Jump to content
DOSBODS
  • Welcome to DOSBODS

     

    DOSBODS is free of any advertising.

    Ads are annoying, and - increasingly - advertising companies limit free speech online. DOSBODS Forums are completely free to use. Please create a free account to be able to access all the features of the DOSBODS community. It only takes 20 seconds!

     

  • 0

"Legitimate interest" cookie / website blocker?


Herby
 Share

Question

Just that really. Disable cookies whenever possible but legitimate interest is also a pain in the ass.  Anyone know a way to block automatically?

Link to comment
Share on other sites

15 answers to this question

Recommended Posts

  • 0
Harley

I read they aren't meant to do anything until you have responded to the cookie message.  NoScript can often block that (cookielaw, etc scripts) and sometimes I just leave it unanswered if I can still read the site.  Failing that and faced with a long list of "agreed to" legitimate companies I just close and move on.

Link to comment
Share on other sites

  • 0
spunko
On 29/05/2021 at 16:03, Herby said:

Just that really. Disable cookies whenever possible but legitimate interest is also a pain in the ass.  Anyone know a way to block automatically?

Do you mean block all cookies by default? You can do that in your browser already under Settings. 

Or do you mean the cookie warnings?

Link to comment
Share on other sites

  • 0
DTMark

Blocking all cookies just breaks any useful websites. It's better to use a browser like Firefox which has built-in privacy controls, for example it prevents Facebook tracking. I think Apple were to do the same with Safari.

  • Informative 1
Link to comment
Share on other sites

  • 0
39 minutes ago, spunko said:

Do you mean block all cookies by default? You can do that in your browser already under Settings. 

Or do you mean the cookie warnings?

It's the options on websites. Cookies are fairly quick to disable but the ones for "legitimate interest" seem to have a list of about 400 suppliers... To be honest not quite sure in what context they are used but I like to turn off everything optional I can! (Secret squirrel occupational history 😎😎)

Link to comment
Share on other sites

  • 0
DTMark

The main issue here is something that should have been tackled ages ago and that is cross-site data gathering.

If you access a site with one particular domain name, say, this one, then your browser should only load content from that domain.

However over time it has become commonplace for websites to insert commands to make the browser fetch bits of the page from other domains. Examples might be images or scripts. One common script is the Google tracking script. So each page access to the site also makes a request to Google who log that. The website owner can then retrieve data about the number of website visitors by accessing their Google account.

This should have been stopped immediately because the user is not aware of what is happening. It is this technique that Facebook and others can use to follow people around the internet. If the Facebook script is on a page that you visit, Facebook will find out that you've been there.

In such cases Firefox shows a "Facebook blocked" icon in the address bar and silently prevents that script from executing. However it doesn't do it for everything, only for sites which are known to gather user data to exploit it. It's being done on an exception basis - Facebook is one blocked site.

Ideally, every domain other than the one showing in your address bar should be blocked when you load a page in that domain, however because of the lax security implemented by browsers in the past this would break a multitude of things across many websites.

  • Informative 2
Link to comment
Share on other sites

  • 0
Harley

 

14 minutes ago, DTMark said:

The main issue here is something that should have been tackled ages ago and that is cross-site data gathering.

If you access a site with one particular domain name, say, this one, then your browser should only load content from that domain.

However over time it has become commonplace for websites to insert commands to make the browser fetch bits of the page from other domains. Examples might be images or scripts. One common script is the Google tracking script. So each page access to the site also makes a request to Google who log that. The website owner can then retrieve data about the number of website visitors by accessing their Google account.

This should have been stopped immediately because the user is not aware of what is happening. It is this technique that Facebook and others can use to follow people around the internet. If the Facebook script is on a page that you visit, Facebook will find out that you've been there.

In such cases Firefox shows a "Facebook blocked" icon in the address bar and silently prevents that script from executing. However it doesn't do it for everything, only for sites which are known to gather user data to exploit it. It's being done on an exception basis - Facebook is one blocked site.

Ideally, every domain other than the one showing in your address bar should be blocked when you load a page in that domain, however because of the lax security implemented by browsers in the past this would break a multitude of things across many websites.

Is that what NoScript means when it blocks cross site scripts?  Alas only on my PC.

Link to comment
Share on other sites

  • 0
DTMark
8 minutes ago, Harley said:

 

Is that what NoScript means when it blocks cross site scripts?  Alas only on my PC.

Yes. It's specifically cross-site scripts which are the problem. If all scripts were blocked then among other things, this text editor box into which I'm typing now wouldn't work and yet there is nothing to fear from it.

Link to comment
Share on other sites

  • 0
spunko

It's overkill IMO to block all JS or all cookies. I just use Firefox + Ghostery + uBlock Origin (with custom filters include Prebakw) + Canvas Blocker.

It stops the majority of trackers and neverdowells. There's no such thing as 100% privacy on the internet.

  • Agree 1
Link to comment
Share on other sites

  • 0
Harley
44 minutes ago, DTMark said:

One common script is the Google tracking script

Do you know the script host?  Is it buried in one of the generic ones called for common functions (cdns?).   I ask because I block virtually all Google, etc scripts on my pc but not all.

Link to comment
Share on other sites

  • 0
Harley
12 minutes ago, spunko said:

It's overkill IMO to block all JS or all cookies. I just use Firefox + Ghostery + uBlock Origin (with custom filters include Prebakw) + Canvas Blocker.

It stops the majority of trackers and neverdowells. There's no such thing as 100% privacy on the internet.

Could you know my Google account name?  I use Noscript, etc on my pc but mobile seems problematic.  But then android is essentially spyware!

Link to comment
Share on other sites

  • 0
spunko
1 minute ago, Harley said:

Could you know my Google account name?  I use Noscript, etc on my pc but mobile seems problematic.  But then android is essentially spyware!

No. The only information I can see is your IP address and email you use to login. The only way I would be able to see your Google account name is if I integrated Single Sign On (SSO) i.e. login to your Google account here.

Suffice to say I never will add SSO... it's a terrible thing.

  • Cheers 1
Link to comment
Share on other sites

  • 0
nirvana
32 minutes ago, spunko said:

I just use Firefox + Ghostery + uBlock Origin

ditto I use this stuff on chromium.....plus I have an addon called 'cookie remover' that I just removed 8 cookies from dosbods......dunno what spunko is doing with these cookies lol

Link to comment
Share on other sites

  • 0
DTMark
29 minutes ago, Harley said:

Do you know the script host?  Is it buried in one of the generic ones called for common functions (cdns?).   I ask because I block virtually all Google, etc scripts on my pc but not all.

www.google-analytics.com

Link to comment
Share on other sites

  • 0
Harley
Posted (edited)
2 hours ago, spunko said:

No. The only information I can see is your IP address and email you use to login. The only way I would be able to see your Google account name is if I integrated Single Sign On (SSO) i.e. login to your Google account here.

Suffice to say I never will add SSO... it's a terrible thing.

Ta.  I was more wondering generically as a site owner/web admin, given what was said.  I was wondering if a site can look up the Google account when an Android mobile visits their site.

2 hours ago, DTMark said:

www.google-analytics.com

I defo block that one - a total give-away that one! :)

Edited by Harley
Link to comment
Share on other sites

  • 0

I keep it simple by telling Firefox to delete all cookies and data when the browser is closed, then have a whitelist of sites allowed where I want to stay logged in across sessions or I use the site often enough that I don't want to have to keep dealing with the cookie pop-up each time.

I don't log into facebook or google with this browser so all that additional tracking is bypassed. I use a different browser for stuff like that including online banking and anything I want to remain isolated from my general browsing activity. Presumably browsers can't access each others data so using different browsers keeps things isolated.

  • Informative 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 180 Best "Classic" Bond Film

    You do not have permission to vote in this poll, or see the poll results. Please sign in or register to vote in this poll.
  • Latest threads

×
×
  • Create New...