TWIT 826: Zuckerberg's Lily White Shins

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

The fact that the FBI is attempting to get info on “everyone who clicked on [a particular USA Today article]” is positively chilling. That one story makes the strong case for never ever visiting a website – unless one is protected by a service like ExpressVPN. I haven’t gotten to Leo’s ad read for the VPN service, but I wouldn’t be surprised if they start referencing this grim story. These overreaching law-enforcement officers make a strong case for ALWAYS using a non-logging VPN. One other twist: such monitoring also makes a strong case for avoiding logins to access news sites. Tread lightly when one needs a paywall (or even just a cookie) to access a story on a particular website. :grimacing:

Speaking of cookies and newspapers: I am bothered that the NYT-owned Wirecutter is now requiring a cookie to access their articles. WTF? What legitimate reason does he NYT have for requiring that information? Are they monetizing the data that they get from that cookie? Who are they selling it to? How do they make sure they don’t end up selling my identity to the government? This is a “free account” in the sense that a Facebook account is “free”. It is exceedingly difficult to maintain VPN hygiene with login-linked cookies like this; these new FBI deep dragnets put a premium on maintaining that VPN anonymity. @Leo : has this new restriction by the NYTWirecutter made it onto the TWiT radar? I haven’t seen anyone anywhere raise the obvious concerns about this privacy threat – foisted upon us by a newspaper! What Would Harry McCracken Say?

The IP address alone won’t help. You’ll need to delete all cookies and reconfigure your browser to use a different header after each visit…

1 Like

Why would the user have to dither the header? Why couldn’t the gateway make chaotic mods to those fields? And remember – there could be hundreds connected to a particular server from the VPN. Tracking could be far harder than you’re implying.

I’m halfway surprised Apple didn’t announce a VPN service today.

There are dozens of pieces of information that a site or, rather a tracking site, can pick up off the device, from battery level, to screen size, OS and browser versions, installed add-ons, gyroscope, languages installed etc. as well as the tracking cookies themselves.

I block around 2.5 million known tracking sites and other unsavory actors, but, even so, I’m still probably being tracked more than I like.

You don’t seem to understand my question. I’ll repeat: why is it that the VPN gateways couldn’t dither those device-specific characteristics and throw off those ~2.5M known tracking sites themselves? It would definitely be a complimentary feature to the VPN tunneling.

why is it that the VPN gateways couldn’t dither those device-specific characteristics and throw off those ~2.5M known tracking sites themselves?

Separation of concerns.

A. Your VPN gateway operates at the transport level, shuttling bytes back and forth in encrypted form, while obscuring the origin IP. They care not for the actual content that they’re conveying.

B. Your browser (assuming an HTTPS URL) negotiates its own encrypted tunnel with the end server. This tunnel is independent of A (i.e. it works even when you’re not using a VPN gateway), and cares not what gets sent over it.

C. Your “device-specific characteristics” are conveyed as part of various web requests that go over B. They’re going over regardless of A or B.

For A to modify C, it would have to “crack” B. This would be a security apocalypse, if it ever came to pass.