Example of a European Privacy Seal awarded website
VBL. Versorgungsanstalt des Bundes und der Länder proved that the publicly available parts of the website http://www.vbl.de comply with EU data protection law. Visitors of http://www.vbl.de can be sure that processing of personal data that results from the interaction between their browsers and VBL’s webserver is in line with EU data protection law. – European Privacy Seal
Visit VBL.de without Anonymous Startpage.com view on uMatrix 1.4.0 for Firefox, currently vbl.de interacts with your device with:
4 cookies, 3 from imdb.com and 1 third-party cookies from netmind-core.com.
23 Cascading Style Sheets (or CSS), 23 from vbl.de; a style sheet language used for describing the presentation of a document written in a markup language like HTML. Privacy infringement: it allowed websites to uncover a user’s browsing history and figure out what sites the user had visited. Combined with other Web technology such as JavaScript or simply loading of background images, lets Web pages determine whether a URL is in the user’s history very quickly and without any interaction from the user. This is mitigated by browsers.
54 images, an (leaky) image can reveal whether the user is visiting a specific website. None from third-party sources.
0 media, viewing videos on the Internet might collect Personal Information.
21 scripts, all from vbl.de; JavaScript tells all, which turns out not to be so great for privacy: Side-channel leaks can be exploited to follow you around the interweb. A JavaScript template Attacks will Automatically be Inferring Host Information for Targeted Exploits. JavaScript Template Attacks can be used for user fingerprinting. None from third-party sources.
0 XHR, a built-in browser object that allows to make HTTP requests in JavaScript. Despite of having the word “XML” in its name, it can operate on any data, not only in XML format. It uses user and password for login and password on basic HTTP auth. Using resources retrieved via XMLHttpRequest in your background page could fall victim to cross-site scripting. Guard yourself against malicious web pages that might try to impersonate a content script. In particular, do not allow content scripts to request an arbitrary URL. Use HTTPS whenever possible. None from third-party sources.
0 frames, (or XMLHttpRequest), 2 from media-amazon.com and 1 from amazon-adsystem.com; beware of a Frame Injection. Cross-site Scripting is naturally prioritized since it seems easily exploitable and effective. Hackers also are attracted to this vulnerability, because there are aspects of the Frame Injection attack that can allow them to redirect users to other malicious websites used for phishing and similar attacks.
1 other, from datain.cloud.netmind-core.com
Visit vdl.de with Anonymous Startpage.com view on uMatrix 1.4.0 for Firefox, currently vdl.de interacts with your device with:
zero third party or vdl.de cookies, CSS, images, media, scripts, XHR or frames!
But: 146 (!) items of startpage.com itself (see below)
6 cookies
44 Cascading Style Sheets (or CSS)
49 images
0 media
28 scripts
14 XHR
5 frames
Final remarks, stated in the privacy policy of Startpage.com. We don’t collect any “personal data”. We don’t record your IP address. We don’t serve any tracking or identifying cookies. We don’t record your search queries. We don’t disclose or sell your contact information. Regarding governmental requests; they can’t request what we don’t have. We will never comply with any voluntary surveillance program. Startpage.com complies with the GDPR.
Please visit my website https://internetcookies.food.blog/ regularly. Select your own internet cookies (and other privacy related) control Add-Ins. Enjoy the reading!
Why internet cookies are almost never all right? 