Google Tracking

Discussion in 'privacy problems' started by Rainwalker, Mar 10, 2016.

  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I just noticed that the only way I can read forum postings here is to allow Google tracking. I have no such problem with other forums. What gives?
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    Last edited: Mar 10, 2016
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    None Google in my experience tracking this site. You could install something like uBlock Origin and run it in medium settings to confirm yourself. None https in wilderssecurity forum though by running with something like HTTPS Everywhere..
     
  4. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    The only scripts on this forum are from the wilderssecurity.com domain. My script blocker is not finding any 3rd party content at all. The only thing I can think of is it being injected from elsewhere. There have been cases of ISPs doing this.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Huh? Google indexes Wilders very quickly, and it has high rank in search results. But that just reflects post quality :)
    I don't use UBlock Origin, but I do use NoScript (no scripts to block), AdBlock Plus (no third-party resources found) and Privacy Badger (no third-party resources found). Please provide evidence for you claims.
    Huh? Just accept the self-signed certificate, and use HTTPS. You can see the SHA-256 fingerprint here: https://www.dbshmc5frbchaum2.onion/Wilders_SHA-256_Fingerprint.html (but you need Tor for that). The pages on erehwon.dev.null are signed by this key: https://www.wilderssecurity.com/members/mirimir.121604/ You can also ask other Wilders users to confirm that SHA-256 fingerprint, via independent channels.
     
  6. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I use a program that will block sites if certain keywords, of my choosing, are used in the URL . This has always worked fine with Wilders; allowing me to interact. I have tried a couple of different browsers trying to sort this out and results are the same. As long as I keyword 'Google' I am blocked from Wilders and only Wilders.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    What program and version?

    My first question is whether it could/would be detecting the string "google" in:

    Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'
     
    Last edited: Mar 10, 2016
  8. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    There are two schools of thought about sharing ones security setup with the world. I belong to Paranoids Are Us, so please do not take offense. The program I use has worked fine for years and there have been no recent updates to it. The Google problem just started happening and of course is disconcerting. I will do a malware scan with a couple of antimalware programs. I'll report back. TheWind Bringeth, what and where is the string you mentioned?
     
  9. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    @Rainwalker: I don't take offense to that at all. Please notice that I edited my post. I do see the string google in some response headers I'm getting from Wilders.
     
  10. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK...and is this something new? Very new?
    I'll be signing out until tomorrow.
    One more thing. The word blocking report reads www.wilderssecurity.com/threads/googletracking.384408/
     
    Last edited: Mar 10, 2016
  11. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    To mirimir.

    I am not the OP and as told I see no google scripts in wilderssecurity. We are not talking here about what Google search engine gathers from sites, understand?

    Yes, I noticed too, before my post above when trying to force HTTPS Everywhere to use https for this site, that it does have a self-signed certificate that the browser will complain. So I was not totally clear in my post above that none https is existing. None in a sense that HTTPS Everywhere knows in its database to force. Anyways I did not allow it. Your post is most misleading to help any of the OP.
     
  12. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    I use 3 different blockers and none pick google here.
     
  13. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    Which appears to be the top level link for a thread (this one)... and the response to those does contain said Content-Security-Policy policy header... and you wouldn't be able to read a thread if that response is blocked.

    Edit: However, that particular example also has "google" in the URL/request.
     
    Last edited: Mar 10, 2016
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Well, I had no clue what OP was referring to. Because it's clear that Wilders is not calling any third-party resources! But now, I get that the issue is the Content-Security-Policy policy header. It seems that LWM has used a generic one that allows third-party resources that the site isn't using. If it were my site, I'd strip out irrelevant stuff. Maybe he will.
    I still don't know what "none https is existing" means. Of course HTTPS Everywhere won't force HTTPS on sites with self-signed certificates. But that, in my opinion, is a bug in HTTPS Everywhere, and not a problem caused by the site. So relying on HTTPS Everywhere is a little dangerous, no?
     
  16. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Edit: However, that particular example also has "google" in the URL/request.[/QUOTE]

    That Wilders would have google linked in there makes me a bit uncomfortable.
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,180
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Dude, Google isn't "linked"!
     
  19. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    Well, don't be. I only meant that the word "google" appears in the URL. Here is that URL:

    https://www.wilderssecurity.com/threads/google-tracking.384408/

    Do you see the word "google-tracking" in that URL? It appears there because the title of this thread (which you chose) is "Google Tracking". Some forum software simply puts words from the title into the URL. If you had given this thread the title "Elephant Tracking", the URL would have looked like this:

    https://www.wilderssecurity.com/threads/elephant-tracking.384408/

    Basically, you can't just search for the word "Google" appearing somewhere in URLs, HTTP Requests, and/or HTTP Responses, and when they are found assume there is a Google related privacy issue. You you need to look for more specific things. Example:
    1. https://google.com/tracking?url=example.com
    2. https://example.com/i-hate-google.html
    In #1, the word google appears in the hostname portion of a URL, and in this example means that a Google server will be contacted. You'd be concerned about this. In #2, the word google appears in the path portion of the URL and isn't a problem. So these search rules you create, and the way the program works, must differentiate between the two. Another example:
    1. The URL/request containing https://ssl.google-analytics.com
    2. A Content-Security-Policy header containing https://ssl.google-analytics.com
    Assuming the matching is done correctly, #1 would reflect an attempt to visit a Google server. You'd be concerned about this. The #2 suggests a Google server *might* be contacted at times, but you wouldn't know for sure until you actually saw it happen. If it did happen, you should see a #1. So #2 is more of a warning sign... something that needs to be investigated.
     
  20. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK...understand and thank you TheWindBringeth for taking time to detail this.
     
  21. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    You are welcome, and thank you for posting about it. You made me, and possibly others, aware of something that I, and possibly others, didn't know :)
     
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  23. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Our domain name is registered with "Register.com" and has been since the name was created early in 2002.

    But, when you chose the option (and pay the extra fee) so that it doesn't list your personal name, address and phone number for all to see, they put that information in its place. It's a service that keeps the domain name owners information private.
     
  24. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,180
Loading...