Linked by Thom Holwerda on Thu 4th Jul 2013 12:33 UTC, submitted by twitterfire
In the News "Internet users worried about their personal information being intercepted by U.S. intelligence agencies should stop using websites that send data to the United States, Germany's top security official said Wednesday." Cute, but pointless. France does it too, as does the UK. Documents from the Dutch intelligence agencies indicate that they, too, are involved in mass surveillance, the extent of which will supposedly be investigated by parliament.
Thread beginning with comment 566313
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Good luck with that....
by Alfman on Fri 5th Jul 2013 04:02 UTC in reply to "Good luck with that...."
Alfman
Member since:
2011-01-28

BushLin,

Most people don't seem to realize that. Everyone needs to be informed that google does have JS monitoring code on millions of 3rd party web pages where it's not otherwise obvious that google's tracking them. Plugins like ghostery help detect many trackers including google's.

For example according to ghostery osnews uses these 3rd party trackers:

Cross Pixel (Manhattan, NY, USA)
Google Adsense
Google Analytics
Mint (claims to be "self-hosted" so it doesn't share info).

Osnews itself is hosted in dallas texas. I'm curious as to why a european provider wasn't chosen?

Reply Parent Score: 4

RE[2]: Good luck with that....
by BushLin on Fri 5th Jul 2013 08:36 in reply to "RE: Good luck with that...."
BushLin Member since:
2011-01-26

FYI Ghotery does nothing to stop Google getting referrers though ajax.googleapis.com and in fact their support staff are either rude or brush off this as a threat (it has been brought up many times on their forums).
e.g.
https://getsatisfaction.com/ghostery/topics/sites_using_js_files_hos...
https://getsatisfaction.com/ghostery/topics/http_ajax_googleapis_com...

If you do care about this then use something like RefControl for Firefox and tell it to block 3rd party referrers by default.

Reply Parent Score: 3

Alfman Member since:
2011-01-28

BushLin,

That's a good point about the 3rd party referred by HTTP header, I kind of wish it were a standard browser option. But all of the browsers have strong corporate advertising ties, so it's unlikely these things will ever get cleaned up without 3rd party plugins.


I'm rather disappointed with the way the industry has converged around 3rd party javascripts. Here we're talking about privacy, but an even larger concern to me as a web developer is security. Many clients are running 3rd party javascripts in their websites, but unfortunately there's no way to isolate the 3rd party code from the rest of the website. This gives 3rd parties the technical capability to hijack sessions, hook in keyloggers, covertly inject links, etc. It's an all/nothing trust relationship which is very bad for security.

One client hired an SEO company (orange-soda), who had me install their 3rd party script. Low and behold hackers managed to exploit this 3rd party script on our site. We immediately removed their code, but I still consider 3rd party javascript code inherently insecure.

Edited 2013-07-05 16:35 UTC

Reply Parent Score: 3

RE[2]: Good luck with that....
by shotsman on Fri 5th Jul 2013 09:08 in reply to "RE: Good luck with that...."
shotsman Member since:
2005-07-22

Google-Ad Services and Google-Analytics have been on my browser untrusted list for a very long time now.

How long will it be before Google stop using domain names and hard code the IP address in order to get around that little blocker?

IMHO, Everyone should do what they can to reduce the amount of data being collected about them on a daily basis.

Reply Parent Score: 2