Do you trust large large data mining companies with your users actions

Websites like Facebook and Google make a lot of money creating scripts to see what people do online.

JavaScript has the ability to let any third party script in your website have full power to collect any data they want from your users, including what they type into login & password input boxes, textareas, contentEditable areas, where the mouse moves etc etc etc.

Because of this I have recently removed all things that require third party javascript to be embedded into my site, and now only use frames

Do you trust these companies to have such power when you or one of your users visits your own site?

I don’t trust them for myself at all. I hate it when stuff starts showing up on my Facebook profile. Everybody doesn’t need to know everything I do online.

From the perspective of a Website owner, there is a lot of benefit from the social interaction. I would be wary about relying on them for mission critical tasks like user management.
The third party could discontinue or charge for the service at any time without warning.

Gabriel’s still not sure how he can see “real” results with the likes of Google: http://www.gabrielweinberg.com/blog/2012/08/how-do-you-completely-de-personalize-google-results.html

(since he’s the creator of DuckDuckGo, he searches it a lot, which is why Google is showing it higher in the rankings for him than for everyone else. Gabe wants to see the “everyone else” results)

I’m not sure if either of you understand the original post. I don’t understand the relevance of your posts to it.

If a third party javascript is embedded in a site, the host of that external file can see whatever your users do on your site and send it back to the third-parties’ servers.
To embed advertisments, like or plus buttons as well as some commonly used plugins, you have to embedded a script element to your page. A lot of these come from google, facebook etc

Uniloc created a system where computers are uniquely identified and “fingerprinted” to allow for demo copies of programs to be installed for a limited time. Unistalling these programs and reinstalling has no effect on allowing more time. Microsoft were sued by uniloc for breaching the copyright of the system as they embedded a similar thing on their next version of Windows, after a presentation by uniloc.

As cookies are increasingly being blocked, advertisers are looking into uniloc’s method to fingerprint every computer that connects to the internet. Advertisers are trying hard to find new ways of aquiring data about users so they can target adverts to them. Apparently, 1/10 of the devices ever to have connected to the internet have already been “fingerprinted”. They are even trying to uniquely identify users when they switch from one computer to the other, as most users contine to use the same or similar hardware and software, font preferences, screen-size preferences etc etc.

I thought that by not using adverts in my pages I “opt out” of that system, but if I was to embed a script from google I would be opting back in. If it was just the data from my site they could read there wouldn’t be a problem. But it’s not. They not only can read the content of my site, they can read what guests type in the guestbook, what members type into forums, any login attempts (and they don’t need to be successful).

By adding a third party script to my site I am allowing the possibility of them collecting any data they want from both me and my users. My users haven’t opted in to that system and they may not even want to.

I think I can be even more precise. (My friends are visiting from FB!)

It doesn’t matter if you have a salted m5 client side encryption and any other security. A private message isn’t private if the site has third-party javascript.

Yes, I trust certain companies like Google, Twitter and Apple with my data. I don’t care what they do with my usage statistics.

Because of this I have recently removed all things that require third party javascript to be embedded into my site, and now only use frames

As in the obsolete <frame> element ?

I don’t understand how you are comparing frames with an external javascript, they are completely different.

Sorry, are you reading that with an open mind or an opposing one?

I don’t know what you’re asking, I’m responding directly to your post.

I have no problem including google analytics / maps on my pages and your point about using frames makes no sense to me.

You should always know what you are embedding, so it’s always best to take a third party script and link to it from your own server so it doesn’t change.
Google is the exception I make for that rule though because those scripts don’t work unless they are hosted by Google.

I’ve removed all third party javascripts but I don’t mind third party frames

I wonder why Goggle do that? Storing files for free that everyone can import to their site. Surely there’s a cost to that, one which they have to make a profit on?

Sometimes I visit a site, look at the source and see a whole list of third party scripts. Maybe I should have just kept my mouth shut and come up with an awesome script for people to embed. The EU cookie law was created for a reason, but I can do more tracking and snooping with JavaScript than ever possible with cookies

Google hosts scripts on their CDN so it’s fast, distributed, easy to install and they can update them as needed.

The EU cookie law was created for a reason

That reason remains a mystery to me

NO, these companies don’t really care about people or the delicacy of the information that they hold.

I understand why they created the cookie law, to try and give the public a way of opting out of being tracked. But it doesn’t really help and causes more problems than the presumed benefit.

I don’t understand the relevance of your posts to it.

The fact that Gabriel thinks using TOR and a fresh install of a browser on his computer should give him results on Google that are NOT responsive to his “profile” is just showing even more that there are ways beyond direct cookies and browser history that these advertisers (and google) use to track us. As you said, via advertisements, log-ins, plug-ins, blah blah.

As cookies are increasingly being blocked, advertisers are looking into uniloc’s method to fingerprint every computer that connects to the internet.

Why are they wasting their time recreating what EFF already made? (and fingerprinting a browser makes more sense than a whole computer)

I understand why they created the cookie law, to try and give the public a way of opting out of being tracked.

They created it because they don’t understand the series of tubes. The public had a way of opting out of being tracked (with cookies I mean: just like the law stating each visitor will be pestered with a popup dialog asking about cookies, the public always had a browser that allowed them to remove them or not allow them in the first place all along). Redundant laws are redundant. They might as well make laws stating the public ought to be able to have radios in cars. And in every car, the moment you open the door an annoying ding should go off from the dashboard asking if you really, really, really want that radio or not. Are you sure?

A private message isn’t private if the site has third-party javascript.

It’s a little sad that the general public, no matter how loud we nerds yell, can’t believe their PM’s, e-mails, social media squawks, and their entire behaviour on teh interwebs is in no way, shape or form “private”, even if you stretch the term to mean “not generally public”. Even the crypto-security guys know they’re profiled, and you know they’re TORing and PGPing and cryptocatting the whole way.

Pulling your own web site “out of the system” is like being the only hippy leaving behind no trash or extra CO2: you remain the only one and the rest of the system will happily make up for your absence.

Using obsolete HTML (frames) is more analogous to the hippy who manages to sneak a goat into their apartment so they can make their own yoghurt and fertilise their balcony garden. It’s admirable in a way, but the war was lost a few years ago.