| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Sep 2007 12:30:37 -0600 From: "Thomas Coppi" <thisnukes4u@...il.com> To: "Marcin Wielgoszewski" <marcinw86@...il.com> Cc: kristian.hermansen@...il.com, full-disclosure@...ts.grok.org.uk Subject: Re: Google Tracking On 9/15/07, Marcin Wielgoszewski <marcinw86@...il.com> wrote: > dre posted about "Using Google Analytics to Subvert Privacy" several > days ago here: > > http://www.tssci-security.com/?p=303 > > The fact is, you can't block Google Analytics using NoScript unless > you inspect all JavaScript running on every website. This is because > any site can download the urchin.js code locally and host it on their > own site. If you set NoScript to implicitly trust a domain, one that's > running urchin.js, you're tracked. The best way to prevent GA from > tracking you is to block all cookies globally, only allowing cookies > for domains you implicitly trust. > > See the post for more details. > The CustomizeGoogle Firefox extension has an option to prevent cookies from Google Analytics and also to "Anonymize the Google cookie UID", whatever that means. > -- > Marcin > > > On 9/15/07, Cyberheb <cyb3rh3b@...il.com> wrote: > > > > "Noscript is ur friend"?! > > > > Beside using that firefox add-on to block the google-analytics thing, you > > can also use the anonymity tools to hide from other analysis tracking > > application. > > > > - h3b > > > > On 9/15/07, Kristian Erik Hermansen <kristian.hermansen@...il.com> wrote: > > > > > > It appears to me that Google has the ability to know nearly all the > > > sites you have visited because many larger web presences utilize > > > Google Analytics. What this means is that Google is continually > > > compiling data on every visitor across the Internet. If they like, > > > they should have the ability to tie this to any Google services > > > account you operate. Thus, perhaps they can search your Google user > > > id and see nearly all the web sites you have ever visited across the > > > Internet (not necessarily using their search engine, mind you). > > > Pretty cool, or scary, depending on which side of the fence you sit. > > > > > > Now, correct me if I am wrong here, but I would like to hear from > > > anyone who utilizes Google Analytics and believes this is not the > > > case. Does the EULA suggest that Google is not tracking users across > > > the entire Internet? Just a random though I had. Maybe this is > > > widely known and everyone has taken proactive measures to hide this > > > data from Google already. It is merely as simple as blocking the > > > domain. Maybe there is a more elegant way to do it? > > > -- > > > Kristian Erik Hermansen > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Thomas Coppi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists