[PrivacyBadger] Pushing Privacy Badger's buttons, part 2

Cooper Quintin cooperq at eff.org
Tue Sep 13 16:34:07 PDT 2016 

Great stuff!

On 09/12/2016 06:19 AM, 'Don Marti' wrote:
> I have made some progress on this.
> 
> There is now an "un-tracking pixel" that will just set
> the Aloodo cookie -- no third-party JavaScript
> required.
> 
> Faster than running the whole script.  And it comes
> with a long "Expires:" time, so the browser won't
> re-load it for every page.
> 
>   http://blog.aloodo.org/misc/howto/#pixel
> 
> Good for
> 
>  * sites that want to help but don't want to show
>    tracking warnings
> 
>  * sites that are concerned about load times and
>    bandwidth
> 
>  * sites that don't want to run 3rd-party JS
> 
>  * sites that can add an image but not a script (for
>    example, those hosted on Wordpress.com)
> 
> So now there can be some sites running the whole
> Aloodo script, to warn users, and some sites just
> running the pixel, to pre-prime the browsers so the
> script can get better results.
> 
> 
> begin Mike O'Neill quotation of Sat, Apr 16, 2016 at 05:19:04PM +0100:
>>
> Thinking about this I think a better "block me" response would be a Tracking Status Value of "D", which means the web application is "Disregarding" DNT.
> 
> T could be a valid TSV when Tracking for one of the permitted uses is happening, although the particular permitted use must be declared in the "qualifiers" property. PB could check for a T along with an absent "qualifiers" property, or one that does not have one of the permitted use codes, but that seems long winded. A "D" would be simpler.
> 
> So either the TSV includes:
> 
> { "tracking": "D", ... }
> 
> Or there is a response header "Tk: D"
> 
> I am writing an implementers guide to DNT (for the TPWG) that will include that suggestion.
> 
> Mike
> 
> -----Original Message-----
> From: PrivacyBadger [mailto:privacybadger-bounces+michael.oneill=baycloud.com at eff.org] On Behalf Of Cooper Quintin
> Sent: 12 April 2016 02:56
> To: privacybadger at eff.org; Don Marti <dmarti at zgp.org>
> Subject: Re: [PrivacyBadger] Pushing Privacy Badger's buttons, part 2
> 
> Actually this seems like a pretty good solution to Don's problem and one
> that we should maybe adopt anyway. There are other benefits to reading
> the TSR as well such as getting a list of first parties. I would likely
> support this change.
> 
> - Cooper
> 
> On 04/09/2016 11:31 AM, Mike O'Neill wrote:
>>>> Why not agree on a "block me" signal. Any reference to a third-party marked in a particular way will cause the request to be blocked by tracking protection i.e. PrivacyBadger
>>>>
>>>> The Do Not Track (candidate) recommendation contains such a signal. A TSR (a JSON resource at //ad.aloodo.com/.well-known/dnt ) with Tracking set to "T" ( { "Tracking": "T", ... } when accessed with the DNT set (DNT:1), would signal refusal to stop tracking, i.e. block me. You could also do it by returning a Tk: T to any ad.aloodo.com  resource.
>>>>
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: PrivacyBadger [mailto:privacybadger-bounces+michael.oneill=baycloud.com at eff.org] On Behalf Of Don Marti
>>>> Sent: 09 April 2016 18:48
>>>> To: privacybadger at eff.org
>>>> Subject: [PrivacyBadger] Pushing Privacy Badger's buttons, part 2
>>>>
>>>> Still working on tools that a web site can use to
>>>> notify users when they're vulnerable to third-party
>>>> tracking.
>>>>
>>>> Here's the problem.
>>>>
>>>>  * If the script warns the user when a third-party
>>>>    iframe loads, it will falsely notify some users
>>>>    of an "untrained" Privacy Badger.
>>>>
>>>>  * If we wait to notify until we're sure that a
>>>>    third-party cookie can be set and read on three
>>>>    sites, then we miss a chance to notify some users
>>>>    of list-based protection who haven't been to enough
>>>>    sites that include the iframe.
>>>>
>>>> One solution is...put the https://ad.aloodo.com/track/
>>>> iframe everywhere!!1!1  Even if you don't want to run
>>>> tracking notifications on your own site, the iframe
>>>> will train Privacy Badger to block it, so the cookie
>>>> test will work when the user goes to a site that does
>>>> do notifications.  Still looking for other solutions.
>>>>
>>>> Anyway, more here:
>>>>
>>>>   http://blog.aloodo.org/posts/track-js-script/
>>>>
>>>> Comments and suggestions welcome.
>>>>
>>>>
>>>> _______________________________________________
>>>> PrivacyBadger mailing list
>>>> PrivacyBadger at eff.org
>>>> https://lists.eff.org/mailman/listinfo/privacybadger
>>>>
> _______________________________________________
> PrivacyBadger mailing list
> PrivacyBadger at eff.org
> https://lists.eff.org/mailman/listinfo/privacybadger
>>
>

More information about the PrivacyBadger mailing list