Facebook wants to start the 2020s on the right privacy footing, and it’s about to make that abundantly clear to most of its users. The social network is planni…
— Lees op www.engadget.com/2020/01/28/facebook-prompts-privacy-checkup/
Will Facebook redirect you to their privacy page full of tracking cookies, canvas fingerprinting and personalised adds? To change your privacy setting with built-in other privacy footing?
Link Tracking in Popular Browsers http://jmbusinesssecurity.co.uk/2019/04/13/blog20190413/ —article: jmbusinesssecurity.co.uk/
The PING function is all about tracking, and has really no other official function. Privacy advocates are complaining as this is just another way for your data to be leaked back to websites and now there is no way to stop it.
The Hyperlink Auditing/PING function has a side effect that allows an attacker to initiate a Distributed Denial of Service (DDoS) attack from your browser by rewriting the PING string from JavaScript. In order for this to happen, an attacker would have to inject malicious JavaScript into a webpage (by no means impossible especially over http (not https) using a man-in-the-middle attack, or through the website getting hacked), and once there is can do the rewrites.
Reddit is an American social news aggregation, web content rating, and discussion website. Registered members submit content to the site such as links, text posts, and images, which are then voted up or down by other members. Posts are organized by subject into user-created boards called “subreddits”. – Wikipedia.org
Visit Reddit.com without Anonymous Startpage.com view on uMatrix 1.4.0 for Firefox, currently Reddit.com interacts with your device with:
5 cookies, all 9 from reddit.com so no third-party cookies.
20 Cascading Style Sheets (or CSS), 5 from Reddit.com, 19 from http://www.redditstatic.com; a style sheet language used for describing the presentation of a document written in a markup language like HTML. Privacy infringement: it allowed websites to uncover a user’s browsing history and figure out what sites the user had visited. Combined with other Web technology such as JavaScript or simply loading of background images, lets Web pages determine whether a URL is in the user’s history very quickly and without any interaction from the user. This is mitigated by browsers.
83 images, an (leaky) image can reveal whether the user is visiting a specific website. None from third-party sources.
1 media, viewing videos on the Internet might collect Personal Information.
34 scripts, all from either reddit.com or http://www.redditstatic.com; JavaScript tells all, which turns out not to be so great for privacy: Side-channel leaks can be exploited to follow you around the interweb. A JavaScript template Attacks will Automatically be Inferring Host Information for Targeted Exploits. JavaScript Template Attacks can be used for user fingerprinting. None from third-party sources.
7 XHR, a built-in browser object that allows to make HTTP requests in JavaScript. Despite of having the word “XML” in its name, it can operate on any data, not only in XML format. It uses user and password for login and password on basic HTTP auth. Using resources retrieved via XMLHttpRequest in your background page could fall victim to cross-site scripting. Guard yourself against malicious web pages that might try to impersonate a content script. In particular, do not allow content scripts to request an arbitrary URL. Use HTTPS whenever possible. None from third-party sources.
1 frame, (or XMLHttpRequest), from http://www.redditmedia.com; beware of a Frame Injection. Cross-site Scripting is naturally prioritized since it seems easily exploitable and effective. Hackers also are attracted to this vulnerability, because there are aspects of the Frame Injection attack that can allow them to redirect users to other malicious websites used for phishing and similar attacks.
1 other, non cookie, non CSS, non image, non media, non script, non XHR, non frame; from noscript-csp.invalid.
Visit Reddit.com with Anonymous Startpage.com view on uMatrix 1.4.0 for Firefox, currently Reddit.com interacts with your device with:
zero third party or Reddit.com cookies, CSS, images, media, scripts, XHR or frames!
But: 89 items of startpage.com itself (see below)
6 cookies
19 Cascading Style Sheets (or CSS)
27 images
0 media
29 scripts
3 XHR
5 frames
Final remarks, stated in the privacy policy of Startpage.com. We don’t collect any “personal data”. We don’t record your IP address. We don’t serve any tracking or identifying cookies. We don’t record your search queries. We don’t disclose or sell your contact information. Regarding governmental requests; they can’t request what we don’t have. We will never comply with any voluntary surveillance program. Startpage.com complies with the GDPR.
Please visit my website https://internetcookies.food.blog/ regularly. Select your own internet cookies (and other privacy related) control Add-Ins. Enjoy the reading!
Google’s plan is to restrict advertising software companies and other organizations from connecting their browser cookies to websites they do not operate, the company said in a blog post on Tuesday. (bit.ly/2RmTYKK) source: Reuters
For nearly three decades, cookies placed by relatively unknown companies on nearly every website have fueled advertising on the internet.
With Google’s decision, it looks like taking a major step forward; but is that beyond question? Google just needs to change cookies to satisfy increased privacy demands from users. The subsitution will be profiles and we all know that is good for Google.
Google/Alphabeth with its subsidiairies AdMeld, AdMob, Adometry, Apture, Channel Intelligence, Custom Search Ads, DoubleClick, DoubleClick Ad Exchange-Buyer, DoubleClick Ad Exchange-Seller, DoubleClick Bid Manager, DoubleClick DART, DoubleClick Floodlight, DoubleClick Spotlight, Doubleclick Video Stats, FeedBurner, GA Audiences, GDN Notice, Google Ads Measurement, Google Adsense, Google Adsense, Google Adsense Asynchronous, Google AdServices, Google AdWords Conversion, Google Adwords User Lists, Google Affiliate Network, Google AJAX Search API, Google Analytics, Google API, Google Commerce, Google Custom Search, Google Custom Search Engine, Google Display Network, Google Dynamic Remarketing, Google Fonts, Google FriendConnect, Google IMA, Google Interactive Media, Google JSAPI Stats Collection, Google Pingback, Google Publisher Tags, Google Safeframe, Google Shopping Reviews, Google Syndication, Google Tag Manager, Google Translate, Google Travel Adds, Google Trusted Stores, Google Users, Google Website Optimizer, Google Widgets, Google+ Platform, Gstatic, Maps, Meebo Bar, Mindset Media, PostRank, Swiffy, Gmail and Youtube will benefit from profiling advertisements more.
So restrict advertising software companies and other organizations from connecting their browser cookies to websites they do not operate will promote profiling.
Cookie consent tools are being used to undermine EU privacy rules, study suggests
Cookie consent tools are being used to undermine EU privacy rules, study suggests
MIT research on GDPR shows:
They also found that the vast majority of CMPs make rejecting all tracking “substantially more difficult than accepting it” — with a majority (50.1%) of studied sites not having a “reject all” button. While only a tiny minority (12.6%) of sites had a ‘reject all’ button accessible with the same or fewer number of clicks as an “accept all” button.
Cookie consent is not protective enough.
An amazon company – the most popular online database of information related to films, television programs, home videos and video games, and internet streams.
Visit IMDB.com without Anonymous Startpage.com view on uMatrix 1.4.0 for Firefox, currently imdb.com interacts with your device with:
9 cookies, all 9 from imdb.com so no third-party cookies.
8 Cascading Style Sheets (or CSS), 1 from idmb.com, 6 from media-amazon.com and 1 from media-idmb.com; a style sheet language used for describing the presentation of a document written in a markup language like HTML. Privacy infringement: it allowed websites to uncover a user’s browsing history and figure out what sites the user had visited. Combined with other Web technology such as JavaScript or simply loading of background images, lets Web pages determine whether a URL is in the user’s history very quickly and without any interaction from the user. This is mitigated by browsers.
30 images, an (leaky) image can reveal whether the user is visiting a specific website. None from third-party sources.
0 media, viewing videos on the Internet might collect Personal Information.
33 scripts, all from either imdb.com or amazon.com; JavaScript tells all, which turns out not to be so great for privacy: Side-channel leaks can be exploited to follow you around the interweb. A JavaScript template Attacks will Automatically be Inferring Host Information for Targeted Exploits. JavaScript Template Attacks can be used for user fingerprinting. None from third-party sources.
0 XHR, a built-in browser object that allows to make HTTP requests in JavaScript. Despite of having the word “XML” in its name, it can operate on any data, not only in XML format. It uses user and password for login and password on basic HTTP auth. Using resources retrieved via XMLHttpRequest in your background page could fall victim to cross-site scripting. Guard yourself against malicious web pages that might try to impersonate a content script. In particular, do not allow content scripts to request an arbitrary URL. Use HTTPS whenever possible. None from third-party sources.
3 frames, (or XMLHttpRequest), 2 from media-amazon.com and 1 from amazon-adsystem.com; beware of a Frame Injection. Cross-site Scripting is naturally prioritized since it seems easily exploitable and effective. Hackers also are attracted to this vulnerability, because there are aspects of the Frame Injection attack that can allow them to redirect users to other malicious websites used for phishing and similar attacks.
Visit imdb.com with Anonymous Startpage.com view on uMatrix 1.4.0 for Firefox, currently imdb.com interacts with your device with:
zero third party or wikipedia.org cookies, CSS, images, media, scripts, XHR or frames!
But: 213 items of startpage.com itself (see below)
13 cookies
29 Cascading Style Sheets (or CSS)
91 images
0 media
59 scripts
8 XHR
13 frames
Final remarks, stated in the privacy policy of Startpage.com. We don’t collect any “personal data”. We don’t record your IP address. We don’t serve any tracking or identifying cookies. We don’t record your search queries. We don’t disclose or sell your contact information. Regarding governmental requests; they can’t request what we don’t have. We will never comply with any voluntary surveillance program. Startpage.com complies with the GDPR.
Please visit my website https://internetcookies.food.blog/ regularly. Select your own internet cookies (and other privacy related) control Add-Ins. Enjoy the reading!
Mozilla says a new Firefox security bug is under active attack
https://techcrunch.com/2020/01/10/firefox-security-bug-zero-day/
— Lees op techcrunch.com/2020/01/10/firefox-security-bug-zero-day/
“The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.”
Security breach via JavaScript in FireFox. Update FireFox now.
WordPress user Jonathan Bossenger wrote a blog on Remarketing as a key to driving Sales. In short Google AdWorks will track you after visiting a website. To Re-Market their products to you elsewhere on the internet while browsing!
Setting up a remarketing campaign, the comprehensive guide. In this guide Neil Patel points out there are generally three types of campaigns:
1. campaigns focused on people who have made a specific choice on your website (adding an item to a wish list),
2. campaigns for folks who make it up to a certain point in the checkout process (abandoned carts),
3. campaigns that promote specific content.
So every visit of a website without block cookies of googletagmanager.com,
wil point back to past visits to (commercial) websites.
For the full article of Jonathan Bossenger on WordPress Why Remarketing Keywords Is Key to Driving Sales
Pro-privacy search engine Qwant announces more exec changes — to ‘switch focus to monetization’
Pro-privacy search engine Qwant announces more exec changes — to ‘switch focus to monetization’
CEO of a pro-privacy search engine states: “We will now need to focus a lot on monetization and on our core business… to create a real ad platform,” he added, by way of explaining the latest round of exec restructuring.
How can a’real’ ad platform work without anti-privacy personal profiling like internetcookies and canvas fingerprinting? Please comment and explain.
Security flaws on the TikTok video-sharing platform, that could have let hackers add or delete videos, change privacy settings and steal personal data, have been fixed after they were highlighted.
— Read www.bbc.com/news/technology-51010408
Why internet cookies are almost never all right? 