Quick note on this one. ETags have been used for years, but there is a court case from 2011 and before, speficaly noting this ETag technology as undeletable cookies. Was just a click away from the Wikipedia page. So I think anybody using it, would have an huge issue with the laws. Personally, I think the tracking pixels are more interesting to look at.
Ah, but using ETags to track users doesn't work unless JavaScript is enabled. As one who normally doesn't use JavaScript, I had to turn JS on then refresh the page to make this spying example 'work' (i.e.: track me).
As I've been saying for years, get rid of JavaScript and 90%+ of these privacy violations and other security breaches will melt away.
The trouble is we users have to suffer the brunt of this JavaScript 'disease' because it primarily benefits large commercial interests. If ordinary users get trampled upon as a consequence then that's just too bad.
Seems I've found yet another good reason to keep JavaScript turned off.
Yeah, I should learn not to post late in the night when I should be asleep (when I abbreviate, I often get into trouble). I didn't explain the other steps I take to stop tracking and there's quite few. Besides turning off JavaScript, these include plug-ins for ad-blockers, on-the-fly cookie-deleters and for the random changing of User Agent info among other things.
In addition, I use multiple browsers on both my PCs (usually 4) and smartphones (3) which—with the exception of one instance mentioned below—all are set by default to the following parameters:
- Location access — off
- Block 3rd party cookies — on
- Remove identifying headers — on
- WebRTC – off
- Clear cookies on exit — on
- Clear cache on exit — on
- Clear web storage on exit — on
Often before closing a browser—and depending on the sites I'm visiting—I'll manually clear the last three items above. (If I deem a site to be risky then I'll clear these items every few minutes or as soon as I'm finished with it).
Naturally, such action can break some sites, so to avoid this and or to save time I'll copy the relevant URL to another totally 'clean' browser specifically set aside for the purpose. For instance, I normally use Palemoon to browse HN but it's so loaded with protection that cannot be turned off quickly that it poses problems when posting comments (this level of protection means that sometimes I'm blocked from posting or that I have to refresh or renew the login info every time I want to do an edit, etc.). To overcome this I'll copy the URL into say a clean copy of Waterfox which still has protection (but it's minimal). This certainly overcomes any cache tracking (in fact you'll note this process effectively doubles protection against the cache tracking issue mentioned in the article).
Next, when internet activity has stopped for 10 minutes my machines are set to reboot the router/modem which gives me a new IP address when I next connect to the net. Moreover, my PCs upon start (and during router restarts) are set to only connect to the internet manually (i.e. the internet is essentially never connected to my PC unless I'm present at the machine).
I've been doing this with ongoing refinements ever since the early days of XP (then using Internet Explorer and Firefox as my original browsers).
At the time, it was a somewhat slow process to clear IE's cache on-the-fly so I put a link to its cache directory on the taskbar which gave me instant access to it. As subdirectories in IE were locked by the system, deleting them was performed by that wonderful utility unlocker, it'd kill the lot in a second or two and IE would have to rebuild a new clean set when it was next used.
Often, out of convenience, I'll simultaneously use multiple devices to browse the internet. Here, I'll use a smartphone's browser in conjunction with one of those in my PC. To save time typing a link on the second machine, the URL is 'copied' manually from one device to another with the aid of search engines (Duckduckgo or Startpage). As the smartphone and the router/modem each use different ISPs, there's no common IP address, hence tracking is made all that much harder.
Furthermore, my smartphones are rooted and I've deleted all their GApps, Gmail, etc. (BTW, I never use social media nor trust any of my files to the cloud). Also, I always use a firewall to block access to the internet for all apps except those that I've especially permitted (those permitted are mostly safe apps from F-Droid). The firewall is also set to automatically block all 'unknown' connections to the internet that act through various UIDs, 1000, 10015, etc. All unnecessary internet access is blocked not only by denying permissions but also by nuking 'receivers' and or modifying apps' manifests. Moreover, the only Android system app that I allow through the firewall is Downloads. Also, a utility manages the hosts file as additional bootstrapping protection (same goes for my PCs). The rule is simple—block any and everything from internet access, the only apps with access are ones I'm specifically using.
That's the brief explanation (there's more I've not had time to mention). I accept that my attempts at maintaining my privacy and blocking ads etc. won't be perfect for reasons too lengthy to explain here (except to say that those with whom I've contact on the net are likely to 'put me in' to Google (as they've usually Google accounts, etc.) and the same goes for Google's monitoring of my neighbors' routers to gather my SSIDs, etc [this nasty scam gives my location away and ought to be highly illegal]. BTW, I'm too lazy to bother suppressing the 'leaks' any further than this [i.e.: by killing visible SSIDs]; at this level of suppression I reckon it's not really that important that I grind the privacy granularity any finer.
The net effect is that going on for nearly two decades I've never had any hint that Google, et al, are tracking me with sufficient success for them to bother with me in any noticeable way (any info they gather will be essentially digital noise). Moreover, I never see ads on my either my PCs or smartphones! Again, I'd add that by far the most important procedure in taming the likes of Google, Facebook, Amazon, etc. is to kill JavaScript and NEVER, EVER use any of their apps.
Killing JavaScript also has other great advantages, the most of important of which is speed—the internet sans JavaScript is lightening fast. (If you want to know what else I reckon is wrong with JS then see some of my earlier posts on the subject.)
Of course, none of this should be necessary. That's why we need internet Mark-II — an internet that puts power and privacy back into the hands of ordinary users — one that puts these big tech companies in their rightful place and at our disposal—not vice versa as it is right now.
I don't understand what the relevance is (in the big picture) of any of the details in how web pages track people. As long as a server can return a page with arbitrary links, isn't that good enough? Any way at all that the page received shapes the next server access, is good enough for tracking.
1. From many users' perspective the perception is that tracking is an undesirable and or unnecessary feature that's crept into the Web over the past 20 or so years. It is undesirable because it violates users' privacy not to mention their autonomy to act independently without being watched and monitored. And given that most tracking is done covertly and surreptitiously it just makes matters worse. When new tracking method come to light (as with this cache tracking) users become depressed, these problems seem never-ending, we users feel as if we're constantly under siege.
2. Users were never asked about whether they wanted to be tracked or their privacy violated before these so-called spying 'features' were unilaterally introduced to the Web by powerful players—advertisers, web hosts and others who introduced the technology for their own pecuniary interests, inter alia. Even now, most PC and smartphone web users have little or no idea about how all encompassing and dangerous this technology actually is—as it's not in the interests of those who introduced it to overtly publicize the details.
3. As governments worldwide have almost universally failed to act with any degree of effectiveness to protect online users, there is still no consumer law that's specifically aimed at protecting end users from tracking harassment and privacy violations. This means that users themselves have had to take on this responsibility. Many have tried with varying degrees of success (unfortunately, they've mostly failed).
4. Years by year, users have found that it's increasingly difficult to stop themselves from being tracked and to maintain their privacy because the techniques used against them have become more frequent as well as increasingly sophisticated (as with this cache hack). Whenever users have a minor victory and succeed in thwarting hacks, Big Business responds with yet another. It's a David and Goliath problem, Big B. has huge financial resources that enable the further development of hacks and users little or none for the development of protection measures.
5. And as we know, this is only the beginning: Google's tracking ecosystem† also includes seemingly free Google apps with smartphones and PCs—apps such as Gmail, Google Maps and Google Earth along with many others that have been cleverly designed to be highly-addictive. This electronic heroin as I call it has now become so all pervasive that it has become totally indispensable to not millions but actually billions of people.
6. Even if they aren't au fait with the all the details, users are effectively at war with Big Tech over privacy, tracking and the mining of their data (and tragically it's a war that Google and other Big Tech companies have been winning for years).
I would have thought the relevance of my previous post would have been obvious, that is that this browser cache matter is just one small part of this much huger problem. As such, it cannot be isolated from the other matters that I raised therein. Moreover, listing the other matters was to bring to the reader's attention the extreme lengths that internet users have to go to if they want to escape the clutches of these behemoth online monopolies. Even if they do succeed then their freedom is likely to be short-lived.
__
† (One only has to look at how Google has used its overwhelming monopoly to track users and to violate their privacy, not only has it been completely successful but the way it's gone about it has meant that it has been diabolically effective doing so. Moreover, when it comes to tracking and extracting user's personal data, the Android ecosystem is conceptually and in practice a technical masterpiece without peer. It is unrivaled in its ability to collect massive amounts of data then deliver it all up to Google. The Android O/S is a watershed in operating system design as it includes paradigm-shifting technology that was specifically development by Google to ensure that it had total control over every aspect of users' smartphone data. Whilst I do not like the way it works to have 'control' over users' data, it'd be churlish of me for not to acknowledge Google's brilliance in developing it. The bottom line: Android has been and is remarkably effective for Google, it's brought in billions of dollars profit for the company.
Android was designed by lateral thinkers working at their best and it shows what can be achieved when billions of dollars profit is potentially in sight. Giving but one example, one cannot help but be truly impressed by how effective Android's 'transmitters', 'receivers' and 'broadcast' mechanism is [sorry, it's too detailed to explain here]. ('Tis a shame MS Windows isn't as sophisticated—but in a user-friendly way with more control given over to users.)
That said, Android is only just one part of Google's larger data collection operation, Google bootstraps the accuracy of its collected data by cross-referencing every aspect of it with data from a multitude of different sources. Just to mention a few, it data-mines its search engine and records who is searching and for what; it searches and collects data from its many applications including reading the contents of users' Gmail messages; and, as previously mentioned, it uses various nefarious tricks such as manipulating Wi-Fi hardware of my Google-using neighbors so as to determine my SSID with the view of determining my location, etc.—even though I'm not an active user of any Google service! Why you may well ask—well Google still needs to know about me, as information about my email address, location etc. can be used to, say, provide intermediary data which is used to link people who own Google accounts but who otherwise are seemingly separated and unconnected from each other. If I happen to know these people and I email them independently of each other then this is the only pretext Google needs to link them with the view of determining groups centered around these people, their interests and degrees of separation from others—and so on, and so on.
Nothing in all of history has ever seen the likes of this monumental surveillance system. Google now tracks personal information and indexes it for about a third of the world's population and it achieved all this without so much as a whimper from governments. No one in power ever seriously questioned whether this is legally or morally acceptable until after it was all in place and up and running. Now that ecosystem is too big to change let alone dismantle. A similar situation exists with Facebook. The implications of this for the world's population are truly enormous.)
https://www.extremetech.com/internet/91966-aol-spotify-gigao...