[calrueb]

I'd be curious to hear from someone that feels strongly about blocking first-party front end tracking. I generally assume that whatever website I am on would have a good sense of what I am up to just based on server side logs. Sure, if I block 1p logging they might not have a down to the second understanding of how long I am impressing on something, but overall I feel the point is moot.

[ignoramous]

> I'd be curious to hear from someone that feels strongly about blocking first-party front end tracking.

3p tracking masquerading as 1p is here already. Ex A: https://github.com/SukkaW/cloudflare-workers-async-google-an...

DNS-based content blocking was always trivial for trackers to bypass. Deeply integrated plugins like uBlockOrigin in Firefox are the only way out. With "Manifestv3", Chrome's making sure that even that level of integration may not be enough. 70%+ of the 4.5B internet users use Chrome.

For mobile apps... well, the writing is already on the wall.

[matheusmoreira]

So uBlock Origin is capable of blocking first party trackers? Amazing!

[hn_throwaway_99]

Yeah, this take on "I also try to block first party tracking" is just weird in my opinion, or at least impossible (beyond just normal cookie blocking tools).

The ways most sites utilize AJAX and JS, there is just no consistent way to block "tracking calls" vs. blocking requests needed for particular pieces of functionality and data.

[matheusmoreira]

> there is just no consistent way to block "tracking calls" vs. blocking requests needed for particular pieces of functionality and data

At some point, browsers will gain firewalls and packet inspection and filtering capabilities.

We should be able to inspect the data sites are sending and receiving asynchronously via Javascript. We should be able to automatically delete or redact private information from JSON payloads. What if uBlock Origin could automatically anonymize unique identifiers that some Javascript code is trying to exfiltrate?

[abestic9]

I would expect to see ad/tracker blocking technology to advance as the users encounter more invasive types of tracking. But what if the server requires that information as part of a request to serve content in it's response?

This will always be a cat and mouse issue, and unfortunately right now most of the authority is on the server side. The data-driven web that TimBL envisions is just not profitable enough and content has to be heavily intertwined with distractions and trackers to monetise us cattle. See RSS.

[forgotmypw17]

Exactly, there is a lot of trust involved, even without executing JavaScript, but especially when so. This is why I stay away from sites I don't find trustworthy.

I also close the tab if I'm presented with a paywall, a modal newsletter subscription prompt, impossible cookie banners, etc.

I think of it as a "the medium is the message" type of thing, and if the medium is tainted then the message can't be any better, so why read it?

[forgotmypw17]

I think there is a certain amount of implied trust when visiting a site, especially with JavaScript.

Just like if I visit someone's house, I trust them to not look through my bag while I'm not looking, even though they easily can.

And when that trust is gone, it's pretty much gone for good, just like if I go to a venue and find out they rummaged through my coat pockets, I'm not going back.

Maybe not everyone thinks this way, but I sure do. I consider an untrustworthy website to be tainted. It is unlikely to produce enough benefit to outweigh whatever they may be getting up to, whatever it may be. And the sooner I cease investing time in it, the quicker I can find a new alternative and begin building trust with them.

[matheusmoreira]

It's tracking. All tracking should be blocked on principle. I don't want them to have any data about me at all. Failing that, I want them to have as little data as possible. And I want whatever little data they have to be useless to them.

> I generally assume that whatever website I am on would have a good sense of what I am up to just based on server side logs.

True. We can't stop the site from logging HTTP requests.

Maybe we can find a way to poison that data set though. What if we had a custom reddit client that generated random traffic to random subreddits in the background? Maybe that would pollute their logs enough that they can no longer build an accurate profile out of it.

> if I block 1p logging they might not have a down to the second understanding of how long I am impressing on something

Good. I don't want them to know. They should remain in perpetual uncertainty about whether their mindhacking methods are working.