Most of the largest websites are using session replays now, which record every key press, mouse click and even how you move your mouse, and then upload it to their servers/advertising partners. It seems like even a simple analysis of mouse movement patterns etc. can de-anonamize people regardless of ip address or browser fingerprint.
What can be done about session replays? Does javascript inherently give too much information away or can user add-ons (that add noise to mouse movement etc.) counteract this?
Businesses like facebook probably have a database of input characterizations for every user. Do you scroll using keys, mousewheel or clicking? Do you tend to scroll 3 lines at a time or 5? Do you make certain idle mouse movements when reading? How many milliseconds do you tend to hover a link before clicking it? How quickly do you move your mouse? How quickly do you read a certain amount of text? All these may sound like minor things but taken together can identify people with disturbing accuracy.
Aaron Nelson
I just use ad nauseum
Tyler Hill
At work we use one so we can see if our UX is shit and improve it based on that.
We don't resell any of it.
Aiden Cox
Depending how it is implemented it can be easy to difficult to block with ublock.
Is the keypress in the site or as long as you are on the site? Say if you are on facebook with chrome and you are typing a word documtnet, then facebook can steal everything?
Grayson Cooper
Is this bait
Isaiah Jones
it's a specific script that tracks actions on a website. ublock should block them by default. you ARE using ublock, right user? you're fine, then.
Lincoln James
>don't mind me, only stealing
Ian Ortiz
how do they do it and why did the browser makers put such features in their browsers?
0.0.0.0 is shit. pages will be loading infinitely because theres no timeout for that ip
Joseph Jackson
What should I use then?
Lincoln Powell
How is logging every move spatially efficient?
John Rogers
damn they know all of my many typos and grammer mistakes
Levi Johnson
Being able to tell where the mouse is or what buttons are being pressed are essential features to get any sort of UI working. Web "apps" could not function if such abilities weren't present in JS/browsers.
Anthony Smith
Setting up pi-hole would be an option, pi-hole redirects shit to its own web server which immediately responds with a blank page.
Joseph Phillips
Your browser should only send key presses to the tab that is currently selected, and it shouldn't send key presses to anything if another program is the active window.
ublock should catch the most popular session replay scripts (mouseflow, smartlook etc.) but alot of websites roll their own, or serve them from their own domain which ublock will miss. It seems to be a fundamental problem of javascript just offering too much info to websites.
A single key press is something on the order of 4 bytes. Mouse movement can easily be aggregated to total delta in the last quarter second and would be 8 bytes. A full minute of raw replay data probably wouldn't exceed 2KB of data, and that's before any attempts to compress it.
The sad truth is hosting anything on the internet costs money, and the bigger you are the more your infrastructure costs. And you are left with 3 ways to make money. Donations, Subscriptions and Advertising. And with many users blocking conventional advertising mechanisms they are forced to use these more insidious methods.
Honestly it's a bit chicken and egg. If ads didn't get obtrusive and shitty, people probably wouldn't have blocked them so religiously. But they pushed it too far and it blew up in their face. Even if they make ads less shity, so many people block ads they'd never notice.
Lucas Jenkins
It doesn't matter even if it's true, devices simply will not route traffic on those ranges.
Dylan Anderson
UMATRIX
No but seriously throw burp (free is fine) on a website and see just how much fucking garbage is sent.
Zachary Young
Are you trying to say that the top 400 websites cannot make enough money to sustain themselves without resorting to "more insidious methods"?
Thomas Davis
This is why I have AT LEAST two mouse jiterrers plugged in at all times
Hudson Bell
everyone to tor then?
choose between privacy or speed
Julian Thomas
>be CIA >lol the guy with 2 mouse jitters is fapping at tranny furries again
Michael Morris
i want to have this job
Liam Robinson
They don't. HTTP is practically the only big transfer protocol that's entirely centralized and requires ridiculous infrastructure in geographically placed servers, load balancers, content delivery networks, so on and on. DNS is decentralized, IRC is decentralized, NNTP is decentralized, torrents are decentralized, FTP might be centralized but there are functionally equivalent mirrors for everything. HTTP is about the most expensive protocol to provide a service with.
Justin Powell
Plenty of large sites don't even maintain their own hardware, but in some cases renting out endless virtualised hardware from a major server company at least initially works out cheaper than rolling your own hardware and a fat pipe, as well as being scaleable.
Plus you have to pay employees and your 15 bedroom Seattle penthouse
William Brooks
based 169.254/16 still pure where my link-local niggas at
Aiden Morgan
But your bosses would be satanic pedophiles and you'd know your paycheck came from opiates and cocaine production. And you can't quit or they kill you.
Adam Adams
jokes on them I swap between mouse wheel scroll, pageup/down and arrow keys every other tab
of course not, these IP ranges are designed not to be routed outside your LAN
Owen Myers
I do all 3 and move my mouse randomly they'll know it's me because of how spastic I am
Levi Ross
>2KB/min Now multiply that by the average amount of time a person spends on facebook a day: 20 minutes.
>40kb/day Finally, multiply that by the number of facebook users: 2.23 billion
Now facebook is adding a whopping 89.2 TB of data everyday. That's 32 PB every year.
I'm not saying they couldn't do it. They most likely can easily spare all of that. But you can't just shrug it off or say that it's efficient.
Nolan Murphy
when I copy pasted that into my / etc/ hosts file I got a little blood rush to my penis is that normal? also is there a way to link files inside of files or no? I was thinking of separating my massive blocked hosts by category into separate files but I guess it doesn't matter that much
Wyatt Hill
more than half of that only use their phone, I'm sure.. and I can't imagine 2 billion are "every day" users maybe just euro / usa
Landon Turner
They can process the data and just save the relevant fingerprint, you don't need all historical data once you can identify a person accurately.
Kayden Collins
jokes on you because you're the only one alternating between all of the methods frequently
Ian Robinson
how could he have not thought of this lmfao
Justin Bennett
20+ minutes/day is the global daily average a user spends of facebook (the data might be outdated). Do you know what an average is, user?
The average on usa is 50 min/day (might also be outdated).
Fell free to redo the math. By the way, the first number (2kb/min) was taken out of that other user's ass.
Nathaniel Diaz
1. No js 2. Blocking all non user initiated gets/posts 3. Wget
David Lewis
How much kb/min is it to take numbers out of each others asses across the globe via Jow Forums?
Gabriel Bell
JavaShit was a mistake.
Jaxson Gomez
you are smart, couldnt come up with this even though I know alot about unique fingerprints.
Wyatt Roberts
>1.47 billion people on average log onto Facebook daily still unbelievable honestly, that is fucking sad.. Jow Forums is way better to waste 20 hours a day yea 2kb/min is low if they actually were tracking mouse movements, which they aren't. Keys typed is totally believable though, maybe even clicks, but I doubt that too, probably only links clicked and keys typed.
Jonathan Myers
>2. Blocking all non user initiated gets/posts How do I block specific gets/posts?
Evan Peterson
bump
Jayden Anderson
Not just JS, the whole idea of having webpages run code and active content in general - no matter what language you do that in - was the mistake.
Landon Phillips
Delete delete delete delete delete delete delete
Jaxon Gray
Is there any hope of some kind of browser/extension being able to block all this shit, or is it too ingrained into the software to avoid?
Easton Bennett
Just block javascript, which you should already be doing for the past 10 years or so.
Jacob Cook
You'd have to block JS from being able to see or respond to user input. Which is essentially disabling JS. I doubt this can be stopped by any means short of not running JS.
Chase Mitchell
Good... I wonder if they can tell when i'm whacking my dick to my ad-free experience that isn't influenced by the data they collect.
