[PLUG-TALK] Any decent banks without third party trackers?

Ronald Chmara ronabop at gmail.com
Sun Jan 21 19:02:38 PST 2018


On Sun, Jan 21, 2018 at 10:08 AM, Denis Heidtmann <denis.heidtmann at gmail.com
> wrote:

> Since there are big businesses built around this data-mining, what might
> they be doing to defeat ghostery or similar techniques?
>

Some that come to mind offhand:
- Shipping internal data offsite, outside of the web session, which
ghostery and similar (I use privacy badger https://www.eff.org/privacybadger
) cannot see/detect.
- Using "internal" trackers, that are actually sending data externally. If
example.com/notatracker.js is actually proxied on the server end to
thridparty.com/definitelyatracker.js, any software only looking for "third
party" activity never sees it as "external".
- Similar to the above, thirdparty.example.com/index.js looks like its
"part" of example.com, but it's only "part" of DNS, that server is external
to the institution.
- For software that "sniffs" for tracking code (i.e., scans every
javascript/html, looking for code patterns, regardless of claimed source),
tracking systems have been written to modify their patterns (same thing as
defeating antivirus scanners, change the "signature" of the code more
frequently than signatures can be generated).

It's a bit of an arms race, and in the end, comes down to whether or not
you trust the institutions involved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pdxlinux.org/pipermail/plug-talk/attachments/20180121/3d698d92/attachment.html>


More information about the PLUG-talk mailing list