back to article One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools

Ad and JavaScript blocking is not enough to thwart privacy invasions by the likes of Facebook: more active countermeasures are needed. The internet ought to "route around" known privacy abusers, shifting from passive blocking of cookies, host names, and scripts to a more active deception model. Just like enterprises and other …

  1. Anonymous South African Coward Silver badge

    Use Shovel --> http://www.turnstep.com/Spambot/harassment.html

    1. fnusnu

      Not Found

      The requested URL /cgi-bin/Shovel.pl was not found on this server.

      Apache/2.2.9 (Fedora) Server at www.turnstep.com Port 80

  2. Rafael #872397
    Trollface

    effectively flooding their databases with garbage

    From what I see in FaceBook and Twitter, it is working already!

    1. Anonymous Coward
      Anonymous Coward

      Re: effectively flooding their databases with garbage

      >From what I see in FaceBook and Twitter, it is working already!

      Indeed, purveyors of farmyard manure will be most interested in that data, have an upvote.

  3. Dave 126 Silver badge

    I believe Safari has taken steps towards this for a few years now but- it pretends to visit multiple sites in your behalf to thwart trackers. Of course the fella in the article is talking about going a few steps beyond this.

    1. Anonymous Coward
      Anonymous Coward

      isn't that just premptive page loading, common on many browsers (if you decide you want that sort of thing).

  4. JakeMS

    Not Bad

    This is not a bad idea.

    But if this was done all over the place adverbusers would either develop a counter measure which filters fake data based on patterns or they would turn to other tactics of collecting data which the bot would be unable to fake.

    Eventually it'd turn into an endless battle where both sides are constantly trying to stop each other (think spam).

    The better option would be to stop them trying to collect it all in the first place.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not Bad

      Eventually it'd turn into an endless battle where both sides are constantly trying to stop each other (think spam).

      It already has, with ad-blocking and script blockers. The malvertisers deployed evercookies and abuse other system capabilities, the blockers evolve to catch those, and so it goes on. This latest turn of events is about the advertising intermediaries themselves and their data hoarding and exploitation, but in practice it's the old battle of users versus advertisers.

      Unlike spam which is essentially the actively criminal or businesses on the fringes of criminality, this battle puts the whole on-line data grasping world in the firing line, and hitherto they've regarded themselves as law abiding. Regulation seems inevitable, but then we'll enter another arms race between the tech 'n' data sector trying to lobby to weaken regulation, users demanding more control and tighter regulation, the corporates using every weasly trick to legally circumvent the intentions of regulations and so forth.

      1. Mark 85 Silver badge

        Re: Not Bad

        It already has, with ad-blocking and script blockers.

        Just an observation... not that many users use these tools. They simply don't care. Or when they do care, they end complaining that they missed a "good sale" or such similar stuff. Too many users I know don't even use the email spam bucket. They've been trained somewhere to just accept the abuse and other crap that comes onto their computer.

        I have a friend that I installed an adblocker and modified her HOST file to block certain sites. Then she complained she was missing out on things. She is a FB user and started complaining she couldn't take quizzes or play certain games (all data slurpers). And then, I get a call...:"my computer is slowing down," or "my AV is telling me I have viruses". <sigh>

        We in IT might be the biggest users of these blocking techs and the biggest complainers about the problems. The average user just doesn't give a crap. They want the shiney, the input, the feeling important enough to get this stuff.

        Until we can change the mindset of the users, they'll continue clicking on click-bait, turning off or ignoring the protection settings, etc. and the malvertisers, advertisers, miscreants, etc. will keep doing what they do.

        I'll stop ranting and go off to the corner to contemplate the human condition and why we got into this mess in the first place.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not Bad

          "I'll stop ranting and go off to the corner to contemplate the human condition and why we got into this mess in the first place."

          I'll save you the time... Greed.

        2. Alan Brown Silver badge

          Re: Not Bad

          "And then, I get a call...:"my computer is slowing down," or "my AV is telling me I have viruses". <sigh>"

          I got this from relatives.

          It stopped when I let them take their systems to professionals for cleaning and they usually ended up with $400+ bills.

          After that they started taking my advice.

      2. Alan Brown Silver badge

        Re: Not Bad

        "but in practice it's the old battle of users versus advertisers."

        Believe it or not, there _are_ responsible advertisers. Possibly even a majority of them.

        Of course, they're not the ones who get in our faces, or who regard a 0.000001% response rate on annoying adverts as a success.

  5. alain williams Silver badge

    X-T&C header

    It might be worth making your browser add a X-T&C header that said something like ''If you misuse my data then you pay me £1,000,000''. It might be hard to make it stick in the courts, but part of the problem is one way T&Cs, you either get to accept it down to the last comma or nothing at all**.

    This is part of the Internet 'wild west' that is well overdue regulation; there should be standard T&Cs++ that have been prepared by even handed (consumer/business) lawyers - that people could thus trust.

    IETF might even make an official T&C header.

    ** I admit to being one of the few who I know who does read T&Cs and frequently refuse to accept and thus not use some web site.

    ++ With schedules to specify things like delivery dates, etc.

    1. GnuTzu Silver badge

      Re: X-T&C header -- Make it Stick

      In previous posts, I've argued that the do-not-track header should be granted the same protection as the DMCA. But, people aren't getting it. Corporations could put in the most trivial of protections for their content and then be able to take people to court for bypassing it, yet corporations can effectively ignore our protections, using things like super cookies and such. If corporations can have the DMCA, then we can have legal backing too. Otherwise, we've just proven that corporations have more rights than real citizens--which is clearly a constitutional violation--and therefor, Un-American.

    2. twiss97

      Re: X-T&C header

      "even handed (consumer/business) lawyers - that people could thus trust."

      That was a joke, right?

    3. John Brown (no body) Silver badge

      Re: X-T&C header

      "** I admit to being one of the few who I know who does read T&Cs and frequently refuse to accept and thus not use some web site."

      The problem is the site owners have no idea that you made that decision. There's no way to actively reject the T&Cs, just the passive method of not re-visiting the site. Rather similar to Facebooks "like" button and lack of "dis-like" button.

    4. Mark 85 Silver badge

      Re: X-T&C header

      There's a flaw in this: This is part of the Internet 'wild west' that is well overdue regulation; there should be standard T&Cs++ that have been prepared by even handed (consumer/business) lawyers -

      The concept of an even handed lawyer....

    5. Alan Brown Silver badge

      Re: X-T&C header

      "but part of the problem is one way T&Cs, you either get to accept it down to the last comma or nothing at all"

      Any lawyer worth his qualifications will tell you that a contract accepted under duress or which contains illegal conditions is normally invalid - severalbility caluases are needed to make the illgal parts not invalidate the entire contract and there's the entire "unfair terms in consumer contracts" laws in most countries worldwide (with analogues for business use too) to contend with when T&C are being dictated by shrinkwrap or click.

  6. Doctor Syntax Silver badge

    I doubt the businesses would care. They may be getting nothing but noise but they'd still package it as good data and sell it on to their customers who I seriously doubt would know any better. If the ultimate punters, advertisers, are happy to push stuff that you've just bought and aren't likely to buy again then they're not going to be put off by data pointing to something else - it might even be more useful to them!

    Just keep blocking the ads. That's what makes data, real or fake, worthless.

    1. Anonymous Coward
      Anonymous Coward

      "They may be getting nothing but noise but they'd still package it as good data and sell it on to their customers who I seriously doubt would know any better. "

      Sounds analogous to the parcelling of bad risk loans that led to the 2008 financial meltdown.

      1. Doctor Syntax Silver badge

        "Sounds analogous to the parcelling of bad risk loans that led to the 2008 financial meltdown."

        By and large the selling of "good" data is analogous to that. If you buy a washing machine and get sold on as someone likely to buy washing machines the buyer is getting a worthless product. Certainly I've dealt with a car dealer who believes that if I buy a brand new car I'm in the market to buy another a couple of months later.

        Ironically junk data is likely to be better: If you get sold on as someone likely to buy a washing machine because you bought a pair of shoes at least there's zero correlation rather than a negative one.

        1. Sir Runcible Spoon Silver badge

          You'd think that, having bought a washing machine, you would be more likely to start getting adverts for detergent and fabric softeners etc., rather than assuming you are some kind of washing machine collector!

          1. TRT Silver badge

            I must buy a lot of spiced pork and ham then.

          2. Mephistro Silver badge
            Joke

            "you would be more likely to start getting adverts for detergent and fabric softeners etc."

            Shhhhhh, Don't give them ideas!!!"

    2. intrigid

      "I doubt the businesses would care. They may be getting nothing but noise but they'd still package it as good data and sell it on to their customers who I seriously doubt would know any better."

      The businesses would realize something is fishy after they run performance analytics on their illicit-data-driven ad campaigns, at which point their software informs them there is zero relationship between their ad-targeting and their customer conversion rates.

      But even if THAT weren't true, which it is, you're still missing the main point, which is that your personal information has been poison-pilled like an exploding ink pack in a compromised ATM machine. Not only does this make your information useless to advertisers, it makes it useless to anyone who might commit fraud, extortion, intimidation, or any other act involving you and your data.

  7. Oh Homer
    Terminator

    I've seen this before

    Usually spam that uses random junk to thwart Bayesian filters (beating the threshold).

    Does it work? Dunno, but it seems like the wrong approach. It's still looks like a weak position of defence, rather than the frontal assault that's needed. At best it's a tit-for-tat escalation which those with the most money will always win, or at least always be out ahead.

    The solution is pretty obvious: stop visiting abusive websites. That includes facilitators that also link to those abusive websites (affiliate spam). We already have DNSBLs like Spamhous and SORBS for email, why not have a similar system for websites? And I don't mean just blocking popups and ads, a la AdBlock, I mean block the whole damned site.

    Once they see their traffic (and revenue) plummet, they'll soon get the message.

    The problem is, as ever, is convincing Joe Public to care, certainly enough that he'd voluntarily block access to his beloved Fsckbook, for example.

    Sadly, for that reason alone, any measure that requires voluntary participation is doomed to failure.

    1. Paul Shirley

      Re: I've seen this before

      The easiest way to discourage visits to abusive sites is to force them into deploying abusive countermeasures. Even the terminally stupid or ridiculously uncaring about privacy will respond to sites becoming a pia to use. You have a modicum of proactive choice about visiting these sites, unlike spam and anything forcing visits is going to get stomped on hard.

      Countermeasures from abusers are part of the solution!

      1. John Brown (no body) Silver badge

        Re: I've seen this before

        "The easiest way to discourage visits to abusive sites is to force them into deploying abusive countermeasures. "

        They already do. Some sites, newspaper sites in particular but media sites in general, call many 3rd party scripts, many of which call on scripts from even more domains so the page takes ages to load with many, many DNS queries. That's not only abusive in my book, but probably one of the reasons so many people complain about "slow" broadband.

        1. Alan Brown Silver badge

          Re: I've seen this before

          "They already do. Some sites, newspaper sites in particular but media sites in general, call many 3rd party scripts"

          Yup and they must be seeing their conversion rates plummet as a result. I've been chatting to a few journos and they're griping about readership rates. They look at me like I've grown a second head when I comment about how intrusive their websites are.

          Clueless and then some.

    2. Tom 35 Silver badge

      Re: I've seen this before

      "stop visiting abusive websites"

      So I need a driver and the site wants me to register before I can download the driver.

      I have opera for that, if I need to verify my email I have an address that deletes everything at 30 days. If I don't have to verify the email address I use marketing@your domain. I'm Elvis and the auto-fill is full of junk. The phone number is from that Pizza jungle that's on the radio 50 times a day.

      I don't go to a lot of effort, but if they want to make me register to download a new driver they are getting garbage.

  8. JimmyPage Silver badge
    Thumb Up

    HMG (and other governments) take note ..

    When you are looking for a needle in a haystack, the old-school real-world approach was top reduce the size of the haystack, not increase it exponentially. Which is exactly what this strategy is.

    I have been suggesting for years now, that a good use of GCHQ resources would be to write bots to make phishing completely worthless by generating billions of useless login details.

  9. Omgwtfbbqtime
  10. Ken Hagan Gold badge

    “If we can tar-pit spammers, we can tar-pit Facebook and Google from the browser.”

    That's a big "if". Let me know when all the spam is in your tar-pit rather than my inbox.

    1. Alan Brown Silver badge

      "Let me know when all the spam is in your tar-pit rather than my inbox."

      I'm achieving a 99.999% reject rate on my mailservers.

      Unfortunately that still lets too much spam through and I have no idea if there's ham being refused _but_ when you team up the DNSBLs with fail2ban networks and friends you can prevent a lot of the bots even connecting.

      That does nothing for abusive websites, though.

  11. allthecoolshortnamesweretaken

    Nuke from orbit.

    1. The Dogs Meevonks

      'Nuke from orbit'

      It's the only way to be sure

  12. Milton Silver badge

    Mutant 59

    It's an appealing notion: who doesn't want to make life miserable for the greedy vermin who are constantly clawing private data and manuring the web with their pathetically awful adverts?

    I suggest, though, that you need to think really hard before dipping a toe in this pond, because the Law of Unintended Consequences is always hanging around the next corner, aching to cause mischief. Even the amazingly evolved and effective human immune system is prone to going nuts, sometimes for no reason yet known to medicine, and attacking its healthy host. The analogy is only an analogy, but still something to give us pause while asking some pertinent questions.

    Who decides what's bad and what's good? How are threats graded? Who approves the algorithms? Are responses proportionate? Who maintains a database of signatures for the immune system to respond to? How will that be kept secure? Which court arbitrates grievances, protests, unfair practices, loss of business, libel? Who determines what's a conventional option versus what's "nuclear"? How will false positives be managed?

    I could fill a page with questions (as any fool could, indeed) but the answers better be given some serious practical attention before we go lighting the blue touch paper. (And don't forget the $64k question you always have to ask these days: How soon after starting this programme will politicians, corporates, governments, greedy opportunists and other fundamentally psychopathic entities get involved and completely corrupt its good intentions?) We could grow something in a petri dish, with the best intentions, only for it to turn into Mutant 59.

    And there's that troubling term "arms race", which gets used with increasing frequency when talking about computer security. It is very apt, but one should remember where arms races usually lead: disaster for everyone, as all those weapons get used in a spasm of entirely predictable stupidity.

    I don't have a magic wand as an alternative, but I will offer this: a key enabler of internet abuse—in which I include spam, malware, advertising, exploitation of user data etc—is that too much stuff is free.

    Consider that spam wouldn't even be a thing if everyone had to pay even 0.1¢ per email (and the money could be used to fund all sorts of Good Things). Facebook wouldn't have to abuse its users (the ones Zuck calls "dumb fucks") if instead it made its money at $2/month or whatever. Don't Be Evil wouldn't have to epitomise rank hypocrisy if you paid $1 for every thousand searches. The 0.00573% of websites that are actually worth visiting because they have decent content would charge micropayments for use and not have to befoul our eyeballs with unspeakably shitty adverts. (And Twitter would cease to exist completely because grown adults would abruptly realise the pointlessness of paying to pump up their sad little egos by twatting out snippets of superficial trash.)

    The internet is corrupted and ruined by "free". "Free", it turns out, makes people into victims.

    The net would be a much better place if it charged a fair rate. Payment makes people into customers: with rights, dignity ... and the expectation of privacy.

    1. ThatOne Silver badge
      Stop

      Re: Mutant 59

      > a key enabler of internet abuse [...] is that too much stuff is free

      Your solution might work for email, since spam relies on sending spam not costing anything, but it won't prevent the profiling and data slurping. There is no reason to think that if people paid a monthly fee to use Facebook, Facebook wouldn't want to collect all that yummy information anymore. I just can't imagine some high ranking C-grade saying "no, that's way too much profit, our shareholders will complain", can you?

      There are actually a lot of examples of companies who collect user profiles despite their product already costing money. I think you vastly underestimate human greed.

      1. localgeek

        Re: Mutant 59

        Companies love to double dip. Just look at all the commercials we now pay to watch at the movie theater.

        1. Alan Brown Silver badge

          Re: Mutant 59

          "Just look at all the commercials we now pay to watch at the movie theater."

          These sound horrible, until you realise WHY all those ads are running.

          Of the $15 you paid for your seat at the latest blockbuster screening, around $14 went to the movie distributor. The theater operator has to pay for everything else with $1/seat

          It might sound harsh, but if you really want to support your local movie house DON'T go see the blockbusters when they're released, see the second run and less popular stuff - and buy the fucking overpriced popcorn.

          Just don't put up with shitty sound where some twat has fucked the equalisation up by pushing all the knobs to 11 (theater managers are notorious for this) or sound levels to 130dB or where an ass is on his phone loudly the entire movie.

      2. Harry Stottle

        Re: Mutant 59 - Missing the point

        @That One

        you're missing a major point. Which is not unreasonable, given that Mutant 59 didn't make the point in the first place, or perhaps I should say "didn't make the point strongly enough".

        These micro-payments alone would net the likes of google and facebook billions per year. That kind of money will attract AND FUND genuinely honest alternatives who regard their obligation to their users (who will probably also own the service) as fiduciary rather than predatory.

        Frankly I strongly approve both strategies: Chaff to reduce the value of data to the parasites, and micro-payments to encourage the development of honest services.

        Of course, nobody will read this as I'm posting a day too late and the tide's gone out but I want to put it on record anyway.

      3. Alan Brown Silver badge

        Re: Mutant 59

        "There is no reason to think that if people paid a monthly fee to use Facebook, Facebook wouldn't want to collect all that yummy information anymore."

        Exactly THIS.

        Google's single biggest mistake in the last 20 years was to buy Doubleclick. Doubleclick destroyed what made Google great.

        That might sound silly, until you realise that if Google hadn't bought up Doubleclick, the most hated company on the Internet at the time would have gone out of business within weeks. Instead its execs are now the senior execs at Google and their tactics/policies are now Google's tactics and policies.

        That was when "Don't be Evil" died.

    2. GIRZiM

      Re: Mutant 59

      Or...

      We could return the Web to its roots by outlawing the commercial exploitation of human beings: yes, <site owner>, you may show adverts but, no, you may not harvest visitor details or enable another to do so - and if something like that slips through, well, it's like handling stolen goods and you're nicked, son/son-ess.

      1. Anonymous Coward
        Anonymous Coward

        Re: Mutant 59

        Paying the site owner removes your last shred of anonymity (unless you pay by anonymous digital currency, if they allow you to use it, if it ever exists for practical purposes.)

        IIRC Zuckerberg has already proposed shifting Facebook to a subscription model for just this reason - to weed out "Russian trolls" and other "undesirables". And....the real criminals will pay with stolen accounts as usual.

        1. doublelayer Silver badge

          Re: Mutant 59

          I'm also worried that making a lot of sites nonfree might deny access to some people. For example, children don't often get credit cards until they are quite old, but they are capable of reading and understanding news stories well before that. I found the free ad-supported news to be a good way to become knowledgeable when I was young, but asking my parents for permission for each article or site I visited, especially when some were junk, would have been annoying enough that I just wouldn't have read as much. Reading all that news and related information in my adolescence has, I hope, made me a more knowledgeable adult and I always recommend that interested children do so as well. Similarly with email, as I'm from a generation where we had that but we didn't have cell phones while we were young. Sometimes I need to send an email that says "No, but I'll be there tomorrow." Charging that one sentence at the same level as any other message, especially to a child or someone whose main mode of communication is email, is pretty ridiculous.

          I'm also worried about the evolution of nonfree micropayments. If the system is to pay for each article consumed (I'm sticking with the newspaper example here), the paper might choose to have tiny articles that you get through very fast, or articles that don't explain anything "The CLOUD Act was [passed by congress], and [does all the stuff we said it would] and has been used as a solution for [this court case that caused it to be passed]. Here's the new component, but if you want any background, you'll just have to read those articles we just linked to. If you would like to see senatorial responses to the CLOUD act's passage, consider these articles: [Wyden (D OR) on CLOUD act], [Paul (R KY) on spending bill], [McConnell (R KY) on spending bill], [Schumer (D NY) on spending bill], ..."

          Alternatively, if the price is subscription based, then the paper has no reason to have good articles most of the time, as long as they have a good enough article once in a while. Leaving the newspaper example, google might have an incentive to make sure that your searches aren't great, just so long as they can be better than bing and duckduckgo. If it takes you three times as many searches, then they get three times the money. If they changed the policy so that they only get paid when you find something and click on it, then they will have an incentive to make sure you find a lot of things that all look pretty good, so they might make a system to make those results that you see now and immediately realize won't be useful more enticing. Also, they would not want to show you any more preview than they need, so my recent search to confirm that "Wyden" was the correct spelling of the senator's name would not have put that up on top like it was.

          At least with free things you have the option to determine what is good and stop using what is not. With everything being paid, not only is a lot of stuff harder to set up and manage but there are lots of ways it can go wrong. Those who charge less or nothing will be abnormal, and can use that to attract attention ("New York Times charges $0.02 per article; imagine how that builds up if you read it every day. Look at this! Russia Today is free. We could just read that.").

          1. GIRZiM

            Re: Mutant 59

            >so they might make a system to make those results that you see now and immediately realize won't be useful more enticing

            All good points and I'm inclined to agree, but that one remark made me think "Isn't that what they do already anyway?" After all, Google is the ultimate clickbait engine - it's up to me to get my site//page listed at the top their rankings by whatever means necessary because very few people search beyond the first page of results and mine had, therefore, be pretty damn eye-catching.

            Because it's not Google's problem where you are ranked, it's yours. Google's problem is to ensure people pay to be at the top - and they've got that bit of it sewn up just by being Google, haven't they? To google - they're a verb!

            1. doublelayer Silver badge

              Re: Mutant 59

              >>so they might make a system to make those results that you see now and immediately realize won't be useful more enticing

              >All good points and I'm inclined to agree, but that one remark made me think "Isn't that what they do already anyway?" After all, Google is the ultimate clickbait engine - it's up to me to get my site//page listed at the top their rankings by whatever means necessary because very few people search beyond the first page of results and mine had, therefore, be pretty damn eye-catching.

              My point was more that, if you paid google every time you clicked on a result (in order to avoid paying them for lots of useless searches), they would make all the results that showed up look good. Right now, it is the responsibility of the person doing SEO to make their search relevant. Google messes up a lot, but usually you can scan through things that aren't relevant and find the one most likely to be useful. This applies even if you just look at the first ten results from the search; I can tell that the page from the Department of Agriculture that will let me eventually download the 2014 crop report for North Dakota is not what I need if I just want the statistics on economic performance of resource extraction industries with a focus on the oil market, even if the report contains the phrase "increasing wages in the oil sector" which convinced google that it was relevant.

              In a world where google makes money on my clicks, they have an incentive to make that search result useful. It will start with the helpful cause of defeating SEO and actually having more relevant searches, but it will extend to making things look better than they are. They could have a system to look at my query and only have things that they know are connected in the previews. In my previous example, the phrases "Department of Agriculture" and "Crop Report" are going to alert me that I don't need to click. Google could identify that those phrases aren't very connected to my query, so they just don't put them in the preview. Now I just have a page that looks technical and comes from a government website with "increasing wages in the oil sector" in my preview, so it will look like what I want. Then I click on it and find out what it is, so I immediately leave the page. Google doesn't care; at that point, they got my click.

              1. GIRZiM

                Re: Mutant 59

                Well, yes, but the problem is that there's more incentive for Google if you click a lot of stuff before finding what you're looking for than there is for it delivering your results in the top ten every time, isn't there?

                The problem is that they've a de facto monopoly on mindshare - we 'google' stuff even when we use a different search engine!

                So, the process would first require the whole world to undergo some sore of debriefing, like people get when they're rescued from cults - otherwise all that will happen is that we'll complain about having to pay for crappy results but we still won't switch to another search engine.

                Take a look at Portugal: any extraterritorial web content costs extra over and above the cost of the service/dataplan - it's unfathomable to you or me, given the nature of the Internet, never mind the Web, itself but people accept it as "just the way things are" and tailor their browsing habits accordingly.

                I like the idea, don't get me wrong,. I just don't imagine that paying for what we think it's worth is a model that Google would go with, so how would we enforce it on them?

              2. Danny 14

                Re: Mutant 59

                yup. thats the reason skytv or virgin can go fuck themselves and my money goes to netflix. no fucking adverts.

              3. Danny 14

                Re: Mutant 59

                oh if you want to get a hand on crop reports i heard a guy called Clarence Beaks can get it for you.

            2. Alan Brown Silver badge

              Re: Mutant 59

              " very few people search beyond the first page of results "

              There are a couple of exceptions.

              If I'm searching for something and all I'm finding is stuff which has obviously been linkfarmed, I'll start looking a little further - and usually at that point because it's clear that I need to be alarmed by what I've found.

              In one case, checking out a reference to someone in a small town that a relative had mentioned in glowing terms, all I found for 8 pages was variants of the same press releases. It was only when I got to page 10 that I started finding any mention of the history of fraud convictions and dodgy dealings that I knew should be showing up.

        2. JohnFen Silver badge

          Re: Mutant 59

          "Paying the site owner removes your last shred of anonymity"

          If, in exchange for paying, I am not exposed to ad networks, then my privacy is enhanced over the current situation.

    3. JohnFen Silver badge

      Re: Mutant 59

      "is that too much stuff is free."

      I think an important part of the equation is that we need to get people to realize that they're defining "free" incorrectly. "Free" means "no cost", not "the cost isn't money". Services such as Facebook, Google, etc., are not free at all. They're very expensive.

    4. Bernard M. Orwell

      Re: Mutant 59

      " who doesn't want to make life miserable for the greedy vermin who are constantly clawing private data and manuring the web with their pathetically awful adverts?"

      Hmm. I don't like clawing, greedy vermin of any kind. Whether they are advertisers, or bankers, or lawyers, or finance lenders, etc. etc. They are all out to get their sticky hands in your pockets, and little else. Most of them see this as a morally good thing to do, despite it not being.

      The issue is, if we do away with the advertising market, then how do we get these "free" services? I know, I know, I'm the product, but here's the thing - this trade of "I'll read your adverts, you harvest data from my habits to sell to the advertisers, who then advertise to me hoping I'll read it." is a form of barter isn't it? If we kill advertising, then the question surely becomes "how do we want to pay for that?", and that could, possibly, be the thin end of a wedge against net neutrality?

      I know there are less scrupulous uses of my personal data going on (election rigging, for example), and that needs addressing, but is that a separate concern to targeted advertising? Are we trying to hammer all harvesters of data with the same club, and should we be doing so? Are some worse

      I'm not sure I want a range of paid subscription based services that are probably still going to monetize my data/activity on their site - Perhaps the adverts that I generally block or ignore are preferable? Am I barking up the wrong tree here?

  13. GIRZiM
    Pirate

    uMatrix and/or NoScript, adNauseum, BetterPrivacy, CanvasBlocker, Clear Flash Cookies, Decentraleyes, Disconnect, Facebook Disconnect, Google Disconnect, Twitter Disconnect, Don't track me Google, google-no-tracing-url, HTTPS Everywhere, Link Cleaner, Location Guard, TrackMeNot + whatver becomes the new Random Agent Spoofer addon.

    Won't actually blow up the webserver/abduct the CEO, bury them in a shallow grave and send a note explaining where and why to the media, but...

    Until we can do those other things, between them, they make my browsing experience horrible which discourages me from visiting websites just because they're there, which reduces my exposure and footprint, which is not just A Good Thing® but Better Than A Good Thing™ because prevention is better than cure - if you don't want a nasty infection, don't sleep with syphilitic. lepers.

    1. Anonymous Coward
      Anonymous Coward

      Yes! Someone's remembered TrackMeNot

      How long ago did it first emerge?

      Thank you. Now let's do something even more useful with it.

      1. GIRZiM

        Re: Yes! Someone's remembered TrackMeNot

        The problem is its 'behaviour' is easily identified and, furthermore, it can also be (mis)detected as being of malicious intent (e.g. DoS / part of a DDoS attack).

        It's also a pain to set up - you have to add all your regular sites to the mix and, if they don't show you how they formulate their query strings like a search engine does in the URL/URI box, you can't (or at least not easily).

        It really needs to learn the user's behaviour and add regular sites automatically - but that wouldn't solve the search query formulation problem and would, furthermore, add an element of "Do I trust this addon that much?"

        1. John Brown (no body) Silver badge

          Re: Yes! Someone's remembered TrackMeNot

          "It really needs to learn the user's behaviour and add regular sites automatically - but that wouldn't solve the search query formulation problem and would, furthermore, add an element of "Do I trust this addon that much?""

          That's the problem with most if not all adblockers, privacy minders, script blockers etc. The average user needs one tool to do the job and it needs to be as simple as possible to use. Otherwise they just turn everything off the first time they realise their banking website or Amazon or Ebay no longer work properly.

          1. GIRZiM

            Re: Yes! Someone's remembered TrackMeNot

            > The average user needs one tool to do the job and it needs to be as simple as possible to use. Otherwise they just turn everything off

            Imagine my horror at all the sites pre-populated in the whitelist of 'NoScript' when I recently installed the Quantum compatible version.

            Or what about those in uBlock Origin's lists? Do I really have time to go through and check each and every one of them? Or do I trust to luck that the list maintainers aren't halfwits, corrupt or too pre-occupied to maintain them properly?

            The whole model is broken: we shouldn't need third-party addons/extensions/widgets/doodads/whatever in the first place - ads/tracking/etc. should be opt-in, not fight-off in a rear guard action.

      2. Anonymous Coward
        Anonymous Coward

        Re: Yes! Someone's remembered TrackMeNot

        Actually, on thinking a little further about this, stuff like TrackMeNot (not particularly TMN specifically) works best when the miscreants are dubiously collecting data via a browser and web access, yes?

        These days the miscreants are more likely to be slurping our data by means of a custom "app", no browser necessary or even no browser access allowed.

        The interweb is dead, long live the proprietary and non-transparent app :(

        Doesn't that render stuff like TrackMeNot rather irrelevant?

        It's not pretty, is it.

        1. GIRZiM

          Re: Yes! Someone's remembered TrackMeNot

          > The interweb is dead, long live the proprietary and non-transparent app :(

          Which is why I don't use apps if I can avoid it and, if I 'must' use one, find as many offline options as possible - offline maps, offline public transport guides, offline Wikipedia, offline dcitionaries/translators. To which I then add a 'firewall'/localhost VPN and block ad-slinging domains, or even complete apps, if I don't feel they need to be accessing the network tp provide me with the service I require of them - my calculator, for instamce, doesn't need to access the Internet (I'll go online in a browser when I want to compare currencies).

          > Doesn't that render stuff like TrackMeNot rather irrelevant?

          Yes and no, I suppose; it depends upon how much you're prepared to do through a browser rather than a dedicated app. I don't need apps for any service that is the same (or good enough) in a browser - imdb, search engines, news sites, live road/rail/air/tube/bus travel information, hotel booking, etc. can all be done via a browser just like they were in the days before mobile and like they still are on the laptop I'm writing this reply on now.

          > It's not pretty, is it.

          Nope. It's pretty damn ugly and it's only going to get worse: wait until it's all clod-based AI 'services' and you don't actually have an OS on any of your devices, any apps or any clue where your data goes, let alone any control over it - Alexa, please book me a seat at the restaurant and order me the following meal ... "I'm sorry. I can't do that Dave - you're getting too fat."

          1. Danny 14

            Re: Yes! Someone's remembered TrackMeNot

            or just block at the gateway. I use diladele as a gateway and it blocks adverts and shite REALLY well. So much so that users on my network cannot believe the amount of shite and adverts exist when they go home.

            Our guest internet is a dream to use oursiders say.

          2. Fruit and Nutcase Silver badge
            Happy

            Re: Yes! Someone's remembered TrackMeNot

            The other day I wrote a mock location app for Android - selected that on the developer options and checked google maps - it showed the current location as somewhere in the English Channel, which is what I hard coded it to. Need to do a bit more work on it to cycle between random locations anywhere in the world, together with some specific locations like Apple, Facebook, Goolge, CIA, MI5, GCHQ HQs etc

            1. GIRZiM
              Big Brother

              Re: Yes! Someone's remembered TrackMeNot

              >Need to do a bit more work on it to cycle between random locations anywhere in the world

              No .. that just gives the game away.

              Take a look at the Firefox (possibly Chromium family as well) addon/extension 'Location Guard' - you want a more sophisticated (mobile) version of that.

              You want to be able to pick a set of likely fixed locations somewhere, a set of routes between each and, to an ever so slightly randomised schedule, move between them as if you were leaving home to go to work, underway in the car/train, disappear for the length of a tube/metro journey, reappear again at the right spot, whatever your journey type is.

              If it can grab live updates on traffic/transport and make yourself appear to be stuck in traffic/inconvenienced by a cancelled train/whatever, so much the better.

              Weekends, you could go to appropriate places - to see family, take the kids to some activity, whatever fits your lifestyle or the lifestyle you wish to present as yours.

              So, you could pretend you lived and worked in Rome and simply relocate yourself according to your daily schedule and transport/traffic conditions Monday to Friday.

              Weekends, you could drop your twelve-year-old daughter off for her ballet lesson at 9am on Saturday morning, trundle around the market stalls shopping, go to your favourite cafe for an hour, collect her at noon, go to the swimming baths until 4pm, go home, stay home.

              Once a month, you might take a trip to Milan to visit the grandparents - it's up to you how sophisticated you want it to be but, obviously, the more you work on your cover story, the more realistic your movements will be. A bit of randomisation (perhaps you visit the shops in a different order each/some time/s, don't always visit some of them) will add to the realism.

              Basically, it's a fake diary/calendar app that interacts with your GPS reporting to the system.

              Okay, so, so far so fun but probably overkill for anyone not actually leading a double life.

              But random locations isn't really a good idea unless they're plausible - so a series within a locality for instance, or still plausible if far apart (you don't go from Rome to Milan and back in an hour three times on the same day).

              If all you want to do is obfuscate then a fixed location is sufficient: if you're going for multiple locations then you're telling a story - in which case it had better be believable otherwise you'll just end up drawing attention to yourself, which defeats the object of the exercise.

              Now for the bad news.

              A mobile device that isn't mobile gives the game away and anyone interested in tracking you will immediately look for alternative methods - and if they're someone you genuinely need to be concerned about they're probably already able to dispense with your fake GPS coordinates as a means to locate you anyway.

              Also, no matter how sophisticated the story you tell, much, if not most, location tracking isn't done by GPS but by phone mast and/or WiFi connection - it doesn't matter what GPS coordinates your report to the system, any app with permission can locate you in the real world by communicating with the phone network or querying your IP; and anyone trying to track you can do the same, if they've got the kind of access necessary for you to need to worry about them in the first place. Incoming/Outgoing call records will give the game away as will your phone notifying the nearest mast/tower/whatever that it's switched to its stronger signal as you travel around.

              So, state actors aren't going to be fooled no matter what you do and parents or a spouse spying on you will have managed to plant something on your phone that you need to be fooling with a story, not a fixed/random location/s or they'll get suspicious - which, depending upon why they're spying on you, could be even more dangerous than their knowing your real whereabouts.

              So, bearing that all in mind, have fun making it and I'll be interested to hear how you do - if it works well enough, I might even be interested in using it myself.

              But rest assured that random locations aren't the answer - fixed and/or 'story mode' are what you want to look at.

              1. Fruit and Nutcase Silver badge

                Re: Yes! Someone's remembered TrackMeNot

                @GIRZiM

                Thanks for the reply - useful info. Yes, I did think static locations would only be another means of identification, and I would need to do something like a "story mode" as you describe. This is partially a learning exercise for me, and also being bloody minded as the data slurp has gotten out of hand. I have no real problem with state actors - they can always get hold of the mast handover data and fall back on old-school investigation techniques but with every other Tom, Dick or Harriet snooping and grabbing your data with impunity.

                It has become a game of whack-a-mole with respect to the Location setting in Android - I had a phone once that in order to use the camera, you had to give it Location permission. And sometimes I find after disabling location, the location status icon may disappear, but there are other indicators that imply that location reporting is still active. So, I always reboot the phone after transitioning Location setting from On to Off.

                1. GIRZiM

                  Re: Yes! Someone's remembered TrackMeNot

                  Yep.

                  When I describe my concerns to people, I always get the whole "nothing to hide/fear" nonsense or, worse yet, the "nobody's interested in me/you" thing. And then I have to explain about Yahoo and Equifax and the person working for the company that promises to only share your data with 'trusted partners" not knowing about the guy working for one of those trusted third parties (who has gambling debts/alimony payments/kids to put through college/a yen for something really expensive that he can't afford on his regular salary, or even works for a criminal organisation and this is his currently assigned task) who doesn't care about your agreement you entered into by clicking on "I Agree". He wants the money and he's selling/passing on your details to a fourth party and the legality of it is of no more concern to him than it is to the burglars who break into your home and steal your stuff - they're absolutely right, the burglars don't care about me personally and neither does the guy stealing my data; they both still do it though, don't they? Just like the people who hacked the Equifax database didn't care about me personally. Just like the people who found Yahoo had failed to secure 3 billion accounts didn't care about even one of those 3 billion users either.

                  I'm of no interest to state actors; they've already checked me out thoroughly and I've been allowed to do some very interesting things in some very interesting places as a result - they know more about me than I can remember myself and it hasn't caused me any problems.

                  The slurping of my data that is then improperly secured and subsequently falls into the hands of the criminal fraternity, however, so that they know where I go, when, why, how frequently, how long for, how long it will take me to get back home, how valuable my car is, how much I pay in home contents insurance and the likely value of them as a result, help themselves to ten or twenty credit cards in my name and max them out, create five false identities in my name? Yeah, I think they're a legitimate concern and that what I know about IT after 35 years in the game qualifies to me to state that, no, it's not paranoia, it's knowing more about this stuff than many, if not most, other people do.

                  Obviously, there's no guarantee that any soft solution won't be subverted by sufficiently sophisticated means but, personally, I use a microphone blocker, a camera blocker, a localhost-VPN-based application and transport layer firewall, a Bluetooth 'firewall', automate Bluetooth and WiFi so that they toggle off when I'm not making/taking a call or near a network I've registered on my phone, spoof my GPS and keep my contacts/calendar data local (synchronise them with my computer over the local network and never use any 'cloud' based services for that purpose). All permissions are locked down to the absolute bare minimum for an app to provide all I need from it and no more. As many as possible function offline - knowing where the bus/train/metro is won't make it get here any quicker and all I really need to know is what route it takes so that I can decide if it's the bus/train/metro for me or not (and a static map will do just fine for that, thanks).

                  Really, I'd like to be able to do without it altogether, but that ain't gonna happen any time soon (if ever again), so, it's a matter of taking what precautionary measures I can and creating as much fake data as I can.

                  I'm looking into the viability of offering a service to people that will place them in two (or more) real world locations simultaneously - but the implications for me as an accessory to a crime are a bit disconcerting to say the least and I'm not sure it's worth the risk just to enhance a few people's privacy from the private sector data-slurpers or even the criminal underworld.

                  1. Fruit and Nutcase Silver badge
                    Pint

                    Re: Yes! Someone's remembered TrackMeNot

                    @ GIRZiM

                    ------->

                    1. GIRZiM
                      Pint

                      Re: Yes! Someone's remembered TrackMeNot

                      @ Fruit and Nutcase

                      Cheers! : D

          3. Anonymous Coward
            Anonymous Coward

            Re: Yes! Someone's remembered TrackMeNot

            Same here.

            I use portable applications/programs where possible, and for my mobile I use FOSS apps on a custom ROM. Where I must use propriety, Here maps and AFwall work well.

            I also pay €1/m for secure email.

            1. GIRZiM

              Re: FOSS apps on a custom ROM

              If it ever makes it to Oreo (and my phone *sigh*) then I'll be keen to try extending my phone's working life with systemless Magisk - ideally with Xposed too, if they can get it to pass the Safety Net check.

        2. Alan Brown Silver badge

          Re: Yes! Someone's remembered TrackMeNot

          "These days the miscreants are more likely to be slurping our data by means of a custom "app", no browser necessary or even no browser access allowed."

          That's where something that nullroutes hosts helps a lot.

  14. Anonymous Coward
    Anonymous Coward

    I like feeding false data..

    .. and usually so it does the maximum damage when abused.

    For instance, when they insist you need to give them a phone number or a physical address (which, btw, is usually in direct violation of most EU privacy laws as it's deemed collecting in excess of what is required), I always pick one that would actively track down who is spamming them like, say, the ICO.

    In other words, if someone starts using that data they dig a nice hole for themselves.

    That said, usually I bail from sites that want that much. I reserve my energy for the local phone company which has by now racked up 3 straight privacy law violations and now it's time I ask the local equivalent of the ICO if they have actually reported them, knowing full well that that will trigger an investigation*.

    * No, trust me on this, they seriously deserve all I can throw at them, and then some. By the time I'm through with them, their shareholders will ask their manglement WTF they were thinking.

    1. This post has been deleted by its author

    2. Alan Brown Silver badge

      Re: I like feeding false data..

      " I always pick one that would actively track down who is spamming them like, say, the ICO."

      Even better, the home address of the director of the organisation....

  15. Pen-y-gors Silver badge

    Spam-fighting?

    Several comments have likened this to the war against spam, but it seems to me that potentially we are winning the e-mail spam war. It used to be dire. I have used hundreds of throw-away email addresses and many made it on to 'useful' lists of e-mails for spammers.

    These days (everything forwards to gmail) I get about one or two spam messages a week in my inbox, and about 30-40 a day in my spam box. False positives (good stuff in spam) about one a month. That's a pretty good hit rate.

    So if we can get the same results with killing tracking I'll be happy.

    1. Anonymous Coward
      Anonymous Coward

      Re: Spam-fighting?

      Hmmm, DMARC is certainly helping with the spam, but defeating tracking is more of a problem as browser fingerprint can simply leak passively, or the (many and well-funded) opponents can seek active measures; State actors have (ab)used the doubleclick network, ad nauseam!

      I have run my own random web/DNS traffic , random identity generators., for quite a few years

      I have triggered severe anti-terrrzm profiling of my real bank accounts, but then maybe that's what I was trying to achieve?

      1. John Brown (no body) Silver badge

        Re: Spam-fighting?

        "browser fingerprint can simply leak passively"

        I do sometimes wonder just why the browser gives up so much data to the web sites. Why does the site need to know my screen resolution, browser window dimensions, list of installed typefaces, CPU type and family etc? The browser does the rendering, not the site owner.

      2. Alan Brown Silver badge

        Re: Spam-fighting?

        "browser fingerprint can simply leak passively,"

        There are several browser plugins which can detect fingerprint checks and randomise what's fed back.

    2. SImon Hobson Silver badge

      Re: Spam-fighting?

      These days (everything forwards to gmail) ...

      So you've gone with a deliberately unreliable mail system which BY DESIGN will automatically THROW AWAY SOME OF YOUR EMAIL with no notification either to you or to the person who sent it. Do you know how many emails you have NOT received that weren't spam ? In addition, they've enforced some systems (eg SMS) which were known to be broken before implementation, and were known to break a lot of legitimate email usage before implementation. But hey, this is Google, big enough to say "screw you" to the rest of the internet - we're changing stuff and you'll change to suit what we impose" to those who actually do run reliable mail servers.

      My own mail server is set up to NEVER discard an email - it does NOT accept mail before it's done all the spam checks etc, and if the mail fails then it rejects it which means that any false positives result in the sender being notified. Once you have accepted an email (as Gmail, Microsoft/Hotmail, and all the other large providers do) then you have limited options - you can't notify the sender or you become part of the problem (backscatter), and notifying the recipient rather defeats the point of blocking spam - and your only option is to SILENTLY THROW AWAY any email that fails your checks whether it is spam or "ham".

      Would you accept it if your postman went through your snail mail and threw away anything that looked like it is junk mail ?

      1. Loud Speaker

        Re: Spam-fighting?

        I would rather like to be able to pay a few cents for something that would silently throw Google away! And Facepalm, and the twittersphere.

    3. Alan Brown Silver badge

      Re: Spam-fighting?

      " It used to be dire."

      Used to be?

      Trust me, you do NOT want an unshielded mailserver. If you think it's better than it was, it's only because your admins are doing a better job than you realise.

  16. katrinab Silver badge

    Isn't something like 90% of web traffic fake already? - All the various spambots, fake visitors to websites to boost ad revenue and so on.

    1. Eddy Ito

      Precisely and I'm not so sure they care whether it's accurate data.

  17. Anonymous Coward
    FAIL

    Loder is essentially proposing for ALL browsers to spam all websites that spy on users (essentially ALL of them) with automatically generated identity data and social media posts. That's a lot of spam.

    Will it work? “If we can tar-pit spammers, we can tar-pit Facebook and Google from the browser.” NO. In this case, spam filters are THEIR friend, not ours. And if that's not sufficient, they'll simply ramp up email/phone verification or force users to sign up using their spyware phone apps instead of browsers.

    Besides, Google's browser is by far the most popular. Good luck convincing Google to tar-pit Google.

    WWW, Android, iOS, Windows - privacy-wise they're all broken beyond repair.

    Decentralized, encrypted, anonymous, metadataless - that's the only way to roll.

    1. ST Silver badge
      Mushroom

      > Decentralized, encrypted, anonymous, metadataless - that's the only way to roll.

      And how exactly does one accomplish that?

      Make my day. Please say Blockchain.

  18. imanidiot Silver badge

    It's all much simpler. Make site operators liable for the ads they allow to run on their site. Including liability under the new privacy rules. That'll kill tracking right quick.

  19. Shadow Systems Silver badge

    To paraphrase Mark Twain...

    Kill all the advertisers. Problem solved.

    1. Yet Another Anonymous coward Silver badge

      Re: To paraphrase Mark Twain...

      Bill S actually - henry VI pt 2

      1. Alan Brown Silver badge

        Re: To paraphrase Mark Twain...

        "Bill S actually - henry VI pt 2"

        when reading a century-old Punch, there was an article there regarding annoying adverts with a few illustrations about what we imagined jousting was like (usual stereotypes), vs what it was probably like (advertising hoardings everywhere, sandwich boards, etc)

  20. Runilwzlb

    But, does it work?

    Question: It seems that in order to view any content on soo many of the sites I visit lately require google or amazon resources and scripts to be enabled. Although I try to enable only the minimum kit necessary on a site-by-site basis; with the great number of ordinary sites being hosted on AWS or running google resources and tools for their functionality...does it also mean goog and amazon can scrape info like ip address, cpu id, and other personal identifying session info? Does it do any good to cloak yourself with script-blockers, do-not-track tools if one is forced to disable protections to get to plain-vanilla product info sites? In other words...is this a thing?

    1. JohnFen Silver badge

      Re: But, does it work?

      It is a thing.

      My personal method of dealing with it is to just not use sites that behave that way -- and particularly not for product information.

    2. GIRZiM

      Re: But, does it work?

      What blockers, etc. are you using?

      Decentraleyes helps specifically in that regard - although you have to hope the resources aren't updated too frequently for your local versions not to need constant updating (thus defeating the object)

      CanvasBlocker can help to a certain extent.

      uMatrix is the single most reliably useful tool in my armoury at the moment and has been for some time now; arguably more so than NoScript because it blocks at domain level and prevents things even entering the browser rather than letting them get loaded but not run (which could, possibly, betray something if there's some kind of "if <this browser characteristic> then <load that script> going on). You can. for instance, keep around 83% of what Youtube wants to load into your browser away from your viewing pleasure by only authorising the XHR elements of the ".googlevid" domain (usually only one required).

      uMatrix also aids with some domains I may not instantly recognise because it highlights them in red and that clues me into the idea that I probably don't need whatever it's trying to sell me, as it were.

      Adding uBlock Origin into the mix gives you some more control inasmuch as it still blocks ads even if you authorise a domain in uMatirx and, in the past, I've found that using uBlock Origin and NoScript together meant that mostly I just had to authorise images in uBlock and I could see everything I wanted - wordpress and .wp elements required a little more help as it were but most sites worked just fine without any more than images allowed through.

      I'm currently trying out a combo of uMatrix, adNauseum and NoScript (NoScript has better XSS blocking than uMatrix) but I'm also finding I need to authorise a lot more scripts lately - I'm not sure why yet but it might say something about what gets loaded when you allow an element through uMatrix (e.g. because it blocks the domain, allowing ".googlevid" to load the XHR elements might allow scripts through as well as video and that's what NoScript is blocking locally)

      Random Agent Spoofer did a fine job of messing things up for them insofar as it could - still hoping there'll be a Quantum version along.

      So, I think it can still help to a point, provided you do what we've all had to do with these tools all along: block everything and then cautiously allow one element through at a time, starting with what are the least harmful (images) then slightly less dangerous (css) up through scripts (maybe necessary) and/or XHR elements (maybe necessary), until we work out what's essential, get to know certain domains over time and can make educated guesses from the name alone, you know how it goes.

      It's a constant arms race of tools/information/experience (so, no change there really) and some days, when I'm particularly frustrated, I wonder what the neighbours must think of the number of times I (seemingly randomly) scream "C*NT!"at the top of my lungs but, otoh, it probably results in my putting myself at less risk in the first place because I don't visit sites just because they're there (the thought of all the hoops I'd have to jump through focuses my mind wonderfully) and, furthermore, if I have to authorise so many things that after two minutes I still haven't got the damn page loaded, I'll leave in frustration and that's probably a good thing because it means it's insisting on loading a LOT of stuff that isn't simply html/css/images/some-scripts and, furthermore, doesn't want me to know what it is beyond "some XHR stuff, don't worry about it, just load it into your browser" (which seldom bodes well really, if you stop and think about it).

  21. a pressbutton Silver badge

    This is an NRA approach

    Someone gets shot. There are two general responses

    a) In the US some people say that if more people had guns and carried them around, there would be fewer shootings as there would be an 'Active response' and things woul

    b) In other countries some people think that if you stop people having guns, things might be better.

    In the context of malware, if you are running windows, you will have windows defender / mcaffee / abp/ noscript / ghostscript / this new tool etc keeping you safe. You are carrying more and more (metaphorical) guns to keep you safe.

    That adds up to an increasing part of the CPU you bought and the electricity you paid for.

    Or you try to find a way of regulating things.

  22. JohnFen Silver badge

    Yep

    Block what you can, and lie to the rest.

    It's a time-honored information warfare technique, and make no mistake -- we are all sucked into the information war that these companies have been engaging in.

  23. pɹɐʍoɔ snoɯʎuouɐ

    in an ideal world.....

    Lets be fair, adverts pay for most of the "free" stuff on the internet so if you use a service that is funded by adds, then let it be..

    And If all these data slurps did was target relevant adverts there really would not be a problem. A few times when I have been researching a new purchase I get relevant adverts appearing on websites and on occasion it has given me a link to a product a the best price I had settles on, or given me A better option. Great. Job well done...

    But we know that's not the case...

    there are companies that a gathering all the info about is they can, no doubt they have a file on everyone including everything you have ever searched for, every phone number and email address you have had. I would guess that most of this information they have no clue what to do with it, they just know its valuable to someone...

    1. JohnFen Silver badge

      Re: in an ideal world.....

      "adverts pay for most of the "free" stuff on the internet so if you use a service that is funded by adds, then let it be."

      No. While I don't object to ads themselves, I strongly object to the spying that they bring and I am well within my rights to defend myself against it.

      "If all these data slurps did was target relevant adverts there really would not be a problem."

      In my view, that would not make the spying any less problematic at all.

  24. steviebuk Silver badge

    Although I like the BBC...

    ...I don't like the forced sign in on the iplayer now. Although you appear to be able to bypass that on the TV. However, what does annoy me is they claimed they wouldn't use the info for checking on licence fee payers (got no issue with the licence fee if it gets rid of ads. After all people pay for Sky and Virgin). However, they are now using it to get an idea about licence fee paying.

    What person decided this forced login was a good idea? Now their database is starting to feel up with details such as

    Mr Fuck Off (and other funny variations)

    Who lives in a random location in the UK (whatever random post code I put in)

    who's e-mail address is variations of fuckoff@fuckoff.com

    And if they turn on e-mail verification at some point, then the use of the throwaway e-mail site will just be used.

  25. zxq9

    Don't a lot of us already do something similar?

    That said, Three Dead Trolls in a Baggie was way ahead of their time releasing "The Privacy Song" in the 1990's:

    https://www.youtube.com/watch?v=7eIUOUfhoJ8

    Still funny to me...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020