I built my personal extension which blocks all the traffic from Dan Pollock's list [1], then blocks all the traffic from major service providers (google analytics, etc) and social networks (fb, tw, google, etc) when not on their website. Referral and user agent headers removed, I haven't found the need to remove other headers.
Currently working on preventing (and manually allowing) all xhr/script/image requests 2 seconds after the main frame has loaded.
The internet is a lot faster for me, and the battery appears to last longer. So far, I've only had problems logging into instagram, but once the cookie is set, I can re-enable blocking ads and tracking.
Looks like that list hasn't been updated since our domain switch. If you really want to block our internal analytics (which are in practice fairly harmless) replace "hits.guardian.co.uk" with "hits.theguardian.com".
Nominated for the most classy comment of the month. That the product manager of The Guardian would take the time out from his (no doubt) busy day to help a user to block tracking is an amazing display of trust in that the user knows best what is good for them. Thank you.
I wonder why companies who host their own analytics choose to use a separate request to track users?
Surely it is better just to get the data from your own content web server logs ? Wouldn't you get the same information while saving on the extra HTTP request? It would make the site loading times slightly faster as well.
Server logs will track all requests from crawlers, accelerators, and cancelled navigations. An AJAX callback will only happen for real human visitors that actually view the page.
I admire the fact that you offer this kind of info :-) thanks mate, always admired the Guardian for his articles, authors & general stance towards privacy.
Considering them telling almost 20 other domains about your visit, I would not call that stance on privacy a strong one: 2o7.net, ajax.googleapis.com, chartbeat.com, chartbeat.net, dqwufkbc3sdtr.cloudfront.net, facebook-web-clients.appspot.com, google.com, googleadservices.com, googletagservices.com, imrworldwide.com, mathtag.com, ophan.co.uk, optimizely.com, outbrain.com, scorecardresearch.com, twitter.com, wunderloop.net, www.googleapis.com
I really wonder how this 10KLines is handled by the network subsystem. Is it compiled into a big regexp ? or another form of compacted runnable logic ? or at which point does it slow local name lookup.
At a guess, by doing a match first on a substring using a hashtable. That way if something is a 'candidate' you can hit a more expensive datastructure to figure out if you really have a hit without burning a lot of cycles.
There are a few things to take out to make certain services I like work (E.G. Hulu), so I usually try it in sections to see which services break and comment those.
Do you do anything about plugins sharing your fonts list? I found it to be the least known / most creepy way to identify a big number of users. Unfortunately i don't know of any extensions that would block that information.
The internet is a lot faster for me, and the battery appears to last longer. So far, I've only had problems logging into instagram, but once the cookie is set, I can re-enable blocking ads and tracking.
I guess I am one of those 'dark traffickers' :P
[1] http://someonewhocares.org/hosts/