'Do Not Track,' the Privacy Tool Used by Millions of People, Doesn't Do Anything October 15, 2018 https://gizmodo.com/do-not-track-the-privacy-tool-used-by-millions-of-peop-1828868324
Privacy-minded people know very well, that "do no track" is merely for show. It is basically: Code: Browser: Please, do not track. WebPage: Umm, nope. Browser: Whatever.
Original intention might have been good, but if there is no way to enforce the setting ("please don't track me? please please pleas...?") then ad companies just continue to show middle finger to it. Also the so called private browsing, (a la incognito) mode should be renamed to something else because it really does not (like some have already said here) hide you tracks in any form whatsoever. The only thing it's good for is if you are afraid that your wife or boss finds out you have been watching porn again instead of working (and not that good even then, if your boss or wife has technical know how...) EDIT: Ah, from that article....W3C.....again....behind another useless ****... There was actually time when they did offer some great things but long gone now....
From the "Do Not Track" feature learn more page: REALLY! The Federal Trade Commission (FTC) decided not to get officially involved and tasked it to (WC3) to work out the details of "Do Not Track" technology. Who controls the W3C? Adobe, Facebok, Google, Netflix, PayPal, Kaiser Permanente, Yahoo!, ... As of 15 October 2018, the World Wide Web Consortium (W3C) has 477 Members and many of them are interested in collecting your data. Powerful corporate interests who IMO is why DNT doesn't do much of anything for the user.
@Compu KTed Ha ha Less relevant advertising? how about no ads at all. As to the rest, good work sherlock! Only goes to show you have to look at every dang "feature" to see the potential scam.
Arguably, it's impossible to be "anonymous" online. Fully anonymous, anyway. Say that someone has ten Wilders accounts. Now of course, I don't, because that violates ToS, and I value participation here. But say that someone does. It'd arguably be hard for them to post actively using all ten. Because shared interests, writing style, etc would eventually link them. Especially if they played sock puppet games, interacting with each other to support, attack, or merely create discord. The same concerns apply to the Internet overall. Except that it's a hugely greater space to get lost in. Finally, all that assumes perfectly anonymous communication methods. And there is arguably no such thing. VPN services do not provide anonymity. Too few users share a given server. Most browsers leak too much about the computer running them. And it's too easy (well, not trivial, but too easy for adversaries with credentials and resources) to force providers to deanonymize users, or to get information directly by compromising their network uplinks. Tor does a pretty good job at anonymity. Each connection (circuit) comprises three relays. Traffic is effectively nested via cryptographic onion routing. Circuits change randomly at ten-minute intervals. And Tor browser is heavily tweaked to prevent leaks, and make all users look alike. However, Tor is vulnerable to coordinated attacks by malicious relays. At least, if enough of them slip by Tor Project oversight on suspicious patterns of relay creation and management. Also, there's always the possibility of 0day exploits. And then there's the potential for traffic analysis by such global adversaries as the NSA. And then, sometimes Tor browser leaks. Or Tor can get bypassed by malware that phones home directly. Unless you have a good firewall setup, or use Whonix. Finally, you can connect to Tor through nested VPN chains, comprising servers from multiple providers. That protects (at least somewhat) against Tor compromise. But against traffic analysis by global adversaries, it's iffy.
Like @mirimir said, there is no such thing as 100% anonymity currently. The vanilla browsers are just too leaky because most of the core developers are more interested of flashy things (adding new APIs, Harware acceleration etc...) than privacy or even security. Either by choise or otherwise (read: money/boss) Just by taking look how long it took for mozilla for example, to fix the remote DNS lookup over SOCKS5 proxy (reported 17 years ago, fixed...maybe..few years ago) https://bugzilla.mozilla.org/show_bug.cgi?id=134105 Or the insecure master password bug reported over 9 years ago: https://bugzilla.mozilla.org/show_bug.cgi?id=524403 (they increased iteration count but are still using insecure PBKDF1, instead of PBKDF2 ) If one does not want to totally throw away traditional GUI browsing (and use things like Lynx or NetSurf browser that have less stuff crammed into them) then best bet is to use Tor Browser or any other of those privacy oriented browser projects out there combined with Tor + VPN (even tought VPN was not really originally meant to be acting as glorified proxy...)
Yeah, well, VPNs were invented for secure network connectivity between trusted peers. So with VPN services, that's you and the proxy server. But there's more to it than secure connectivity with the proxy server. With a VPN connection, you get full TCP/IP connectivity (for tun interfaces) or ethernet connectivity (for tap interfaces). So that lets you transparently proxy all traffic.
That's right. And because it was originally meant for connecting those two networks over insecure, unencrypted Internet there were no such things to worry like DNS leaks or what happens if for some reason or another, VPN connection dies, the routing table modifications that the VPN clients made disappear and you are back to your ordinary plaintext connection. Those things are (if they are, depending of the client implementation) duck taped however each vendor best see fit it. Found this BTW just now: https://www.farces.com/google-goes-evil-by-default-and-you-cant-turn-it-off/ I have no doubts, whatsover of W3C (or Google) intentions anymore....
It's important to make it clear what you think is a threat, what do you value or wanna protect, and what is your possible goal. Otherwise these discussion are prone to go extreme or confusion. If you contemplate, you'll find anonymity is not a necessary condition for privacy and vice versa. DNT is still useful as we can see who respect user decision - only problem is they are few. Browser tracking and targeted ads pose impo question on privacy - even when one knows it's not tied to his real identity (at least unless you login w/ them), many ppl feel privacy invasion, which some classical explanation for privacy may fail (But the fact is, every effort to define or extract essential property of privacy have been failed). Obviously ad-providers and privacy-minded consumers see privacy differently, but it's inevitable by its nature. Pardon me for prejudice but I feel current situation may be partly resulted from western way of thinking: self-focused and short-sighted view which ignore sustainability and overall goodies on society (tragedy of the Commons). Web master just want more revenue, ad giants just want more customer. Now gradual increase in ad-blocker costs them a bit. If this 'battle' goes on, the future of the web will be doomed. But adversity can have big chances - if privacy-assuring ads succeed, even some giants may slowly follow. There're already potential ways to achieve that (mathematically provable privacy formulation). IIRC one reason a British city (or what...I don't remember) diminished surveillance camera is that it turned out they cost too much while not very effective - a few scientific research have shown they do not decrease overall crime (criminals just move to less monitored area), and another research shown employees' productivity degrades when they're monitored, tho they are not consciously aware of. It may be time to strictly examine if targeted ads are truly good for overall economy. A few years ago, I encountered a nice blog. He introduced a product, and put a direct link for it. But besides, he also put an affiliate ad stating sth like (my free translation) "If you don't mind to buy through the ad, I'll get revenue. I'll donate half of it to (NGO or sth)". This in addition to modest ad selection made me smile and happy to click it.
For god's sake mozilla....I just now noticed..... They still haven't rised that dang iteration count for that 9 year old master password bug and changed the bug to P5 ....Lowest priority possible.
Gents, could someone point me to a good article on browser tracking, it's an interesting topic. Also, I use privacy badger, as well as umatrix and ublock. Umatrix is set to allow only first party cookies and block the rest, would this hinder tracking? Umatrix also utilizes various blocklist sources, and I let ublock handle the more advertising-oriented blocklists (lists used in one, are unused in the other). Thanks for thoughts
If this means you block everything except for 1st party cookie (1st & 3rd scripts, XHR, CSS, image, etc.), it should block most tracking tho it'll also break too many sites until you make custom exclusion. Some ppl also combine CanvasBlocker and/or spoof UA and other attributes via uMatrix or other addons to foil fingerprinting. But I'm pessimistic about these efforts and think VM-based compartmentalization is better as long as you take measures for low-level tracking such as webgl. Also spoofing or reducing referrer info and disabling some talkative APIs may be worth consideration.
Everything, and I mean everything about an interactive, rich-media browsing experience is designed to prevent anonymity. The whole basis of free is to grab you, identifiably, market-ready you, by the eyeballs, and keep you tethered and hooked on nominally free internet services. As described above, this results in so many avenues for de-anonymisation it's impossible to protect completely, and dangerous to presume so, depending on your threat model. The future of anonymity (and to a fair extent, liberation from a time-wasting UI that you have to interact with), is medium latency message passing systems, with structured and semi-structured message content. Or course, that way of working is anathema to the current internet behemoths, so don't expect them to provide those services.
Old news. At first I thought it was about the old skool extension from Abine, which is now called Blur. Now that would have been shocking. https://www.abine.com/index.html
DuckDuckGo wants to bring back 'Do Not Track' with draft duck bill May 2, 2019 https://www.theinquirer.net/inquire...-bring-back-do-not-track-with-draft-duck-bill The Do-Not-Track Act of 2019
