[linux-elitists] I made a GIF...

Don Marti dmarti at zgp.org
Sat May 2 05:47:25 PDT 2015


(on one of those web-based "make your own ad banner"
sites.  Patent's been expired for a long time anyway.
Pretty terrible GIF.)

If you visit this page you should _not_ see the GIF:

  http://blog.aloodo.org/posts/worst-heist-movie-ever/ 

Any users who have their browsers set up to do
all of these:

  * run 3rd-party Javascript

  * create a 3rd-party iframe

  * set a cookie in that 3rd-party iframe that persists
    when the same iframe shows up on other sites

(which is basically the defaults) will get the GIF
set to visible if the script can "track" them from
another domain.  

Any halfway decent browser setup should fix one
of these.  If you do any of these:

  * blocking known hinky sites at any level
    (ad.aloodo.com is in Disconnect now)

  * refusing 3rd-party JavaScript

  * refusing or discarding 3rd-party cookies

  * cookie double-keying

then no GIF for you.  Click the "(test)" link at the
bottom of the page to test the iframe following you
across domains problem.

Why would the maintainer of a web site want to notify,
educate and possibly annoy users who are vulnerable
to third-party tracking, while rewarding those who
are protected from tracking?

That's a longer story.  I think this guy's blog has
a good part of it.
  http://fredrikdeboer.com/2015/04/27/the-supervillains-guide-to-saving-the-internet/

-- 
Don Marti                    
http://zgp.org/~dmarti/
dmarti at zgp.org


More information about the linux-elitists mailing list