Hacker News new | comments | ask | show | jobs | submit login
To opt out of Facebook’s tracking, I’m going to have to join Facebook (wired.co.uk)
78 points by Jaruzel 10 months ago | hide | past | web | favorite | 66 comments

Some of the scripts loaded by Wired when you access this article:

> http://ads.rubiconproject.com/header/11644.js

"Rubicon Project, the digital advertising infrastructure company, is on a mission to automate buying and selling for the global online advertising industry"

> https://tags.bkrtx.com/js/bk-coretag.js

"BlueKai is a cloud-based big data platform that enables companies to personalize online, offline, and mobile marketing campaigns"

> https://www.google-analytics.com/analytics.js

"Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic."

> http://b.scorecardresearch.com/beacon.js

"Through our global research efforts, ScorecardResearch collects data that assists companies around the world in providing products and services that better meet the needs of consumers"

And of course:

> http://platform.instagram.com/en_US/embeds.js

"Instagram is a photo and video-sharing social networking service owned by Facebook, Inc"

> http://connect.facebook.net/en_GB/sdk.js

It's Facebook.

As some consolation, I'll note that the article is completely readable with JS disabled.

The Web has become unusable without uMatrix.

...or regular uBlock Origin in 'expert mode':

Check 'I am an advanced user' in the settings, then click on either 'requests blocked' or 'domains connected' in the drop-down to access dynamic filtering. Block everything third-party by default by clicking in the right side of the second column. Load a site with lots of third-party content, disable the block (by clicking in the middle of the third column, greying-out the block) for only those things which seem to be essential to show page content and you're done.

While not as fine-grained as uMatrix, uBlock Origin generally is the quicker way to go from 'empty page' to 'only the content I want' on sites which, without blocking, are tracker-ridden dark-pattern hell-holes.

"unusable" is a very extreme word for this.

Not really, it is as unhealthy for your personal integrity as waste water is for your physical well-being. Both can be made palatable by filtering, neither of them should be used without treatment.

"Unusable for the privacy-aware" does the job

Privacy issues aside, it has a noticeable effect on battery life.

Not to mention performance and usability.

I never bothered with uMatrix until I picked up a cheap computer to use while traveling. Firefox was borderline unusable without it.

"unpalatable for the privacy-aware"

Firefox on one of my older/slower computers was borderline unusable on some sites before I installed uMatrix.

"Unless I go full tin-foil hat, you’ve basically left me with one option. To opt out of Facebook’s tracking, I’m going to have to join Facebook"

Or just wait until May 25th and send them a GDPR Subject Access Request. Seriously, Facebook's GDPR team must be having kittens.

I'm a US citizen and live in the US, but I'm going to tell FB that I live in the EU and must be protected by GDPR. Hope it works!

The trick is to do this before FB collects enough data about you to know that you are bluffing. Hope it is not too late for you!

(Maybe "an EU citizen living in the US" would be more credible; at least not immediately contradicted by your IP address.)

I've thought about that, but doea GDPR give Facebook the legal right to decide whom it covers based on user data?

Many European expats will have similarly US-centric data. I just don't know that Facebook can (or will be allowed to) determine my true citizenship.

What about becoming an e-resident of Estonia?

“ Although e-residents receive government-issued digi- ID’s similar to those of citizens, e-residency does not confer citizenship, tax residency, residence, or right of entry to Estonia or to the European Union.” – https://e-resident.gov.ee/faqs/about-e-residency/#about-e-re...

Every time I pose this question people seems to have a knee jerk reaction that no, it wouldn’t work.

But in my mind, that could easily end up being an issue for the (EU) courts. As a matter of disposition and policy, I see no reason why the EU wouldn’t want to fine Facebook for as much as humanly possible. I’m half tempted to apply for e-residency just to see what happens. It would be interesting if nothing else!

FB probably knows where you live.

Is there ever going to be a way in this world today that one can simply not be tracked? I feel that most every device you use will have some company or another tracking you. I'd love if people could post some ideas around this.

I've done the (becoming) standard uBlock, uMatrix (which makes most sites unusable until you tweak it), setting up "do not track" and "no cookies". Using private browsing with TOR. It doesn't seem like any of this is enough to prevent someone that seriously wants to track you.

So what are the next steps?

The fact that uMatrix make sites unusable is a problem with the sites, not uMatrix.

My view is that if you (as a web developer) require code to make something on your site work you should host it yourself as part of your site. If you don’t host it, you actually have no idea what code is making up your site and won’t know if it changes because the third-party hosts will not play into your change control process.

This is how Best Buy was compromised recently - they used 3rd-party code on their site that got changed from under them.

Please tell that to all the people that host websites with Google Fonts. Block those, and the entire website seizes to work. Seems a little ridiculous for using a nicer font.

My uMatrix configuration, which I'm pretty sure is mostly default, allows Google Fonts by allowing the CSS to come through.

What really drives me nuts is playing JavaScript Whack-A-Mole just to read some text. Trust me, you don't actually need an AJAX call mediated by something hosted on code.jquery.com just to display a bunch of text and images. Web browsers have been able to handle that since before JavaScript existed, and they can still handle it today.

I personnaly host all my data: * I have my personnal email server * I use nextcloud to synchronize my contacts, calendars and file * I have a XMPP server and manage to convince a few people to use it * I host my own VPN that I use from all my devices * I use searx for searches with no google, bing, yahoo behind

I try to avoid using any services that try to analyse my behaviour (so no music service like spotify, no video service like netflix, no social medias, no closed messaging service...)

I use ublock on my browsers in paranoid mode (block all third parties and having to whitelist what's needed for a website to work)

My phone is an android on which i've installed lineage with no gapps and i use fdroid to get apps

All this is a pain to manage (at least i learnt a lot managing all this) and can't definitely be done by people who are not interrested by the technical side

It's also quite restrictive and definitly cut myself from a lot of friends.

I still find it worthwhile though and am not interested in stopping hosting my own services.

For me the main issue is that the web isn't privacy friendly at all by default, trying to make it so is not easy and is not something my parent, for example, can do, even if they want to.

Right now Facebook is under the spotlights, but it's the scapegoat of a whole data business.

I don't know why I should trust twitter with it's tracking buttons everywhere. Why should i trust CDN that centralise queries from a lot of websites. Why should i trust all those services plugged into websites?

My feeling is that it can only be solved and usable by non technical people by having standards for a specific need and that does not allow this level of tracking rather than continue developping "everything" standards that HTTP, HTML, JavaScript and CSS are becoming.

If the concern is them tracking you for advertising purposes, why not simply train yourself to reject all ads (blocking the most intrusive ones with adblock)?

And then when you really decide that you need something, use all that privacy contraptions you are using currently to try and find what you are looking for without fear of being manipulated.

That's what I've opted for anyway. Am I missing something? Perhaps spam calls are a problem in this case, but I've never gotten it yet thankfully.

I already block as much ad as I can (i use ublock in browsers for that), but tracking goes further than just ads unfortunatly.

I use my VPN for 2 reasons: * host some services at home behind a non static IP * my ISP "steal" ip addreses to implement country-wide website blocking, which mean that their own routing can't be trusted

I use my own DNS server also because: * of obvious tracking reasons * the same ISP leak data to yahoo when a domain can't be resolved (which means that it's a lying DNS server that can't be trusted neither)

I just meant that I'm using is what I consider to be an acceptable solution to browse the web, but those are incredibely complex for the sole purpose of having a bit of privacy...

And most of it has quite a limited effect to be honest.

Having your own mail server for example is a bit useless since most people uses gmail, hotmail or something as bad. In the end, the main benefit is having providing yourself a better service than those...

I still find the exercise of having control over as much data as possible quite interesting though.

Some ideas:

- Developing/using an open source, privacy minded smart phone. - Use cash or a vanilla debit card that doesn't track you. I was shocked that after I buy a very very particular and specific item at Walmart, I see ads all the time. I believe even Walmart is selling data to advertisers. - Ask representatives to improve privacy laws.

I think on your first point there is something in the works: https://puri.sm/shop/librem-5/ -- if you don't, unlike me, use your phone for lots of things (like banking, work apps) that won't be developed for this platform, it might be an interesting option.

All the major retailers/credit cards/reward cards do. Acxiom is the big player that buys this data (to resell to ad networks like facebook)

Or an "outdated" platform like (pre-android) Blackberry or Windows Phone

If you're going to run outdated platform, at least choose Maemo :P

It's all about having a layered approach. No single thing will completely protect you, and especially if you are being specifically targeted then you're basically screwed, but it's similar to putting bigger and better locks on your doors. If a trained and experienced burglar wants to get in your house, they still will. But the hope is you make it difficult enough that they don't bother trying.

This site is far from perfect, but check out privacytools.io if you're looking for additional layered options for every service and app you use.

I don't think it's mentioned on there but I would recommend setting up a pihole for good overall protection for your entire home network. Again, it isn't going to stop the government or someone else from really monitoring you. And it's just an additional layer. But it's a really easy way to block advertiser tracking for every device on your network.

Using a usb-live disk distro built from the ground up to be privacy first (i.e. tails) would be the next step up the “trading inconvenience for increased privacy” ladder.

Hmm what about setting up 3 VPN servers in the cloud for your devices and have your router randomly connect traffic to them? Ie individual sessions stay on one VPN but new sssions are assigned randomly chosen vpns.

This would probably do nothing to the invisible pixels and other stuff though.

For me, the one thing that really worked well is setting up a blocklist (basically pointing "bad" domains to and using dnsmasq to use that list. I've setup a cronjob to update the list daily so it was basically a one time step. I don't have metrics but overall loadtimes are much faster. Of course, this is limited to my PC so I'll have to set it up on my router for all devices at home to benefit from it (and even that doesn't take care of browsing experience outside home).

I like this approach. I'm using gasmask to help manage my hosts file: http://clockwise.ee/

Fight back. Start blacklisting companies that use such tactics and then boycott the shit out of them. You don't have to go after each and everyone, just the big ones to make a statement.

The thing is though that most people don't care. Or to be more precise, they don't know enough to care. Apart from the HN community I haven't seen anyone else bothered with all this FB/CA clusterfuck. I've even read journalists who think that it's ok for FB to track you since they give you their platform for free. So basically it's just us against everyone else and frankly I don't see this going further.

A fundamental problem is that there are no, or at least vanishingly few, unbiased parties left to report the reality of the situation to lay people. Journalism is near-universally funded by the same privacy invading advertising systems that they would be criticizing Facebook for building- and that’s putting aside the direct dependence companies have on Facebook itself.

Journalists aren’t stupid, they know what hand feeds them, and they are strongly dis-incentivized to call too much attention to the fiasco of advertising driven monetization models.

On the other hand, FB and Google take 80% of online ad spending so traditional online media have every reason to stand against them.

They're already reading your thoughts from space anyway.


Stop using these services.

What strikes me the most is how impotent many of us feel in resisting being tracked and profiled so extensively.

I love this quote: "then you have made a desert and called it peace"

Originally from Tacitus: "To ravage, to slaughter, to usurp under false titles, they call empire; and where they make a desert, they call it peace."

I see a lot of complaints about tracking but has anyone proposed an alternative? These products have to be paid for somehow so how about a subscription fee to not be tracked by them?

For example, I'm sure my search data is less to Google than Google is to me. How much would you consider reasonable for their service? $50-100 per year would seem reasonable to me - I'd pay that for an ad-free non-tracked experience. This might actually be good for them, because I'd finally become an Android user - my main concern is my privacy as I use the Android platform.

They could hire an independent company to regularly audit this and make a report to prove that they are not tracking people who subscribe to the service.

I'm sure there are flaws with this idea but is anyone actually discussing an alternative to tracking? We simply cannot expect a company to offer any product for free.

> I see a lot of complaints about tracking but has anyone proposed an alternative?

Traditional advertising sold based on the audience you provide. It works well.

> non-tracked experience

You can use DuckDuckGo today to reduce your exposure to tracking:


I have tried DuckDuckGo in the past and it's pretty good but it doesn't quite have the reach or relevance of Google, at least for the topics I tend to search for.

But perhaps this is because Google tracks me. When I search for "private variable" it knows I'm likely referring to C# as opposed to Java and shows an appropriate result. When I search for "supermarket london" it knows I'm referring to London, UK and not London in Canada.

So perhaps after thinking about it a bit more, what I want isn't feasible.

Depending how long ago you used it, you might give it another go.

I spent a while trying and failing to use DDG reliably. Then I took a second pass a bit later, the results were only a little worse than Google.

Then over time, I found myself using the !g command to double check DDG less and less.

I did a !g search for the first time in several months yesterday, and laughed when I saw how much worse Google’s results were.

Try it for a month. You may find out that you’re just used to a particular way of searching Google. Maybe DDG will offer you something better once you get a little familiarity.

In particular, I find technical topic searches to be head-and-shoulders better with DDG than Google.

OK you've convinced me. I'll give it another shot.

Edit: I just actually forgot how to list a directory in C# so I ran my first query:


It has a code sample right at the top. That's one better than Google right there!

Duckduckgo results leave a lot to be desired. Startpage proxies Google for you so you get Google results from an anonymized request.

Patreon, Flattr, Brave, etc. (many others that I'm forgetting in the microsubscription space) are the proposed solutioms

Just because you're paying someone, it doesn't mean you can trust them with your data. If you put it online, expect someone to use it in a way you don't approve/know about. Even with auditing you can't be sure, it's only prudent.

Also, me and many others would never pay for online services like search and social media. I'd rather give up my data and use it for free. These services just aren't worth it to me. Probably not a popular opinion but it is true.

It feels a lot more powerful to have a contract that is audited than the current situation. At the very least a class action lawsuit can result if it is broken.

I'm sure many do not care about paying for search and social media, and that's fine. I'd say it is a popular opinion actually - most of my friends who are not involved in technology don't really have a proper grasp of what all the fuss is about.

You would need to do that with every service though. Have air tight EULAs with every service, audit every service, sue every service... I still wouldn't trust it, malicious actors, acquisitions and more all could compromise your data eventually.

There’s an IT news website in France that proposes that for years. You can pay as small fee (monthly or yearly) and get no more ads and tracking cookies.

It’s working, and they can produce quality content (they also have other submission plans where you get premium content)

I've seen a few suggestions that perhaps this should be a public service, possibly falling close enough to the remit of PBS (or the BBC for UK folks) to be run by them. Not everything needs to be run by a for-profit company.

Face it y'all, privacy is dead. Sure, GDPR and the current FB outrage will result in some new rules, legislation, etc. Perhaps we'll all have to opt-in for certain data tracking activities. Maybe the way our personal data flies around the internet will be a little less obfuscated. But we live in a digital world and it's very easy to track every packet of data we send and receive. And because we can do it, eventually we will do it. The new standards we setup may give us a false sense of control but, over time, apathy and convenience will lead us back to about where we're at now.

Agreed. Privacy is dead simply because privacy is something that other people give you, and the web has very very clearly indicated that it, as a whole, has no interest in giving us privacy.

All that leaves is secrecy, so we'll have to live with running blockers of various kinds, in a shitty arms race with the web people who want all the data they can get their grubby little hands on.

Fuck the web. It was one of the last truly successful open protocols from the early era of the internet, and it's turned out to be one of the worst (not just because of all the tracking, also because of the insane attitude of web people that it should try and compete with native applications).

> also because of the insane attitude of web people that it should try and compete with native applications

To be clear, the cause of the rise of the “web application” was that there was no other cross-platform, automatically updating, mostly standardized and stable application platform available on every device.

Simple economics demand those features from an application platform, but nothing else offered it. Not Java, Flash, QT, nor any of the mobile native app platforms.

Web apps are the “least bad” solution that meet those critical requirements. And they will never die because of it.

The web barely offers the things you describe. The platforms vary so widely in terms of display and input hardware, the standards change so much and are implemented with enough quirks/incompleteness, that it's really not a stable platform.

What you actually end up with are apps that are really hard to test, very poorly integrated with 100% of the platforms they are used on, hard to find and difficult to use if your connectivity isn't consistent.

And it's only going to get worse as WebAssembly really takes hold.

Web apps I wrote back in 1998-99 in Classic ASP are still in productive use at a few companies.

The only real maintenance has been OS and SQL Server version upgrades.

How is that not “stable”?

What are the best Chrome/Firefox tracker blockers for Facebook? I've been using Facebook Disconnect:

Chrome: https://chrome.google.com/webstore/detail/disconnect-faceboo...

For Firefox: https://addons.mozilla.org/en-US/firefox/addon/facebook-disc...

Safari: https://disconnect.me/disconnect

I hate Facebook just as much as the next guy (hey, maybe more), but I suspect Google analytics is present on a lot more sites than Facebook tracking. It's cool right now to hate Facebook, which is why stories like this are getting clicks.

People who opt out of it and then rant about it on the internet are kind of like kids hiding in the bushes yelling "you can't see me!"

The bigger question is why have we created a society where cynical ruthlessness is not only adaptive, but also the object of repeated and widespread praise.

Dear Mark,

I hate you because you’re rich and I’m not. Also, it’s the cool thing to do right now, and I have to make money somehow, after all.


The Bandwagon

Just generally stop with the personality cult bullshit, both positive and negative.

As much as I think the best thing that could happen to FB is to just vanish, I can't "hate" this guy I never met who never ever seemed happy and now just looks tired. I doubt the author does, either. So why lie about it? That's both kinda pathetic and predictably unhelpful. It's not like the article doesn't contain information, but that framing sucks.

There's a lot to be said about the actions and words of Facebook as a whole, and of Mark Zuckerberg, but it does more harm than good if it's with the intent to make it about Facebook and Zuckerberg, instead of those things no matter who happens to do or say them, and our responsibilities not just in response, but in action rather than just reaction.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact