Apple moves to thwart Facebook tracking


#1

“Notably, these protections won’t do privacy-conscious consumers any good while they’re logged into Facebook, but it will help to protect them from the social network’s ever-expanding grasp while they’re logged out.”

Another reason to use Safari (not just because you want to use Better :wink:)


#2

Ironically, there’s a set of “Like” buttons at the top right of the Mashable article for FB, Twitter & g+. Also, I temporarily allowed 18 login connections with Little Snitch following the link this story on Mashable, and I may have blocked or allowed more—I’m not an expert Little Snitch user, so I’m not sure. And I’m using Safari. ¯_(ツ)_/¯


#3

You can still have “Like” buttons on a page and have their tracking blocked. Most of them will “fall back” to just being ordinary links to the social media platforms when their scripts are blocked.

It’d be interesting to see what Little Snitch blocked on there. I’ll have a look into whether we need to run another inspection on Mashable.


#4

[I’m editing this post quite a bit and retracting “18”: having more than one page open when I started counting connection attempts made my original list unreliable. Also, a couple of the links were to a right wing website that I had open only for research. I just counted connection attempts again using a different browser, Chrome, and got 13.]

Thanks for the distinction. Sometimes I have to turn off Little Snitch filtering so I can browse without incessant distraction. I haven’t yet learned all the rules as to whom to block or not and why.

I may be conflating “number of connection attempts” and “trackiness.” My assumption that the number of connections a site requests is a good indicator of how much they want, basically, to treat me as a commodity. Is that assumption flawed?

The connections attempts in order:
cdn.ziffstatic .com
can.static.zdbb .net
mashable .com
a.amz.mshcdn. com
zdbb .net
gurgle.zdbb .net
st.mashable .com
e2e-static.zdcommerce .io
horizon.sailthru .com
cdn-gl.imrworldwide .com
cdn.connatix .com
e2e.mashable .com
cdns.connatix .com

Did you mention that there’s a better place on ind.ie to post ad- or connection based attempts?

Since college, I’ve endeavored to insulate myself (as much as possible) from advertising exposure in the privacy of my home. It’s why I love ind.ie. It’s hard to tell whether I’m going overboard with that.


#5

Oh me too. I pretty much allow for all on Safari (as I have Better running) but for other browsers I always block-as-I-go or “Allow until quit.” I block anything that I am unfamiliar with, or if it’s from a corporation I know to be bad. A lot of the times it’s just CDNs (Content Delivery Networks) so that’s usually ok.

That’s a fair assumption. We go along those lines too, based on how many different domain names the connections are from, as usually each domain name represents a different tracker.

As a quick exercise in transparency in my process, this is how I would/will process the following:

cdn.ziffstatic .com

Trackers from Mashable’s publisher owners. (I know this because I blocked a load of Ziff Davis-related trackers a few weeks ago). Can probably safely block.

can.static.zdbb .net

same as above

mashable .com

the site itself, not an issue

a.amz.mshcdn. com

looks like it’s a CDN run by Mashable, probably fine but worth looking at what is being pulled in from here

zdbb .net

Trackers from Mashable’s publisher owners, can probably safely block

gurgle.zdbb .net

Trackers from Mashable’s publisher owners, can probably safely block

st.mashable .com

looks like it’s a CDN run by Mashable, probably fine but worth looking at what is being pulled in from here

e2e-static.zdcommerce .io

Trackers from Mashable’s publisher owners, can probably safely block (we don’t block this one yet…)

horizon.sailthru .com

“Customer retention” tracker. We already block one from sailthru, not sure if it is this one.

cdn-gl.imrworldwide .com

Nielsen tracker. We block this.

cdn.connatix .com

Tracker. Not sure we block this one yet…

e2e.mashable .com

looks like it’s a CDN run by Mashable, probably fine but worth looking at what is being pulled in from here

cdns.connatix .com

As with Connatix tracker above.

All in all, it does look like we need to run another inspection on Mashable. Though as we block some of these trackers already, I’m wondering at which point in the process Little Snitch grabs these URLs. I know it’s higher-level than Better, so it may be getting in first. (I’m showing my ignorance a little here…)

Here is great. When people report stuff via the forum, app, Twitter, Mastodon, or via email, I make issues for them on our content repository. I try to just make it as easy for folks to report in a way that suits them.

Aral and I discuss this balance regularly. Because it can make participation in society difficult. Being aware of it all is the first step! If you ever want to discuss particular thoughts, open a topic on the forum here. I love to discuss this kind of stuff (even if I’m unlikely to have any answers!)


#6

Thanks for the look at your process, @Laura.

With LS (Little Snitch) I’ve set the alert default to “allow or deny for 15 minutes.” Tapping “F” at alert popup makes that rule permanent. Sometimes previously blocked CAs (connection attempts) prevent desired content from loading, so I have to either pause LS or hunt through rules for interfering rules.

For Safari, when I notice I’ve left LS paused for a while, I activate it then delete all cookies through “manage website data” in Safari prefs. I rarely use other browsers, and when I do, it’s usually to look up CAs that I can’t check on Safari—because LS prevents Safari from loading content when it’s offering filtering choices (that’s what it’s supposed to do).

I began to summarize my filtering process (and shortcuts) last night, then thought “wait, does anyone really want to see this?”

That balance is so hard to find, and it’s hard to determine whether my extra effort is excessive. Using LS as a secondary (formerly primary) filter, and deliberating each CA, I sometimes find myself putting in a fascinating amount of effort. To put a fine point on it: since March of 2017, I’ve set 1,397 permanent LS rules, plus 2,424 expired temporary rules. Prior to that, I’ve managed to lose all of my LS rules twice, I think during system restores.

I was led down that first step (being aware) about 30 years ago (pre-Web 1.0), as I mentioned, in college, when I was introduced to the idea that television was a medium designed to transmit advertisements interspersed with programming, as opposed to the other way around. The general idea has mutated fantastically since then.

This is usually attributed to Rita Mae Brown, and I love it: “Art is moral passion married to entertainment. Moral passion without entertainment is propaganda, and entertainment without moral passion is television.” She’s still alive, I want to ask her if she did coin it and whether she’d like to update it.