Tons Of Sites, Including WhiteHouse.gov, In Unwitting AddThis Experiment With Tracking Technology That Is Difficult To Block

from the our-post-cookie-era dept

ProPublica has a new story about the rise of "canvas fingerprinting," a new method of tracking users without using cookies. It's a method that is apparently quite difficult to block if you're using anything other than Tor Browser. In short, canvas fingerprinting works by sending some instructions to your browser to draw a hidden image -- but does so in a manner making use of some of the unique features of your computer, such that each resulting image is likely to be unique (or nearly unique). The key issue here is that the popular "social sharing" company AddThis, which many sites (note: not ours) use to add "social" buttons to their website, had been experimenting with canvas fingerprinting to identify users even if they don't use cookies. As ProPublica's Julia Angwin notes, it's very difficult to block this kind of thing -- and tons of sites make use of AddThis -- including WhiteHouse.gov (whose privacy policy does not seem to reveal this, saying it only uses Google Analytics as a third party provider).

The report does note that others who have tried canvas fingerprinting have found that it's not necessarily accurate enough yet, but the technology appears to keep getting better. Still, AddThis says it's likely to drop it anyway, because it's not good enough yet:
AddThis said it rolled out the feature to a small portion of the 13 million websites on which its technology appears, but is considering ending its test soon. “It’s not uniquely identifying enough,” Harris said.

AddThis did not notify the websites on which the code was placed because “we conduct R&D projects in live environments to get the best results from testing,” according to a spokeswoman.
The company also insisted it wasn't doing anything bad with the tracking, but even if you believe that's true, how long will it be until others make use of similar fingerprinting for more questionable behavior.

Given the attention this is getting, hopefully browsers will at least role out features that allow users more notification and control over such practices. Cookies are hardly a perfect solution, but at least users have control over them.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Jul 22nd, 2014 @ 3:45am

    The advertising efforts have reached a level today that people find "creepy" and "scary" (not my words) when they get the picture of how it works, which is not as easy as it seems.

    If somebody is actively trying to stay away from the tracking and the advertisement you should just let it at that. Chances are you will enrage such person and drive them further away from your product if you insist. I've gave up items I was going to buy with 100% certainty because of such intrusive advertising already, I hate it. And when people get to know how things work they usually want it all blocked too.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 3:57am

    Here is the scary part

    “It’s not uniquely identifying enough,”

    They didn't say they didn't want to track and identify people, they said it wasn't "good enough".

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 3:59am

    Maybe something like RequestPolicy could help by blocking external elements (i.e. the AddThis beacon) other than from the actual domain you're visiting (e.g. Whitehouse.gov).

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    NoahVail (profile), Jul 22nd, 2014 @ 4:05am

    Not too hard to block - yet

    Ghostery blocks AddThis effortlessly.

    Blocking trackers is the same good idea as blocking ads
    because the industries behind ads/trackers
    do not police themselves well enough to have earned our trust.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Bt Garner (profile), Jul 22nd, 2014 @ 4:14am

    Re: Not too hard to block - yet

    DoNotTrackMe also blocks AddThis by default.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 4:18am

    Presumably trying to do a similar thing to panopticlick ( https://panopticlick.eff.org/ ) from a few years ago.

    The "trick" is managing to get unique enough with out tripping warnings to the users and giving the game away. Which thankfully no one seems to have cracked yet. At least not publicly.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    any moose cow word, Jul 22nd, 2014 @ 4:19am

    I don't know about this one. The information that a server can get from a user is rather limited without javascript, and javascript can be blocked. The info they can get otherwise might be enough to ID a specific user at an IP address, behind a NAT, but mobile users will change their IP many times a day.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 4:28am

    Re:

    Also with mobiles the in-ability to install plugins means that just about every single mobile browser is identical to every other one of the same type even if javascript is enabled.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    NoahVail (profile), Jul 22nd, 2014 @ 4:31am

    Re:

    Blocking javascript is hard compared to blocking trackers because so many sites become broken without js.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    ECA (profile), Jul 22nd, 2014 @ 4:37am

    There is so much

    There is so much TRACKING that it takes over 1/2 the net traffic to watch it..
    I have been to sites that had so many Tracking cookies that it took 5 minutes to find my way to the site..

    I love programming, but SOME of the idiots out there use serial programming, Which means you take 1 step at a time..And you cant PASS a step(cookie) to get to a site. Its STUPID..
    I LOVE the Overlay system they found, they use it OVEr video's to FORCE you to watch adverts..

    Iv asked, and been denied, 1 little prog, to put NAMES in the comments of the cookies, of the location I got them..
    SO THAT IF' I find the cookie that crashed a system, I can TRACK it tot he site, and ASK for info, of where it came from...and follow it back..
    What do you think would happen, if you KNEW a certain site had LET a cookie infect your system?
    What do you think would happen to the advertiser?
    HOW about the Cookie maker, that worked for the advertiser?

    Anyone seeing a way to track SPAMMERS here?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 4:51am

    Re: Re:

    Then avoid those sites - simple.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 4:54am

    Considering the data caps some have to deal with, one might think these websites would not use data heavy advertising techniques .... awwww, who am I kidding - they don't give a shit about you, lolololol.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 5:07am

    Re:

    Nice link, thanks,.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 5:07am

    Re: Here is the scary part

    As far as I know the current canvas fingerprinting is very good at uniquely identifying computers. The problem is that the computers fingerprint will change over time too, so you may only identify a computer for maybe a month before it gets tagged as another computer. I would expect it to be difficult to predict the degradation of the computer with enough certainty to connect these fingerprints, which is bad for business.

    The technologies are virtually impossible to guard against. In the end these kinds of tracking is just something we have to accept in the long run.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    That One Guy (profile), Jul 22nd, 2014 @ 5:15am

    Re: Re: Here is the scary part

    The technologies are virtually impossible to guard against.

    That sounds like a challenge to me. Techies, 'hackers', and other people who enjoy fiddling around with code and computers love challenges, the harder the better.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    RoninOne, Jul 22nd, 2014 @ 5:31am

    Ghostery

    To all the commenters talking about Ghostery or donttrackme, those DO NOT block canvas fingerprinting, they block cookies. AddThis also uses cookies, which those extensions do block, but currently there is nothing that blocks canvas fingerprinting by default. Also to add to the article, they are only about 90% accurate since computers settings change often depending on the user.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 5:33am

    Re: Re: Re: Here is the scary part

    One interesting thing to do would be run a script that continuously changes characteristics used in defining the "fingerprint".

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 5:35am

    Re: Ghostery

    Does this fingerprint approach rely upon javascript?

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 5:36am

    Re: Not too hard to block - yet

    That's exactly right.

    After years of enduring pop-ups, pup-unders, in-your-face flash banners and a myriad of other forms of intrusive advertising that got in the way of what I originally went to a website for, I eventually turned to pop-up and ad-blockers and I haven't looked back. Between those tools and Ghostery, I infrequently see advertising unless I've white-listed a site a like well enough where they don't engage in that type of advertising crap.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 5:50am

    Re:

    I use NoScript...would it work the same concept ? Because I can't use RequestPolicy, using NS and it at the same time + disconnect + ghostery + autodestructing cookies is one hell of a headache.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Rich Kulawiec, Jul 22nd, 2014 @ 6:01am

    Where are you, Firefox?

    Has anyone else noticed that Firefox's development has regressed to endless self-indulgent tinkering with the UI (which was just fine 16 revisions ago) instead of integrating the VERY necessary defenses provided by add-ons into the core browser? By now, Firefox should long since have folded in AdBlock Plus, NoScript, Ghostery, Beef Taco, HTTPS Everywhere, Calomel SSL Validation, and others. (Not necessarily all in their entirety or current form: but the majority of the functionality should be there.)

    It's absolutely ridiculous that in 2014 the Firefox web browser ships in an undefended state. But I suppose it's easy to move buttons around and continuously dumb down the interface than it is to actually do the hard work of defending users.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:11am

    disconnect.me

    I'm not sure if disconnect.me protects against this.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:11am

    Re: Re:

    It's not so hard to learn NoScript and what to allow for 99% of sites to work, yes even thedailyshow.com, usually allowing, the namesake js, the comedynetwork js and the CDN js and you got it.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Doug (profile), Jul 22nd, 2014 @ 6:14am

    Re: Not too hard to block - yet

    Privacy Badger also blocks this.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:19am

    Re: Where are you, Firefox?

    Taking out the status bar was fucking dumb, so many good addons go there and only there, thankfully I found status4ever or something like that. it was the only way to access my rutorrent icon.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:21am

    Re: Re: Where are you, Firefox?

    also elite proxy switcher, need it in case I rebooted and didn't create my ssh tunnel to my server yet as one of many examples.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Doug (profile), Jul 22nd, 2014 @ 6:22am

    Re: Re: Not too hard to block - yet

    Thanks to @RoninOne for pointing out that tools that block tracking cookies won't work for canvas fingerprinting. I just checked on Privacy Badger, since I recommended it, and it appears that it will work, but I'm just going off what is in their FAQ:

    "If as you browse the web, the same source seems to be tracking your browser across different websites, then Privacy Badger springs into action, telling your browser not to load any more content from that source. And when your browser stops loading content from a source, that source can no longer track you. Voila!"

    Seems like that would work. However, there is a loophole that may or may not be open:

    "In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies."

    FYI.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:25am

    Re: There is so much

    "some of the idiots out there use serial programming, which means you take 1 step at a time... and you can't pass a step (cookie) to get to a site. It's stupid.."
    You do realize that is often on purpose. The website doesn't want you to be able to view their site unless you accept their cookies.

    "I've asked, and been denied"
    I like your proactive attitude about fighting tracking cookies, but what do you mean you "asked, and have been denied"? Denied by whom?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Michael, Jul 22nd, 2014 @ 6:30am

    Re: Re: Ghostery

    Canvass fingerprinting uses the HTML5 canvass element. If your browser displays HTML5, it is going to work regardless of the extensions and blockers you have installed (that's the point).

    Right now, there is a bunch of attention - particularly since AddThis had it turned on for some popular porn sites. It seems likely to me that some of the ad-blockers and tracker companies are actively working on stripping out the canvass tags from the html so this will not function.

    You could also use an older browser (IE 8 or earlier, I believe) that does not support HTML5 until someone comes up with a reliable way to block this.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Nicholas Weaver (profile), Jul 22nd, 2014 @ 6:30am

    Re: Ghostery

    Ghostery does block stuff like this, because it blocks the widget from loading at all.

    Of course, the problem is that ends up being potentially disruptive, as now the AddThis widget doesn't display at all.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:30am

    Re: Re: Re: Re: Here is the scary part

    I've always wanted to find the time to make a plugin that swaps tracking cookies with other people rather than just blanking them.

    Similar thing to switch your system around so it looks like someone else could make this kind of tracking very confusing for the tracker.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    velox (profile), Jul 22nd, 2014 @ 6:34am

    Re: Where are you, Firefox?

    Mozilla is dependent on the Google money that supports them.

    Some things in Firefox that would be safer for the user are off or unconfigured by default. For example Do Not Track is not active by default.
    I suspect (of course I have no proof) it's because Google prefers it that way.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:42am

    WHEN?!

    Can I have a browser that will RANDOMLY spew proper looking but actual shit to people asking for my info?

    Work the logistic out... I bet the first browser to produce this would get near instant majority market share.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:44am

    Re: Re: Where are you, Firefox?

    google is a business... treat it just like that no matter what they say and you will never be caught off guard.

    A business is only there to make money... once the money making stops... guess what? No more business!

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    BSD32x (profile), Jul 22nd, 2014 @ 6:44am

    Re: Re:

    Ghostery is proprietary software, though. It is owned by a marketing company, Evidon, and there have been well supported accusations that it in fact is used to help advertisers discover how users are blocking ads - http://lifehacker.com/ad-blocking-extension-ghostery-actually-sells-data-to-a-514417864 http://www.businessinsider.com/evidon-sells-ghostery-data-to-advertisers-2013-6 I would personally recommend Disconnect, which another commenter mentioned, instead, it's an open source alternative to Ghostery - https://disconnect.me/disconnect

    I would also recommend CookieKeeper over Self Destructing Cookies, as it's been deprecated. https://addons.mozilla.org/en-US/firefox/addon/cookiekeeper/

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    John85851 (profile), Jul 22nd, 2014 @ 6:44am

    Re: Re:

    And that's exactly what's wrong with "Web 2.0" websites: if you block javascript because you don't want any nasties, then the site may not work, but if you enable javascript to get the site to work, then you're enabling all the trackers and other code.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 6:58am

    Firefox extensions (with links!)

    I see some folks speculating about various Firefox extensions that may or may not be helpful. For the benefit of readers who are unfamiliar with those extensions:

    NoScript causes the browser not to run Javascript on a page until you allow it. You grant permission on a per-serving-domain basis. Using NoScript will break poorly written Web 2.0 sites until you whitelist them. Whitelisting may take several tries as you run down which domains are responsible for the scripts that the page requires for proper functionality. However, since NoScript denies first and permits only on command, it is very effective at killing unwanted scripts.

    RequestPolicy causes the browser not to load resources from domains other than the current one, until you permit it. You can grant permissions on a per-source domain, per-destination domain, or per-both basis. Per-destination lets you say that all embeds of YouTube are allowed, regardless of where you find them. Per-source lets you say that Techdirt can always embed a resource, no matter where that resource is hosted. Per-both lets you write rules such as "Techdirt may embed YouTube, but nothing else can embed it under this rule." (You might have other rules that whitelist YouTube for use on other sites. Once a match permits the embed, then it is allowed even if other permissions fail to match.) As with NoScript, a blank install of RequestPolicy will make some sites look odd or function poorly until you whitelist the domains that serve their supporting resources. In some cases, you may need to whitelist a site once in RequestPolicy to allow its JavaScript to be loaded, then whitelist that same site in NoScript to allow the JavaScript to be run once it has loaded. Although inconvenient, this can be useful, since NoScript only grants permission based on the serving domain, but RequestPolicy can also look at the domain that requested the script. Thus, you could whitelist Google's copy of jQuery in NoScript, but use RequestPolicy to allow it to load only on selected sites.

    AdBlock Plus blocks user-specified resources. By default, it has no blocks, but you can subscribe to community-maintained lists. AdBlock plus could block the AddThis tracker, but would require that you (or someone who maintains a list you use) block the domain(s) that serve the tracker. By contrast, both NoScript and RequestPolicy block everything you have not permitted.

    Ghostery

    Privacy Badger

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    BSD32x (profile), Jul 22nd, 2014 @ 7:03am

    Re: Firefox extensions (with links!)

    I agree with all of those EXCEPT for Ghostery, given the tone of this article and discussion, I don't understand why it's being advocated. It is specifically used by a marketing company to generate revenue by selling data to advertisers, and is allegedly used to help advertisers create more technology that is difficult to block.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    BSD32x (profile), Jul 22nd, 2014 @ 7:07am

    Re: disconnect.me

    It does, and it is open source unlike Ghostery. They wrote a blog post last night about this very issue, actually. https://blog.disconnect.me/disconnect-blocks-new-tracking-device-that-makes-your-computer-draw-a-uni que-image

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 7:25am

    Re: Re: Firefox extensions (with links!)

    Sorry, I do not use Ghostery and did not see the negative remarks about it until after I posted. I provided a link to it for completeness, but if those allegations are accurate, it should be avoided. If I could retract my prior link to it, I would.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    HIDE UNDER THE BED, Jul 22nd, 2014 @ 7:27am

    Canvas Fingerprinting

    Ever since the U.S. & Israeli govts rolled out Stuxnet on the Iranians to screw up their centerfuges (& their nuke program), both countries (U.S. & Israel) spy agencies worked on a worse spying tool "Flame". When they were exposed by Kaspersky, they tried said they were 'only' infecting suspected terrorists in the middle east and no one need worry about it! One of the key features of Flame, was that it could make screen shots of any infected computer and it could record every keystroke.
    This 'Canvas Fingerprinting' sounds like it originated at the N.S.A.
    The Nazis at NSA never sleep. Hail to the United Secret Police State of America! Secret police with secret laws and secret punishments.
    When Obama said (after Snowden's revelations -June 7, 2013): “You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience,”...“We’re going to have to make some choices as a society.”
    What he means is: We get 100 percent "security" and zero privacy. That is the choice he and George W. Bush have chosen for the rest of us.

     

    reply to this | link to this | view in thread ]

  42.  
    icon
    BSD32x (profile), Jul 22nd, 2014 @ 7:31am

    Re: Re: Re: Firefox extensions (with links!)

    It's fine, no offense meant on my part. I just want to make sure that information is out there, especially since several commenters before you recommenhded it.

    Ghostery has been getting mentioned on a lot of other news sites I frequent since this story broke, as well. It would not surprise me if they astroturf comments pages to promote it when there are stories like this, since it's in their financial interest to do so. Let me be clear and say that there is no evidence of that, to the best of my knowledge, that's just speculation on my part.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    art guerrilla (profile), Jul 22nd, 2014 @ 7:40am

    Re: Re: Re: Re: Here is the scary part

    yes, plug in a peripheral that you never use, but does it change the 'fingerprint' ? presumably so...
    so you plug in an old flashdrive, and/or whatever, then unplug it the next time, etc...

    what next ? we have 'burner' phones, are we going to 'burner' pc's now ? ? ?

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 7:44am

    Here's a good one!

    Q: What do porn websites and the President of the United States of America's website have in common?

    A: Sleazy user tracking.


    Q: What's the difference between porn websites and the President of the United States of America's website?

    A: You don't have to wait more than a year for a response from a porn website.

     

    reply to this | link to this | view in thread ]

  45.  
    icon
    art guerrilla (profile), Jul 22nd, 2014 @ 7:44am

    Re: Re: Not too hard to block - yet

    yep, as much as there are some sites (like techdirt) where i would *like* to support them by allowing ads (I NEVER LOOK AT); i am INFINITELY more interested in stopping as much crap from being forced on me as possible...

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Hi, Jul 22nd, 2014 @ 7:45am

    Re: canvas

    I'd think that older generations of browsers, pre-HTML5 without Canvas support, would resist that tracking, but then there's the problem that they'd be subject to some drive-by vulnerabilities that have since been patched.

    Maybe an update to the current browsers can include a setting to disable the Canvas resource. That would certainly break many HTML5 effects, but is less limiting than blocking Javascript if you don't want to be tracked.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 8:02am

    Re: Re: Re: Ghostery

    It would seem the AddThis fingerprint would actually have to be relayed at some point. Hosts file?

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 8:28am

    Re: Where are you, Firefox?

    I was a loyal user, but Mozilla kept disappointing over and over again... Ad-laden start page; Australis; upcoming support for DRM. Enough is enough -- I ditched it in favour of Palemoon (which I tend to like more than Iceweasel, OS difference notwithstanding).

    I think it's a bit too much to hope that Mozilla will incorporate features found in addons such NoScript (beyond simple js blocking) or HTTPS Everywhere when they're trying half-heartedly to comply with Hollywood pressure and possibly full-heartedly to make a Mozilla Chrome.

     

    reply to this | link to this | view in thread ]

  49.  
    icon
    BSD32x (profile), Jul 22nd, 2014 @ 8:40am

    Re: Re: Where are you, Firefox?

    You raise some good points, although I'm not wild about Palemoon's licensing: http://www.palemoon.org/redist.shtml I think the opportunity is ripe for someone to launch a Kickstarter for a new browser, one that is committed to FOSS principles and under a BSD-style license or the GPL. WebKit has been a good alternative, but the QtWebKit engine and its predecessor KHTML are all but dead. With browsers like Qupzilla and Opera now being built on Google's Chromium/QtWebEngine framework, the only truly open browser still in development is NetSurf, which just isn't able to meet the needs of most users right now. Who knows, maybe some enterprising young programmers will seize on the opportunity.

     

    reply to this | link to this | view in thread ]

  50.  
    identicon
    Jason, Jul 22nd, 2014 @ 8:44am

    Re: Re: Where are you, Firefox?

    I had the very same experience. I switched to Palemoon this spring after another Firefox change and I haven't looked back. A few minutes of configuration and it was like being back in the happy place you thought was long gone.

    I can't get Adobe's PDF plugin to work, which is kind of a nuisance, but Palemoon is the browser I've been searching for ever since Firefox 14.

     

    reply to this | link to this | view in thread ]

  51.  
    icon
    John Fenderson (profile), Jul 22nd, 2014 @ 9:07am

    Re:

    I believe that NoScript can accomplish what you want here, but it would be easier and more targeted to just disable accesses to the AddThis servers using your hosts file.

     

    reply to this | link to this | view in thread ]

  52.  
    icon
    John Fenderson (profile), Jul 22nd, 2014 @ 9:10am

    Re: Re: Re: Not too hard to block - yet

    Yes, this. I block all ads as much and as hard as I can regardless of what site is using them. Ad networks are not trustworthy, and will track you through any and all means they can.

    For more enlightened sites (such as Techdirt) that provide a way to support them by just giving them money, I do that instead. It's why I'm an "insider" here -- I block all the ads, but am willing to pay for the content.

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 9:12am

    Re: Re:

    It does, in fact that is what I do when I use the Konqueror web browser. There are also userscripts for the Greasemonkey add on that can accomplish this. For the average non-technical user, I still think Disconnect is probably the better choice. I still use it with Firefox/Ice Weasel due to all of its other benefits and built in/updated tracker lists.

     

    reply to this | link to this | view in thread ]

  54.  
    icon
    John Fenderson (profile), Jul 22nd, 2014 @ 9:13am

    Re: Re:

    It's not as hard as all that, really. I use NoScript and disable Javascript through it. Since I can enable specific bits of Javascript on a page on-demand and as needed, this blocking has never prevented me from using a website.

     

    reply to this | link to this | view in thread ]

  55.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 9:19am

    Re: Re: Re:

    Sure, but NoScript is not available for all browsers. If you're going to use a more obscure browser, it's still necessary to edit your hosts file, unfortunately. Greasemonkey is available for WebKit browsers, though, so you'd have to really go out of your way with something like KHTML or NetSurf to absolutely need to do this.

     

    reply to this | link to this | view in thread ]

  56.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 9:46am

    Re: Re: Here is the scary part

    The technologies are virtually impossible to guard against.
    Add the following to your hosts file:

    127.0.0.1 p.addthis.com
    127.0.0.1 s3.addthis.com
    127.0.0.1 s7.addthis.com
    127.0.0.1 s9.addthis.com
    127.0.0.1 su.addthis.com
    127.0.0.1 www.addthis.com

    Presto, you can't connect to them, they can't track you.
    Any other virtually impossible problems you need solved?

     

    reply to this | link to this | view in thread ]

  57.  
    icon
    John Fenderson (profile), Jul 22nd, 2014 @ 9:55am

    Re: Re: Re: Re:

    True, which is why I prefer to block access to known bad sites using the hosts file instead. You can even find preconfigured hosts files that block an extensive number of these sites, so all you have to do is pretty much just copy the file to the right location.

    The other advantage to the hosts file is with your mobile devices: if you're running a rooted Android, you can block all these accesses from it in exactly the same way.

     

    reply to this | link to this | view in thread ]

  58.  
    icon
    Ninja (profile), Jul 22nd, 2014 @ 10:37am

    Re: Re: Re: Here is the scary part

    That considering they don't add more. Still, ABP should block loading of anything from these, no?

     

    reply to this | link to this | view in thread ]

  59.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 12:37pm

    Re: Re: Re: Re: Here is the scary part

    The root of all the evilz is Microshits refusal to allow for wildcard usage in the hosts file.

    For example: 127.0.0.1 *.addthis.com

     

    reply to this | link to this | view in thread ]

  60.  
    identicon
    Rekrul, Jul 22nd, 2014 @ 1:02pm

    Re: Re: Re: Re: Re: Here is the scary part

    Do other operating systems allow wildcards in the hosts file?

     

    reply to this | link to this | view in thread ]

  61.  
    icon
    John Fenderson (profile), Jul 22nd, 2014 @ 1:53pm

    Re: Re: Re: Re: Re: Re: Here is the scary part

    Yes

     

    reply to this | link to this | view in thread ]

  62.  
    icon
    nasch (profile), Jul 22nd, 2014 @ 2:15pm

    Re: Re: Re: Re: Here is the scary part

    Still, ABP should block loading of anything from these, no?

    Is this technique javascript based? If so of course NoScript would take care of it as well.

     

    reply to this | link to this | view in thread ]

  63.  
    icon
    nasch (profile), Jul 22nd, 2014 @ 2:20pm

    Re: Re: Ghostery

    Of course, the problem is that ends up being potentially disruptive, as now the AddThis widget doesn't display at all.

    So, double bonus.

     

    reply to this | link to this | view in thread ]

  64.  
    identicon
    Eli the Bearded, Jul 22nd, 2014 @ 3:55pm

    Try it yourself

    The site http://www.browserleaks.com/ has a demo of the canvas fingerprinting method. I emailed the Panopticlick suggestion address about a month ago asking them to update the site with tests like the canvas one from browserleaks.

     

    reply to this | link to this | view in thread ]

  65.  
    identicon
    Anonymous Coward, Jul 22nd, 2014 @ 8:05pm

    I'm a little late to the party but I've been using Disconnect , BetterPrivacy (for flash cookie deletion) , noscript, and xforwardforheader (careful it may break a site or 3 )+ useragent switcher (stick with something in the gecko family if using fx).

     

    reply to this | link to this | view in thread ]

  66.  
    icon
    ECA (profile), Jul 22nd, 2014 @ 10:11pm

    Re: Re: There is so much

    Sent a request for an addon from mozilla to add comments to cookies, listing the location is came from

     

    reply to this | link to this | view in thread ]

  67.  
    identicon
    dvjhs, Jul 23rd, 2014 @ 1:57am

    Re: Ghostery

    TOR Browser blocks

     

    reply to this | link to this | view in thread ]

  68.  
    identicon
    Anonymous Coward, Jul 23rd, 2014 @ 2:55am

    Re: Re: Re: Where are you, Firefox?

    Sure, but that doesn't make Mozilla better equipped. Chrome has taken a lot of the pressure off of Google in the negotiations. Now Google have a pretty strong say in how Firefox works if Mozilla want economic support from that direction.

    That connection would stop if Google became the target of boycuts, which would be uncomfortable for Mozilla to put it lightly...

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.