If most of the tracking scum was competent enough to even just read its own webserver logs, why do these companies bother with serving hundreds of kilobytes of bullshit JS tracking code for every single page impression?
Conversation
Google Analytics doesn't use fingerprinting. It doesn't get deployed to sites via middleware. It's not deeply integrated into content. So sure, it's easily blocked. It's also not scary. It's doesn't try to bypass using a VPN + Incognito. It's not aimed at tracking individuals.
1
See, this is the issue. People are worried about being tracked by services that are explicitly stated to be gathering analytics and marked as such. Nothing about this is hidden, and it largely doesn't bother trying to evade blocking. Now, what about all the useful content?
1
Even simply talking about third party assets included on a site, a service doing something like providing comments can and does do just as much tracking. However, you can't just opportunistically strip it out since it's part of the functionality.
2
Well, for most sites, I don't give a shit about user comments, so I block them (using uMatrix), including cancers such as Disqus. Just as for most other 3rd party service. On top of that, I contain sites I regularly use or that I login to into different containers inside Firefox.
1
It's one example. You've also clearly given yourself a very unique fingerprint with extensions and your specific configuration and usage of them. The way you describe how you use the browser doesn't sound like a way that gives you the privacy that you're seeking. It stands out.
2
My fingerprint probably looks more like "curl trying to imitate current Firefox on Windows" than "the guy who googled 'big tits porn' yesterday". And I make sure that fingerprint ends up at as little different parties as possible.
1
Third parties receiving the data and providing code aren't limited to the ones with a presence in the web site's client-side code. For example, with the New York Times, you can happily block Google's client-side assets, but how are you going to block the server-side integration?
2
NYT will end up in a container where all referrers are faked, cookies and DOM storage cleared after I close the tab, 1st party isolation in Firefox is enabled, canvas randomized, etc pp.
1
So, as I said, you made yourself stand out from the crowd as incredibly odd and unique to the point that you are guaranteed to receive special attention. I'm sure you also see a lot of extra captchas, etc. across the web. You stand out. You're suspicious. It's a unique signature.
1
1
I certainly do thing that first party isolation should be the default approach in every browser, but I'm not telling people to enable it on their own as a way to improve their privacy, especially with it hidden away. Look back at my original post on Reddit and the thread here.
I don't see a point in going through what I said there again. The core point is the need for fundamental privacy improvements like some of the features you've mentioned, but not as something that a tiny group of people uses, each of them in their own unique way detected as such.
Firefox does actually block lots of shit by default in Privacy Mode (so "normal" users using privacy mode will generate noise I can hide in), and Firefox has introduced GUI to enable tracker blocking in recent versions, thus generating even more noise for me to hide in.
1
That's not noise, and you aren't hiding in it. I don't know what you're talking about. I'll also refer back to my original post and thread again. I already went through enumerating badness, and Firefox is deliberately only doing a very cautious opportunistic form of blocking.
1
Show replies