
Collusion: A browser addon to demo how websites track you online - abhinavsharma
http://collusion.toolness.org/
======
there
i used to browse with firefox's cookie prompting on, so every time i would
visit a new site, i'd have to manually allow it to set cookies. i'd usually
deny them for everything and only allow certain sites to set cookies, to avoid
tracking like this site is describing. denying cookies broke quite a few sites
and the prompt became annoying.

now i just browse with cookies enabled, but the "keep until" setting is "i
close firefox". now every time i close firefox, all the transient tracking
cookies and other bullshit are erased. for sites that i actually want to stay
logged into, like hacker news, or that need to store long-term cookies for
authentication like banking sites, i use the "cookie monster" add-on and just
click its icon in the corner and tell it to allow cookies for the current site
and no other 3rd party hosts. my current firefox cookie list is small, and
only has cookies for sites that i know about.

~~~
pwg
Give the "Cookie Monster" extension a try. You can browse with a default "no-
accept-cookies" policy, but at browse time decide to (based upon the domains
of the cookies):

1) temporarily allow cookies from some domains; 2) permanently allow cookies
from some domains.

Gradually you can build up a whitelist of just only those sites where you will
allow cookies, even while blocking their own advertisers/trackers from setting
cookies, while keeping everything else off.

~~~
there
did you read my comment? i'm using cookie monster.

blocking by default and only allowing the current domain breaks quite a few
sites that refuse to work without an active session cookie. some break subtly
and some throw you into a redirection loop. that is why i accept all by
default, but firefox marks them as session cookies so they don't survive
across browsing sessions, and using cookie monster i whitelist a few domains.

------
benologist
Very nice illustration. I'm a big fan of using Ghostery to block everything,
it's ridiculous how much shit is on some pages:

<http://www.ghostery.com/>

I've also started using Better Pop Up Blocker because either networks are
getting smarter or Chrome's crap at blocking popups:

[https://chrome.google.com/webstore/detail/nmpeeekfhbmikbdhlp...](https://chrome.google.com/webstore/detail/nmpeeekfhbmikbdhlpjbfmnpgcbeggic)

~~~
ck2
Am I imagining things or is Ghostery starting to auto-whitelist some trackers?

Remember, the plugin got sold a year or two ago to a commercial company
selling advertising services.

I rolled back to the 2.4.2 version and no auto-whitelist.

~~~
ghostwords
ck2, I work on Ghostery. Ghostery does not auto-whitelist.

If you'd like to see for yourself, feel free to look around.
Firefox/Chrome/Safari/Opera browser extensions are mostly written in
JavaScript.

If you are having issues with Ghostery, please post on the support forum at
<http://www.ghostery.com/feedback>.

------
nl
_If you're not paying for something, you're not the customer; you're the
product being sold._

I've seen this quote around a lot lately, and it makes me very uneasy.

I understand the idea it is expressing, and as a phrase it is attractive
because it is short and simple.

The problem is that the sentiment behind it ("advertising corrupts companies
to put advertisers instead of users first") just isn't true. Not only have
newspapers and TV stations been dealing with this for years, but there are
numerous other examples.

For example, Sebastian Vettel is paid by Red Bull. Does that he (or the Red
Bull F1 team) prioritizes selling Red Bull above winning races?

Media organisations are interesting - there are numerous cases of newspapers
publishing stories that are against the interests of their advertisers.

There are also many cases of media organisations holding back stories that are
detrimental to their advertisers. But is this any worse than product companies
selling goods that are unreliable because of cost savings made during
manufacture? What about a case like BP, where an oil spill directly damaged
their customers, but BP acted in the interest of its shareholders instead of
its customers.

Saying something like "company culture is the critical factor" sounds like
some kind of management-speak way of avoiding the issue. Yet - to me at least
- it is the only explanation that matches the behaviours we see in the market.

~~~
alanh
You don’t think newspapers and TV stations hesitate before publishing anything
their advertisers wouldn’t want people to hear!?

~~~
nl
It depends on the firm.

Given that there is a term for avoiding this (Chinese Wall[1]), many companies
go out of their way to make sure this doesn't occur.

[1] <http://en.wikipedia.org/wiki/Chinese_wall#Journalism>

------
shii
It's funny. I don't see anything at all. And I have no adblocker plugins
whatsoever; I hate adding more junk and extensions to my browser.

I use this: <http://someonewhocares.org/hosts/>

Quality of life significantly improved.

------
mish15
I'm amazed so many people and companies are focussed on trying to manage/limit
peoples exposure to tracking technologies. Everyone is looking at this problem
backwards. I say this because the vast majority of these technologies are
javascript based and simply read cookies and execute simple image requests to
send information back to tracking servers. If someone was to invent a plugin
that allowed these technologies to still function, but randomly scrambled the
data being sent (along with sending extra dummy requests here and there), it
would be over...

Tracking companies rely on clean data, they even report on exact numbers
coming out of these systems, so instead of people trying to avoid being part
of their clean data, it would be far more effective to make their data dirty
so they can't trust it (or sell it).

------
jannes
I think Chrome will get much better cookie controls sometime in the future.
They call it non-modal cookie prompt.

The German Chrome team mentioned this in a blog post a short while back. But
unfortunately the announcement was very vague and doesn't have many details.
The changes don't seem to have landed in the canary build yet. If I understand
the blog post correctly they are in the middle of building the feature.

This is the (German) blog post I'm referring to. [http://google-produkt-
kompass.blogspot.com/2011/06/chrome-ma...](http://google-produkt-
kompass.blogspot.com/2011/06/chrome-made-in-germany.html)

I don't think Google Translate can be of much help here, because even the
German version is very vague about this feature. Also, the post is mainly
about other things, they only mention the new cookie prompt in one sentence.

~~~
lawnchair_larry
Did you see how prevalent the doubleclick (Google) cookies were in the demo?
Google also is refusing to implement Do-Not-Track, unlike all other major
browsers. My faith in them improving in this particular area is weak.

------
dmbass
I just want to point out that as we further diminish returns on advertising
most internet business models die. The people who click on ads are subsidizing
most of the internet for the rest of us. It's easier for me to pay with
alleged personal information than with money.

------
baltcode
There are a few things I don't understand. It seems that a lot of websites are
tracking behavior at toolness.org. Why? Is it reversed, i.e., the add-on from
toolness.org is tracking these websites, or do these sites have sort of
counter-measures to see when people use privacy tools? Can they actually read
in information from non-https sites? Also, twitter seems to be tracking
behavior on a number of sites. Is it because of those small twitter widgets
everyone uses on these sites, or is twitter actually trying to collect data on
what I like to browse?

------
willvarfar
It doesn't properly understand national domains; bbc.co.uk, for example, is
shown only as co.uk.

Lovely idea though, but I imagine the author is himself collecting the stats
on my browser testing habbits :)

~~~
abhinavsharma
Your data isn't being sent out of your browser. The source code is here:

<https://github.com/toolness/collusion>

As with all Firefox addons, you can right-click + save-as the xpi file, run
"unzip addon-name.xpi" and look at the source.

------
jwcacces
Why doesn't the browser keep cookies organized by the website in the address
bar? That way a cookie from a doubleclick resource received while browsing
cnn.com is kept separate from a doubleclick cookie received while browsing
imdb.com.

I guess I can answer my own question by saying it doesn't matter. If browsers
did this, websites would be written so that an ad provider's resources are
loaded with a querystring that identifies the user. So much for not being
aggressively tracked.

------
mike-cardwell
RequestPolicy is a great addon for stopping this sort of tracking (amongst
other things). Takes a little while to get it trained on the sites you visit
most, but it's a lot safer to use the web with it than without.

~~~
Lennie
It is what I use too.

It just blocks everything which comes from an external domain.

So in most cases it will also block malware, because malware authors seem to
wait to use a 2-stage system.

They let different hacked websites point to one where the malware will be
downloaded from.

------
Tichy
Cool, I meant to create something like this for years :-) Glad somebody
finally did.

