
What we know about you when you click on this article - kohtatsu
https://www.vox.com/recode/2019/12/10/20962868/vox-media-privacy-policy-explained-what-we-know-about-you
======
et2o
Seems like this would have been a good opportunity to actually show you the
relevant data they’re collecting from your visit.

~~~
dylan604
I would love to see a site provide a little pop-out window with all of the
mined data displayed for the site users to see. I could see where the 3rd
parties mining that data would not want all of the users to see that. I've
never used GA or similar, but I seriously doubt that the 3rd parties provide
the site owners/developers a method for being able to do this. They want to
drive eyeballs back to their site to view the metrics.

~~~
dmurray
Agreed, if Vox had actually done this it would have been underwhelming.

~~~
teekert
Something like this: [0]?

[0] [https://panopticlick.eff.org/](https://panopticlick.eff.org/)

~~~
dmurray
Yes exactly, that's really underwhelming to me. It doesn't tell me my age,
gender, location or anything about my browser or purchasing history. I'm
certain real advertisers can do better. I'm using stock Chrome on Android.

~~~
fingerlocks
I’m not sure they can. How would that work? It’s not at all obvious to me,
unless you explicitly provide that information by creating an account and
logging in.

Tracking pixels are incapable of such feats. At best they have your IP address
from the latest visit, and information about your behavior on that site. I
don’t see how they can magically conjure information you haven’t provided.

~~~
beatgammit
They just connect your browser to an account that has that data. If you have a
Facebook account, a tracking pixel makes it easy.

If you don't provide that data, they can guess based on browsing history (e.g.
if you look up baby products, you're likely in the 20-30 age range). They can
use AI to see how your online behavior matches up with other people in a known
demographic. All of that data paints a surprisingly clear picture, even if you
don't create an account (e.g. browsing data by IP is likely from the same
person/family).

~~~
fingerlocks
My understanding is that the tracker collects your information, not the
trackee, from the tracking pixel, correct? So that doesn't give some random
website any additional information about you.

But I'm really curious here, because I'm an applications developer and sort of
in the dark about a lot of web technology. If I wanted to create a website
that just absorbs the kind of information you're alleged is possible, how
_precisely_ is that done? How do I access the user's browsing history that you
claim is possible? Is there a tutorial on this hand-waving AI-magic? Even if I
had somehow acquired a mega database of granular user data, how do I key in on
the random-user-that-just-loaded-my-page?

Sorry if I being incredulous. It's because I am.

------
superkuh
The simplest solution to all of this is to browse with javascript disabled and
only temporarily whitelist certain first party domains when required.

Like egdod said at the bottom of this comment thread, downvoted into oblivion:
"Javascript is a cancer and should be disabled whenever possible."

~~~
chrismmay
I think you would miss out on about 90% of what the web has to offer if you
simply disable Javascript. A bit like saying you should never use a bank or
credit cards and do everything with cash. Javascript is one of the most
popular programming languages these days. This forum is full of programmers,
so it's not surprising you get downvoted for recommending that people disable
Javascript.

~~~
TravHatesMe
In my opinion that is a bad reason to downvote someone. He/She is entitled to
their opinion. Their comment drove discussion, I enjoyed reading your response
and I like your analogy of cash vs. card. The downvoting on HN breeds
conformism, to me that is both unappealing and unoriginal. People should
consider all perspectives and form their own opinions.

Edited to remove reddit comparison.

~~~
grzm
The original comment by 'egdod referenced by 'superkuh was not constructive
(likely the reason it was downvoted/flagged).

'superkuh could very well have been downvoted for commenting on downvotes
contrary to the guidelines, rather than for anything about the other content
(which otherwise looks fine).

> _Please don 't comment about the voting on comments. It never does any good,
> and it makes boring reading._

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

The guideline is there specifically to prevent threads like this, devolving
into meta discussion rather than focussing on the submission. Post
constructive comments, (silently) give compensatory upvotes to those you think
are wrongly downvoted, and move along.

~~~
TravHatesMe
Thanks for pointing that out, I will refrain from comments like these in the
future.

It just becomes frustrating to see this pattern of behavior and how pronounced
it has become. I frequently disagree with comments but they often generate
good discussion. This is how we all get smarter. Instead, the potential is
deterred by downvotes.

~~~
Stratoscope
At the risk of continuing this meta discussion, I would have flagged that
comment too, but not for any disagreement about whether JavaScript should be
avoided.

Many of us have family members fighting cancer, and there are cancer patients
and survivors reading HN. I don't think a casual statement equating that
terrible disease with a mere programming language is appropriate here or in
any public forum.

By way of contrast, I would have upvoted a comment like this:

 _I avoid JavaScript whenever I can. I feel safer that way. I use FooBlock
Organic to selectively whitelist JavaScript for sites that need it and that I
trust. I recognize the irony of using a browser extension which is itself
written in JavaScript, but it 's open source and I've reviewed the source code
carefully. I even contributed some patches to make it easier to use._

------
tsbinz
“If you logged into our network through social media we also have access to
portions of your public social profile, such as your name, email address, and
photo.“

Obvious in hindsight, but the profile picture is probably a goldmine for
targeted advertising. Not sure if anybody does that but using that for age
estimation would probably be way more accurate than the guesses I’ve seen
implicitly (lots of ads like “people in <age group> love this product”) and
explicitly.

~~~
3pt14159
Also profile photos are frequently reused between sites. Easy way of
connecting handles, though they're not always real since some people create
fake profiles on one network from real profiles on another.

------
zwaps
I love that I have to accept ALL tracking & cookies to even read that webpage

~~~
greenyoda
I disabled all cookies, all JavaScript and all 3rd-party content on that page
using uMatrix, and it loads just fine.

------
tutfbhuf
I can recommend [https://www.freefullrss.com](https://www.freefullrss.com)
where you can convert any rss feed into a full text rss feed. The websites get
rendered for you and you can view them in the rss reader of your choice, so
you don't have to visit the site at all, no JavaScript and no fingerprinting
exposure at all.

In the long run, I think this might be the future, to have a server to render
websites into a readable format for you.

------
chrismmay
I use Brave and OpenVPN on a cloud server. I tested my privacy with this
[https://privacy.net/analyzer/](https://privacy.net/analyzer/) ... Strangely,
it said I was logged in to twitter, facebook and reddit when I'm not logged in
to any of them. I don't even have a twitter account.

~~~
allovernow
Cool concept but for me on Brave the site was pretty broken. Content didn't
seem to be loading correctly and honestly the navigation takes up half the
page and made whatever results did come up really annoying to read. Scrolling
was not smooth and things would disappear before they were actually out of the
viewport. Also incorrectly reported me as using chrome.

~~~
chrismmay
Yeah, privacy.net isn't that great. It was the first one I found. I found a
few others that take different approaches.

[https://webbrowsertools.com/privacy-
test/](https://webbrowsertools.com/privacy-test/)
[https://panopticlick.eff.org/](https://panopticlick.eff.org/)
[https://tenta.com/test/](https://tenta.com/test/)
[https://dnsleaktest.com/](https://dnsleaktest.com/)

This page has lots good info on this topic.
[https://browserleaks.com/](https://browserleaks.com/)

------
Traster
>It’s a lot — I get it — but the net result is that you, dear reader, get to
read our content without a paywall.

I'd love to examine this. Podcasts for example, have almost none of this
tracking (as enforced by Apple) and no pay wall. And frankly, since journalism
costs pretty much however much you're paying your staff I'd love to see the
argument for how much the CEO of vox gets paid when compared to the cumulative
loss of privacy and self-determination that their readers have suffered.

~~~
shostack
Podcast tracking is improving, but not super useful yet in many cases. It
works best for advertisers with high LTV products that can be tracked via
coupon codes or memorable vanity URLs. A lot of advertisers actually shy away
from them because they try to charge high CPMs without great tracking, which
is important when their reach is so low comparatively so other statistical
methods aren't as useful for measurement.

------
f2000
tldr; Everything.

------
egdod
JavaScript is cancer and should be disabled whenever possible.

~~~
cies
In the browser it kinda is. Unless the web app/site is opensource and allows
everyone to study it, then it is a benign cancer I guess :)

Server-side JS is, well, just an inferior choice IMHO. But that's down to
taste or the task at hand. But server-side it sure is no cancer.

~~~
egdod
Oh I have no problem with it on the server. But 95% of the stuff that tries to
run in my browser is garbage I don’t want. 90% of it is garbage _no one_
wants.

