This kind of data collection abuse is why I think we need more addons like AdNauseam [1]. Unlike uBlock Origin, it's not available from the Chrome web store anymore, which is a good sign that Google hates these types of addons more than they hate simple blockers.
Blocking A/AAAA domains with custom URLs to prevent tracking is almost impossible, so instead let's flood the trackers with useless, incorrect data that's not worth collecting.
Completely agree. Stuff like uBlock Origin is just online self-defense against hostile megacorporations. Maybe it's time we started going on the offensive by poisoning their data sets with total junk data with negative value. They insist on collecting data despite our wishes? Okay, take it all.
I worked for a agency a couple of years ago, when, out of the blue, tracked data contained tons of random data instead of the expected UTM parameters. It took us a while to figure out what was happening. It was some kind of obfuscating plugin that was messing up well known tracking parameters.
What I want to say is: stuff like that could actually cause a lot of fun on the other side.
Yup. I've used NoScript for years, and one of the most frequently appearing sites that remain blocked is googletagmanager.
I totally second the sentiment that this is merely minimal defense against hostile 'service providers'.
This avalanche of tracking libraries is now almost as toxic as email spam in its worst-controlled days. Much of the internet is literally unusable, as pages take dozens of seconds to minutes to load - on a CAD-level laptop that can rotate 30MB models with zero lag.
In fact, does anyone have a blacklist of trackers that we can just blackhole at the HOSTS file or router level? Maybe time to setup a pihole?
In my experience the most popular noscript trackers are googletagmanager and facebook, so with just two domains you can get a lot. But e.g. bloomberg uses full first party proxy for facebook pixel with pseudorandom base url, it's difficult to block even by url; I suspect they duplicate the page request to facebook too, but this is unobservable on client side. Hopefully this solution doesn't scale well.
Since this extension actively clicks on ads which may trigger payments, how do ad-fraud services classify endpoints running this extension? Could they consider this malware and add the client IP to blacklists?
If we were to split what malware does into Infection (getting into the system), Avoidance (hiding from system, AV, or attacking AV) and work (sniffing, sending spam, etc..) then the Avoidance would be by far the biggest and most complicated (and most interesting) category.
Good. If it is a shopping or some other service that charges money, then they lose business.
If it is some service that you have no choice but to use, but relies on network effects (like Facebook Events), then you can just send a screenshot to the interested party and they Might consider not using a service that is broken for other people.
Sure, and perhaps also the accounts of users running this while logged-in. Have contingency plans if you run this and your, say, GMail account is blocked.
I lost my gmail account a decade ago. Since then, year after year, I've been watching people suffer the same fate with gmail, youtube, google play, etcetra. There's always someone who won't believe that google can screw you over all of a sudden. There's always someone who will be surprised, always someone who thought it couldn't happen to them...
I don't know what else I can say. It's a shame I haven't been maintaining a list of all incidents I've come across.
> they collect everything through their desktop environment
There're many relevant questions during the install. If one actually uses the OS installation wizard GUI instead of skipping it with "next" buttons, Microsoft won't be collecting much.
Another thing, they don't have to because their business model is honest. They're building software, users are paying for that. Microsoft ain't an advertisement company, they have little motivation to track people.
> you need an email to set windows up now
I did clean installation of Windows 10 last week (recycled an old laptop after migrating to a new one), the email was optional.
It's not going to be much of a throwaway once it's associated with every activity you do on your computer and the internet. In fact, it might be one of the most valuable email addresses (to Microsoft) that you ever make.
Adding another party into my web browsing is always a tough pill for me to swallow. I am also a noob at reading trust signaling. What are some of the reasons that I should trust this dev and their processes?
You should put the same amount of trust in this dev as you should in any other. I myself trust Mozilla's store reviews enough to run the addon, but if you're more conservative with trust, you can inspect the source code and build the addon itself.
The addon comes down to a uBlock Origin fork with different behaviour. I believe most of the addon code is actually the base uBlock code base.
I haven't seen any obvious data exfiltration in my DNS logs, but then again I'm just another random on the internet. If you don't feel comfortable installing something with a privacy impact as broad as an ad blocker, you should definitely trust your instincts.
My experience is that Pihole has been getting less effective over time as more and more ads are being run through the same domain that legitimate content is. When I first installed it it killed ads on my Roku, that doesn’t happen anymore.
What apps on your roku? I had to whitelist a Hulu domain cause it froze when trying to load ads during commercials for example, but when I look at the logs it’s blocking a ton of telemetry and phoning home 24/7 by Roku and Alexa devices.
Are you regularly updating your ad blocking filters? When ads start showing up on my phone I know it’s time to go hit the update button.
I feel like the reason you initially used a strong word like abuse is to distract from the same behavior the blockers you mention engage in. Spamming Google event services and "flooding" them with garbage is surely considered to be in the abuse category at least if you're not an avid anti-ad proponent.
Blocking A/AAAA domains with custom URLs to prevent tracking is almost impossible, so instead let's flood the trackers with useless, incorrect data that's not worth collecting.
[1]: https://addons.mozilla.org/en-US/firefox/addon/adnauseam/