Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Berkeley Law Releases Its First Web Privacy Census

Soulskill posted more than 2 years ago | from the are-you-the-head-of-your-internet-household dept.

Privacy 55

New submitter DeeEff writes "The first report in the University of California, Berkeley Law School's quarterly Web Privacy Census was released on Tuesday, and it shows that popular Web sites are far more aggressive in their consumer tracking practices than most people suspect, and that consumers are trapped in an escalating privacy crisis with limited control over their personal information. Most interestingly noted in the article is that twice the amount of sites are using HTML5 storage as opposed to last year, while Flash Cookies are dying down, as we should expect. It also appears that third-party tracking seems to dominate most sites, such as from Google, Facebook, and other large players."

Sorry! There are no comments related to the filter you selected.

The rest are details. (4, Insightful)

Johann Lau (1040920) | more than 2 years ago | (#40471863)

By the way, if anyone here is in advertising or marketing, kill yourself.

Just a little thought. I'm just trying to plant seeds. Maybe one day, they'll take root. I don't know. You try. You do what you can. Kill yourself.

Seriously, though. If you are, do. No, really. There's no rationalisation for what you do, and you are Satan's little helpers, okay? Kill yourself. Seriously. You are the ruiner of all things good, seriously. No, this is not a joke, if you're going: "There's going to be a joke coming." There's no fucking joke coming. You are Satan's spawn, filling the world with bile and garbage. You are fucked, and you are fucking us. Kill yourself, it's the only way to save your fucking soul. Kill yourself. Planting seeds.

I know all the marketing people are going: "He's doing a joke." There's no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend - I don't care how you do it. Rid the world of your evil fucking machinations.

I know what all the marketing people are thinking right now, too. "Oh, you know what Bill's doing? He's going for that anti-marketing dollar. That's a good market, he's very smart." Oh man. I am not doing that, you fucking evil scumbags! "Oh, you know what Bill's doing now? He's going for the righteous indignation dollar. That's a big dollar. Lot of people are feeling that indignation, we've done research. Huge market. He's doing a good thing." God damn it, I'm not doing that, you scumbags. Quit putting a goddamn dollar sign on every fucking thing on this planet! "Oh, the anger dollar. Huge. Huge in times of recession. Giant market, Bill's very bright to do that." God, I'm just caught in a fucking web. "Oh, the trapped dollar. Big dollar, huge dollar. Good market, look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar ..."

How do you live like that? And I bet you sleep like fucking babies at night, don't you? "What did you do today, honey?" "Oh, we made arsenic childhood food. Now, good night. Yeah, we just said, you know, is your baby really too loud? You know ... yeah, the mums will love it, yeah." Sleep like fucking children, don't you? This is your world, isn't it?

-- Bill Hicks

Fuck You (-1)

Anonymous Coward | more than 2 years ago | (#40471883)

like you need more - cleanser as in cleaning one out - or as in washing ones brain - or do you mean like

still i say you are full of shit

Not as simple as "use Tor!" (4, Interesting)

betterunixthanunix (980855) | more than 2 years ago | (#40471933)

Yes, I know, someone is going to say, "Use Tor!" -- and I would have said the same thing not so long ago. Yet this is more complicated than just deploying privacy enhancing technologies.

We are talking about companies that have teams of hackers and computer scientists who are paid to find ways to break technical measures of protecting privacy. Substantial effort is needed to fight back, and most people are not willing to do the sorts of things that would be needed to protect their privacy. Disabling Flash, Silverlight, Java, and Javascript? Disabling cookies? These things make using the web very difficult these days, and as if that were not enough, there are malicious Tor exits that look for passwords and credit card data -- leaving users dependent on the very websites that are violating their privacy to protect it (by enabling TLS).

So unless someone has figured out a way to compel everyone to stop installing every trendy plugin, to give up on trendy Javascript-heavy websites, and to demand TLS from every website they connect to, we need to put some legal restrictions on data collection in places. Yes, I know, the big bad government interfering with business, but let's put it this way: do you want the big bad government to have access to vast logs of user activity (which is the next step after the corporations collect it -- the government either asks politely, demands it, or covertly acquires it)?

Which leaves us at the heart of the problem: the only organization in our society with the power needed to stop this has an interest in promoting it.

Re:Not as simple as "use Tor!" (2, Interesting)

Anonymous Coward | more than 2 years ago | (#40472183)

These things make using the web very difficult these days

Do they really though? People keep saying that, but I've never seen it. I don't enable ANY of that shit by default. I whitelist a few sites like yahoo or my local bank, and that's it. Everything seems quite fine honestly, and much, much, much less annoying. When I look at the web on other people's computers who don't do that, it just looks entirely unusable. There's shit popping up over things you're trying to read, shit moving all around the screen to distract you, ... it's unusable.

I think it's exactly the reverse of what you say. The web is very difficult to use WITHOUT disabling javascript, flash, and silverlight.

Cookies, yeah, but you can immediately reject 3rd party cookies with no problems, and others, you can turn into session cookies.

Re:Not as simple as "use Tor!" (1)

C_amiga_fan (1960858) | more than 2 years ago | (#40472191)

Using Opera browser I have disabled Flash, Silverlight, Java, and Javascript. But left cookies active (to login). It makes webpages load about 400% faster and doesn't really break anything, except video sites, but that's an easy fix (just click the play button).

As for regulation of user data, and limiting its use, just make it part of the corporate license. If companies don't like it they can give-up the license and be free to do whatever (of course google, facebook, and the rest won't do that).

Oh and the government won't "ask nicely" for our data. They are in process of passing CISPA to make it automatically available to Homeland Security whenever desired. Isn't fascism (corporate/government partnership) great?

Re:Not as simple as "use Tor!" (1)

beachcoder (2281630) | more than 2 years ago | (#40476451)

Another Opera user here. I enable cookies from only the site I visit, and they're auto-deleted when I close Opera. Coupled with the Wand and Notes/Personal info only a right-click away, it keeps a lot of the guff out of the system.

Re:put some legal restrictions on data collection (1)

TaoPhoenix (980487) | more than 2 years ago | (#40473551)

To get the snark comment out of the way, it's no longer 99-0 against the Tin Foil Hats. They're starting to collect a few victories. So for the Obligatory Tin Foil Hat comment, "the powers that be have no reason to stop their delicious lunch on consumer data."

Okay, with that out of the way, my suggestion is that if you get a big enough pissed-off-big-pocket on our side, get personal data classified as Copyrighted Data. Then when these companies go to share it with their buddies, all those $375,000 copyright penalty fees kick in reverse, and lead to a disaster against these companies. Think of the sports industries. Those are real players, right? Real people doing real things. So why is it magically a copyright violation to broadcast the game for copyright reasons?

Even a patent would be funny, it would buy us some 20 years to punt the problem into the 2030's. "My information is an important part of what makes me, me."

Somehow we mostly got the correct handling on the medical side - you don't see (yet!?) companies offering to show everyone your medical history. Now if we can get that to apply to all personal data, it would be interesting.

Re:not willing to do the sorts of things (1)

TaoPhoenix (980487) | more than 2 years ago | (#40473605)

Yeah, I'm starting to enter this group. I'm midline - I run a modified variant of Firefox with AdBlock, Ghostery, Do Not Track, the Collusion plugin, and Private Browsing Mode with history set to zero. And that's about all the energy I have for this stuff.

If all that is not enough, (and it's not), that's the point of the article.

Ghostery. Right away. (3, Interesting)

gestalt_n_pepper (991155) | more than 2 years ago | (#40471935)

Installing ghostery is the first thing I do now when I install a browser. You'll find that you can't interact with a lot of sites, or write comments on them if their tracking software is off, which gives you a good list of sites to stay away from.

Re:Ghostery. Right away. (1)

betterunixthanunix (980855) | more than 2 years ago | (#40471979)

Which is also why this is not a battle that will be won with technology. Most people do not understand the extent to which their privacy is being violated or the implications of those violations, and only see the technical measures as getting in the way of what they want to do with their computers. The web companies know this, and that is why their websites are designed to fail if you disable technologies that are known to be used for tracking.

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40472147)

Which is also why this is not a battle that will be won with technology.

Disagree. I think it's a battle that can only be won with technology. You can't win it with a law. First, that will just move the tracking to a country without that law (think China gives a shit?), and second, the government will make sure the law doesn't apply to itself.

It MUST be solved with technology, and computer programmers have let the entire public down by letting things get to this point in the first place.

and that is why their websites are designed to fail if you disable technologies that are known to be used for tracking.

Agreed, but that means people should stop using those web sites, and the sites will either change for the better, or go under. The problem is that nobody gave a shit, so the practices became embedded.

The problem is entitlement mentality. People see some social web site as a "necessity" when it is pure luxury, and they aren't willing to have even the smallest shred of inconvenience in order to have the web not totally suck. People in other countries give their lives for freedom, but in the west, we won't even stop using a fucking web site to preserve online freedom. And that, in a nutshell, is why privacy on the web is clinging to life by a thread.

Re:Ghostery. Right away. (1)

Anonymous Coward | more than 2 years ago | (#40472185)

I use ghostery too, but keep in mind browser uniqueness. Test here: https://panopticlick.eff.org

My results:
Your browser fingerprint appears to be unique among the 2,262,812 tested so far.

So despite ghostery, ad-block plus, and custom hosts file (winhelp2002.mvps.org/hosts.htm) google, facebook, linkedin et al can all still track my between home, work and on the move once I use their services.

The only alternative I can thing of is a browser appliance (virtual machine), for each major service.

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40472205)

I use ghostery too, but keep in mind browser uniqueness. Test here: https://panopticlick.eff.org

My results:
Your browser fingerprint appears to be unique among the 2,262,812 tested so far.

So despite ghostery, ad-block plus, and custom hosts file (winhelp2002.mvps.org/hosts.htm) google, facebook, linkedin et al can all still track me between home, work and on the move once I use their services.

The only alternative I can think of is a browser appliance (virtual machine), for each major service.

wow my spelling sucks

Re:Ghostery. Right away. (1)

gestalt_n_pepper (991155) | more than 2 years ago | (#40472239)

The other alternative is a temporary instance of a VM in a cloud service. Use and toss much like a mobile phone.

Re:Ghostery. Right away. (1)

Anonymous Coward | more than 2 years ago | (#40472335)

I got:

"Within our dataset of several million visitors, only one in 5,312 browsers have the same fingerprint as yours."

I have jasascript turned off, meaning it could not request most of the data it did. It's scary to me that so few people DO have javascript disabled by default. it's one of the biggest security risks AND privacy risks. Turning it off is a huge win, and something that should probably be configured that way out of the box on consumer browsers, since people don't often know enough to disable it themselves. It's easy enough to whitelist it when you absolutely need to and trust the site in question. Anyway the web is so much less annoying when you disable flash and javascript. Things load faster, annoying ads don't appear all over everything, and many sites revert to a nice clean version of the site without their annoying "web 2.0" UI.

Re:Ghostery. Right away. (2)

Jah-Wren Ryel (80510) | more than 2 years ago | (#40472367)

The only alternative I can thing of is a browser appliance (virtual machine), for each major service.

I've been thinking along those lines too. What I would like to see is an extension for firefox that spoofs and/or configures all of that stuff based on the URL in the current tab.

For example, if the URL includes facebook.com you get one profile and if you are browsing google.com you get another. The profile would include things like:

unique browser-agent
unique cookies (of all sorts)
unique bogus X-Forwarded-For http header
unique adblock exception list
unique set of accepted content-types
etc - basically everything one can possible use to fingerprint a browser

The RequestPolicy extension is the closest I've seen to that and it is still a long ways away. But what it does is let you define a list of exceptions based on the current URL, so if you are browsing google, you can pull in stuff from googleapis.com but if you are somewhere else, googleapis.com will be blocked.

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40473459)

My fingerprint was unique, but it was specifically because of my user agent string, which reflects the fact that I'm using an Aurora nightly build. Since that changes every day (in my case), I suspect it's of limited value as a tracking mechanism, assuming an automated system.

Re:Ghostery. Right away. (2)

Jah-Wren Ryel (80510) | more than 2 years ago | (#40472243)

Installing ghostery is the first thing I do now when I install a browser. You'll find that you can't interact with a lot of sites, or write comments on them if their tracking software is off, which gives you a good list of sites to stay away from.

I've bee using ghostery for what feels like forever and I have run across less than 5 sites that would not function without turning ghostery off.

I can't say for the commenting part though because practically no website allows anonymous comments any more and I refuse to create an account just for a one-off comment and won't even go near facebook for regular use, much less as a global-login.

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40472433)

I can't say for the commenting part though because practically no website allows anonymous comments any more

Nod nod nod. I think this was something lost when people moved off usenet and onto a million little fiefdoms. On usenet you could easily have one or multiple pseudonym identities, no one controlled the discussions, you didn't have to sign up for shit, and the reader software was much better than on any web forum I've EVER seen. I mean literally 100% of web forums I've seen in my entire life suck compared to the functionality of the better usenet clients.

I'm all for the forward march of technology, but not when it replaces good things with pure suck.

Re: UseNet or why Ad Peoples Suck So Very Much (1)

WillAffleckUW (858324) | more than 2 years ago | (#40473127)

I can't say for the commenting part though because practically no website allows anonymous comments any more

Nod nod nod. I think this was something lost when people moved off usenet and onto a million little fiefdoms. On usenet you could easily have one or multiple pseudonym identities, no one controlled the discussions, you didn't have to sign up for shit, and the reader software was much better than on any web forum I've EVER seen. I mean literally 100% of web forums I've seen in my entire life suck compared to the functionality of the better usenet clients.

I'm all for the forward march of technology, but not when it replaces good things with pure suck.

The problem is that all the advertising spam since those nutso lawyers spammed UseNet is why we have all the authenticated logins.

Half the denial of posting is to handle advertisers trying to push whatever crap they have in their bag.

The other half is wacko nutjobs yelling at people in uppercase.

Re: UseNet or why Ad Peoples Suck So Very Much (1)

Jah-Wren Ryel (80510) | more than 2 years ago | (#40473689)

Usenet is way better than the bad old days that followed the green card lawyers.
It has been mostly forgotten by their type, having moved on to crapping all over the web, and the single to noise ratio on usenet discussions has improved.

Re: UseNet or why Ad Peoples Suck So Very Much (1)

WillAffleckUW (858324) | more than 2 years ago | (#40473733)

So there are more singles?

Cool.

Are they actual women or people like me who used to post as women for a joke?

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40472249)

Yes! Ghostery, but also adblock, noscript, requestpolicy, and user agent switcher.

All must-haves. IMHO all those should be installed on firefox by default, and enabled OOTB.

Re:Ghostery. Right away. (1)

C_amiga_fan (1960858) | more than 2 years ago | (#40472313)

I went searching for Ghostery to install on Opera, and ran across this. Agree or disagree?

AdBlock, NoScript & Ghostery â" The Trifecta Of Evil [Opinion]
http://www.makeuseof.com/tag/adblock-noscript-ghostery-trifecta-evil-opinion/ [makeuseof.com]
"Matt has already written an extensive article on why AdBlock plugin is destroying the Internet..... So when you use NoScript, youâ(TM)re breaking the Internet. Not only do you drag webpages 10 years into the past, but you prevent essential modern page components from loading..... Scare tactics are part of the problem, from conspiracy theorists who believe the government is watching them and now the Internet tracking companies know their every move too. Trouble is, a lot of people without technical knowledge on the subject believe those scare tactics......" and so on.

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40472541)

Speaking of "scare tactics"...

Anyway, I use all three of these plugins. I understand the point on AdBlock, which is why I tend to turn it off on sites that I want to support. But NoScript kills the Internet? Really? The only things I can't use with NoScript that I might want to are social sites, comment sections, and those dumb non-standard dropdown menus that are so common (for an example that I ran across today, see Shapeways). Everything that's important works fine. And as far as Ghostery goes... the fact "they’re being used for what’s called a behaviourally-targeted market" is exactly why I use it. I don't want you to be able to track me on the Internet for the same reason that I don't want random strangers tracking me in real life.

The preemptive strike on "stop watching TV" was really amusing, especially since I already have and it's also the wrong analogy. TV ads are like ads based on the content of the page you're visiting. Go to a gaming site, get game ads. Go to a gun enthusiast site, and you'll see ads for whatever rifles are in fashion today (or ads for whatever else gun enthusiasts buy. Beer? I suppose that's just the redneck stereotype.). The ads that I use these plugins to avoid are those that track me across sites, which would be like department store employees following me into the bookstore or coffee shop or whatever and telling me about all their great deals. Stop stalking me, creeps.

Re:Ghostery. Right away. (0)

Anonymous Coward | more than 2 years ago | (#40472583)

Simply disagree.

If the author of this piece has a problem with users with ghostery etc, he can simply serve blank content to those users.

If I *really* wanted to read his piece then I would have to disable the blocking.

For example, a newspaper I read uses the DISQUS comment system. As I use ghostery I do not see the discussions, which I think is a good thing as the quality of discussion by the general public tends to be of poor quality. Faster page loads, and only the content I intended to view.

Re:Ghostery. Right away. (1)

Hatta (162192) | more than 2 years ago | (#40472587)

Complete misinformation by someone with a vested interest in abusing your privacy. Disregard entirely.

Ghostery's true background (1)

Anonymous Coward | more than 2 years ago | (#40473383)

Do Not Install The Proprietary Ghostery FF Addon!

Ghostery's true background (Score:3, Interesting)

"Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.

Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.

When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something thatâ(TM)s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.

To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy."

- http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193 [slashdot.org]

I miss the good old days... (1)

Sarten-X (1102295) | more than 2 years ago | (#40471977)

Remember the good old days when we complained about those nasty banner ads that would compile lists of what sites in their network you'd visit? When privacy meant not using your real name online? Such simple and naive times...

Re:I miss the good old days... (1)

betterunixthanunix (980855) | more than 2 years ago | (#40471987)

That was back when the government was actively thwarting the deployment of encryption on the Internet. Now we are stuck in a situation where our privacy is even easier to violate because hardly anything is encrypted or authenticated.

Re:I miss the good old days... (1)

the eric conspiracy (20178) | more than 2 years ago | (#40472099)

Face it, the internet was never intended to provide privacy. Any attempt to do so is a bolt-on that will have problems.

Re:I miss the good old days... Privacy vs Net (2)

WillAffleckUW (858324) | more than 2 years ago | (#40473151)

Actually, the net works very well for privacy. If you have secure websites with encyrption and specific usernames and logins and don't tell anyone about it, it works quite well.

The problem arises when they want to make THAT public.

It's my Internet. It wasn't made for you non-techies. You were an afterthought.

Re:I miss the good old days... (2, Interesting)

Anonymous Coward | more than 2 years ago | (#40472235)

When privacy meant not using your real name online?

If you go back even further, everyone was using their real names online. In the 1970's and the first part of the 80's on (then) arpanet, the standard was to use your real name, and be "fingerable" to discover even more data about you such as your phone number and such. (I know, because I remember those times). But there weren't entire organizations hell bent on logging everything you did, so in that sense, it was far more private even if your data could be discovered by anyone. It was not yet an "evil" internet, and in that sense, yes, I miss the good old days. The pre-evil days.

I blame every single person who joined the internet after about 1990. It was fine before the epic influx of clueless people. With the original internet population, none of this tracking shit would have worked. We'd have run those places off the damned net, stopped patronizing them, and blocked their attempts to track us. But the clueless legions that started to appear.... the stupid overwhelmed the smart.

Re:I miss the good old days... (1)

idontgno (624372) | more than 2 years ago | (#40473067)

Damn September. [wikipedia.org]

The long-term problem with the clueless hordes of newbie sheep wasn't merely that they bleat incessantly, stick their clunky hooves into everything, and crap on the carpets... it's the fact that unshepherded sheep attract predators by the pack. So that's what we have now... an internet of sheep, lured and corralled by wolves with good herding skills.

Or, if you insist on your metaphors unmixed, the range was wide open before they came. And now there are barbed wire fences and loud flashy towns and con men and lawmen all over the place.

I miss being an Internet Cowboy.

Re:I miss the good old days... (1)

Teresita (982888) | more than 2 years ago | (#40474321)

Recently Google Groups went off USENET for about week while they were fiddling with something, and the n00bs didn't even know. It was refreshing. But then Google came back online and all those posts in the queue were dumped on USENET, and it was September deja vu all over again.

www.admuncher.com (0)

Anonymous Coward | more than 2 years ago | (#40472003)

the first thing i do is install ad muncher.

been doing so for years.

The worst offenders (1)

bmo (77928) | more than 2 years ago | (#40472019)

The worst offenders are the ones that drive me to noscript and adblock plus. The more these fruitcakes at sites like Gawker Media^1 insist on throwing more crud at me, the more I will further fortify my position and flush all ads and tracking.

And now, if the world was ending, and the only way to save myself was to get a lottery ticket from Gawker Media for the next space ship leaving Earth, I wouldn't, on principle.

--
BMO

1. Gawker Media is: gawker gizmodo kotaku jezebe deadspin lifehacker jalopnik io9

you get the internet you deserve (0)

Anonymous Coward | more than 2 years ago | (#40472021)

People fall all over themselves to give away their personal information. You can't fight that.

If people stopped using sites like Facebook and Google that spread tracking shit all over the internet, those sites would die and that would be that. It's well known that these sites track every damn thing you do. It's been widely reported on in the popular media. But people keep using them no matter HOW bad they act, so they continue to act badly. I remember when tracking scripts first started appearing online. If nobody had run them, that shit would have died out in a few months.

I wish I could remember that quote about politics about a good government requiring eternal vigilance from the population. Well, it's the same online. When people don't give a fuck, then this is what you get. There's another good one from the political space: "you get the govt you deserve". Same here. We get the internet we deserve - or better, we all get the internet that the majority deserves. And given how little most people care, and how little effort they make to maintain their privacy, we deserve a fucked up privacy violating internet.

Companies do this shit because people keep on shoveling money at them for doing it.

people don't get this (0)

Anonymous Coward | more than 2 years ago | (#40472075)

third-party tracking

Thing is, third party tracking is optional. It's there be default, yes, but you don't HAVE to accept those cookies, run those scripts, leak your user-agent, or anything else.

The way to preserve your privacy is to not leak the data in the first place. If you do, and your privacy WILL be violated. If not in the USA then somewhere else, but it will be.

The real threat to privacy now is that anonymity starts to become more and more prevented on web forums, or if not outright prevented, at least punished, like on Slashdot where you post at 0 by default if you're anonymous, and few people will even see what you say.

Re:people don't get this (2)

Johann Lau (1040920) | more than 2 years ago | (#40472425)

The way to preserve your privacy is to not leak the data in the first place. If you do, and your privacy WILL be violated.

Kinda like going outside unarmed will get you robbed and killed, unless we make that illegal and enforce the law -- which doesn't completely stop it, but kinda helps. But let's drop that rape culture "blaming the victim" shit, yeah?

Also, there's no way to not "leak", say, your IP address. So much for "you don't HAVE to accept those cookies, run those scripts, leak your user-agent, or anything else." That's bullshit even for geeks, doubly so for non-geeks.

Re:people don't get this (0)

Anonymous Coward | more than 2 years ago | (#40472503)

Also, there's no way to not "leak", say, your IP address.

Umm... bullshit. My IP address right now appears to be in Netherlands, as far as slashdot sees, but I am actually in the USA.

Please stop saying technically ignorant things as if they were fact. It's perfectly well possible to not leak your IP address.

Re:people don't get this (1)

Johann Lau (1040920) | more than 2 years ago | (#40472657)

My IP address right now appears to be in Netherlands

To whom? To the site you connect to via proxy? The proxy? To your ISP?

Since packets have to reach you, *someone* has your IP address. If you run your own proxy, guess what, you're either fucked or scum that uses the computers of others without consent. If you use someone else's proxy, guess what, you're either very lucky or also fucked, because you think you have privacy but actually don't.

See how that works? When you control it, you're doing it. That proxy you control is you. If you don't control it, well... just how lucky do you feel, exactly?

Please stop saying technically ignorant things as if they were fact.

Then enlighten me. You failed hard so far, and pouted orders don't impress me much either.

It's perfectly well possible to not leak your IP address.

Your comment kinda stops *just* before you could actually have made a point. Maybe try again? Give examples, that sort of thing. It's hard to tell if you're just naive or bluffing with what little you have given so far.

Re:people don't get this (0)

Anonymous Coward | more than 2 years ago | (#40472771)

(different AC here)

Since packets have to reach you, *someone* has your IP address

Yes, but there are proxies that drop that data on the floor immediately as a matter of policy. You don't have to trust just ONE of them, you can use a sequence of them.

Sure, you can argue that in theory, every one of them could be lying. It's possible, but the chance is quite low. if you use several. If I don't use any, then the chance of being tracked by IP is 100%. What would you rather have, a 100% chance, or a 0.1% chance?

Re:people don't get this (2)

Johann Lau (1040920) | more than 2 years ago | (#40473089)

Good point about chaining, but still... that's like asking me wether I'd rather like hepatitis or AIDS!

Of course I would prefer hepatitis, but ideally, I would prefer icecream to both. And by that I mean legislation that a.) actually addresses the issue and b.) actually gets enforced. I know that's asking a lot, it's utterly naive seeing how everybody is in bed with everybody; but the thing is, as long as a good chunk of the people who are are technically literate think it doesn't affect them, because they have ways around it, those voices are lacking, which makes the whole thing even less likely to happen. It's a web meme thing that annoys me since the days of gnutella... "they can't catch me" "they can't catch us all", "hax0rs will always find a way" etc.... it strikes me selfish at best, and cowardly at worst.

I'm not saying you can't take steps to make it harder to track you, I'm saying your grandma can't. Neither can little kids. Neither can 99% of the adults. So y u no angry? Statistically insignificant outliers are just that, you know... and no tyranny had or has 100% coverage and total control, not even the worst you could mention, so IMHO that is never a reason to shrug something off. It could be worse, but it should be better.

Personally, I went real name a long time ago and haven't looked back since. Anyone who collects data on me simply burdens themselves with something they then have to hide from me. But I'm nuts, and most people aren't exhbitionists of hate like me. So their mileage varies, and that's why I care. Don't ask for whom the bell tolls, it tolls for thee, and all that...

Re:people don't get this (0)

Anonymous Coward | more than 2 years ago | (#40472905)

Since packets have to reach you, *someone* has your IP address.

You're still not understanding. I will try to enlighten you.

The first proxy site has it, but that's useless to anyone else. The important part is that Google and a million tracking sites don't have it - you know, the places that are the actual problem being discussed? The proxy sites I use have no known history of ever selling that data to advertizers. They reside in different countries from each other, as well. If the first were to (say) sell or give away the data, then what? Someone sees that I connected to the next in the chain, and that tells them what? Nothing. If the last were to do similar, they see what? A connection from the previous in the chain. That tells them nothing. The entire chain (which changes from session to session) would have to be compromised BY GOOGLE and similar commercial trackers (the topic of TFA). Is Google doing that? If you have evidence they are, please present it.

The point being discussed by TFA is about commercial entities like Google and Facebook tracking everything you do. This is one (of several necessary) techniques to defeat that tracking. You said this:

Also, there's no way to not "leak", say, your IP address.

Simply put, you are wrong.

Re:people don't get this (2)

Johann Lau (1040920) | more than 2 years ago | (#40476187)

The important part is that Google and a million tracking sites don't have it - you know, the places that are the actual problem being discussed?

The actual problem being discusssed is people who use the web being tracked. Not people who browse through a gazillion proxies being able to evade that, provided the following is true:

The proxy sites I use have no known history of ever selling that data to advertizers

Not that you have any way to check, do you. What does "no known history" mean? That if they sold data, it would have become known? That's silly.

Also, if 80% instead of, say 0.8% percent of all people would use proxies, and without any legislation that proclaims their right to do that sacrosanct, you'd see a huge ramp up in honey pots (not that you'd SEE it heh) and whatnot. In other words, you're not anonymous because nobody can get at you, but mostly because so many people aren't, nobody is even trying (hard) to get at you. It's just not worth the effort -- yet. Your data is worth as much as the data of others, it's much harder to get, so they pass, for now.

Since I love Nazi comparisons: go for the weak first, consolidate your power using them, then use that power to overcome the rest. It's Nazi/Business 101, really, and Godwin can shut the fuck up. First they came for grandma, but I was using proxies, so I didn't stand up. Then they came for noobs, but I was leet, so I didn't stand up. Then suddenly my PC broke, and the only new ones I could get only had a huge "soma" button in the middle of the screen... which is when it dawned on me that my sense of superiority and security was uncalled for and played right into the hands of those who planted it there, and that technical solutions can't solve human problems in the long run.

The entire chain (which changes from session to session) would have to be compromised BY GOOGLE and similar commercial trackers (the topic of TFA). Is Google doing that? If you have evidence they are, please present it.

Wait, I know, I'll simply use your awesome logic: They have no known history of not doing that. If that kind of evidence is good enough for you, it's good enough for me :P

NoScript (2)

doas777 (1138627) | more than 2 years ago | (#40472179)

This is exactly why I use noscript. I persistently block googleadservices.com, doubleclick.net, etc, but I like that Noscripts protects me from the 3rd party listeners by default but in a granular way.

Re:NoScript (0)

Anonymous Coward | more than 2 years ago | (#40477893)

No it doesn't. Start using RequestPolicy and you'll see how much NoScript misses. It's quite a lot...

google not in the tables? (0)

Anonymous Coward | more than 2 years ago | (#40472229)

it's really surprising to me that google doesn't appear in the tables...

Re:google not in the tables? (1)

DeeEff (2370332) | more than 2 years ago | (#40473157)

This is because Google owns doubleclick, which happens to be one of the worst offenders, if you RTFA.

Though honestly, its not just them. They do happen to be one of the highest tracking companies, but that's not really news in itself. The interesting part of the article are the other players.

Invading privacy through third party scripts and services seems to be the norm, I'm afraid.

Private Data as an "Asset" class (0)

Anonymous Coward | more than 2 years ago | (#40472701)

According to http://knowledgerights.org/group/ownership/forum/topics/world-economic-forum-personal-data-as-an-asset-class, patterns of consumption is only one aspect of digital personae. The lawyers are unfortunately ahead of everyone. There was an article which interviewed a senior Facebook exec, where he reassured that the "users" owned the data and all Facebook wanted was a license to republish. The interviewer then asked the pointed question, that if users "owned" the data, then would they be free to give it to ... say Google? The interview took a sudden turn.

As others might point out, possession is 9/10ths of the law. At the moment, Little Brother is well and alive.

What the eff .... (1)

xyourfacekillerx (939258) | more than 2 years ago | (#40473317)

Last article I read on SD was about Microsoft enabling tracking protection by default. Most users here claimed MS pro-privacy measure violated the user's rights. But in this thread, the consensus is that tracking is problematic and we are recommended to block certain sites? Odd, Slashdot. Odd. So walk me through this.

I'm convinced that tracking, data collection and data sharing, among various other obviously unethical privacy violations by hundreds or more large companies on the web is a major concern and in general an undesireable term of use for most users .But I can't opt-out of these privacy breaches, except on the very rare occasion where an individual company's privacy policy allows it (or makes opt-in the default).

And no, choosing not to use the web or some services on the web is not the same as opting out. Otherwise, MS default to enabled tracking protection wouldn't equate to opt-in tracking; if you wouldn't use it, you've already opted-in. So don't tell me, if I don't like the sites, don't use them.

So which is it, Slashdot ? Should I go with a tracking protection list or should I not even worry about it? Can we get some facts up in here?

As an aside, I enabled tracking protection with the default list in IE9, and I could not sign into Yahoo via its web interface. See, this is why Congress or some neutral private company needs to get involved .... Anyways, carry on, ....

Re:What the eff .... (1)

DeeEff (2370332) | more than 2 years ago | (#40475343)

Let me try to explain:

If Microsoft implements Do-Not-Track as default in IE, then the majority of users will never notice the setting and then leave it on. This means, most ad companies will start losing revenue, and fast. This is a problem for most ad companies. So, since Do-Not-Track is just a flag that says "I don't want you to track me," it can't actually prevent companies from tracking you online (since it doesn't have any technical blocking or filtering) if they decide they want to.

If ad companies start finding out that Do-Not-Track is default, and that everyone is using it, they're just going to ignore the feature for everyone, which makes it worthless. Therefore, it is better that Do-Not-Track is opt-in, since this will legitimately show that users don't want to be tracked, as opposed to users who were just too lazy or ignorant to change the settings.

In the long run, companies will be more likely to follow the Do-Not-Track standard if they aren't losing significant market share to it. Since the people opting in should effectively be just the tinfoil hats, they won't care about that revenue, since these people use adblock and don't make them money anyways.

All in all, it's a touchy issue. I don't think anybody here agrees that tracking is good. In fact, most of us think it's deplorable the amount a company tracks us on the web just in the name of a couple ad clicks. However, Do-Not-Track is completely useless unless it is opt-in. Otherwise, companies would just ignore it anyways, since it's not mandated by governments or any powerful institution. Hope that helps clear things up.

HTML5 storage? (2)

gr8_phk (621180) | more than 2 years ago | (#40474677)

Isn't HTML5 storage that shit where they just dump data in a database on YOUR machine? Fuck figuring out who you are and matching shit up - just store it all on your own machine bit by bit and glurb it all in as needed. The problem is these fucking standards shitbags enabling all this. First it was cookies, now it's a full blown local database. Oh, and they can read enough info to identify the machine (recent Orbitz story?) because MSIE6 and other browsers couldn't implement the standards well enough and webdevs had to have more information about your setup just to make shit work.

Just to be clear, the web can work with zero client side storage just by giving a site visitor a GUID embedded in every link - yes this requires the server to then inject the GUID dynamically into every page served, but who gives a shit when half the pages are dynamically created anyway? It wasn't easy in 1993, but today it would be trivial. Can someone please build a framework that makes this simple so we can turn off cookies and still have a "session"?

and no, this is NOT a complete solution to privacy issues by any means - just a start - get peoples machines to stop betraying them.

Re:HTML5 storage? (1)

Vekseid (1528215) | more than 2 years ago | (#40476489)

Use Cookie Monster, so some similar cookie disabling app. For most sites disabling cookies means disabling localStorage.

But cookies are dumb. 99% of the time I don't even want to be seeing what I store in localStorage, it's all user preference gloss, and certainly does not need to be sent between my server and your computer ten million times a day. But right now that's what we use cookies for.

Writing my own fully AJAX driven software, let me just say, adding 2kb to each and every single AJAX request is simply a non-starter. For my site, that will easily run 50 GB/day. Half my bandwidth just for cookies! No.

Storing the session in the URL has certainly been done (never seen a PHPSESSID link when you turn off cookies?) but it's an immense security issue on a community website. Someone steals your url, and they're you. No.

Stuff like Cookie Monster, Refcontrol, Noscript and Flash/extensionblock should simply be standard parts of the browser, with users educated how to use them properly.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?