I think we need to know...
... exactly what information is accessed by these third-party trackers on a web site that should be a secure, private and privileged transaction.
A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers' creditworthiness. Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit. Online privacy firm …
Do modern bank sites work at all with scripting turned off?
The on-line banking sites of four different banks work well enough for me. Apart, that is, from a really strange problem with the site one bank, which problem:
a) I could work around and
b) seems now to have gone away.
I get that unspeakable Rapport pop-up as well, every time, for the same reasons, with the same fatuous suggestion from that bank on how to suppress it. Oh for a browser that will let me run in private browsing, but stores just the cookies I choose and refuses/dumps all others...
What makes it worse is that the Rapport pop-up often takes so so long to be served that I am half-way through logging-on, and I have to abort, close the page, and start again...
I use both NoScript and uBlock Origin. NoScript seems to get first crack at things and when I go to my bank's website, it blocks tracking crap from four domains before uBlock Origin gets to see them. If I use a browser with only uBlock Origin, then it blocks all four because they appear on the blacklists that it uses.
There is one additional domain that interferes with the logon process with an annoying popup ad for some crapware. I reported it to the bank's IT department as a possible infection on their site. They said that the popup will go away if I 1) reconfigure my browsers to never delete cookies and 2) let the popup run once. I prefer to just let NoScript block the domain it's coming from.
What about all the 3rd party scripts that are reversed proxied, so they will be coming from your banks domain are you going to block them as well? A lot of scripts will run to get a fingerprint of your device to see what else you've been up to, IOVation is just one example...
"What about all the 3rd party scripts that are reversed proxied, so they will be coming from your banks domain are you going to block them as well?"
I find that, in practice, most websites I visit don't get this cute. Most bludgeon you with garbage from a massive array of obvious third-party domains. E.g., when I visit the website of a local TV station, NoScript takes out its meat axe and chops out eleven domains (and all the actual content I want to read is still there). This leaves uBlock Origin with very little to do; but it still finds three (non-script) objects on its blacklists and takes care of them. While NoScript might not defend against the kind of thing you mention, this sounds like something that uBlock Origin could potentially deal with, if there's a recognizable pattern to it.
The number of third party crap links (ads,tracker,demographics,analytics) was already toxic over a year ago on many commercial and 'free' sites, and is still getting worse(!), so I /have to use/ whitelist driven tools like NoScript and uMatrix to try and retain some privacy and speed; tough web authors who don't like this, it's your r-type, retarded, promiscuous fault!
I even need Print Edit now for saving pages as text PDFs, even for blog/reference sites, because 50% or more of the page area is not even the actual content, WTF!!!
There is one additional domain that interferes with the logon process with an annoying popup ad...They said that the popup will go away if I 1) reconfigure my browsers to never delete cookies and 2) let the popup run once.
Translation: If you just let us track everything you do, we will stop annoying you with those pesky pop-ups.
And remember banking websites are not free.
They are there to let us see and control our money, which is why most people will use a bank site.
(many) other financial institutions are available. IIRC in the UK "Money Facts" is the magazine to look for.
@AC / written record
If any of this "rich internet experience" ackamarackus was sincere, they would know that you probably did deposit £100,000. But no, none of that is for our benefit, it is just numebrs for the advertising managers.
So you then deposit 100,000 of something else. Not nice.
"Translation: If you just let us track everything you do, we will stop annoying you with those pesky pop-ups."
That's not the worst of it. The pop-up is advertising some security software that the bank would like its customers to install. A quick web search turned up lots of bad reviews of it from people who say it wrecked their machines when they installed it.
The pop-up is advertising some security software that the bank would like its customers to install. A quick web search turned up lots of bad reviews of it from people who say it wrecked their machines when they installed it.
Rapport - lets just get it out in the open. I did try it some years ago - lets just say that it's effects were immediate, wide ranging, and resulted it in being uninstalled with no mercy. The little pile of utter s**t.
I keep a separate browser, configured to clean itself on quit. I have the same problem - every login gets the "Install Rapport or you are leaving yourself wide open" popup, and several other problems related to not saving preferences.
And one bank I use has recently "improved" it's site to be the worst pile of useless and confusing eye candy imaginable - bad enough that I'm considering changing banks.
Would that be HSBC?
I never bothered with Rapport, partly through laziness, but also a reluctance to install unnecessary crap on my equipment.
To be fair though, I've banked with HSBC for over 20 years and my biggest complaint is their new banking website, which compared to the complete IT system meltdowns other banks have had, isn't that big a dea.
>> I keep a separate browser, configured to clean itself on quit.
>Why a separate browser? Permanent private mode has been the name of the game for years now.
I have a VM *just* for online banking - it does not get used for anything else, yes it has Rapport + noscript + ublock origin.
Good luck finding some tracking history there
No, they are tracking shopping habits and stuff like that to decide whether you are a responsible borrower.
How accurate they are, I've no idea. A few months ago, I was getting loads of adverts for dating sites where I could find the "perfect" boyfriend, not something that appeals to me at all. I don't know where they got that idea from when my browsing history is full of lesbian stuff. Now I'm getting loads of adverts for pregnancy testing kits.
Now I'm getting loads of adverts for pregnancy testing kits.
Perhaps Amazon once presented you with an ad for a turkey-baster?
(If that is in far too bad taste, I apologise and will gladly delete this comment.)
But it just goes to show how dangerous all this data-gathering can become. Some bank somewhere decides that their algorithm is ~70% accurate, which is far better than what their loan officers can achieve, and they switch over to trusting the algorithm and rejecting 20-30% of applications regardless of real-world merit or individual circumstance.
And tomorrow, it will be for incontinency pads.
I've seen the same sort of thing.
Any time I use a Bank etc then it is done from a Linux VM that is restored once I'm done with it.
One UK Financial Institution (scumbags) leaves 60+ cookies and other nasties behind for each visit. If the returns on my investment over the past three years had not been so good, I would have stopped using them a long time ago.
"It would have been funnier if your username was not female."
I'm sure there are men out there getting ads for pregnancy testing kits.
If you have a Twitter account, you can see what gender it thinks you are. It doesn't ask when you sign up, they make assumptions based on various things. It got mine right, but it's accuracy seems to be little better than random.
I put togther a PC for my son a couple of months ago ... he's studying engineering at university and said he wanted a desktop as his laptop was not good enouigh for some CAD programs he wanted to run. So to check spec I asked him what CAD programs he'd want to run. One of them was SolidWorks so I did some research on this ... result that is two months later virtually every page I browse on my phone (which doesn't have an ad-blocker) is littered with offers fo rfree trial for SolidWorks. I suppose it makes a change for the weeks after I'd being researching how to fix a leaking flush valve in our toilet!
... as with most things, all of this is stated in the small print. It's just that nobody bothers to read it and then complains and acts shocked when this sort of thing happens.
*cough* https://www.theregister.co.uk/Profile/cookies/ *cough*
"... as with most things, all of this is stated in the small print. It's just that nobody bothers to read it "
You are referring I presume to multiple pages of legalese, a jargon crafted specifically to obfuscate information? I've read plenty of them, and they make it as difficult as possible to know exactly what you're agreeing to.
Doesn't matter anyway! Their TOC always states they can change anything anytime without notice or approval from you. So whatever you agree to TODAY won't protect you any longer than it takes for the echo of the mouse click to fade.
I think it's a cheap clickbait here on two counts. First, because the readers here hold a smug view of being (somewhat) more intelligent than those feeding specimen off gutter press (discuss), and secondly because they / we are far superior in protecting their data where it matters, in many ways.
p.s. And thirdly, you should know it, so it's kinda lazy, thus somewhat offensive.
Interesting little war I had with a local UK bank (currently up for sale - going cheap)... At one stage I was unable logon to manage my internet account with an ad-blocker/tracking blocker installed/running.... stop the blocker - all works well... Long and short of many tech support discussions with bank was - "if you want to do online banking, you agree to being tracked (they were using an using an Adobe product...) - see terms and conditions on said bank website". ICO disagreed and things quietly changed (I changed bank in the meantime)...
So who is watching you while you bank online and who has access to your "anonymized data"...?
That's why I use another browser for banking. My main browser is Firefox with Ghostery, blocking all trackers, and my banking browser is something else, with 1% market-share, where they can track me all they want there is nothing to see since I don't use it for anything else. And then there is my Tor-browser for when I really want to be on the safe side.
I don't say that NSA can't see me, but I'm making their life more difficult.
I'm with Local Laddie , if the only leverage we have is to bank elsewhere then make it so. My own bank would love me to use their new account and offer incentives like interest on the current a/c but require me to transact online through my phone which I 'can do anywhere'. Not convinced that having my data streamed through a third party wifi is any safer than having a stranger enter my PIN its not happening. Likewise my bank card was replaced at my request with one lacking an RFID chip I know the risk and I'm not taking it, it is my choice not the banks.
Biting the hand that feeds IT © 1998–2019