
Screenshot URL tracking and niki-bot - jpoesen
https://mig5.net/content/awesome-screenshot-and-niki-bot
======
orf
I'm not fond of Chrome's app permissions at all. Too many apps just ask for
permission to access everything, and there is little insight into what they
exactly do.

I run the Ghostery extension and a year or so ago I noticed that when visiting
YouTube ~15 analytic trackers were being blocked. Turns out a couple of
extensions were injecting tens of trackers into popular sites (without my
express permission), and I would have had no idea unless I had another
extension to block and report this activity.

My girlfriends computer is worse - her extensions seem to inject actual
adverts into lots of her pages. I asked her why there was an obnoxious "click
the bottle to win 1000000$" flash advert on Facebook and she thought it was
just how Facebook is. Same thing for YouTube and other popular sites.

~~~
kolev
I stopped using ANY extensions for the same reasons. In most cases, the risks
outweigh the benefits in orders of magnitude. Well, there are few exceptions,
of course, but those are widely used developer tools.

~~~
forca
For me, the Internet is largely unusable without adblock at the very least. I
removed Ghostery and started using Disconnect instead. It does a much better
job methinks.

In addition to this on Firefox at least I invoke about:config and make several
settings changes:

\- I disable prefetch.

\- I disable media.peerconnect.

\- I disable geo tracking.

\- I disable HTTP/S referer.

\- I disable DOM storage.

\- I disable visited link tracking.

I also use EasyList, EasyPrivacy, and Malware domains adblock subscriptions.

In addition, as a Linux user, I want to use Flash on those sites that use it,
but I don't want to deal with LSOs tracking me, so I take advantage of Flash
by sending those LSOs to /dev/null. The Website is none the wiser and I get
the benefit of the Website.

rm -rf .adobe

rm -rf .macromedia

ln -s /dev/null .adobe

ln -s /dev/null .macromedia

Surf with relative comfort knowing that you've already paid for your Internet
connection with cash, no need to give away more of your privacy than needed.
Blocking ads is great if you use any social media, as you don't have to see
the sodden ads.

~~~
mwest
I use several web browsers, so rather than installing a different 'adblock'
plugin for each one, I use Dan Pollock's excellent list as part of my hosts
file:

    
    
      http://someonewhocares.org/hosts/
    

(Mentioned in HN previously.)

Works well for MacOS X, Linux and Windows, and doesn't care what browser
you're using.

I have been using it for 3+ years now without any problems.

I have a script to toggle moving the file out of the way and then back again,
mostly so that I can give ad revenue to those sites that I feel are deserving.

~~~
forca
I have toyed with the idea of using hosts files instead, but what bothers me
is the lack of daily updates. Granted, there is so much bad crap out there
that it's impossible to avoid it all.

Another thing I want to do is find a router that allows host files and script
regular updates. It would be great to never have to install extensions or
tinker with hosts file for every box on the network. I've also said I'd be
interested in seeing a proxy server that strips out all of this stuff so no
maintenance on the user end is required.

~~~
mwest
A bit of a late reply, but I have switched to using this on my home LAN now:
[https://github.com/jodrell/unbound-block-
hosts](https://github.com/jodrell/unbound-block-hosts)

Basically, a Perl script to massage the data from Dan Pollock's list into a
format suitable for unbound
([http://www.unbound.net/](http://www.unbound.net/))

------
fmavituna
6 years ago I reported reported 2 important issues [1] to Diigo (XSS in all
URLs if their extension is installed and information leakage for SSL pages -
similar to what author said).

Due to their response and lack of ability to understand security issues I
stopped using them, it's a shame to see they are not any better after 6 years!

[1]
[http://www.securityfocus.com/archive/1/493531](http://www.securityfocus.com/archive/1/493531)

------
laggyluke
Hm, whoever edited the title should reconsider - "Awesome Screenshot" is the
actual name of the tool.

------
roh26it
Free tools that provide value should hence be avoided. While evaluating a
tool, I've always checked for if a company runs on 1.subscription money, 2.
ads, 3. selling my data

Usually stay wary of signing up for anything which tilts towards 3.

~~~
seszett
Quite a lot of tools are actually really just free. Say, the Linux kernel, or
most of the free software we all use everyday.

Then there are also the miscellaneous services run by someone on the internet
mostly for themselves or a small community (or just to get some publicity for
themselves) which are also free and don't run on ads, selling data or
subscription. I do that, myself. Do you trust Naptha[0]? It was posted on HN
some time ago, from the comments[1] I don't even see anyone bringing up the
issue of trust.

[0] [http://projectnaptha.com/](http://projectnaptha.com/)

[1]
[https://news.ycombinator.com/item?id=7629396](https://news.ycombinator.com/item?id=7629396)

~~~
roh26it
Usually these projects are open source which enable the community to make sure
that no fishy stuff happens. Thats probably product type 4.

------
splitbrain
Can anyone recommend a similar extension as AwesomeScreenshot without this
shady behaviour?

~~~
ronjouch
Firefox's Developer Toolbar features a `screenshot` command out of the box.
Just hit Shift + F2 and type the command: [https://developer.mozilla.org/en-
US/docs/Tools/GCLI#Commands](https://developer.mozilla.org/en-
US/docs/Tools/GCLI#Commands) . Also, Firefox >=32 has a button for taking a
full-page screenshot in the DevTools: [https://developer.mozilla.org/en-
US/docs/Tools/Tools_Toolbox...](https://developer.mozilla.org/en-
US/docs/Tools/Tools_Toolbox#Extra_tools)

Alternatively, for the use cases not needing to be in-browser, why restricting
to extensions? Your platform has full featured apps doing the job out of the
browser:

\- Linux: I use [http://shutter-project.org/](http://shutter-project.org/)

\- Windows: I use (payware, but worth it, it does a lot)
[http://www.faststone.org/FSCaptureDetail.htm](http://www.faststone.org/FSCaptureDetail.htm)
, or (foss) [http://getgreenshot.org/](http://getgreenshot.org/)

~~~
nitrogen
GIMP is also capable of taking screenshots on Windows and Linux, and Mac has
the cmd+alt+shift+4 shortcut IIRC.

------
walterbell
> You can drop api28.webovernet.com and the other site into your browser to
> see where they lead, but we’ll save you the suspense: they are actually
> redirects for the API for a company called Similar Web, which is one of many
> companies doing this kind of tracking, and selling the data so other
> companies can spy on what their competitors are doing.

Is that part of SimilarWeb Pro? It's not clear from the website how their
service could be used to monitor the web client traffic of specific companies.
An independent reference on the quoted claim would be helpful.

------
insky
Regarding tracking. We had a hickup at work, with a url that triggered an
expensive cronjob. It was being hit mysteriously. It turned out to be the new
tab page in Chrome or Firefox (I can't remember which one), which was
requesting the url routinely. This basically shows that whenever you open your
browser a group of sites get requests, whether you have them open or not.
Therefore if you have FriendFace say as a most visited site, they'll get a
request from you everytime you sit in front of your machine pretty much.

------
diminish
I have suspicions that some firefox extensions trigger full page ads such as
this on
[https://github.com/gantt/downloadyoutube](https://github.com/gantt/downloadyoutube).

~~~
zz1
I suggest [http://rg3.github.io/youtube-dl/](http://rg3.github.io/youtube-dl/)

------
spyder
Yes, be careful because probably all of the developers of popular extensions
are regularly getting offers to share their users' browsing data or to
insert/replace ads on websites.

------
osxman
For Mac it's also possible to use 'Stache' from the app store. This has a
full-page screenshot functionality built in. It cost's $6,99 but it is also
possible to store collections of interesting or inspiring pages/websites in a
nice looking library.
[https://itunes.apple.com/us/app/stache/id870659406](https://itunes.apple.com/us/app/stache/id870659406)

------
ecommercewiz
Wow, I didn't acknowledge this at all. Thanks for sharing your discoveries!

