Items tagged with: telemetry
Why does a vegan get ads for ice cream?
My friend, let’s call him Jake, has been a #vegan for years, long before it was trendy.
He said the other day, “Okay, Bill, you’re the one who keeps telling me about the terrible things the #internet can do (he usually ignores most of my advice) so how come I get #ads for Ben & Jerry’s in my emails on my Mac? They keep screaming at me “Hey, Jake! Buy Ben ‘n’ Jerry’s now!”
I try to ignore the irritation I feel that he hasn’t even installed an #adblocker yet and ponder the problem. “Hmm, which email provider do you use, Jake?”
“Hotmail,” he said, sheepishly.
I gave a weary sigh. As some in the Federation know, Hotmail and Gmail collect keywords in our private subject lines and contact list and sell them on to advertisers without our knowledge or permission – especially if we don’t fix our privacy settings.
I asked him if he had any people in his contact list called Ben or Jerry. He had a think. A flicker of recognition shone in his eyes and we both knew.
“Stop using it, Jake,” I said. “Use Tutanota or Mailfence at least…”
He is addicted to convenience.
He is still using Hotmail.
#apple #consumertech #privacy #tech #Google #locationtracking #surveillance #monitoring #adblockers #ads #digitaladvertising #internetmarketing #gmail #hotmail #outlook #microsoft #mail #data #corporations #telemetry #mass-surveillance #surveillance #tracking #trackers #spyware #surveillancecapitalism #icecream #icecreamcone #mac #ios #ipad
Which websites featured on the Federation have the worst privacy?
My last post highlighted how ticking the OEmbed box to add a website picture to a post can compromise Federation users if it contains a tracker.
I also mentioned tools, like Disconnect, we could use to detect websites which track their users. In this post I reveal some of the most popular reference websites on the Federation with low privacy and high tracking rates.
I believe Federation users should consider not embedding, or at least warning their readers about the surveillance techniques carried out by these sites.
A Princeton University study identified almost a million websites that track their users. Here are just 5 examples of websites whose stories are commonly quoted on the Federation:
Wired is a popular website referenced on the Federation by many users because it publishes great tech-based stories. But how private is it?
Although it offers an ‘ad-free’ version for subscribers, normal visitors are ruthlessly fleeced for their data.
WIRED has embed deals (agreements to embed tracking codes into their pages for money or gain) with a staggering 171 third parties including Google, Amazon, Facebook, Vogue, GQ, Golf Digest, Bonappetit and Vanity Fair.
Some tracking beacons embedded on WIRED and captured by Ublock Origin
151 of these third parties are known tracking or advertising companies like Google, Amazon, Facebook, Turn, Add This, Scorecard Research, Adobe, Twitter Analytics, Typekit, Criteo and Quantserve. Aggressive trackers like Google Tag Manager (GTM), Add This and Turn are present here.
Below is a screengrab of the many scripts NoScript has blocked from the WIRED website, the 33 scripts, gifs and beacons blocked by Ublock Origin and a couple by Disconnect.
WIRED sets 25 short-term and 28 long-term cookies itself, while allowing its third party partners (including 69 tracking companies) to set 26 short-term and 133 long-term cookies.
It uses Google Analytics without the anonymization feature enabled, so user details are sent to Google servers.
All WIRED servers are based in the US so GDPR privacy rules can be ignored.
Websites loading this many scripts/cookies are usually blacklisted by most users, not least because they drain a device’s battery.
WIRED claims that subscribing with them will mean an ad free experience, but I find it hard to believe that a subscription to WIRED will suddenly load a clean page without a single tracker retrieving data. But then I am not a WIRED subscriber. Please comment if you are and have no trackers.
Seen by some as a safe pro-privacy resource celebrating Free and Open Source Software, FOSSPOST lets its users down by digitally fingerprinting their devices and loading 19 trackers into a browser.
FOSSPOST has embed deals with 27 third parties, making its embed renting in the ‘low’ category, including Google, Amazon, Creative Commons and WordPress.
13 of these are known tracking or advertising companies like Google, Amazon, Mailerlite, One Signal and the data-hungry caterpillar that is WordPress.
FOSSPOST sets 2 short-term and 2 long-term cookies itself while allowing its third party partners (including 3 tracking companies) to set 4 long-term cookies.
It uses Google Analytics without the anonymization feature so user details are sent to Google servers. All FOSSPOST servers are based in the US so GDPR privacy rules can be ignored.
Acquired by Yahoo’s parent company, Oath (a company that includes AOL), under the Verizon umbrella, in 2010, this is a popular reference source for researchers and Federation users.
Historically, Yahoo deserves some kudos as they were one of the few big tech companies that objected to sharing their users’ details with the PRISM
The Bush administration threatened them with $250k a day fines until they complied. Verizon bought them in 2017. Yahoo suffered the largest data breach in history in 2018.
The link to this NYT story is not embedded (consider blocking the GTM tracker on the site)
TECHCRUNCH.com fingerprints the user’s device and dumps 2-7 Yahoo trackers in their browser, depending on the page loaded.
TECHCRUNCH.com has embed deals with 27 third parties, including Google, Facebook, Yahoo and WordPress.
15 of these are known tracking or advertising companies like Google, Facebook, Yahoo, WordPress, Atwola, Typekit, AOL and Scorecard Research.
TECHCRUNCH.com sets 4 short-term and 5 long-term cookies itself while allowing its third party partners (including 4 tracking companies) to set 1 short-term and 7 long-term cookies.
It uses Google Analytics but interestingly enables the anonymization feature so some user details are not sent to Google servers.
All servers are based in the US so forget about GDPR privacy rules.
THE REGISTER .co.uk
Although a great resource with well-written and groundbreaking stories, it isn’t as private as I’d hoped.
There is no obvious digital fingerprinting but it seems to have gathered more Google syndication in the last couple of years, (9 of its 16 embed deals are with the Big G). 12 known tracking or advertising companies like Google, Admedo and the Amp Project gather data.
THE REGISTER sets 3 short-term and 4 long-term cookies itself while allowing its third party partners (including 2 tracking companies) to set 7 long-term cookies.
It uses Google Analytics without enabling the anonymization feature so user details are sent to Google servers. Although THE REGISTER’s domain is in the UK, both its data and email servers are based in the US so GDPR privacy rules could be compromised here, though I am not a lawyer.
The Guardian .com
I’ve been sitting on this for a few years now but it’s about time I blew the whistle.
I first noticed the Guardian newspaper’s website was digitally fingerprinting its users’ devices when they published an article on, um, Canvas Fingerprinting.
That page has been removed since, but they still continued doing it, long before Facebook, though not before Google.
I’ve kept quiet about this surveillance because I admire the paper for its incredible journalism, especially exclusives like the Snowdon revelations, and its general championing of freedom issues across many sectors of society. But the hypocrisy has started to wear me down.
Some tracking items & widgets embedded on Guardian .com and captured by Ublock Origin
The Guardian has embed deals with a privacy-sapping 142 third parties, including Google, Amazon, Bing, Twitter, and, despite being one of its main critics, Facebook. 132 of these third party partners are known tracking or advertising companies like Google, Amazon, Facebook, Turn, AddThis, Scorecard Research, Blue Kai, Twitter Analytics, Rubicon, Criteo and Quantserve.
Some of the most aggressive trackers like GTM, AddThis and Turn are present here.
The Guardian also sets 3 short-term and 5 long-term cookies itself, while allowing its third party partners (including 51 tracking companies) to set 10 short-term and 131 long-term cookies.
Yes, we NEED the Guardian’s continued existence, but castigating Facebook et al while allowing them to track its users doesn’t sit well with me.
The website uses Google Analytics but at least enables the anonymization feature, so some user details are not sent to Google servers.
Although The Guardian’s data servers are in Germany, their email servers are based in the US so GDPR privacy rules could be compromised here, though, again, I am not a lawyer.
In conclusion, I’ve given just 5 examples of popular sites Federation users quote in their posts.
I am NOT advocating a boycott of these sites but politely suggest we don’t OEmbed them, just feature a hyperlink and give readers the heads-up about these privacy concerns.
Alternatively, look for other sources featuring the same story. It’s also worth highlighting which websites do NOT add a tracker when we OEmbed a story, or have a low level of surveillance. Please promote those guys.
#news #fakenews #journalism #FreePress #PressFreedom #theguardian
#privacy #tracking #trackers #facebook #social #mass-surveillance #gdpr #google #location #user #device #setup #private #secure #internet #tips #tricks #online #os #windows #apple #ios #advertising #ad #revenue #streams #developers #media #data #corporations #telemetry #consent #spyware #surveillancecapitalism #humanrights, #anonymity #cookies #surveillance #browser #proxy #relay #network #www #leaks #fingerprint #activity #activitytrackers #thefederation #pods #federation #fediverse #friendica #mastodon #pleroma #socialhome # #Gnusocial #Funkwhale #Peertube #pixelfed #hubzilla #Diaspora
How can Federation users post more safely?
You know how it goes. We find a great story online and we want to share it with our supporters or feature it in our feed with appropriate hashtags for maximum reach.
But do we check the website featuring the story for privacy before we post?
When we embed a link by selecting the OEmbed box (often ticked by default) this displays an image or video on our post from the website we’ve featured.
They may look cool, but these images can contain beacons or other trackers. Embedded trackers also load into the browsers of any user who scrolls down the public feeds.
Should we ensure the website is safe before linking to it?
Actually some do. Posts that don’t feature a website’s images (with the OEmbed box unchecked as below) can actually protect Federation users from a serious amount of surveillance.
Some thoughtful users actually reproduce the article’s main points in their post, to protect their readers from visiting the site itself. They usually supply a link to the original content if one wants more detail and perhaps is protected with tracker blockers. So how do we know a site we recommend is safe?
Here are some privacy tips:
• Consider checking the page’s security/privacy before linking to it.
Using Tor, or a beefed-up Firefox fork or version (for detecting digital fingerprinting), and/or Disconnect, NoScript or Ublock Origin add-ons to reveal a multitude of trackers.
• There is usually more than one website featuring the same story. Consider picking the website with the least trackers and digital fingerprinting.
• Issue a warning in your post about any of the site’s surveillance methods and privacy issues you’ve detected.
• Embedding a picture/video could also make users vulnerable. Consider unchecking the OEmbed box.
In the next post I’ll give examples of a number of websites with low privacy and excessive trackers, commonly featured in the public feeds.
#secure #internet #windows #apple #revenue #streams #developers #Social #media #data #corporations #tracking #trackers #facebook #social #mass-surveillance #gdpr #google #alphabet #location #user #device #setup #private #secure #internet #chrome #tips #tricks #online #os #mobile #ie #safari #apple #ios #ad #revenue #streams #developers #telemetry #consent #windows10 #windows7 #windows81 #microsoft #linux #debian #ubuntu #mate #gnome #grub #iphone #firefox #advertising #android #chrome #browser #browsers #phone #phones #device #Tor #privacy, #humanrights, #anonymity #internet #security #cookies #surveillance #browser #web #onion #router #torbrowser #bridge #proxy #relay #leaks #fingerprint #activity #activitytrackers #spyware #surveillancecapitalism
Turn off location. PART 2
Apart from Edge, which has to be tweaked from the W10 OS, most browsers can have their location services disabled through their menu. I cannot list EVERY browser in existence here, as I have a life. If you have other browser location tweaks, please share.
1. Click on Chrome’s menu and select the cog symbol – SETTINGS
2. Click the SHOW ADVANCED SETTINGS link at the bottom. Don’t be afraid of the ‘advanced’ implication, this has been worded to scare off timid sheep from reclaiming their privacy.
3. Click the CONTENT SETTINGS button under PRIVACY. While we’re here, consider unchecking the boxes urging us to use web services to ‘resolve navigational errors’ or ‘prediction services’ to auto complete our searches. This is just more telemetry.
4. Scroll down to the LOCATION section and select DO NOT ALLOW ANY SITE TO TRACK YOUR PHYSICAL LOCATION.
There are countless versions and forks of Firefox so, to save column inches, here are the about:config settings. Firefox (and especially Tor) should have location disabled.
To check, type about:config in the address bar and press enter.
• Press the button that says "I'll be careful, I promise!" or “I’ll take the risk!”
Type the terms in the search box and toggle to the following settings if you don't already have them:
geo.enabled = false → Disables the browser geolocation feature.
WITHOUT THE [SQUARE BRACKETS][geo].provider.ms-windows-location = false → Disables windows location.
geo.wifi.uri → Mozilla has used Google's geolocation service in Firefox by default for many years, so check for any Google addresses that may be here. This is an example of how Mozilla has lied about some of its user privacy claims – it seems to be posting our movements to the Big G. Erase any Google address and leave this field blank.
1. Click the TOOLS menu
2. Select INTERNET OPTIONS.
3. Click the PRIVACY tab at the top of the window
4. Check the NEVER ALLOW WEBSITES TO REQUEST YOUR PHYSICAL LOCATION box.
5. Click “OK” to save changes.
To disable Location in Safari, first click Safari > Preferences.
• Select the PRIVACY ‘hand’ icon at the top of the window.
• Under WEBSITE USE OF LOCATION SERVICES, select DENY WITHOUT PROMPTING to prevent all websites from asking to show your location.
Like the iOS, iPhone apps have to explain how they’ll use location data and must allow users to turn it off. Of course, access to this info is usually well hidden and when we find it it’s often written in brief, vague terms. To find LOCATION, do the following:
- Tap the SETTINGS icon, usually a cog or wheel
- Tap the PRIVACY icon, usually a white hand on a blue background
- Tap LOCATION SERVICES
• ALWAYS allow location (not recommended – it draws data even when it’s off)
• NEVER allow location
• Allow WHILE USING
The last one should be used for apps we think need to know our location or may be affected by disabling, although I’d venture there are few or none of these.
If you just want to block location on EVERYTHING just swipe that green switch in the pic above, to the left.
Always delete apps you never use. Limits spyware and saves battery.
Owned by Google, Android doesn’t stop snooping apps snuffle away location data, even when they’re turned off. It doesn’t even have the iPhone feature to turn off location when not using an app. After much criticism on this, on newer phones, the Big G reckons developers are only allowed to collect data “a few times an hour,” but if we don’t want ANY data collected, we have to do it from the phone’s main SETTINGS menu.
Older Androids are simpler to tweak
1. Open SETTINGS
2. Tap SECURITY and/or LOCATION
3. Uncheck ACCESS TO MY LOCATION box
4. Swipe GPS SATELLITES button to OFF
Like the iPhone, newer Android phones show a list of individual apps and allow us to turn off each app’s location button. Otherwise we can switch all location snoops off with the main button in APP LEVEL PERMISSIONS.
WIPE THE DATA GOOGLE HAVE COLLECTED
To be fair to Google, who collect data like bees collect pollen, they do have a portal where we can remove our location data (and more).
I am not sure if we can access all the data Google collects about us, or our device, if we DON’T have an account with one of their services, (#Gmail, Google Docs, #YouTube, Android, Google Drive, G+, etc) but it’s worth going through the data they’ve collected "to improve our advertising experience".
Obviously, we will be tracked within an inch of our life at Google central, but will have to suck it up if we want to clear our data. Be prepared for eyes to water and flabbers to be gasted.
#privacy #tracking #trackers #facebook #social #patent #mass-surveillance #surveillance #gdpr #google #alphabet #location #user #what3words #device #setup #private #secure #internet #chrome #tips #tricks #online #os #windows #mobile #ie #safari #apple #ios #ad #revenue #streams #developers #Social #media #data #corporations #telemetry #consent #windows10 #windows7 #windows81 #microsoft #linux #debian #ubuntu #mate #gnome #grub #iphone #firefox #advertising #android #chrome #browser #browsers #phone #phones #device