DoNotTrack HTTP header provides almost no protection
I am shocked.
Looking for browser privacy? A group of researchers in France and Japan say RequestPolicyContinued and NoScript have the toughest policies, while Ghostery and uBlock Origin offer good blocking performance and a better user experience. The study also gave a nod to the EFF's Privacy Badger, which uses heuristics rather than …
I am shocked.
What I'm somewhat surprised about is that there is no consideration and/ or evaluation of the fact that Ghostery is the product of... <drum roll> Cliqz. Yep, that Cliqz. The one everybody was up in arms about when it started harvesting data from (German) Mozilla users.
And as far as I know it always has been a product of "an ad agency".
Doesn't that smell a bit like the butcher testing his own meat?
After all, as a product of an ad agency, it tries to "enhance the browsing experience" by gathering personal data, phoning it home, and sticking it a huge database... of an ad agency?
Doesn't that smell a bit like the butcher testing his own meat?
There are filters that block those kind of websites as well.
It does an awful lot more than stop you being tracked - if you have the patience to work with it
The new UI is terrible though. I had to switch to uMatrix, at least until they get it back up to scratch next year (the WebExt version's missing a bunch of stuff). I also never noticed that NoScript doesn't have domain scope. If you block twitter on another website it blocks twitter on twitter, uMatrix doesn't.
I just wish they would get the version for android up and running with the new crap firefox.
I have this argument with users.
Blocking everything by default and then allowing what you want, is the best solution IMO. That way you KNOW what's been allowed.
I use noscript as default but if I have to turn it off for a site then I use Adnauseum to p1ss in their swimming pool.
"That way you KNOW what's been allowed."
'But you have to click things to make it work' is the counter, correct?
I noticed recently on a forum I frequent that whenever you clicked on a link someone posted it would redirect through an ad agency called viglink and certain sites would have an affiliate link added, despite the fact that when you view the html source the links are unaltered.
I didn't like that crap so I added the two culprit viglink api websites to my HOSTS file pointing them at 127.0.0.1 and the redirects don't happen there anymore.
But I only noticed the redirects were happening because the URL you end up at was not always the same as the one you clicked on, but sometimes you couldn't see the redirect happening even though it was, so it makes me wonder how much this invisible redirect practice is going on over the entire web without people knowing.
"makes me wonder how much this invisible redirect practice is going on"
A lot. It's regarded as link piracy and some sites check their referrers to try and stop it.
Yeah, I noticed viglink links on a forum that I recently signed up to, too.
I've not heard of them before, so found there's an opt out thing if you visit https://www.viglink.com/opt-out/
I don't really trust an advertising company's opt out system, so I put these two lines into my "c:\windows\system32\drivers\etc\hosts" file:
It stops the redirect code from loading in the first place, and also eliminates viglink's ability to track every link clicked on a site that uses them.
Oh and on the subject of redirects, I keep getting redirected to CloudFlare's captcha site to prove I'm not a robot every time I press the Preview or Submit button on this post. WTF is going on?
"I've not heard of them before, so found there's an opt out thing if you visit https://www.viglink.com/opt-out/"
I would imagine that works using a cookie. If so it's not much use if cookies are wiped automatically when you quit the browsing session.
"so I put these two lines into my... hosts file:
These have been included in the hosts file available through the link below from at least mid-September of this year.
Edit: using the full path for hosts, in single quotes, seems to require that I jump through a Captcha hoop. Me no like, as it seems to require something from google.something, and I just cannot be arsed to find out what... I have to update my hosts files.
more and more sites are detecting that you are using an Ad blocker and complan to you about it.
One or two just refuse to let you get past the home page.
That shows just how much data they have on you and your browser just from loading their home page.
That alone should be worrying.
If they do not let you past the home page then it's their loss as you won't be recommending their web site - there's nearly always an alternative option for news..
Still waiting for widespread adoption of micro payments so you can support web sites you like without the big security risk of ads.
As security is a key reason to block ads due to the many instances of malware served via ads.
Most of them just cover the page with their own ad, which is nice, since you can just block their ad-blocker detection script and they'll never know the difference. Unfortunately, I've seen one or two that use the ad-blocker detection script to actually load the page content. Those are more annoying to deal with if you actually want the content.
The stupid thing is that nine times out of ten I have found that these so-called "anti adblocker" measures can be thwarted with a little bit of web know-how: a quick "display: none" on the whinge message and black-out overlays, usually with an "overflow: auto" on the body in your browser's dev tools and you're back to full functionality.
The stupid thing is, I am not anti-adverts - I appreciate web pages have to make some kind of return somehow. But until the size, positioning, total on-page space and allowed content are severely restricted, my blockers will stay on.
" But until the size, positioning, total on-page space and allowed content are severely restricted"
There's nothing like jumping out of your skin because of a LOUD web banner ad taking over the speakers to convince people that ad blockers are a good idea.
It's not just ad blockers, using a VPN can trigger captcha blocks. Even Google search does it. I hate the damn things and always find somewhere else to go.
I don't mind them as long as they mind their own business. But I have also had pages stall loading because of issues with their ad provider...
On Firefox 57.0.1 I've had to disable NoScript. The UI is terrible and some sites just won't load. It's a shame because I've used it for years, maybe it will be fixed soon.
Switch to uBlock Origin. I give it three thumbs up!
Firefox 57 is unfit for purpose.
I downgraded to 52.0.2 via manual download and (having learned the hard way once before) yanking my computer offline so that it didn't instantly queue an update on startup before I'd had the opportunity to disable automatic updates.
Firefox 57 - and the NoScript UI on it - is what finally kicked me into installing Palemoon on my Linux box. (I've been using it on this Windows laptop since buying it, but I left Firefox on the Linux desktop at home.)
It seems updating to 57 also broke Request Policy (continued). :( This is why I dread updating Firefox. While any apparent change tends be just some rearrangement of the UI (usually pointless and annoying as such) you can be pretty sure that they have somehow managed to make existing addons incompatible and I'm at least forced to update those as well - if I'm lucky - if not, there is no compatible version.
I had the same initial reaction, but then NoScript was ported to the new Firefox and most of the annoying initial issues got resolved. I was trying to compare the way it works in Palemoon/ESR vs FF 57+ and most of the functionality (that I care) seems to present. Drop some coin this holiday for the man behind NS as his work has no substitute (no matter what flavor of FF you preferred).
I could be wrong but I believe that Mozilla changed it's API's because of a serious bug that could allow a malicious browser extension to use legitimate extensions to Pwn your device.
(But I hate the new Firefox anyways)
"Drop some coin this holiday for the man behind NS as his work has no substitute (no matter what flavor of FF you preferred)."
Amen to that!
Donate to developers that deserve it.
I'm currently using a combination of Adblocker ulitmate, Privacy badger, Disconnect and Noscript... In the past I did also use ghostery, but dropped it because it wasn't doing it's job very well, and then discovering it could be phoning back data to it's devs.
Noscript is an essential tool for everyone in my opinion, and whilst the new version has some flaws, it's improved a lot since it was updated to work with the new Firefox Quantum.
Any website that shows an adblock complaint, is normally ignored and immediately added to the noscript block lists... as are sites that try to load dozens of scripts. My mum asked me to send an xmas card to her niece in Canada... but when moonpig wanted to load more than 40 scripts... I refused.
Had to bin it. The 'Ghost crew' spend too much time fucking things up so that sites break. Got fed up of tinkering with it to fix things. It looks nice, but so does a polished turd. The old Ghostery just worked.
What? No mention of uMatrix?
It works even with the new Firefox API's.
I think uMatrix is the easiest to use personally. Easy to tell if a website is broken by what script is blocked. Internal HOSTS files, custom user rules.
There are some evil people out there that want to know all about you. I am not afraid to call a blimp a blimp. Are you afraid to call an illegal alien a criminal? Google: "It is none of your business what we think!"
Biting the hand that feeds IT © 1998–2018