Discussion:
[linux-elitists] targeted-advertising-considered-harmful/ ...comments welcome
Tony Godshall
2013-07-29 18:00:03 UTC
Permalink
(Used it to make this...
http://zgp.org/targeted-advertising-considered-harmful/
...comments welcome.)
Nice writeup

Just needs an eye-catching graphic so social media sharing will be effective.

Yes, that would be ironic.

Still.

Tony



PS: why does that page require scripts? are you trying to track me? :-)
Greg Folkert
2013-07-29 20:15:40 UTC
Permalink
Post by Tony Godshall
(Used it to make this...
http://zgp.org/targeted-advertising-considered-harmful/
...comments welcome.)
Nice writeup
[SNIP]
Post by Tony Godshall
PS: why does that page require scripts? are you trying to track me? :-)
NO, No, no... that would be the NSA. (Shhhh!)
--
***@gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
"Talent is a flame. Genius is a fire."
-- Bernard Williams
Don Marti
2013-07-29 23:25:32 UTC
Permalink
Post by Greg Folkert
Post by Tony Godshall
(Used it to make this...
http://zgp.org/targeted-advertising-considered-harmful/
...comments welcome.)
Nice writeup
[SNIP]
Post by Tony Godshall
PS: why does that page require scripts? are you trying to track me? :-)
No, that page uses CSS from Google Web Fonts.
If you block third-party content, it should come
through fine, just with your default system font.
Post by Greg Folkert
NO, No, no... that would be the NSA. (Shhhh!)
That's covered on another page...
http://zgp.org/~dmarti/freedom/learn-from-second-amendment/
(The IT business in the USA needs the 1st Amendment --
availabilty -- and the 4th Amendment -- access control
-- but is doing a terrible job of keeping them.
Meanwhile, the firearms industry is doing a few key
things right to keep the 2nd.)
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Teh Entar-Nick
2013-07-30 08:35:09 UTC
Permalink
Post by Tony Godshall
http://zgp.org/targeted-advertising-considered-harmful/
PS: why does that page require scripts? are you trying to track me? :-)
No, that page uses CSS from Google Web Fonts. If you block
third-party content, it should come through fine, just with your
default system font.
You're still trying to help Google track us. Not cool.
--
"These people program the way Victorians dress.
It takes two hours and three assistants to put on
your clothes, and you have to change before dinner.
But everything is modular." -- Miles Nordin, on PAM
Don Marti
2013-07-30 12:25:49 UTC
Permalink
Post by Teh Entar-Nick
Post by Tony Godshall
http://zgp.org/targeted-advertising-considered-harmful/
PS: why does that page require scripts? are you trying to track me? :-)
No, that page uses CSS from Google Web Fonts. If you block
third-party content, it should come through fine, just with your
default system font.
You're still trying to help Google track us. Not cool.
The web is full of third-party tracking, because
browser policies were thrown together haphazardly
during the dot-com frenzy and never fixed.
(And when anyone tries to fix it, you get flamed
by Sanford Wallace 2.0:
http://www.iab.net/iablog/2013/06/mozilla-kangaroo-cookie-court.html
)

Remember the guy whose site "makes a simple and polite
request for your browser to overwrite the contents of
your OS kernel with the bookmarks (favorites) file"?
http://crackmonkey.org/fanmail.html
Security issues like that made MSFT improve its
client-side security to the high standard it has
today. Well, at least to the point where Adobe
Flash and Oracle Java are now the biggest worries
for MS-Windows users.

Actually, I forgot to put the social site buttons on
the new page.
http://zgp.org/~dmarti/www/third-party-tracking-here/
I do plan to add a blurb about "If you see buttons
here, your browser is vulnerable to tracking. Please
visit https://disconnect.me/ to protect your privacy."

I'll check the fallback fonts in the CSS and make
sure that the page looks reasonable with them.
Does your distribution of choice have PT Sans and
Bitstream Charter packaged?
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Teh Entar-Nick
2013-07-31 13:00:04 UTC
Permalink
I'll check the fallback fonts in the CSS and make sure that the page
looks reasonable with them. Does your distribution of choice have PT
Sans and Bitstream Charter packaged?
Oh, I don't let sites set their own fonts. I don't yet trust freetype
with unverified third-party input, and besides the ubuntu and ubuntu
mono fonts look pretty good in just about all situations. Why not just
say when you want a serif font, when you want sans, and let me choose
the ones that look best for me?
--
Hey, how come nobody here in the future
has a time machine except me?
Don Marti
2013-07-31 14:03:13 UTC
Permalink
Post by Teh Entar-Nick
I'll check the fallback fonts in the CSS and make sure that the page
looks reasonable with them. Does your distribution of choice have PT
Sans and Bitstream Charter packaged?
Oh, I don't let sites set their own fonts. I don't yet trust freetype
with unverified third-party input, and besides the ubuntu and ubuntu
mono fonts look pretty good in just about all situations. Why not just
say when you want a serif font, when you want sans, and let me choose
the ones that look best for me?
Last I checked (and I don't use non-Linux systems
much, so this could be out of date) a lot of people's
computers have lousy system fonts. So I'll go
with this:

font-family: "Vollkorn", "Bitstream Charter", serif;

font-family: "Source Sans Pro", "PT Sans", sans-serif;

That'll give you (1) my chosen typefaces for
third-party-content-allowing users and those
who have installed Source Sans Pro and Vollkorn
locally (on Fedora,

yum install vollkorn-fonts adobe-source-sans-pro-fonts

and you should be set), (2) a fallback to decent
ones for people who are into privacy but might be
a little behind on fonts and (3) just plain "serif"
and "sans-serif" for you.

The one I'm not sure about is PT Sans -- it might
not be common enough to be worth it.

And for anyone not blocking third-party content,
here's a bonus link:
Black Hat: Ad networks lay path
to million-strong browser botnet
http://www.itworld.com/security/366872/black-hat-ad-networks-lay-path-million-strong-browser-botnet
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Teh Entar-Nick
2013-07-31 14:16:11 UTC
Permalink
Last I checked (and I don't use non-Linux systems much, so this could
be out of date) a lot of people's computers have lousy system fonts.
Honestly: That's THEIR PROBLEM, not yours!
--
"I've noticed that only racists use the phrase
"politically correct". Non racists instead use the
phrase "not racist"."
-- http://yoisthisracist.com/post/23094911081
Bob Bernstein
2013-07-31 18:10:02 UTC
Permalink
Post by Don Marti
And for anyone not blocking third-party content,
Black Hat: Ad networks lay path
to million-strong browser botnet
http://www.itworld.com/security/366872/black-hat-ad-networks-lay-path-million-strong-browser-botnet
Will a text-based browser (links, lynx) insulate one from the
image-based java tricks described in the linked article?


- --
Bob Bernstein

"No matter how big the problem is, you can always run away from it."

Dom Irrera
Rick Moen
2013-07-31 19:36:06 UTC
Permalink
Post by Bob Bernstein
Will a text-based browser (links, lynx) insulate one from the
image-based java tricks described in the linked article?
The blogger's reference to 'the java script' was a typo/editing error.
Intended reference was 'the JavaScript'.

Anyone who's looked at Web security seriously (such as Samy Kankar with
his 'Evercookie' demonstration vehicle for storing and perpetuating
client-side information) quickly realises that JavaScript is _the_
keystone component for all kinds of Web misbehaviour, and thus that
reining in the pervasive overfeaturedness and poor design foisted on us
by generations of short-attention-span Web weenies starts with
custom-configured NoScript as a minimal requirement.

Or, yes, you can resort to a text-mode Web browser, most of which don't
do JavaScript at all. (Ironically, you cited the only one that does,
Links.)
--
Cheers, Actually, time flies hate a banana.
Rick Moen -- Micah Joel
***@linuxmafia.com
McQ! (4x80)
Don Marti
2013-12-06 15:40:57 UTC
Permalink
Post by Don Marti
Post by Teh Entar-Nick
Post by Tony Godshall
http://zgp.org/targeted-advertising-considered-harmful/
PS: why does that page require scripts? are you trying to track me? :-)
No, that page uses CSS from Google Web Fonts. If you block
third-party content, it should come through fine, just with your
default system font.
You're still trying to help Google track us. Not cool.
...
Post by Don Marti
Remember the guy whose site "makes a simple and polite
request for your browser to overwrite the contents of
your OS kernel with the bookmarks (favorites) file"?
http://crackmonkey.org/fanmail.html
Security issues like that made MSFT improve its
client-side security to the high standard it has
today. Well, at least to the point where Adobe
Flash and Oracle Java are now the biggest worries
for MS-Windows users.
Thinking about this some more. What about just
putting a small annoying piece of third-party content
on a page, when you can get away with it? Anything
that should be blocked by a privacy-sensitive browser.
Here's one:

https://gist.github.com/dmarti/7826371

I do this...

<script src="https://gist.github.com/dmarti/7826371/raw/1d79ef59a21096176f46b650864fb14481e31d86/gistfile1.js"></script>

and add it to a page here...

http://srom.zgp.org/

(It's not malware, it's click the div to read the
actual page ware.)
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Don Marti
2013-07-30 12:55:14 UTC
Permalink
If you think Google Fonts could be improved from a privacy/software freedom
angle, please let me know :-)
How long does Google Fonts keep logs? 200s and 304s
should be possible to delete pretty quickly unless
I'm missing something.
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Loading...