According to its [Google's ReCaptcha 3 blog post](https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html) this service "runs adaptive risk analysis in the background to alert you of suspicious traffic while letting your human users enjoy a frictionless experience on your site"
[Eff coverage](https://www.eff.org/wp/behind-the-one-way-mirror#Part2) outlines how this benefits Google:
> ReCAPTCHA scripts don’t send raw interaction data back to Google. Rather, they generate something akin to a behavioural fingerprint, which summarizes the way a user has interacted with a page. Google feeds this into a machine-learning model to estimate how likely the user is to be human, then returns that score to the first-party website.
> In addition to making things more convenient for users, this newer system benefits Google in two ways.
1. it makes CAPTCHAS invisible to most users, which may make them less aware that Google (or anyone) is collecting data about them.
2. it leverages Google’s huge set of behavioural data to cement its dominance in the CAPTCHA market, and ensures that any future competitors will need their own tranches of interaction data in order to build tools that work in a similar way.
Earlier this year, a plan was announced on the Chromium blog to make third party cookies obsolete ...
> we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete. Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome. Our intention is to do this within two years.
The following is a summary and highlights from an article appearing on adweek, provided by an identity resolution technology supplier. The claims may be exaggerated for sales purposes, but it is interesting to see one idea for getting around GDPR and other regulations. The disturbing idea that GDPR and other privacy regulations creates the role of brands as protectors of its users profile shows how business doubles down on privacy challenges.
Nothing short of Wall St selling shares of companies violating privacy laws will change the privacy landscape.
Europe's GDPR battle has made clear the writing on the wall as
- over 60 countries announcing data privacy laws
- several US states commencing consumer privacy protection
- tech giants becoming involved in privacy regulation
- Google introducing "anti-fingerprinting" in Chrome
- Facebook Pixel disconnecting from user histories
demonstrate that plans for content creation, targeting and attribution models will need to adapt to life without tracking pixels, cookies, and fingerprints.
However, a Salesforce survey indicated that over 75 percent of consumers expect brands to provide customized experiences.
Therefore, enter "Identity Resolution", the fabric which enables a clear and accurate picture of a consumer's "omnichannel journey".
> By integrating identifiers across available touch-points and devices with behaviour, transaction and contextual information, a cohesive and addressable consumer profile can be constructed for marketing analysis, orchestration and delivery.
User profiles may be developed in this way and pseudonymous IDs like mobile ad IDs (MAIDs) and cookies help construct cross-device
Identity covers three areas:
1. online and offline data collection
2. resolution of partial profiles into persistent, unique profiles
3. maintenance of the identity over time as factors change.
> technology that collects and matches disparate data sets in a privacy-compliant manner are key to creating the persistent identity at the heart of customer-centric omnichannel marketing.
Consolidating partial profiles into single, persistent sources of
truth improves the consumer's omnichannel experience and helps
safeguard his or her privacy requests. Identity resolution is
> As consumers move through various marketing channels, they give consent for technology to collect and analyze information such as cookies, email addresses, device IDs, site visits and past purchases.
Identity is a symbiotic relationship.
1. GDPR-Era Privacy Laws Demand a New Approach to Identity: https://www.adweek.com/partner-articles/gdpr-era-privacy-laws-demand-a-new-approach-to-identity/
Researchers showed it is possible as of Oct 2018 to track users via TLS Session Resumption. Zdnet covers it with an article ( https://www.zdnet.com/article/advertisers-can-track-users-across-the-internet-via-tls-session-resumption/ ) though the linked paper is fairly readable. Among interesting observations, they note:
> Google and Facebook, two of the world's largest advertising firms, used abnormally large TLS Session Resumption lifespans of 28 hours and 48 hours, respectively
> The recommended upper limit of the session resumption lifetime in TLS 1.3 of seven days should be reduced to hinder tracking based on this mechanism. We propose an upper lifetime limit of ten minutes based on our empirical observations.
> We note, that more than 80% of the Alexa Top Million Sites restrict the session resumption lifetime to less or equal to ten minutes by
their own choice and 27, 7% of all revisits of a site occur during this period. Furthermore, the average visit duration of popular websites
is of the order of ten minutes, thus this lifetime limit hinders the correlation of multiple page visits by the same user.
Browser vendors should address the issue of third-party tracking via TLS session resumption, either by deactivating
session resumption for third-parties or by allowing only session resumptions to third-parties if the first party site is identical.
There was an issue that mentioned this in ghacks-userjs issues list (https://github.com/ghacksuserjs/ghacks-user.js/issues/643)
> Picture this: You do a google search and get a SSL Session ID, then you change VPNs, and return to google and search for something else. The SSL Session ID absolutely tracks you 100%, whereas disabling it, only makes you part of a very very small group (if used for tracking: and it is server side).
> Also consider that Firefox keeps this for up to 24 hours, which is outrageous IMO. Other browsers are much quickly at releasing them
Furthermore, for firefox it is suggested here (https://www.ssl.com/article/tracking-users-with-tls/) that this behavior can be avoided by setting the following preference to true:
EDIT: As mentioned in https://bugzilla.mozilla.org/show_bug.cgi?id=967977, this preference is not included by default and must be set manually. Some pre-configured user.js for firefox include it.
Rise of the Council of Plebs in Rome, 500 BCE
> Tensions between the two classes continued to grow, especially since the poorer residents of the city provided the bulk of the army. They asked themselves why they should fight in a war if all of the profits go to the wealthy. Finally, in 494 BCE the plebians went on strike, gathering outside Rome and refusing to move until they were granted representation; this was the famed Conflict of Orders or the First Succession of the Plebs. The strike worked, and the plebians would be rewarded with an assembly of their own - the Concilium Plebis or Council of the Plebs. (via https://www.ancient.eu/Roman_Republic/)
Privacy disclaimer: Algo is not focused on privacy, but prioritizes security. You host it yourself on a cloud instance, so you are attached to a single IP.
As an iphone user, I have not seen many good ad-blocking solutions and I sadly expect zero anonymity on mobile. Perhaps Disconnect was OK. I would like to know more if they exist.
Algo gives an option to install an adblocker on your vpn server and it seems to work fairly well. You can set it up in under half hour and destroy your $5 instance as needed. You can use on desktop if you want, but I prefer dynamic IP VPNs when possible.
For five years running, Rust has taken the top spot as the most loved programming language. TypeScript is second surpassing Python compared to last year. We also see big gains in Go, moving up to 5th from 10th last year.
> U.S. Sens. Jeff Merkley and Bernie Sanders have introduced the National Biometric Information Privacy Act (BIPA) ... Most importantly, the bill empowers you (and the EFF) to sue businesses that break these rules.
In 1997, Eric S. Raymonds, The Cathedral and the Bazaar,
prompts Netscape to release Navigator as free software.
The tech industry was examining how to bring open source ideas, principles into
commercial software. Some decided that social activism tendencies of the FSF (Free Software Foundation) unappealing, and looked for ways to rebrand free software movement to emphasize
business potential. "Open Source" was decided upon and Linus Torvalds approved.
Raymond in Cathedral and Bazaar, relates
managing open-source project fetchmail, struggle between
top-down (Cathedral) like emacs, bottom-up design (Bazaar) like Linux,
"given enough eyeballs, all bugs are shallow", the more widely available,
scrutinized, iterated, all bugs discovered. Inordinate time, energy spent
in Cathedral model. Many lessons, principles inumerated.
Avoid commercial sites by adding your own flavor of top level domain (TLD) limitations, e.g. "(site:*.org OR site:*.net OR site:*.edu))"
For example: instead of returning the top result on ahrefs.com, this query:
- 'search operators "site" (site:*.org OR site:*.net OR site:*.edu))' makes it easier to find: "https://guides.lib.berkeley.edu/GoogleTips" in what would be a sea of SEO gamed results on .com domains.