Reply to post: Re: With NoScript, for example, most Google subdomains, like analytics, are blocked.

Facebook admits it does track non-users, for their own good

GIRZiM Bronze badge

Re: With NoScript, for example, most Google subdomains, like analytics, are blocked.

Thanks for the pointer to Decentraleyes and CanvasBlocker.

If they ever make a return to FF Quantum, I'd also recommend Random Agent Spoofer, Google Disconnect/Twitter Disconnect and Calomel SSL Validation (possibly WorldIP as well).

And yes, I realise that NoScript doesn't completely block analytics, but for me at least, it had more to do with not allowing scripts from third parties at the beginning. But as time goes by, I'm starting to rethink everything else.

I only recently discovered the difference between the two thanks to NoScript not being available on FFQ and my having used uMatrix in Comodo's 'Dragon' browser for years in lieu of NoScript. So, I added UMatrix to FFQ rather than go without a blocker. Then I was reading something recently that explained how the two work and thought "Really? That's interesting.".

I've re-added NoScript in the interim and use both now. Which is really annoying and often makes me want to hurl the computer out of the window if not hunt down the website designer(s) and do some very painful things to them for a very long time, get plastic surgery, a new identity, move to Peru, become a cocoa bean farmer and never use the Web again.

It has been very informative, however.

With just uMatrix enabled, if I go to Youtube and want to watch something, I need to authorise the *-aigd.googlevid XHR objects and nothing else.

For one video, for instance, that was 23 objects out of a total of 146, including one cookie from www.youtube.com specifically (another ten from <somewhere>.youtube.com.), two stylesheets from www.youtube.com … (another two from fonts.gstatic.com.), thirteen objects from unspecified external sources that redirector.google.com will load, twenty unspecified ‘other’ things from www.google.com and all the other things I’m not going to bore us with by listing them here but 58 of which are cross-hosted.

Meaning a minimum of 84% of the items coming with it serve you no purpose whatsover if all you want to do is watch the video. 84% (123 objects) are there for someone else’s benefit, not yours. I wonder what benefit they get from them … because they don’t display the video or let me control it in any way - that’s what at least some of the other 23 do. Those 23 also appear to enable the autoplay feature … because it still works if you don’t load anything else. At most twenty-three of them are necessary to watch the video, so what are the other thirty-five doing exactly - and why?

So then, when it became available again, I added NoScript, because 23 unidentified XHR objects that seemingly do an awful lot more than I anticipated is a bit concerning - NoScript might identify them for me once they make it to the browser and I can be even choosier about what I authorise.

And what I discovered was that there's an awful lot of youtube.com functionality hidden behind those 23 objects. If I go to youtube.com with just uMatrix, I see an awful lot of stuff load into my browser to give me a basic outline of the site. With NoScript running as well, I see virtually nothing at all and until I authorise the youtube.com and ytimg.com scripts in NoScript and scripts from s.ytimg.com in uMatrix that's how it will remain.

So those 23 XHR objects seem to include scripts as well as video and other (control) elements - which, of course, isn't declared explicitly in uMatrix because it just lists them as XHR objects.

It's interesting to see how many sites make use of google analytics too. I saw a recommendation for three new privacy orientated social networking solutions that referred to google analytics objects - I'm sure you can imagine how I laughed!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019