Stop sites from selling your data with these privacy extensions
We talked about the privacy initiative Global Privacy Control (GPC) before here on Ghacks. GPC looks similar to Do Not Track on first glance. Both submit information to websites on connect that "tells" site owners about a user's privacy preferences.
Unlike Do Not Track, which was largely ignored by sites and companies, and even detrimental to a user's privacy because it made users stick out more, GPC is fueled by the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR).
The Californian law mentions "user-enabled global privacy controls" in requests to opt-out, and a "browser-plugin or privacy setting, device setting, or other mechanism" in particular as one of "two or more designated methods for submitting requests to opt-out" that businesses shall provide.
The caveat is that the law does not make the global control a must, as it is listed besides methods to opt-out on websites, by phone, a form, or a form submitted in person. GPC is backed by a number of companies and organizations, including the EFF, Automattic, DuckDuckGo, Brave, Mozilla, and the Financial Times.
Only Brave and DuckDuckGo have implemented GPC already in their browsers. Others, like Mozilla, have expressed interest but appear to be waiting for GPC to be introduced as a web standard or draft, before it is implemented.
Since most Internet users are not using Brave or the DuckDuckGo browser, it is extensions that they may rely on to send the GPC signal with the browser.
Browser extensions such as Privacy Badger, available for Google Chrome Firefox, Microsoft Edge and Opera, or OptMeowt, available for Chrome and Firefox, add the signal to the browser so that it is submitted to the visited sites. Most Chromium-based browsers should install the listed extensions fine.
To test whether the signal is submitted, visit the official Global Privacy Control site; it lists the status of the GPC signal at the top of the startpage.
One question has not been answered yet: should you configure your browser to send the signal right now, or should you wait until it is more widely adopted? The information may be used when it comes to fingerprinting, especially in the beginning days since it is sent only by a low number of browsers and devices.
For now, it may be better to monitor the progress that is made towards making GPC a mandatory thing, at least in some legislations, unless you do run the supporting extensions or browsers already.
Now You: What do you think of GPC?
privacy is very important. choose Utopia
I would recommend Adguard. It has also privacy filters.
So it’s not yet a web standard according to what you say (not surprising considering who writes the standards), and not yet legally meaningful if I understood well ; how many sites would take it into account today, having even more excuses to ignore it currently than DNT ?
But enabling it anyway may help give it the momentum it needs.
If it ever becomes legally enforceable, it will then be more efficient than DNT.
Firefox will probably not enable it by default if it becomes a standard, Mozilla being a Google’s puppet. For the same reason that they are not in a hurry to give it legitimacy and momentum by starting symbolic implementation, when other browsers do it.
“The information may be used when it comes to fingerprinting”
The same was said about DNT, and more generally about adblockers, privacy extensions, enabling privacy settings, or using privacy respecting browsers instead of Chrome or Firefox. It is a lie from tracking companies. There are many much more efficient ways to fingerprint than the small amount of data those contain, and most of the time they bring much larger privacy benefits than they cost in fingerprinting. Even in this case in my opinion considering the previous discussion.
Since Firefox doesn’t have this ability built-in, I started to use Privacy Badger for that purpose.
The most annoying thing with websites is that so many of them have way too many different domains connected to them. It allows for way too much tracking.
There should be a notice on a website that shows all the different domains connected without having to use something like UBO or privacy badger. Most people don’t even know about such extensions.
Facebook, google, amazon etc they are all over the place. It is a very sneaky form of tracking, Its disgusting. The internet is a public place, in public in the real world such stalking would never be tolerated. It may be cliche to say, but its VERY UNETHICAL!
@Anon7, so true. Sites’ connections to 3rd-party sites — hilarious on some of them — is controlled most fortunately by privacy’s leader of the band : uBlock Origin
A notice on websites showing all 3rd-party sites they connect to? Hen will have teeth by then (as we say in French), I’d even say they’ll have dentures before websites ever decide to be clean (those who are are an infinitesimal minority).
Google, Amazon, Facebook, Apple, Microsoft, the hell’s quintet named GAFAM, have brought what could have been a haven of planetary connections to a pit of scum, worse even : to the acceptation of their activities by an increasing number of users, especially the younger ones who, fed by consumerism and a ‘I want it now’ attitude, don’t even bother wondering about privacy issues. Websites also which have come to consider connections to domains and their ‘code libraries’ as obvious, so obvious that even some of those who’s natural purpose is to embrace and advise on privacy use libraries from one of those GAFAMs, mainly Google. For instance the site mentioned in this article, [ https://www.privacytechlab.org/optmeowt/ ] calls Google’s [fonts.googleapis.com] and [gstatic.com], the former at least known as privacy-invasive and blocked accordingly by many blocking lists (we block and for websites which need them to display correctly we use the LocalCDN to feed the requirement).
That’s the Web today, invaded by big corporations who lick users to better enslave them. Reaction is possible, but you have to 1- be aware, 2- want it, 3- search, find workarounds, 4- apply them. Who does all that? Very, very… very few of us.
“For instance the site mentioned in this article, [ https://www.privacytechlab.org/optmeowt/ ] calls Google’s [fonts.googleapis.com] and [gstatic.com]”
There are many funny examples like that.
This primitive looking site that supposedly exists only to advocate humorously against web site bloat ? Connects to Google Analytics.
https://motherfuckingwebsite.com/
This site that is supposedly dedicated to a Mozilla campaign against the tracking by the ad industry that “knows you too well” ? Connects to Google Analytics.
https://trackthis.link/
They will win this battle against privacy when we stop caring about that, when it’s not just the new normal as it is already, but when all those who are aware of the problem and do not profit from it finally let themselves be intimidated by the aggressions from those who do and stop talking about it.
@Anonymous, yeah, your conclusion fits mine, as well by the way as that of [https://motherfuckingwebsite.com/] you mention (hilarious!) when it states that “[…]all the problems we have with websites are ones we create ourselves.[…]. Other topic but true that too many websites are bloated with much of which is totally unneeded gadget-fashion-inspired-craps. Pity though as you point it out that the site connects to Google Analytics even if the place’s message is more about site coding than site privacy. Worth being visited, read, or when raw talking, because anchored on good sense, defeats rudeness. Guess whet? Bookmarked!
>want it now’ attitude, don’t even bother wondering about privacy issues
The worst culprits that i have noticed as regards giving away their privacy has been women in general.
They are usually EXTREMELY addicted to smartphones and social media a lot more than males are. They upload photos of themselves just for the sake of uploading photos, all to get that endorphin hit from a like.
Many of them do not understand that their “DUMBPHONES” have built-in GPS receivers that store precise location information in the Exif header when a picture is taken. They are not turning off the proper settings. Not only is that privacy invading, it is also dangerous. They are opening themselves up to stalkers and creeps. Its a real shame.
They just don’t care, they are oblivious to any potential dangers. A lot of social media pictures are used to make biometric facial recognition more advanced aswell, so not only are people getting tracked on the web by big tech, but in real life aswell through street cameras with big tech software embedded into their systems. Literally the real world is turning into the WEB more and more from the clowns who don’t care about all that DATA they are giving away. DATA is the new oil. The real world is becoming a virtual web you could say.
Scary times. But again, PEOPLE DON’T CARE! Its bizarre!
@Anon7, I admit lack of experienced comparisons between males and females regarding their approach of privacy. I do know that both, for many of them, for many of us all in fact, may, more or less and depending on the circumstances, hardly control their ego, get blind and bypass the border-line, that between extroversion (who appreciates an introvert’s company?) and excessive sharing of private information. In this scheme flattery is often more efficient than whatever threats. Very few are those who get suspicious upon flattering comments and, even if they say so or pretend that it doesn’t work on them, still wonder, just before getting asleep, if that flattery wasn’t after all simple truth :=) In this regard males and females alike! This is why experts neither ask direct questions nor practice obvious flattery but rather talk as a good follower knows how to follow someone in the street by being ahead and, once in contact will know after a short analysis how to convert flattery into acceptable compliments.
No idea if the following is political, psychological, sociological but, regarding privacy, I linger to understand how a same person can on one hand bark against street cameras and on the other accept, diligently, privacy extortion. In the same way as yelling against extravagant income of big bosses but not against those of footballers. Demagogy blinds us all and is lucidity’s enemy, as always.
DNT doesn’t change anything to companies’ inquisition, nor does GPC; I linger to understand how OptMeOwt would do any better. My belief is that privacy invasion is only defeated by coercion and,meanwhile, by users’ implementation of strict blocking of what may be without rendering the Web a total mess. It’s war in a certain way, unfortunately. So war it is unless to accept slavery. Personally my privacy/security arsenal is so elaborated, so different than traditional ‘Global-Universal-Protection-You-Name-It’ software that it’s take too many lines to detail them all.
I can hear GAFAM’s response from here stating it’s not slavery but the price to pay for free services. The price is excessive so we avoid mafia procedures and build our own little army. Period.
I do not understand the idiocy or plain bad faith for implementing an opt-out when it shall be a full consented opt-in in each and every case.
Imagine this: instead of a site asking you to sign-up for their newsletter and you providing your email, they tell you to add a browser extension to prevent them stealing your email and subscribing to it automatically.
The opt-in is the european GDPR. In USA surveillance capitalism has a stronger bribery control on lawmakers due to Big Tech being mostly based there, so they succeeded in making it opt-out instead of the initially attempted opt-in. No democracy for you !
And no, lawmakers are not morons, they are corrupt.
The law is always slow to respond to tech disruptions. In this case however the issue is nothing new. Unfortunately lawmakers are either morons who know nothing of and/or cannot even understand tech (yet feel competent enough to legislate on it), or are mostly beholden to/in the pockets of their financial backers (crony Big Tech capitalists hidden behind high power lobbyists).
There aren’t any sites that listen to GPC. It just marks you as a target for fingerprinting.
I think it’s yet another feeble attempt that will fizzle out, due to Big Tech’s overriding interests. For most browsers I wouldn’t with either DNT or GPC – except with Brave, where both are enforced and can’t be disabled (IIRC).
@ShintoPlasm
“Do not track” requests can be toggled under brave://settings/cookies in Brave. That being said, both GPC and DNT only express your solemn wish not to be tracked to websites… And this wish will be soundly ignored, so both of these things do nothing substantial, despite being well-intentioned.
The only concern here is fingerprinting, and for this I think one should stick with the defaults for both values, so as to not stick out.
@Iron Heart
What is your recommendation on this setting for those using Brave?
@Anonymous
Do not track – Disabled
This setting does virtually nothing when enabled and only makes it easier to fingerprint you.
@Iron Heart
This is a little off topic, but, someone recommended SRWare Iron browser to me. I am not familiar with it. I use Brave. How does Brave compare to SRWare Iron?
Thanks
Same question as every other company that ‘gives’ you something seemingly for nothing – “what’s in it for GPC”? In other words, these guys who set it up need to eat, drink, etc. How do they profit from their work?
Also another question to as, if you are going to pick at multi billion $$$ companies, where are you getting your funding?