Hacker News new | past | comments | ask | show | jobs | submit login
Stop Datamining Me (stopdatamining.me)
197 points by known on Dec 18, 2018 | hide | past | favorite | 92 comments

The absolute irony of this site's privacy policy.

> Service Providers. We work with third parties who provide services including but not limited to data analysis, order fulfillment, list enhancement and other administrative services. We may disclose personal information to such third parties for the purpose of enabling these third parties to provide services to us. Such services may include: marketing distribution, email list management services, advertising, certain product functionalities, customer support, web hosting, customer data management and enhancement, fulfillment services (e.g., companies that fill product orders or coordinate mailings), research and surveys, data analysis and email service.


They're mining that no-data-mining market. That's a good market!

It really must be. Because for some reason all big companies are hell bent on tricking even the 0.001% power users that actually care by constantly overriding options and nagging people until they accidentally click the wrong thing that one time.

I have no idea what they expect to gain by infuriating that group.

The anger dollar. Huge. Huge in times of recession. Giant market. They're very bright to do that.

https://youtu.be/tHEOGrkhDp0 ? (profanity warning)

They're the best, absolutely tremendous work, amazing people. Make privacy great again!

Reminds me of that one quote attributed to everyone under the sun: Honesty, if you can fake that you've got it made.


This has got to be a joke. Hasn't it?

It looks more like they copied and pasted a generic privacy policy

uBlock Origin is reporting that it's blocking scripts from facebook.net and google-analytics.com as tpxl mentioned in a sibling comment thread

Maybe just one of those "all-encompassing" privacy policies that 'privacy policy generators' spit out?

Loads javascript from google-analytics.com and facebook.com. Please do, in fact, stop datamining me.

301 Redirect Permanent -> https://cant.stopdatamining.me

Gives me a Privacy error on chrome. >.<

This server could not prove that it is cant.stopdatamining.me; its security certificate is from *.gridserver.com. This may be caused by a misconfiguration or an attacker intercepting your connection

Looks like they just have a wildcard subdomain setup, https://asdfasdfa.stopdatamining.me also loads the same site.

cant.stopdatamining.me uses an invalid security certificate. The certificate is only valid for the following names: *.gridserver.com, gridserver.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

Can't tell if I sense sarcasm or not? Too many folks "talk" about how they're so against data collection, mining, cookies, etc. but use these same tools on their own sites/apps.

Is there a search engine that penalizes or pages with advertising and trackers on them that cross certain lines (e.g. I think "fair" ads are conceivable, and local analyticsa are fine)? Because I think adblockers are nice, but boycotts are nicer, and such a search engine could be a good way to surface alternatives maybe.

Use a browser addon like Ublock or a physical network device like PiHole to block trackers

I think you missed the point.

No, you are responsible ultimately for what information you reveal or don't.

It's all good having some big behemoth like the EU laying the smackdown with GDPR for companies and sites but that shouldn't mean you let your guard down and expect all sites to follow the rules.

I don't need to care about trackers because I am blocking them pro-actively.

I am the GP poster.

I have NoScript installed and temporarily allowed domains because I wanted to see if a website about stopping mining mines its users.

However, I agree with you, people need to stop downloading random (potentially malicious) javascript and executing it. Getting your info stolen is someone elses fault, but your responsibility.

I think you mean ultimately here, penultimately means last except for one (so that there is someone that is even more responsible than you for the data you reveal or not)

Edited, thanks

That's all very true and still misses the point.

I'm sure you meant uBlock Origin

Additionally, you can go a step further into the Privacy mania and install NoScript (JavaScript blocker). In my experience you only need to unblock 1-2 script domains on every website to make it functional.

uBlock can block javascript too. No need for another addon.

Except that “uBlock origin” is maintained by the OG developer and “uBlock” (of ublock.org) is a now filthy ripoff owned by some greedy dickhead who OG developer trusted with control over the original repository.

So yeah you only need one of them but I’d stick with the OG “origin” one.

I meant if you have uBlock (origin or the other thing) you don't need noscript-addon, because uBlock (both origin and the other thing) can block javascript. Sorry for confusion.

A site that claims to be "...the central source for consumers to learn what kinds of information data brokers have about them and how to exercise their opt-out choices" arguably shouldn't itself do data mining. Or should at least be clear about what it is doing with the data that it collects about you.

So would anyone pay for a service like this that acts like an attorney and actively contacts companies for insight into the information they store on you and requests for removal? Included in the service would be class-action suits and other litigative measures. We could introduce a free tier to find out if X companies store anything and a service if you want to clean up. Like legal insurance but then only for data.

Just from personal experience I’ve spent time opting out of these collections in the past. To include, people search websites only to find my information resurface months later. I think this may take constant monitoring. I’m not sure the mechinism that is used for data to be added after asking for opt out/deletion

If you can get judges to rule on costs in favor of the plaintiff (quite usual in my EU jurisdiction) then there quickly arises an incentive for cooperation. All you need is a few high profile wins. Those companies would probably start sharing by default and / or taking opt-out more seriously after that. "It's your data. Fight it!" (How's that for a slogan. And I know it's not grammatically correct.)

It's analogous to the operation of those lawyers asking a few thousand euros for unlicensed use of pictures. That's legit as well here. Legal reverse GDPR extortion. Gives us insight into these customers, who've given us power of attorney or we sue. Lose and pay our bills. Win and we are done and the customers pay a much smaller fee (a person, but hopefully adding up to a reasonable fee).

> judges to rule on costs in favor of the plaintiff (quite usual in my EU jurisdiction)

Please correct me if I'm wrong but I think your costs are broader, include attorneys fees, and are therefore different from US costs. In US courts the prevailing party defaults to including costs when preparing the judgment order (parties do almost all of the drafting in US courts) but "costs" is taken to literally mean court costs as in filing fees and a very limited menu of closely related expenses such as costs pertaining to service of process, court clerk photocopying charges, and the like.

Yup, broader costs. Losers often pay quite a substantial part of the legal fees of the winner. A comparatively extreme example: in liability cases with injuries, the judge will often allow quite broad legal costs (about 25% of total claims is legal costs). It's an extreme example since registered attorneys cannot work on that basis, but goes to show that substantial costs to the loser does happen.

Thank you

I don't think I'd subscribe, but I'd probably pay about $100 for my dossier and a universal opt out.

Isn't the problem that the ad network(s) would have to extract a fairly high price from us to sell such an opt-out? More than they'd estimate they could make from us... I'd bet it would have to be calculated based on what they've got on you already (so in that sense having been using an adblocker might make you less valuable and thus cheaper for you buy your opt-out).

I would pay a third party opt-out enforcement service, but I would not give a single thin dime to actual advertising companies in exchange for an opt-out, nor would I pay a third party service if they're going to pay such advertisers.

But a lot of them have opt-outs already, which are presumably free. I think we're talking about the just the convenience cost of exercising all of them on my behalf.

I would pay for this, and I'd be willing to pay something approaching professional fees for individual attention, followed by a maintenance/insurance fee like you describe.

Things I'd need (as someone protected by GDPR):

1. strong privacy guarantees on your side

2. transparency about the process and techniques used

3. regular feedback

4. attention to data brokers, but also to anywhere else my pii might be on the internet, which could include shutting down e.g. old accounts on random shops

5. visibility into hacked data dumps (like haveibeenpwned, but for arbitrary information)

I'm pretty sure my information is spread all over at this point, but I'd like to get a handle on how big that spread is and to contain it wherever possible. I'd like to have an idea of how hard it would be for someone with some partial info e.g. a phone number, to determine my name or address.

This kind of service is something that I'm looking for now. I suspect that something like this already exists in "reputation management".

I would, provided I trusted your service to both deliver on its promise and to not itself keep my data (which it requires to opt me out).

I'm surprised some privacy-focused angel (they must exist) hasn't already done this. If I have $10M to play with this would be a great way to spend it for the public good.

I would, if doing so was actually effective.

I would.

subscription based lawyers

Seeing this list and its mix of Email / Phone / Fax / Web systems - and this is only for 50 companies - makes you realise why GDPR-like regulations are needed!

It has always rather irked me that seemingly the only way to stop people from datamining you is to give them more information. Many web pages even specifically complain about third party cookies being disabled in the web browser, saying that they can't possibly honour my preference unless I switch it back on again.

I'd much rather just not hand out the information in the first place.

There needs to be a mechanism to tweak the signal-to-noise ratio. Either 1) stop interact with them and send 0 signal, or 2) have a browser plugin that just provides random interaction on a webpage and increase the the noise. The expensive targeting machines they've built become much less useful.

AdNauseam is a Firefox extension which clicks ads automatically.

While that seems like a fun idea, I'm not a fan of the permissions the extension requires.

Mozilla screams bloody murder about security and careless users, but then forces you to choose between "no extensions" and "extensions with unlimited permissions to see everything you do".

It seems sketchy at first glance, but then you pair that with what the addon is actually doing:

- Access your data for all websites (anything that interacts with ads, including blockers, will need this)

- Download files and read and modify the browser’s download history (these two items are single entitlement in firefox, and provides the ability for AN to store the images for ads it clicks on. You get this nice mosaic view of all the ads its clicked, as well as a running total how much click revenue you've burned)

- Monitor extension usage and manage themes (checks if any other incompatible ad blockers installed and notifies the users)

- Access browser tabs (I'm not 100% sure what this one does, but you've already given it full access to everything on every page anyways.)

- Access browser activity during navigation (Killing popups)

The addon itself is GPL3, so I think there's a very low likelihood of shenanigans here. Also compare and contrast with uBlock Origin:

- Access your data for all websites

- Read and modify privacy settings

- Access browser tabs

- Access browser activity during navigation

I've been told that without more people doing it, fuzzing your browser like that makes you more identifiable. Know if that's true?

Think of it like fingerprints (it is actually called fingerprinting). Every unique setting you make is a point that could identify you, even settings supposedly intended to increase your privacy. Much like adding a big burn mark to your fingerprint to actual fingerprint to mask its curves, now that big burn mark could be used to identify you even more than the original curves could.

I'm always surprised at how pervasive this is. Most frequently, I see it where you describe - with sites demanding that I sign in/up and disable all tracking prevention before they'll make even a basic effort to let me disable tracking.

But one of the ugliest cases is DMCA takedowns. For big companies, they're quick and easy and usually succeed even when they're completely unjustified. But for unincorporated people, issuing the takedown means providing your name and other personal information to the hosting site. And given that DMCA takedowns are the most efficient way to handle things like sketchy sites hosting stolen nude photos, it's basically a requirement to furnish them with the identity of the person pictured...

So do we have any proof that these sites actually honor the opt-out requests and don't simply add the information we had to provide to them to their dossier?

Profile: Doe, John

New Details: Hates data-mining.

> So do we have any proof that these sites actually honor the opt-out requests and don't simply add the information we had to provide to them to their dossier?

I don't know, especially for scummy people search websites.

However, I've requested a lot of disclosure reports and opted out of a lot of stuff, and I don't think I've volunteered anything the dataminer probably didn't already know. The real big names like Lexis Nexus and the credit bureaus have their tentacles in everything, so it'd be very difficult to hide your address, telephone number, and property information from them.

The requests that require emails or phone numbers have never rejected throwaway accounts or non-personal phones numbers I have access to. I think they mostly ask for them to impede bulk opt outs.

Dilemma: In order to remove my info I need to give them my info

Or just use the bulk opt-outs provided by the advertising industry organizations. The first is webchoices (the blue triangle you see in the corner of some ads, which allows you to report ads, see how you were targeted, etc.) and the second is the NAI (Network advertising initiative, a non-profit pushing self-regulation for advertisers.)



You can also see what types of data Oracle has on you. This doesn't include all of the companies they own though.


Before I can get to the opt-out page it loads a "Webchoices Browser Check" and it fails because I block third-party cookies? Is this a joke?

You opt-out by using third party cookies, what do you expect it to do without having access to that?

Opting out of tracking via first-party cookies. I mean the owner of a website could just share my page visits with an ad network regardless of third-party cookies.

I should write a bot to opt out every person in my state

The NAI opt out system is entirely worthless, though.

Care to explain?

Sure. It would be inadequate even if it worked as described -- having to opt-out from every browser and machine you use, and then again when you clear cookies? That's unmanageable.

But it doesn't work as described. Perhaps one or two companies might pay attention to the opt-out, I don't know, but I do know that it makes no difference that I can see.

Also, it does nothing to stop the worst of advertising's sins: tracking.

So, all in all, I consider it utterly worthless. It's far better and more certain to block everything browser-side.

Last I tried, half of those don't work.. :/

There are some rules to follow if you really want them to work. Opt out on all your browsers, opt out again after clearing cookies, etc.

> You may still receive other types of online advertising from participating companies, and these companies may still collect information for other purposes consistent with the DAAC Principles.

> https://youradchoices.ca/faq/#cookies-and-opt-out

What is this, exactly?

The "Take Control of your Data" call to action takes me to list of 'how to opt out from company X' which exists in plenty of other places, and I'd have to submit them myself. Nothing that goes into data usage, etc. Then there's the privacy policy as others have pointed out, and the analytics/facebook scripts.

There's no functionality or service provided that I can find. The blog seems to be retweets and noise.

Not sure how this got voted onto on the front page, it doesn't seem to be a legitimate thing.

Doesn't opting out cause a Streisand Effect?[1]. I mean, if you go out of your way to hide something it makes you even more interesting and you stand out. My own strategy for not having data collected on me is to compartmentalize and have various contextual identities across different services and never cross contaminate identities and never have all my personal info in one centralized location that makes it easier for the likes of Acxiom Corporation to profile me. I call it identity 'sharding'.

[1] https://en.wikipedia.org/wiki/Streisand_effect

Your strategy doesn't work, FYI. If you have /ever/ used the same device or network they are linked. If you've ever used a credit card across your 'shards', if you've ever logged into a service (especially gmail/fb) accross 'shards' then your identities are linked. You'd need entirely separate devices, networks, names, browsing habits, social accounts, etc. You might've lowered their confidence, but that has nearly zero effect. Cross-device graphs are exceptionally advanced.. all the machine learning/etc that gets discussed on hn is used to beat users like you. Oracle is one of many vendors who do this.



Also the first site’s opt out is a total joke. Provide all your sensitive PII so they can remove it from their system. No thanks.

If you scroll to the bottom you'll see that this is a lead generator for attorneys, who are notorious for using "advanced" advertising techniques. They bring in a hot lead, like this site seems well designed to do, and write a letter for $X+.00, and maybe repeat as whack-a-mole goes.

What if there were a browser plugin that would generate large amounts of fake data, and sent that to ads/analytics/trackers whenever they popped up, in addition to preventing the actual user's data from being sent?

AdNauseam Clicking ads so you don't have to


I'm sick of just knowing what "kind" of data people have about. I (expletive) want to know what people know about me.

Nice try!

The Equifax link leads to a form where you submit your social security number and birthdate. Cool.

Reminds me of those public "do not call" lists. Guess what - they get called more often.

The Canadian Do Not Call law actually publishes your number for political parties, pollsters, and charities giving them approval to call you. So, yes, being on the do not call list will actually increase the number of calls you receive.

I can't for the life of me understand why we don't yet have dual-consent calling. Your call should only go through on my phone if you have my number and I've added yours to my address book. Otherwise you should go straight to voicemail.

Emergency situations. "Sir, we found your wallet...", etc., etc.

So leave a voicemail. No one answers their phones anymore anyhow, because it's 99% of the time a spammer.

That's what I do. If a call comes into my phone from a number that isn't in my address book, it just gets sent straight to voicemail. My phone won't even ring.

The only reason I don't just drop the call completely is to cover situations where a someone not in my address book might be calling me for something important.

That has never actually happened yet, though.

There are apps that do this.

So Equifax is still out here data mining folks huh? :(

Someone make a form that submits to all at once

These just opt you out of browser options, cookies, etc. I'd like to see a tool that actually removes real PII from these co's databases. Know of a tool around that does it?

We need to update the fair credit reporting act with a data retention and opt out section for online activities. The key would be making the violations punitive enough that only crooks, and not these supposedly respectable corporations, would be willing to abuse.

Who is this person and what do they have to hide?

Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact