Page 1 of 1

A Better way to fight trackers

PostPosted: Fri Dec 11, 2015 10:30 pm
by GX01
Don't get me wrong, blocking trackers is good, but it is a defensive strategy (which is always a losing game in the end) and their is a better way to fight tracking.
Coming from a background of managing databases and big data I can tell you the one thing worse than no data is BAD DATA. And when you can't tell what is good and what is bad, it's all junk. So based on that, consider a different approach to tracking software.

1. Their entire business model is based on selling (or using) their data. If you corrupt 10 or 15% of it, you decrease it's value. If you corrupt 50% of it, you threaten the ability to sell any of it. If you corrupt more than 50%, goodbye customers. No one wants it.

So how do you corrupt their data? It's really easy. They grab it from your computer all the time. Just provide some junk data, let them collect it, and wait until it becomes wide spread knowledge that their data is junk.

There are a number of ways to provide junk data, below is just one possibility

Write random browsing software. Hook it into the screen saver so it turns on when ever the screen saver turns on.
Give it a dictionary to randomly pick words and phrases from and have it use search engines to get pages
have it visit those pages.
Consider an algorithm to pick additional links off of those pages to visit (maybe the most repeated, or bold terms, etc.)
Set a depth to go from the first page. maybe 3 or 5 or 10 or let the user set it.
Then go back to search engine and follow another link from the original search etc.

At some point make sure their is a facebook, twitter, and gmail login so all these cookies get picked up
Then clear all the cookies and start again.
By hooking into the screen saver, this will run every time the user is inactive.
if this runs overnight, it will generate far more cookies than the real user activity (maybe 5x 10x or 50x more cookies), and no one can tell the difference between real visits and random visits.

This is essentially send spam back to the tracking companies. When their customers find out 90% of their data is garbage, their business model fails.

Consider throttling the activity, say loading 1-5 pages at a time
Consider filtering porn sites.
A extra option would be to block image downloads to reduce bandwith use and speed up the process. Just get the html page and cookies etc. no one is looking at them.

Of course their are lots of way to go about it. The basic premise is bad data is far more effective than no data. Play with that idea for a while and a whole new generation of fighting trackers will be born.

Re: A Better way to fight trackers

PostPosted: Fri Dec 11, 2015 10:50 pm
by lewisje
It's akin to click- or view-fraud, which there are plenty of malware applications for.

Re: A Better way to fight trackers

PostPosted: Fri Dec 11, 2015 11:01 pm
by GX01
Except that it's only a fraudulent activity if you are claiming a person visited the site in order to collect money.
If you want to stop tracking, blockers will never do it. They are a temporary fix.
There are already many sites you can't visit unless you enable cookies or use a gmail or facebook login. Eventually this will be most sites, so unless you want to stop browsing, you need to rethink the defensive approach of blocking.

Re: A Better way to fight trackers

PostPosted: Fri Dec 11, 2015 11:04 pm
by lewisje
Your goal is out of scope for ABP (which is all about a defensive posture, not running fuzzing or DoS attacks on third-party services), and probably out of scope for legitimate software.

Re: A Better way to fight trackers

PostPosted: Sat Dec 12, 2015 2:41 am
by GX01
It's not attacking any one. It's just visiting web sites.
If they want to read things off of my computer with out my permission, I'm not responsible if they don't like what they read ha ha

Re: A Better way to fight trackers

PostPosted: Sat Dec 12, 2015 2:50 am
by GX01
It's obviously not designed to be part of a blocking app (although it could be combined to block real surfing and let the random cookies be set.
But it is in line with any organization whose purpose is anti tracking.
Of course if people are so invested and attached to the idea of a single approach that they cannot consider if it is an effective approach, then they can follow that approach into irrelevant obscurity when that is where it leads.

One day blocking apps will follow Netscape into obscurity. Trackers are making far too much money to go away and changes will make it nearly impossible to browse without tracking. Of course if you only want to surf your buddies home made web site and pat yourself on the back for the fancy tracking blocker that keeps him from knowing about you, feel free to proceed. I give blocking software about 5 more years before changes make it irrelevant.

Re: A Better way to fight trackers

PostPosted: Sat Dec 12, 2015 12:09 pm
by lewisje
GX01 wrote:It's not attacking any one. It's just visiting web sites.
thus spake every DDoS tool ever

Re: A Better way to fight trackers

PostPosted: Tue Dec 15, 2015 12:23 am
by GX01
DDoS is DESIGNED to bring down a site by intentionally overwhelming it.
A cookie collector does not damage a site, and on it's own, it does no harm to any one or anything. It just randomly visits pages and accepts cookies.

IF a tracking company reads cookies off my computer, it is their action that gives them bad data. it does not impair their ability to function. It just lets them collect and sell what they are essentially stealing. It should actually be illegal as accessing any one's computer without their permission is a crime, but of course in a corporatacracy this does not apply to corporate interests.

I do no harm to any one by visiting sites. If criminals steal info off my computer and wind up being mislead buy it, oh well, that's just poetic justice.

Re: A Better way to fight trackers

PostPosted: Tue Dec 15, 2015 12:44 am
by GX01
Or maybe you're so invested emotionally or intellectually in the idea and tech of blocking, you are not willing or able to step back and evaluate if it is even an effective approach.
I've worked in IT for over 25 years. I've lots of guys so loyal to a technology they defend it to the death even when it's not the best approach.

As for blocking. There are several ways they are gong to get around it. Don't get me wrong, I have a blocker on my pc, but it's a temporary shield at best.
The most obvious way they are defeating it is not letting you even browse without getting a google or Facebook account. I'm seeing more and more sites, and even store fronts require it. It's still a small percentage of sites, but it's growing.
The day will come when it is the majority. They are not defeating blockers through technology, they are making is irrelevant through business decisions.

If you are not able to comprehend that, you will loose the fight, just as a general, who may have the best fighting men in the world, will lose the war if he charges headfirst attacking targets that are not relevant to the enemies ability to fight.
The old saying fits well here. You do not win a war by winning battles or killing all the enemy soldiers. You win by destroying their ability to wage war. That may be financial, through production and supply, or other means. The enemy may have a million troops, but without food, fuel, and ammo they are useless.

The day is coming when blockers are going to be those useless troops. It is just fighting the ground war. The enemy generals are going to flank you and cut you off with business contracts that make your little soldiers (blocking app) irrelevant no matter well it works.
You need to target their ability to fight. And that is the ability to sell data. That is what drives the whole thing.

Re: A Better way to fight trackers

PostPosted: Tue Dec 15, 2015 8:58 pm
by lewisje
My issue isn't whether it's effective but whether it's ethical, and I don't believe that having a program on your computer make random HTTP requests on a regular basis to a tracker domain is ethical. I am well aware of the limits of content-blocking; just because I don't agree with your proposal doesn't mean I think everything's okay.

Re: A Better way to fight trackers

PostPosted: Tue Dec 15, 2015 10:34 pm
by GX01
That's a good conversation to have.
Is making random request unethical? Is tracking our use (when most explicitly do not want to be tracked) ethical?

What exactly is the ethical issue in making requests? To be clear, we're not talking about DDoS or anything the damages a site or other uses ability to use it. The only intent is to obfuscate my own use to protect my own privacy.

Let's remove it from the tech context for a minute. Let's say there is a peeping tom looking in your window to see what you are doing. You feel it's ok to close the drapes (though that limits your freedom and deprives you of something), but it's not ok to put up pictures of a lot of people having a party (pretend they look real for the sake of discussion) so the Tom gets the idea you're having a party?

I don't see an ethical issue with an action that has zero effect on any one else UNLESS they perform an unethical act which leads them to misinterpret or misunderstand . To say that is unethical is akin to saying they are ENTITLED to know your use and you are depriving them of their right. Do you feel they have a right to know your activity?