Tag Archives: cookies

Why Cloudfare makes my nostrils flare

eroding privacy in the name of security

 

Many of us are waking up to the huge erosion of our privacy in electronic communications.

We’re aware of the PRISM/Tempura story of 6 years ago, where CSA whistleblower Edward Snowden revealed the extent that our governments spy on their citizens and share that information…that our internet and phone use is watched and recorded… The film about him starring Joseph Gordon-Levitt and Shailene Woodley revealed that the CSA can watch us through our webcam, via fibre optic cables, even when the computer’s off.

Hence, he put something over the camera eye.

We’re increasingly aware of Facebook, Google and Microsoft being part of this surveillance, accumulating our browsing habits to not only send to advertisers, but to the secret agencies, using terrorism as an excuse and to make citizens compliant.

But terrorism isn’t appropriate to the vast majority of us, and yet we’re being watched anyway… and we’re aware that terrorism and dissent are becoming synonymous.

Hence more of us are taking steps against this and switching our browsers and search engines to ones which don’t track us across the internet and record any browsing history.

Private Browsing in most browsers only prevents other users of that computer from following your online sessions, not the browser or your internet service provider, who are also hoovering up and selling your details – and you’re paying them to do it!

There are some smaller browsers and search engines which take our privacy more seriously.

These include Epic (hard to download and use, curiously), Brave and TOR – The Onion Router – for the former, and DuckDuckGo and Startpage for the latter. Reading their privacy tips and warnings are galling, for even the size of your screen can help give you away. There’s HTML5 canvas image data extraction, and this is part of ‘fingerprinting’ – websites being able to discover who and where you are, and what you do.

In Windows 10, the privacy settings – now split into two places to look – are defaulted to yes…use my camera, microphone, physical location… allow remote access…

Even some of these more private browsers have default settings to allow Facebook and Google – the very places to avoid – to set cookies and have other permissions.

I’m appalled that even blocking 3rd party cookies and device recognition, as well as hated JavaScript, is enough to make many websites break. To look up a train time, I get warning messages – even in a less private browser – that this information is being shared. I can’t get into my email account with the settings I’d like in place. I’ve even seen some spiritual websites – one with a prayer request form – make visitors be open to trackers to be able to submit that request!!

Hence my ire at Cloudflare, a widely used supposedly security enhancing tool and company. It’s meant to stop robots from spamming or sending malware, but I’m more suspicious that cybercrime is mostly a myth and there’s some ironic Sylvester Sneakly/Hooded Claw plot that the security programs and their manifold updates are the sinister part.

I’m not going to reveal my browsing habits, but I will say that many things I look up aren’t things I want to share with a third party. No – let me make clear – I never want anything I do anywhere shared with anyone that I don’t choose.

I utterly reject “If I’m not doing wrong, I don’t mind.” I mind very much, and so should you.

But the internet is a good resource for connecting and researching, perhaps things we wouldn’t readily tell those around us. Do you want every book you pick up off a shelf known to people who don’t even know you? Do you want every video and piece of music you play known? (by the way, it is unless you block it). Have you not ever tried to find resources about something that you wouldn’t want made generally public? Have you wanted to introduce yourself to staff in every shop you go in? Have you ever been worried by something that you wouldn’t want to tell other people about?

Hence, some of us will set our privacy high and use browsers that block the ridiculous amounts of adverts which slow down our browsing and waste our internet data allowance. We don’t want to see adverts about the legal services we looked up, or that health problem, or the sexuality related matter we sought succour about. We don’t want our moving or surprise holiday plans or new job revealed by adverts appearing the next time we use our device.

But Cloudflare blocks these browsers, and it’s used by places where i) sites can be personal and ii) the users thereof may well be questioners and people who uphold privacy rights.

I’m frustrated – and so are others – by the amount of sites who won’t let you in, treating you as some kind of attack. Or they’ll make you try to perform a hated recaptcha check, which involves Google’s intrusion. Mostly with my preferred security settings, these stupid ‘click all the squares with…’ tasks don’t work. It’s very US focussed so some other users might not recongise what they’re being asked to so, and it’s not clear that you’re meant to choose squares with a tiny bit of something. So it’s easy to get wrong, even as a real sentient human…meanwhile, you’re automatically held into Google’s privacy…to prove you’re real. See the irony?

And I think they’re really trying to get private browsers to reveal themselves.

So I leave those sites, for I feel: if they’re using Cloudflare to bully me into giving my identity away, then I don’t need to read that article afterall.

I thus challenge users of Cloudflare and Cloudflare itself to rethink, along with all those who utilise recaptcha. Note the name – its real purpose is revealed.

Even harsher is Wordfence who wants you to paste a huge text, but then also reveal your email address – I think not!

I won’t be netted by anyone.

(And WordPress, you’re still breaking Cookie Law with you assumed opt in)

Leave a comment

Filed under society

How most websites, including this one, break cookie laws

As I type, I’m seeing a typical banner which appears as I land on a website. “Our website uses cookies. By continuing, you agree to their use.”

THIS IS NOT LEGAL nor moral

A cookie policy should allow us, in one or two clicks, to reject all but essential cookies.

A good website has a radio button or two to slide off and reject them.

This is not the same as a ‘learn more’ link. This just tells you what the many cookies are, not let to switch them off. It may explain how to alter cookies on your browser, or give  a link to a site like All About Cookies. But it does not let you control them on that site.

This auto opting in is wrong. We may need to use a site – to look at a rail timetable, check our bank balance, book tickets, view our utilities account, make a complaint, even view and apply for earnings…

As I wrote in my last post, we shouldn’t have to choose between doing what we need to and our privacy.

On this site alone – I know because I have an app from private web search engine DuckDuckGo which blocks them – there are so many cookies that I have to scroll to see them. Not only from any blogs I may follow, but infamous Google, Gravitas, and several from WordPress. Some of those cookies can last a long time and follow me round the net.

Would you accept a shop flicking tracers on you just for popping in – even glancing at the window – and following you for weeks and months, logging everything you do and passing it on?

Because that’s what non essential to function cookies do.

Why do 3rd parties feel they have any rights to us and our habits?

Why do we accept that our data is for sale?

Why do we accept governments watching us?

As I’m not up to anything – I mind especially.

I am also fed up of laws coming in to protect us which get waived. Cookie laws are supposed to make sites ASK MEANINGFULLY for us to give our consent, not to flag up that they’ve assumed it and put the cookies on anyway.

You can block and clear cookies. Some sites don’t function with 3rd party cookies blocked. These are the ones I feel I can do without.

And Automattic, who own WordPress, please make your cookies legal. Yes, if your site is used by and viewable to people in the EU, you need to comply with GDPR and that means changing cookies or being liable for reportage (Yes, that means you Washington Post, whose actions are already under investigation by the Information Commissioners’ Office!)

And query why anyone needs cookies beyond the functional kind.

The rest need handing over to a certain Muppet Monster.

Leave a comment

Filed under society