I am worried about being tracked by online gambling sites as I access more than one account from the same device.
Currently I use noscript to only allow necessary scripts run and ublock origin so that in case I allow a tracking script by mistake I would hope that the site this script is run by is on one of the blocked lists they have.
But what is stopping a site from running a tracking script from their own site rather than a third party one?
What happens if a reputable site runs a tracking script?
-
- Posts: 11
- Joined: Thu Apr 28, 2016 4:23 pm
What happens if a reputable site runs a tracking script?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0
Re: What happens if a reputable site runs a tracking script?
Well, uBlock Origin to a certain extent because it's much more than just a domain filter. But beyond that, nothing really.freakedman wrote:But what is stopping a site from running a tracking script from their own site rather than a third party one?
*Always* check the changelogs BEFORE updating that important software!
-
Re: What happens if a reputable site runs a tracking script?
Also, "reputable" site would become, er, much less reputable if it did that
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 11
- Joined: Thu Apr 28, 2016 4:23 pm
Re: What happens if a reputable site runs a tracking script?
Amazing thank you for your response once again!
So a reputable site can allow a third party run a script through their site to track us (such as iesnare) and nobody blinks an eyelid but if they run the script through their own site people decide this is too much? Or is it quite problematic trying to run a tracking scipt from the same site and this is why most sites track us using a third party site?
And that’s good news about uBlock origin, so in summary it reads the scripts that sites try to run on us and if anything is trying to extract information that isn’t standard it will block it?
So a reputable site can allow a third party run a script through their site to track us (such as iesnare) and nobody blinks an eyelid but if they run the script through their own site people decide this is too much? Or is it quite problematic trying to run a tracking scipt from the same site and this is why most sites track us using a third party site?
And that’s good news about uBlock origin, so in summary it reads the scripts that sites try to run on us and if anything is trying to extract information that isn’t standard it will block it?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0
Re: What happens if a reputable site runs a tracking script?
Let's move this thread to Security, because it's not about NoScript.
But some 3rd party trackers don't even "present" as trackers - for example, in my opinion Facebook widgets are likely far more privacy-invasive than the likes of, say, Google Analytics.
There is no clear-cut answer to your question.
There is yet another scenario though - viewtopic.php?f=7&t=20777
Don't know how to defend this in OS X.
That's a bit of an overstatement. Enough people realize the site is running a nasty tracker and some of them are going to speak out and bring the site's reputation down on places like WOT (and if the tracking is extreme enough the site will also get outright blocked in various blacklists, even more so if tracking is spyware).freakedman wrote:So a reputable site can allow a third party run a script through their site to track us (such as iesnare) and nobody blinks an eyelid but if they run the script through their own site people decide this is too much?
But some 3rd party trackers don't even "present" as trackers - for example, in my opinion Facebook widgets are likely far more privacy-invasive than the likes of, say, Google Analytics.
There is no clear-cut answer to your question.
It's easier to track from a ready made 3rd party solution than host everything yourself (and sometimes site does host scripts itself, but most such cases it's still has to send the tracking info to the 3rd party site so you might see the 3rd party site in the NS script listing anyway).freakedman wrote:Or is it quite problematic trying to run a tracking scipt from the same site and this is why most sites track us using a third party site?
There is yet another scenario though - viewtopic.php?f=7&t=20777
Don't know how to defend this in OS X.
uBlock Origin is a URL filter / content blocker, it doesn't filter scripts based on contents.freakedman wrote:And that’s good news about uBlock origin, so in summary it reads the scripts that sites try to run on us and if anything is trying to extract information that isn’t standard it will block it?
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 11
- Joined: Thu Apr 28, 2016 4:23 pm
Re: What happens if a reputable site runs a tracking script?
Thanks again.
So if the site I need to use decides to employ it's own tracking script or the scenario that we cannot defend against then it can run active content and obtain details of my hardware?
If so maybe it is impossible to remain anonymous? My solution is to try to appear as a different user every time I need to by:
- changing up my addons and plugins so that my fingerprint changes
- changing my ip address by resetting my router
- clearing my cookies (my browser can defend against the evercookie, not sure if there is a stronger test?).
- spoofing my MAC address
I also never use ipv6 as it can leak my real MAC address. Are there other ways my real mac address can be leaked when I am spoofing it?
And can a site obtain hardware details other than MAC address, that are impossible to defend against or spoof?
So if the site I need to use decides to employ it's own tracking script or the scenario that we cannot defend against then it can run active content and obtain details of my hardware?
If so maybe it is impossible to remain anonymous? My solution is to try to appear as a different user every time I need to by:
- changing up my addons and plugins so that my fingerprint changes
- changing my ip address by resetting my router
- clearing my cookies (my browser can defend against the evercookie, not sure if there is a stronger test?).
- spoofing my MAC address
I also never use ipv6 as it can leak my real MAC address. Are there other ways my real mac address can be leaked when I am spoofing it?
And can a site obtain hardware details other than MAC address, that are impossible to defend against or spoof?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0
Re: What happens if a reputable site runs a tracking script?
Actually we can defend against that. I just don't know how to do it on a Mac.freakedman wrote:the scenario that we cannot defend against
The basic idea is to use a local "DNS proxy" (something like dnsmasq) and configure it to return either 0.0.0.0 or NXDOMAIN for blacklisted sites. If you find a solution for this on OS X please post it here
Right, assuming you've Allowed it in NoScript. Keep in mind that Allowing a site is trusting that site: FAQ 1.11freakedman wrote:So if the site I need to use decides to employ it's own tracking script or the scenario that we cannot defend against then it can run active content and obtain details of my hardware?
I would say, if the site you need to use decides to do that crap, maybe you don't need to use that site anymore.
You can't remain completely anonymous on the Internet. No one can. All we can do is attempt to block out the entities we distrust.freakedman wrote:If so maybe it is impossible to remain anonymous?
If you're willing to sacrifice security for anonymity, there's Tor Browser...
That sounds pretty effective. I would recommend also changing your user-agent string and the like using an addon such as https://github.com/dillbyrne/random-agent-spoofer/.freakedman wrote:My solution is to try to appear as a different user every time I need to by:
- changing up my addons and plugins so that my fingerprint changes
- changing my ip address by resetting my router
- clearing my cookies (my browser can defend against the evercookie, not sure if there is a stronger test?).
- spoofing my MAC address
Sorry I don't know anything about MAC address spoofing. This is the first I've heard that it's possible, sounds like something I should look into. Thanks!freakedman wrote:I also never use ipv6 as it can leak my real MAC address. Are there other ways my real mac address can be leaked when I am spoofing it?
I would think not unless it manages to installs spyware or uses a plugin, but not sure...freakedman wrote:And can a site obtain hardware details other than MAC address, that are impossible to defend against or spoof?
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 11
- Joined: Thu Apr 28, 2016 4:23 pm
Re: What happens if a reputable site runs a tracking script?
I read the following study about spoofing my user agent
https://seclab.cs.ucsb.edu/media/upload ... ieless.pdf.
In summary, if you spoof your user agent there is always a way to tell you are spoofing it, and if they know you are spoofing something it will be a red flag.
I make money from these sites I "need" to use and
1. Don't want them finding out who I really am.
2. Don't want them to suspect I am not who I sign up as, and ask me to extensively prove it (which they can due to terms and conditions).
Seems like I am as protected as I can be right now, but any more advice please pass it on
https://seclab.cs.ucsb.edu/media/upload ... ieless.pdf.
In summary, if you spoof your user agent there is always a way to tell you are spoofing it, and if they know you are spoofing something it will be a red flag.
I make money from these sites I "need" to use and
1. Don't want them finding out who I really am.
2. Don't want them to suspect I am not who I sign up as, and ask me to extensively prove it (which they can due to terms and conditions).
Seems like I am as protected as I can be right now, but any more advice please pass it on
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0
Re: What happens if a reputable site runs a tracking script?
This is not necessarily true. Spoofing user-agent strings for any of the latest few Firefox releases on any major supported OS will surely be undetectable if done right - if a site tries to probe to see that the user-agent string is valid, they'll just find Firefox, Firefox, Firefox, and Firefox, all the way down. (Verifying OS is not easy without plugins.)freakedman wrote:if you spoof your user agent there is always a way to tell you are spoofing it
Locking thread. We're not here to help you violate TOS of a site, especially if doing so is illegal.freakedman wrote:I make money from these sites I "need" to use and
1. Don't want them finding out who I really am.
2. Don't want them to suspect I am not who I sign up as, and ask me to extensively prove it (which they can due to terms and conditions).
Leaving this thread visible for those who have legitimate reasons to try to protect their privacy on the Internet.
*Always* check the changelogs BEFORE updating that important software!
-