How does one go about stopping sites from evesdropping on what you do in other tabs?

[Red Squirrel]

It seems sites have ability to see what you do/did in other tabs and can basically track what you do online. This is nothing new, it's done for advertising etc.

Question is, there has got to be a way to stop this information from leaking from the browser. How does one go about stopping this? It can be a major privacy issue. Is there an extension or something that will do this without having to go through some convoluted steps? I use ublock and privacy badger but clearly it's not enough, as I often see evidence of this kind of tracking going on.

For example I was just watching random videos on Youtube. I was on a completely different site in a different tab, and happen to see an ad that had exactly to do with what I watched in youtube, it was pretty much verbatim. Facebook does this too. Search for an item, see a result. Later on on Facebook - even on a different computer, start seeing ads for the exact same item you found in your search.

This stuff is just creepy and can't help but wonder just how much personal info is actually being leaked by simply using a browser. One site should not be able to know what I do on another site.

 

[corkyg]

Close the tabs not being used.

 

[Red Squirrel]

I think they can still look at history though, like if I recently visited a site and closed the tab they still know I went and what I searched for etc. Not sure if they use the actual browser history either, I tend to clear that fairly often just out of habit.

 

[Spacehead]

Same ad network maybe? Or they share info between them?
Web beacons?

 

[lxskllr]

There's a lot of ways it can be done, especially if you're logging into a service. Block third party cookies, don't login to anything that isn't necessary, use privacy lists for your ad blocker, block scripts that aren't essential for site operation...

 

[VirtualLarry]

What's really creepy, is seeing web ads, for things that you were just discussing on your cell phone.

Seen it happen. Multiple times.

 

[Red Squirrel]

What's really creepy, is seeing web ads, for things that you were just discussing on your cell phone.

Seen it happen. Multiple times.

Yep, or based on IRL actions, such as physical store purchases.

Worse part is I think I do everything right, such as blocking third pretty cookies, not letting flash enable by default, using ublock and privacy badger but somehow they can still track me. I was reading on this and Facebook actually is partnered with these huge data collection agencies that are also partnered with lot of retailers, and retailer based cards - which I don't have. You can opt out, but that's besides the point, I rather actually block it, because FB may allow to opt out, but these same techniques can easily be used by the government or other enemies too. They won't obviously have a way to opt out... and even FB can choose to not honor it anyway. Ex: they can still collect all your info, and just not use it to deliver ads to you.

I wonder if using a local proxy server could work, then I could block all this stuff at a single point. I would block outgoing connections to http/https except for the proxy. Would need a reliable source of these privacy infringing sites though so I can block them at the proxy.

 

[bononos]

I think they can still look at history though, like if I recently visited a site and closed the tab they still know I went and what I searched for etc. Not sure if they use the actual browser history either, I tend to clear that fairly often just out of habit.

1. Minimise the extensions you are using since many of them (nearly all?) siphon off browsing data for advertisers. I just use ublock, disconnect, https everywhere.
2. Use several private windows. I'm quite sure each window is self contained and will not leak info btwn each other, except for extensions which can see what you are doing on all windows.
3. Change settings to delete browsing data on exit for Firefox, or manually delete private data for Chromium based browsers to clear your history/cookies.

 

[master_shake_]

firefox private windows

 

[Red Squirrel]

All I have is ublock and privacy badger, I try to keep extensions as minimal as possible for these reasons, and it just makes troubleshooting problems easier as there's less variables.

Suppose I could use private browsing as main browsing, is there a way to just make that the default? Though I kind of like still having a history, I just clear it every day. But if I want to go back to something I was at an hour ago I still can.

 

[bononos]

.....
Suppose I could use private browsing as main browsing, is there a way to just make that the default? Though I kind of like still having a history, I just clear it every day. But if I want to go back to something I was at an hour ago I still can.

FF change shortcut to append -private-window, Chromium based browsers --incognito,

Incognito/private browsing tabs/windows (for Chrome/FF) all share the same private data, cookies etc across all private windows and tabs.

 

[Red Squirrel]

Actually just realized this won't really work as it does not keep login cookies. I still want some cookies to be stored like session/logins so I don't have to login to stuff all the time. I just don't want all the other crap to happen, like cross side tracking etc. Is there maybe an extension for that?

 

[lxskllr]

Use the ultimate list from here...

https://secure.fanboy.co.nz/filters.html

 

[ninaholic37]

What if the ad sites actually store history of your IP address on their own servers? That would make it impossible to stop them from remembering, but I guess ad blockers could still help.

 

[Red Squirrel]

Use the ultimate list from here...

https://secure.fanboy.co.nz/filters.html

Is it really as simple as just blocking those IPs? I could probably have some kind of script that adds them to the outgoing block list in my firewall.

Idealy I'd like to find a way that simply blocks whatever code these sites use for tracking altogether. Ex: code that can look at my history, what other tabs I have opened, take screen capture of desktop etc.

 

[lxskllr]

Is it really as simple as just blocking those IPs? I could probably have some kind of script that adds them to the outgoing block list in my firewall.

I dunno. It'll certainly help. I'd consider it part of a larger strategy.

 

[Skunk-Works]

Betterprivacy and Self destructing cookies.

If you use Self destructing cookies, make sure you whitelist PayPal and ebay.

 

[russ6150]

Get aquainted with HTTP request and responses on a farily deep level and you'll soon see that cookies, HTML5 local storage, the CANVAS API are just icing on the cake. The superficial definition of a GET or POST request is that these are used to fetch resources from the web and load them into your browser for your viewing pleasure. While this is often true, the term "request" really doesn't tell the whole story. Besides the "Cookie:" field, which sends the contents of the targeted domain's cookie(s) along with the "request" in the request headers, the GET / POST request itself is often populated with a ton of parameter / value pairs that are often completely unnecessary in the action of fetching the resource in question.

Also, the "Referrer:" field in the HTTP headers original purpose was to identify the originating document / web resource, but now days it's commonplace to see the referrer field crammed full of parameter / value pairs.

So even with cookies disabled, these HTTP requests themselves are often filled with all sorts of data / metrics.

Here's a GET request originating from my browser, initiated from an ad network while I was visiting this very page:

Note: This "request" was ostensibly made to fetch a tiny .GIF image.

---------------------------------------------------------------

GET /dt?anId=923193&asId=f9ca7d45-2af6-654e-d6c4-ddc71b4aa7fb&tv={c:ybO3A7,pingTime:5,time:28470,type,fc:0,rt:1,cb:0,np:1,th:0,es:0,sa:1,sc:0,gm:1,fif:1,slTimes:{i:4753,o:23717,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:28470,fi:0,fo:0,fn:28470},slEvents:[{sl,fsl:fn,gsl:gn,t:34,wc:2.10.1398.736,ac:1051.633.300.250,am:i,cc:2.10.300.250,piv:45,obst:0,th:0,reas:l,cmps:1,bkn:{piv:[2712~30],as:[2712~300.250]}},{sl:i,fsl:fn,gsl:gn,t:2721,wc:2.10.1398.736,ac:1051.106.300.250,am:i,cc:2.10.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[205~75,4461~100],as:[4666~300.250]}},{sl,fsl:fn,gsl:gn,t:7387,wc:2.10.1398.736,ac:1051.106.300.250,am:i,cc:2.10.300.250,piv:100,obst:0,th:1,reas:f,cmps:1,bkn:{piv:[20996~100],as:[20996~300.250]}},{sl:i,fsl:fn,gsl:gn,t:28383,wc:2.10.1398.736,ac:1051.106.300.250,am:i,cc:2.10.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[88~100],as:[88~300.250]}}],slEventCount:4,em:true,fr:true,uf:0,e:,tt:jload,dtt:40,fm:q6IliGF+11|12.923193|121|122|13|14*.923193|141|142|15|16|17|18|19|1a|1b|1c|1d|1e|1f|1g1,idMap:14*}&br=g HTTP/1.1
Host: dt.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.portvapes.co.uk/?id=Latest-exam-1Z0-876-Dumps&exid=thread...ropping-on-what-you-do-in-other-tabs.2494967/
Connection: close

-----------------------------------------------------------------------------------

The response:

HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Wed, 28 Dec 2016 20:50:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
X-Server-Name: dt42sje.sje.303net.pvt

GIF89a <characters from this portion of charset contain lots of null bytes and other non-printable chars - only 37 bytes total>

-------------------------------------------------------------------------

 

[Red Squirrel]

^ Shouldn't stuff like Privacy Badger and ublock block those requests though? I thought that was the whole idea behind them. I guess I should start browsing the net with a packet sniffer so I can check if it's missing stuff.

 

[russ6150]

^ Shouldn't stuff like Privacy Badger and ublock block those requests though? I thought that was the whole idea behind them. I guess I should start browsing the net with a packet sniffer so I can check if it's missing stuff.

The techniques I mentioned above aren't limited in their use to ad servers. Many of the sites that you visit use these techniques in their HTTP headers, and then do god knows what with the info.

Of course not all metrics / analytics are collected for the express purpose of identifying you. A lot of this stuff started out with the intent of a potential mutal win-win scenario that leveraged metrics to create an improved user experience, profiling your browser type, screen resolution, etc.,sometimes merely making a profile for user xyz; but what has happened over the years is that as various entities share / aggregate their data, a user profile becomes much more revealing, often to the point of them being able to tie that data to a real, specific person.

Packet sniffers are great to have, necessary for some real low-level stuff and for sure are great learning tools that can really send you down the rabbit hole if you're so inclined.

But I'd look into grabbing the free version of Burp Suite, a capturing proxy that will let you view the HTTP traffic in a much more readable form, plus it allows you to "trap" request and responses, even alter them, then either drop them or send them on.

I think Paros proxy came out before Burp. I've heard it has similar functionality and I believe it's free as well.

 

[TheRyuu]

Keep in mind that when using something like uMatrix for blocking cookies, it doesn't block the cookie from being downloaded. It works by blocking it from ever being sent.

I do not believe that sites can access information from other tabs at will. It's probably limited to tracking through accounts (server side) in some fashion. I'm not sure if cookies has anything to do with it.