Digital Rights – Fundamental Software, LLC

Google has quietly dropped ban on personally identifiable web tracking

Google has reversed an earlier made promise on privacy and will now allow personally identifiable web tracking:

We may combine personal information from one service with information, including personal information, from other Google services — for example to make it easier to share things with people you know. […] Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google. […]

Advertisers know exactly who you are… the data is NOT anonymized

Advertisers know who you are, where you go, when you go there and how much time you spend where you are: Advertisers will be able to upload email lists to target customers and similar audiences with ads on search, Gmail and YouTube.

This shows, yet again, that the claims about the data being anonymized, are false. This capability enables advertisers and those buying advertising time/space from (in this case) Google, to say “here’s an individual I want to show my ads to”(*).

What was that about “we don’t know who you are, you’re just an anonymous number to us“, you say? When the number is you, uniquely you, then you’re not anonymized, instead, you’ve been given an (additional) alias which makes it easier to be identified, not harder.

IvyDNS prevents you from ever being recorded as one of these (non-) ‘anonymous numbers’ in the first place. And even if you were recorded in the past, it makes your future footprints melt away before anyone gets a chance to see them. IvyDNS’ Artificial Intelligence contains comprehensive information about the purpose of domains used in tracking you, serves malware, serves advertising, invades your privacy.

(*) Interestingly, this also opens up a mechanism for those using advertising networks as delivery mechanisms for malware, to target very specific individuals for infection with their malware.

Tool in the spotlight: Random Agent Spoofer

Tool in the Spotlight: Random Agent Spoofer, a Firefox extension that gives you control over how your browser identifies to sites you visit.

Many sites create a fingerprint of you when you visit them. Usually, this information contains the ‘User Agent’ string, which (oversimplified) is a combination of the name of your browser, its version together with the name of your operating system with its version (this is much oversimplified, check out the wikipedia page for more info). This is useful information for those operating the sites you visit because it enables them to send you content that is specific to your browser. Specifically, if the site detects that you are visiting them using a mobile browser/device, it will send the mobile version of the site; if it sees a desktop browser or device, it sends the desktop version of the site.

However, with HTML5 and CSS3 in specific, websites no longer need to have multiple versions for different browsers, they can use “media selectors” to have the site render correctly instead.

The remaining use of the user agent string is being reduced to just fingerprinting you so that you can be uniquely identified based on what your browser tells the site it is and is capable of using a technique called browser fingerprinting. So even though you aren’t logged into the site, it knows it is you before you told it that it is you. Obviously, we are not a fan of this kind of thing. No-one should be forced to identify or legitimize themselves unless out of their own volition.

Enter Random Agent Spoofer, a tool that is part of the solution by changing the way your browser identifies to sites. It makes it super easy to select a particular browser and version you want to impersonate or you can set it up to change how it identifies every so often by itself. Once configured, there’s nothing you need to do.

Obviously, and similarly to other tools we highlight, this tool is not the one, single tool to use which will solve all your problems, but it adds to making it harder for sites to identify you as you visit them.
On top of that, Random Agent Spoofer gives you control over script injection, cookie behavior, headers sent to the site when you request it, etc… all making it harder for the site to figure out who you are (and make their efforts to do so, more frustrating and less accurate).

Check out the tool here. This tool is an open source tool currently hosted on GitHub, which means that you can look at the source code and figure out what exactly it is that it does, and how it does it – if that’s your thing (it is for us).

NOTE: we are entirely unaffiliated with whoever produces this tool, we receive no compensation whatsoever from them.

Power in the age of the feudal internet

While this article is already a couple years old, someone recently reminded us about it. The Internet started out as a way to build resilient systems: systems that could deal with black-outs or the disappearing of a server. And if one went down, we’d just prop up another one.

When ‘Cloud’ was the newest buzz-word, we were told that it would give us flexibility: if we didn’t like our current provider, we could pick up and move to another – it’s all in the cloud anyway, whether it’s over here or over there, it doesn’t matter, right?

Sadly, the cloud has become a mist. A mist preventing us from seeing what could have been. It prevents us from venturing out because we can’t move from one provider to another.

Regardless of how you feel about it, “Power in the Age of the Feudal Internet” is an interesting read.

Web-of-Trust add-on caught selling out its users

The Web-of-Trust (WoT) add-on for Firefox and/or Chrome has been removed from the add-on repositories for Firefox and Chrome. Some excellent sleuthing(*) by the Norddeutscher Rundfunk revealed that the WoT add-on was selling data which can uniquely identify its users to other parties, without ever asking for consent for this, let alone in a clear and proper way.

On top of this, WoT made claims about anonymizing the data but, as is almost always the case, the data was either not anonymized at all or the anonymization is useless and individual users can be deduced from the data. If the article is correct, then it appears that the latter is the case, that these claims appear to be unsubstantiated and grossly misleading, and that WoT is no different from other privacy-invaders.

This is just another example of the kind of limitations that you face when you try to enhance your privacy through browser add-ons or extensions: they see everything you see and it only takes a single, rogue add-on to compromise you, your privacy and your security. And while most of these tools are valuable and useful, you need a more comprehensive tool to secure you, your on-line safety and your privacy.

This is where IvyDNS comes in: it prevents connections to undesirable domains and it does it on a deeper, more fundamental networking level than browser add-ons. IvyDNS’ Artificial Intelligence contains comprehensive information about the purpose of domains and blocks access to those that are undesirable, whether that is because the domain is used in tracking you, serves malware, serves advertising, invades your privacy, etc.

IvyDNS is also built so that it does not ever receive the kind information that WoT is reselling. This is because IvyDNS receives only DNS requests: ‘What is the IP address for domain X’. It never receives information about which page you are requesting, or even which protocol you will be using to talk to that server. You could be asking for the IP address of a domain because you want to check your e-mail, you want to visit a web page on it, or there’s an app that pulls data from there, etc… IvyDNS does not ever see or receive the purpose of requests (nor requests made to non-IvyDNS servers).

The reason for this is simple. It is none of our business, and it would be wrong to pull ‘stunts’ as described in the linked articles. We built IvyDNS with these considerations in mind. It offers deep protection from top to bottom and it keeps you secure, undisturbed and as private as it can, while you are on-line!

You can read the original article on NDR.de (in German) about WoT selling out its users, and read about it over at The Register.

The guiding principle of the big web-players

The guiding principle of the big web-players, like Facebook, Google, and others, is that the value provided to the users is vastly less than the value of the data that they accumulate on said users.

Surveillance is creepy!

A person in an unmarked car following your every move and watching you 24/7 is considered creepy or requires a warrant, but replace this with an ever-expanding army of all-seeing machines who pry into everything you do on-line and everyone thinks that this is just dandy.

These all-seeing machines are obviously the tracking pixels, scripts, the browser-fingerprinting, the telemetry-collection, the displayed adverts, and whichever other mechanism or euphemisms used for surveillance, on pretty much every website you use.

We, at Fundamental Software, vehemently reject the idea that this type of surveillance is acceptable and we share insights, tools and conduct research and development to fight back!

IvyDNS is an online service that respects your privacy. It makes it significantly harder for these third parties to track users on-line.

Windows 10 telemetry blatantly disregards user choice and privacy

With Windows 10, Microsoft blatantly disregards user choice & privacy. That’s not (just) us saying this, these are the good folks over at the Electronic Frontier Foundation.

Head over to the EFF’s page for the full article, which is most definitely a worthwhile read.

The amount of data that Windows 10 ‘telemetry’ sends back to Microsoft has, without exaggeration, never been greater: which apps you use, how long you use them, when you use which one, which sites you go to, how long you spend on them, even including your text input (yes, that’s what you type), etc… The list of data points that is collected on you and sent back to Microsoft goes on and on and on…

And sadly, one of the main purposes of this all is to profile you and be able to present you with advertising. You can turn if off now if you want, but unfortunately that’s not a guarantee that your devices will obey you nor does it mean that it will stay off when new ‘critical updates’ are pushed onto your devices.

Fortunately, even if you installed Windows 10 (be it willingly or unwillingly), IvyDNS monitors the domains in use by this ‘telemetry collection’ and prevents devices from connecting to them! In fact, IvyDNS keeps a special eye on these telemetry domains… because if your devices can’t reach these domains, they also can’t send the data back to them!

Why privacy matters

Over the last 16 months, as I’ve debated this issue around the world, every single time somebody has said to me, “I don’t really worry about invasions of privacy because I don’t have anything to hide.” I always say the same thing to them. I get out a pen, I write down my email address. I say, “Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide.” Not a single person has taken me up on that offer.

Glenn Greenwald in Why privacy matters – TED Talk

We do not use google analytics

Have you noticed that we don’t run Google Analytics on this site? If you’ve ever used it, you’ll be very well aware of the level of detailed in the information it gathers. When used and activated, it knows who you are, tracks you as you browse from page to page, knows how far down a page you scroll and much, much more, it even follows you from one site to another, because everyone else is using it. All of this information is used to build up a detailed profile of you based on your behavior and habits, all for a single purpose: to sell you on as a ‘known quantity’ to advertisers.

At Fundamental Software, we take privacy very seriously and we think that Google Analytics is a huge invasion of privacy. We therefore do not use it (Take a look at the requests sent by your device when you pull up this website, you’ll notice that those requests only go to our servers and not some set of unknown third parties that hitch a ride to display advertising or collect metrics.).

IvyDNS protects by default from Google Analytics’ (and other’s) prying eyes, even on sites that do use it or other metric-collection (e.g. New Relic). With IvyDNS, you literally stay under the radar of most of the prying eyes on-line.

This is just one of the ways that we walk the walk and don’t just talk the talk!