Amazon creepy ...

[Carol Haynes]

OK I have a customer that needs Office 2003 SBE reinstalling but the disk has gone missing (I extracted the license key from the system that died).

Searched to see if I can find a legitimate ISO to download in Google.

Went Amazon to check on an order - first item on the home page Office 2003 SBE

How did they do that? And how do I stop it.

I know it is something to do with cookies but I didn't think all websites could access all your cookies or Google Search - but does Amazon actually have instant access to my Google seeach history!

[mouser]

I don't know the answer to your question but its just another reminder of how pervasively inappropriate this situation is that we find ourselves in with Google.

Google wants to track everything you search for (and write about in your emails) so that it can serve up advertisements based on what you type, on ads on every page on the internet.

That means that *every* site you visit can get a good idea of your interests by examining the ads that google wants to display on their page -- even if they don't actually care about showing you the ads themselves.

[Renegade]

Welcome to BIG DATA~!

All these companies sell data to everyone, and they do it really fast. I've noticed similar situations numerous times.

To stop it or slow it down, make sure that you are not logged into anything and turn off cookies.

Did you see that Rand video that I'd posted a while back? Spooky stuff.

[Carol Haynes]

It wasn't an ad - it was Amazon promoting a product (which they don't even sell) based on something they knew I was looking for. The scary thing is Amazon knew about this immediately after I did a google search.

[Renegade]

It wasn't an ad - it was Amazon promoting a product (which they don't even sell) based on something they knew I was looking for. The scary thing is Amazon knew about this immediately after I did a google search.

-Carol Haynes (March 09, 2013, 06:38 AM)

Exactly. Big Data. What they can do is simply spooky. It's not a coincidence. They don't need to serve ads when you're already in the store.

[f0dder]

Hummm, tried to repeat it - fired up Chrome, googled for "Office 2003 SBE". Didn't click anything, the went directly to amazon.co.uk (not logged in to my account), no references to Office. Tried amazon.com, still no dice.

In my main browser (firefox), I've got AdBlockPlus, NoScript and Ghostery. I never see any targeted ads

[Renegade]

^^ That's not surprising. They build profiles on you, so unless you fit into some kind of profile, it could take a while to see it if at all.

[xtabber]

How did they do that? And how do I stop it.

I know it is something to do with cookies but I didn't think all websites could access all your cookies or Google Search - but does Amazon actually have instant access to my Google seeach history!

-Carol Haynes (March 09, 2013, 06:10 AM)

There are many ways this can be done, but most likely you just have 3rd party cookies enabled. You need cookies enabled for most web sites to function, but in almost all cases, 3rd party cookies serve no useful purpose other than targeted selling.  You can disable 3rd party cookies without disabling all cookies in most browsers. Or install Ghostery, which can tell you who is using them and disable them selectively.

I use Opera for most of my general web browsing, but I use Firefox for online shopping, and clear cookies using Cookie Culler (My #1 add-on for FF) after nearly every session.  I sometimes use Chrome on my Android devices, but I don't have it installed on any PC, except in a VM.  When shopping on Amazon, I will often clear cookies several times during a single session, and always after making a purchase.  Amazon is simply amazing in the lengths to which they will go to track every customer--even more so than Google.

For a depressingly thorough look at the many ingenious ways advertisers track you online, I recommend Joseph Turow's book The Daily You.  Note that it may be somewhat too technical for many readers.

[Deozaan]

My guess is that you have some sort of plugin that searches a bunch of search engines. I have Invisible Hand installed and so when I view an item on one site, it will search for the best price on NewEgg, Amazon, Best Buy, etc., which will make it appear in my view history (or whatever) for all those sites, including Amazon, since I tend to leave myself logged in.

[Carol Haynes]

My guess is that you have some sort of plugin that searches a bunch of search engines. I have Invisible Hand installed and so when I view an item on one site, it will search for the best price on NewEgg, Amazon, Best Buy, etc., which will make it appear in my view history (or whatever) for all those sites, including Amazon, since I tend to leave myself logged in.

-Deozaan (March 09, 2013, 12:18 PM)

No I don't have anything like that installed.

There are many ways this can be done, but most likely you just have 3rd party cookies enabled. You need cookies enabled for most web sites to function, but in almost all cases, 3rd party cookies serve no useful purpose other than targeted selling.  You can disable 3rd party cookies without disabling all cookies in most browsers. Or install Ghostery, which can tell you who is using them and disable them selectively.

-xtabber (March 09, 2013, 12:03 PM)

I will check Ghostery out and the article you linked. Thanks.

[f0dder]

I will check Ghostery out and the article you linked. Thanks.

-Carol Haynes (March 09, 2013, 12:49 PM)

Note that the people behind Ghostery are kinda-involved with advertising, and there's a lot of tinfoil hat flak because of this.

However, Ghostery is better than not using anything of the sort, and as long as you don't join the "GhostRank" (off by default) there shouldn't be any privacy concerns. I like the addon (seems to be better in ffox than chrome, btw - no cookie blocking in chrome).

[mwb1100]

Did you visit any of the search results from your googling?  I'm by no means particularly knowledgeable in this stuff, but I wouldn't be surprised if one of the sites that you visited (assuming you did) has some sort of affiliation with Amazon and passed your interest in Office 2003 SBE on to them in some fashion.

[app103]

Did you visit any of the search results from your googling?  I'm by no means particularly knowledgeable in this stuff, but I wouldn't be surprised if one of the sites that you visited (assuming you did) has some sort of affiliation with Amazon and passed your interest in Office 2003 SBE on to them in some fashion.

-mwb1100 (March 09, 2013, 01:31 PM)

Or perhaps a result that had a Facebook plugin of some sort active on the page? (comments, like button, etc.)

Facebook and Amazon may be sharing data. If this is the source, Ghostery can block this kind of behavior by blocking social plugins..

[f0dder]

Facebook and Amazon may be sharing data. If this is the source, Ghostery can block this kind of behavior by blocking social plugins..

-app103 (March 09, 2013, 02:39 PM)

Yeah, and you do want this! Even if you've disabled the facebook app platform and aren't logged in to facebook, any site that has a like button or comment field will track you back to facebook. It's not unreasonable to think that other big sites are doing the same.

[4wd]

And possibly install Collusion so you can see who's sharing what with who even though you haven't visited the "other" site.

IainB started a thread on Collusion over here.

[f0dder]

And possibly install Collusion so you can see who's sharing what with who even though you haven't visited the "other" site.

-4wd (March 09, 2013, 07:36 PM)

Tried that - even with noscript, adblock and ghostery, it gets reaaaaally big and messy (and unusably slow) really fast

[4wd]

And possibly install Collusion so you can see who's sharing what with who even though you haven't visited the "other" site.

-4wd (March 09, 2013, 07:36 PM)

Tried that - even with noscript, adblock and ghostery, it gets reaaaaally big and messy (and unusably slow) really fast

-f0dder (March 10, 2013, 12:04 PM)

You forgot to block/forge Referers also - I've had them forged for almost three months and Collusion has been completely blank since then.

Only 6 sites are whitelisted for sending the normal Referer.

[f0dder]

Tried that - even with noscript, adblock and ghostery, it gets reaaaaally big and messy (and unusably slow) really fast

-f0dder (March 10, 2013, 12:04 PM)

You forgot to block/forge Referers also - I've had them forged for almost three months and Collusion has been completely blank since then.

-4wd (March 10, 2013, 04:29 PM)

Hm, you're probably right - not sure how much data gathering is done via referrer, but it's a data point at any rate.

I wonder how much stuff would break and need whitelisting? NoScript isn't too bad, but much more hassle than that and it's too bothersome. Ah well, I guess I'll give RefControl a try - considered installing it back when I read the Collusion thread, but decided not to based on some of the user reviews. Ah well, here we go

[4wd]

Ah well, I guess I'll give RefControl a try - considered installing it back when I read the Collusion thread, but decided not to based on some of the user reviews. Ah well, here we go

-f0dder (March 10, 2013, 06:03 PM)

You could try just using Change Referer Button instead and have it set to Mode 1, (use the dest page as the referer).

That way you should get the same result but without the whitelist, plus you can easily toggle between it's modes when you need to for a particular site.

Sites that may break are those that get their images from elsewhere and those with download links pointing elsewhere with anti-leech checking, (I've got a whitelisting for a couple of those).

Also Webmin wants to know your referer

[f0dder]

Well, I'm giving RefControl a go - it's either full-gungho whitelisting or nothing at all, can't see much point in middle ground . So far I'm setting it up to always set http://www.google.com as the referrer, as that's kinda plausible (well, except you'd probably usually have a query string, but... whatever ).

Btw, how'd you get the collusion graph entirely black? Normally it shows the sites you've visited?
(First whitelist - DoCo wants referrer when you post :-))

[Renegade]

Big Data also operates outside of your browser.

e.g. If you use a grocery store loyalty card, they are selling data to insurance companies, so if you buy too much junk food, your health insurance premiums could go up.

Your phone is also a good source of data. Information is collected about what you do, where you go, what games you place, what ads you click, etc.

It is incredibly pervasive and will only become more pervasive.

Is your TV reporting what TV shows you watch? Are you ready for smart refrigerators that know what cooking shows you watch and what you buy at the grocery store and which stores you go to, as well as adjacent stores that might have a special on your favourite foods? It's almost here.

Don't think that simply protecting your browser will solve the problem. That's just the front flank, and you are being surrounded on all flanks.

[4wd]

Btw, how'd you get the collusion graph entirely black? Normally it shows the sites you've visited?

-f0dder (March 10, 2013, 06:29 PM)

I thought it only showed sites that make connections to other sites when you visit, (whether by referer, etc).

As such, having the referer set to the dest site means there is, (in theory), no site-to-site reference to be tracked, (assuming no 3rd party cookies, etc).

Not sure, I'll have to play around with it a bit and see what exactly it logs.

So far I'm setting it up to always set http://www.google.com as the referrer, as that's kinda plausible (well, except you'd probably usually have a query string, but... whatever ).

http://www.google.co...put=search&q=sex - give them something to think about 

Meanwhile at the site for Bible Studies:
IT: He got to our site by searching for sex?
Minister: Whatever works.

[f0dder]

Renegade: yep, it's outside the browser - which is a good reason I don't use customer loyalty cards. Theoretically that kind of tracking can be done through my credit card debit card, but I believe that's illegal here in .dk - or perhaps it's "just" a violation of ISO/PCI compliance. Obviously doesn't stop the PET from x-ref'ing my purchases for stuff that can be used to make bombs or drugs, and it doesn't stop those records from being sent to .us intelligence (all transactions get dumped on a daily basis).

While the browser isn't the only way of collecting data, it's by far the easiest to harvest from - and I reckon that for most people, it's also where the most compromising/embarassing/whatever kinda data could be extracted from. So it makes sense to panzer your browser

What worries me most about all this Big Data stuff is companies selling or swapping data. I don't really mind Amazon giving me offers based on my browse/purchase history at amazon, but I don't want that data going anywhere, and I don't want any outside data effecting those suggestions.

4wd: default Collusion settings under 'filters' is "show cookie-based connections" and "show non-cookie-based connections" both enabled - for me, that shows a node for every site I've visited (and 3rd party sites those sites have pulled resources from...) - the only edge at the moment is DoCo<>PayPal, though. Before adding RefControl (and resetting Collusion), I had an insane amount of edges within a few couple of days, and after a week or so the Collusion UI ran at less than 1fps . It's already super slow now, and showing Collusion in a separate browser window slows down the rest of firefox massively - it's only really useful to open it in a tab, look a bit at the graph, and close the tab again.

Also, I wish RefControl were a bit more flexible - "3rd-party requests only" should be changed to a dropdown with that option and "1st-party requests only". That way the default could be block/forge, a very few trusted sites would be "normal", and some of the pesky sites would have "1st-party only normal" which would handle their internal referrer checking, but block referrer for 3rd party sites. Or perhaps what I really want is an "advanced" mode that lets me do some regex matching

[Renegade]

What worries me most about all this Big Data stuff is companies selling or swapping data. I don't really mind Amazon giving me offers based on my browse/purchase history at amazon, but I don't want that data going anywhere, and I don't want any outside data effecting those suggestions.

-f0dder (March 11, 2013, 08:02 AM)

Worry. Worry a lot. Because Big Data are an incestuous bunch that spill their data loads all over each other in an orgasmic frenzy of marketing... Ummm... I'm starting to become a bit obscene. But I think I've nailed the point. (I really meant that stuff above -- it's coming.)

(A part of the work I do involves Big Data and profitability on a very large scale.)

[f0dder]

But I think I've nailed the point. (I really meant that stuff above -- it's coming.)

-Renegade (March 11, 2013, 09:03 AM)

Oh, I didn't mean worry as in "I'm worried if it will start happening", but "I'm worried what the implications are" - I know the bastards are already being bastards. Which is why I try to reduce my footprint a bit - though not going to an all-out-paranoid level