| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cb63c2fc0709151018j6f058fa5rddc141f243f7bb58@mail.gmail.com> Date: Sat, 15 Sep 2007 10:18:09 -0700 From: "Marcin Wielgoszewski" <marcinw86@...il.com> To: kristian.hermansen@...il.com, cyb3rh3b@...il.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Google Tracking dre posted about "Using Google Analytics to Subvert Privacy" several days ago here: http://www.tssci-security.com/?p=303 The fact is, you can't block Google Analytics using NoScript unless you inspect all JavaScript running on every website. This is because any site can download the urchin.js code locally and host it on their own site. If you set NoScript to implicitly trust a domain, one that's running urchin.js, you're tracked. The best way to prevent GA from tracking you is to block all cookies globally, only allowing cookies for domains you implicitly trust. See the post for more details. -- Marcin > On 9/15/07, Cyberheb <cyb3rh3b@...il.com> wrote: > > "Noscript is ur friend"?! > > Beside using that firefox add-on to block the google-analytics thing, you > can also use the anonymity tools to hide from other analysis tracking > application. > > - h3b > > On 9/15/07, Kristian Erik Hermansen <kristian.hermansen@...il.com> wrote: > > > > It appears to me that Google has the ability to know nearly all the > > sites you have visited because many larger web presences utilize > > Google Analytics. What this means is that Google is continually > > compiling data on every visitor across the Internet. If they like, > > they should have the ability to tie this to any Google services > > account you operate. Thus, perhaps they can search your Google user > > id and see nearly all the web sites you have ever visited across the > > Internet (not necessarily using their search engine, mind you). > > Pretty cool, or scary, depending on which side of the fence you sit. > > > > Now, correct me if I am wrong here, but I would like to hear from > > anyone who utilizes Google Analytics and believes this is not the > > case. Does the EULA suggest that Google is not tracking users across > > the entire Internet? Just a random though I had. Maybe this is > > widely known and everyone has taken proactive measures to hide this > > data from Google already. It is merely as simple as blocking the > > domain. Maybe there is a more elegant way to do it? > > -- > > Kristian Erik Hermansen > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists