>Safari and Firefox both block many third-party cookies by default (which is why I had to change Firefox’s privacy settings to get this experiment to work), and as of today Chrome doesn’t (presumably because Chrome is owned by an ad company).
Wow. I am very strongly considering switching to Firefox now, just from this paragraph.
Actually, this has been a strong focus of Mozilla foundation for years.
The good news is that Mozilla has done a lot of refactoring / rewriting of its FIrefox codebase during the last year, and Firefox is now on par with Chrome regarding the technical aspects.
I was highly amused just a few days ago when a 1080p60 YouTube video was not playing correctly in Chrome (dropping frames), but played perfectly fine in Firefox. Resource utilization was not the problem on that machine. I tried restarting chrome, disabling extensions, etc but it seemed to just be some weird bug.
I will also take a moment to rant about the fact that YouTube allows you to select from a bevy of lower resolutions, but doesn’t allow you to select a lower frame rate. Many times I would rather watch a 1080p30 video on slower hardware instead of the 720p60 I am forced into selecting.
> I will also take a moment to rant about the fact that YouTube allows you to select from a bevy of lower resolutions, but doesn’t allow you to select a lower frame rate. Many times I would rather watch a 1080p30 video on slower hardware instead of the 720p60 I am forced into selecting.
I've thought about this too. I'm not certain, but I suspect this has to do with streaming video compression, specifically the fact that most video compression schemes I know of are temporal (i.e. they can eliminate the need to transmit a lot of data based on unchanged or productively changing pixels between consecutive frames). With a lower frame rate, the probability that pixels in consecutive frames being related decreases. That's my guess anyway.
In these cases 1080p30 is typically available. AFAIK there is a setting, only available to logged in users. If you are not logged in then youtube-dl is also an option. I also used a browser extension before to reenable the lower framerate options, but it stopped working.
I don't understand why they don't have the same for Google. The FB container does not only force the facebook and instagram sites into that container, but keep the rest out, and disable buttons on websites that open in other tabs. Google is such an obvious candidate for this, but maybe their relationship with Google comes into play here?
The Google container is less useful than just manually putting your Google session into a container because I would assume you don't want all your searches to go through your logged on session.
If you block third party cookies without having built out fingerprinting prevention, trackers switch from cookies to fingerprinting, which on balance is probably worse. And if you prevent that, sites need to serve ads without any information about the user they're serving them to, and make about half as much money.
I would assume that trackers always do what's in their best interest. Your claim that fingerprinting is both just a fallback and probably worse for the user thus does not add up to me. Wouldn't they always use fingerprinting if that is more powerful?
> Chrome is working on fingerprinting resistance and developing privacy preserving APIs that can replace third party cookies
And what will their (business and thus vital) interest in doing this probably be? Probably not what's in my, the user's interest. But what's in their customers' interest - advertisers.
Chrome doesn't need fingerprinting at all. If you are using that browser, you are already being tracked at all times. So by implementing fingerprinting resistance in the most popular browser, Google can thus hurt the competition while merrily continue their tracking business as usual.
Yep, on the occasion I need to use chrome it's very upset by the fact I'm not logged into my Google account. I'm sure most users log in. So Google really, really knows who you are.
Is it possible to get Chrome to never nag me to create and log into a profile? When I open Chrome right now it asks me to authenticate or "Browse as Guest."
Honestly it's kind of a rhetorical question because by having the nag screen the damage is already done to Google's reputation and it makes me feel really icky. Opting out of the nag screen just hides the grossness, and I would rather be reminded that using Chrome, and by extension all Google products, is just a bad idea.
If you read the links I posted above, Chrome's plan is not "implement fingerprinting resistance while leaving third party cookies alone". It's "implement fingerprinting resistance, add new APIs that give privacy preserving ways of doing some of the things third party cookies are used for today, and remove third party cookies".
Why would Google even need to use cookies inside of its own browser which is linked to your personal identity? It's like saying Facebook uses regular cookies on its own website to figure out which pages you visit. I guess they could, but they already have your page view history so it's kind of pointless. If anything it sounds like a red herring argument.
I'm not saying they don't. I'm saying they have a litany of other tools (I've spoken at length with engineers at Facebook about how they do this) that really make those unnecessary. Obviously you know more about how Google does it, and admittedly ads is not my wheelhouse at all. But from what I understand: it's overkill.
If you can point me towards a source that discusses the technical details of how Google tracks its users, I'd be interested in reading it.
> I'm saying they have a litany of other tools (I've spoken at length with engineers at Facebook about how they do this) that really make those unnecessary.
That's not how identity works on the web. Cookies are how every site tracks logged-in identity, including Facebook. To test this, clear your facebook.com cookies and observe that you're logged out.
I think we're talking about different things. I'm saying they don't need cookies to identify you, not that they don't use cookies for anything. Saying Facebook can fingerprint its users without cookies isn't even a controversial statement. Otherwise how would they track users without accounts?
> Wouldn't they always use fingerprinting if that is more powerful?
Fingerprinting is less reliable and more difficult to use, but it's powerful enough that multiple companies will have a clear picture of your browsing history whether your browser blocks third party cookies or not.
Fingerprinting is worse for users because you don't have control over it. If you open a private browsing window, close it, and open another one you're a different user from a cookie perspective but the same user from a fingerprinting perspective.
> what will their (business and thus vital) interest in doing this probably be?
My understanding from what Chrome has said publicly is that they're trying to get both (a) websites can make similar money from ads as they do now, keeping browsing free and (b) users have much more privacy than they do now, keeping third parties from being able to compile browsing histories for users.
Users benefit from (a) because they value these sites and from (b) because they don't want their browsing histories leaked.
> And if you prevent that, sites need to serve ads without any information about the user they're serving them to, and make about half as much money.
So the reason why Facebook (that I rarely use and block using the Facebook container extension) serves me better ads than Google (that has known me since before I left school) is because Google is clueless?
Seriously, for a long time I gave you the benefit of doubt but now you are just annoying. You make and then destroy products I love and can't even use the 23 282 192 million signals I have left behind over the years to give me ads that isn't directly insulting to me and my family!
Seriously: I think even your ads were better before even though I never bought anything (didn't gave the money back then).
At this point, they're not that great at either ads or search. They just have a huge amount of market share momentum behind them. They're then able to then use this to influence and mold the web in the direction that suits/grows their business. E.g. AMP, HTTPS, google-play lock-in, no-root access on devices, and a host of things that all synergize with each other to make it next to impossible to fight back as a consumer (even a skilled/informed one).
Regarding them not being that great at search. It's non-trivial to see how blog-spam and fake generated websites are pummeling google's results. We've all encountered it, and have learned to kinda skim/ignore it to get to what we really want, but it's there, and it's dragging us all down.
Not only that, but here we are more than 2 decades since they started, and being one of the largest data companies in the world with untold amounts of potential training data, and they can barely do basic search inference. They practically guess the most likely "thing" you are actually searching for and don't bother to go further. Checking whether the content of the site speaks to the "thing" or "noun" that you want instead of just having it as text inside of it? Forget it. Maybe if I append certain things it means I want the thing I'm searching for to be somehow related to this additional term?
Call me crazy, but I would have imagined that at this point we would be living in an actual digital super age instead of what we have now. I am no longer going to say that we have "all of humanity's combined knowledge" at the tips of our fingers. We simply don't. We have basic facts and a whole host of brain-vomit content that I have to read/watch in order to extract the information I need, without even being able to tell how authoritative it is.
> So the reason why Facebook (that I rarely use and block using the Facebook container extension) serves me better ads than Google (that has known me since before I left school) is because Google is clueless?
While Google has a lot of information, most of it is not eligible to be used for ad targeting. For example, Gmail data can't be used at all, and Search data can only be used in cases where information about what you were searching about won't be leaked.
A site could make a lot more money by selling its users' passwords to the highest bidder — that doesn't mean we shouldn't try to deny them that income. Without sharing personal data, ads can still be relevant to the scope of the site itself (less so for incredibly 'broad' sites such as facebook, of course, but they get compensated by having a much larger audience). A site can also gather whatever personal data it wants, and serve its own ads.
Chrome's Privacy Sandbox proposal [1] is about (a) having interest-based ads without (b) letting third parties track users across sites. Have a look at it, especially FLoC [2] and PIGIN [3].
My immediate reaction to your comment was "How do you not know that?!" (I'm sorry.)
However, if people frequenting a tech forum are not aware of the privacy benefits that Firefox has been pushing for a long time now, we as "tech folk" have a responsibility to push out the message.
I knew Firefox was working when within about 6 weeks of switching over on my computer and phone (along with using DuckDuckGo and the Facebook container feature), I started getting ads telling me to practice law in Pennsylvania and to fix my weird sideways penis.
Both of which were thankfully completely off target. Apparently those two categories are the birdshot of advertising.
I can't speak for the person you're replying to, but for me it's a sign that the advertising brokers/sellers don't know enough about me to advertise intelligently. Therefore they have less of my data (or less specific/identifying/informative data), which is a good thing for several reasons that have been discussed many times on this forum.
Worse advertising is a sacrifice I'm willing to make (as much as I do really like ads for things that are on sale when I happen to need them).
As evidenced by your and the other comments, there's more than one answer to the question. The parent's explanation for knowing if their defensive measures were working were novel to me, so I was curious as to the motivation.
I know for myself, I always find it curious how people are against targeted advertising in certain areas, but completely willing to accept it in others, sometimes without realizing it. It's always amusing to me reading this on HN where targeted advertising takes place and no one bats and eye.
Sorry I thought you were saying something worth commenting on, but you were saying something else. Can you point me to some examples of targeted advertising here? I mostly see comments and submissions and if those can count as ads then that’s not a useful definition of ads to me. Maybe you mean something else though.
I am not totally against targeted advertising when I am being targeted based on my activity on that site, but I find it really creepy when ads are targeted based on things I've done outside of the internet, or conversations I've had. I don't like the idea that my activity unrelated to a specific site is being stored somewhere and sold to companies that could theoretically use it for whatever they want.
I don't mind supporting companies by not blocking ads on a page, but I do mind being "followed" by them around the internet and IRL.
I don't mind being targeted as well and if they push me cheaper and better promo all the better. It's despicable however if they start to skew the prices in their favor due to your interest in the item.
Not GP, but: for me it’s never been about the ads. Poorly targeted ads are a sign that the advertising companies don’t have that much data on me, which is what I really care about.
My perspective - I do not want to see ads relevant to my interests. If I want to buy something that I care about I'll do my own due diligence for what a good product is. I don't want to be lied to and distracted by junk marketing trying to convince me I should buy something.
Irrelevant ads are way easier to ignore. It's so off-target that your mind doesn't even loose a cycle trying to make sense of it. Then you get so used to not paying attention that the occasional relevant ad gets ignored too.
In short, this allows me to strengthen my focus. Even though this all happens semi-unconsciously, it makes me more immersed in the content I'm actively trying to pay attention to.
It's not only about the relevancy of advertisements.
I'm sure they'd prefer or even like advertisements that are relevant from page content NOT invasive personal tracking or profiling.
IE: You go to a bathtub website and see an ad for rubber ducks and soap because those products make sense with bathtubs, not with the users browsing history.
Sadly, sacrificing relevancy is currently the only move to speak out about tracking, as a consumer.
Simply because things I'm not interested in don't look interesting and therefore don't distract me.
Let's say I like cars and I don't care for travelling.
If both sides of the page are background image of a car, I will check what car it is because I like cars.
If it's a huge picture of a beach I won't even notice because I don't care for beaches.
The ads can be made relevant relative to website's content, not my previous activity. If I'm reading a tutorial on how to fix something there may be ads for tools that are required for that. This is very relevant to me and at the same time does not need any information about my previous browsing history or other activities.
On the other hand, when I'm later visiting pornhub I'm unlikely to consider purchase of those tools even though they may appear relevant to my interests based on my previous browsing history. On the other hand, I am more likely to be interested in meeting hot moms from my area then - which is again solely context based.
No matter how hard I try to not be affected by advertising, I can't stop it from working.
Now, with that said, if I have the option to be exposed to an advertisement for a category of products that I am likely to purchase anywhay, or a category that I will never purchase: Isn't it obvious that my behaviour is more likely to be influenced by the relevant add than the irrelevant one?
Some people might think that the word "brainwashing" is too strong to be used for describing advertising, and maybe it is, but is it really that strange that I would prefer a tiny amount of "brainwashing" over a small amount?
I want sensible target advertising. As both a consumer and once shop owner I find the advert to be very powerful. The problem is I think current was of Digital Data Gathering and target advertising is going way off track.
I dont have a solution, as often it is with all these questions, but I hope there is a better way going forward.
I use Focus for ephemeral browsing (about 70-80% of what I do), and Firefox Mobile proper on iOS for anything I need to hold history or state within. Hope more people recognize the value of Focus for that reason alone.
> if people frequenting a tech forum are not aware of the privacy benefits that Firefox has been pushing for a long time now
Maybe it's because this is a tech forum. I take care of cookies and third party (and even first party) resources myself - so I don't know and don't care what Firefox does by default. Defaults are good for the other 99% of the people (who usually don't visit tech forums).
Doesn't Chrome have a "Block third-party cookies" setting (disabled by default) that you can enable in Settings > Site Settings > Cookies and site data > "Block third-party cookies"?
I'm under the impression that Safari and Firefox have this enabled by default. Is the only difference that it's disabled by default in Chrome?
Safari and Firefox both have a blacklist of known trackers in addition to cookie blocking. Not only that, these browsers also fight against other means of fingerprinting.
Even if it's true it's a huge difference. Very few people are going to a) think about this issue and b) know the right terms to google for a solution and/or c) dig around in their browser settings to find the setting.
It feels telling that Firefox puts their Enhanced Tracking Protection settings pretty close to upfront as possible, and Chrome’s “Block Third Party Cookie” setting is for all intents and purposes to a non-technical user, both buried and off by default.
https://jvns.ca is full of explanations that bridge the gap between general, layperson understanding and actual technically applicable knowledge. She’s helped me relearn the Linux/bash ecosystem after a decade of absence.
That's all nice, and I thank Firefox for blocking all these, but once there are too many browsers or extension doing the blocking, I wonder what will prevent sites to implement tracking server-side instead of client-side ?
They will definitely keep tracking users based on info available to the server, like IP address. However that is orders of magnitude less precise than what is in place now.
It certainly should be. You can make it much more precise with the tracking mechanisms that browsers like Firefox are blocking now (tracking pixels, 3rd party cookies). It's the difference between having a snapshot in time available to a specific site vs. a whole history across the internet.
Facebook can't show you customized ads if all it can recognize is that it's you. It already knows who you are, you told it by logging in, now it needs to know everything you're doing everywhere else so it can connect all those dots to you. This can't work if all it can say is "this is definitely voidmain0001 from their home computer but I know nothing else about them". The only way is to share that tracking between companies which is more difficult and still more limited in scope than 3rd party cookies.
I know you are voidmain0001 here and can read all your comments. But if I have no idea who you are on amazon.com so I can sell you your favorite tech in my ads then the usefulness of this information is limited.
Just as a rule of thumb, if those mechanisms weren't adding to the precision then nobody would have invested so much in constantly developing them.
P.S. The site above keeps failing half way for me. "Computer says no" type of thing.
Just like first party ads (hosted by the same domain) first party tracking is really hard to block.
But its a lot safer and better in many ways. It forces the site you are visiting to keep the ads safe an only track you when you are on their property (an in turn follow laws were they are located, GDPR in the EU for example).
Exactly, You're just a mod_rewrite away from serving a single gif under infinitely many names. All you have to do is include a unique name in every email, and then look through your log files to see if anyone came for that gif.
Tracking pixels are a pretty ancient technique and for good reason. It's basically no effort at all to set up the basics, and only a tiny bit more effort to get fancy at it and stick the accesses in a database instead of in the server logs.
The first party website can’t see the tracking cookie so now tracking is compartmentalized for every first party and there is no more tracking across sites. Quite a win.
Hey, I ran one of those trackers once. Good stuff, though you only captured one aspect of the domain. Enabled lots of content. Good times, good times.
There are a couple of other use-cases other than the 3rd party ID-syncing use-case without a 3rd party cookie. You can record information through one of the client-side onboarding providers on their side. Though, to be honest, they have pretty big latency.
You can do a png instead of a gif. It would be ~68 bytes instead of ~35 bytes. A webp image would actually be 1 byte smaller than the gif. So perhaps Google will move to that if Safari ever caves and supports it.
This article is brushing a lot of stuff very fast. In reality there is much more to it:
1. You don't need to visit Facebook properties for them to link your activity to you. Unless you're a brand new user and they have never finger printed you...
2. Referrer might be in the pixel tracker, but there is way more to that, including product IDs, product costs, your stage in the funnel (have you Added to Cart but not Purchased?), product category, etc.
3. Everytime a Facebook owned property (or piece of: Like button, FB connect) is 'used' by a device you use, then you can be sure the relation between you and that Pixel call is made (ahem, improved).
Install the Chrome Extension Facebook Pixel Helper, and check what happens when you use an ecom site. You'll be amazed to see what is shared with Facebook (no PII though).
In particular it would be interesting to go into why and how these 3rd party trackers get included on a page. I mean, the answer to both is obviously "money", but how does it work in practice? Old Navy agrees to implement a facebook tracking pixel in every page? Or it comes "for free" with a like button? etc.
The Like button primarily allows Facebook to monitor your presence across the internet. Tracking pixels can be deployed on a page by page or site-wide level (included like analytics scripts) to enable remarketing or retargeting.
The site-wide implementation will, for example, enable URLs that meet %string% to be grouped into a "segment". And then you can serve specific ads to that segment while excluding others
It's part of the onboarding of any Facebook Ads user (i.e., advertiser) to implement the Facebook Pixel on their site.
Without it you're not going to achieve much on Facebook as you need to feedback their system when a particular ad had an impact so that they can model the ad delivery accordingly and get you more converting users. Whatever your conversion is (viewing a page, registering, purchasing).
For anyone marketing something, installing browser add-ons to cleanly parse tracking params, event calls and adtech/martech used on sites can yield some valuable competitive business insights.
You'd be surprised at how many businesses do things like label things identifying their high value audiences, creative or products just to have it human readable in other reporting with zero obfuscation. Likewise, you can see if they are using any interesting tech you are not.
I don’t see how, in 2020, any conscientious member of this site could justify their use or advocacy of Chrome. It’s an evil product peddled by an evil company for evil means. The alternatives are as good if not better from a usability perspective.
Safari is great if you’re a regular Mac user.
Firefox is great if you’re a dev on any platform.
Chrome is toxic evil that needs to die for the good of humanity.
To be fair, one of the biggest reasons I still kinda stick to Chrome is due to its speed when it comes to Google products and other "web apps". Maps, Outlook365, Gmail are all absolutely horrendously slow on Firefox on Linux. And seeing as the entire web is going down this schmancy route of making everything under the sun a bloated, interactive "PWA/WebApp", it puts as in a corner when it comes to wanting to avoid using Chrome.
I think so... Could be anything from hidden JS optimizations, SPDY, server-throttling. Last time I looked, my anecdotal and probably biased investigation into it appeared to indicate that the actual requests were slower on Firefox. Nevermind the question of why Gmail needs to make 230+ requests to the server to start up.
There's still some sites where chrome just works and Firefox does not including major sites like Periscope. I'm confident I could clear my cache/cookies, disable plugins, or other wizardry to get it working but in reality I just use chrome for these sites. That's why I'm a Firefox user but not an advocate. My mom can't handle the idea of using a different browser for some sites.
I can have some weird cases on firefox Linux, where it isn't rendering perfectly. This might be me though, it's generally when I'm developing.
Just sometimes I'll go 'display: flex; justify-content: center; align-items: center;' and the content will end up about 5px above center. I'll be like 'WTF?' for a minute, then run it in chrome with no issue.
Not sure why you're being downvoted, this is sad but 100% true. For me, it's only a very rare site that doesn't work in Firefox, but one of them is my medical account. No choice but to have Chromium installed, otherwise I can't view my lab results, read my doctor's notes, and pay the bill. I assure you I don't like it but it's a fact of life.
I only use it for those very few sites (less than 1% for sure), but not having it handy at all is just not an option.
As for my mom, luckily she hasn't had any complaints so far, so she just uses Firefox as it's what's installed by default. I certainly don't think I could train her to switch between two different browsers, though. If it came to that it would have to be Chromium full time, there.
One site that deserves a plug here is binance.com. They stopped working with Firefox a couple of months ago, but it was fixed in 2-3 days after I reported it. I guess a little healthy (heh) competition goes a long way.
Whilst I largely agree the quality of life developing in chrome was better than any competitor for a long period of time. Expecting everyone to stay in the loop and switch over night as firefox / alternatives have caught up seems silly
V8 is a powerful runtime and has enabled some great products regardless of Google's history in areas
I guess this will probably be unpopular on HN, but...
I still use Chrome. I don't feel the need to "justify" my use of Chrome. I like Chrome. I care about internet privacy - I use ublock origin and have JavaScript disabled by default, and only reenable it for sites I really care about.
But I don't really have strong opinions about internet browsers. I used to use Firefox, but a few years ago I started using Chrome and just found it to be better for my habits. I like the tight integration between Chrome and my Google account.
I use a Google Home and several Nest products at home (granted they're on their own VLAN). I use GSuite for my personal email, and Google domains for my domain names. Chrome is just another drop in the bucket, and I can't be bothered to change it. I also tried using other search engines, and somehow still found Google to be more helpful for me despite everyone saying DuckDuckGo has reached parity.
I guess that makes me morally compromised, or supporting a "toxic evil" or whatever, but I just don't care that much. I'm self-aware in my apathy, I guess.
Don't let them make you feel bad about yourself. It was a little overboard in my opinion, I thought they were about to say you're a Nazi if you use Chrome.
Knowledge is power, just be aware of what is going on with your apps and make a judgement call for yourself. Lately I've been enjoying going to brick and mortar stores and don't go to Facebook at all. Who still uses Facebook? And if I end up seeing an ad, I don't let it ruin my day.
Firefox and Netscape before it go through weird phases of “we have to do a rewrite!” And then for the next 3 years they fall horribly behind and lose a huge chunk of market share.
After the rewrite they become quite good again but you can’t blame the people that jumped ship during the dark period where it seemed like nothing was happening.
This comment breaks the HN rules against name-calling. Would you mind reviewing them? https://news.ycombinator.com/newsguidelines.html The idea here is curious conversation, not "evil ... evil ... evil ... toxic evil". If you post like that, you're inevitably going to provoke someone else into doing the same and worse, and then we get destructive flamewars.
Also, denunciatory rhetoric isn't helpful and isn't interesting. Google and Google and Chrome is Chrome. Both are behemoth topics on HN. They can't be substantively reduced to "evil evil evil", though thoughtful critique is always welcome.
Its only a matter of time before the ad companies make their tracking unblockable e.g. by hosting something critical to the page, e.g. "make the webpage download jquery.js from our mirror, and you get all this tracking that can't be blocked!"
Isn't this happening already, and if not, why not?
Ad companies very much are building out cdn so they can do this. But it’s a complex marketplace and e-commerce/media folk are very reluctant to cede control.
Amp is probably the ad tracker cdn that has been most successful.
Good and short description, but it's only a little part in digital marketing.
This is just retargeting, an old hat. You can do even more sophisticated things, like predicting what's the best next step in the sales funnel. In general, every step you take before you purchase online is recorded to build your customer journey. And there's a lot more data, like referrers, user agent, times and so on.
This crudely represents one way law enforcement and intelligence agencies (friend and foe) identify targets for further analysis. Think about ways this is weaponized a little more. We saw an example of this in the US Navy prosecution of Gallagher for war crimes.
Ever since I enabled Dark Mode on Mac I started seeing so many 1x1 white tracking pixels on recruiter emails. Now I’ve disabled loading images by default in my email client.
I think I assumed 'tracking pixel' was just a metaphor — you mean they're literally serving 1x1 images? Why not 0x0 images? Why not a single transparent pixel?
I remember learning ~20 years ago to always set `background-color: #fff` since, in those days of Netscape, a user could easily customise their browser's default background color. It was very useful to have someone on the dev team who was weird enough to have done just that! :)
I use a browser extension on Chrome called PixelBlock to (hopefully) kill those email tracking pixels. The extension displays a small icon on emails where blocking occurred.
This is the description supplied for the extension:
"PixelBlock is a Gmail extension that blocks people from tracking when you open their emails."
Thank you for sharing this. I work with marketing tech, and having this laid out allows me to share with them a little more of the tech that we rely on.
And, it allows me to remind them that our work is utterly terrifying in terms of privacy. That's (part of) why I use Pale Moon, I have control of what gets downloaded or sent to servers.
Do any browsers or popular blockers object to these things if they aren't setting cookies?
I've used a 1x1 transparent image on many pages on my site for a long time, with a simple page identifier attached to the URL, such as "?index" for the main page.
This was simply for convenience in analyzing logs. If I wanted to know which of those pages were visited in the last N days, it was a simple matter at the command line to take the logs for those data and make a quick report that counted how many times that image was fetched, broken down by page identifier.
IPV6 privacy extensions make IP addresses have very little tracking value, but this article is about tracking pixels, and Google Fonts clearly don't apply here. If you set your Referrer-Policy headers correctly, Google doesn't know which pages your users are visiting.
The trouble with this is that many websites nowadays use fake fonts where the glyphs are the icons that make up the UI. Without the font, you don't see the icons, and thus have no idea what the various buttons and labels do or mean.
It annoys the crap out of me because I'd love to disable fonts for the simple reason that having every page use its own font for text is distracting. I don't need my eyes to adjust to a new font for every page. I want to pick my favorite font and only ever see that one.
On a completely unrelated note, I'll never forgive Mozilla for removing support for gopher urls in the browser.
147 comments
[ 3.5 ms ] story [ 123 ms ] threadI am not a bot despite sounding like one.
Wow. I am very strongly considering switching to Firefox now, just from this paragraph.
Plus they fixed their issues with performance, so it works just as well as the other browsers on my mbp.
I will also take a moment to rant about the fact that YouTube allows you to select from a bevy of lower resolutions, but doesn’t allow you to select a lower frame rate. Many times I would rather watch a 1080p30 video on slower hardware instead of the 720p60 I am forced into selecting.
I've thought about this too. I'm not certain, but I suspect this has to do with streaming video compression, specifically the fact that most video compression schemes I know of are temporal (i.e. they can eliminate the need to transmit a lot of data based on unchanged or productively changing pixels between consecutive frames). With a lower frame rate, the probability that pixels in consecutive frames being related decreases. That's my guess anyway.
I recently went to a website which had 250 (!) tracking cookies for marketing purposes... As you might suspect it was ridden with ads.
https://github.com/containers-everywhere/contain-google
https://addons.mozilla.org/en-US/firefox/addon/google-contai...
I stopped recommending them.
Chrome is working on fingerprinting resistance and developing privacy preserving APIs that can replace third party cookies: https://www.chromium.org/Home/chromium-privacy/privacy-sandb... https://blog.chromium.org/2019/08/potential-uses-for-privacy... https://www.blog.google/products/chrome/building-a-more-priv...
(Disclosure: I work on ads at Google, speaking only for myself)
> Chrome is working on fingerprinting resistance and developing privacy preserving APIs that can replace third party cookies
And what will their (business and thus vital) interest in doing this probably be? Probably not what's in my, the user's interest. But what's in their customers' interest - advertisers.
> I work on ads at Google
Well...
(Thank you for the disclosure though.)
Honestly it's kind of a rhetorical question because by having the nag screen the damage is already done to Google's reputation and it makes me feel really icky. Opting out of the nag screen just hides the grossness, and I would rather be reminded that using Chrome, and by extension all Google products, is just a bad idea.
Google's ad networks do use cookies for ad targeting, even in Chrome.
If you can point me towards a source that discusses the technical details of how Google tracks its users, I'd be interested in reading it.
That's not how identity works on the web. Cookies are how every site tracks logged-in identity, including Facebook. To test this, clear your facebook.com cookies and observe that you're logged out.
But they may also be fingerprinting; I don't know how they do things.
The key thing from my perspective, though, is that Google ads don't have any sort of special treatment in Chrome.
Fingerprinting is less reliable and more difficult to use, but it's powerful enough that multiple companies will have a clear picture of your browsing history whether your browser blocks third party cookies or not.
Fingerprinting is worse for users because you don't have control over it. If you open a private browsing window, close it, and open another one you're a different user from a cookie perspective but the same user from a fingerprinting perspective.
> what will their (business and thus vital) interest in doing this probably be?
My understanding from what Chrome has said publicly is that they're trying to get both (a) websites can make similar money from ads as they do now, keeping browsing free and (b) users have much more privacy than they do now, keeping third parties from being able to compile browsing histories for users.
Users benefit from (a) because they value these sites and from (b) because they don't want their browsing histories leaked.
So the reason why Facebook (that I rarely use and block using the Facebook container extension) serves me better ads than Google (that has known me since before I left school) is because Google is clueless?
Seriously, for a long time I gave you the benefit of doubt but now you are just annoying. You make and then destroy products I love and can't even use the 23 282 192 million signals I have left behind over the years to give me ads that isn't directly insulting to me and my family!
Seriously: I think even your ads were better before even though I never bought anything (didn't gave the money back then).
Regarding them not being that great at search. It's non-trivial to see how blog-spam and fake generated websites are pummeling google's results. We've all encountered it, and have learned to kinda skim/ignore it to get to what we really want, but it's there, and it's dragging us all down.
Not only that, but here we are more than 2 decades since they started, and being one of the largest data companies in the world with untold amounts of potential training data, and they can barely do basic search inference. They practically guess the most likely "thing" you are actually searching for and don't bother to go further. Checking whether the content of the site speaks to the "thing" or "noun" that you want instead of just having it as text inside of it? Forget it. Maybe if I append certain things it means I want the thing I'm searching for to be somehow related to this additional term?
Call me crazy, but I would have imagined that at this point we would be living in an actual digital super age instead of what we have now. I am no longer going to say that we have "all of humanity's combined knowledge" at the tips of our fingers. We simply don't. We have basic facts and a whole host of brain-vomit content that I have to read/watch in order to extract the information I need, without even being able to tell how authoritative it is.
While Google has a lot of information, most of it is not eligible to be used for ad targeting. For example, Gmail data can't be used at all, and Search data can only be used in cases where information about what you were searching about won't be leaked.
[1] https://www.chromium.org/Home/chromium-privacy/privacy-sandb...
[2] https://github.com/jkarlin/floc
[3] https://github.com/michaelkleber/pigin
However, if people frequenting a tech forum are not aware of the privacy benefits that Firefox has been pushing for a long time now, we as "tech folk" have a responsibility to push out the message.
So you can find out more about Firefox tracking here - https://blog.mozilla.org/blog/2019/09/03/todays-firefox-bloc...
And the Firefox Facebook Container may also be of interest - https://www.mozilla.org/en-US/firefox/facebookcontainer/
Hopefully, you're now reading replies to your initial comment in Firefox!
Both of which were thankfully completely off target. Apparently those two categories are the birdshot of advertising.
Worse advertising is a sacrifice I'm willing to make (as much as I do really like ads for things that are on sale when I happen to need them).
For me, a second reason to prefer them is that ads are noise. If the semantic content of that noise stays irrelevant, it is easier to ignore.
People can have a ton of other reasons, like avoiding temptation.
My turn - genuine question: did you honestly not know people feel this way?
How am I a targeted ad? I didn't say everyone on HN is a targeted ad. However, HN does show targeted ads.
> which seems to be your thesis.
Not even close. You should reread my comment for what it says, not what you want it to say so you can try to reply with a witless comment.
I don't mind supporting companies by not blocking ads on a page, but I do mind being "followed" by them around the internet and IRL.
In short, this allows me to strengthen my focus. Even though this all happens semi-unconsciously, it makes me more immersed in the content I'm actively trying to pay attention to.
I'm sure they'd prefer or even like advertisements that are relevant from page content NOT invasive personal tracking or profiling.
IE: You go to a bathtub website and see an ad for rubber ducks and soap because those products make sense with bathtubs, not with the users browsing history.
Sadly, sacrificing relevancy is currently the only move to speak out about tracking, as a consumer.
Let's say I like cars and I don't care for travelling.
If both sides of the page are background image of a car, I will check what car it is because I like cars. If it's a huge picture of a beach I won't even notice because I don't care for beaches.
On the other hand, when I'm later visiting pornhub I'm unlikely to consider purchase of those tools even though they may appear relevant to my interests based on my previous browsing history. On the other hand, I am more likely to be interested in meeting hot moms from my area then - which is again solely context based.
Advertising works, on everyone, including on me.
No matter how hard I try to not be affected by advertising, I can't stop it from working.
Now, with that said, if I have the option to be exposed to an advertisement for a category of products that I am likely to purchase anywhay, or a category that I will never purchase: Isn't it obvious that my behaviour is more likely to be influenced by the relevant add than the irrelevant one?
Some people might think that the word "brainwashing" is too strong to be used for describing advertising, and maybe it is, but is it really that strange that I would prefer a tiny amount of "brainwashing" over a small amount?
I dont have a solution, as often it is with all these questions, but I hope there is a better way going forward.
So I am in a similar position as you in terms of getting the ad companies to just throw random guesses at me.
But here is what gets me. There is this new push by YouTube that let's you clearly label your videos just for kids.
If I am on YouTube and I am playing a video that clearly is made for only kids, why does YouTube show advertising that is targeted for adults?
Perfect mobile duo for me.
Maybe it's because this is a tech forum. I take care of cookies and third party (and even first party) resources myself - so I don't know and don't care what Firefox does by default. Defaults are good for the other 99% of the people (who usually don't visit tech forums).
I'm under the impression that Safari and Firefox have this enabled by default. Is the only difference that it's disabled by default in Chrome?
[1] https://getpocket.com/privacy#passive
But I've always disabled it, on general principles.
"I spent some time yesterday talking to a reporter yesterday"
Thanks for the post — I enjoyed it!
Facebook can't show you customized ads if all it can recognize is that it's you. It already knows who you are, you told it by logging in, now it needs to know everything you're doing everywhere else so it can connect all those dots to you. This can't work if all it can say is "this is definitely voidmain0001 from their home computer but I know nothing else about them". The only way is to share that tracking between companies which is more difficult and still more limited in scope than 3rd party cookies.
I know you are voidmain0001 here and can read all your comments. But if I have no idea who you are on amazon.com so I can sell you your favorite tech in my ads then the usefulness of this information is limited.
Just as a rule of thumb, if those mechanisms weren't adding to the precision then nobody would have invested so much in constantly developing them.
P.S. The site above keeps failing half way for me. "Computer says no" type of thing.
But its a lot safer and better in many ways. It forces the site you are visiting to keep the ads safe an only track you when you are on their property (an in turn follow laws were they are located, GDPR in the EU for example).
Sometimes it’s also the base URL too.
Tracking pixels are a pretty ancient technique and for good reason. It's basically no effort at all to set up the basics, and only a tiny bit more effort to get fancy at it and stick the accesses in a database instead of in the server logs.
There are a couple of other use-cases other than the 3rd party ID-syncing use-case without a 3rd party cookie. You can record information through one of the client-side onboarding providers on their side. Though, to be honest, they have pretty big latency.
But apparently 204 No Content allows you to omit Content-type. Leaving this up in case anyone else was wondering :)
The pixel is simply there to make the request.
1. You don't need to visit Facebook properties for them to link your activity to you. Unless you're a brand new user and they have never finger printed you...
2. Referrer might be in the pixel tracker, but there is way more to that, including product IDs, product costs, your stage in the funnel (have you Added to Cart but not Purchased?), product category, etc.
3. Everytime a Facebook owned property (or piece of: Like button, FB connect) is 'used' by a device you use, then you can be sure the relation between you and that Pixel call is made (ahem, improved).
Install the Chrome Extension Facebook Pixel Helper, and check what happens when you use an ecom site. You'll be amazed to see what is shared with Facebook (no PII though).
The site-wide implementation will, for example, enable URLs that meet %string% to be grouped into a "segment". And then you can serve specific ads to that segment while excluding others
Without it you're not going to achieve much on Facebook as you need to feedback their system when a particular ad had an impact so that they can model the ad delivery accordingly and get you more converting users. Whatever your conversion is (viewing a page, registering, purchasing).
You'd be surprised at how many businesses do things like label things identifying their high value audiences, creative or products just to have it human readable in other reporting with zero obfuscation. Likewise, you can see if they are using any interesting tech you are not.
Safari is great if you’re a regular Mac user.
Firefox is great if you’re a dev on any platform.
Chrome is toxic evil that needs to die for the good of humanity.
Seems like Google is running the same hustle.
Just sometimes I'll go 'display: flex; justify-content: center; align-items: center;' and the content will end up about 5px above center. I'll be like 'WTF?' for a minute, then run it in chrome with no issue.
I only use it for those very few sites (less than 1% for sure), but not having it handy at all is just not an option.
As for my mom, luckily she hasn't had any complaints so far, so she just uses Firefox as it's what's installed by default. I certainly don't think I could train her to switch between two different browsers, though. If it came to that it would have to be Chromium full time, there.
One site that deserves a plug here is binance.com. They stopped working with Firefox a couple of months ago, but it was fixed in 2-3 days after I reported it. I guess a little healthy (heh) competition goes a long way.
V8 is a powerful runtime and has enabled some great products regardless of Google's history in areas
I still use Chrome. I don't feel the need to "justify" my use of Chrome. I like Chrome. I care about internet privacy - I use ublock origin and have JavaScript disabled by default, and only reenable it for sites I really care about.
But I don't really have strong opinions about internet browsers. I used to use Firefox, but a few years ago I started using Chrome and just found it to be better for my habits. I like the tight integration between Chrome and my Google account.
I use a Google Home and several Nest products at home (granted they're on their own VLAN). I use GSuite for my personal email, and Google domains for my domain names. Chrome is just another drop in the bucket, and I can't be bothered to change it. I also tried using other search engines, and somehow still found Google to be more helpful for me despite everyone saying DuckDuckGo has reached parity.
I guess that makes me morally compromised, or supporting a "toxic evil" or whatever, but I just don't care that much. I'm self-aware in my apathy, I guess.
Knowledge is power, just be aware of what is going on with your apps and make a judgement call for yourself. Lately I've been enjoying going to brick and mortar stores and don't go to Facebook at all. Who still uses Facebook? And if I end up seeing an ad, I don't let it ruin my day.
After the rewrite they become quite good again but you can’t blame the people that jumped ship during the dark period where it seemed like nothing was happening.
Also, denunciatory rhetoric isn't helpful and isn't interesting. Google and Google and Chrome is Chrome. Both are behemoth topics on HN. They can't be substantively reduced to "evil evil evil", though thoughtful critique is always welcome.
We detached this subthread from https://news.ycombinator.com/item?id=21833134.
Isn't this happening already, and if not, why not?
Amp is probably the ad tracker cdn that has been most successful.
The on-premise solution allows an easy setup of reverse proxy tracking, which isn't blockable in any way.
I know a few companies who run well known sites that use this technique and I could imagine every one with money does it like that.
This is just retargeting, an old hat. You can do even more sophisticated things, like predicting what's the best next step in the sales funnel. In general, every step you take before you purchase online is recorded to build your customer journey. And there's a lot more data, like referrers, user agent, times and so on.
What, using tracking pixels?
0x0 pixels arent a valid image, iirc.
This is the description supplied for the extension: "PixelBlock is a Gmail extension that blocks people from tracking when you open their emails."
I use Privacy Badger by the EFF. They block all kinds of tracking.
Also using Firefox will prevent Browser fingerprinting and such.
On mac turn off: Mail -> Preferences -> Viewing -> Load Remote Content in Messages
Without it, viewing a spam or phishing email will confirm your email address.
Viewing other emails will confirm that you viewed it, when you viewed it, how many times you viewed it, etc.
sigh, what a cesspool.
And, it allows me to remind them that our work is utterly terrifying in terms of privacy. That's (part of) why I use Pale Moon, I have control of what gets downloaded or sent to servers.
I've used a 1x1 transparent image on many pages on my site for a long time, with a simple page identifier attached to the URL, such as "?index" for the main page.
This was simply for convenience in analyzing logs. If I wanted to know which of those pages were visited in the last N days, it was a simple matter at the command line to take the logs for those data and make a quick report that counted how many times that image was fetched, broken down by page identifier.
Think again.
If you block tracking pixels you should also block the loading of external fonts. Extra bonus: fast loading pages.
Some CDN also exist for this reason.
https://collinmbarrett.com/block-web-fonts/
The reason Google is hosting fonts is to make the web an attractive platform, so they can monetize you in other ways.
Recommended by privacytools.io
It annoys the crap out of me because I'd love to disable fonts for the simple reason that having every page use its own font for text is distracting. I don't need my eyes to adjust to a new font for every page. I want to pick my favorite font and only ever see that one.
On a completely unrelated note, I'll never forgive Mozilla for removing support for gopher urls in the browser.