Hacker News new | ask | show | jobs
by ihsw 3903 days ago
Zombie cookies in particular are insidious -- while you are actively trying to conceal your identity by proactively deleting cookies or using incognito mode, your ISP re-adds them without your consent.

This kind of aggressive and underhanded behavior should be shamed as it violates the trust that users have in their ISPs.
1 comments
manigandham 3903 days ago
A lot of this came about because of the "war" on the 3rd party cookie which was unfairly demonized.

I get why zombie cookies are bad as it takes control away, but what is the issue surrounding plain tracking of behaviours? So what if a company knows the history of sites you've visited - what does this do against you?

link
fuzzywalrus 3903 days ago
Since this is tied to an account, it means data that never dies. While currently unlikely, imagine being vetted for a job by the websites you visit. Do you want an employer to be able to purchase your online history? There's more to hide the the usual things like pornography or political sites. Imagine you've visited several competitor employers, including past job listings. One could easily deduce you likely applied and failed if the job listings no longer exist and you're applying for this new job. Perhaps this makes for a lower offer on the new employers behalf.

I could invent many hypotheticals in this vain but privacy is something worth protecting.

link
manigandham 3903 days ago
Makes sense. Isn't this more of an issue of discrimination and what data a company can have access to?

Are employers getting access to search data today? I'm not sure that's happening. Most 3rd party tracking isn't that accurate in coming up with interests/segments for the user in the first place and 1st party data is well protected in that it's what gives the holder value.

I think privacy is important, but there a lot of levels here and browsing history (while valuable) for advertising is not as big of an issue as other wholesale data collection that we see out there.

link
thephyber 3903 days ago
> Are employers getting access to search data today?

The more it's used, the cheaper it becomes to collect and sell. The issue is never about how it is used today; always about how it can be used in the future.

You can always find a way to work for yourself and avoid passing an employer background check. I'm more worried about political parties and private eyes -- blackmail, extortion, ugly divorce proceedings, etc. This can have a chilling effect on free speech and curiosity.

The Jacob Applebaum talk explaining linkability.[1]

Anyone who has access to any website where you logged into an account you publicly admit to owning can link your public identity to any private/anonymous persona, given another marketing data source. Verizon "owns the data", but not really. They are the original owner of the data, but eventually Expirion (target of the recent T-Mobile-Experion data theft) and the other credit reporting agencies will have your X-UIDH. Facebook, Twitter, and Google will know as soon as you log in once. They will be able to identify all of your accounts, perhaps even if you use a VPN.

As with any other high tech tracking, the average end-user is either unaware of the zombie cookie or unaware of the full capabilities of the linkability of it.

[1] https://www.youtube.com/watch?v=HHoJ9pQ0cn8

link
xyzzy123 3903 days ago
You're making the https://en.wikipedia.org/wiki/Nothing_to_hide_argument except for corporate surveillance instead of state surveillance.
link
manigandham 3903 days ago
Not making an argument - I'm trying to get real examples of everyone's argument of what they're losing, in terms of actual effect against them.

I get that most people have uninteresting data but don't want it collected anyway, but what happens if it is? (Because it is right now). What is it doing to them today? More targeted ads? More spam? More...? That's what I'd like to know.

link
unprepare 3902 days ago
Anytime you are questioning privacy, you can simply make it about clothing to immediately show how ridiculous anti-privacy statements really sound.

>I get that most people have uninteresting genitals but don't want it seen anyway, but what happens if it is? (Because it is right now). What is it doing to them today? More targeted ads? More spam? More...? That's what I'd like to know.

>What exactly is the big aversion to nudity? The vast majority has shown (via actions, not internet noise) that they don't care so what exactly is the big downside? Not arguing for/against, just want to know reasons beyond "i just dont like it".

I'm not saying you're taking a stance against privacy by any means, but changing only a single word in your statements makes them laughable. Would you tell someone embarassed about a wardrobe malfunction in public that you just couldn't understand why they would feel uncomfortable? How about someone who is the victim of identity theft? Now extend that to someone who's entire internet browsing history was made available to corporate and governmental institutions.

I don't want my privacy violated because it makes me feel violated - why should anyone need a better reason than that?

lastly, think about what we would classify as 'creepy facebook stalking' by a person - why should corporations and governemntal institutions be immune to that creepy classification?

link
vitd 3903 days ago
One thing that appears to be happening is that some companies are selling information about which users are going to medical sites like WebMD and what they're viewing. I'm concerned that my insurance rates will change because I looked up an obscure disease. I can't prove that that the data is being used that way, yet, but it concerns me.
link
Retra 3903 days ago
They're losing trust, control, and piece of mind. Like if a bully comes up to you and pretends to punch you in the face every day: you can't just say "oh, I'm not hitting you" and think what you're doing is ok. It forces people to be cynical and defensive, and people don't want to be cynical and defensive.
link
ChrisLTD 3903 days ago
Please, publish your browser history on Pastebin and let's see what we can figure out about you.
link
manigandham 3903 days ago
Ok, I get it. But then what? How is this being used against you? Better (so called) ads? Is it just a innate feeling of not wanting it tracked?
link
rnovak 3902 days ago
It's 2015 and you've never heard of Social Engineering?

It takes a small attack surface and multiplies it exponentially, making you more vulnerable to any criminal out there.

Is not wanting your identity stolen enough of a reason?

link
manigandham 3900 days ago
What does social engineering have to do with this? What about Facebook/Twitter then - considering how much information people willing share?

Social eng. is more of an issue in dealing with people and public information, not private analytics.

link
rnovak 3900 days ago
Again, you're making the argument that because someone doesn't understand how something can affect them negatively that you should be allowed to take advantage of that.

That is literally called FRAUD in the US: "the deception of someone for the purpose of financial gain".

and stop calling it private, it wont be fucking private when (not if, but when) your network gets breached.

All the big tech companies have had data breaches, but suddenly your network is going to out-shine them all? God that's laughable.

Oh, and when that happens, you will be sanctioned by every consumer protection agency, and bankrupted by class-action suits. Have fun!!!

link
Karunamon 3903 days ago
It's not just "a company", it's many companies. They're injecting this header into every request you make which is visible to the servers you connect to.

It makes any positive steps you've taken to protect your privacy utterly meaningless.

link