MetaFic

. . . and that (*) I put in there . . . while I like to tool, I think the author is a complete jerk. He's deliberately sabotaged in the past the Ad Block system by modifying that plugin so that the ads on *his* page don't get filtered. It resulted in a cold war of sorts between the authors of those two extensions, until they got slapped down by Mozilla collectively.

It's particularly irritating because the default behavior is to reload the author's home page on every nit-picky update, and the guys finds a reason to "update" the plugin almost daily. Thus, he gets lots of Ad Words revenue, I'm sure. It's kind of pathetic all around.

To disable that one flaw in the otherwise useful tool, you can go to the Add-On properties, hit the tab for Notifications, and uncheck the "Show release notes for updates" box.

Honestly? I don't know what you are talking about. I go there, it works, I read and we all get along fine. So I'm nost sure what you are concerned about. Is there another way of explaining it?

. . . this isn't an obvious or simple answer. I'll try to put it in terms that will make sense, though I apologize if this comes off as insulting in some manner. I'm trying not be, but with such an unknown target audience technical level, it's hard to know where exactly to start.

I assume you know what cookies are in browsers/websites. Essentially, a website will store a bit of information about you in a small file on your computer -- this is cached in a cookie file. There are short-term cookies and long-term cookies, with things like your login name, dates, page browsing history, and so forth. Then there are the "secret" cookies -- flash multimedia cookies, websites that tuck away special cookies that want to keep them there forever -- those are some scary bits of information generally. A history of every flash file you've ever watched, for example. Moreover, with the right bit of code inside a web page, it's possible to read cookies from other websites. It's not supposed to be possible, of course, but that doesn't mean a lot as should be obvious to anyone who has paid even a slight bit of attention to "computer security" over the past 25 years. Things like the "Better Privacy" add-on wipe out the cookies websites leave behind, and they know how to wipe out the cookies that your browser "Delete All Cookies" doesn't actually delete.

Then there are the various web tracking services -- Google has a major one, of course, trying to log every website you visit. Some of the cookie data tag you uniquely, as well as your IP address, so when you visit a website that runs Google's little bit of code from google-analytics, well then Google knows who you are, where you went, when, and for how long. They claim this is just for better history knowledge to give you better ads on the pages you visit, and they don't use it for other purposes. Likewise with the 50-200 other "tracking" agencies online. Lots of studies have been done to show that (a) they *do* use that information for other purposes; (b) they turn it over when the government asks for it; (c) that even their token efforts to anonymize the data don't work and it's easy to reconstruct from their "sanitized" logs exactly who someone was. Tools like the "Targeted Advertising Opt-out (TACO)" go through the necessary steps to block many of these web-tracking services by installing specific cookies that opt-out of the service. The problem is that all services like this are opt-out, not opt-in, and you can't disable them. The best you can do is have a cookie that contains the magic handshake codes to get that service to not track you.

Tools like "Ad Block" and "Flash Block" are pretty straightforward -- they block ads and flash bits until you click on them and either enable for that particular moment, or choose to enable for all time (you can later revoke the permissions). Those are pretty useful, really, when it lets you view a web page and not have a 4 inch by 4 inch giant flashing animated advertisement trying to get your attention. Likewise the pop-up ads that prevent you from doing anything until you click on them just go away.

As for the scripting issue . . . almost all websites now use dynamic content, meaning that the content is generated on the fly based on various decision points. You might have dynamic content that comes from a database, like SIYE or FFnet, where the dynamic bits are the most recent stories, or reviews, or some such . . . and the static parts are the page layout template the dynamic content is stuffed into. Other bits of dynamic content deal with font sizes, tracking users (see prior comments), making sure you're still there and active or else auto-logout occurs, that sort of thing. Most websites have, over time, grown their own code for all kinds of services and only use external code from other websites for very specific things: presenting ads, or aiding and abetting the tracking of users across the Internet no matter where they go.

The original post is pointing out an interesting decision that FFnet made. Apparently, they did some infrastructure change, and now every time you go to FFnet, you're running some code from Microsoft. More than likely, this is for their "Bing" search system, but it's very hard to know exactly what that code from MSFT is doing every time you access their website. The concern is that because you don't know what they are collecting, or why, this is highly risky and of dubious merit to force upon users. People like you that don't know any better don't think about it. People that are aware of the issues, and how the technology really works, don't like to allow cross-site code injections. This is a common form of hack to get access to content in your computer that you don't want shared. Tools like NoScript prevent this type of operation by default, and you have to manually select who to trust and who not to trust.

Given MSFT's long history of "trustworthiness" (hint: I've got over 25 years of hate stored up here), some folks refuse to have anything to do with their software or code or web sites. The problem is that when you block the MSFT code from running in your browser, FFnet becomes non-functional.

Why did FFNet decide this? Probably because they are getting paid by MSFT to do it. If it is related to Bing, then MSFT is paying people millions of dollars (read their latest SEC filing) to drum up more data for their search engine. They want to compete with Google, and they can't -- because they filter and censor and deliberately skew results to bias their products and not even mention competition. So they are paying people to help them. To be fair, I have no knowledge of whether this is Bing related -- that's just an educated guess without tracking down the exact code and cookies involved.

Fundamentally, how do you feel about having no say in the fact that visiting FFnet means Microsoft is running code on your computer and touching some cookies in your browser?

Well that depends what cookies they are touching. What sort of things might 'get shared'?

There's a long answer and a short answer. The long answer is to long to for me type in one siting so I'll just say the short answer: everything you do.

I find it hard to believe that anyone cares I farm on facebook, visit potterficweekly, check my emails and do my banking at a secure encrypted site. What sorts of things could this cause problems with? 'Everything I do' is unfortunately not very helpful.

I'd agree, but would add that the answer is probably longer and more complicated than either you or me would care to read.

Although long, this is very helpful in understanding the issue under discussion. I suppose the real question is can we do anything about it other than not visit sites?

I thought the OP's point was that we should install a bunch of privacy software?

I don't understand the drama of it - for me it's like if I am going at or under the speed limit I don't care that there is a cop with a speed camera around the corner. It's like I don't care if they look in my bag at the checkout since I didn't steal anything anyway.

As far as I can tell it's to better place the advertising on your visit? None of that works. I'm always getting offered stuff like baby powder and pensioners insurance so what do they know? Clearly nothing! :P

Depends on who is doing the advertising. Amazon tends to show ads that reflect my dad and I's shopping habits which are very odd mixture of Harry Potter, Star Trek, and solar energy...

. . . which is whether you feel that you have a basic right to privacy or not?

It's not a uniform answer. Some societies (such as USA) pretty strongly believe in it. Other societies have given up the ghost of pretending to have it. Some people just don't care.

Fundamentally, it bothers me that when I buy anything with a credit card or ATM debit card, or when I browse the Internet for any reason, someone is collecting data on everything I'm doing. And then they turn around and use that data for telemarketers, targeted advertising online, the forthcoming info-panel/interactive-ads in shopping centers, etc.

What books or searches I get from Amazon or the library, what searches I do on the Internet via Google or some other service, what websites I've ever visited, these all are reflected in the data constantly being collected and used. Am I doing something that would get me in trouble with anyone? It's pretty unlikely. Am I comfortable with a few corporations that are not looking out for my best interests harvesting all of this information in order to sell it, use it, or something else? Not at all. It's very disturbing.

Ah. I suspect I am in the 'just don't care' category. Australia's not huge on the privacy thing but mostly I just don't care. If they want to find out which breakfast cereal I am likely to buy and offer me more loyalty reward points for purchasing it - more power too them, really.

Yeah that's likely why i don't find this alarming.

Don't you know that 1 in 10 of your cornflakes is bugged??????

I don't mean to gross anyone out but there probably is dead bugs in your cereal... Just thinking about it made me loose my apatite all of a sudden...

No, that's the raisins.

I have to admit this doesn't bother me as much as it does some people... In some ways I even view some data collection as a good thing. e.g. I recently opted in to my subscription TV operators new program to have my set top box send back data about what programs I watch. Why? Because they use that data to make programming decisions, and this is the only way my own viewing preferences will have any sort of impact on those decisions.

Perhaps Kezza's right, and its just an Australian thing to be less worried about this kind of thing. :-)

-SC

It is spooky that parakletos knew they offered me a discount on cornflakes :P

I'm not as worried about privacy as some people (coughjoshcough), but I'm a little more worried than some. Aside from that, however, I've seen performance improvements in my browser since loading up the various 'filtering' add-ons. I haven't bothered to clock the load time on any particular pages, but I think that most pages - especially popular news outlets and such - load faster without javascript, ads, or flash. So that's worth it to me all by itself.

http://www.timesonline.co.uk/multimedia/archive/00671/TTM143311CC_RGB_ON...

.... one of the ' this website is brought to you by...' on ff.net gave me the av.exe trojan which is proving a pain to remove.