I feel like all these articles follow a pattern: they take a common, well known aspect of technology (in this case, analytics trackers), search for any cases where a major tech company is involved, and come up with the most clickbaity headline possible ("Google and Facebook Are Quietly Tracking You on Sex Websites", when it's actually the website owners adding this tracking code in the first place, explicitly for the purpose of understanding user behaviour.) These headlines are then shared and reshared by nontechnical users, prompting outrage when there isn't a good reason for it.
> prompting outrage when there isn't a good reason for it.
Can you expand on why there's 'no good reason for it'?
The equivalent is my peering in your window to see and note down what you rub one out to... every time. And you don't know what I do with that information or where it will leak to.
It is actually not like you peering through his window to see and note down what you rib one out.
It's more like when I have a massive orgy with lots of drugs at my place and I invited a bouncer, who is really good at statistics, to keep track of who is coming in and who are leaving immediately. The bouncer is also keeping track of what each person is doing, and letting me know periodically. And you both are invited for a night of drug fueled insane sex.
From my perspective, I am doing this to make sure everyone is having fun at my party. From the bouncer's perspective, he is there just to collect stats and let me know. He is not there to invade my privacy. I want to do that. I hired the bouncer.
No, the equivalent is you walking into a store to buy DVDs, and the store manager keeping a record of what sells well, and what you show interest in, etc. to drive decisions about what to stock next.
I appreciate trackers are "well-known", but only to a specific class of technical individuals. "Nontechnical users" is basically everyone. They have a right to be outraged, especially when a technology is understood asymmetrically well by the class of individuals who exploit this asymmetry to their advantage.
Both the individuals visiting these sites, and possibly even the people making the decision to implement tracking don't know their browsing data is being used for anything other than analytics by the website provider, (if at all by the user, who likely feels safe behind a private browser).
To be fair, it’s not like Google/Facebook are a neutral party and only collect data to give it to the site owner. They are also complicit because they keep this data for their own purposes.
From the article, I'm a little more worried about Oracle, who refused to comment on the story.
That being said, this isn't really news (to us, at least), but it's good that newspapers keep banging this drum, as I doubt most other people have thought about all the tracking that happens everytime they visit a new site.
Second-author here, I have a few rebuttals to these points.
First, there is also a wider pattern in the US when it comes to privacy/computer legislation. We tend to have sectoral-focused laws which are often a response to media events, real and fictional. For example, Computer Fraud and Abuse Act was a response to the movie War Games. Video Privacy Protection Act was in response to a supreme court nominee's video rental history being leaked to the press. Children's Online Privacy Protection Act was partially spurned by concerted reporting (sometimes sensational) on risks to children online. So the pattern you are seeing is part of a larger system which often does produce real change, it is just a slow process. The press is called the "fourth estate" because they play an important part in the democratic process, which is what you are observing here.
Second, it is the very ubiquity of the systems these companies deploy which makes it possible to choose a given context (health, sex, etc) and find a privacy-violating technology. I'd love it if when I did these scans I turned up nothing, but the same set of bad actors are always to be found. Likewise, the definition of "well-known" on hacker news is far, far, far different from what a normal Internet user has any clue of. We have 20+ years of research showing people fundamentally don't understand this stuff, and just because you don't have a CS degree doesn't mean you don't have privacy rights.
Last, there is very good reason for outrage for many people. There are many places in the world you can be killed for being LGBTQ. Likewise, there are many state intelligence agencies that piggy-back on online tracking (see NSA/Doubleclick cookie), and some governments actively go after LGBTQ people. Even without state intel there is a long history of sexual data being leaked online. People killed themselves as a direct result of the Ashely Madison leak, and if any of these tracking companies porn sites - many of which do not have the security team of a FAANG - get hacked, people who are already marginalized by their societies may be at extreme risk.
It’s actually the website owners and Googbook tracking you. The headline may be incomplete but it’s not inaccurate. And “porn site operators track how you use their sites” is pretty mundane.
Pretty much everyone knows that sites can track your usage. It’s surprising that Googbook is also being given all the data on the porn you watch.
1. Use firefox with multi-account containers, with each domain set to auto-open in a different container (google, gmail, amazon, facebook, youtube, etc.). Make sure you're logged into google only in the gmail container (and not in the google search container), etc.
2. Use uMatrix and uBlock0, and enable limited third-party access using uMatrix dashboard only when a site breaks.
3. Enable DNS over https in firefox
4. Enable privacy.resistFingerprinting in firefox's about:config to thwart fingerprinting
5. Use the tor browser for browsing porn (or any site you really do not want associated with your IP).
To add to this, disabling WebRTC when you're not using it (media.peerconnection.enabled in Firefox) is also a good idea as when it's enabled websites can use it to derive your IP address behind a proxy/NAT such as a VPN or a home router to better identify which machine you are. I also turn off WebGL (webgl.disabled in Firefox) because it seems to expose a large attack surface for fingerprinting* but I'm not too well versed on the exact risks of it.
I'm pro privacy and don't want to say "nothing to hide", but who cares if you browse porn?
As long as it's legal (so barring being in a regressive country where eg. gay porn is illegal), why would you go out of your way to use a VPN for it?
For sure, use DOH and HTTPS sites only, and I can understand if you're a public figure and don't want to accidentally like incest porn on your official Twitter account but beyond that, really who cares. A large majority of people watch and browse for porn, myself and most people in this thread included. Maybe time to dispense with the shame.
Not all porn is equally legal (sodomy, for example). And our society (at least in the US) likes to pretend that it doesn't exist, which means that it's viable ammunition to attack a person's character with, publicly or privately.
So, in practice, this means that these big companies have ammunition which could be used to destroy careers and relationships. Whether used directly or incidentally via a data leak (it's not like those ever happen /s).
For 1, I use Temporary Containers[0] and have it set to auto-start and delete the containers as soon as the last related window closes.
It's a PIA for logging into things (e.g.: companies who use three different redirects to three different sub-domains) but that complaint is my fault, based on how I've configured it.
That plus deleting history on close of Firefox isn't enough to thwart the most egregious adversary (e.g.: those with three-lettered names) but should be enough for privacy concerns.
For 2, I might also recommend Canvas Fingerprint Detector[1]. Instead of not replying (which could be, in and of itself, a fingerprint[2]), it generates a random fingerprint signature in response; though, in principle, this might be a tracking vector, as well.
...which is why it's probably better to use multi-account containers that isolate and store your cookies in that container, for sites such as gmail that you use a lot. It's very simple to set it up to always auto-open in that container, no matter which container you type the address into.
Does the container provide "fake" lowest common denominator environment so that your browser cannot be fingerprinted? Are mouse movements and keyboard typing frequency randomized to avoid matching one's behavior to a subset of all users? If not, you are easy to spot.
One might think that since browsing privately and securely is such a pain point, there would be more than one product (firefox) to solve the issue. Any HN entrepreneur types out there reading these posts?
Entrepreneurs go after money to survive, where is money in selling a private browser? Moreover, using some niche addon is a very nice signal to fingerprint one in the ocean of privacy-unaware users.
Practically speaking, you would have to use Chromium as a base, if you want the product to be successful. And if you do that, Google has a million ways to screw you up. One of the first obstacles you will find will be Widevine. Hardly anyone moves past that point.
Second author here. Many people carry over 'real world' privacy expectations to online interactions, often unwittingly. While this may be technically naive, I don't think it is wrong for people to assume established social norms around sex and privacy, which have existed for millennia, are suddenly null and void b/c they go online. Porn stores in real life often have curtains, dark windows, etc. to protect privacy, and some people likely have that mental model ingrained, even if they do have a suspicion they are being tracked.
I suppose. But I'd think that people would know by now that online tracking is ubiquitous. Arguably there are no "established social norms" online. That's one huge advantage, when it's about accessibility of stuff that's verboten or restricted in your society. Such as, for example, porn.
But it cuts both ways, of course. So established social norms about privacy are also widely ignored. The fundamental business model is based on violating users' privacy. Two of the largest online businesses, Google and Facebook, rely on monetizing the violation of users' privacy.
So yeah, perhaps it's understandable, but it's gobsmacking naive to think that online porn would be an exception.
> What Jack does not know is that incognito mode only ensures his browsing history is not stored on his computer. The sites he visits, aswell as any third-party trackers, may observe and record his online actions
Why is that odd? "Incognito mode" is a feature to hide your browsing history locally. Usually this meant hiding your porn browsing from your parents/roommate/etc. Hiding anything from the server was (unfortunately) never a design goal.
The scope of incognito mode has recently expanded, but browsers still trust servers far too much (e.g. the Referrer header still exists, which is designed to leak private information).
I think it's not that odd. People assume that incognito means, well, "incognito" – like "anonymous browsing". But there are obviously more ways to identify a user besides cookies that are cleared/reset when incognito mode is closed and re-opened.
Edit: To clarify: The easiest would be an IP address check. More sophisticated techniques are browser fingerprinting. And I think there's no reason to assume that Google/Facebook/AdTech companies DON'T use these techniques.
I just checked both Firefox and Chrome. When you open an incognito window both show a text snippet explaining what incognito mode is, and both go out of their way to explain that incognito mode does not make you anonymous to the website operator. It only claims to help against local users looking at your browsing history.
> To clarify: The easiest would be an IP address check. More sophisticated techniques are browser fingerprinting. And I think there's no reason to assume that Google/Facebook/AdTech companies DON'T use these techniques.
Regarding IPs: it would be legally problematic and might be exposed leading to terrible press, large fines and a strong argument for more regulation, so there's a lot of incentive not to use it, and I'm not sure they would even need it given the vast amount of information they have on users.
Regarding fingerprinting: I believe somebody would have noticed. Google and FB are generally scrutinized much more than a random small ad-tech vendor.
Second author here. The paper is written for a social-science audience (I'm the CS person, hence ACM template), so it is written that way to help get non-experts on board. Otherwise, there is ample research people don't understand how private browsing works, and there are plenty of ways to track people during privacy sessions. There are some very creative people working in adtech today and I don't doubt there are numerous methods that are being used to get around every single protection out there.
I'd vastly prefer that creative energy be directed to socially beneficial ends, but I have respect for the technical chops of people in adtech. However, it is fundamentally depressing that so many smart people spend their lives shattering the bounds of decency to get an ad impression for some useless item that will go into a landfill in 18 months. Aside from privacy the biggest tragedy here is the waste of brainpower spent promoting mindless consumerism in a world rapidly moving towards climate catastrophe.
Yeah, a bit misleading, given that incognito mode doesn't share cookies (but does disk cache!) with the main profile. It's correct that they "may observe" as in "the browser still sends requests", but unless they do additional fingerprinting or use other information to correlate (IP), they can't easily connect the two observed users.
It may be useful to tighten up anti-tracking-tech in incognito windows. Currently, since plugins aren't enabled in incognito windows by default, it has the opposite effect: while your cookies are hidden, you're loading each and every tracker when in incognito mode.
Should be easy to avoid with simply using another cookie jar or blocking third-party cookies. It seems the direct connection can only be made when a user is logged into a facebook or google profile. Otherwise the data can not be connected to a personal account without some degree of uncertainty and illegality.
G and F could use other data, like the browser fingerprint, OS information and the IP address to associate the data, which may be illegal, at least in Europe. Thus they probably use some other technique, for example creating pseudonymous shadow profiles and associating them based on similarity. In their front-end the data would just show clusters of profiles, which means they can claim they do not collect personal data, but from a quick glance it would be obvious to see connections between a user and "anonymous" clusters, if the similarity borders on 100%.
Thus a good practice would be to use a different Operating system and browser, together with the usual protective measures.
IP address is a very strong signal and short of Tor you cannot do much about that. I'm hesitant to recommend VPNs just due to the high level of trust you need to have in your provider. It isn't that easy to avoid tracking.
In order to get people to care about their online privacy, use what they're most private about. Last Week Tonight used the same trick on their segment with Snowden.
Second author here, see replies above. TDLR: biggest reason to single out porn is what you view may reveal your sexual orientation, depending on where you live that can get you killed.
How is this ironic? Having a privacy policy is not the same as having an 'impossible-to-read' one. Also, I doubt the journalists at the New York Times are responsible for what the company's tracking policy is. Are they suddenly not allowed to write about privacy issues?
By this standard nobody would be allowed to talk about climate change, seeing as probably nobody has a 0% impact on climate change.
Readit News
Can you expand on why there's 'no good reason for it'?
The equivalent is my peering in your window to see and note down what you rub one out to... every time. And you don't know what I do with that information or where it will leak to.
That sounds perfectly fine to you, does it?
It's more like when I have a massive orgy with lots of drugs at my place and I invited a bouncer, who is really good at statistics, to keep track of who is coming in and who are leaving immediately. The bouncer is also keeping track of what each person is doing, and letting me know periodically. And you both are invited for a night of drug fueled insane sex.
From my perspective, I am doing this to make sure everyone is having fun at my party. From the bouncer's perspective, he is there just to collect stats and let me know. He is not there to invade my privacy. I want to do that. I hired the bouncer.
I think that is more is an accurate description.
Both the individuals visiting these sites, and possibly even the people making the decision to implement tracking don't know their browsing data is being used for anything other than analytics by the website provider, (if at all by the user, who likely feels safe behind a private browser).
That being said, this isn't really news (to us, at least), but it's good that newspapers keep banging this drum, as I doubt most other people have thought about all the tracking that happens everytime they visit a new site.
First, there is also a wider pattern in the US when it comes to privacy/computer legislation. We tend to have sectoral-focused laws which are often a response to media events, real and fictional. For example, Computer Fraud and Abuse Act was a response to the movie War Games. Video Privacy Protection Act was in response to a supreme court nominee's video rental history being leaked to the press. Children's Online Privacy Protection Act was partially spurned by concerted reporting (sometimes sensational) on risks to children online. So the pattern you are seeing is part of a larger system which often does produce real change, it is just a slow process. The press is called the "fourth estate" because they play an important part in the democratic process, which is what you are observing here.
Second, it is the very ubiquity of the systems these companies deploy which makes it possible to choose a given context (health, sex, etc) and find a privacy-violating technology. I'd love it if when I did these scans I turned up nothing, but the same set of bad actors are always to be found. Likewise, the definition of "well-known" on hacker news is far, far, far different from what a normal Internet user has any clue of. We have 20+ years of research showing people fundamentally don't understand this stuff, and just because you don't have a CS degree doesn't mean you don't have privacy rights.
Last, there is very good reason for outrage for many people. There are many places in the world you can be killed for being LGBTQ. Likewise, there are many state intelligence agencies that piggy-back on online tracking (see NSA/Doubleclick cookie), and some governments actively go after LGBTQ people. Even without state intel there is a long history of sexual data being leaked online. People killed themselves as a direct result of the Ashely Madison leak, and if any of these tracking companies porn sites - many of which do not have the security team of a FAANG - get hacked, people who are already marginalized by their societies may be at extreme risk.
Just to be clear, for porn sites that means who likes what sorts of porn.
Pretty much everyone knows that sites can track your usage. It’s surprising that Googbook is also being given all the data on the porn you watch.
I kinda prefer it when they make a lot of noise.
Dead Comment
1. Use firefox with multi-account containers, with each domain set to auto-open in a different container (google, gmail, amazon, facebook, youtube, etc.). Make sure you're logged into google only in the gmail container (and not in the google search container), etc.
2. Use uMatrix and uBlock0, and enable limited third-party access using uMatrix dashboard only when a site breaks.
3. Enable DNS over https in firefox
4. Enable privacy.resistFingerprinting in firefox's about:config to thwart fingerprinting
5. Use the tor browser for browsing porn (or any site you really do not want associated with your IP).
Edit: Added resistFingerprinting to the list.
* = According to PanOptiClick.
As long as it's legal (so barring being in a regressive country where eg. gay porn is illegal), why would you go out of your way to use a VPN for it?
For sure, use DOH and HTTPS sites only, and I can understand if you're a public figure and don't want to accidentally like incest porn on your official Twitter account but beyond that, really who cares. A large majority of people watch and browse for porn, myself and most people in this thread included. Maybe time to dispense with the shame.
So, in practice, this means that these big companies have ammunition which could be used to destroy careers and relationships. Whether used directly or incidentally via a data leak (it's not like those ever happen /s).
It's a PIA for logging into things (e.g.: companies who use three different redirects to three different sub-domains) but that complaint is my fault, based on how I've configured it.
That plus deleting history on close of Firefox isn't enough to thwart the most egregious adversary (e.g.: those with three-lettered names) but should be enough for privacy concerns.
For 2, I might also recommend Canvas Fingerprint Detector[1]. Instead of not replying (which could be, in and of itself, a fingerprint[2]), it generates a random fingerprint signature in response; though, in principle, this might be a tracking vector, as well.
[0] - https://addons.mozilla.org/sv-SE/firefox/addon/temporary-con...
[1] - https://addons.mozilla.org/sv-SE/firefox/addon/canvas-finger...
[2] - https://multilogin.com/how-canvas-fingerprint-blockers-make-...
...which is why it's probably better to use multi-account containers that isolate and store your cookies in that container, for sites such as gmail that you use a lot. It's very simple to set it up to always auto-open in that container, no matter which container you type the address into.
Deleted Comment
And in case the FBI or whatever is running your Tor entry guard, hit it via nested VPN chains.
If those onion sites and users had been hitting Tor through nested VPN chains, probably 90% at least would have been safe.
Tor Project folk like to hate on VPNs, but I'm not aware of any takedowns at that scale which involved VPN compromise.
But it cuts both ways, of course. So established social norms about privacy are also widely ignored. The fundamental business model is based on violating users' privacy. Two of the largest online businesses, Google and Facebook, rely on monetizing the violation of users' privacy.
So yeah, perhaps it's understandable, but it's gobsmacking naive to think that online porn would be an exception.
https://arxiv.org/abs/1907.06520
The "even in incognito mode" part seems odd:
> What Jack does not know is that incognito mode only ensures his browsing history is not stored on his computer. The sites he visits, aswell as any third-party trackers, may observe and record his online actions
The scope of incognito mode has recently expanded, but browsers still trust servers far too much (e.g. the Referrer header still exists, which is designed to leak private information).
> Your activity might still be visible to:
> - Websites you visit
> - Your employer or school
> - Your internet service provider
Edit: To clarify: The easiest would be an IP address check. More sophisticated techniques are browser fingerprinting. And I think there's no reason to assume that Google/Facebook/AdTech companies DON'T use these techniques.
Regarding IPs: it would be legally problematic and might be exposed leading to terrible press, large fines and a strong argument for more regulation, so there's a lot of incentive not to use it, and I'm not sure they would even need it given the vast amount of information they have on users.
Regarding fingerprinting: I believe somebody would have noticed. Google and FB are generally scrutinized much more than a random small ad-tech vendor.
I'd vastly prefer that creative energy be directed to socially beneficial ends, but I have respect for the technical chops of people in adtech. However, it is fundamentally depressing that so many smart people spend their lives shattering the bounds of decency to get an ad impression for some useless item that will go into a landfill in 18 months. Aside from privacy the biggest tragedy here is the waste of brainpower spent promoting mindless consumerism in a world rapidly moving towards climate catastrophe.
It may be useful to tighten up anti-tracking-tech in incognito windows. Currently, since plugins aren't enabled in incognito windows by default, it has the opposite effect: while your cookies are hidden, you're loading each and every tracker when in incognito mode.
G and F could use other data, like the browser fingerprint, OS information and the IP address to associate the data, which may be illegal, at least in Europe. Thus they probably use some other technique, for example creating pseudonymous shadow profiles and associating them based on similarity. In their front-end the data would just show clusters of profiles, which means they can claim they do not collect personal data, but from a quick glance it would be obvious to see connections between a user and "anonymous" clusters, if the similarity borders on 100%.
Thus a good practice would be to use a different Operating system and browser, together with the usual protective measures.
https://www.wired.com/2015/04/john-oliver-edward-snowden-dic...
Ironic.
By this standard nobody would be allowed to talk about climate change, seeing as probably nobody has a 0% impact on climate change.
if their claims are valid or not is absolutely unrelated to the irony of that situation though.
Did anyone imply that if the content is 'ironical' we shouldn't write it or discuss it?