Panopticlick updated

Originally published at: https://boingboing.net/2019/10/28/panopticlick-updated.html

2 Likes

Nice engineering, but why do they think that “Do Not Track” should be used to bypass 3rd party blocking? Do Not Track has been an utter failure, and it seems absolutely delusional to think that if a 3rd party site SAYS it respects do not track that your browser should believe it and allow it to track you…

5 Likes

Amusingly I had to disable parts of my adblocker to get the test to run.

5 Likes

Oh, I found out… EFF says “put this long boilerplate in a particular location and pinky-swear to respect DNT and our tracking blocker won’t block you”.

So apparently their attitude is:
“Acceptable adds” are bad because it involves monetary payment to an enforcement company
“Respecting DNT” is fine because it involves bowing down to the EFF.

So payment in money is bad, but in “respect” is ok. :man_shrugging:

1 Like

Well - if the difference in how we treat folks who do or do not respect DNT is zero then there is no incentive for anyone to respect it in the first place. So - it makes a fair amount of sense to differentiate based upon a commitment to DNT.

And it’s also reasonable to say that the above is only true for those folks who actually respect DNT rather than those that just claim to. Sorting the one from the other is greater than trivial.

1 Like

It crashed my browser after running the test.

Ran it on Pale Moon, Firefox, Chrome and Brave. Worked fine on all. It didn’t have a problem with uBlock Origin on the first three and Brave has blocking baked in. Brave is quite useful for bypassing certain things also. I never use IE or Edge, so screw them. I really can’t sing the praises for uBlock Origin enough. I’m utterly appalled at what the net looks like without it. It is unusable. Sort of what Tokyo looks like without any of the fun. If you are using Pale Moon, you are going to have to find an earlier version of uBlock to work on it.

2 Likes

On Firefox Fennec, it had a big long think before stating

+“Firefox can’t establish a connection to the server at trackersimulator.org

Did I pass?

1 Like

I tried it on my browser configuration, and passed the three tests.

Then, it couldn’t even load the fingerprint analysis, which I’m counting as a win.

I get inconsistent results on Chrome. First run said I was well protected. Second run a few seconds later said I basically wasn’t protected at all. Third run, somewhere between the two.

That “pinky swear”, when made by a corporation, could constitute a deceptive trade practice if broken, allowing the Federal Trade Commission to act under their Section 5 authority. And Do Not Track is an “utter failure” because it was constantly undermimed by an army of paid staffers sent into the the W3C to concern troll and spew neoliberal tripe about “notice and consent” to a mostly volunteer / low resourced coalition of standards makers and civil society.

More recent literature has shown most folks don’t understand tracking, and when made aware of it feel uncomfortable.

I think it’s valid for EFF to say everyone put that promise in the same place so our parser can check for it.

Finally if you think you know a way to algorithmically detect tracking and sound an alert, I encourage you to head down to Sand Hill Road - you have a gem of an algorithm that will certainly find funding - I’ve seen other stuff in the same ballpark get it.

PS: I noticed you haven’t visited us in about a year - I hope you haven’t been using multiple accounts in violation of our community’s rules because some of your phrasing feels oddly familiar. If I’m mistaken, I hope you’ll stick around rather than shoot and run. Have a lovely day!

That “pinky swear”, when made by a corporation, could constitute a deceptive trade practice if broken, allowing the Federal Trade Commission to act under their Section 5 authority. And Do Not Track is an “utter failure” because it was constantly undermimed by an army of paid staffers sent into the the W3C to concern troll and spew neoliberal tripe about “notice and consent” to a mostly volunteer / low resourced coalition of standards makers and civil society.

Do you honestly think a regulatory captured FTC, or the fact of massive internationalization, would be effective? And DNT was a failure because it is enforced by the server which can ignore it, and that W3C largely runs on consensus and, lets face it, advertisers are a major stakeholder in consensus.

At least with “acceptable ads”, the pinky swear is to a direct corporate entity who has standing to sue directly. It is quite hypocritical for the EFF to complain about acceptable ads and, in the next breath, go “do our version which lacks the direct contractual enforcement to salvage a total failure of an idea”

Finally if you think you know a way to algorithmically detect tracking and sound an alert, I encourage you to head down to Sand Hill Road - you have a gem of an algorithm that will certainly find funding - I’ve seen other stuff in the same ballpark get it.

You do the opposite, you see user interaction with the third party element and implicitly whitelist it. This is basically what Firefox & Safari are doing now with 3rd party cookies, and we prototyped it back in 2012. Our position paper from the 2012 “Do Not Track” workshop, in fact: https://www.w3.org/2012/dnt-ws/position-papers/22.pdf

PS: I noticed you haven’t visited us in about a year - I hope you haven’t been using multiple accounts in violation of our community’s rules because some of your phrasing feels oddly familiar. If I’m mistaken, I hope you’ll stick around rather than shoot and run. Have a lovely day!

PS: I notice you are falsely accusing me of running sock-puppet accounts.

30 seconds with The Google ( https://lmgtfy.com/?q=Nick+Weaver&s=g ) would show you who I am and that my opinions are my own, and 30 more seconds with the IP logs on the BBS will show you where I post from and that there aren’t other accounts posting from there.

Corporations, even if people, are vastly outweighed by citizens (users). I don’t think “consensus” means “we have more money so our opinions matter more”. That’s the opposite of consensus.

It’s a great paper, I’ve read it, and I worry that an arms race won’t lead to good outcomes (see: it’s near impossible to stop tracking via browser fingerprinting even if cookies and ads are blocked), so forcing companies to make explicit promises is still useful. There doesn’t need to be one solution to rule them all - a mixture of technical and regulatory controls can work. I also think the FTC is poorly resourced and an administration that focuses on enforcing our tax code more vigorously to get money for FTC, SEC, and other regulatory agencies can accomplish as much if not more than technical measures.

I know who you are. And I purposefully phrased it in an extremely friendly way. I find it odd that a computer scientist would say “no other accounts on this ip” , in a world of Tor and cheap VPNs, is evidence of anything, but I’ll take your word.

I fully admit I could have struck the last paragraph and just encouraged you to be part of the community on an ongoing basis, but showing up once a year to tell people “let me google that for you” if they don’t defer to your opinions in some kind of weird appeal to authority is not endearing.

This is not an academic space, so demanding folks “know who I am” when you are not an ongoing community member can come off as condescending.

Aside from the faux paux wrt to accounts, I think I made valid points. I hope you’ll choose to stay and expand your debates beyond your usual social circle. There are a wide variety of people here, most of whom choose to use nyms rather than insist folks look through their CV to decide how to reply to them.

There’s similar resources that show other information that can be used for fingerprinting and privacy testing:
https://www.deviceinfo.me
https://amiunique.org

This topic was automatically closed after 5 days. New replies are no longer allowed.