Time to start assembling my anti-Facehole kit!
Picture on the review would be funnier if it was also on a Guy Fawkes mask.
Why might the cure be worse than the disease, given that there’s no reason for a proof of age service to reveal anything other than proof of age?
Hi,
What is p hole, that you run on your home network?
Also, any recommendations on a vpn?
Thanks,
Who operates the proof-of-age service? What information is revealed to the operator of that service each time it is used? What steps does the customer have to take initially in order to have the proof-of-age service operate? What compromises of anonymity are made by the customer in that situation?
What granularity is offered by the proof-of-age service? i.e. does the service give a simple yes or no answer to the question “Is this person aged 18 or over?” or does the service leak more information e.g. date of birth? (There are reasons to reject the first option because many countries will not agree on what the appropriate threshold age is.)
However none of this is really relevant. The actual question was around the situation that
a) Facebook spy code is in a third party web site
b) A person does not use Facebook, does not have an account, has never used Facebook
c) That person wants two things 1. For Facebook to tell the person what information Facebook has collected about the person (that may be a right in some jurisdictions) 2. To tell Facebook to stop collecting information about that person.
Facebook’s current answer is that the person must create an account in order to achieve c) above.
Treating this as a proof-of-age problem is bound to have negative consequence for privacy. Hence my suggestion that it must “fail safe” i.e. unless you have explicitly given consent for the spy code to operate it must not operate (either absent or deactivated) - and you give consent by a) creating a Facebook account and b) logging in to said account and c) accessing the third party web site while logged in.
Pi-Hole is an ad- and tracker-blocking application that you install on an always-on computer, such as a Raspberry Pi, (which is ideal due to its low energy consumption and simplicity), and connect to your wireless router.
You set Pi-Hole to route, in place of your router, all the DNS requests from any device in your network to the DNS Resolver of your choice, while at the same time blocking trackers and ads according to a blocklist or lists that you choose (such as these).
It’s similar to installing a tracker-blocker extension such as NoScript in your web browser, but Pi-Hole is able to block trackers originating from all the devices in your network, even ones that don’t depend on web browsers, such as video streaming devices, smart TVs, IoT appliances, etc. And, of course, any computers, tablets, and mobile phones that connect to your network.
Pi-Hole has a dashboard that you can log into to see which tracking connections are being attempted and stopped before they leave your network. You can also manually blacklist any additional connections you don’t want to allow.
For VPNs, I like AirVPN, although they don’t have as many server locations as some other providers. I do like their stated mission, though.
There are other good choices, too, but research them thoroughly, because some are shady or of questionable ownership.
Initially, anybody who wants to, more or less? It shouldn’t be facebook. For example, a third-party company could do it. Here’s one who seem interested at least:
They aren’t involved after the initial setup in at least some of these “Zero Knowledge Proof” (ZKP) schemes, so nothing.
Whatever the proof of age service decides. For example, in the UK I imagine a company might accept birth certificates or passports. Or as the mockup trinsic.id have on their website suggests, maybe a place like your local hospital can do the setup when you’re there anyway.
None, it’s claimed (and, within the system at least, that is backed by mathematical proofs).
I think both are feasible technically and I don’t think there’s any fundamental reason we can’t set up institutions that could support both.
I’m suggesting that in the light of these ZKP schemes, that’s a natural assumption that seems to be wrong.
By the way I think these schemes have been around since I think the '90s (or earlier?), so it’s a bit sad that as far as I know every government carries on as if they don’t exist whenever they need to make an argument that some social issue requires surveillance and knowledge of identity at every turn – and the IT industry seems content to go along with it.
Unfortunately that is rather lacking in detail to understand the flow of information. https://en.wikipedia.org/wiki/Zero-knowledge_proof is better but still leaves me wondering whether it actually does give anonymity.
This is so close to extortion that the two are touching one another.
Only one way to find out
Hi @amarok,
Two things:
-
I looked into Pi-Hole some time ago and found that it can block ads from showing up, but when you visit a website that has those “Share” buttons for FB, Twit, ad nauseum social media peeps, will report your GPU, APU, CPU, Fonts, device, location and IP to all of them, even if you don’t have accounts with any of them. Pi-hole will block all of that? True or False?
-
I use VPNs a lot, but hate bumping into those Captchas that wants one to play Google (peep) puzzle games of find the bus, or bike, or train… and some sites use a list to block VPN IP addresses. If I access my Google account (I confess) there are times I have to got through 9 puzzles - even though I know a car when I see one.
Does this happen to you with the Pi?
Have you found Pi-Hole blocks things like LSOs, “tags”, “tracking bugs”, “pixel trackers” or “pixel gifs” and ilk?
I’ve read a great deal on Pi-Hole, but usually come away more confused than educated.
I sent my TV off to be recycled into dumb-phones because it wasn’t “smart”. But judging the new TVs then my toaster, shoehorn, door knobs, light-switches must all be “smart” as well. Especially my T-kettle - it whistles at me when it’s hot. I’m wagering there are people now in awe of their faucets for knowing which one is Hot and the other Cold.
IMO, only some people can be smart, but not anything that is not human. “Smart” is as controlling as is “Googling it”.
Thanks
~s~
.1. True. Unless you’re currently connected to a VPN, in which case, in the Pi-Hole dashboard you won’t see connections to individual websites or the scripts running on those pages. It’s all being masked behind your VPN. This is also why any Hosts rules that you set on your computer have no effect during VPN usage (as I understand it, anyway), and why URL blacklists in your router settings have no effect during VPN usage.
When connected to a VPN, you would need to rely on NoScript, uBlock Origin, etc., to prevent those evil connections while browsing.
There may be a way to configure Pi-Hole settings to achieve it, but I’m not sure.
.2. Yes. I do see captchas frequently, and I hate it. That’s with or without Pi-Hole, of course.
The awesome thing about Pi-Hole is that it works against hidden connections from devices that don’t even have the ability to install a tracker/ad blocker, for instance, Roku, AppleTV, Ring doorbells (shudder!), security cameras, etc.
P.S. For captchas, I usually choose the audio option. I reload until I get an obvious, audible phrase - so as not to give any meaningful aid to Google - and only enter one or two words that I hear. It’s usually enough to pass the first time, maybe second.
Are LSOs still a thing, now that Adobe Flash is defunct (or is it still around)?
As for the other stuff, if it’s a connection to somewhere, Pi-Hole can block it…unless you’re connected to a VPN.
With the major disclaimer that I don’t use Pi-Hole …
Pi-Hole is a DNS server, and that’s basically it.
Within the capabilities of a DNS server it can “poison” any domain that is looked up. However it is a relatively blunt tool, so that any given domain is either poisoned (effectively rendered inoperative) or it is not, the domain in its entirety.
Poisoning is only as good as the list of domains to poison. However you should be able to add additional domains to the list i.e. if you notice a domain not being poisoned but you think it ought to be poisoned.
In principle Pi-Hole offers an option to poison the domain to a local web server (maybe itself?) and in principle that might be used for more selective behaviour.
It might still be possible. Just some ideas:
-
Keep using the original DNS server from outside the VPN (the Pi-Hole) and configure the Pi-Hole so that any unblocked DNS lookups are either securely sent somewhere or are relayed back through the original client. (For example, if you have a multi-user subscription to the VPN service, you might set up the Pi-Hole server so that it itself uses the VPN.) OR
-
Run a second copy of Pi-Hole locally on the client device and use the local copy when using the VPN.
I actually find that it gives a lot of granular control, over full domains, or variations of domains. I can choose the hosts files that suit my needs, and blacklist or whitelist at will, also. I only wish I had installed it years ago.
I figured there were some options to accomplish that. Thanks. I’m not too concerned about the devices on which I always have an active VPN connection; I keep close tabs on scripts and trackers in browsers with my various extensions. And if I forget to connect the VPN, Pi-Hole takes up the slack, as the traffic from my computer is no longer masked. Of course, I don’t even have to worry about the OS, as it’s Linux.
To clarify my remark, I meant that, given a single domain, example.com
, it is either blocked in all circumstances for all clients on your network. (It may be that you can temporarily override but I’m making a general point here and for sure if the DNS lookup is done “unattended” then you can’t temporarily override.)
So to pick up on @Sharon’s question … that damned “Share” button for FB … it might be implemented by a fixed domain reference but … it’s OK on Facebook’s web site itself but it’s not OK on any third party web site. That kind of granularity can only really be implemented in the browser itself or, at a pinch, in a web proxy server.
And maybe there are two people in the house and they have different poisoning needs. (This is probably solvable, with Pi-Hole or other equivalent solutions, but it’s not something that I am currently doing. I’ve just gone for lowest common denominator.)
Good points.
One thing I like about Pi-Hole’s options is that you can wildcard a domain and P-H turns it into regex (which I wish I had some knowledge of).
So for instance, I can add:
.cn
.ru
and…to bring this thread back around to the OP…:
facebook
fbcdn
…and so on.
LSO’s - It’s hard to tell since there is not a lot said about LSO’s at Adobe site. But one thing that is a possible maybe is the comment:
A local shared object (LSO), commonly called a Flash cookie (due to its similarity with an HTTP cookie), is a piece of data that websites that use Adobe Flash may store on a user’s computer. ➤Local shared objects have been used by all versions of Flash Player (developed by Macromedia, which was later acquired by Adobe Systems) since version 6.
Via Wiki - Read More
Unlike a typical browser cookie, a flash cookie must be cleared through Adobe Flash Player settings.
Via Cookie Pro - Read More
So, if the LSO requires Flash Player, and that is disabled by most browsers by now and the victims who used it on their web sites had to change out, I don’t see LSO’s being used by Adobe, any more or much longer. I wonder what little Peeps and Pervs they replaced LSO spies with! Like Google announcing they were starting to behave by not using “3rd party cookies” anymore, then later a small tidbit about FLOC. Any blockers made yet for Google’s FLOCing SMIRCer?
~s~