Internet stalking


#1

So um… I’m creeped out.

All our home computers run via VPN to escape the wrath of Frau Kommandant every time we want to look at something ahem “pretty” online¹, as well as getting around pesky geo-locked content and the obvious massive security gains. The exception to this is the AppleTV. The AppleTV is signed in to husbear’s Google account. Last night, we were watching videos about Mandelbrots (more precisely, some pretty zoom animations).

It would make sense that Mandelbrot videos would show up as suggestions on his computer.

What does not make sense is that today, my computer decided to suggest Mandelbrot videos from the same channel to me. I am connected via VPN to a different country. I do not have a Google account for it to save preferences to (well I do but I haven’t signed into Google services in almost a year now). Our computers do not fileshare unless we specifically pass a file. There is no way in hell that my browser should know what videos we watched on a different machine without a VPN with a different IP with a different Google account.

Any of you fine fellows and …fellowettes(?) have any idea how this happened? I’m feeling rather paranoid.

——-

¹ our pornography laws have become so restrictive that viewing pornography in which a woman achieves orgasm is considered an offence comparable to that of watching child pornography or snuff films.


#2

There must be some links. Any Cellphones or other mobile devices (iThings etc) synced to google and other online accounts?


#3

Nope. We’ve since investigated and it’s started getting really weird now that I’ve started getting the same adverts on my phone that my Sister was getting when she visited!


#4

Location tracking? I’ve never been thrilled with Android’s classification of location using WiFi SID, cell towers, and GPS as “High Accuracy”. It is sooo not. If you have no clear view of sky to hit GPS satellites, then it will narrow you down in a general vicinity, so is better than no GPS. But if you’re driving around in an area with a dense concentration of WiFi hotspots, you can watch your location jump around to spots that are 50 yards from where you really are. Frustrates the crap outta me. Sorry, rant over.
But, if Google’s ad serving AI is seeing you near where someone else was doing searches for X, then I could see it assuming you are interested in similar/same.


#5

That’s the thing about opsec—one mess-up and basically everything you’ve ever done is out the window.

The most likely explanation is that at some point in the past, without meaning to, you possibly watched a youtube video on your computer without using your VPN. This would have allowed google to capture not just your IP address, but your browser’s canvas fingerprint. Once google has that, they don’t need your IP address to know when you’re watching youtube—they can simply look at the fingerprint and tag ads on you that way. When your ATV was watching non-VPN’d videos, YT knew to advertise related videos to all associated accounts, IP addresses, and—potentially—canvas fingerprints.

That’s an explanation. It might not be the right one, but remember, all it takes is one screw-up on your part to undermine & destroy all of your efforts at privacy. (It’s also possible you’re carrying cookies you don’t realize you have, or that you’re being betrayed by HTML5 local storage, or any number of other things.)

Combating canvas fingerprinting is effectively impossible. You can test your susceptibility to it via this EFF site, and there are some resources there to help minimize your vulnerability.

Ultimately, here’s the takeaway: nothing is safe. You’re not safe. Nothing you can do is safe. The more you learn about this shit, the worse it gets, and there’s not really anything you can do to really fix any of it. Everything is terrible and there is no magic privacy fix. Even your VPN company is potentially suspect—how do you know that they’re actually deleting logs? Can you audit their data center? What proof do you have that if law enforcement comes knocking with a warrant that they won’t cave immediately? Hell, what proof do you have that if law enforcement just kind of casually asks for information that they won’t cave?

You can’t prove any of that. No one can. VPNs are not a panacea and blindly believing they’ll improve your privacy is not a helpful belief. All you’re doing is shifting your exit point and changing who and what you have to put your faith in.

edit - This sounds bleak. It sounds bleak because it is bleak. We are at a world-wide nadir when it comes to the privacy rights of individuals online, regardless of what country you live in, and things are only getting worse. I deal with reporting on privacy issues every day and I can tell you that there is no reason here to be even remotely optimistic about the state of your privacy online, now or at any point in the conceivable future. If there was a way I could throw away my smartphone and computers and still remain employed, I would do it—I am not joking. It’s that bad, and it’s getting worse.


#6

And the more data they gather on everyone the more they can predict your wants and actions. In your circle you may be pretty unique, but in a nation of millions or a demographic of hundreds of millions you just aren’t that different. The amount of data for the number of people for years and years just allows prediction nearing Seldon levels, I can’t predict what you exactly will do, but I can predict what the majority of people like you would do.

Minority Report for your advertisements, for your news, for everything. You run into this whole is what I’m seeing the way it is or is it the way it’s all been crafted to suck money from my wallet? Hell, what happens when/if online dating actually taps into all this data, collected over decades? Is it possible that a dating site could put you with the “perfect” person without you understanding what’s going on? Can dating sites select people that would fit together in a way that would make another company money?

I think some of this is why farmer’s markets and craft fairs and hand made products are becoming so popular. The more of your actual life you can keep offline the better off you are, and things made by people you recognize and see on the street are just worth more because of that offline human touch. Even if your phone is in your pocket reporting where you where when.

And I’ve always believed that every company out there has kept as much data as they can possibly get away with. Since the first glimmerings of the internet I’m sure the data that someone thought was useful was kept. Deidentified, with another file holding the key, sitting out there ready to be mined, or actively being used. It’s possible, so they do it, it’s almost impossible to find unless you have a whistle blower who’s willing to be a martyr,


#7

So “private browsing” is also a panacea? And that they know of my coughcoughcough porn habits as well?

When will the first colony on Mars be operational and self-sustaining?


#8

I think the only thing private browsing does is keep it from coming up in your normal search history or as a suggested website for autocomplete.


#9

Pretty much this. Your ISP or employer can still see what you’re doing.


#10

Pretty much confirms that.

Wonder how many people are using private browsing in an effort to escape detection etc…

Farming in a remote location with sheep and chickens look so much more tempting now.


#11

I work in InfoSec and I cannot begin to echo the entirety of what you said enough.

Most pages anymore have Google and Facebook trackers embedded in them that help drive targeted advertisements to you. Pop-up blockers don’t really stop any of that data from being collected, it just prevents it from being displayed to you as an end-user.

Utilizing VPN and still defaulting your browser to incognito or private browsing doesn’t even 100% guarantee that you won’t be tracked via some mechanism. You can anonymize yourself with a TOR browser in conjunction with a slew of other little applications and it’ll also help, but there’s no ‘silver bullet’ that will ever keep you totally unknown - unless you’re keen on cancelling all your credit cards, your phone, etc and then relocating to some remote cabin off-the-grid in backwoods country.


#12

Whoa thanks for all the comments. I feel a little less weirded out and a little more totally infuriated at the complete mess that is the modern Internet. The people who use these trackers should be hanged from telegraph poles.


#13

Unfortunately, it’s the thing that we’ve signed our privacy away to. The stupid quizzes on Buzzfeed to figure out what kind of garlic bread one is, grocery rewards programs, one-click Amazon purchases, etc. I’m not trying to sound like I need a tinfoil hat, but the deeper you dig and more you learn, the more disillusioned you start to become.

I sincerely wish you the best of luck in keeping your tracks covered. :slight_smile:


#14

Ranking from the most ‘well-known’ browsers, interestingly enough, IE probably collects and retains the least amount of data during private browser (it’s akin to having a bucket with a hole in it the size of your finger (IE) versus the size of your fist (Firefox) versus the size of your leg (Google).

As Keep says, there’s really no such thing as privacy anymore.

Nuking it all from orbit is no longer the way to be sure…


#15

Holy crap!!

It’s a Gratch sighting!! Welcome back, stranger!


#16

Everything’s so interconnected nowadays.

And when somebody on facebook tag you (and you’re not on faceboob) then fb will start to slurp for data regarding you. Even if it’s just a name. Or telephone number. Or email address.

Best we can do is to go back to Gopher.


#17

We’re still considering an IoRF loop between our friends. You never know when Ofcom might decide that the Internet is interfering too much.


#18

$dakwife did a search or two today from our home network for escape rooms.

A couple hours later, an ad for an escape room “top 10 listing” website popped up in my Facebook feed.