topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:27 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Amazon creepy ...  (Read 16666 times)

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Amazon creepy ...
« Reply #25 on: March 11, 2013, 03:34 PM »
4wd: default Collusion settings under 'filters' is "show cookie-based connections" and "show non-cookie-based connections" both enabled - for me, that shows a node for every site I've visited (and 3rd party sites those sites have pulled resources from...) - the only edge at the moment is DoCo<>PayPal, though.

Always have had those options enabled, I get nothing if I visit a site.  I might play around and see what I have to disable to get some nodes.

Those options do say "connections" though, I would have thought that meant you had to have at least a connected pair.

....it's only really useful to open it in a tab, look a bit at the graph, and close the tab again.

That's the only way I use it, I usually forget it's running for weeks at a time unless I've specifically installed something I want to test against it - then I'll check it every few days.

Or perhaps what I really want is an "advanced" mode that lets me do some regex matching :)

That'd be nice....I look forward to "f0dder's Referer Mangler"  ;D

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Amazon creepy ...
« Reply #26 on: March 12, 2013, 05:19 PM »
4wd: I think I've figured out why I get the Collusion behavior I do. Instead of blocking referrer by default, I had it said to spoof to a google.com address. I normally hit google.dk, so while referrer links pointed to www.google.com/somethingsomething, I had never actually visited that address. I think that could explain why Collusion shows a bubble for each site, but pointing to nothing.

After I visited google.ae (to make sure it existed) and set the spoofed referrer to hxxp://google.ae/search?q=midget+nazi+porn , all visited sites after that link to (surprise surprise) google.ae. This does look quite festive, but it also means Collusion is extremely slow - and the graph isn't very useful for spotting actual referrer problems. I guess it
would be saner to block by default rather than spoofing, but... spoofing is funnier :-[
collusion.pngAmazon creepy ...

Or perhaps what I really want is an "advanced" mode that lets me do some regex matching :)
-f0dder
That'd be nice....I look forward to "f0dder's Referer Mangler"  ;D
I think I already have some ideas for improvements, but I'm already spread pretty thin, and have never looked at extension development before. And I'd hate forking an extension, making some changes, and then not keeping it up to date. I also kinda think some of the ideas I have would be too large in scope for the RefControl author wanting to include it in his pretty lightweight plugin.

I'll mull a bit over this :)

EDIT: just reset Collusion and changed default RefControl action to block, visiting new sites pops up the individual bubbles again. I think I'll keep the setting at block - easier to see connections that way. And while Collusion slows to a crawl even with just the individual bubbles, adding edges (and the "node pull" that incurs) makes it even slower :)
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Amazon creepy ...
« Reply #27 on: March 12, 2013, 05:37 PM »
In addition to Adblock Plus, NoScript, Ghostery, Cookie Monster and RequestPolicy, I also use RefControl, which may be of interest to y'all. Together they make browsing new sites pretty painful, but once a site is set up how you like it it's all good.

Thanks for the tip on Collusion.

Ehtyar.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Amazon creepy ...
« Reply #28 on: March 12, 2013, 06:03 PM »
... spoofing is funnier :-[ (see attachment in previous post)

I think you may spawn a whole new competition: "Who can create the most artistic web of Big Data?"

 ;D

Still no idea why I get a completely blank graph but I do run a few anti-trackme addons, (don't forget to turn off 3rd party cookies also), and all cookies are session only, (all data is session only, I don't have any drive based cache).

Addons: AdBlock+, Better Privacy, Change Referer Button, Ghostery, HTTPS Everywhere, RefControl
Userscripts: Google Hit Hider by Domain, Google Search Better Privacy, Kill AddThis Mouseover, NoMiddleMan, RedirectionHelper, StraightGoogle

One day I'll have to go through them since I'm sure there's duplicated functionality there.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Amazon creepy ...
« Reply #29 on: March 12, 2013, 06:58 PM »
In addition to Adblock Plus, NoScript, Ghostery, Cookie Monster and RequestPolicy, I also use RefControl, which may be of interest to y'all. Together they make browsing new sites pretty painful, but once a site is set up how you like it it's all good.

Thanks for the tip on Collusion.

Ehtyar.

Sounds brilliant ... really secure browsing ... painfully slow and almost no functionality beyond plain text and pictures ;)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Amazon creepy ...
« Reply #30 on: March 13, 2013, 02:31 PM »
Sounds brilliant ... really secure browsing ... painfully slow and almost no functionality beyond plain text and pictures ;)
-Carol Haynes (March 12, 2013, 06:58 PM)
Painful to set up, perhaps, but after that it should be faster than regular browsing...

RequestPolicy seems like a decent extra for the security minded - probably covers some of the stuff I want(ed) in RefControl. I'm sure their functionality could be combined and UX-improved, though :P. Anyway, going to take RequestPolicy for a spin, thanks for mentioning it, Ehtyar!
- carpe noctem

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Amazon creepy ...
« Reply #31 on: March 13, 2013, 05:14 PM »
Ah, already liking RequestPolicy!

Been browsing around for a couple of hours (since the last post, basically), and have probably visited more unique sites than I had before the previous Collusion graph I posted... and yet this is the result:

collusion-2013-03-13@23.08.pngAmazon creepy ...

Also, pageloads generally seem a bit snappier - no wonder, there's plenty less HTTP requests, plenty less data being transferred, and plenty less USELESS JavaScript being executed. And I'm talking useless as in "stuff that doesn't affect my experience", not useless as in "js is a useless language" :-)
- carpe noctem

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Amazon creepy ...
« Reply #32 on: March 13, 2013, 11:03 PM »
Interesting that you have a lot of 3rd party sites that show no connection to a visited site - are they due to cookies or referer?

EDIT: Forgot, are you still forging the referer 'cos that would explain it.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Amazon creepy ...
« Reply #33 on: March 14, 2013, 07:42 AM »
Nope, not forging now, blocking - if I were forging, all sites would be connecting to the one forged referrer (btw, when I say "forge" I mean "forge with a custom string", not "forging to site base address" which is RefControls (somewhat badly chosen, IMHO) definition of "forge").

Most of the bubbles (probably 90%) on the above screenshots are sites I've actually visited - a few being legitimate external requests that I've let through RequestPolicy. I haven't done any thorough tests, but I think that any requested site, cookies or not, ends up generating a node. Edges obviously represents referrers.

I block 3rd-party cookies, but other than that I do allow them, and I don't wipe them after sessions have terminated. There's a lot of places where cookies are required or just pretty darn convenient. Dunno if there's much use in being über-watchful of cookies once you disallow 3rd-party ones? Especially with all the other filtering being done by extensions?
- carpe noctem