Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Ideas to have fun poisoning data collection by trackers/data brokers?
8 points by reacharavindh on Nov 3, 2022 | hide | past | favorite | 19 comments
I have used adnauseum every now and then for a minor attempt at poisoning my profile. I wonder anyone at HN has other ideas to go about and poke fun at this data machine that tries to profile us all?

Any scripts that would generate valuable noise to trick the trackers?

Any other obfuscation methods that create enough nuisance to the ad companies?

P.S I am not looking for a 100% foolproof way to get away from trackers. Just some fun and creative ways to trick them.



You'll need web scrapping abilities :)

The point is: You always use the same gadgets to browse the internet. There are a lot of parameters that can be used to identify you. A few are

Browser window dimensions

Language set to standard

Resolution of your screen

History of visited pages (as much it can be used to

Agent Version

Installed add-ons ....

...

So, that's one point where you can start to act at. With python + Selenium it's possible to have a browser with modifiable User Agent, with head, headless, different window dimensions, languages and and and.. this can be automated.

Also, if you're at web scraping, you usually use proxy servers with different IPs. That could be useful.

On the other side, you have your accounts at the service providers. For example google. Google knows what you searching for and what you visit, how long, if it's a revisiting.. and so on.. To poison that you'll need to make it impossible for Google to filter out what you really need.. but for that you need to log in to your account.

So with web scraping it's possible to poison the IPs, the search terms, the identification of you by utilizing the browser properties.

But I ask myself, what does it bring you? You poison your accounts with all the web services you use. You need a lot of time to setup your "poisoning" Workflow. But the yield is equal to nothing.

And, google wants to end the tracking of individuals (ye ye... Who believes that???) by having grouped cohorts.

That has to be implemented as a plug-in used by a lot of people. If it's only you, then it won't change anything on the tracking/interpretation by trackers.

To much work for an individual :)


Yes, I possess web scraping abilities and a decent scripting ability in Python :-)

What does it bring me? Tickles. Joy that I wasted the time and money of somebody who paid for it. Fun time scripting in Python and who knows, some ideas might come out of it.

The last I touched selenium was when I was at grad school a decade ago. Is that still the way to go?! I was hoping the art would have grown leaps and bounds by now.

Is there any way to automate user actions on existing browser window.. as in - injecting mouse and keyboard inputs on my already open (and logged in) Firefox tab to say procedurally click on all emails in my inbox.. ?


It's being a while for me, too.

I remember, there was some add-on for Firefox, which can be used with python to automate actions. It was some test suite framework for web testing. But, having done a quick Google search, didn't find it again.

On the other side.. when using selenium with a f.e. Firefox driver, it is possible to fire up an instance and use it like ordinary Browser doing logins and whatever. While being on webpages in question, it's possible to run python and interactively automate things on that very site. It's already loaded, so it's possible to interact with it.

1. Fire up an instance 2. Login to Amazon 3. Have a script doing searches with arbitrary Keywords on the fly / and/ or scrap the information needed.

That's what I did with stocks. I login into the service providers and let the script do the searches for the stocks, scraping the data, save it into db. If you leave that scraping data out, then you'll have a webrobot :)

Nice Project btw.. "just sh*t into someone's soup making a beautifulsoup" :)


adnauseum is dangerous and misguided. You can't "poison" data collection because nobody collecting that data cares if it's accurate or not. They just collect everything that they can. Nobody is going to throw away all of the data they have on you just because some of it might be wrong. You can be certain that all of that data being collected will still be used by others against you regardless of how accurate it is.

It doesn't matter if your browser addon was responsible for clicking on a bunch of fast food ads and not you. Your insurance company can see that and will happily increase your insurance premiums anyway. They won't tell you why they did it though and you'll have no chance to correct them and explain it was your addon.

Maybe you have no interest in expensive ski trips but your addon clicks on ads for them anyway, and the next time you book a room at a hotel or buy an airline ticket they may decide that they can get away with charging you more than they otherwise would have. You'll never be told that you would have gotten a better price if not for the data in your permanent record.

You can also never know what will prejudice someone against you. You might not be Muslim, or gay, or a member of a certain political party, but if your addon gets you flagged as being something you're not it can still cost you job offers, get you denied housing, or even get you targeted and harassed by extremist groups.

Data collection is not simply about what ads you get shown online. The data being collected about you is increasingly being used for much much more. It can determine how much you pay vs your neighbor for the same items at the same stores while shopping online (and even offline!). Companies are already using it decide things like what they'll tell you when you ask what their polices are, what products/services they will offer you, and even how long they'll leave you on hold when you call them!

The information in your dossier is permanent. You aren't allowed to know who has your data or what they are using it for. You cannot edit or correct the data in your file either. It will follow you for the rest of your life and it will be used to impact your life online and offline in countless ways without you ever being made aware of when, how, or why. Stuffing your dossier with a bunch of random data is just handing people more ammo to use against you.


I don't try to trick them, but anytime I see one of those "fun quizzes" on Facebook, I always come up with a creative answer than involves working in a data mine, with old Jeb, who I met in '49.

I just want to warn people off the harvesting, while adding a bit of humor.


Get a refillable debit card in a fake name. Use it for many of your on-line purchases.

WARNING: This may also lock your profile at credit reporting agencies --- which is not necessarily all "bad" as it provides insurance against identity theft.


Not sure how one can go about buying a debit card with a fake name. As interesting as it sounds, I'm more inclined to go for cheap programmatic ways of having fun with the trackers at this moment.


I'm also not sure how to get a debit card with a fake name. But, I would like to know how to. It would make a lot of people happy, I assume.

Could you please advise on that matter? Thx


Sure. Go to Walmart and buy a reloadable, prepaid debit card using *cash*.

Register online using a fake name of your choice and any address except your home address. The actual card with your fake name will be shipped to the address you provide.

    Pro Tip: You *can* actually use a P.O. Box for this.
    Every local post office has a valid street address.  
    Use it but add your box number as a second line, for example:

    John Q. Public
    987 PO Street  <--- street address of the post office
    #1234 <--- your box number
    SomeCity, AA 11123
Reload your card at Walmart using *cash* as needed.

It helps to have an anonymous burner prepaid phone number too. Ultra Mobile Paygo is only $3 per month (check eBay for SIM). Very useful for lots of other purposes too.

Enjoy your new identity! You're welcome.


Sounds fun and would make a heck of a story at social times. Unfortunately, I live in EU and it doesn’t quite apply. I need to do more research to see if such is possible out here.


Sounds fun and would make a heck of a story at social times.

Some women are attracted to dangerous "bad boys" that momma would disapprove of. Invent some BS story and show them your alternate identity as proof and you'll be in it in a minute.


Reloadables require SSN verification, afaik.


They didn't when I got mine. And apparently, some still don't.

https://www.cardrates.com/advice/prepaid-cards-without-ssn/


Yeah all of these listed still require an equivalent to SSN.


Even so, this does not mean your SSN is distributed beyond the issuer. Banks do have privacy regulations.


I used to do this but most of them now show up as gift cards to vendors and are blocked for anything online. Are you still finding refillable cards that work online?


Yes, generally accepted everywhere Visa and MasterCard are welcomed.

The only problems I've encountered are with recurring billing --- i.e. subscription services. They seem to have concerns about future funds availability.


That must be what I was running in to. I always used them for VPS accounts and then one day that stopped working, but those are recurring.


https://trackthis.link/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: