Oh, no no no, this is actually just a plane shedding its skin, like a snake. In actuality, humans just fly around in the shed skin; you wouldn't believe the industrial plane farms we have to encourage the shedding of skin we can use.
Microsoft is the biggest offender of this. Use edge browser at work because have to and this don’t show again for password saving never does a damn thing. Why admins in a workplace would ever even allow option of password saving is beyond me as it seems like a risky move.
Dude, I had this exact conversation with our compliance team. They told me I couldn’t write literally anything client-side unless the user agreed. They also insisted that I always show the cookie banner if there wasn’t a cookie. Dumbest shit ever. Used the litany of user bug reports on day 1 to tell compliance to go fuck themselves.
The GDPR literally does not apply for non-personal data. I don’t get why companies are so ridiculous with their cookie banners. Nevermind that they have no qualms violating the GDPR in plenty other places.
Especially the ones that are so fucking obnoxious that you have to go through it to even view the site. I don’t bother most of the time. The banner should be unobtrusive AND there should be a button that rejects all. I shouldn’t have to go and click edit preferences, uncheck a bunch of check boxes, the click confirm. There are some sites that are doing it correctly, but they are few and far between.
Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.
We’re a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I’m well aware of the details and deal with compliance on a nearly daily basis. The only justification was “just to be safe”, which is why they quickly acquiesced to storing the string “false” after pushback.
Besides using session cookies, they can track user agent and IP address. The two in combination will be unique enough. There are further metrics to make a unique identifier, but I think this is sufficient explanation.
Edit: Seems like people who don’t know how to program besides super default methods are downvoting me.
You don’t need cookies to hold session ID. If you programmed in the earlier days, you’d actually even know cookie session wasn’t even the most common method before. For example, session ID can be passed around in the URL as another query parameter. You can even literally turn off cookie option in sessions in languages like PHP (ex: www.php.net/manual/en/session.configuration.php#i…). These kind of practice is still relatively quite common as it allows greater flexibility and not have your session ID bound to a domain.
Furthermore, you don’t have to be restricted by the confines of whatever existing tools you already have. Like in the example I gave at the beginning, you can create your own unique identifiers. You don’t have to use preexisting concept of session at all. If you can create any unique key-value pair, you can track and keep data without the use of sessions. Programmers are hired to create things that never existed before, be more creative.
Either you store it in a cookie which the browser passes to the server for you, or you store it in a url parameter and you (or your html / temp laying Generation framework, or some JavaScript manipulation) needs to ensure all links or other server calls like POST, will need to include that session ID passed back to the server.
And this talk about IP addresses is complete nonsense because of Proxies and NAT and a ton of other reasons. You can attempt to use it in combination with a session ID, but you certainly cannot use that alone.
Actually for most people, the browser sends enough information in the headers, ignoring cookies, to identify them as unique. You can check out an experiment about this at www.amiunique.org/fingerprint. Combining that with an ip gets you pretty close.
Well that’s still a form of session ID. But you are saying things like “most people” and “pretty close”, so it’s not a very good session ID, since it’s not guaranteed to be unique.
First of all, this comment chain is about being able to keep tabs on someone without storing information locally on the user’s computer. If we create a new form of session ID equivalent that doesn’t store information locally, I have achieved the goal to the problem that was raised. The issue wasn’t whether or not we needed concept of something equivalent to a session ID.
[…] will need to include that session ID passed back to the server.
Yes, that’s exactly what we used to do in the '00s. Look at softwares like osCommerce v1 and 2. We literally put money behind this method of tracking.
And this talk about IP addresses is complete nonsense because of Proxies and NAT and a ton of other reasons. You can attempt to use it in combination with a session ID, but you certainly cannot use that alone.
Yes, you can use that alone. Without session ID. The other commenter already addressed why this isn’t true. Also context matters. Pretty close is a good enough of a session ID replacement for purpose of tracking whether or not they consented to the cookie policy. If I did a concat of IP, and various fingerprints (and put a hash on it to make it shorter), I can easily reach one in trillion probabilities. I wouldn’t build a secure military website on it because it’s easily forgeable, but it’s more than enough for cookie policy popup.
Depends on how the site is written to handle it. There's plenty of shopping carts, for instance, that do this. Other stuff, too. Here's a discussion of how it can be done with PHP on the server side. There's other options, as well.
it makes sense but the comic is slightly confusing because I think the character should be smiling in the last frame, as if thinking, hey they didn’t lie, it really doesn’t use cookies
make site notification that they don’t use cookie actually use cookie but code pages to always display notification be celebrated by users sell tracking data win from both ends
this is why I’m suspicious of everyone, all the time
Neither really. Telegram is closed source on the servers and is known to cooperate with governments and law enforcement. Signal is the better option but I refuse to use an app that requires my phone number when alternatives like Matrix; XMPP; and Session exist. My phone number is tied to my name; address; and payment methods. It’s not a small ask of Signal in my opinion.
IMO Signal is about having private communications, not anonymity. Sure, apps like SimpleX Chat and Session are great, but they are useless without someone to chat with. Signal is, for the average user, the perfect balance of privacy and convenience. Your chances of getting people to switch to Signal are higher than to others because of its simplicity.
I did this for the longest time until I realised that because AdGuard works best as a virtual VPN, it is unable to run alongside an actual VPN. Luckily my VPN (and many others) support ad blocking too.
That’s not what I’m talking about. I meant to say that AdGuard on mobile (Android) runs by pretending to be a VPN in order to intercept all connections and filter the ads out of them. This works great to remove ads in apps, etc.
However, because it hooks into the VPN interface you can’t then run another VPN (for example Proton VPN) because Android only allows one VPN to run at any time.
Oh you’re talking about AdGuard VPN not solely the main AdGuard product. Definitely not ideal. It doesn’t offer the same level of features as my current VPN who offers ad blocking anyway. Not to mention a few suspicious quotes from their website:
AdGuard VPN protocol uses the most secure and fast encryption algorithm to date – AES-256
From the very outset, we resolved to develop and deploy an in-house VPN protocol instead of picking a canned solution — that’d be too easy
We are going to make our protocol implementation publicly available in the future. Sadly, right now we don’t have enough time to prepare the project
we collect data about how you interact with our services, how much traffic you’ve used, and for how long have you been using our services
ADGUARD SOFTWARE LIMITED is a company registered in Nicosia, Cyprus, registered office is at Klimentos 41-43, KLIMENTOS TOWER, Flat/Office 25, 1061, Nicosia, Cyprus and acts as the data controller when processing your data
Considering Cyprus telecommunications laws it doesn’t seem like the safest place to headquarter a telecommunications privacy company.
Adguard has been a trusted company in the adblocking space for a very long time, and their CEO and company is quite openly active in the privacy and cybersecurityrealm, so that’s important.
That said, their VPN is a really new product, so there’s a lot of room for improvement.
They do have the best adblocking solution, in my opinion, so if VPN is also needed, they give you something for that. The alternatives are often messy or not totally compatible.
For me, it works great for bypassing geo restrictions, but my threat model isn’t on the extreme end. I got a plan really cheap, so it saves me money over PIA and Windscribe, which i used previously (and sucked for streaming).
I do suggest that everyone find a solution that works for them, regardless of who they go with.
If I had to pick only one of the two, I’d prefer local blocking because it cannot only not load ads, but also remove the placeholder/frame the ad would’ve been in. It’s also better at circumventing anti-adblock scripts.
That being said, DNS-based blocking is great outside of browser use, and it blocks many ads and tracking attempts in mobile and desktop apps.
A combination of both is best, really. I use uBlock Origin in the browser (or AdGuard Pro with Safari on Mac and iPhone) and then NextDNS. NextDNS is configured rather conservative though, because it can cause things to break otherwise, and that’s hard to manage when you’re not the only use of your network.
Another benefit of using uBlock Origin is the ability to use the cosmetic filters so you can remove elements from the page that aren’t served as ads in the typical sense. As an example when you’re reading an article and there’s an obnoxious box half way through that says CONSIDER SUBSCRIBING etc. It’s not loading any external resources, it’s just inlined HTML. But you can enter element picker mode and if you are able to uniquely target that element you can filter it out.
DNS-based blocking more complete for your whole network, independent of the device settings for tech-avers users/kids. DNS-based blocking is less flexible for all users in the network - especially when you need to make exceptions for certain sites. They are also limited to your home network, unless you have a VPN server. Therefore, for mobile devices app-based blocking is the main way to go. Consequently, both make sense and your use case is relevant.
Signal. Also, the solution to the “no-one on signal” problem is simply to refuse to use insecure platforms like WhatsApp. If people want to talk to you then, they have to download signal. They might get annoyed with you, but sometimes a bit of coercion is necessary to get people to do what’s good for them.
kerala.party
Hot