Linked by Thom Holwerda on Thu 4th Jul 2013 12:33 UTC, submitted by twitterfire
In the News "Internet users worried about their personal information being intercepted by U.S. intelligence agencies should stop using websites that send data to the United States, Germany's top security official said Wednesday." Cute, but pointless. France does it too, as does the UK. Documents from the Dutch intelligence agencies indicate that they, too, are involved in mass surveillance, the extent of which will supposedly be investigated by parliament.
Thread beginning with comment 566227
To read all comments associated with this story, please click here.
Good luck with that....
by BushLin on Thu 4th Jul 2013 12:55 UTC
BushLin
Member since:
2011-01-26

Quite a few sites now use ajax.googleapis.com for hosting standard .js files.
That means ever visitor to such a site hands Google a referrer of the page they're on, their IP address and browser fingerprint.
Doesn't matter that it's a site in german, mainly hosted on servers in the EU... Google can still track you if they've gone this route.

Reply Score: 8

RE: Good luck with that....
by SeeM on Thu 4th Jul 2013 18:14 in reply to "Good luck with that...."
SeeM Member since:
2011-09-10

Quite a few sites now use ajax.googleapis.com for hosting standard .js files.
That means ever visitor to such a site hands Google a referrer of the page they're on, their IP address and browser fingerprint.


See also -> Google Fonts.

Reply Parent Score: 4

RE: Good luck with that....
by galvanash on Fri 5th Jul 2013 03:59 in reply to "Good luck with that...."
galvanash Member since:
2006-01-25

That means ever visitor to such a site hands Google a referrer of the page they're on, their IP address and browser fingerprint.


Why on earth is this modded up?

Your right to privacy ends at the point where you stop protecting it. If your house is made of glass don't complain about the neighbors snooping on your activities... If you don't want someone to overhear a conversation go somewhere they can't hear it. If you want to go somewhere, and you don't want anyone to know about it, you try to hide your identity...

This is all common sense stuff that no one questions.

On the internet, your ip address is public knowledge, and on the web your browser sends referrer headers and identifies itself - all for sound technical reasons. If you don't like that figure out how to protect your communications - there are ways to do it, many of them trivial... But it is a public communications medium. Its like complaining that someone is listening in on your conversations using a CB radio - if you don't want 3rd parties to hear what you are saying you don't understand what CB is...

Can we all please stop bitching about a 20 year old status quo? Google is not the NSA collecting phone metadata, the difference is everyone knows about it and has all along.

Its the internet! Unless you know your communication channel is encrypted, and you know the encryption is effective, and you know the identity of the party on the other side of the connection, and you trust them completely with handling your data and communications, you may as well be broadcasting what your doing over a loud speaker.

This obsession with privacy is getting down right silly. Yes, you have a right to privacy - but only if you make some effort to protect it. Use Tor, use an anonymizing VPN, whatever - if it concerns you do something about it. But can we please stop blaming companies for mining the information we casually give to them everyday? If you don't trust Google don't use the internet to communicate with them, and don't use the internet to communicate with anyone who does trust them.

Yes, that severely limits your ability to protect your privacy. So does going outside...

Reply Parent Score: 3

RE[2]: Good luck with that....
by Alfman on Fri 5th Jul 2013 04:30 in reply to "RE: Good luck with that...."
Alfman Member since:
2011-01-28

galvanash,

"But it is a public communications medium. Its like complaining that someone is listening in on your conversations using a CB radio - if you don't want 3rd parties to hear what you are saying you don't understand what CB is... "

Strongly disagree with you here. CB radio was designed to be a public medium. Part of the fun in using it is that you don't know who's going to respond on the other end. Unicast network traffic between internet hosts/peers is not intended to be public any more than a 2 party telephone call is. In both cases the service providers are entrusted with our privacy. Keep in mind ISPs who systematically violated our privacy (aka phorm) were sued because *they* weren't allowed to spy on customer traffic.

You suggest we should be using cryptography to secure private communications instead of trusting our service providers, and I would agree that's wise to the extent possible.

It seems that you don't care about your own privacy, but it doesn't mean you shouldn't respect other's IMHO.

Edited 2013-07-05 04:37 UTC

Reply Parent Score: 3

RE[2]: Good luck with that....
by BushLin on Fri 5th Jul 2013 08:55 in reply to "RE: Good luck with that...."
BushLin Member since:
2011-01-26

First of all, I made a comment about the general public looking to avoid being tracked by US companies who sell personal information or hand it over to the NSA, under circumstances which we could do with further detail on.

I am well aware of the technical methods one might use to circumvent being tracked but this isn't about you or me.
This is about the masses who won't understand such methods or even know how much is being recorded about them.
They're being told by a government minister that to avoid being tracked they should avoid US websites except many of the alternatives will still have ties to US companies and that is what I highlighted.

FTR, I don't have a problem with security services targeting specific individuals based on evidence and snooping on their traffic. Hell, if they suspect me then I don't have a problem with them looking at my traffic but this isn't the problem.

People with technical knowledge can avoid being tracked, presumably terrorists apply similar methods to avoid detection but the people who've done nothing wrong are having the details of their lives recorded and the captured information is available to individuals who don't have to justify their access or sold to marketers. That's the problem.

Reply Parent Score: 3

RE: Good luck with that....
by Alfman on Fri 5th Jul 2013 04:02 in reply to "Good luck with that...."
Alfman Member since:
2011-01-28

BushLin,

Most people don't seem to realize that. Everyone needs to be informed that google does have JS monitoring code on millions of 3rd party web pages where it's not otherwise obvious that google's tracking them. Plugins like ghostery help detect many trackers including google's.

For example according to ghostery osnews uses these 3rd party trackers:

Cross Pixel (Manhattan, NY, USA)
Google Adsense
Google Analytics
Mint (claims to be "self-hosted" so it doesn't share info).

Osnews itself is hosted in dallas texas. I'm curious as to why a european provider wasn't chosen?

Reply Parent Score: 4

RE[2]: Good luck with that....
by BushLin on Fri 5th Jul 2013 08:36 in reply to "RE: Good luck with that...."
BushLin Member since:
2011-01-26

FYI Ghotery does nothing to stop Google getting referrers though ajax.googleapis.com and in fact their support staff are either rude or brush off this as a threat (it has been brought up many times on their forums).
e.g.
https://getsatisfaction.com/ghostery/topics/sites_using_js_files_hos...
https://getsatisfaction.com/ghostery/topics/http_ajax_googleapis_com...

If you do care about this then use something like RefControl for Firefox and tell it to block 3rd party referrers by default.

Reply Parent Score: 3

RE[2]: Good luck with that....
by shotsman on Fri 5th Jul 2013 09:08 in reply to "RE: Good luck with that...."
shotsman Member since:
2005-07-22

Google-Ad Services and Google-Analytics have been on my browser untrusted list for a very long time now.

How long will it be before Google stop using domain names and hard code the IP address in order to get around that little blocker?

IMHO, Everyone should do what they can to reduce the amount of data being collected about them on a daily basis.

Reply Parent Score: 2