Being fingerprinted is a problem that has not received wide attention. Unfortunately there are very few guides as to how to avoid it. Here are a few ways you can avoid being fingerprinted by porn (or ad companies for that matter) in decreasing order of identifying bits (at the very least ). - If nothing else, always use incognito or private mode (It reduces the plugins that are active, and removes some bits from your unique fingerprint) - Use a different browser entirely for porn or other private things - Get in the habit of using a virtual machine for your private browsing. - Use an anonymizing proxy, or a separate VPN for private things than the one you use for your other browsing. (removes your original IP info) - Use TOR Finally, use the eff tool panopticlick to verify that you are indeed not unique.
I wonder why I have to protect myself from companies/government while the companies are the ones that want my money and the government is supposed to protect/serve me. The moment I will turn on Tor to watch porn will probably be 3 hours before the internet apocalypse.
What do you think / know about services like Ghostery, Secret Agent, Disconnect.me, NoScript, etc. Do they work? Are any better or worse than others?
Each of them reduces the bits in your fingerprint to some extent. Ghostery (and others that block third party requests) is reasonable if you trust the domain (not just the embedded objects in the page) you are visiting to not be interested in collecting data about you. However, if the domain itself is collecting data about you, then you have just provided one more bit of information that distinguishes you (since the percentage of population running Ghostery is smaller than the full population of browsers). Secret Agent seems more reasonable in that it is actively targeted towards detecting fingerprinting. The way it works is by spoofing your HTTP headers, which are used in generating some bits to identify you. However, if you are directly on the internet (not behind a NAT (NAT is a way of sharing ipaddresses with others in the same network) -- being directly on the internet is rare these days), your IP is still accessible. If you are behind a NAT, you will have to trust your ISP not to track you. Disconnect me is similar, and routes your request through a VPN, but you will have to trust them. (By routing your request through a VPN, they make your request seem to come through a different part of the world, than your original location, which removes one bit of information about you -- they do more, but this seems the most salient of what they do.) NoScript works by removing the vector of many identification techniques, by disabling Javascript. However, it can also make your browsing experience painful if you are expecting dynamic look and feel in websites that are enabled by Javascript (you can whitelist, but how effective that is, depends on your browsing habits). Secondly, it does not eliminate all bits of identification. All in all, all these are useful techniques, which can reduce the exposed bits identifying you to a degree (You will also have to trust the tool itself not to send any incriminating data back. There has been instances when these tools themselves turned traitor). They are all complementary to each other to a degree too.
I have found that it basically neuters all the prevalent web2.0 bullshit that everyone pretends to love but secretly hates unless it is executed perfectly.NoScript works by removing the vector of many identification techniques, by disabling Javascript. However, it can also make your browsing experience painful if you are expecting dynamic look and feel in websites that are enabled by Javascript (you can whitelist, but how effective that is, depends on your browsing habits). Secondly, it does not eliminate all bits of identification.
(You) Could just do what people used to do if you're that worried about people knowing what kind of messed up things you're into a(nd) buy hard copy porn(.) (")ha.(")
Fixed that for you. +1 for sentence structure and punctuation. :PIf you're worried about people knowing what kind of messed up things you're into, you could just do what people used to do: Buy hard copy porn. Ha.
The a was an autocorrected and, and I don't care too terribly much about the fact that "ha" wasn't separated when in actuality I it isn't correct in the comment as a whole as dialogue/emotion response is separate from thought in this circumstance. Also, I think throwing a subject into start of the comment would have corrected the rest of it, but (I) chose not to as I was commenting on my phone from bed in the morning.
100% of the sites I build use Google Analytics and/or Piwik and/or other marketing automation platforms to gather data. These are all served via JS with a <noscript> fallback tag with an image. Yes, even Hubski (cmd+u, cmd+f, noscript) . It's standard operating procedure. Sorry. Note: we have our piwik gather very little data about you guys. We mostly like seeing where Hubski is being posted around the internet as well as how many users / pageviews we have in day / week / month / year. You can read more about what we do and don't do here. I refuse to implement ones that share into a larger database even though I have been forced to take 3 sales calls in the last month about these "groundbreaking" technologies that allow me to get all of your information whenever you visit my site. FYI, the absolute worst thing you can do is login via Facebook/Twitter/Google. A majority of the sales calls revolve around logging in with those services because (1) it requires very little effort on your part and (2) the amount of data I can get is outstanding. I can offer you a free dinner and in return literally get ALL of your information and your friends information. This then feeds into a database which is shared with other customers of the service. I can then search, sort, filter, and drill down into things like location, age, users who have ever visited the national monument in DC, etc. I can click on those users and see what text went along with that trip to DC. It's terrifying. But it's valuable. With email open rates becoming lower and lower every day, being able to send YOU an email about a restaurant I know you've been to means more return on my investment, not to mention a nice promotion for the tech genius. You would not believe what privacy minded people tell themselves while implementing these services. They don't want to be tracked but oh boy do they want to know you.
I'm annoyed that NoScript isn't more up front about this. I had assumed I was safe because I always see Piwik and Google Analaytics pop up on the 'blocked' menu. Oh well. Between the other three or four apps mentioned I guess I'm doing all right. It'll be time for a permanent VPN soon.
If it makes you feel any better, the information Google shares me with (the business owner) via Google Analytics is relatively little. Not even IP address. It's very hard to personally identify you, even though I can follow you individual (sort of) actions on my site. The bigger issue remains that Google is gathering all this information. While it may not be feasible for pornhub to store 3m terabyes of footprints, it is much more feasible for Google to do so. Plus algorithms and stuff. This, coupled with whatever information they are low key tracking from Google Fonts and other hosted libraries like jquery, and their new web hosting and computing services, they have terrifying access to billions of websites. I try not to think about that fact. I mean. What percentage of sites today have a Google Analytics, Google Font, or Google Hosted Library? Even if you take out GA, 13 out of the 18 sites I've built in the last 12 months use one of those services. The other 5 don't only because they live on Android tablets and so everything is packaged. Why would Google create and host a fuckton of free fonts and libraries? I don't know, but I seriously doubt its out of the kindness of their heart.