Loading Profile...
Twitter,
Facebook, or email.
Many websites now use googleapis.com to host a standard bunch of jquery files rather than hosting them along with their content, Google get their kickback through the referrers this generates for them and the tracking this provides (otherwise, why would they do it?).
Ghostery appears to do nothing to prevent this tracking. With all blocking options enabled, any time you visit a page containing googleapis hosted content, there's a bunch of detailed information on what you're doing, going to straight to Google.
Ghostery could strip the request to googleapis, of it's referrer, Google would just see a direct connection to http://ajax.googleapis.com/ajax... we'd get to use the functions of the site we're visiting and get a little privacy back!
A better solution would be redirection and alternative hosting of these files (locally perhaps) but seems a little out of scope for this plugin.
Ghostery allows tracking via googleapis.net / 1e100.net - Let's strip the referrer!
-
-
CHAMP
1Hi Mark, thanks for using Ghostery.
We've reviewed the operations of code.google.com before and didn't see any privacy violations. You are correct to note that just because we do not see it its not there, but blocking something like that will break half of the webbernets. We do allow an advanced user such as yourself to add user defined blocking. Its not a simple task, but its available if you wish to pursue this option.
As far as stripping referrers, this is just not something Ghostery currently does. Because of that, you might be better off installing another extension that does just that, there are several options for all major browsers. That said, we've had this and many other ideas on the drawing board for a while, so it might make it into future releases. -
-
1Thanks for your considered response.
I would agree that the content hosted on googleapis isn't malicious and that blocking altogether is a bad idea.
However, whether it's the intention or otherwise, the end result of 3rd party sites using googleapis' hosting of common libraries is that Google get tracking data and are making use of it.
Unlike the content, much of the modified GPL code running on their back-end isn't released to the public.
Feel free to check the traffic yourself, Ghostery does a fine job of stopping almost all unnecessary and privacy infringing tricks but with everything enabled you'll see an alarming number of connections to 1e100.net unless you're lucky enough that some of your favorite sites haven't moved to using googleapis.
Tcpview is a free and simple tool by Sysinternals (now owned by Microsoft), it lacks the detail and packet inspection of something like Wireshark but is easy enough for anyone to simply open and look at what programs are connecting to where. Take a look! http://technet.microsoft.com/en-us/sy...
Currently I can use noscript to block googleapis and most of the time this is fine. However, sites I've used for years have decided to redirect the jquery grab and I'm losing more and more functionality across the web.
Blocking all referrers is easy enough but this is a bad option as it's required for simple things like loading 3rd party hosted pictures to online banking and shopping.
A personal proxy is might be a workable option for at least some sites but not all and it doesn't solve the tracking problem for anyone else which is why I'm bringing your attention to this and hope that Ghostery can fix this privacy leak for all it's users. -
-
1For anyone that cares, using the Refcontrol plugin for Firefox with it set to block 3rd party referrers seems a workable solution for this particular issue (outside of extreme options like Jondofox).
Noscript, while great for security, doesn't block the connections even if you've not set the site as trusted, so even if you'd never allowed googleapis... they still get the referrer. -
-
Seriously, is this it?
I've run some checks to verify the accusations of a privacy leak, worryingly it's all true; yet this topic is going to rot here and die while Ghostery users remain tracked by the biggest privacy risk of all: Google. They probably know nothing about it too.
At this point I've got to ask if anyone at ghostery is employed or has any links with Google they should declare.-
Hi Anon, thanks for your thoughts, but at this time, the original reply stands. This is a very low priority for us, since Ghostery has not been designed to strip referer information, and as such, you are better off supplementing Ghostery for this particular use case.
-
-
I thought Ghostery was designed to stop tracking, it's very good at it but this seems a rather large oversight. At the moment you have users with a false glow of feeling protected and they're trusting you to be dilligent enough to do something about such an obvious and big threat. I beg you to reconsider.
-
-
-
-
CHAMP
I could go into further detail but it's not relevant to the problem and the sites you link to do nothing to reassure, where's the guarantee of privacy you're getting from them?
The Chromium team implementing a webkit wide fix that will only be utilised by a small number of sites doesn't change my opinion much either. Another red herring is cookies, they are not the risk, take a look at your unique browser fingerprint http://ip-check.info/
Every time, yes, every time you load a non-Google page which references googleapis as the place to grab jquery; it'll let them know your IP, the exact URL you're on and your browser fingerprint; couple that with their multitude of other services you may be using and this can easily add up to who you are, where you are, what you're doing and when. If referrers are disabled or jquery was referenced from a different location then Google lose one hook they have to track user behaviour, it simply doesn't need to happen.
I'm not looking for Ghostery to block googleapis.com, that'd break functionality across the web and they're hosting standard files which literally could be anywhere but if they're not interested in tracking through providing this service (although I can't see another reason they'd give away use of a really expensive CDN)... then they'd not be bothered by a handful of privacy concious users not giving them a bunch of tracking data.
Google give away excellent services for "free", these all come with the caveat that they'll track what you do and use this data to sell targeted advertising (at least for now).
Normally if one doesn't like a company they can simply not use their products but this isn't currently possible with Google; they're burrowing their way into so many places you really struggle to avoid them, even if you never load a Google page they're building a profile on you and I wish I could escape...
Given the scale and efficiency with which Ghostery is stopping other tracking devices, it seems absurd that you wouldn't want it to stop the biggest collector of personal data that exists.
Nothing you've said in your response to the above post addresses the privacy concerns from sending Google tracking data or even attempts to counter that it happens.
You've essentially given some interesting detail on the potential benefits of a CDN (which I'm not proposing is blocked), made the suggestion of a proxy, then admitted it was unworkable and made assumptions about my character. The only remark you made which is related to the topic at hand is:
"You want a guarantee? The guarantee is that Google has been caught with their fingers in the cookie jar more than once; consequently, they're now being subjected to closer scrutiny than anyone else."
I really don't see how that answers the question?
"the sites you link to do nothing to reassure, where's the guarantee of privacy you're getting from them? "
Most people are not going to take the time to analyse their traffic but would be stunned to discover what's being recorded about them, especially when using seemingly unrelated sites with (lazily/belligerently) no mention in the privacy policy that this happens. You'd imagine the kind of person who's installed Ghostery for privacy would be even more concerned and I'm raising this... Because it's happening right now and it's easily prevented. Why on earth would you block every tracking means on the web but allow Google safe passage? I don't understand the rationale.
If you must know, I can objectively see Google as a multi-sided coin but I'm also not comfortable about any entity wielding so much power and control. I'm a privacy lover but still a fan of some of the things Google have done such as AOSP and VP8 but I don't use their online services because I value my personal data, it's not something I want to trade or have traded (and yes, I'm prepared to pay).
However, I don't want this to be the debate, I'd like it to be: Why is Ghostery only selectively preventing Google tracking it's users on 3rd party sites?
Ghostery is a really well thought out piece of software, It's so close to being the only simple choice to actually opt-out from being monitored by a company you have made no agreement with... just one bit missing!