Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Disable 3rd party cookies, tracking woes averted.



As a simple example, the hit gives them your IP address. Often, this is all they need in order to identify you. (My IP address is technically dynamic, but remains fixed for weeks at a time. And... even if I use a different browser to sign into Facebook, they still have that IP address as well as the relevant timeframe for my possession of it.

I could spin up a VM and route the FB or non-FB traffic through a proxy, but I haven't reached that point, yet. (Probably, foolishly and to my detriment...)

P.S. In other words, state is already stored on their servers, not (or rather, in addition to) your browser.


Unless they use any other tracking system, like ETags[1].

[1]: http://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags


Disable fetching any third party resources of all sorts, problem solved.

Obviously, rulesets should be tuples of (source pattern, resource type, destination pattern), not silly lists ("allow google.com", huh?) like most browser extensions do.


I am using Ghostery, which does a pretty good job of intelligently blocking (and also notifying me) of trackers.

However, there are some sites that stupidly execute JS that is vital to the running of the page after attempting to initialize Google Analytics or other services. The end result is that they get a "Cannot call method 'bleh' of undefined" error which prevents the rest of their JS executing, hence broken page. If I'm really interested in actually loading the page, then I have to resort to allowing the trackers to run. sigh.

Unfortunately, I can't see how this could be averted, stopping short of an extension which catches all uncaught exceptions, then tries to forcefully remove all JS which is meant to interact with 3rd parties. It could be done either via pattern matching, because Google Analytics code looks much the same on most peoples sites, or it could be through something more fun, like https://github.com/mattdiamond/fuckitjs (who would of thought there would actually be a proper use case for something like that??)


For some of the bigger ones the extension could try to keep some dummy scripts that match the api properly. e.g. make it look like GA started but not actually send them anything at all. Though that sounds like a cat and mouse game.


I do this using the RequestPolicy addon for Firefox.


that could break a lot of sites that use a cdn for speed :-(




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: