6502.org Forum  Projects  Code  Documents  Tools  Forum
It is currently Sat Nov 16, 2024 8:57 am

All times are UTC




Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Jun 08, 2015 10:48 am 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10980
Location: England
We had an off-topic excursion over on this thread concerning web-site valuations, advertising, the tracking of our activity on the web, and related matters.

This is an off-topic followup - some of the points made over there were rather mistaken, but it's a fact of modern life that our activities are tracked and correlated. If you care about that and intend to avoid being tracked, you'll need to take relatively drastic action. Merely switching your search-engine provider won't be enough - as is evidenced by
Quote:
But yes, the surveillance is ridiculous. I get the ads on fb for things I was just looking at or just bought. I always click the thing to tell them I don't want to see this ad.


Tracking web behaviour is big business - see this article.
Image

Personally I block almost all advertising using a hosts file which serves all the machines in my home network. If you use an adblocking addon to your browser, be aware that it might merely suppress the display of adverts - if they are still fetched, as they usually are, then you will still be tracked across almost all sites which have adverts or tracking.

I don't bother to avoid cookies, but you'd need to do that too, as well as blocking flash. Every page with a "like" button is calling home to Facebook to correlate your activity, and that applies also to those without a Facebook account. Similarly every page carrying Google's +1 button or Google's textual adverts.

If you don't take dramatic and purposeful action then your IP address is inevitably known to every website you visit and every provider of embedded content on that website. It is not the only identifier that's used to correlate activity, but it is one of many. Bear in mind that commerce doesn't care who you are, as such, but they care about what you're likely to buy. They want to categorise you, and the finer the categorisation the better.

There are those who say that they would prefer to see relevant ads, compared to irrelevant ones, and they might have a point. Personally I prefer no ads, although I understand that's a challenge to the funding model of some websites. We've seen that a funding drive from readers can be a practical alternative.

Finally, all the search engines at least will crawl the web - as much of it and as often as they can. That's why you see bingbot and googlebot as sometime visitors on a forum like this - they are updating their indexes by reading the forums. Nothing particularly sinister about that. Making the forum private to subscribers or unindexed by search engines would surely be a net loss.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 10:57 am 
Offline

Joined: Sun Apr 10, 2011 8:29 am
Posts: 597
Location: Norway/Japan
Thanks Ed,

I didn't want to reply in the thread as it had already gone too much off-topic. So I'm adding one here instead.

ChuckT wrote:
[..]When you send a message out through the internet, it gets stamped with a number from your hard drive and I don't know if there are unique numbers from your computer but you are being tracked.
This part from the post is not correct, there is no hard drive number, and even Microsoft wouldn't be able to add something like that to general internet traffic - there's no IP or TCP or UDP header field that could be used for it (which isn't already occupied). A 'message through the internet' is a bit too vague though - there's a vast number of application-specific protocol overlays there. But in any case, the only 'computer identifier' in use is the common HTTP/HTTPS cookie - which doesn't originate on your computer but is sent to you.

The rest of the post (which I don't quote above) is, unfortunately, generally correct, except that how mobile phones are registered and with what information varies between countries.

-Tor


Last edited by Tor on Mon Jun 08, 2015 12:01 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 11:46 am 
Offline

Joined: Wed May 20, 2009 1:06 pm
Posts: 491
We use Ad Block Plus to get rid of ads and we don't see popups which could contain malware so our computer is less likely to get infected because we aren't clicking on things or letting the computer see things which could insert malware into the computer.

A lot of sites have scripting and advertising that I had to use Adblock Plus.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 12:21 pm 
Offline

Joined: Wed May 20, 2009 1:06 pm
Posts: 491
Tor wrote:
Thanks Ed,

I didn't want to reply in the thread as it had already gone too much off-topic. So I'm adding one here instead.

ChuckT wrote:
[..]When you send a message out through the internet, it gets stamped with a number from your hard drive and I don't know if there are unique numbers from your computer but you are being tracked.
This part from the post is not correct, there is no hard drive number, and even Microsoft wouldn't be able to add something like that to general internet traffic - there's no IP or TCP or UDP header field that could be used for it (which isn't already occupied). A 'message through the internet' is a bit too vague though - there's a vast number of application-specific protocol overlays there. But in any case, the only 'computer identifier' in use is the common HTTP/HTTPS cookie - which doesn't originate on your computer but is sent to you.

The rest of the post (which I don't quote above) is, unfortunately, generally correct, except that how mobile phones are registered and with what information varies between countries.

-Tor


My coworkers read it in the newspaper and one of them is a programmer.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 3:39 pm 
Offline

Joined: Sun Apr 10, 2011 8:29 am
Posts: 597
Location: Norway/Japan
Well, yes, I am a programmer too.. and I could write a network stack from scratch if I really really needed to. The hard disk number tagging of IP traffic is just an urban myth. But unfortunately there are tons of other ingenious ways to track people, and you listed some of them. There are more. Ghostery, Ad block, Privoxy proxy, anonymous browser window, all these tools and extensions fortunately do help though.

-Tor


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 3:41 pm 
Offline
User avatar

Joined: Sun Jun 30, 2013 10:26 pm
Posts: 1949
Location: Sacramento, CA, USA
I have decided that the effort required to prevent the sharing of my browsing habits is not worth the waste of my valuable free time. I'm not a terrorist or drug smuggler or pedophile, and I limit my financial exposure to a single cash-reloadable VISA, which never has more than about US$100 loaded at a time. The risk of losing control of some embarrassing e-mails and/or $100 isn't so bad, in my estimation, but that's just my personal opinion. My Spam folder seems to be enjoying a lot of recent activity, but I find that to be only a minor annoyance.

The habit that I need to break is the sharing of passwords among several of my accounts, and that's on my to-do list.

Mike B.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 6:46 pm 
Offline
User avatar

Joined: Sun Oct 13, 2013 2:58 pm
Posts: 491
Location: Switzerland
Have a look at Master Password!

Cheers

Peter


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 6:46 pm 
Offline

Joined: Wed May 20, 2009 1:06 pm
Posts: 491
Tor,

Or not documented.

Chuck


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 08, 2015 11:55 pm 
Offline

Joined: Tue Jul 24, 2012 2:27 am
Posts: 679
One of the best ideas I've seen is Self-Destructing Cookies. It lets a page set any cookies it wants, then deletes them all when you close the tab. No need to white-list cookies to make sites work, unless you want it to remember things across sessions. Things within a tab can be tracked (unless you blacklist them in the browser itself), but nothing persists. It's sort of like a per-tab private browsing session.

I also manually blacklist google.com cookies and some others, so they don't even get a foothold, but I think it's a pretty nifty idea, and a whole lot easier than my prior (but a bit better) solution of blocking all cookies + manual whitelisting. It "just works".

Here's my current Firefox from-scratch config notes, which I keep updated:
Code:
Firefox config (locked down):
 Preferences
  open previous tabs on startup
  home page to about:blank
  select startpage search engine
 about:config
  privacy.trackingprotection.enabled -> true
  beacon.enabled -> false
 https://www.eff.org/https-everywhere
 https://adblockplus.org/
  configure & enable everything
 https://addons.mozilla.org/en-us/firefox/addon/ghostery/
  go through wizard to config
 https://addons.mozilla.org/en-US/firefox/addon/noscript/
 https://addons.mozilla.org/en-us/firefox/addon/self-destructing-cookies/
 https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
  after i2p is installed
  127.0.0.1:4444
  *.i2p/* whitelist



Also, the hard drive ID should only be visible through a malicious native-code plugin that the user has installed. I'm sure that has occurred at some point in time, but it certainly is not something that can happen by default.

_________________
WFDis Interactive 6502 Disassembler
AcheronVM: A Reconfigurable 16-bit Virtual CPU for the 6502 Microprocessor


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2015 8:55 am 
Offline

Joined: Sun Apr 10, 2011 8:29 am
Posts: 597
Location: Norway/Japan
ChuckT wrote:
Tor,

Or not documented.

Chuck

Please, Chuck.. the internet protocols are all in the open, there's nothing secret hidden anywhere there. If you work with low-level networking programming you soon get to know the data formats intimately. There's nothing complicated there.

As for harddisks, they *do* sometimes have a serial number and for a privileged process it's possible to access the firmware and read it. I can read the serial number of my Western Digital 4TB disk if I log in as root. My browser or any other application I run as myself (a non-priviliged, normal user account) cannot. The network layer, running in the kernel, could in principle do that, but a) on Linux I would actually know about it - I used to read *all* the kernel source code through several iterations of the Linux network implementations, from the very beginning of Linux, and b) even on Windows, where I don't have that access, I do know about the internet protocols and the network headers that *have* to be used and there's no place there to secretly add some serial number from the harddisk. And you can just use 'tcpdump' or other tools (as I've done a lot) to dump every IP packet going out of your computer.. you can see for yourself what's in there.

But obviously it's perfectly possible for e.g. Windows Update to read a serial number from a harddisk, and forward it as part of its *own* top-level protocol. And presumably it's something like that (although it's more likely to be the disk label created when the disk was formatted, not the serial number) which is used to enforce Windows licensing. But for general tracking of internet activity? No. Doesn't work.

The fact is that there are other, much better ways of tracking you, and you listed some of them yourself. Cookies and cross-site JS scripting are the most obvious and efficient ones.

@Mike B:
The reason I still to some extent block stuff (it's difficult to enforce that on Android, but easier on a PC) is not because I've got something to hide, but because I'm getting extremely tired of the directed advertising and the continuous narrowing of my G* search results, clearly due to previous activity. And Amazon.. don't get me started but boy they are annoying. Happen to end up on an Amazon page after some googling (or by any other means), just visiting *any* page of theirs, and they start spamming you with emails about 'as you've shown interest in..' ads. Just because there's a cookie stored somewhere and you didn't remember to open that link through an anonymous tab or window.

@White Flame:
Thanks for the link to the self-destructing cookies extension! If it's flexible enough (I do need to keep some cookies) then that'll be a good addition to my current arsenal.

-Tor


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2015 12:16 pm 
Offline

Joined: Mon Jan 07, 2013 2:42 pm
Posts: 576
Location: Just outside Berlin, Germany
I've switched to Ghostery for blocking -- if nothing else, web pages load dramatically faster on my Chromebook. One difference to AdBlock is that it shows you a count of how many trackers it has blocked, which is something of an eye-opener. For the "Economist", for instance, I currently see a count of 18 (that's eighteen) tracking, spying, measuring, "click-me" items that are being blocked. Those are the ones that Ghostery knows of at the moment, of course.

One thing I don't understand about trageted ads is that they seem to be total crap. We bought a freezer, because best deal was online, and then after that I've been seing ads for, tada, freezers. Except we already have one now, and we really don't need two, duh. The only thing I have found useful is the "other people who bought this also liked" version of data mining, say in iTunes.

Otherwise - from what I have read from the experts, the short of it is that there is no security online for anyone anymore, period. If you have something that the bad guys (what ever your definition of them is) are not supposed to copy, delete, falsify, encrypt for ransom, put it on an air-gapped computer that never, ever connects to the net.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2015 1:19 pm 
Offline

Joined: Thu Mar 03, 2011 5:56 pm
Posts: 284
scotws wrote:
I've switched to Ghostery for blocking -- if nothing else, web pages load dramatically faster on my Chromebook. One difference to AdBlock is that it shows you a count of how many trackers it has blocked, which is something of an eye-opener. For the "Economist", for instance, I currently see a count of 18 (that's eighteen) tracking, spying, measuring, "click-me" items that are being blocked. Those are the ones that Ghostery knows of at the moment, of course.

One thing I don't understand about trageted ads is that they seem to be total crap. We bought a freezer, because best deal was online, and then after that I've been seing ads for, tada, freezers. Except we already have one now, and we really don't need two, duh. The only thing I have found useful is the "other people who bought this also liked" version of data mining, say in iTunes.

Otherwise - from what I have read from the experts, the short of it is that there is no security online for anyone anymore, period. If you have something that the bad guys (what ever your definition of them is) are not supposed to copy, delete, falsify, encrypt for ransom, put it on an air-gapped computer that never, ever connects to the net.


Thanks for the the suggestion for Ghostery; I normally use AdBlock, but Ghostery looks like a leaner alternative.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2015 3:10 pm 
Offline

Joined: Wed May 20, 2009 1:06 pm
Posts: 491
Tor wrote:
ChuckT wrote:
Tor,

Or not documented.

Chuck

Please, Chuck.. the internet protocols are all in the open, there's nothing secret hidden anywhere there. If you work with low-level networking programming you soon get to know the data formats intimately. There's nothing complicated there.


Some things are not documented. Some users on another forum say this isn't possible because they've read the specs:

http://www.techrepublic.com/article/cyb ... -bulletin/

Some things are not understood.

I'm not going to say anymore.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2015 4:02 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10980
Location: England
Thanks Chuck that's an interesting read. It doesn't quite equate to what I thought you were saying originally, and it's not strictly to do with tracking.
Cheers
Ed


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 09, 2015 5:01 pm 
Offline

Joined: Wed May 20, 2009 1:06 pm
Posts: 491
It is just the tip of the iceberg, Ed.

http://www.wired.com/2014/07/usb-security/

http://www.reuters.com/article/2014/07/ ... K420140731

I saw a .pdf on how it works but so much has been written on it that there are now thousands of articles to search through.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: