this post was submitted on 08 Sep 2023
94 points (96.1% liked)

Privacy

4214 readers
29 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
 

Something I noticed on a few websites, including stackoverflow, is that they leave tracking settings up to a different website, which still lets that external party know what websites a user has been seeing, and this can be maliciously abused.

I realize this might have been mentioned before, but I didn't see any similar posts in a quick search.

all 11 comments
sorted by: hot top controversial new old
[–] jmeel@lemmy.world 8 points 1 year ago (1 children)

Naturally, I have both these "cookie" sites denied access.

I also felt that I should mention that any external asset domains can also see this traffic, too, but those typically aren't used with tracking - or the opposite thereof - in mind.

[–] ApathyTree@lemmy.dbzer0.com 1 points 1 year ago (1 children)

How do you, personally, block cookies? Like, manually or with an extension or..? Do all your devices have the block?

I run a pihole, but I think cookies work very differently than ad dns. I don’t really understand the various components of the internet, tbh.

[–] jmeel@lemmy.world 1 points 1 year ago (1 children)

I use browser extensions that - from what I'm understanding - remove any external script references, or at least prevent the script from loading, but I'll admit, the pihole method is what I've been drooling over for a while now, but haven't arranged yet. Also, it's probably more trustable than a browser extension, ironically. 😅

[–] ApathyTree@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Do you mean for cookie control? I don’t think pihole can do that (and some basic searches seem to agree), but again idk how the whole thing works..

It’s easy af to set up for adblocking though. I’m not super tech savvy and it took like an hour, start to finish, including time to track down a USB.

[–] jmeel@lemmy.world 1 points 1 year ago (1 children)

No, just for preventing (I guess you could call it sanitizing with the web as it is now) shady traffic that might happen in the background. It's unfortunate that phones don't have a higher control on authorisation for apps to selectively block user specified IP or web addresses.

Heh, I guess adblocking IS sanitizing your internet access

[–] ApathyTree@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Ah, gotcha, yeah I use my pihole rather manually to block things I don’t recognize. It’s kinda fun to see what breaks (usually fucking nothing, surprise surprise).

So like I get an ad on a page, nope, go into pihole and block literally anything from that device in tht time range which I don’t recognize as the url I wanted or some necessary component, reload and see what happens.

I’ve broken a few games and pages doing that, but it’s easy enough to walk back, just reload the thing and you get a new query to unblock.

But it’s nice for preventing my tv from reporting on my behavior (I like the apps, not the shady data collection or ads), shady sites as you say, and with a basic vpn, golden on mobile too.

It’s a shame it doesn’t handle cookies tho. I’m on ghostery dawn browser which takes that stuff as a top priority (dawn hasn’t been updated in a year so I’m using it cautiously for link handling only, with ghost tabs as the default so my activity and trackers clear when I close the browser) but I’d prefer a single solution for everything network wide..

[–] jmeel@lemmy.world 1 points 1 year ago

Yeah what you've described using your pihole sounds like a dream set-up. I honestly think that is the most powerful shield any home can have against data-mining apps, operating systems (looking at you, windows), websites, and even some physical devices (internet of things).

Cookie tracking is something that - now that I think about it - I'm not too familiar with in terms of the original intended site tracking it, but if it's external sites, then yeah just blocking said external site from ever being loaded or script therefrom run should be good enough.

[–] ToxicWaste@lemm.ee 1 points 1 year ago (1 children)

I do understand where you're coming from. But since it's the law, to have these cookie things, there obviously will be a service for it.

SO could probably implement it themselves. But small businesses and volunteers of clubs etc. probably don't have the expertise to do so...

[–] jmeel@lemmy.world 1 points 1 year ago (1 children)

That makes sense. Now it seems like a dilemma though. I assume that authority looking over this aspect of privacy would monitor the cookie sites to ensure no data is being retained when a user selects no, but that still leaves an opening for hackers. Well, I guess empty cookies would only mention the device ID and website ID and date accessed, nothing more.

[–] ToxicWaste@lemm.ee 2 points 1 year ago

I do not know whether the authorities keep an eye on these sites. But I wouldn't count on it.

IMO the law to have these cookie notifications was made by people who wanted to do something about privacy. But did not understand the tech, they where writing a law for. There is localstorage which basically works like a cookie or much more advanced ways like scripts, which may track ppl. And there exists no law (that i am aware of) to make users aware of these things...