back to article Ghostery, uBlock lead the anti-track pack

Looking for browser privacy? A group of researchers in France and Japan say RequestPolicyContinued and NoScript have the toughest policies, while Ghostery and uBlock Origin offer good blocking performance and a better user experience. The study also gave a nod to the EFF's Privacy Badger, which uses heuristics rather than …

  1. Bronek Kozicki
    Trollface

    DoNotTrack HTTP header provides almost no protection

    I am shocked.

  2. Nattrash
    WTF?

    What I'm somewhat surprised about is that there is no consideration and/ or evaluation of the fact that Ghostery is the product of... <drum roll> Cliqz. Yep, that Cliqz. The one everybody was up in arms about when it started harvesting data from (German) Mozilla users.

    And as far as I know it always has been a product of "an ad agency".

    Doesn't that smell a bit like the butcher testing his own meat?

    After all, as a product of an ad agency, it tries to "enhance the browsing experience" by gathering personal data, phoning it home, and sticking it a huge database... of an ad agency?

    1. Anonymous Coward
      Anonymous Coward

      Doesn't that smell a bit like the butcher testing his own meat?

      There are filters that block those kind of websites as well.

  3. Anonymous Coward
    Anonymous Coward

    +1 for NoScript

    It does an awful lot more than stop you being tracked - if you have the patience to work with it

    1. Anonymous Coward
      Anonymous Coward

      Re: +1 for NoScript

      The new UI is terrible though. I had to switch to uMatrix, at least until they get it back up to scratch next year (the WebExt version's missing a bunch of stuff). I also never noticed that NoScript doesn't have domain scope. If you block twitter on another website it blocks twitter on twitter, uMatrix doesn't.

      1. sad_loser

        NoScript

        I use noscript as default but if I have to turn it off for a site then I use Adnauseum to p1ss in their swimming pool.

    2. Anonymous Coward
      Anonymous Coward

      Re: +1 for NoScript

      I just wish they would get the version for android up and running with the new crap firefox.

    3. Alan Brown Silver badge

      Re: +1 for NoScript

      I have this argument with users.

      Blocking everything by default and then allowing what you want, is the best solution IMO. That way you KNOW what's been allowed.

      1. Michael Thibault

        Re: +1 for NoScript

        "That way you KNOW what's been allowed."

        'But you have to click things to make it work' is the counter, correct?

  4. Haku

    Ghost redirects.

    I noticed recently on a forum I frequent that whenever you clicked on a link someone posted it would redirect through an ad agency called viglink and certain sites would have an affiliate link added, despite the fact that when you view the html source the links are unaltered.

    I didn't like that crap so I added the two culprit viglink api websites to my HOSTS file pointing them at 127.0.0.1 and the redirects don't happen there anymore.

    But I only noticed the redirects were happening because the URL you end up at was not always the same as the one you clicked on, but sometimes you couldn't see the redirect happening even though it was, so it makes me wonder how much this invisible redirect practice is going on over the entire web without people knowing.

    1. Alan Brown Silver badge

      Re: Ghost redirects.

      "makes me wonder how much this invisible redirect practice is going on"

      A lot. It's regarded as link piracy and some sites check their referrers to try and stop it.

    2. TheVoodooRay

      Re: Ghost redirects.

      Yeah, I noticed viglink links on a forum that I recently signed up to, too.

      I've not heard of them before, so found there's an opt out thing if you visit https://www.viglink.com/opt-out/

      1. Haku

        Re: Ghost redirects.

        I don't really trust an advertising company's opt out system, so I put these two lines into my "c:\windows\system32\drivers\etc\hosts" file:

        127.0.0.1 api.viglink.com

        127.0.0.1 cdn.viglink.com

        It stops the redirect code from loading in the first place, and also eliminates viglink's ability to track every link clicked on a site that uses them.

        .

        Oh and on the subject of redirects, I keep getting redirected to CloudFlare's captcha site to prove I'm not a robot every time I press the Preview or Submit button on this post. WTF is going on?

        1. Michael Thibault

          Re: Ghost redirects.

          "so I put these two lines into my... hosts file:

          127.0.0.1 api.viglink.com

          127.0.0.1 cdn.viglink.com"

          These have been included in the hosts file available through the link below from at least mid-September of this year.

          http://winhelp2002.mvps.org/hosts.htm

          Edit: using the full path for hosts, in single quotes, seems to require that I jump through a Captcha hoop. Me no like, as it seems to require something from google.something, and I just cannot be arsed to find out what... I have to update my hosts files.

      2. VinceH

        Re: Ghost redirects.

        "I've not heard of them before, so found there's an opt out thing if you visit https://www.viglink.com/opt-out/"

        I would imagine that works using a cookie. If so it's not much use if cookies are wiped automatically when you quit the browsing session.

  5. Anonymous Coward
    Anonymous Coward

    OTOH

    more and more sites are detecting that you are using an Ad blocker and complan to you about it.

    One or two just refuse to let you get past the home page.

    That shows just how much data they have on you and your browser just from loading their home page.

    That alone should be worrying.

    1. tiggity Silver badge

      Re: OTOH

      If they do not let you past the home page then it's their loss as you won't be recommending their web site - there's nearly always an alternative option for news..

      Still waiting for widespread adoption of micro payments so you can support web sites you like without the big security risk of ads.

      As security is a key reason to block ads due to the many instances of malware served via ads.

    2. Anonymous Coward
      Anonymous Coward

      Re: OTOH

      Most of them just cover the page with their own ad, which is nice, since you can just block their ad-blocker detection script and they'll never know the difference. Unfortunately, I've seen one or two that use the ad-blocker detection script to actually load the page content. Those are more annoying to deal with if you actually want the content.

    3. RyokuMas
      Boffin

      Re: OTOH

      The stupid thing is that nine times out of ten I have found that these so-called "anti adblocker" measures can be thwarted with a little bit of web know-how: a quick "display: none" on the whinge message and black-out overlays, usually with an "overflow: auto" on the body in your browser's dev tools and you're back to full functionality.

      Of course, there are some that do some funky javascripty page corruption, but they just get added to my "do not allow javascript" list.

      The stupid thing is, I am not anti-adverts - I appreciate web pages have to make some kind of return somehow. But until the size, positioning, total on-page space and allowed content are severely restricted, my blockers will stay on.

      1. Alan Brown Silver badge

        Re: OTOH

        " But until the size, positioning, total on-page space and allowed content are severely restricted"

        Amen.

        There's nothing like jumping out of your skin because of a LOUD web banner ad taking over the speakers to convince people that ad blockers are a good idea.

      2. Samizdata

        Re: OTOH

        I don't mind them as long as they mind their own business. But I have also had pages stall loading because of issues with their ad provider...

    4. Sureo

      Re: OTOH

      It's not just ad blockers, using a VPN can trigger captcha blocks. Even Google search does it. I hate the damn things and always find somewhere else to go.

  6. Mystic Megabyte
    Unhappy

    NoScript no work

    On Firefox 57.0.1 I've had to disable NoScript. The UI is terrible and some sites just won't load. It's a shame because I've used it for years, maybe it will be fixed soon.

    1. ThaumaTechnician

      Re: NoScript no work

      Switch to uBlock Origin. I give it three thumbs up!

    2. Anonymous Coward
      Anonymous Coward

      Re: NoScript no work

      Firefox 57 is unfit for purpose.

      I downgraded to 52.0.2 via manual download and (having learned the hard way once before) yanking my computer offline so that it didn't instantly queue an update on startup before I'd had the opportunity to disable automatic updates.

      1. VinceH

        Re: NoScript no work

        Firefox 57 - and the NoScript UI on it - is what finally kicked me into installing Palemoon on my Linux box. (I've been using it on this Windows laptop since buying it, but I left Firefox on the Linux desktop at home.)

    3. Pseu Donyme

      Re: NoScript no work

      It seems updating to 57 also broke Request Policy (continued). :( This is why I dread updating Firefox. While any apparent change tends be just some rearrangement of the UI (usually pointless and annoying as such) you can be pretty sure that they have somehow managed to make existing addons incompatible and I'm at least forced to update those as well - if I'm lucky - if not, there is no compatible version.

    4. joed

      Re: NoScript no work

      I had the same initial reaction, but then NoScript was ported to the new Firefox and most of the annoying initial issues got resolved. I was trying to compare the way it works in Palemoon/ESR vs FF 57+ and most of the functionality (that I care) seems to present. Drop some coin this holiday for the man behind NS as his work has no substitute (no matter what flavor of FF you preferred).

      1. sloshnmosh

        Re: NoScript no work

        I could be wrong but I believe that Mozilla changed it's API's because of a serious bug that could allow a malicious browser extension to use legitimate extensions to Pwn your device.

        https://arstechnica.com/information-technology/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/

        (But I hate the new Firefox anyways)

      2. sloshnmosh

        Re: NoScript no work

        "Drop some coin this holiday for the man behind NS as his work has no substitute (no matter what flavor of FF you preferred)."

        Amen to that!

        Donate to developers that deserve it.

  7. The Dogs Meevonks Silver badge

    I'm currently using a combination of Adblocker ulitmate, Privacy badger, Disconnect and Noscript... In the past I did also use ghostery, but dropped it because it wasn't doing it's job very well, and then discovering it could be phoning back data to it's devs.

    Noscript is an essential tool for everyone in my opinion, and whilst the new version has some flaws, it's improved a lot since it was updated to work with the new Firefox Quantum.

    Any website that shows an adblock complaint, is normally ignored and immediately added to the noscript block lists... as are sites that try to load dozens of scripts. My mum asked me to send an xmas card to her niece in Canada... but when moonpig wanted to load more than 40 scripts... I refused.

  8. King Jack
    Unhappy

    Ghostery is crap

    Had to bin it. The 'Ghost crew' spend too much time fucking things up so that sites break. Got fed up of tinkering with it to fix things. It looks nice, but so does a polished turd. The old Ghostery just worked.

  9. sloshnmosh

    uMatrix

    What? No mention of uMatrix?

    It works even with the new Firefox API's.

    1. sloshnmosh

      Re: uMatrix

      I think uMatrix is the easiest to use personally. Easy to tell if a website is broken by what script is blocked. Internal HOSTS files, custom user rules.

      https://github.com/gorhill/uMatrix

  10. Tree
    Big Brother

    A shame we have to do this

    There are some evil people out there that want to know all about you. I am not afraid to call a blimp a blimp. Are you afraid to call an illegal alien a criminal? Google: "It is none of your business what we think!"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon