RE: [OT] Ad tracking and security

2016-10-05 Thread Ken Schaefer 
Both Site A and Site B (and C, D, E, F, G, H, I…) have an embedded/linked 
script, or an Ad, or an invisible 1x1 .gif served from Site Z. The cookie’s 
source is that of Site Z, not Site A or Site B. Site Z then shares the data 
with advertisers, hosts and everyone else that’s willing to pay.

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of Wallace Turner
Sent: Wednesday, 5 October 2016 11:38 AM
To: ozDotNet 
Subject: Re: [OT] Ad tracking and security

I had a quick look into this because straight away i thought the scenario Greg 
described wouldnt be possible just with cookies - that is if you go to site-A 
and it creates a cookie how would this cookie then be sent to site-B to 
determine its the same person?

As Ken says It appears that they are able to generate a unique fingerprint:
>>We look for browser type, screen size, active plugin data, active installed 
>>software, font usage, font size, time zones, IP, and countless other unique 
>>ways to correlate machines into unique ID’s  [1]

This same fingerprint is generated on site-A and site-B and they then serve ads 
- you can of course boycott the sites that participate in this ad network (I 
would like to know the scope of the various networks)
I would assume (hope) that adblock or similar prevents the javascript calls to 
the ad networks...


[1]: https://meteora.co/user-tracking-without-cookies/

On Wed, Oct 5, 2016 at 7:57 AM, Ken Schaefer 
mailto:k...@adopenstatic.com>> wrote:
Lots of ways you can get tracked, from IP address to cookies, to running 
scripts in your browser to get a “fingerprint”
Lots of ways to try to limit this.

Google “how advertisers track you” (or maybe using 
www.DuckDuckGo.com<http://www.DuckDuckGo.com>  might be more apropos)

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of Greg Keogh
Sent: Wednesday, 5 October 2016 10:40 AM
To: ozDotNet mailto:ozdotnet@ozdotnet.com>>
Subject: [OT] Ad tracking and security

Folks, this would normally be a Friday topic, but can someone explain how this 
is possible? ...

Last week my wife purchased some clothes online from 'Tread Store'. This 
morning I was at her PC searching in IE for some technical answers and I 
followed a link to Experts Exchange. In the discussion there I see a large 
flashing banner ad for Tread Store. I deleted a handful of suspicious cookies, 
cleared the cache and went back to the page and the ads are still there.

How the friggin' hell are they doing this? Is it simply by our IP address? If 
so, then there's not much I can do to stop this tracking without using a VPN or 
Tor browsing. This data collection creep is a serious worry. We order clothes, 
food, music, books and PC consumables online, so I presume it's all recorded. I 
also presume that as subscribers to The Age newspaper they are tracking every 
click we make. YouTube also records every video you watch. From this 
information you can produce a pretty good profile of someone you've never met. 
Some of us also voted online ... worried!?

Greg K

Re: [OT] Ad tracking and security

2016-10-04 Thread mike smith 
You're logged into gmail on another tab?  You're logged into Ingress, or
Pokemon Go?  Or GoogleDrive, or ... you get the idea.

Same principle would apply for the others.  (FB)

On Wed, Oct 5, 2016 at 4:54 PM, Davy Jones  wrote:

> I use, Adblock plus, Ghostery and no script.
>
> Every site I visit has JavaScript tuned off, then I choose which js to run
> until the site is functional. Some sites NY Times/huffpost for example have
> so many trackers / ad servers that I just close the window.
>
> Davy
>
> Sent from my iPhone
>
> On 5 Oct 2016, at 02:59, Greg Keogh  wrote:
>
> I thought I’d read that even common adblocker programs are now deciding
>> which ads to let through (ie: who has paid them to be “relevant”). I think
>> “Adblock Plus” was the topic of the article.
>>
>
> I've been using ABP for several months now in IE11 on my work machine, and
> it's quite good, as it seems to remove a lot of garish garbage from the
> screens, but not all. I have unticked "Allow some non-intrusive
> advertising". The mere presence of such an option indicates that someone
> has gotten to the ABP people and corrupted or bribed them into allowing
> certain paid ads through. They claim this is an honest and necessary
> feature, but I think they're a bunch of traitors to the intellectual
> aspirations of Western Civilisation.
>
> I would like to add patterns to the ABP block list, but the documentation
> is impenetrable or incomplete even to a developer, and when I did locate
> the magic file and assumed it was the right one, adding my lines had no
> effect. The file is gigantic and editing it manually is an unreliable
> experience. The instructions on the ABP site don't seem to match reality,
> or they're talking about different browsers and don't tell you that. I
> don't think ABP blocks cookies, but I've not investigated.
>
> I have IE11 set to prompt for all cookies. For a couple of hours you will
> be prompted to madness, but then it slows away to nothing and you can be
> sure that only necessary ones are present. I wrote a small app to list
> cookies in a grid and I can delete bad ones.
>
> *GK*
>
>


-- 
Meski

 http://courteous.ly/aAOZcv

"Going to Starbucks for coffee is like going to prison for sex. Sure,
you'll get it, but it's going to be rough" - Adam Hills

Re: [OT] Ad tracking and security

2016-10-04 Thread Davy Jones 
I use, Adblock plus, Ghostery and no script.

Every site I visit has JavaScript tuned off, then I choose which js to run 
until the site is functional. Some sites NY Times/huffpost for example have so 
many trackers / ad servers that I just close the window.

Davy 

Sent from my iPhone

On 5 Oct 2016, at 02:59, Greg Keogh  wrote:

>> I thought I’d read that even common adblocker programs are now deciding 
>> which ads to let through (ie: who has paid them to be “relevant”). I think 
>> “Adblock Plus” was the topic of the article.
>> 
> 
> I've been using ABP for several months now in IE11 on my work machine, and 
> it's quite good, as it seems to remove a lot of garish garbage from the 
> screens, but not all. I have unticked "Allow some non-intrusive advertising". 
> The mere presence of such an option indicates that someone has gotten to the 
> ABP people and corrupted or bribed them into allowing certain paid ads 
> through. They claim this is an honest and necessary feature, but I think 
> they're a bunch of traitors to the intellectual aspirations of Western 
> Civilisation.
> 
> I would like to add patterns to the ABP block list, but the documentation is 
> impenetrable or incomplete even to a developer, and when I did locate the 
> magic file and assumed it was the right one, adding my lines had no effect. 
> The file is gigantic and editing it manually is an unreliable experience. The 
> instructions on the ABP site don't seem to match reality, or they're talking 
> about different browsers and don't tell you that. I don't think ABP blocks 
> cookies, but I've not investigated.
> 
> I have IE11 set to prompt for all cookies. For a couple of hours you will be 
> prompted to madness, but then it slows away to nothing and you can be sure 
> that only necessary ones are present. I wrote a small app to list cookies in 
> a grid and I can delete bad ones.
> 
> GK

Re: [OT] Ad tracking and security

2016-10-04 Thread Greg Keogh 
>
> I thought I’d read that even common adblocker programs are now deciding
> which ads to let through (ie: who has paid them to be “relevant”). I think
> “Adblock Plus” was the topic of the article.
>

I've been using ABP for several months now in IE11 on my work machine, and
it's quite good, as it seems to remove a lot of garish garbage from the
screens, but not all. I have unticked "Allow some non-intrusive
advertising". The mere presence of such an option indicates that someone
has gotten to the ABP people and corrupted or bribed them into allowing
certain paid ads through. They claim this is an honest and necessary
feature, but I think they're a bunch of traitors to the intellectual
aspirations of Western Civilisation.

I would like to add patterns to the ABP block list, but the documentation
is impenetrable or incomplete even to a developer, and when I did locate
the magic file and assumed it was the right one, adding my lines had no
effect. The file is gigantic and editing it manually is an unreliable
experience. The instructions on the ABP site don't seem to match reality,
or they're talking about different browsers and don't tell you that. I
don't think ABP blocks cookies, but I've not investigated.

I have IE11 set to prompt for all cookies. For a couple of hours you will
be prompted to madness, but then it slows away to nothing and you can be
sure that only necessary ones are present. I wrote a small app to list
cookies in a grid and I can delete bad ones.

*GK*

RE: [OT] Ad tracking and security

2016-10-04 Thread 罗格雷格博士 
There was also something about techniques that Google was now deploying to 
circumvent most of the ad blockers as well. I think that involved making their 
advertiser sites look like they aren’t who they actually are, at least at first.

I think this is just going to get murkier and murkier. Like it or not, search 
engine companies are funded by ads. It’s not in Google’s (or similar company’s) 
interests to give you an ad free experience unless you are paying them some 
other way.

Old saying is that if the service is free, you are the product.

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> | 
http://greglow.me<http://greglow.me/>

From: Greg Low (罗格雷格博士)
Sent: Wednesday, 5 October 2016 11:47 AM
To: ozDotNet 
Subject: RE: [OT] Ad tracking and security

I thought I’d read that even common adblocker programs are now deciding which 
ads to let through (ie: who has paid them to be “relevant”). I think “Adblock 
Plus” was the topic of the article.

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> | 
http://greglow.me<http://greglow.me/>

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Wallace Turner
Sent: Wednesday, 5 October 2016 11:38 AM
To: ozDotNet mailto:ozdotnet@ozdotnet.com>>
Subject: Re: [OT] Ad tracking and security

I had a quick look into this because straight away i thought the scenario Greg 
described wouldnt be possible just with cookies - that is if you go to site-A 
and it creates a cookie how would this cookie then be sent to site-B to 
determine its the same person?

As Ken says It appears that they are able to generate a unique fingerprint:
>>We look for browser type, screen size, active plugin data, active installed 
>>software, font usage, font size, time zones, IP, and countless other unique 
>>ways to correlate machines into unique ID’s  [1]

This same fingerprint is generated on site-A and site-B and they then serve ads 
- you can of course boycott the sites that participate in this ad network (I 
would like to know the scope of the various networks)
I would assume (hope) that adblock or similar prevents the javascript calls to 
the ad networks...


[1]: https://meteora.co/user-tracking-without-cookies/

On Wed, Oct 5, 2016 at 7:57 AM, Ken Schaefer 
mailto:k...@adopenstatic.com>> wrote:
Lots of ways you can get tracked, from IP address to cookies, to running 
scripts in your browser to get a “fingerprint”
Lots of ways to try to limit this.

Google “how advertisers track you” (or maybe using 
www.DuckDuckGo.com<http://www.DuckDuckGo.com>  might be more apropos)

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of Greg Keogh
Sent: Wednesday, 5 October 2016 10:40 AM
To: ozDotNet mailto:ozdotnet@ozdotnet.com>>
Subject: [OT] Ad tracking and security

Folks, this would normally be a Friday topic, but can someone explain how this 
is possible? ...

Last week my wife purchased some clothes online from 'Tread Store'. This 
morning I was at her PC searching in IE for some technical answers and I 
followed a link to Experts Exchange. In the discussion there I see a large 
flashing banner ad for Tread Store. I deleted a handful of suspicious cookies, 
cleared the cache and went back to the page and the ads are still there.

How the friggin' hell are they doing this? Is it simply by our IP address? If 
so, then there's not much I can do to stop this tracking without using a VPN or 
Tor browsing. This data collection creep is a serious worry. We order clothes, 
food, music, books and PC consumables online, so I presume it's all recorded. I 
also presume that as subscribers to The Age newspaper they are tracking every 
click we make. YouTube also records every video you watch. From this 
information you can produce a pretty good profile of someone you've never met. 
Some of us also voted online ... worried!?

Greg K

Re: [OT] Ad tracking and security

2016-10-04 Thread David Connors 
On Wed, 5 Oct 2016 at 10:38 Wallace Turner  wrote:

> I had a quick look into this because straight away i thought the scenario
> Greg described wouldnt be possible just with cookies - that is if you go to
> site-A and it creates a cookie how would this cookie then be sent to site-B
> to determine its the same person?
>

Retargetting companies are the PITA middleman.

You go to Site A and it embeds some crap from Taboola or whoever and then
you go to Site B and it does the same. Both sites then have a relationship
with Taboola to get access to the mined data.

David.

-- 
David Connors
da...@connors.com | @davidconnors | LinkedIn | +61 417 189 363

RE: [OT] Ad tracking and security

2016-10-04 Thread 罗格雷格博士 
I thought I’d read that even common adblocker programs are now deciding which 
ads to let through (ie: who has paid them to be “relevant”). I think “Adblock 
Plus” was the topic of the article.

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> | 
http://greglow.me<http://greglow.me/>

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of Wallace Turner
Sent: Wednesday, 5 October 2016 11:38 AM
To: ozDotNet 
Subject: Re: [OT] Ad tracking and security

I had a quick look into this because straight away i thought the scenario Greg 
described wouldnt be possible just with cookies - that is if you go to site-A 
and it creates a cookie how would this cookie then be sent to site-B to 
determine its the same person?

As Ken says It appears that they are able to generate a unique fingerprint:
>>We look for browser type, screen size, active plugin data, active installed 
>>software, font usage, font size, time zones, IP, and countless other unique 
>>ways to correlate machines into unique ID’s  [1]

This same fingerprint is generated on site-A and site-B and they then serve ads 
- you can of course boycott the sites that participate in this ad network (I 
would like to know the scope of the various networks)
I would assume (hope) that adblock or similar prevents the javascript calls to 
the ad networks...


[1]: https://meteora.co/user-tracking-without-cookies/

On Wed, Oct 5, 2016 at 7:57 AM, Ken Schaefer 
mailto:k...@adopenstatic.com>> wrote:
Lots of ways you can get tracked, from IP address to cookies, to running 
scripts in your browser to get a “fingerprint”
Lots of ways to try to limit this.

Google “how advertisers track you” (or maybe using 
www.DuckDuckGo.com<http://www.DuckDuckGo.com>  might be more apropos)

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of Greg Keogh
Sent: Wednesday, 5 October 2016 10:40 AM
To: ozDotNet mailto:ozdotnet@ozdotnet.com>>
Subject: [OT] Ad tracking and security

Folks, this would normally be a Friday topic, but can someone explain how this 
is possible? ...

Last week my wife purchased some clothes online from 'Tread Store'. This 
morning I was at her PC searching in IE for some technical answers and I 
followed a link to Experts Exchange. In the discussion there I see a large 
flashing banner ad for Tread Store. I deleted a handful of suspicious cookies, 
cleared the cache and went back to the page and the ads are still there.

How the friggin' hell are they doing this? Is it simply by our IP address? If 
so, then there's not much I can do to stop this tracking without using a VPN or 
Tor browsing. This data collection creep is a serious worry. We order clothes, 
food, music, books and PC consumables online, so I presume it's all recorded. I 
also presume that as subscribers to The Age newspaper they are tracking every 
click we make. YouTube also records every video you watch. From this 
information you can produce a pretty good profile of someone you've never met. 
Some of us also voted online ... worried!?

Greg K

Re: [OT] Ad tracking and security

2016-10-04 Thread Wallace Turner 
I had a quick look into this because straight away i thought the scenario
Greg described wouldnt be possible just with cookies - that is if you go to
site-A and it creates a cookie how would this cookie then be sent to site-B
to determine its the same person?

As Ken says It appears that they are able to generate a unique fingerprint:
>>*We look for browser type, screen size, active plugin data, active
installed software, font usage, font size, time zones, IP, and countless
other unique ways to correlate machines into unique ID’s  [1]*

This same fingerprint is generated on site-A and site-B and they then serve
ads - you can of course boycott the sites that participate in this ad
network (I would like to know the scope of the various networks)
I would assume (hope) that adblock or similar prevents the javascript calls
to the ad networks...


[1]: https://meteora.co/user-tracking-without-cookies/

On Wed, Oct 5, 2016 at 7:57 AM, Ken Schaefer  wrote:

> Lots of ways you can get tracked, from IP address to cookies, to running
> scripts in your browser to get a “fingerprint”
>
> Lots of ways to try to limit this.
>
>
>
> Google “how advertisers track you” (or maybe using www.DuckDuckGo.com
> might be more apropos)
>
>
>
> *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-bounces@
> ozdotnet.com] *On Behalf Of *Greg Keogh
> *Sent:* Wednesday, 5 October 2016 10:40 AM
> *To:* ozDotNet 
> *Subject:* [OT] Ad tracking and security
>
>
>
> Folks, this would normally be a Friday topic, but can someone explain how
> this is possible? ...
>
>
>
> Last week my wife purchased some clothes online from 'Tread Store'. This
> morning I was at her PC searching in IE for some technical answers and I
> followed a link to Experts Exchange. In the discussion there I see a large
> flashing banner ad for Tread Store. I deleted a handful of suspicious
> cookies, cleared the cache and went back to the page and the ads are still
> there.
>
>
>
> How the friggin' hell are they doing this? Is it simply by our IP address?
> If so, then there's not much I can do to stop this tracking without using a
> VPN or Tor browsing. This data collection creep is a serious worry. We
> order clothes, food, music, books and PC consumables online, so I presume
> it's all recorded. I also presume that as subscribers to *The Age*
> newspaper they are tracking every click we make. YouTube also records every
> video you watch. From this information you can produce a pretty good
> profile of someone you've never met. Some of us also voted online ...
> worried!?
>
>
>
> *Greg K*
>

Re: [OT] Ad tracking and security

2016-10-04 Thread Greg Keogh 
>
> There might be a few text based BBSes kicking around that Greg could
> subscribe to.
>

Who says they can't track those over a dial-up?! Haven't you seen the 1983
movie *Wargames*? -- *GK*

Re: [OT] Ad tracking and security

2016-10-04 Thread Greg Keogh 
>
> Google “how advertisers track you” (or maybe using www.DuckDuckGo.com
> might be more apropos)
>

Fascinating search results! I can't see any suspicious cookies (but who
knows!), so I guess this is being done by IP address, something you can't
easily hide without jumping through a few hoops.

Several weeks ago I noticed that YouTube had remembered every video we
watched for the last year. I eventually found an obscure link to clear the
list, but the tracking is done, and clear didn't seem to work anyway. I now
do all video playing and miscellaneous (non work) browsing through the Tor
browser. It's a bit slow and unreliable at times, but it gives me some
comfort. Unfortunately some unavoidable ordering or subscriptions can't be
done anonymously as they think you're coming from Rotterdam or wherever.
It's a real mess!

*GK*

Re: [OT] Ad tracking and security

2016-10-04 Thread David Connors 
On Wed, 5 Oct 2016 at 09:57 Ken Schaefer  wrote:

> Lots of ways you can get tracked, from IP address to cookies, to running
> scripts in your browser to get a “fingerprint”
>
> Lots of ways to try to limit this.
>
The general practice is called "retargetting" and it is a hot space for the
past 12-24 months in digital marketing. It is why all of those companies
with shitty articles about who has the latest boob job or whatever exist at
the bottom of every article (from outbrain, taboola, etc).

There might be a few text based BBSes kicking around that Greg could
subscribe to.

David.

-- 
David Connors
da...@connors.com | @davidconnors | LinkedIn | +61 417 189 363

RE: [OT] Ad tracking and security

2016-10-04 Thread Ken Schaefer 
Lots of ways you can get tracked, from IP address to cookies, to running 
scripts in your browser to get a “fingerprint”
Lots of ways to try to limit this.

Google “how advertisers track you” (or maybe using 
www.DuckDuckGo.com  might be more apropos)

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of Greg Keogh
Sent: Wednesday, 5 October 2016 10:40 AM
To: ozDotNet 
Subject: [OT] Ad tracking and security

Folks, this would normally be a Friday topic, but can someone explain how this 
is possible? ...

Last week my wife purchased some clothes online from 'Tread Store'. This 
morning I was at her PC searching in IE for some technical answers and I 
followed a link to Experts Exchange. In the discussion there I see a large 
flashing banner ad for Tread Store. I deleted a handful of suspicious cookies, 
cleared the cache and went back to the page and the ads are still there.

How the friggin' hell are they doing this? Is it simply by our IP address? If 
so, then there's not much I can do to stop this tracking without using a VPN or 
Tor browsing. This data collection creep is a serious worry. We order clothes, 
food, music, books and PC consumables online, so I presume it's all recorded. I 
also presume that as subscribers to The Age newspaper they are tracking every 
click we make. YouTube also records every video you watch. From this 
information you can produce a pretty good profile of someone you've never met. 
Some of us also voted online ... worried!?

Greg K