Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google and Facebook Top Biggest Web Tracker List

samzenpus posted more than 2 years ago | from the I-see-what-you-did-there dept.

Facebook 103

itwbennett writes "A new report from Evidon, whose browser plug in Ghostery tracks Web trackers, makes it plain that 'if you want to worry about somebody tracking you across the Web, worry about Google,' writes blogger Dan Tynan. Google and Facebook, and their various services, occupy all of the top 5 slots on the Evidon Global Tracker Report's list of the most prolific trackers. 'And if you have any tracking anxiety left over, apply it to social networks like Facebook, G+, and Twitter,' adds Tynan."

cancel ×

103 comments

Sorry! There are no comments related to the filter you selected.

Collusion plugin (5, Interesting)

Anonymous Coward | more than 2 years ago | (#40289297)

Check out the Collusion plugin from Mozilla if you want to see for yourself who is tracking you and the relationships between them. Has a nice graphical overview.

http://www.mozilla.org/en-US/collusion/

Re:Collusion plugin (1)

buchner.johannes (1139593) | more than 2 years ago | (#40290087)

Check out the Collusion plugin from Mozilla if you want to see for yourself who is tracking you and the relationships between them. Has a nice graphical overview.

http://www.mozilla.org/en-US/collusion/

(Un)fortunately the graph is very boring if you already run Ghostery.

Re:Collusion plugin (1)

Anonymous Coward | more than 2 years ago | (#40292599)

Collusion is MPL 1.1 while Ghostery is proprietary. For all you know, Ghostery might be spying on you more effectively than google and failbook combined.

Re:Collusion plugin (1)

Fjandr (66656) | more than 2 years ago | (#40292845)

It's pretty easy to watch traffic generated by something even if you don't have access to the source code.

Re:Collusion plugin (1)

allo (1728082) | more than 2 years ago | (#40299389)

but you do not always watch the traffic.

you can bring the positive proof, something is sending data home. but you cannot prove its not, unless you have your wireshark running all the time.

Re:Collusion plugin (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40290327)

I wonder if everyone else noticed that the top two "tracking" sites are also the top two most visited sites on the internet.

Lesson for the day... that's not a coincidence. Everyone wants to capitalize on information in one way or another. The bigger your reach, the more information you have to work with.

Neither says anything about what they're doing with that information. That's the really important part.

Re:Collusion plugin (1)

Inda (580031) | more than 2 years ago | (#40294003)

I installed that months back.

Now I realise how few websites I visit these days.

When did the WWW become so shit?

Re:Collusion plugin (1)

datavirtue (1104259) | more than 2 years ago | (#40294173)

Oh no! Google is tracking me! Yawn....

Ghostery (4, Informative)

agoliveira (188870) | more than 2 years ago | (#40289305)

I suggest this Firefox extension. Works quite well for me.

Re:Ghostery (2)

zornorph (63846) | more than 2 years ago | (#40289325)

Another one that I like is Collusion. Still listed as experimental though:

Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web. It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers.

Re:Ghostery (0)

Anonymous Coward | more than 2 years ago | (#40290645)

For my primary browser I still use Firefox. No version of AdBlock works as well as the one in Firefox, and I think this will be the case for a very long time. I still get ads in YouTube in Chrome, even the really long, irritating pre-video video ads. Before I got Chrome I didn't even know these ads existed. I like to browse with NoScript for security and the NoScript equivalent in Chrome cannot block javascript nearly as well as it can with Firefox and the user interface sucks balls (or did when I tried it). My understanding is that in Chrome the script will load and then get blocked, whereas in Firefox it is blocked and never loaded. All of these things have to do with Firefox being open source. Of course, the Slashdot community, notorious for being FOSS fanatics, will post endless responses about why they prefer Chrome over Firefox.

Re:Ghostery (1)

vlm (69642) | more than 2 years ago | (#40289335)

I suggest this Firefox extension. Works quite well for me.

I can verify the Chrome extension is called... "Ghostery".

I enjoy this trend of extensions on chrome having the same name as on firefox. It made the jump from FF to chrome a couple weeks ago pretty easy.

Request Policy (2, Informative)

Anonymous Coward | more than 2 years ago | (#40289395)

For Firefox I use the Request Policy [mozilla.org] add-on to block 3rd-party requests. This helps prevent cross-site request forgery (CSRF) as well.

Re:Ghostery (3, Informative)

cpu6502 (1960974) | more than 2 years ago | (#40289581)

Um..... extensions usually do have the same name, regardless of browser. Not only is it called "Ghostery" on Firefox and Chrome, but also Microsoft's Explorer, Apple's Safari, and Opera's Opera.

cpu6502 or commodore64_love (-1)

Anonymous Coward | more than 2 years ago | (#40289753)

or vagina !

Re:Ghostery (1)

jon_doh2.0 (2097642) | more than 2 years ago | (#40289513)

From the summery:

"A new report from Evidon, whose browser plug in Ghostery tracks Web trackers,"

Re:Ghostery (0)

Anonymous Coward | more than 2 years ago | (#40292273)

Wait, some organization named Evidon makes a browser, and they managed to get a plug in for it in Ghostery, and that promo tracks Web trackers?

Not sure just how summery that is, might be more wintery, but, if that's an accurate summary, then no thanks on the Ghostery, as I don't want to use anything that has ads for browser makers I've never even heard of, no matter what those ads can track.

But there are *plenty* more where that came from. (0)

Anonymous Coward | more than 2 years ago | (#40289315)

My Ghostery list of blocked trackers occasionally goes near the bottom of the page. I won't surf without it anymore, but it scares the crap out of me.

Re:But there are *plenty* more where that came fro (1)

vlm (69642) | more than 2 years ago | (#40289365)

My Ghostery list of blocked trackers occasionally goes near the bottom of the page. I won't surf without it anymore, but it scares the crap out of me.

slashdot apparently uses google analytics and scorecard research.

Does anyone have a list of reasonable whitelist entries for ghostery?

Don't worry (0)

Anonymous Coward | more than 2 years ago | (#40289331)

There is no need to worry. I'm sure Google has fantastic data security and privacy practices so your data is safe.

I mean, it's not as if a "rogue engineer" at Google would be able to write software that captures people's private data and then offer it up for datamining while Google managers and other people responsible for the project claim to be completely unaware of it (even though they read the specs and code). ...oh wait. You mean that's exactly what happened? Well I feel better now.

Re:Don't worry (1)

Bigby (659157) | more than 2 years ago | (#40289565)

That's ok. You should have no expectation of privacy with Google. If you were riding a bus, would you expect everyone to cover their ears? You should be careful about what you do or type if you are concerned about keeping that information private (which is your right). However, when you willfully divulge that once-private information, it ain't private anymore.

Re:Don't worry (5, Insightful)

vux984 (928602) | more than 2 years ago | (#40290071)

If you were riding a bus, would you expect everyone to cover their ears?

I expect them to "hear" but not deliberately "listen", certainly not to "record", and absolutely not to maintain a linked set of recordings they have made of me at different times I have been on the bus.

This is the social contract most normal people live by.

 

Re:Don't worry (1)

gutnor (872759) | more than 2 years ago | (#40290965)

This. What Google and Facebook are doing is what people in the real life would call "stalking". You can actually sue somebody for that and get restraining orders, so that is indeed a social contract.

Re:Don't worry (1)

Bigby (659157) | more than 2 years ago | (#40295429)

That social contract goes against basic human freedoms. So it should be illegal for someone to use a video camera in public? Just because someone chooses to do it on a larger scale and actually use the information is still just practicing a basic right.

Someone who does this can be considered an a$$. But trying to regulate it has nearly infinite costs and millions of use cases to independently judge.

Re:Don't worry (1)

vux984 (928602) | more than 2 years ago | (#40300463)

That social contract goes against basic human freedoms

No, it doesn't.

So it should be illegal for someone to use a video camera in public?

Not at all.

Just because someone chooses to do it on a larger scale and actually use the information is still just practicing a basic right.

If someone follows me around with a video camera making a documentary of my habits to post onlin, and sell to advertisers, that is miles away from someone video taping their own kids as I walk by in the background.

Can you REALLY not see a difference?

But trying to regulate it has nearly infinite costs and millions of use cases to independently judge.

The video camera industry has managed just fine. Even shows like COPS manage it. Either someone is a paid actor / signed a waiver, or they get blurred out before they can use the captured footage. It doesn't have infinite costs and millions of use cases.

Same could (and should) apply to the internet.

Re:Don't worry (0)

Anonymous Coward | more than 2 years ago | (#40290403)

What about the 99.99% of the web sites out there that happily make a request to google-analytics, allowing Google to create a trail of every page I view, every link I click, every form I submit (through GET URLs in the referrer header) on every site on the 'net?

I don't mind if Amazon keeps track of what I look for on their site and I don't care if eBay knows what I'm buying on there either, but I don't think that Google should have that information.

Food for thought (4, Insightful)

Missing.Matter (1845576) | more than 2 years ago | (#40289337)

Google derives 96% of its revenue from advertising. All those shiny "free" Google services you love to play with are the result of their ability to monetize information they gather about you. Without tracking, there is no Google. Just keep that in mind.

Re:Food for thought (5, Insightful)

gl4ss (559668) | more than 2 years ago | (#40289393)

they should just focus adverts based on what I'm viewing right now and then. NOT by what I viewed a week ago. NOT by what someone else viewed from the same browser a week ago. I'm doing a search for "fucking inkjet cartridges" then fuck, advertise me some fucking inkjet cartridges and porno then. NOT FUCKING AFTER I'VE ALREADY BOUGHT BOTH AND AM ACTUALLY SEARCHING FOR A FUCKING GOOD BROWNIES RECIPE!!!!

the tracking... IT DOES NOTHING, but billions spent on it regardless. how do they know the tracking is "working" in getting you the advertisements you want? well, because they're fucking tracking it so their tracking proves that the tracking experts should be paid lots and lots of money.

Re:Food for thought (3, Funny)

bobbied (2522392) | more than 2 years ago | (#40289675)

I'm thinking that you need to keep the "safe search" option turned on if you type that stuff into Google and expect to actually find a recipe for brownies anywhere near the top of the list.

Re:Food for thought (1)

DogDude (805747) | more than 2 years ago | (#40290277)

You don't understand. Anybody can sell you stuff based on what you're doing now. Google is making entire profiles of people based on what they do online. This is much more valuable than what you're suggesting.

remarketing (0)

Anonymous Coward | more than 2 years ago | (#40290309)

this is called "remarketing", and i hate it, too. you can get exactly what you're describing by opting out of "interest-based advertising."

- anonymous google coward

Re:Food for thought (0)

Anonymous Coward | more than 2 years ago | (#40290641)

the tracking... IT DOES NOTHING

You think they haven't shown that it works? I'd rather have ads related to other things I've searched for, rather than completely irrelevant stuff. (Yes, I'd prefer no ads altogether for many things, but I don't want to pay for Google, so I don't purposely ad block them.)

I'm perfectly fine with my grocery store tracking me, since I get lower prices on some of the same things I bought previously.. (and lower than the weekly specials on that same item)

Perfect Brownies (4, Informative)

improfane (855034) | more than 2 years ago | (#40290789)

I agree with you.

Just thought I'd share my ultimate brownie recipe with you. Take a saucepan and start melting real butter (125g) and chocolate (185g) and melt on a low heat. Then add 50g flour, 40g Cocoa and 275g sugar. Stir into mixture and then add three eggs. Pour into a greased or papred tin and place in oven for about 25 minutes and they're delicious. They're not to dense or light and they are rich but not overpowering.

You can also mix in chocolate chunks or nuts to make it even nicer.

Re:Perfect Brownies (0, Funny)

Anonymous Coward | more than 2 years ago | (#40290999)

>Take a saucepan and start melting real butter (125g) and chocolate (185g) and melt on a low heat. Then add 50g flour, ...

Tragically, I do not have any metric ingredients.

Re:Perfect Brownies (0)

datavirtue (1104259) | more than 2 years ago | (#40294241)

Metric? Really!? Fat-ass.

Re:Perfect Brownies (1)

improfane (855034) | more than 2 years ago | (#40294261)

I forgot to clarify that when you start adding the dry ingredients (cocoa, sugar and flour) you should take the saucepan off the heat.

Re:Perfect Brownies (0)

Anonymous Coward | more than 2 years ago | (#40298351)

This procedure would not cook the batter.

Might still be good (if your eggs are okay), but you won't get brownies.

Re:Food for thought (1)

brunes69 (86786) | more than 2 years ago | (#40293639)

Why does it make you so upset that Google is not getting the targeting correct? From the reading of your post, it sounds like you want MORE tracking, not less - so that they can target the ads better.

Re:Food for thought (1)

datavirtue (1104259) | more than 2 years ago | (#40294257)

Google is awesome! Hell yeah I want more and better tracking! If it's not Google then it's just creepy.

Re:Food for thought (1)

datavirtue (1104259) | more than 2 years ago | (#40294217)

It is so nice to use private browsing and see the "relevant" ads and the "customized" search results disappear. I''m all for relevant ads, but lets get the algo right.

Re:Food for thought (4, Interesting)

Hatta (162192) | more than 2 years ago | (#40289543)

All I use Google for is search. I'd gladly pay for a non ad infested version. Google serves too many masters to be a decent search engine anymore.

Re:Food for thought (1)

Larryish (1215510) | more than 2 years ago | (#40290605)

Can anyone offer a good alternative search engine?

Not Google, but [...] ?

Re:Food for thought (0)

Anonymous Coward | more than 2 years ago | (#40290937)

Can anyone offer a good alternative search engine?

Not Google, but [...] ?

All I've found so far is duckduckgo

Re:Food for thought (1)

datavirtue (1104259) | more than 2 years ago | (#40294263)

Ah yes, Bing. Let me know how that works out.

Ixquick for search (0)

Anonymous Coward | more than 2 years ago | (#40291807)

Ixquick (basically an aggregator) doesn't track for store any user data, and they offer encrypted searches via https.
https://ixquick.com/ [ixquick.com]
Been using it for a couple of years now, haven't looked back.

Re:Ixquick for search (1)

psiclops (1011105) | more than 2 years ago | (#40292195)

As an aggregator they would cease to function if the major search providers(that rely on advertising) disappeared. therefore they (indirectly) rely on internet users being tracked.

i don't know if it's just my monitor/settings but i also find that bottom line seperating sponsored links from real ones nearly impossible to see.

Re:Ixquick for search (0)

Anonymous Coward | more than 2 years ago | (#40306315)

Ixquick has sponsored links? Either I'm totally oblivious or it's adblock, but I have never seen a sponsored search result on Ixquick. Not sure what their business model is though, that could be it.

Ixquick doesn't pass your IP address or any info to any other sites. As far as google is concerned, Ixquick is requesting the search. Until everyone stops using google, google will always have people to track - I don't think they're going away soon so I'm having a hard time understanding your concern. Check it:
https://ixquick.com/eng/protect-privacy.html [ixquick.com]

(although I just now see their own ad: "NEW! Ixquick now offers anonymous Google results on its sister website Startpage.com." and I've never had a very high opinion of Startpage as far as privacy goes... )

Re:Food for thought (0)

Anonymous Coward | more than 2 years ago | (#40295281)

duckduckgo is a good search engine.

Re:Food for thought (0)

Anonymous Coward | more than 2 years ago | (#40296145)

Try DuckDuckGo. It was born with the idea of being a clean, non-tracking search engine. I switched about a month ago and I'm delighted by it.

Re:Food for thought (1)

Bigby (659157) | more than 2 years ago | (#40289579)

That's why I think it is crazy when people say the only thing at Google that is making money is AdWords/Search. They think everything else is a drain. Those other things are just portals to not only more advertising, but more directed advertising.

Re:Food for thought (0)

Anonymous Coward | more than 2 years ago | (#40289587)

It requires less than 30 seconds for Tor with all cookies cleared to warn me that the Google had discovered my identity when searching for MI5 related material. How do they do it? Is it built into OsX?

Re:Food for thought (1)

Fjandr (66656) | more than 2 years ago | (#40292881)

Were you using your regular browser piped through Tor? If so, it still has all those unique identifying characteristics it always did.

Given that browsers leak various tidbits system information, I'm not sure there is really a way to be truly anonymous short of large numbers of people browsing from a VM/browser combo set up to display identical leaked information.

Even using the bundled Tor browser stock, your system fonts can easily shortlist your identity.

Re:Food for thought (0)

Anonymous Coward | more than 2 years ago | (#40294333)

It requires less than 30 seconds for Tor with all cookies cleared to warn me that the Google had discovered my identity when searching for MI5 related material. How do they do it? Is it built into OsX?

Take a look at what your browser reveals about your 'fingerprint' (http://browserspy.dk/browser.php, go through the whole left hand menu), and then imagine Google logging all of this across a significant portion of the web (including this site), and connecting it, and then adding the data they have on their own users with login (gmail, youtube, android, etc.). People who think they stop tracking with no-script seriously underestimate the datamining going on, even the good old singlepixel image is still in the tracking toolbox, and it all adds up.

Re:Food for thought (1)

cpu6502 (1960974) | more than 2 years ago | (#40289665)

>>>Google derives 96% of its revenue from advertising.

I'm okay with that. It's also how I get Free TV and free radio. The idea that I would actually PAY for google.com and other websites? Ha. Fat chance.

My only objection is when Google pushes for CISPA legislation that allows the government to view the data without needing a warrant. I don't care if Google tracks my websurfing (they can do me no harm), but the government? With its jails and armed men? No thanks.

Re:Food for thought (4, Insightful)

Shihar (153932) | more than 2 years ago | (#40290521)

Eh. Who cares? Google trying to make really good ads for me rates pretty damn low on my list of concerns. Hell, if they actually manage to get me to click on a link, it means they found something that I actually care about. I call that a win. I will happily take a good book recommendation that I actually would like to know about over a dancing baby trying to sell me a better mortgage.

Targeted advertising just isn't scary. It is good. Google having that kind of information doesn't scare me.

Where Google and the like become scary is when our own government steps in. I don't care if Google tries to sell me stuff that I want. That is a service. I do care if the government can track down my various aliases and I run into trouble with the law because I vocally declare drug laws and the TSA dumb. Google isn't the problem, it is when my government forces Google to divulge information on me that we have a problem.

Facebook is little worse than Google. Their targeted advertising is perfectly fine, but their constantly shifting privacy settings that desperately want to share private drunk pictures with my boss is fucking annoying.

+100 to parent (1)

brunes69 (86786) | more than 2 years ago | (#40293617)

I agree 100% with everything you posted. Privacy is only important to me in the context of the government. And Google ranks among the highest according to the EFF on government transparency - so I call that a good thing.

Why do so many people seem to get upset over targeted ads, is the thing I muse over constantly. I think the root of the problem is the ego. People get upset and disturbed at the thought that a company and/or it's collection of algorithms and research, might know more about their psychology than they know themselves - whereas I resigned myself to that fact a long time ago.

Once you realize you're just another sweaty sapiens on this planet and not really all that special compared to everyone else, you ARE NOT unique, and you CAN EASILY be profiled... then you can stop worrying about this kind of crap.

Re:+100 to parent (1)

datavirtue (1104259) | more than 2 years ago | (#40294293)

Sweaty sapien? Damn, I was feeling good about the day until I read that.

Is anyone surprised? (3)

Dins (2538550) | more than 2 years ago | (#40289347)

This is why I stay logged out of my Google account whenever possible and only access Facebook when I absolutely have to. Privacy is dead. Google talks a good talk with "Don't be evil", but actions speak louder than words. And Facebook might be the biggest enemy of privacy on the web right now.

Re:Is anyone surprised? (5, Insightful)

CanHasDIY (1672858) | more than 2 years ago | (#40289445)

Facebook might be the biggest enemy of privacy on the web right now.

I [wikipedia.org] don't [wikipedia.org] think [wikipedia.org] so. [wikipedia.org]

Re:Is anyone surprised? (5, Interesting)

Hatta (162192) | more than 2 years ago | (#40289591)

Do you think logging out really does you any good? Chances are you can be uniquely identified from your browser's user agent string. Google remembers your IP. Google remembers the searches you do from that IP. Google has a bug on just about every website out there.

If you want to avoid Google, you need to use it only from a deidentified browser, behind an anonymizing proxy. You need to reject all scripts from Google, and reject all cookies. If you do all this, it will be a pain in the ass to get any work done, and I'm still not sure they won't be able to figure out who you are.

Re:Is anyone surprised? (1)

Dins (2538550) | more than 2 years ago | (#40289735)

Every little bit helps. I'm also usually behind a VPN, and always have Ghostery, Noscript and 'do not track' enabled. Am I 100% private? No. But I'm better than without those options. I'm also under no illusions that 'do not track' helps unless the site I'm connecting to wants it to help. But it probably doesn't hurt.

Re:Is anyone surprised? (1)

datavirtue (1104259) | more than 2 years ago | (#40294317)

Every little bit helps. I'm also usually behind a VPN, and always have Ghostery, Noscript, a tinfoil hat, aluminum wallpaper, and 'do not track' enabled.

There, fixed that for ya.

Re:Is anyone surprised? (2)

Errol backfiring (1280012) | more than 2 years ago | (#40293149)

Off course I reject all scripts from Google. And I use Ixquick for search. Third-party cookies should be disabled by default in modern browsers (and often are).

Re:Is anyone surprised? (1)

admiralfurburger (76098) | more than 2 years ago | (#40293273)

I use Firefox for my browsing, Epiphany for facebook & chrome for google services. For all intents & purposes, this is how a lot of people use a single browser. 2 or 3 windows, with 1/2 a dozen (or 50) tabs in each. My windows are just different applications, isolated from each other... If I want to browse a link I see in the google or facebook windows, I copy & paste it to the browse window.

If I'm going someplace I'm really concerned about, I pop in a live cd of my favorite low profile distro, puppy linux, & reboot without saving when done...

Track that!

Re:Is anyone surprised? (1)

datavirtue (1104259) | more than 2 years ago | (#40294355)

"In other news....a hacker was arrested today after obscuring his identity with a puppy. Animal rights activists are in an uproar and local authorities say this is probably not the first time he has done this. Arraignment is scheduled for Monday morning at 8AM."

Re:Is anyone surprised? (1)

StripedCow (776465) | more than 2 years ago | (#40294085)

The best thing to do may be to inject so much noise into the internet, that they may have all your information, yet can't do anything useful with it.

Re:Is anyone surprised? (1)

bobbied (2522392) | more than 2 years ago | (#40289663)

This is why I stay logged out of my Google account whenever possible and only access Facebook when I absolutely have to. Privacy is dead. Google talks a good talk with "Don't be evil", but actions speak louder than words. And Facebook might be the biggest enemy of privacy on the web right now.

Best you be deleting your cookies too or all is for naught... In fact, I'd be deleting all cookies and history every time I started a browser if I was you. Further, I'd also try and get a new IP address from your ISP on a regular basis. Even then, good luck with not being tracked.

Oh heck, Just stay off the web, take the battery out of your cell phone and never go outside....

Re:Is anyone surprised? (1)

stretch0611 (603238) | more than 2 years ago | (#40292339)

This is why I stay logged out of my Google account whenever possible and only access Facebook when I absolutely have to.

Facebook is easy... I deleted my account 2 years ago, and I blocked facebook.com fbcdn.net and related sites on my router.

As for google, I use ghostery on my main browser (But I noticed ghostery doesn't work against Google Analytics on chrome/chromium.) When I want to access my gmail account, I fire up a separate browser and use that only for gmail and exit the browser when done.

This is news? (1)

utkonos (2104836) | more than 2 years ago | (#40289431)

Every time I have to whitelist a cookie to get a website to work what other third party cookies are always sitting there in the block list. I'll give you two guesses.

Well... except for porn sites. They have about 10 - 15 blocked third party cookies, but none of them are Google/Facebook........

Re:This is news? (1)

CanHasDIY (1672858) | more than 2 years ago | (#40289619)

Well... except for porn sites. They have about 10 - 15 blocked third party cookies, but none of them are Google/Facebook........

To a marketing weasel, that last sentence reads "untapped market."

Re:This is news? (1)

utkonos (2104836) | more than 2 years ago | (#40316827)

So, they want to tap that..... oh, nevermind.....

What happened to "Don't be evil? (0, Troll)

Anonymous Coward | more than 2 years ago | (#40289779)

Seems to me that Google's motto should be retired. Google's been using it as a shield against criticism but clearly they've been what you might consider "evil" for a while now. They've amassed more personal info than anyone else on the planet and their whole business depends on sale or rent of access to people's personal information.

All of the Google's products have also become massive data collection sinks.From Android to Chrome, these products are just massive pipes to Google's databases.

As a Linux developer and user, I used to be a fan of Google simply because they were MS' enemy and supported Linux but Google today has more potential to do evil than Microsoft ever was.

As Google, a public company, experiences more and more revenue pressures from shareholders, they will be pushed to do more bold and reckless moves that deal with people's private info (just remember the Google Buzz fiasco).

I've been using less and less of Google's services and have blocked most of their domains on the DNS level. Google truly scares me now.

Google's products might be free but there's a price to pay: your information and its potential to be abused.

I Knew That (1)

carrier lost (222597) | more than 2 years ago | (#40289837)

That's why I drew this [botaday.com]

Disclaimer: I didn't really know. I just thought of the design and thought it would look neat

Re:I Knew That (1)

yahwotqa (817672) | more than 2 years ago | (#40295771)

Brb, uploading this to funnyjunk...

Re:I Knew That (1)

carrier lost (222597) | more than 2 years ago | (#40296187)

Har!

I actually looked at Funnyjunk yesterday to see if any of my stuff is there - it's too hard to tell.

18 trackers on TFA page. (1)

markzip (1313025) | more than 2 years ago | (#40289965)

Reprising the comment I posted over on TFA:

Disclaimer: "This ITWorld page contains at least eighteen trackers, including eight of the top ten listed in the article. Dan's eSarcasm site loads at least 5 trackers including three of the top five."

There, fixed that for you.

--

He had me until he praised the Wall Street Journal series. While the goal of informing non-technical people about tracking on the web is a good one, the series has been full of inaccuracies, omissions and sensationalism. WSJ seems to actively avoid telling people how easy it is to avoid/minimize tracking and AFAIK has never broached the obvious conflict of interest issue raised by their reporting.

Like most Slashdot readers am no fan of tracking and targeted advertising and I run the usual suite of blockers you would expect (Ghostery, AdBlock Plus, NoScript, FlashBlock, Better Privacy, etc etc. But intellectual rigor is even more important to me. It has been missing from the WSJ reporting.

Re:18 trackers on TFA page. (1)

datavirtue (1104259) | more than 2 years ago | (#40294503)

Dude, the WSJ is a newspaper. A fucking newspaper! A rag, which I read every day, that is run by billionaires. Take it with a grain of salt. Anyone with any sophistication that reads it knows there is a finely tuned message in every article. They purposefully participated in over-hyping the facebook IPO, and continue to draw the story out with tons of fluff and repetition about people losing millions and wanting their money back--yawn. Once a week there is a decent and very informative article (What the Chinese Want).

Back in the day... (3, Informative)

LordLucless (582312) | more than 2 years ago | (#40290037)

Does anyone remember, back in the day, when browsers shipped configured so that all cookies set had to be explicitly authorized to be set? Remember how the first thing everyone did was change their configuration to auto-accept? Remember how browsers eventually changed to just have that setting by default?

A site cannot track you across third-party sites. Not unless you let them. It's just that users have deferred that responsibility to their browser's configuration, and are now complaining that they've been granting authorization to let these sites track them. The result is articles like this, and heavy-handed legislation like the EUs recent cookie-ban. All because users are too lazy and ignorant to take the responsibility on themselves. Hell, with modern browsers and addon/extension models, you don't even need to use the coarse-grained approach that old-school browsers used. Just a plugin that let's you whitelist cookies.

But it sounds like even that's too much effort for the average user. Just complain, and rely on the courts.

Re:Back in the day... (0)

Anonymous Coward | more than 2 years ago | (#40291189)

Thankfully Safari blocks third party by default, too bad Google decided to use a Javascript hack to fake a click around it!

Re:Back in the day... (2, Interesting)

Anonymous Coward | more than 2 years ago | (#40291193)

They can track you by your browser's agent string (and even better when pairing it with an IP address). Research has discovered that agents strings tend to differ. If website A sees your agent string unique among it's 1 million users and website B has also seen your agent string, when they sell each other web logs they can both assume you visited both their sites. Of course it's not 100% exact, but it's statistically good enough to make that profile connection. Have you cleaned your agent string and other browser trackes lately?

In addition, websites make it harder and harder to not enable cookies. They'll keep redirecting you to a 'choose your location' page or toss up an error saying the site requires cookies to function. Luckily I love eating cookies and never go hungry when browsing the web. I'm about to munch on the FIVE I have relating to slashdot. One from slashdot and the other four with referrer info relating to links I've clicked on from here.

Why do I have a jobs.slashdot.org cookie? I don't have a slashdot account.

Re:Back in the day... (0)

Anonymous Coward | more than 2 years ago | (#40291375)

Yeah... right... As if I couldn't track you without cookies... *facepalm*

There are many other ways to uniquely ID you. GET session IDs, hashes embedded in mod_rewrite-mangled URLs, together with HTTP referrers... Hell, even your font list / IP adress combination can suffice.
Add to that things like the undocumented way (or bug) to store data in IE we found back in IE 5 and upwards... the web application storage feature of modern browsers... etc...

Being fixated solely on cookies like that is downright insane.

Re:Back in the day... (2)

LordLucless (582312) | more than 2 years ago | (#40291585)

GET session IDs, rewritten URLs and HTTP referrers don't help track users.

In case you're unaware, the way this tracking works is by the tracking party embedding an image on a third party page (for Google, this is usually adwords, for Facebook, it's the like buttons). When a user hits that image, they send a request to the tracking party's server to fetch the image. Along with that request, it sends the cookies for that domain. The tracking party can then determine that the user with that cookie, visited third-party page X.

GET variables, mangled URLs, HTTP referrers - these can be used to track someone within a site (and are very useful for maintaining session), but none of them can be used to track you across third party site, because to do so would mean the third party site would have to serve up unique content for each user.

The one valid issue you raised was the user agent string, and while it's not guaranteed unique, research shows it's often good enough to do a reasonable job, although I don't know if any companies do use it that way, since simple cookies are nigh-ubiquitous. I agree it's an issue, but it should be a simple, technological fix. There's no good reason for browsers to share so much information via their agent strings. For those who are concerned about tracking, installing a agent-string switching addon is simple enough. I agree they shouldn't need to, and maybe the focus on tracking will get the major browser vendors to change their default behaviour, but it's not like "opting out" of the tracking is at all difficult.

Re:Back in the day... (1)

Johann Lau (1040920) | more than 2 years ago | (#40293521)

In case you're unaware, the way this tracking works is by the tracking party embedding an image on a third party page (for Google, this is usually adwords, for Facebook, it's the like buttons). When a user hits that image, they send a request to the tracking party's server to fetch the image. Along with that request, it sends the cookies for that domain. The tracking party can then determine that the user with that cookie, visited third-party page X.

And here's how it works via ETag (and referrer info; which, even though it's voluntary, is a fact of life for regular users, and even required for some sites to work properly)

The first time the resource is requested, there's obviously no ETag. So you simply generate a unique ID, encode that into an ETag which you send back. You write the hit ("user [FRESHLY GENERATED ID] browsed [REFERRER]"), and wait. The next time the user requests that same resource, *if* their browser cache isn't cleared (I know that's a big if, but who cares? Spammers, viruses, marketers go for the weak links; and if that ends the discussion for you, you're just not part of it.), the browser will send that ETag (along with the referrer hopefully). Of course you don't implement 304 not modified, but instead re-encode the ID, so you get a new ETag with the same info in it, and send that back with the response. Then you merrily take not that ID #23189428931 visited again, this time coming from page X.

Sure, it's brittle, but so are cookies, and ETags plus other things like browser fingerprints*, can bridge the gap for each other (say, you clear cookies, but not the cache, or the other way around).

* https://panopticlick.eff.org/ [eff.org] ---> mine is unique :/ Be honest, how about yours, not changing any settings before doing the test?

### This post was intended to educate people, not to give poopy asshats ideas. "If you're a poopy asshat, kill yourself." -- Bill Hicks ###

Re:Back in the day... (1)

Johann Lau (1040920) | more than 2 years ago | (#40293477)

Yeah yeah nice rant.

Based on the fallacy that cookies are required to track people (and I sure hope the legislation you mentioned includes that, and is not just a "cookie ban" as you call it). Ever heard of an ETag, or browser fingerprints? Does "IP address" ring a bell at all? It's fucking trivial to track people without cookies.

I map them all to 127.0.0.1 in my /etc/hosts (0)

Anonymous Coward | more than 2 years ago | (#40290111)

127.0.0.1 googleapis.com

You get the picture.

If any page embeds content from some other domain then it is violating your privacy in the name of "web analytics".

When I was in the direct mail business our most jealously guarded IP was our Customer List. For the life if me I have no idea why website operators now freely give their Customer Lists to the Web Analytics firms.

The political candidates are the worst. Just use Safari's Activities Window to get a load if all the one pixel transparent GIFs and one byte Javascripts served up by the Analytics Firms.

Just use Analog. Its far more accurate and Analog keeps your private information private:

    http://analog.cx/

I have used Analog damn near every single day for fifteen years. It has a bit of a learning curve so I'm working on a tutorial:

      Web Server Log File Analysis with Analog
        http://www.dulcineatech.com/tips/webmaster/log-file-analysis/

Don't Say I Never Did Nothin' Fer Ya. -- Mike Crawford

21++ ADVANTAGES OF HOSTS FILES (0)

Anonymous Coward | more than 2 years ago | (#40294767)

Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs):

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/ [theregister.co.uk]

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/ [theregister.co.uk]

---

Google's DoubleClick spreads malicious ads (again):

http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/ [theregister.co.uk]

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/ [theregister.co.uk]

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/2008/12/16/google_sponsored_links/ [theregister.co.uk]

---

DoubleClick caught supplying malware-tainted ads:

http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/ [theregister.co.uk]

---

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users:

http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/ [theregister.co.uk]

---

Real Media attacks real people via RealPlayer:

http://www.theregister.co.uk/2007/10/23/real_media_serves_malware/ [theregister.co.uk]

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/ [theregister.co.uk]

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211 [threatpost.com]

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool [slashdot.org]

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9 [slashdot.org]

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against [securityweek.com]

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

High Severity BIND DNS Vulnerability Advisory Issued:

http://tech.slashdot.org/story/11/02/23/156212/High-Severity-BIND-Vulnerability-Advisory-Issued [slashdot.org]

---

Photobucketâ(TM)s DNS records hijacked:

http://blogs.zdnet.com/security/?p=1285 [zdnet.com]

---

Protecting Browsers from DNS Rebinding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Problem Linked To DDoS Attacks Gets Worse:

http://tech.slashdot.org/story/09/11/15/1238210/DNS-Problem-Linked-To-DDoS-Attacks-Gets-Worse [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

---

20++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* POSTS ABOUT HOSTS FILES I DID on "/." THAT HAVE DONE WELL BY OTHERS & WERE RATED HIGHLY, 26++ THUSFAR (from +3 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashyahoo/ [tech.slashyahoo] Microsoft's Bing display toxic ads:dot.org/comments.pl?sid=2116504&cid=35985584
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once? GET CACHED! Right into the kernelmode diskcaching subsystem (fast & efficient RAM speed), for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32\drivers\etc on Windows, which marks it "Dirty" & then it gets re-read + reloaded into the local diskcache again). This may cause a SMALL initial load 1 time lag upon reload though, depending on the size of your HOSTS file.

E.) HOSTS files don't protect vs. BGP exploits - Sorry, once it's out of your hands/machine + past any interior network + routers you have, the packets you send are out there into the ISP/BSP's hands - they're "the Agents" holding all the keys to the doorways at that point (hosts are just a forcefield-filter (for lack of a better description) armor on what can come in mostly, & a bit of what can go out too (per point #20 above on "locking in malware")). Hosts work as a "I can't get burned if I can't go into the kitchen" protection, for you: Not your ISP/BSP. It doesn't extend to them

F.) HOSTS files don't protect vs. IP addressed adbanners (rare) &/or IP address utilizing malwares (rare too, most used domain/host names because they're "RECYCLABLE/REUSEABLE"), so here, you must couple HOSTS files w/ firewall rules tables (either in software firewalls OR router firewall rules table lists)... apk http://it.slashdot.org/comments.pl?sid=2603836 [slashdot.org]

0 or 0.0.0.0 = BETTER than 127.0.0.1 in hosts (0)

Anonymous Coward | more than 2 years ago | (#40294923)

So, for every line you put into a custom hosts file it's 2 characters smaller (0.0.0.0 vs. 127.0.0.1), & 0 is even BETTER, by 8 characters per line item entry in custom hosts files:

Thus, & this makes for FASTER parsing + load of the hosts file... since less material to parse exists per line item record.

* Some "Food 4 Thought", Mike... it works & NO LOOPBACK OPERATION is incurred using it either... "bonus"!

(For the rest of what custom hosts files can yield to the end-user in terms of:

---

1.) Better "layered-security"/"defense-in-depth"
2.) More "screen realestate"
3.) Better speed/bandwidth for websurfing (it's YOUR money after all, vs. adbanners sucking up CPU cycles (electricity) & page loading slowups, IF NOT being malscripted themselves @ times)
4.) Better anonymity (to an extent vs. DNSBL's + DNS Request Logs)

---

& more? See here -> http://yro.slashdot.org/comments.pl?sid=2909133&cid=40294767 [slashdot.org] )

APK

P.S.=> Put it THIS way: Even Microsoft's own personnel in the then HEAD of the "Windows Client Performance Division" who posted here as "Foredecker" had to concede that much to me on 0.0.0.0 vs. 127.0.0.1 (Moreso for the "short-form" of 0.0.0.0, which is 0 only... that works even BETTER, but is no longer an option for the most modern versions of Windows (Vista/7/Srv2008) since 12/09/2008 on MS "Patch Tuesday" when the ability to use 0, which is EVEN FASTER/SMALLER still, was removed in Windows VISTA/7/Server 2008, but can STILL BE USED on Windows 2000/XP/Server 2003) in the link posted next (since it's common-sense & yes, it works better/faster, for the reasons noted above) -> http://slashdot.org/comments.pl?sid=1467692&cid=30384918 [slashdot.org]

... apk

noooo really? (2)

Osgeld (1900440) | more than 2 years ago | (#40290221)

Next you will be telling me the sky is blue, and water is wet. Thanks for the report Sherlock!

google analytics (0)

Anonymous Coward | more than 2 years ago | (#40290417)

This is why no one who cares about privacy runs google or facebook tracking stuff they spew all over the web. Seriously, why did anyone EVER run google-analytics scripts? That's always bothered me - why would someone volunteer to run that?

Noscript, RequestPolicy, Ghostery, UserAgentSwticher, and maybe 2 or 3 others. That's what you have to do.

So... (1)

smash (1351) | more than 2 years ago | (#40290845)

... the headline "Google tops web tracking list" would be too anti-Google to post on slashdot?

Re:So... (1)

smash (1351) | more than 2 years ago | (#40290861)

... and after RTFA, its not even close to facebook. More tracking by a factor of 7-8x on their top hit, alone.

Twitter? (1)

k(wi)r(kipedia) (2648849) | more than 2 years ago | (#40291041)

I understand the inclusion of the usual suspects (F and G), but Twitter? I always assumed they were the least evil birds in the flock. According to the report, Twiiter button ranks as No. 6 in the trackers' top 20, behind the No. 4 Google+, sandwiched between Facebook Social (No. 3) and Connect (No. 5). Apparently G+ is already more popular than Twitter, at least as far as the geek market is concerned.

Ghostery: Breaks far fewer things than NoScript (2)

Sarusa (104047) | more than 2 years ago | (#40291823)

I use NoScript myself (and Ghostery), but most people can't deal with how you have to selectively allow javascript domains to get new sites to work under NoScript.

Ghostery accomplishes most of what you want (don't track me, don't steal my info) effortlessly while breaking almost nothing. So you can install it for anyone and not worry too much they'll come complaining to you.

Also, the Ghostery list on any page is freaking scary (Slashdot has only two items). And I'd say 99% of sites are using Google Analytics (including Slashdot).

Re:Ghostery: Breaks far fewer things than NoScript (1)

Artemis3 (85734) | more than 2 years ago | (#40292541)

I install it everywhere to reduce bandwidth usage, same as adblock. The amount of traffic all these trackers generate per page is ridiculous; often the page won't even load unless the trackers have completed sending their data, unacceptable. I also happen to use noscript, cookie monster and refcontrol, to whitelist selected sites.

Re:Ghostery: Breaks far fewer things than NoScript (1)

rapidmax (707233) | more than 2 years ago | (#40293343)

I used to use noscript until I found the RequestPolicy plugin. This along with cookie monster works great to block unwanted third party requests. It takes a moment to build the initial RequestPolicy whitelist, but once my most important pages are listed it works quite well.

21++ ADVANTAGES OF HOSTS FILES (0)

Anonymous Coward | more than 2 years ago | (#40293729)

Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs):

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/ [theregister.co.uk]

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/ [theregister.co.uk]

---

Google's DoubleClick spreads malicious ads (again):

http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/ [theregister.co.uk]

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/ [theregister.co.uk]

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/2008/12/16/google_sponsored_links/ [theregister.co.uk]

---

DoubleClick caught supplying malware-tainted ads:

http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/ [theregister.co.uk]

---

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users:

http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/ [theregister.co.uk]

---

Real Media attacks real people via RealPlayer:

http://www.theregister.co.uk/2007/10/23/real_media_serves_malware/ [theregister.co.uk]

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/ [theregister.co.uk]

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211 [threatpost.com]

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool [slashdot.org]

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9 [slashdot.org]

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against [securityweek.com]

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

High Severity BIND DNS Vulnerability Advisory Issued:

http://tech.slashdot.org/story/11/02/23/156212/High-Severity-BIND-Vulnerability-Advisory-Issued [slashdot.org]

---

Photobucketâ(TM)s DNS records hijacked:

http://blogs.zdnet.com/security/?p=1285 [zdnet.com]

---

Protecting Browsers from DNS Rebinding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Problem Linked To DDoS Attacks Gets Worse:

http://tech.slashdot.org/story/09/11/15/1238210/DNS-Problem-Linked-To-DDoS-Attacks-Gets-Worse [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

---

20++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* POSTS ABOUT HOSTS FILES I DID on "/." THAT HAVE DONE WELL BY OTHERS & WERE RATED HIGHLY, 26++ THUSFAR (from +3 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAPb (hardware router type OR software type, vs. IP address based threats)::2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once? GET CACHED! Right into the kernelmode diskcaching subsystem (fast & efficient RAM speed), for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32\drivers\etc on Windows, which marks it "Dirty" & then it gets re-read + reloaded into the local diskcache again). This may cause a SMALL initial load 1 time lag upon reload though, depending on the size of your HOSTS file.

E.) HOSTS files don't protect vs. BGP exploits - Sorry, once it's out of your hands/machine + past any interior network + routers you have, the packets you send are out there into the ISP/BSP's hands - they're "the Agents" holding all the keys to the doorways at that point (hosts are just a forcefield-filter (for lack of a better description) armor on what can come in mostly, & a bit of what can go out too (per point #20 above on "locking in malware")). Hosts work as a "I can't get burned if I can't go into the kitchen" protection, for you: Not your ISP/BSP. It doesn't extend to them

F.) HOSTS files don't protect vs. IP addressed adbanners (rare) &/or IP address utilizing malwares (rare too, most used domain/host names because they're "RECYCLABLE/REUSEABLE"), so here, you must couple HOSTS files w/ firewall rules tables (either in software firewalls OR router firewall rules table lists)... apk

I recently got rid of all my Google services (0)

Anonymous Coward | more than 2 years ago | (#40292719)

because of privacy concerns. It wasn't the consolidation of all my Google accounts in March that did it. Rather it was installing the Ghostery plug-in and realizing just how many sites use Google analytics. I already knew Google had about 12 years of my search history, and 8 years of my email, and I was pretty okay with that. But seeing that Google could also keep a record of virtually every site I visit was just a step too far. So now the only Google service I use with any regularity is youtube with no login. Excising Google from my online life felt like a bad breakup, but I don't miss it at all now.

Who really cares! (0)

Anonymous Coward | more than 2 years ago | (#40293409)

Welcome to the modern world.
If you are paranoid about being tracked, logged, spied on, then don't go on the net, or make phone calls, or have a mobile, or any accounts, or credit cards, or anything.
Big brother and all his friends are watching.

gostery lists 17 diffirent trackers (1)

blokkie (322983) | more than 2 years ago | (#40293819)

and itworld.com has a nice set of 17 diffirent trackers on that page reported by gostery ...

I don't mind sharing info with one company (0)

Anonymous Coward | more than 2 years ago | (#40294203)

I'm more worried about sharing with OTHER companies I don't care about.

Scary scenario, grocery stores send my data to insurance companies that now raise my insurance rates for all the soda I drink calling my a diabetes threat.

For example there are people in my family I share some information with, there are some I don't. It is what company have I built trust with to share information.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>