Blocking Google and Facebook tracking using Ad Block Plus and Ghostery

abp_ghostery_iconsI was suprised to find out that both Google and Facebook were still tracking me after I installed “Ad Block Plus” with the “EasyPrivacy” subscription.

Facebook “like” widget not blocked on CNN.com

I was on CNN.com and I saw this little Facebook thingy:

follow_us

I expected that to be blocked by “Ad Block Plus” because I subscribe to the “EasyPrivacy” list. I started Firebug to see that the iframe was there and that is was loaded from the Facebook website:

cnn_follow_html

In the “blockable items” I verified that this widget was not blocked:

blockable_items2

This was unexpected to me, so I began to dig a little deeper in the workings of “Ad Block Plus”.

Google AdSense not blocked on nu.nl

On the Dutch news website (nu.nl) I saw that Google was whitelisted (shown green). I quickly found the filter source by hovering the rule, it said “Allow non-intrusive advertising”:

blockable_items

I was not aware of me allowing any tracking, especially not from Google. The main reason I have this plugin installed is to keep Google away. So, as you can understand I was not happy. How come “Ad Block Plus” had suddenly (from July 2013 according to dottech.org) decided some advertisers were better than others? Also why did “EasyPrivacy” not protect me against Facebook?

After some searching I found that this filter (that was enabled during the 2.0 update of the plugin) could be triggered with an obscure checkbox:

firefox_non_intrusive

This “acceptable ads feature” (as they call it themselves) is enabled by default as you can read in the “acceptable-ads” FAQ. Also, they are admitting that they are being paid:

…we are being paid by some larger properties that serve non-intrusive advertisements… – source

So what do you think? Has “Ad Block Plus” been paid by Google to unblock them? And why does the “EasyPrivacy” subscription not cover Facebook? Have they also been paid for that? (edit: The “Fanboy” subscriptions do block Facebook)

Ghostery to the rescue

I therefore decided to install Ghostery. This is another tool that promises to block tracking efforts. However, you must make sure that you configure it correctly:

  1. Options – General – Sharing options – Disable GhostRank
  2. Options – General – Blocking Options – Trackers – Select all
  3. Options – General – Blocking Options – Cookies – Select all
  4. Options – Advanced – Display Options – Select none
  5. Options – Advanced – Performance Options – Select all

Ghostery does not make a secret of their business model:

…it’s is made by an advertising company called Evidon … it is a Web tracking blocker that actually helps the ad industry – source

And remember, whenever you are not paying for a service, you are the product. So you better understand the business model behind these services. The business models of the “Ad Block Plus” and “Ghostery” plugins are (now) clear to me. This does NOT mean I endorse the use of these plugins. There are many arguments to use and also many to not use these plugins. Please  keep a critical mind and decide for yourself!

Share

2 Click Social Media Buttons

There is a strict cookie law in the European Union stating (source: www.ico.gov.uk):

Information to be provided

Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

And also stating:

Exemptions from the right to refuse a cookie

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

(a) for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

Not everybody knows that social media buttons (provided by social media networks) set cookies and track user behavior. We are talking about the standard Facebook-Like button (or Twitter/Google+/LinkedIn/etc) buttons you see under almost every post on a blog. Clicking these buttons register that the reader liked the post. This may be beneficial for the writer of the article, because this way the article is spread faster. Unfortunately the buttons also transmit information to the social media networks when the reader did not click them. This is not communicated to the reader, but also not necessary to provide the requested service and thus in violation of the cookie law.

A solution is described in the (German) heise.de article 2 clicks for more data protection. It makes you click twice: once to enable the button and the second click is the actual “like” or “recommend”. This is a very user-friendly solution that we have enabled on our website (as you can see below).

For more information you may want to read the (hard to understand) cookie directive (source: eur-lex.europa.eu):

(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.

Share