but never know if any
screwups are because Firefox needs the "http" and "https" strings that aare
there (I think there are about a score of URLs, as I recall).
> I disable 3rd-party images and frames
> in Pale Moon and use that most of the time. Then I use
> Firefox (with NoScript) only if I must enable script.
Yeah. NoScript. YesScript. All that stuff eventually drove me nuts so I
gave up on it. If I "really" need privacy, I use the Tor Browser Bundle,
but then almost nothing works with it. Sigh.
> But PM
> can be a hassle with a lot of websites.
I don't know anything about Pale Moon.
Why that and not Firefox?
> Yes. I use Acrylic DNS. It's OSS. A small DNS middleman
> program. You set your DNS IP to 127.0.0.1 then configure
> Acrylic to use the DNS server of your choice. Acrylic has
> its own HOSTS file that allows wilcards. Here's my list for
> only Google:
Some day I will attempt this Acrylic DNS stuff. For now, it's that static
hosts file (because I can edit with a text editor and it makes sense
intuitively). But I do understand that eventually I'll need to go Acrylic
DNS.
Googling, is this the canonical download page for Windows XP?
https://sourceforge.net/projects/acrylic/
> I think that actually very, very few people do
> that stuff, which is why the tracking and targetted
> ads work so well. If most people, or even half,
> blocked only basic tracking then targetted ads
> would be unworkable.
To understand evil, you have to think like evil, where I don't really
understand the tracking stuff because I don't think to track people.
If I think about it, does it work this way?
1. I go to a web page (such as the one we've been discussing).
2. It "sells" information to other companies, so, it has a vested interest
in gathering data about me.
3. So it puts a script that collects "things" that it can sell.
But what are those "things"?
I guess some are cookies, which do them no good for me since FF will wipe
out cookies after every exit.
I guess some are currently logged in accounts (such as twitter and facebook
and Gmail and Yahoo, etc.), which I never do in the same session so I
suspect they get nothing out of that query.
What else can they get?
I don't understand what they get from the doubleclick stuff.
I guess if I let cookies build up, these cookies would show where I have
been, but since each FF session starts sans any cookies, I don't see what
they can mine.
I realize they can mine my IP address (there's not much I can do about that
except use Tor or a different ISP or a VPN), and they can mine anything
they can fingerprint (which is a reality of life so I give up on trying to
hide my fingerprint).
But what else can they mine?
> It looks like you've got most of it. Maybe I
> should be asking you. :) You might want to
> try Secret Agent and NoScript. Both are helpful
> and the settings in each are educational.
Ah, Secret Agent. That used to drive me nuts changing the User Agent string
all the time. I gave up on that long ago, but maybe I should add that back.
Luckily, the latest Firefox on Windows XP is still pretty common stuff so I
don't know how much that tell them about me.
> It looks like you know what you're doing.
like it's going to throw my privacy under the bus.
> The only
> other notable thing I can think of is to stop prefetching
> in about:config.
http://www.ghacks.net/overview-firefox-aboutconfig-security-privacy-preferences/
Which says to set:
network.prefetch-next = false
so I did that.
That article had a TON of other privacy stuff, so, I guess I'll be saving
the preferences.js and then comparing after setting each of those, and then
trying to create a master user.js file. Sigh. So much work this privacy
stuff.
I've done that before but over time, I never know if my user.js is what's
causing problems in Firefox, and every version of firefox changes
preferences, so, I stopped messing with the user.js years ago.
Last I tried, as I recall, there was a master user.js out there, which, if
I google for it now ... I find ... this "ghacks" user.js thing.
http://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/
The problem with that user.js is that it's setting a thousand things, so
you never know what is causing a failure when things fail with each new
release of Firefox. Sigh.
In that google search, I also found this:
http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs
So I guess I have a LOT of reading to catch up upon! Sigh.
> I also remove most URL strings in about:
> config.
screwups are because Firefox needs the "http" and "https" strings that aare
there (I think there are about a score of URLs, as I recall).
> I disable 3rd-party images and frames
> in Pale Moon and use that most of the time. Then I use
> Firefox (with NoScript) only if I must enable script.
gave up on it. If I "really" need privacy, I use the Tor Browser Bundle,
but then almost nothing works with it. Sigh.
> But PM
> can be a hassle with a lot of websites.
Why that and not Firefox?
> Yes. I use Acrylic DNS. It's OSS. A small DNS middleman
> program. You set your DNS IP to 127.0.0.1 then configure
> Acrylic to use the DNS server of your choice. Acrylic has
> its own HOSTS file that allows wilcards. Here's my list for
> only Google:
hosts file (because I can edit with a text editor and it makes sense
intuitively). But I do understand that eventually I'll need to go Acrylic
DNS.
Googling, is this the canonical download page for Windows XP?
https://sourceforge.net/projects/acrylic/
> I think that actually very, very few people do
> that stuff, which is why the tracking and targetted
> ads work so well. If most people, or even half,
> blocked only basic tracking then targetted ads
> would be unworkable.
understand the tracking stuff because I don't think to track people.
If I think about it, does it work this way?
1. I go to a web page (such as the one we've been discussing).
2. It "sells" information to other companies, so, it has a vested interest
in gathering data about me.
3. So it puts a script that collects "things" that it can sell.
But what are those "things"?
I guess some are cookies, which do them no good for me since FF will wipe
out cookies after every exit.
I guess some are currently logged in accounts (such as twitter and facebook
and Gmail and Yahoo, etc.), which I never do in the same session so I
suspect they get nothing out of that query.
What else can they get?
I don't understand what they get from the doubleclick stuff.
I guess if I let cookies build up, these cookies would show where I have
been, but since each FF session starts sans any cookies, I don't see what
they can mine.
I realize they can mine my IP address (there's not much I can do about that
except use Tor or a different ISP or a VPN), and they can mine anything
they can fingerprint (which is a reality of life so I give up on trying to
hide my fingerprint).
But what else can they mine?
> It looks like you've got most of it. Maybe I
> should be asking you. :) You might want to
> try Secret Agent and NoScript. Both are helpful
> and the settings in each are educational.
all the time. I gave up on that long ago, but maybe I should add that back.
Luckily, the latest Firefox on Windows XP is still pretty common stuff so I
don't know how much that tell them about me.
Mayayana
Jan 24, 2017, 11:31:46 PM1/24/17
to mozilla-sup...@lists.mozilla.org
"Ann Dunham" <AnnDunh...@spammenot.gmail.com> wrote
|
http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs
|
That's an interesting one, though it looks like you're
already dealing with most of those settings. Some are
good for security, like disabling web fonts and webgl.
(Though at the moment I don't remember the problem
with the latter.)
| I don't know anything about Pale Moon.
| Why that and not Firefox?
|
It is basically FF but with many of the non-essentials
removed. That makes it a bit lighter and quicker. It
also gives me a way to use two FF browsers with
entirely different configuration. When PM just won't
work it's not a big deal to paste the URL into FF.
I used to like K-Meleon, which is more of a FF fork.
Then they abandoned it for awhile. More recently it
was updated again, but I haven't got around to
really trying it out. It's work because many of the
settings are slightly different in K-Meleon.
| Some day I will attempt this Acrylic DNS stuff. For now, it's that static
| hosts file (because I can edit with a text editor and it makes sense
| intuitively). But I do understand that eventually I'll need to go Acrylic
| DNS.
|
It's very easy. Install, edit the DNS server setting, reboot.
| Googling, is this the canonical download page for Windows XP?
| https://sourceforge.net/projects/acrylic/
|
Yes. Also here:
http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome
Sourceforge is another site that used to work
fine but now requires me to use View -> Page Style ->
No Style to see the content. Loads of frivolous
javascript.
| To understand evil, you have to think like evil, where I don't really
| understand the tracking stuff because I don't think to track people.
|
Getting philosophical. :) We all know the
feeling of covetousness. I don't know that
I'd call that evil. It's odd that all this tracking
has become normal simply because it's easy
and frictionless to do it. I think the companies
with that business model have just gradually
convinced themselves that what they're doing
is normal. (I remember seeing a quote from
Sheryl Sandberg at Facebook to the effect
that FB helps people and "brands" connect.
She chooses to think spyware and targetted
ads are a kind of altruistic matchmaking.)
| If I think about it, does it work this way?
| 1. I go to a web page (such as the one we've been discussing).
| 2. It "sells" information to other companies, so, it has a vested interest
| in gathering data about me.
| 3. So it puts a script that collects "things" that it can sell.
| But what are those "things"?
|
This is probably going a bit OT for what's
supposed to be a Firefox support discussion.
A few basic examples: They sign up for Google
ads to make money. (The man who made up sites
to report fake "news" about Hillary was just making
up stories, signing up with Google ads, then starting
buzz with Facebook pages. He did it for money.
So he didn't track people. But google did:
https://www.washingtonpost.com/local/md-politics/aide-to-md-lawmaker-fabricated-article-on-hillary-clinton-rigging-the-election/2017/01/18/5219bd0c-ddd7-11e6-acdf-14da832ae861_story.html They're probably not tracking unless they're big.Google ads code is tracking you. Sites use Googlefonts because they're free. Google gets tracking.They add a snippet of Google analytics code. Googlegets tracking. They get a jquery lib from Googleto save on their own traffic. Google gets tracking. The website owners use Google analytics to get areport of their sie traffic because they don't knowhow to read their web server logs. They just have toadd a code snippet and then log in to Google to seetheir stats. For Google that's all free tracking. Sitesare basically giving them their server logs! So a lot of it is Google and other companiesoffering freebies, services and money in exchangefor letting them partially take over the webpage.That's why blocking 3rd-party images works so well.Virtua
lly all ads these days are not actually onthe webpage you visit. Numerous other companiesare being allowed to adulterate the page beforeyou see it.
|
http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs
|
That's an interesting one, though it looks like you're
already dealing with most of those settings. Some are
good for security, like disabling web fonts and webgl.
(Though at the moment I don't remember the problem
with the latter.)
| I don't know anything about Pale Moon.
| Why that and not Firefox?
|
removed. That makes it a bit lighter and quicker. It
also gives me a way to use two FF browsers with
entirely different configuration. When PM just won't
work it's not a big deal to paste the URL into FF.
I used to like K-Meleon, which is more of a FF fork.
Then they abandoned it for awhile. More recently it
was updated again, but I haven't got around to
really trying it out. It's work because many of the
settings are slightly different in K-Meleon.
| Some day I will attempt this Acrylic DNS stuff. For now, it's that static
| hosts file (because I can edit with a text editor and it makes sense
| intuitively). But I do understand that eventually I'll need to go Acrylic
| DNS.
|
| Googling, is this the canonical download page for Windows XP?
| https://sourceforge.net/projects/acrylic/
|
http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome
Sourceforge is another site that used to work
fine but now requires me to use View -> Page Style ->
No Style to see the content. Loads of frivolous
javascript.
| To understand evil, you have to think like evil, where I don't really
| understand the tracking stuff because I don't think to track people.
|
feeling of covetousness. I don't know that
I'd call that evil. It's odd that all this tracking
has become normal simply because it's easy
and frictionless to do it. I think the companies
with that business model have just gradually
convinced themselves that what they're doing
is normal. (I remember seeing a quote from
Sheryl Sandberg at Facebook to the effect
that FB helps people and "brands" connect.
She chooses to think spyware and targetted
ads are a kind of altruistic matchmaking.)
| If I think about it, does it work this way?
| 1. I go to a web page (such as the one we've been discussing).
| 2. It "sells" information to other companies, so, it has a vested interest
| in gathering data about me.
| 3. So it puts a script that collects "things" that it can sell.
| But what are those "things"?
|
supposed to be a Firefox support discussion.
A few basic examples: They sign up for Google
ads to make money. (The man who made up sites
to report fake "news" about Hillary was just making
up stories, signing up with Google ads, then starting
buzz with Facebook pages. He did it for money.
So he didn't track people. But google did:
https://www.washingtonpost.com/local/md-politics/aide-to-md-lawmaker-fabricated-article-on-hillary-clinton-rigging-the-election/2017/01/18/5219bd0c-ddd7-11e6-acdf-14da832ae861_story.html They're probably not tracking unless they're big.Google ads code is tracking you. Sites use Googlefonts because they're free. Google gets tracking.They add a snippet of Google analytics code. Googlegets tracking. They get a jquery lib from Googleto save on their own traffic. Google gets tracking. The website owners use Google analytics to get areport of their sie traffic because they don't knowhow to read their web server logs. They just have toadd a code snippet and then log in to Google to seetheir stats. For Google that's all free tracking. Sitesare basically giving them their server logs! So a lot of it is Google and other companiesoffering freebies, services and money in exchangefor letting them partially take over the webpage.That's why blocking 3rd-party images works so well.Virtua
lly all ads these days are not actually onthe webpage you visit. Numerous other companiesare being allowed to adulterate the page beforeyou see it.
EE
Jan 25, 2017, 2:20:34 PM1/25/17
to mozilla-sup...@lists.mozilla.org
works.
EE
Jan 25, 2017, 3:01:53 PM1/25/17
to mozilla-sup...@lists.mozilla.org
tracking. If Akamai cannot read from what page the browser came to
request an image, that should throw a monkey wrench into the tracking.
0 new messages