noscript works well, but i want to BUY stuff on the internet from the sites that track the most as they have the most benefit from it (other than advertisers). if i want to buy stuff from these places, almost without fail they need JS turned on.

Also, why does boingboing need 31 different javascripts across 10 different domains?

Because BoingBoing serves up advertising like nobody’s business.

Frequently when my machine is slow I’ll go to a BB article and the “loading” icon on my browser will keep spinning and spinning and spinning, long after the article itself is loaded. You look at what it’s trying to load and it’s all that other junk.

If you open your Chrome developer tab to look at all the resources Boing Boing requests, it’s just absurd. Here’s an image of less than 10% of all the files BB made my browser download. How many of those third-party domains are collecting browsing information from me as I go through Boing Boing?

As part of each and every request to a webserver, your browser sends a few pieces of information in the HTTP headers. These include things like language settings, cookies, the last page you were on (the “Referer”) and your browser type and version (the “user agent”). They do not include fonts, screen resolution and all the other system settings, except for the operating system version which is part of the user agent header.

To get at all those other pieces of information, an ad company needs to use Javascript, which can be turned off (as someone already mentioned.) However this may be a problem for some people, since the slick user interface goodies on the web today simply won’t work without Javascript.

Even if Javascript is on, the browser controls which system settings are available to Javascript programs, and thus can be sent back to the company’s website. This vaies a lot by browser and version; some versions of Internet Explorer even let Javascript see that contents of your copy/paste clipboard. The good part about this is that because the browser controls what’s available, a browser plugin could (at least in theory) let you decide whether you wanted websites to know your screen size, fonts, and so forth.

Flash cookies and the like are a different story. I’m not a Flash programmer, so I don’t know what computer information is and is not available to Flash. However, “Flash cookies” can in fact be deleted; it just takes a browser extension like BetterPrivacy to do it.

The vast majority of sites don’t bother with any of this, and only capture the information that goes into the webserver logs on every request; the time, the requester’s IP address, the URL requested, the result code of the request, and often the Referer and user agent. Sometimes this also includes your login name if you are signed in, but it’s hardly hundreds of pieces of information for every site.

Browsers have to have up-to-date lists of every company in the world in order to block anything? O RLY?

“Your browser fingerprint appears to be unique among the 1,333,108 tested so far.

“Currently, we estimate that your browser has a fingerprint that conveys at least 20.35 bits of identifying information.”

Wow, I’m unique … oh, wait.

Thing is, I’m not sure why I should care.

I don’t block or manage cookies any more. I did that for a long while, and approving or rejecting every single cookie got old. So I turned that off.

However, my firewall blocks ads and many of the third-party monitoring services and URLs that I don’t recognize as anything I want – google-analytics.com, adsonar.com, channeladvisor.com, rubiconproject.com, and so forth.

My browser has Flashblock, too. I don’t know for sure that Flashblock prevents Flash cookies being set, however, and no doubt some sites where I allow Flash have set some.

So, OK, they can trace me all over the web. However, as far as I can tell, their objective is to deliver targeted advertising to me. And because I block ads very successfully with the above strategy, none of that carefully targeted advertising ever reaches my eyes.

It kind of creeps me out that they know who I am and where I’ve been browsing. But if they can’t use that information for their intended purpose, really, what’s the harm? Someone please tell me. What am I missing?

In my normal mode, running portable firefox in private browsing mode through privoxy, adblock plus, flashblock and noscript, there are over 100,000 browsers that look the same as mine. That’s pretty good, I think.

Unless you take these measures though, yeah, hit that site and you’ll find that your browser is probably uniquely identifiable.

Taking only some of these measures may even make it worse; since few people make the effort to scratch off the serial numbers, having done so kind of is its own fingerprint.

Jobs is kind of a dick, but perhaps he’s on to something with this whole “kill flash” thing.

Download one esoteric font, and they’ve got you for good.

That should strip the identifying information from your HTTP headers. This can confuse web-sites that try to customize content depending on your installed plugins, however.

Privoxy is bundled with Tor – an anonymizing proxy system that is resistant to surveillance.

-S

I do this so that I can use any computer without having to waste my time tuning it. I don’t carry a computer, I just use whatever’s in front of me at any given moment.

IRONY

Forget personal privacy. It’s going away. Here’s what I really want right now: For the power brokers to be just as naked as the rest of us. If everyone is equally public, the powerful have more to lose than I do.