#web privacy
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr is used by 21% of adults online aged 18-29 years.
Text
browser extensions i consider essential
includes download links for all supported browsers (i personally recommend using firefox)
1. ublock origin
firefox, chrome, edge, opera, thunderbird
privacy protection - ad, tracker, popup and miner blocking
2. duckduckgo privacy essentials
firefox, chrome, edge, opera, safari
privacy protection - tracker blocking, cookie protection, etc
3. privacy badger
firefox, chrome, edge, opera, safari
privacy protection - tracker blocking
4. i still dont care about cookies
firefox, chrome, edge
popup blocking - community alternative of the popular "i dont care about cookies" addon, under GPLv3 license. the original addon is owned by avast, gen digital inc.
5. ublacklist
firefox, chrome, safari
search filtering - block specified sites from appearing in google search results
6. save webp as png or jpg
firefox
file conversion - save webp files as png or jpg, with quality options
7. indie wiki buddy
firefox, chrome, other browsers
search filtering - redirects or alerts you to an alternative wiki when visiting a fandom wiki. includes support for breezewiki
8. video downloadhelper
firefox, chrome
file conversion - download web videos and images from various streaming sites
9. volume control for bandcamp player
firefox, chrome alternative
volume control slider for bandcamp audio player
#web#free#resources#web privacy#browser addons#browser extensions#feel free to give more suggestions#however please note that i cannot assure the safety or privacy of addons provided by others#be responsible and check for urself#vetted suggestions may be added onto this post in the future#ok to rb#in fact please do reblog!
95 notes
·
View notes
Text
Mozilla Firefox Ad/Tracking PSA
Hi everyone!
Mozilla is rolling out a new feature that is turned on by default, which they call Privacy Preserving Attribution, as discussed here:
You can easily turn it off, though.
Firefox + uBlock Origin and a good filter set are still the best combo around for keeping your ad/JS attack surface down to a minimum for everyday browsing.
11 notes
·
View notes
Text
can't recall where or exactly when I saw it (was it tumblr/twitter, was it last week or 2 ago...) but can't believe i saw it with my own eyes: someone asking, "why do we gotta click the annoying cookie button each time we open websites now" on the "be annoying about changes to the web and user privacy" websites and also "why can't it just be built-in!!!".... like... like it's not that recent, but there's a specific reason why. ads!!
like this just happened!!! it's bc of the data protection regulation law from 2016 (GDPR) that went into full effect in 2018. so ok, it's been a while since then, so it's not like this "just" happened but it's still fairly recent.
websites like facebook tracking user habits via web pages they've visited and so on. So they can figure out what kind of ads to push onto a specific user's page. Remember that?
there's a nice reddit thread where ppl explain it a bit more in-depth("explain it to me like I'm 5"), but basically, website cookies are what make the internet interactive. They already existed before, but now websites have to ask for your consent before they store any cookies on your device. that's basically all that's changed. some cookies are used for tracking, some are used to make links accessible etc. but cookies exist websites functional. websites are required under GDPR to tell user's what cookies will be used and give them the choice to refuse some of the non-essential ones (for example).
You can read the Wikipedia article about HTTP cookies for more history on what these are and for tracking cookies, you can read the page about that + see the references at the end.
There were apparently some talks about possibly simplifying the cookie banners but this article is from 2017, so, we'll see about that I guess. I don't know how good or bad it will be in the future, but I like websites not figuring out what to sell me, so I'd rather click "decline cookies" than not have that option at all like how it used to be.
i know most ppl probably don't care bc they don't click on ads but for my mom or other even older ppl I do wish the cookie stuff was explained a bit simpler, so they know it's there for a reason. (the cookie naming itself is confusing, like many naming practices, so it's smth that some people still don't quite understand)
#web privacy#GDPR#i remember that it was someone on tumblr but searching abt it there's always someone searching abt this#basically it's the websites' responsibility to give their users the info that their data will be saved for future visits#but bc of how it's implemented it's the end-user's responsibility to decide if they want to give consent for cookies to be stored somewhere#not a web professional but besides advertising cookies I guess all the other ones are just necessary to make a website function#if the website is honest about the consent#internet cookies#aghhtpost#texty#just remembered this while reading smth abt web privact on my old dashboard
0 notes
Text
Give the people what they want
#avalon#catalina island#apps#app fatigue#account fatigue#surveillance#mobile#m-commerce#parking#consumer revolt#apps are crap#an app is a web page skinned with enough IP to felonize mods#privacy
273 notes
·
View notes
Text
#writing#my writing#my artwrok#my art#leftist#leftism#leftist art#anti capitalist#anti capitalism#anticapitalista#anticapitalist memes#anticapitalist art#protest art#cyberpunk#social media#web 2.0#data privacy#online privacy#internet privacy#invasion of privacy#robots#robot#feminist#feminism#anti censorship#online censorship#internet censorship#internet culture#enshittification#adblock
176 notes
·
View notes
Text
I kinda like the deep web adverting ☠️
#it's all scam#distopic#cyberpunk#90s web#webcore#old web#deep web#blinkies#gif#flashing gif#gifs#glitch gifs#cyberwave#glitchwave#privacy
311 notes
·
View notes
Note
is duckduckgo's main search any good? i've been using startpage for a while but since it's just filtered google it's started to get the same ai listicles clogging up search results
eh, five years ago i probably would have preferred google's results, but at this point we're stuck with grading search engines based on "what's the least shitty" instead of "what is actually decent."
i don't see the AI garbage that google pushes on me, the higher standard for privacy is appreciated, and supposedly if you don't have an adblocker then you'll see less ads, too.
also, this is a purely personal anecdote, but it seems like duckduckgo prefers to serve smaller websites and avoids some social media as first page results. i.e. whenever i search related to programming, google will often give me reddit pages in the first page while duckduckgo will prefer to give me some random devblog i haven't heard of. this could be either a good thing or a bad thing depending on your preferences, i suppose, but it's pretty easily solvable by specifying a domain when searching if you have something specific in mind.
i do specifically go to google for any sort of image search, though.
#also keep in mind that a lot of this kinda thing can just be adjusted based on browser add ons and stuff too#i.e. i have no first hand experience on the supposed decrease in ads on duckduckgo bc i dont see any ads to begin with#you can also block ai sites using stuff like ublock which can help#anyway that's all personal anecdotes i'm not an expert - i mostly shill duckduckgo for the privacy rather than the web results.#nyoomerr ask
41 notes
·
View notes
Text
exerpts from Anonymity and privacy on the network, 3/23/1992
52 notes
·
View notes
Text
Also can I please point out... how fucking easy it would be to scam people
It takes so little programming and coding knowledge to make a social media website front where you add your silly little email and password (you know, the one you use for every other account you have because you "will for sure forget, plus I'll change it later lol"), and store that in a database or sell it off to someone who can do real harm. Not to mention that any links you don't Immediately Know are potential IP crawlers, which will give away even more information. And the "please add your legal name and last name, don't worry, we will never show that information publicly" alongside the date of birth (which you don't even think about before adding) is all they need to get full access to your medical records, maybe even your bank account if the nurse on the phone "just want to double check, is this your new address? The old one I have is 800 Cherry St, in AZ, is that incorrect?"
Listen. I know username squatting can be important, I know everyone wants first pick at whatever new socmed will be big because it'll give you more of an opportunity to garner the earlier audience... or whatever. I get it.
Don't be fucking stupid.
This is a moment in history much like when insurance became commonplace, much like when debt and medical and bank phonecalls became frequent, much like when the postal office started contacting you directly with online orders... you are a prime fucking meal for scammers who will have such an easy time fucking you up if you aren't careful about what Fancy New Social Media Website you sign up for, and be fucking aware that the effects of having your information stolen will not be immediate, because that's not how scammers work. People sit on credit card numbers for months, on name/address/dob combos for years, you won't even know when they hit you.
I know we're all getting used to the big shots stealing our information and selling it to the police (thanks Amazon and Google) but I can't stress enough how you CANNOT be comfortable with this, DO NOT be careless with where you drop personal information, DO NOT just shrug because "the FBI or w/e already have info on me, Cambridge Analytica already happened" because that's how you get got by the small guys, and that's how you end up with the feds at your door for talking about beheading the president "as a joke" on an account that has your location on.
DON'T BE FUCKING STUPID.
every day I get on here and see some post going "do not make an account on ZYLPPHONE, the hot new social media! it turns out making an account gives the creators (who are nazis) instant access to your bank account and also causes your pets to explode!" and this is all very baffling to me because I cannot believe anyone is actually fucking around with new social media platforms that shit sounds exhausting. if tumblr ever gives up and goes all the way under I will simply turn into a crab and go back to the sea you will not be finding my on zylophone
58K notes
·
View notes
Text
The cameras were likely there to make sure nobody was throwing a fit (or themselves off the bed because the pain was so shit), like a security/safety precaution. At least, I hope that was the only intention
#alien stage#alnst#my mind is a dark place. what if those videos have been circulating on the alien equivalent of the dark web i doubt#they really care about privacy and all considering they air theire childhoods to us and info#so#hm#yk what i mean?
17 notes
·
View notes
Text
i feel like a lot of people would benefit from what i did, being just deleting all apps that use algorithms and only using privacy frontends. like you can't use corporate apps and expect not to get subjected to the corporate ground spikes that are attempts at subliminal influence and surveillance marketing. you kinda just gotta make the call to get rid of it or get with it. and i know which one im picking
like i just stopped using any official youtube client because the algorithmic sludge is so insufferable. i just use newpipe and invidious because they just do what i fucking ask. search something? heres results. look at the feed? heres a chronological list of the latest uploads by every channel youre subscribed to. also have an extremely useful and simple download button and all sorts of other shit in the simplest easiest to use package ever. highly recommend stopping using platforms that algorithmically suggest AND deliver content. i would recommend either not using the former at all or keeping them strictly seperate.
#kingvirtueisdead#indie web#web2#web2.0#algorithmic content#algorithms#youtube#youtube recommendations#youtube frontend#newpipe#privacy#corporate web#corporate internet#corporatocracy
88 notes
·
View notes
Text
oh no being awake late is making me Incredibly Sad [just saw friend from old school online and now she's thinking about what she lost]
#IVE LOST MOST EVERYONE JUST CUZ [redacted for privacy] AUGHHHHH#im never gonna go to a hogh school again!!!!!! this was my one chance to make friends and learn and now it's gone!!!#all because of ONE! MALICIOUS! HATEFUL! CONTROL FREAK!!!!!#why did you hate 2 so much you sought to get rid of him and control me? why did you do anything at all?#i dont even have any of the teachers as friends on discord and all my friends are passing me by#they're all friends with each other and im stuck.#aughhhhh you guys are allowed to bully me i know school is supposed to suck or w/e but it was genuinely my only place i was safe#my song lyrics were on that school macbook and im never getting them back.....#loud on the web#bork borf#moment of weakness over bacl to shitpost ig
7 notes
·
View notes
Text
Words of (important) advice to anyone struggling with their mental health while in online spaces, based on my personal experiences. Please reblog if this is useful to you, or if you'd like otherwise. Understanding these things has helped (and still helps) me in ways I can't begin to describe. Thank you if you choose to read; I may add on to this post if I remember anything.
⠀
【 01 】 "No Discourse" Rule.
More often than not, most of any discourse online is exclusively a free headache that, in return, does nothing to proactively ensure people's wellbeing — it's like punching a solod iron wall over and over and expecting it to bend (it will not). You are more than encouraged to learn about things from multiple viewpoints and hear about people's cases, but in the end, it's always best to stay clear from it. So many efforts are put into meaningless theory wars, and it's always best to step away while keeping yourself aware. This will preserve your energy, sanity, health and time.
⠀
【 02 】 Don't Gotta List 'Em All.
You honest-to-cod (🐟) don't have to list every single disorder you have to pass on the message that you are in this situation. This is something that I did a lot, and in the end, it's needlessly exposing key functions of your brain. This can enable people to use these symptoms and/or eactions to triggers against you — manipulation, grooming, turning you dependant, et cetera. I personally like to say I "have some loose screws" or that I'm "weird" for the sake of simplicity — be careful with what you share, for it can be turned against you maliciously.
⠀⠀
【 03 】 Some People Suck, And That's That.
Some people will be ableist, sanist, inhumane and hateful no matter how much you try to make them understand or how much you try to make amends with them. Some people will be extremely childish (or just unhealthy) to the point they will hold every single mistake against you. This is not a problem on your end, and you must learn on your own terms to move on from people like this. Mistakes from other people are necessary so that they can learn — being angry at them actively will only hurt you, and temporarily bother them. You can make peace with them by understanding they've been tricked (propaganda, learned bigotry, etc.) into being so ragingly ignorant or spikeful. Free yourself from even giving them a reaction at all.
⠀
【 04 】 People Are Not Always Evil / Coming For You.
Similarly to the point above, make sure to not immediately assume the worst from someone. Some people struggle with conveying tone, or comprehending it, or with choosing words — and many other things regarding communication. Some people are genuinely curious when they ask you about something, wanting to learn about it in spite of their own ignorance about it. While it is not your obligation to educate/inform them, it's always best to remember that these opportunities are highly valuable for you, and people like you as well. Through understanding, people can learn to not have emotional reactions to certain patterned behaviors from disordered and/or disabled people — and that's a win for everyone, even when they're not disabled/disorderwd, because it humanizes the people next to you with logic. The communication between individuals is a golden, mystic key to peace.
⠀
【 05 】 Your Account/Blog Is Yours; Treat It Like That.
Someone doesn't like what you post? They can block you, without strings attached. I personally often worry a lot about being blocked, because it can mean I've done something unspeakably bad — but thinking of the way people can just curate their online experiences always helps me calm down, at least to some extent. Also, you DO NOT have to change your interests, your views or your way of posting to fit into other people's standards. Keep in mind, however, that specific standards and actual valid criticism are two different things; being accessible, kind, and having proper tagging (or content warnings) are generally important things. Plus, while you should stand your ground, you must also know when to listen to advice or constructive criticism (never destructive). Don't change for others, but don't keep making the same mistakes.
⠀
Be Kind To Yourself && To Others. 🤍
[Plain Text: Be kind to yourself & to others. white heart emoji /End of Plain Text]
#mental illness#actually mentally ill#mental health#mentally fucked#mentally exhausted#mentally unstable#mentally tired#mental instability#mental ill health#advice#online safety#online practices#internet rules#online#web safety#mentally ill online#disabled#disability#disabled advice#spoonie#mentally ill advice#online advice#online relationships#online presence#online privacy#online dating#online friends#maturing#hopecore#maturity
6 notes
·
View notes
Text
[Full Text] Emerging Media Companies, Tracking Cookies, and Data Privacy -- An open letter to Critical Role, Dropout, and fellow audience members
Summary / TL;DR
Both Critical Role (CR) and Dropout have begun exclusively using links provided by third-party digital marketing solution companies in their email newsletters.
Every link in each of the newsletters (even the unsubscribe link) goes through a third-party domain which is flagged as a tracking server by the uBlock Origin browser extension.
Third-party tracking cookies are strictly unnecessary and come with a wide array of risks, including non-consensual targeted advertising, targeted misinformation, doxxing, and the potential for abuse by law enforcement.
You are potentially putting your privacy at risk every time you click on any of the links in either of these newsletters.
IMO these advertising companies (and perhaps CR/Dropout by proxy) are likely breaking the law in the EU and California by violating the GDPR and CCPA respectively.
Even if Critical Role and Dropout are not directly selling or exploiting your personal data, they are still profiting off of it by contracting with, and receiving services from, companies who almost certainly are. The value of your personal data is priced into the cost of these services.
They should stop, and can do so without any loss of web functionality.
1/7. What is happening?
Critical Role and Dropout have begun exclusively using links provided by third-party digital marketing solution companies in their email newsletters.
[ID: A screenshot of the Dropout newsletter alongside the page’s HTML source which shows that the target destination for an anchor element in the email leads to d2xR2K04.na1.hubspotlinks.com. End ID.]
[ID: A screenshot of the CR newsletter alongside the page’s HTML source which shows that the target destination for an anchor element in the email leads to trk.klclick.com. End ID.]
The domains attached to these links are flagged as advertising trackers by the uBlock Origin browser extension.
[ID: Screenshot of a Firefox web browser. The page displays a large warning icon and reads “uBlock Origin has prevented the following page from loading [...] because of the following filter: `||hubspotlinks.com` found in Peter Lowe’s Ad and tracking server list. End ID.]
[ID: Screenshot of a Firefox web browser. The page displays a large warning icon and reads “uBlock Origin has prevented the following page from loading [...] because of the following filter: `||klclick1.com` found in Peter Lowe’s Ad and tracking server list. End ID.]
In both cases, every link in the newsletter goes through the flagged third-party domain, and the intended endpoint (Twitter, their store page, etc.) is completely obscured and inaccessible from within the email itself. Even the unsubscribe links feed through the tracking service.
You can test this yourself in your own email client by hovering your cursor over a link in the email without clicking it and watching to see what URL pops up. You may have noticed this yourself if you use uBlock Origin as an ad-blocker.
I don’t know for certain when this first started. It’s possible that this has been going on for a year or more at this point, or it may have started just a few months ago. Either way: it ought to stop.
2/7. What is a tracking cookie?
A tracking cookie is a unique, universally identifiable value placed on your machine by somebody with the intention of checking for that value later to identify you (or at least to identify your machine).
Tracking cookies are used by companies to create advertising behaviour profiles. These profiles are supposedly anonymous, but even if the marketing companies creating them are not lying about that (a tough sell for me personally, but your mileage may vary when it comes to corporations with 9-figure annual incomes), the data can often be de-anonymized.
If this happens, the data can be used to identify the associated user, potentially including their full name, email address, phone number, and physical address—all of which may then be associated with things like their shopping habits, hobbies, preferences, the identities of their friends and family, gender, political opinions, job history, credit score, sexuality, and even when they ovulate.
Now, it is important to note that not all cookies are tracking cookies. A cookie is just some data from a web page that persists on your machine and gets sent back to the server that put it there. Cookies in general are not necessarily malicious or harmful, and are often essential to certain web features functioning correctly (e.g. keeping the user logged in on their web browser after they close the tab). But the thing to keep in mind is that a domain has absolute control over the information that has been stored on your computer by that domain, so allowing cookies is a matter of trusting the specific domain that wants to put them there. You can look at the outgoing information being sent from your machine, but its purpose cannot be determined without knowing what is being done with it on the other side, and these marketing companies ought not to have the benefit of your doubt when they have already been flagged by privacy watchdogs.
3/7. What’s the harm?
Most urgently, as I touched on above: The main source of harm is from corporations profiting off of your private data without your informed consent. However, targeted advertising is actually the least potentially harmful outcome of tracking cookies.
1/6. Data brokers
A data broker is an individual or company that specializes in collecting personal data (such as personal income, ethnicity, political beliefs, geolocation data, etc.) and selling or licensing such information to third parties for a variety of uses, such as background checks conducted by employers and landlords, two universally benevolent groups of people.
There are varying regulations around the world limiting the collection of information on individuals, and the State of California passed a law attempting to address this problem in 2018, following in the footsteps of the EU’s GDPR, but in the jurisdiction of the United States there is no federal regulation protecting consumers from data brokers. In fact, due to the rising interest in federal regulation, data broker firms lobbied to the tune of $29 million in the year 2020 alone.
2/6. De-anonymization techniques
Data re-identification or de-anonymization is the practice of combining datasets (such as advertising profiles) and publicly available information (such as scraped data from social media profiles) in order to discover patterns that may reveal the identities of some or all members of a dataset otherwise intended to be anonymous.
Using the 1990 census, Professor Latanya Sweeney of the Practice of Government and Technology at the Harvard Kennedy School found that up to 87% of the U.S. population can be identified using a combination of their 5-digit zip code, gender, and date of birth. [Link to the paper.]
Individuals whose datasets are re-identified are at risk of having their private information sold to organizations without their knowledge or consent. Once an individual’s privacy has been breached as a result of re-identification, future breaches become much easier: as soon as a link is made between one piece of data and a person’s real identity, that person is no longer anonymous and is at far greater risk of having their data from other sources similarly compromised.
3/6. Doxxing
Once your data has been de-anonymized, you are significantly more vulnerable to all manner of malicious activity: from scam calls and emails to identity theft to doxxing. This is of particular concern for members of minority groups who may be targeted by hate-motivated attacks.
4/6. Potential for abuse by government and law enforcement
Excerpt from “How period tracking apps and data privacy fit into a post-Roe v. Wade climate” by Rina Torchinsky for NPR:
Millions of people use apps to help track their menstrual cycles. Flo, which bills itself as the most popular period and cycle tracking app, has amassed 43 million active users. Another app, Clue, claims 12 million monthly active users. The personal health data stored in these apps is among the most intimate types of information a person can share. And it can also be telling. The apps can show when their period stops and starts and when a pregnancy stops and starts. That has privacy experts on edge because this data—whether subpoenaed or sold to a third party—could be used to suggest that someone has had or is considering an abortion. ‘We're very concerned in a lot of advocacy spaces about what happens when private corporations or the government can gain access to deeply sensitive data about people’s lives and activities,’ says Lydia X. Z. Brown, a policy counsel with the Privacy and Data Project at the Center for Democracy and Technology. ‘Especially when that data could put people in vulnerable and marginalized communities at risk for actual harm.’
Obviously Critical Role and Dropout are not collecting any sort of data related to their users’ menstrual cycles, but the thing to keep in mind is that any data that is exposed to third parties can be sold and distributed without your knowledge or consent and then be used by disinterested—or outright malicious—actors to de-anonymize your data from other sources, included potentially highly compromising data such as that collected by these period-tracking apps. Data privacy violations have compounding dangers, and should be proactively addressed wherever possible. The more of your personal data exists in the hands of third parties, the more it is to be de-anonymized.
5/6. Targeted misinformation
Data brokers are often incredibly unscrupulous actors, and will sell your data to whomever can afford to buy it, no questions asked. The most high-profile case of the consequences of this is the Facebook—Cambridge Analytica data scandal, wherein the personal data of Facebook users were acquired by Cambridge Analytica Ltd. and compiled alongside information collected from other data brokers. By giving this third-party app permission to acquire their data back in 2015, Meta (then Facebook) also gave the app access to information on their users’ friend networks: this resulted in the data of some 87 million users being collected and exploited.
The data collected by Cambridge Analytica was widely used by political strategists to influence elections and, by and large, undermine democracy around the world: While its parent company SCL had been influencing elections in developing countries for decades, Cambridge Analytica focused more on the United Kingdom and the United States. CEO Alexander Nix said the organization was involved in 44 American political races in 2014. In 2016, they worked for Donald Trump’s presidential campaign as well as for Leave.EU, one of the organisations campaigning for the United Kingdom to leave the European Union.
6/6. The Crux: Right to Privacy Violations
Even if all of the above were not concerns, every internet user should object to being arbitrarily tracked on the basis of their right to privacy. Companies should not be entitled to create and profit from personality profiles about you just because you purchased unrelated products or services from them. This right to user privacy is the central motivation behind laws like the EU’s GDPR and California’s CCPA (see Section 6).
4/7. Refuting Common Responses
1/3. “Why are you so upset? This isn’t a big deal.”
Commenter: Oh, if you’re just talking about third party cookies, that’s not a big deal … Adding a cookie to store that ‘this user clicked on a marketing email from critical role’ is hardly [worth worrying about].
Me: I don’t think you understand what tracking cookies are. They are the digital equivalent of you going to a drive through and someone from the restaurant running out of the store and sticking a GPS monitor onto your car.
Commenter: Kind of. It’s more like slapping a bumper sticker on that says, in restaurant-ese, ‘Hi I’m [name] and I went to [restaurant] once!’
This is actually an accurate correction. My metaphor was admittedly overly simplistic, but the correction specifies only so far as is comfortable for the commenter. If we want to construct a metaphor that is as accurate as possible, it would go something like this:
You drive into the McDonald’s parking lot. As you are pulling in, unbeknownst to you, a Strange Man pops out of a nearby bush (that McDonald’s has allowed him to place here deliberately for this express purpose), and sticks an invisible bumper sticker onto the back of your car. The bumper sticker is a tracker that tells the Strange Man which road you took to drive to McDonald’s, what kind of car you drive, and what (if anything) you ordered from McDonald’s while you were inside. It might also tell him where you parked in the parking lot, what music you were listening to in your car on the way in, which items you looked at on the menu and for how long, if you went to the washroom, which washroom you went into, how long you were in the washroom, and the exact location of every step you took inside the building.
Now, as soon as you leave the McDonald’s, the bumper sticker goes silent and stops being able to report information. But, let’s say next week you decide to go to the Grocery Store, and (again, unbeknownst to you), the Strange Man also has a deal with the Grocery Store. So as you’re driving into the grocery store’s parking lot, he pops out of another bush and goes to put another bumper sticker onto your car. But as he’s doing so, he notices the bumper sticker he’s already placed there a week ago that only he can see (unless you’ve done the car-equivalent of clearing your browser cache), and goes “ah, it’s Consumer #1287499290! I’ll make sure to file all of this new data under my records for Consumer #1287499290!”
You get out of your car and start to walk into the Grocery Store, but before you open the door, the Strange Man whispers to the Grocery Store: “Hey, I know you’re really trying to push your cereal right now, want me to make it more likely that this person buys some cereal from you?” and of course the Grocery Store agrees—this was the whole reason they let him set up that weird parking lot bush in the first place.
So the Strange Man runs around the store rearranging shelves. He doesn’t know your name (all the data he collects is strictly anonymous after all!) but he does know that you chose the cutesy toy for your happy meal at McDonald’s, so he changes all of the cereal packaging labels in the store to be pastel-coloured and covered in fluffy bears and unicorns. And maybe you were already going to the Grocery Store to buy cereal, and maybe you’re actually very happy to buy some cereal in a package that seems to cater specifically to your interests, but wouldn’t you feel at least a little violated if you found out that this whole process occurred without your knowledge? Especially if you felt like you could trust the people who owned the Grocery Store? They’re not really your friend or anything, but maybe you thought that they were compassionate and responsible members of the community, and part of the reason that you shopped at their store was to support that kind of business.
2/3. “Everyone does it, get over it.”
Commenter: [The marketing company working with CR] is an industry standard at this point, particularly for small businesses. Major partner of Shopify, a fairly big player. If you don't have a software development team, using industry standard solutions like these is the easy, safe option.
This sounds reasonable, but it actually makes it worse, not better, that Critical Role and Dropout are doing this. All this excuse tells me is that most businesses using Shopify (or at least the majority of those that use its recommended newsletter service) have a bush for the Strange Man set up in their parking lot.
Contracting with these businesses is certainly the easy option, but it is decidedly not the safe one.
3/3. “They need to do it for marketing reasons.”
Commenter 1: Email marketing tools like [this] use tracking to measure open and click rates. I get why you don’t want to be tracked, but it’s very hard to run a sizeable email newsletter without any user data.
Commenter 2: I work in digital marketing … every single email you get from a company has something similar to this. Guaranteed. This looks totally standard.
I am a web programmer by trade. It is my full time job. Tracking the metrics that Critical Role and Dropout are most likely interested in does not require embedding third-party tracking cookies in their fans’ web browsers. If you feel comfortable taking my word on that, feel free to skip the next section. If you’re skeptical (or if you just want to learn a little bit about how the internet works) please read on.
5/7. Tracking cookies are never necessary
We live in a technocracy. We live in a world in which technology design dictates the rules we live by. We don’t know these people, we didn’t vote for them in office, there was no debate about their design. But yet, the rules that they determine by the design decisions they make—many of them somewhat arbitrary—end up dictating how we will live our lives. —Latanya Sweeney
1/3. Definitions
A website is a combination of 2 computer programs. One of the two programs runs on your computer (laptop/desktop/phone/etc.) and the other runs on another computer somewhere in the world. The program running on your computer is the client program. The program running on the other computer is the server program.
A message sent from the client to the server is a request. A message sent from the server to the client is a response.
Cookies are bits of data that the server sends to the client in a response that the client then sends back to the server as an attachment to its subsequent requests.
A session is a series of sequential interactions between a client and server. When either of the two programs stops running (e.g. when you close a browser tab), the session is ended and any future interactions will take place in a new session.
A URL is a Uniform Resource Locator. You may also sometimes see the initialism URI—in which the ‘I’ stands for Identifier—but they effectively refer to the same thing, which is the place to find a specific thing on the internet. For our purposes, a “link” and a URL mean the same thing.
2/3. What do Critical Role and Dropout want?
These media companies (in my best estimation) are contracting with the digital advertising companies in order to get one or more of the following things:
Customer identity verification (between sessions)
Marketing campaign analytics
Customer preference profiles
Customer behaviour profiles
3/3. How can they get these things without tracking cookies?
Accounts. Dropout has an account system already. As Beacon is a thing now I have to assume Critical Role does as well, therefore this is literally already something they can do without any additional parties getting involved.
URL Query Parameters. So you want to know which of your social media feeds is driving the most traffic to your storefront. You could contract a third-party advertising company to do this for you, but as we have seen this might not be the ideal option. Instead, when posting your links to said feeds, attach a little bit of extra text to the end of the URL link so: becomes or or even These extra bits of information at the end of a URL are query parameters, and act as a way for the client to specify some instructions for the server when sending a request. In effect, a URL with query parameters allows the client to say to the server “I want this thing under these conditions”. The benefit of this approach is, of course, that you actually know precisely what information is being collected (the stuff in the parameters) and precisely what is being done with it, and you’ve avoided exposing any of your user data to third parties.
Internal data collection. Optionally associate a user’s email address with their preferences on the site. Prompt them to do this whenever they purchase anything or do any action that might benefit from having some saved preference, informing them explicitly when you do so and giving them the opportunity to opt-out.
Internal data collection. The same as above, but let the user know you are also tracking their movements while on your site. You can directly track user behaviour down to every single mouse movement if you really want to—again, no need to get an outside party involved to snoop on your fans. But you shouldn’t do that because it’s a little creepy!
At the end of the day, it will of course be more work to set up and maintain these things, and thus it will inevitably be more expensive—but that discrepancy in expense represents profit that these companies are currently making on the basis of violating their fans’ right to privacy.
6/7. Breaking the Law
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her [...] The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information. — General Data Protection Regulation, Art. 21
Nobody wants to break the law and be caught. I am not accusing anyone of anything and this is just my personal speculation on publicly-available information. I am not a lawyer; I merely make computer go beep-boop. If you have any factual corrections for this or any other section in this document please leave a comment and I will update the text with a revision note. Before I try my hand at the legal-adjacent stuff, allow me to wade in with the tech stuff.
Cookies are sometimes good and sometimes bad. Cookies from someone you trust are usually good. Cookies from someone you don’t know are occasionally bad. But you can take proactive measures against bad cookies. You should always default to denying any cookies that go beyond the “essential” or “functional” categorizations on any website of which you are remotely suspicious. Deny as many cookies as possible. Pay attention to what the cookie pop-ups actually say and don’t just click on the highlighted button: it is usually “Accept All”, which means that tracking and advertising cookies are fair game from the moment you click that button onward. It is illegal for companies to arbitrarily provide you a worse service for opting out of being tracked (at least it is in the EU and California).
It is my opinion (and again, I am not a legal professional, just a web developer, so take this with a grain of salt) that the links included in the newsletter emails violate both of these laws. If a user of the email newsletter residing in California or the EU wishes to visit any of the links included in said email without being tracked, they have no way of doing so. None of the actual endpoints are available in the email, effectively forcing the user to go through the third-party domain and submit themselves to being tracked in order to utilize the service they have signed up for. Furthermore, it is impossible to unsubscribe directly from within the email without also submitting to the third-party tracking.
[ID: A screenshot of the unsubscribe button in the CR newsletter alongside the page HTML which shows that the target destination for the anchor element is a trk.klclick.com page. End ID.]
As a brief aside: Opening the links in a private/incognito window is a good idea, but will not completely prevent your actions from being tracked by the advertiser. My recommendation: install uBlock Origin to warn you of tracking domains (it is a completely free and open-source project available on most major web browsers), and do not click on any links in either of these newsletters until they change their practices.
Now, it may be the case that the newsletters are shipped differently to those residing in California or the EU (if you are from either of these regions please feel free to leave a comment on whether or not this is the case), but ask yourself: does that make this any better? Sure, maybe then Critical Role and Dropout (or rather, the advertising companies they contract with) aren’t technically breaking the law, but it shows that the only thing stopping them from exploiting your personal data is potential legal repercussions, rather than any sort of commitment to your right to privacy. But I expect that the emails are not, in fact, shipping any differently in jurisdictions with more advanced privacy legislation—it wouldn’t be the first time a major tech giant blatantly flaunted EU regulations.
Without an additional browser extension such as uBlock Origin, a user clicking on the links in these emails may not even be aware that they have interacted with the advertising agency at all, let alone what sort of information that agency now has pertaining to them, nor do they have any ability to opt out of this data collection.
For more information about your right to privacy—something that only those living in the EU or California currently have—you can read explanations of the legislations at the following links (take note that these links, and all of the links embedded in this paper, are anchored directly to the destinations they purport to be, and do not sneakily pass through an additional domain before redirecting you):
7/7. Conclusion
Never attribute to malice that which can be adequately explained by neglect, ignorance or incompetence. —Hanlon’s Razor
The important thing to make clear here is this: Even if Critical Role and Dropout are not directly selling or exploiting your personal data, they are still profiting off of it by contracting with, and receiving services from, companies whom I believe are. You may not believe me.
I do not believe that the management teams at Critical Role and Dropout are evil or malicious. Ignorance seems to be the most likely cause of this situation. Someone at some marketing company told them that this type of thing was helpful, necessary, and an industry standard, and they had no reason to doubt that person’s word. Maybe that person had no reason to doubt the word of the person who told them. Maybe there are a few people in that chain, maybe quite a few. I do not expect everyone running a company to be an expert in this stuff (hell, I’m nowhere close to being an expert in this stuff myself—I only happened to notice this at all because of a browser extension I just happened to have installed to block ads), but what I do expect is that they change their behaviour when the potential harms of their actions have been pointed out to them, which is why I have taken the time to write this.
PS. To the employees of Critical Role and Dropout
It is my understanding that these corporations were both founded with the intention of being socially responsible alongside turning a profit. By using services like the ones described above, you are, however unintentionally, profiting off of the personal datasets of your fans that are being compiled and exploited without their informed consent. You cannot say, implicitly or explicitly, “We’re not like those other evil companies! We care about more than just extracting as much money from our customers as possible!” while at the same time utilizing these services, and it is my hope that after reading this you will make the responsible choice and stop doing so.
Thank you for reading,
era
Originally Published: 23 May 2024
Last Updated: 28 May 2024
#critical role#dimension 20#dropout#dropout tv#brennan lee mulligan#sam reich#critical role campaign 3#cr3#midst podcast#candela obscura#make some noise#game changer#smarty pants#very important people#web security#data privacy#gdpr#ccpa#open letter
10 notes
·
View notes
Text
Exciting News: Blog 6 Coming Soon!
Hey, gamers and tech enthusiasts! 🎮✨
We are thrilled to announce that Blog 6: "Delving into the Core Components of the QorTrola Gaming Ecosystem: Privacy, Security, and Beyond" will be published later today! 🚀 And available to read on my blog site @
In this blog, we’ll explore:
Privacy and Security: How we ensure your data stays safe.
Incentivizing Fair Play: The innovative reward systems we’re implementing.
DePIN Technology: Bridging Web2 and Web3 gaming for a seamless experience.
Implementation Plan: Our step-by-step journey from concept to reality.
Real-World Applications: Practical use cases that showcase our vision.
Market Insights: Understanding the gaming and blockchain landscape.
Stay tuned for in-depth insights and groundbreaking information on how QorTrola Gaming plans to revolutionize the gaming world with cutting-edge technology and innovative approaches. 🔒💡🌐🎮
Don't miss out! Follow us and be part of this exciting journey. Your feedback and support are invaluable as we move from concept to reality. ⏰
See you soon in Blog 6!
#digitalcurrency#solana#token#depin#defi#technology#games#bitcoin#ethereum#iotex#web 3.0#web 2.0#iotsolutions#hardware#decentralization#blockchaingaming#blog#blockchain#QorTrolaGaming BlockchainGaming Web3 GamingInnovation DePIN Privacy Security FairPlay GamingCommunity FutureOfGaming
5 notes
·
View notes
Text
I finally switched to @firefox-official as my default browser!! Just installed lots of great extensions (most of which I found from this post) and I’m so excited about it!
I’ve put this off for months because it felt like a difficult task, but Google’s stupid AI answers from every search has been the final straw for me and now that I finally spent the six minutes it took to switch to Firefox and then another few minutes to install some good extensions I can’t believe I didn’t do this sooner.
For everyone else who has been putting this off like I did, this is your sign to go forth and make the switch!!
#firefox#search engines#firefox extensions#useful#extensions#browsers#web browsers#mozilla#google#enshittification#google search#privacy#search engine#duckduckgo
4 notes
·
View notes