The growing art of data dodging

[Dude111]

www.marketplace.org/topics/tech/growing-art-data-dodging

The holidays are prime Internet usage time for most of us: buying gifts, booking travel, emailing about holiday plans. [more]

4 cookies were blocked when i went there (All 3rd party)

I saw someone say there are 7 trackers on the site! (They were all blocked by thier ghostery program (I wonder if those trackers ONLY CAN WORK if you have scripts enabled (I assume most rely on scripts)))

 

[moonbounce]

Depending on what OS you are using, you can do that yourself. If you have Window7 just go into tools and internet options and click on privacy and walaa. If I remember correctly Windows XP Pro is similar. Also in tools/privacy, you can block sites from requesting your physical location.

Moonbounce

 

[gewecke]

I use ghostery on firefox with windows 7 ( don't want win8) and it works quite well! :wink:

73,
n9zas

 

[QDP2012]

The growing art of data dodging | Marketplace.org
I wonder if those trackers ONLY CAN WORK if you have scripts enabled

Most stores seem to use basic cookies and/or persistent cookies (a.k.a. Flash cookies). Many also use combinations of server-side scripting along with client-side scripting to track visitors' actions.

Client-side tracking can involve cookies, persistent cookies, etc., is easier and less-costly for site-managers to use, and often can be avoided/prevented by adjusting script and cookie settings on the client's computer or browser. Add-ons (like NoScript, BetterPrivacy, etc. for FireFox) help prevent client-side scripting and tracking.

Server-side tracking does not need cookies, is more difficult for concerned clients to avoid or prevent (unless using proxy servers, etc.), and is more expensive as it requires more resources on the server-side.

An example of server-side tracking is when a person uses a search-engine like Google.com (example: searches for news site "CNN") and clicks on a search-result link. At first, when mousing-over the link, it looks like www.cnn.com. But, at the moment the link is clicked, the real-link is revealed, which is a Google "redirecting link"

example: http://www.google.com/url?q=http://www.cnn.com/&sa=...​

that allows Google to collect statistical information before directing the visitor to the intended target site. Along with this "redirecting link", server administrators can collect browser-info, IP-info, and other information based upon the server-side information from the visitor's connection to their site.​

Also, if a website-visitor is using his or her employer's computer (instead of their home computer) to visit Google or www.cnn.com, the employer that owns the computer can also collect information from its own network routers about the web-traffic to and from its computers. This is the same way the ISPs are able to respond to law-enforcement warrants for web-traffic data and/or reports. They report on traffic or give copies off data that passed through their routers and servers, regardless of their subscribers' browser-settings.

So, disabling scripts in a browser can reduce tracking, but does not eliminate all of it.

Hope this helps,

 

[QDP2012]

Also in tools/privacy, you can block sites from requesting your physical location. Moonbounce

Physical location information also can be retrieved from the data embedded in digital pictures that were taken by newer digital cameras or smartphones. Many devices embed the GPS coordinates of where the picture was taken, along with the time/date, into the picture's file. Unless preventive steps are taken, such information stays with the picture, even when it is posted to sites like Facebook, Pinterest, etc., or sent by e-mail to someone.

Hope this helps,

 

[mancow]

I thought Facebook scrubbed photo metadata.

 

[moonbounce]

Most stores seem to use basic cookies and/or persistent cookies (a.k.a. Flash cookies). Many also use combinations of server-side scripting along with client-side scripting to track visitors' actions.

Client-side tracking can involve cookies, persistent cookies, etc., is easier and less-costly for site-managers to use, and often can be avoided/prevented by adjusting script and cookie settings on the client's computer or browser. Add-ons (like NoScript, BetterPrivacy, etc. for FireFox) help prevent client-side scripting and tracking.

Server-side tracking does not need cookies, is more difficult for concerned clients to avoid or prevent (unless using proxy servers, etc.), and is more expensive as it requires more resources on the server-side.

An example of server-side tracking is when a person uses a search-engine like Google.com (example: searches for news site "CNN") and clicks on a search-result link. At first, when mousing-over the link, it looks like www.cnn.com. But, at the moment the link is clicked, the real-link is revealed, which is a Google "redirecting link"

example: http://www.google.com/url?q=http://www.cnn.com/&sa=...​

that allows Google to collect statistical information before directing the visitor to the intended target site. Along with this "redirecting link", server administrators can collect browser-info, IP-info, and other information based upon the server-side information from the visitor's connection to their site.​

Also, if a website-visitor is using his or her employer's computer (instead of their home computer) to visit Google or www.cnn.com, the employer that owns the computer can also collect information from its own network routers about the web-traffic to and from its computers. This is the same way the ISPs are able to respond to law-enforcement warrants for web-traffic data and/or reports. They report on traffic or give copies off data that passed through their routers and servers, regardless of their subscribers' browser-settings.

So, disabling scripts in a browser can reduce tracking, but does not eliminate all of it.

Hope this helps,

QDP2012

You seem to know a lot about this subject { you leave me in the dark) what is it that you would do to secure a computer from being tracked?

Moonbounce

 

[QDP2012]

I thought Facebook scrubbed photo metadata.

Facebook might try to scrub the metadata. If Facebook is properly scrubbing such information, that is a nice gesture on their part. But, when the photo left the person's home computer and landed on Facebook's servers, any personal metadata details it contained also landed on Facebook's servers. So, the person gives the data to Facebook, and then hopes that Facebook is capable and diligent enough to scrub it (within Facebook's standards, which might or might not be the same standards the person prefers used) before displaying the photo to the world.

Other sites might not offer, or be capable of offering, an equivalent scrubbing service. One site's security standards might be different from another site's, and different enough that the person might need, or prefer, to intentionally limit what details they post to any particular site. This might be more important to users of sites that are known for modifying their security policies in ways that increase the risk to an individual's data-security.

 

[QDP2012]

QDP2012...what is it that you would do to secure a computer from being tracked?
Moonbounce

Well, the short answer is that it is practically impossible to totally secure a networked computer from being tracked because the network packets must include identifiers that help the networking equipment know which packet goes to which computer.

The more realistic security approach is to

• tolerate the tracking that is considered mandatory (like used by banks),
• to allow tracking for convenience when it can be trusted (like your school's or company's website when verifying snow-day closures, etc.), and
• to prevent tracking when undesirable or untrusted, like some of the 3rd-party cookies certain news sites want to leave on your computer.

Properly securing a computer (not just from tracking) includes all forms of security. The particular requirements for securing a computer vary with each computer and its situation(s).

In general, the standard industry protection methods help reduce risk of attack or tracking. These include keeping software updated, and keeping security software current and running. Most current web browsers can be set to automatically delete cookies, temp files, etc. when the browser session closes. This reduces the risk of being tracked over time, but can interfere with expected web site navigation on sites that "require" cookies. Certain plug-ins/add-ons for web browsers can help with this level of protection.

Advanced efforts to avoid tracking might include the use of proxy servers. But, not all proxy servers are trustworthy. Care should be taken before using unknown servers. All passwords should be relatively complex and changed appropriately. (See news article about password strength: 8 Character passwords just got a lot easier to crack)

Also, tracking can occur by those that want to physically rob a social-network user's home. A user can limit data-exposure on social networking sites by using their security features and simply not posting sensitive information (like not giving out a home address and a vacation schedule).

All networked-computer activity can be tracked. The question is whether the tracker has the equipment, skill, and time to successfully complete the tracking effort when compared to the tracked-person's ability to remain anonymous. (Your money can be at risk when your bank site gets hacked even though your computer has not been hacked or tracked. Your activity logs can be discovered when your ISP gets hacked, even though your computer has not been hacked or tracked.) Tracking happens on so many levels, it is nearly impossible to completely control or avoid.

I know this is not a specific step-by-step list on how you can better secure your computer(s). For that I will recommend that you find an experienced and trained computer support specialist in your community. They can examine your situation, and equipment in-person, and recommend a solution to meet your needs, and can help implement it if desired.

Hope this helps,

 

[Confuzzled]

Also, tracking can occur by those that want to physically rob a social-network user's home. A user can limit data-exposure on social networking sites by using their security features and simply not posting sensitive information (like not giving out a home address and a vacation schedule).

One of the simplest ways to protect against that kind of thing: NEVER, EVER post personal information such as your name, address, picture of yourself or home or car, etc. on the web anywhere for any reason!!!

Cookies are essential in some aspects like banking sites or shopping sites (they make shopping carts work). On boards like this, they help with what threads you've read, etc.

 

[moonbounce]

I have third party cookies blocked and tracking by website blocked, and host of other things turned off, I run a firewall and have antivirus software running and always updated, and I have no personal info or banking info on my computer, so my computer would be extremely boring to anyone other than me. I know that if someone wanted to track me bad enough that they could, but they would be seriously wasting their time.

Moonbounce

 

[QDP2012]

One of the simplest ways to protect against that kind of thing: NEVER, EVER post personal information such as your name, address, picture of yourself or home or car, etc. on the web anywhere for any reason!!!

You are right, there! Some computer-crimes investigations team members discourage their spouses from even having Facebook (or any other social networking) accounts at all, simply because of how much personal information most users post, and how impossible it is to truly delete the data once posted. Even when the person tries later to delete their data, probably somewhere, someone, still has a copy of it.

 

[QDP2012]

I have third party cookies blocked and tracking by website blocked, and host of other things turned off, I run a firewall and have antivirus software running and always updated, and I have no personal info or banking info on my computer, so my computer would be extremely boring to anyone other than me. I know that if someone wanted to track me bad enough that they could, but they would be seriously wasting their time.

Moonbounce

This sounds like a responsible approach toward securing your computer and data. Several months ago I saw a comparison chart in a PCWorld.com article reporting on the top security-suites for personal computers. None of the software packages did a completely perfect job of protecting the targeted system during testing, but one thing was clear--only a few of the many tested did successfully defend against the most severe rootkit viruses. Most of the free software versions were very inadequate in many ways, and completely inadequate with respect to rootkits.