How did the Ad Networks find my search?
So a bit ago I got an add for "canned rambutan". I had looked up Rambutan a few days prior after hearing it mentioned 10 hours into the video game Baby Steps. I wasn't using a VPN at the time and I didn't have fingerprinting protections active but I only mentioned it to a few sources (according to my browser history) all of which generally are implied to be private.
Which of these do you think is the reason the ad networks know?
- Wikipedia
- Startpage Search
- Duckduckgo Search
- My ISP
- Firefox
- My Firefox Extensions
- Kubuntu
- CachyOS
- The omnipotent algorithm connecting my mentions of Baby Steps with my progress through the game.
- Does this only make sense if my browser history is incomplete?
- Maybe I was using DNS over HTTPS via Cloudflare at the time of my search.
Any guesses as to where the weak link is?
PiraHxCx
in reply to FoundFootFootage78 • • •FoundFootFootage78
in reply to PiraHxCx • • •Looking it up my ISP isn't exactly trustworthy, but there have been no clear allegations. I'd say it's the most likely cause if not my Firefox extensions.
EDIT: I just got another theory, Cloudflare, I'll add it to the list.
nkk
in reply to FoundFootFootage78 • • •LibreWolf Browser
librewolf.netFoundFootFootage78
in reply to nkk • • •I use AdGuard rather than uBlock Origin for adblocking, because it allows me to opt-in and only block ads when they are aggressive enough to be annoying. But I've not been trying to minimize fingerprinting. The issue is just that everything I used in this instance came with either a tacit or explicit promise not to track me and I don't know which is lying.
Other extensions I use are:
1. Remove YouTube Suggestions
2. 10ten Japanese Reader (just now disabled)
3. Tampermonkey
4. Proton Pass (because my government services require 2FA, but only offer an official government app that uses the play integrity API, or a Passkey which is only natively supported on Windows or Mac)
5. Time Tracker - Web Habit Builder
6. Improve Crunchyroll (which seems to have stopped Crunchyroll from forcefully dropping my resolution to 144p).
7. SteamDB (just now disabled)
lattrommi
in reply to FoundFootFootage78 • • •FoundFootFootage78
in reply to lattrommi • • •nkk
in reply to FoundFootFootage78 • • •I've never used AdGuard but you can customize uBlock Origin to fit your needs and block specific things for specific websites. uBlock Origin is commonly used as a default in hardened browsers which would help you fit in with the crowd even more (although I realize you said you weren't going for anti-fingerprinting, just something to consider)
-
1) I switched to using Grayjay Desktop rather than my browser for YouTube
-
3) If you need a userscript manager, Violentmonkey is an open source alternative
-
4) Proton Pass has an app, yes less convenient without the autofill but better for privacy not to have the extension
-
6) Personally, I would just sail the seven seas
Movies / TV / Anime
fmhy.netFoundFootFootage78
in reply to nkk • • •nkk
in reply to FoundFootFootage78 • • •1) If you want maximum privacy, Grayjay and Freetube don't link to accounts so Google doesn't know what you're doing (especially if you're on a VPN) but again, it's understandable if you don't feel that's worth it.
-
3) Ah got it, didn't realize you were using passkeys.
-
4) If you're willing to do a bit of setup, Stremio + RealDebrid ($40 a year) + Torrentio/AIOStreams is pretty much perfect to me (although if you watch a lot of super obscure shows maybe not the way to go as RealDebrid doesn't cache everything)
Torrentio v0.0.15 - Best Stremio Addons (Official)
torrentio (My Blog)FoundFootFootage78
in reply to nkk • • •chgxvjh [he/him, comrade/them]
in reply to PiraHxCx • • •The ISP shouldn't even see the search term given basically everything on the internet uses https.
The ISP will see the domain names of the pages you visit if you use their DNS or some other unencrypted DNS but those are unlikely to contain the search term.
ivn
in reply to chgxvjh [he/him, comrade/them] • • •ryannathans
in reply to FoundFootFootage78 • • •I would guess the likely culprits are
Firefox extensions
Search engines
Wikipedia
Other search results you may have opened or pre-loaded (not a default Firefox behaviour)
FoundFootFootage78
in reply to ryannathans • • •partofthevoice
in reply to FoundFootFootage78 • • •originheader will give that info away freely. So if it’s in the query parameters of the URL, then you go to Facebook, it’s as easy as{k: v for k, v in (pair.split("=", 1) for pair in response.headers["origin"].split("?", 1)[-1].split("&"))}FoundFootFootage78
in reply to partofthevoice • • •chgxvjh [he/him, comrade/them]
in reply to FoundFootFootage78 • • •Did you click on any search results?
I found that the Firefox Browser history is often incomplete.
FoundFootFootage78
in reply to chgxvjh [he/him, comrade/them] • • •chgxvjh [he/him, comrade/them]
in reply to FoundFootFootage78 • • •Any extension could leak this information as well.
Is your default engine something other then the mentioned search engines? The search suggestion feature leaks information too.
FoundFootFootage78
in reply to chgxvjh [he/him, comrade/them] • • •I had removed all but Duckduckgo and Startpage from my browser.
My browser extensions are a good angle. If they're selling my data to fund themselves that'd explain some things.
mspencer712
in reply to FoundFootFootage78 • • •FoundFootFootage78
in reply to mspencer712 • • •Cyberflunk
in reply to FoundFootFootage78 • • •well, it would make no fucking difference if you had a vpn on, ALL IT DOES IS MOVE YOUR EXIT POINT. it cannot touch your browser traffic.
frustrates me to bo end the bullshit fucking ads/lies vpn companies peddle
FoundFootFootage78
in reply to Cyberflunk • • •bananabread
in reply to FoundFootFootage78 • • •FoundFootFootage78
in reply to bananabread • • •Skankhunt420
in reply to bananabread • • •I would trust Mullvad more than Verizon or ATT to not sell my data.
Wouldn't you?
Skankhunt420
in reply to bananabread • • •I would trust something like Mullvad more than ATT or Verizon to not sell my data, wouldn't you?
**this comment was posted like 6 times because all of the Lemmy instances I've been using have been super weird lately not letting me post comments and stuff so I kept trying and kept trying and then all of them pushed through at once.
tjoa
in reply to Skankhunt420 • • •Skankhunt420
in reply to tjoa • • •Ok, but what if you live in UK or USA? You can pretty much guarantee without the shadow of a doubt that every single one available is selling your data. In fact, I think their terms even say they will do that.
In a case like that I would 100% rather trust a paid VPN service from a country that isn't a privacy nightmare.
tjoa
in reply to Skankhunt420 • • •Skankhunt420
in reply to tjoa • • •Even in other countries using something that is tested and proven for its no logs policy beats taking a stab in the dark and being hopeful that your ISP doesn't.
You said yourself you "bet" that ISPs in other countries don't do it but you don't know. Something like Mullvad has been proven not to keep logs which sounds a lot better than some dudes hunch.
But if you want to gamble with your privacy by all means do it but you shouldn't act like you know what you're talking about when you tell people to trust ISPs because you think if you're in a certain country they don't spy on you or sell your data.
Cyberflunk
in reply to FoundFootFootage78 • • •search data would be difficult to obtain for a service provider. it would require a retargeting campaign or something to extract your search values.
search data is already tls encapsulated at the browser. isp can see your tcp metdata, but not the data.
also.. not the point. sorry
FoundFootFootage78
in reply to Cyberflunk • • •Skankhunt420
in reply to Cyberflunk • • •Wasn't Mullvad famously raided and found to keep no logs?
I'd sure trust that more than any ISP in UK or USA and I think you would be crazy not to as well.
One has a proven track record, the others undoubtedly do it and have been known to do it and tell you they do it.
It frustrates me to no end that people can't understand that truth.
Even with TOR and shit they say don't do that and I think that's wrong. Sure sure, fingerprinting or whatever. I believe there is a much more tangible risk of your ISP knowing that you are connecting to TOR in the first place especially in countries like UK and USA.
Sure if you lived in Belize or something where it doesn't matter it wouldn't be a big deal but living in those two countries and even like Canada and Germany automatically makes you a target for using it.
Out of those options or a VPN I pay anonymously with Monero or mail cash to I would consider that much, much safer than any ISP.
I encourage you to look up what Snowden said about ATT helping the NSA during Prism which is absol
... Show more...Wasn't Mullvad famously raided and found to keep no logs?
I'd sure trust that more than any ISP in UK or USA and I think you would be crazy not to as well.
One has a proven track record, the others undoubtedly do it and have been known to do it and tell you they do it.
It frustrates me to no end that people can't understand that truth.
Even with TOR and shit they say don't do that and I think that's wrong. Sure sure, fingerprinting or whatever. I believe there is a much more tangible risk of your ISP knowing that you are connecting to TOR in the first place especially in countries like UK and USA.
Sure if you lived in Belize or something where it doesn't matter it wouldn't be a big deal but living in those two countries and even like Canada and Germany automatically makes you a target for using it.
Out of those options or a VPN I pay anonymously with Monero or mail cash to I would consider that much, much safer than any ISP.
I encourage you to look up what Snowden said about ATT helping the NSA during Prism which is absolutely still ongoing.
In fact, here you go heres a small part of it
pbs.org/wgbh/frontline/article…
But sure keep preaching about how VPNs don't do anything and instead trust the companies that have direct interests to the governments they serve to stay in favor and that have your credit card and address on file. That is much more secure!
How AT&T Helped the NSA Spy on Millions | FRONTLINE | PBS | Official Site | Documentary Series
Jason M. Breslow (FRONTLINE | PBS)Cyberflunk
in reply to Skankhunt420 • • •I didn't say they didn't do anything, bit the lies they peddle about protecting your browsing is shit, browsing is almost universally https now, you're iso can't see shit, except the IP address you're connected to, a VPN just moves your exit point, that's it, you're iso knows you're connected to a VPN also, btw
I didn't say they didn't do anything my rage is against the marketing
Florencia (she/her)
in reply to FoundFootFootage78 • • •If the EFF de anonymization tool can de anonymize your browser, then the ad network can too.
Try searching for something with tor browser - no javascript
FoundFootFootage78
in reply to Florencia (she/her) • • •lefthandeddude
in reply to FoundFootFootage78 • • •☂️-
in reply to lefthandeddude • • •lefthandeddude
in reply to ☂️- • • •Use duckduckgo.com to search "restaurants near me"
Unless they use a complex system to look up geolocation for all queries and forward an approximate version of that to Bing, then Bing is getting IP addresses and search terms.
leafperson [any, any]
in reply to FoundFootFootage78 • • •one of the sites you looked at while looking up rambutan? no vpn too, if a page you looked at was served ads by an ad provider they could track you with your ip, as well as assosciating you with a unique fingerprint since you dont have fingerprinting protection. if you only used wikipedia, there is a second rambutan season in some places from november to january, so its possible that they (the rambutan or fruit processing and agricultural industry) are just trying to pick up sales ahead of the season.
if you have sus extensions too.
utopiah
in reply to FoundFootFootage78 • • •I don't see ads but if I were to, and despite all my precautions some would be on topic based on my past behavior I would methodically dissect to find out the leak. Namely I would try to automate the process :
JoeKrogan
in reply to FoundFootFootage78 • • •You say you were not using a vpn. Then the site has your ip and probably has meta/google ads or other shit running on it and links the product with your ip.
This data is added to some data broker/ ad network and you see an ad when you visit a site using this network as you have "signalled" interest in the product by viewing the product page the first time.
FoundFootFootage78
in reply to JoeKrogan • • •stupid_asshole69 [none/use name]
in reply to FoundFootFootage78 • • •Have you considered confirmation bias?
It’s rambutan season and you saw an ad for rambutans. You haven’t mentioned that seeing the ad was weird so I gotta assume you see other ads they’re just not related to something that you searched for recently or something you recognize as being related to something you searched for recently.
FoundFootFootage78
in reply to stupid_asshole69 [none/use name] • • •I don't see many ads, and the ads I do see are never food items. I think this canned rambutan was the first food ad I've seen in years.
I can't even fathom this being a coincidence.
lefthandeddude
in reply to FoundFootFootage78 • • •It's duckduckgo. Search duckduckgo.com with the term "restaurants near me." You'll often get responses that are close to your IP location.
That couldn't happen unless DDG passes your IP address on to Bing. It's possible they censor part of the IP and only pass part of it to Bing, but probably not.
(Go ahead! Try it!)
Since Bing sells to data brokers, data brokers know your IP is linked to a search for rambutan, even without fingerprinting your browser.
I'm not calling duckduckgo.com a honeypot... I'm also not calling it not a honeypot. But it knows too much for something supposedly private.
Any closed source firefox extension that has access to the browser display could be parsing the texts and selling it and your IP and other identifiers to data brokers. It's part of how these extensions are profitable.
Cloudflare also does highly advanced fingerprinting and has a script called cloudflare insights, so it seems likely that any cloudflare activity is generating marketing data.
Camille_Jamal
in reply to FoundFootFootage78 • • •