Hacker News new | comments | show | ask | jobs | submit login
Disconnect: open source extension makes the web more private, secure, faster (disconnect.me)
117 points by caio1982 on Mar 24, 2014 | hide | past | web | favorite | 76 comments

I like Ghostery better. It breaks less websites for me and provides more data on each particular tracker with a source link and a description for the company behind it. Disconnect just shows a title with a number.

It has a nicer and more functional UI. I like a popup on page load where you can instantly see what is blocked and what isn't. There's an option to "run once" a blocked widget on page, which can be handy.


From the article:

A Popular Ad Blocker Also Helps the Ad Industry

Millions of people use the tool Ghostery to block online tracking technology—some may not realize that it feeds data to the ad industry.

It's good to have alternatives, and I prefer Disconnect as Ghostery's motivations seem a little clouded.

Whenever someone talks about Ghostery, this is, of course, brought up. However, what isn't brought up that providing this data (GhostRank) is voluntary and I think it's disabled by default (but user is asked during the first time setup).

Whenever someone says that Ghostery own tracking is optional, one, of course, glances over a huge inherent conflict of interest behind Ghostery.

They make an anti-tracking product and they takes money from advertisers. That's their life blood, they need to track you, that's how they survive and it puts them in a very precarious situation. So trusting them to value your interests over their own is naive at best. If you are comfortable with the risk and the trade-off, good for you, but dismissing this as a non-issue is disingenious.

     but dismissing this as a non-issue is disingenious.
It is a non-issue if you have to opt in. Also, they make money off of GhostRank data by 'consulting' on how to better present ads to encourage selective turn-off of adblocker

I think Ghostery's motivations are fairly clear -- a viable business model.

I can't think of a clear business model for disconnect.me.

In any case, it's good to have a choice. People who are serious (who don't mind breaking everything) are probably using something like RequestPolicy to control cross-site requests. https://www.requestpolicy.com/

Can someone explain what this is? The front page tells me nothing and I can't watch the video right now.

I wish this trend of using videos instead of text would end soon.

There are two plugins they currently offer. One blocks sites from tracking you, while the other allows you to search using your favorite search engine with added security (no ip logging, more anonymity, etc.).

For more information checkout the Github project page for each project below.



I recently tried to switch from Ghostery to Disconnect. It was basically a wash in terms of frequency of broken pages. However two things did bother me a little:

- The default settings had Disconnect fighting with HTTPS Everywhere and caused resource contention in Chrome. Please follow the Unix philosophy and just recommend users install HTTPS Everywhere instead of having a naive implementation embedded in your unrelated product.

- It was unintuitive that the number incremented on the button is the total number of requests and not the number of requests blocked.

I look forward to the days that these types of extensions work well enough that I can install them on my parents computers and not have to worry about pages being broken, but them still having their privacy. Keep up the good work.

When you say 'it was basically a wash', it is not clear what you mean. Which one breaks more pages?

I didn't think that this would be so hard to find:


n. 13. Informal An activity, action, or enterprise that yields neither marked gain nor marked loss: "[The company] doesn't do badly. That is, it's a wash" (Harper's).

Thanks, I don't use this phrase, so it was confusing.

I think it means that there is no clear winner, they both break about the same number of pages.

As these become more popular we shall see a return to server analytics. Time to install AwStats...

I wish more people used server analytics. Less privacy risk to the user, along with a faster and less congested internet connection...

Agreed, I'm perfectly fine with the site I'm visiting collecting info like IP, user agent, etc. but not with the idea of some centralised entity doing it. (That's also what I do with my own site.)

I often find that Disconnect can be overly aggressive in the parts of a page that it blocks. When something is amiss when using a webpage whitelisting the site in Disconnect usually fixes the problem.

This also happens with Ghostery and to a lesser extent, Adblock. I switched from Ghostery to Disconnect and have found Disconnect to be a little better at not breaking some sites.

The worst sites I've ran into while using Ghostery/Disconnect are the ones that have a Google Analytics action tracking code in the middle of their Javascript methods (since the addons block GA) so the entire site/app fails to work.

Developers need to start testing their sites with these addons more to make sure silly errors like that aren't done (some optional tracking request failing to complete shouldn't make an entire app fail).

Wait developers should test extensions that make arbitrary changes to their javascript? That doesn't seem reasonable.

I’m the developer of Disconnect and agree with you, but …

To back up the op and gp, I’m seeing more and more sites that don’t degrade gracefully when their analytics service doesn’t load. I do think devs should check that their site still works when non-essential services fail to load because, even when the user isn’t running Disconnect or a similar app, this scenario is bound to happen — e.g., when there’s a network issue somewhere.

As the developer of Disconnect, if you're removing chunks of functionality the site developers expect to be there, you should be doing it in a way that doesn't break that functionality so absolutely.

You could cloak the cookies so they're pageview specific. Or inject your own functions in place of the ones that are being blocked.

Whether analytics is an essential service or not is a pretty up in the air question.

What? Do you really believe that your website should grind to a halt if a 3rd party analytics service isn't available?

No. I'm suggesting that if you're writing an extension that changes the way javascript works across the web, you should do it in the least intrusive and breaking way possible.

An extension like this changes a javascript load error from a once-in-a-while event to a happens-all-the-time event.

I can't imagine a situation where you need to know analytics are being consumed in order to give users the data they want (unless the site in question is itself an analytics site).

To allow / cause your site to break when analytics aren't served is, in essence, attempting to enforce an unspoken contract between gathering user info and serving them data.

As far as I'm concerned, a site that doesn't work when analytics aren't served is a site I will literally never use.

Many companies consider controlling essential to do business.

But even if you disagree, you would do end user support a huge favor if you could mention that "It alters the webpages you visit and may break them." next to the download button.

Not a bad idea, but I'm thinking that most folks who are savvy enough to install Disconnect, Ghostery, NoScript, etc. are going to be aware that "stuff might break."

NoScript: yes. Disconnect and Ghostery: no.

An online article, friends or family send people to Disconnect and they click the install button. After that it protects them by "disconnecting" from "tracking sites". I promise you most people have no idea how it works. Don't believe me, try it: if you see a normal person using Disconnect let them explain to you what it does, how it works and also ask what the Disconnect visualizer says about who is sending data to whom.

I would never, ever, spend time testing something that changes my code. Today it changes it one way, tomorrow another.

That's like trying to replace the screen on your phone and then complaining that it doesn't work and that Samsung/Apple should test their devices with your screen installation skills.

According to addons.mozilla.org, Adblock Plus for Firefox has almost 20 million users. You would "never, ever" perform tests using popular browser extensions that have tens of millions of users? How does your co-founder/employer/client feel about your position?

I'm my own employer and I'm doing pretty well/decent.

I would rather spend my time making what I have better rather than fixing bugs caused by someone else.

Pretty sure that is number of installations. I've installed Adblock more than once but got rid of it quickly and never use it now.

If a resource fails to load, do you not care about that also?

Indeed. I think I first installed Adblock because b.scorecardresearch.com was consistently the slowest element on a page, and it was somehow quite annoying (don't recall).

(Of course I now have no idea if they ever improved performance)

Blocking on analytics loading could be intentional.

I am using StartPage https://startpage.com/ as my search engine and am very happy with it.

They essentially redirect your search query to google and return you the result. But they don't collect your IP nor anything else. https://startpage.com/eng/protect-privacy.html

Neat, and idea id there is there something like this that retains Google's handy features and also doesn't look like something from the nineties?

My browser is always started in incognito mode, I open Firefox to do something in an authenticated way (posting something on HN, accessing my bank account, etc.) but normally, Firefox is always closed.

     $ cat /usr/share/applications/chromium-browser-incognito.desktop
     [Desktop Entry]
     Name=Chromium Incognito Web Browser
     GenericName=Incognito Web Browser
     Comment=Access the Internet
     Exec=/usr/bin/chromium-browser --incognito %U
     [NewWindow Shortcut Group]
     Name=Open a New Window
     Exec=/usr/bin/chromium-browser --incognito
     [Incognito Shortcut Group]
     Name=Open a New Window in incognito mode
     Exec=/usr/bin/chromium-browser --incognito
     [TempProfile Shortcut Group]
     Name=Open a New Window with a temporary profile
     Exec=/usr/bin/chromium-browser --temp-profile
I think this idea is coming from Ian Bicking[0], but I can't find the reference any more and it has been years I am doing this.

[0]: http://www.ianbicking.org/blog/

Has anyone seen a guide that discusses which browser settings and plugins complement one another? Or which ones to use in different scenarios, e.g., I know what I'm doing, I don't mind if things break on occasion, and I'm willing to spend a lot of time training my plugins (so NoScript and/or RequestPolicy would be recommended) vs. I'm setting up a computer for my parents who aren't tech savvy (so maybe Disconnect or Ghostery, plus....?).

This comes up a fair amount on Hacker News and in http://www.reddit.com/r/Privacy and I've seen plenty of posts and guides like https://prism-break.org/en/ and http://www.logicalincrements.com/firefox/ that just list a bunch of plugins. What I'm looking for is a set of use cases.

How is this different from Ghostery? (https://www.ghostery.com/)

I use Ghostery, but I believe it has been chided in the past for its 'GhostRank' feature (which, to their credit, isn't on by default).

This is anonymous usage tracking of the trackers encountered which is sold to businesses to "help them market to consumers more transparently, better manage their web properties and comply with privacy standards."

I would like to see more of a comparison of 'effectiveness' of both extensions though, if such a thing were possible.

The other issue with Ghostery is that it doesn't block by default and you even need to go to advanced settings to tell it to block new trackers by default.

OK so after you turn off GhostRank and block all new trackers by default, how is it different?

You can achive a lot of this without using any browser extensions by simply using a hosts file such as the one at http://winhelp2002.mvps.org/hosts.htm (that one is Windows-oriented but it works fine in linux also).

Or you could run your own dns but that's a bit more complicated to set up.

I like the clean approach, but hesitate to use my hosts file for blocking unwanted stuff on my development machine.

It is 3:00 am the app breaks in production while the development version magically works. You question your ability as a developer and a human being in general while blaming your browser, your os, your DNS secretly knowing in the back of your head, that that you must have done something really, really stupid. Why could you not have waited until tomorrow to push?

Finally the mixed feeling of relief and thinking you are the dumbest person in the world, when you remember your hosts file while hacking over SSH on production files, which you totally should have considered instantaneously.

I remember reading a story, where the legal department of a company in Germany sent hundreds of cease-and-desist orders to websites, which where all displaying their images. Strangely the image just appeared on company computers …

As I generally just block ad sites, I haven't had any real issues using the hosts file that way. Obviously it's not a good idea to block resources needed by your app. I have had similar experiences though, where I put a dev machine ip in my host file with a production domain name, to test stuff before the name was actually live in the DNS, then later being confused about why the "live" site wasn't showing some content (duh... still pointing at the dev machine).

Have you noticed how this affects websites/apps breaking? meaning, certain websites won't play video unless an add plays first (hulu/comedy central sometimes) do those sites not work if you enable this?

Some sites don't work unless I turn off hosts. On MS-Windows I simply use this to toggle hosts file on and off in such cases - http://www.abelhadigital.com/hostsman

<irony>oh no! not hulu .... wait I can't use that US centrict service anyway</irony> :p

Thanks for pointing this out though. ;)

Though it's not advertised on the landing page, Lightbeam has a block functionality: https://www.mozilla.org/en-US/lightbeam/

It's also endorsed by mozilla, which makes me trust it more. I've been using it for a while (on top of noscript) and it's quite informative and seems to work well.

My personal setup is noscript with careful whitelisting which I've found to effectively disable most tracking.

> It's also endorsed by mozilla, which makes me trust it more.

Somewhat skeptical, given that Mozilla referred to in-browser ads as "user-enhancing":



Mockup of the ads: https://bug972916.bugzilla.mozilla.org/attachment.cgi?id=837...

In this case I think Mozilla is right, many users will be happy to have a quick facebook/amazon/twitter/ebay shortcut out of the box.

People shouldn't use something with "block functionality". To protect our freedoms, we need everyone using stuff that defaults to blocking the surveillance.

Using disconnect's proxy? Looks like a trap to me. Give me proof, you discard all the data, then we are talking. Otherwise this approach is mostly flawed.

I'd love to see an Android version of this.

Dev here. We do have a new Android app out (but focused on search rather than browsing privacy): https://play.google.com/store/apps/details?id=me.disconnect....

From https://disconnect.me/disconnect :

Common tracking sites – Facebook, Google, and Twitter – are shown separately to make them easy to block or unblock. Click any icon to block or unblock a site.


Click the Facebook or Twitter icons to share these stats with your friends.

Anyone else find that rather ironic?

Not really. The point isn't that those sites are evil, it's that tracking is evil.

This is just going to be another arms race.

It's only an arm race if a lot of people uses it and it becomes a problem to business owners.

Sad truth is: all these "privacy" plugins break ads. Many people install them for that purpose alone and use privacy as excuse. Even if a website provide local ads because it values the privacy of its users: those are blocked too.

From a website owner's perspective privacy plugins are ad-blockers.

They only break ads if ads are big JS things that have privacy implications - most ads are, but they don't have to be.

I run a website that has one sponsor and their ads aren't blocked by privacy tools - because it's just some static HTML text, link and an image on the page. So I'm not sure what "local ads" you are referring to.

(In much the same way, I don't see a whole bunch of ads because I use a Flashblocker ... but ads don't have to be flash)

> From a website owner's perspective privacy plugins are ad-blockers.

If that's how a website owner thinks, then I'd say they have a very narrow idea of what an ad can be.

Small businesses don't reinvent ads or analytics, they rotate banners and that's it. They also don't implement their own software but use third party tools/plugins to manage their ads.

Ghosterly and Co blocks those common third party solutions even when run locally. E.g. from the Ghostery source:



You make it sound like there was something wrong with choosing which content you view.

I was mainly referencing the privacy vs data collection arms race. In this case I don't think anyone is going to be severely affected by this.

I love the combination of Ghostery and Cookie Monster.

For Ghostery, I make sure that new trackers added to the list are automatically blocked, and disable its cookie blocking. With Cookie Monster, I block all cookies by default, only whitelisting the sites that I wish to maintain being logged into (primarily the sites I run.)

With Cookie Monster you get the two-click ability to temporarily allow cookies from a particular website, and the two-click ability to revoke all sites previously allowed temporarily. Being able to quickly manage the individual cookies set for a particular site (again two clicks) is also great.

Ghostery, Cookie Monster, Tree-Style Tabs and Download Statusbar are the four things that I install on a browser the first time I use it. I add HTTPS Everywhere, User Agent Switcher and Video DownloadHelper if I'm going to use it for more than a few hours.

That's the combination of plugins that renders me unable to switch from Firefox:)

edit: I don't know how I forgot the Resurrect Pages plugin.

edit2: Crap, I forgot Flashblock. I might be hopelessly embedded in a Firefox workflow.

It's the dots that you leave around the internet that is the biggest problem in personal privacy.

I've been using Abine's DoNotTrackMe for a while. Is this any different/better?

I am wondering as well. Using https://github.com/RequestPolicy/requestpolicy on Firefox as a more aggressive way to control which website request can get through.

This has been available for a while, curious why it's making HN now?

I have long since switched to Ghostery ever since Disconnect frequently broke YouTube videos and nothing was ever done to fix it. Does anyone know if this problem still persists?

hmm, been using Disconnect for a while in FF and Chrome, haven't noticed any issues with YouTube videos.

Same here. Chromium on Fedora without any issues.

Given the lack of plugins on ios and sand boxing, how does this help ios apps per the disclaimer on the site linked to?

(Currently browsing on my iPhone, so searching a bit tedious)

Can anyone here point me in the direction of a hosts file that lists all the spammy sites? If it's a DNS, the better.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact