We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Observe online tracking with Lightbeam

00:00

Formal Metadata

Title
Observe online tracking with Lightbeam
Title of Series
Number of Parts
199
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Using the new Lightbeam add-on for Firefox, we will monitor web-tracking and discover solutions to protect ourselves
Medical imagingVideo gamePoint (geometry)Set (mathematics)Multiplication signPresentation of a groupWeb 2.0FacebookSlide ruleService (economics)Electric generatorInternetworkingOperating systemInformation privacyProjective planeState of matterSoftwarePrisoner's dilemmaWeb browserTwitterRepetitionAreaNeuroinformatikContext awarenessPhysical systemFamilyWritingNumberDifferent (Kate Ryan album)MiniDiscComputer programmingPhase transitionDemosceneSpeech synthesisArithmetic meanParameter (computer programming)Physical lawLecture/Conference
InformationWindowWeb pageVideoconferencingRevision controlKeyboard shortcutNeuroinformatikWebsiteCellular automatonSelf-organizationRight angleTerm (mathematics)Multiplication signPhysical systemLogicMoment (mathematics)Graph (mathematics)Service (economics)Student's t-testDifferent (Kate Ryan album)GoogolThomas BayesPoint (geometry)CircleInternetworkingVideo gameEvent horizonTrailPhase transitionState of matterReal numberWeb 2.0Profil (magazine)File formatProjective planeMachine visionLevel (video gaming)Greatest elementContext awarenessRow (database)RobotFacebookLocal ringProcess (computing)EmailExecution unitServer (computing)SoftwareInternet service providerShape (magazine)Physical lawLecture/Conference
Electronic mailing listView (database)Graph (mathematics)Closed setWebsiteReduction of orderSlide ruleExecution unitWordMultiplication signProjective planeFacebookVideo gameContent (media)Inclusion mapMedical imagingPhase transitionPattern languageLattice (order)Web browserGroup actionEvent horizonForm (programming)VideoconferencingTerm (mathematics)Sampling (statistics)Different (Kate Ryan album)BootingBitInformation privacyRight angleInternetworkingComputer fileSummierbarkeitPresentation of a groupPoint (geometry)File formatFlagCASE <Informatik>Google AnalyticsTablet computerWindowWeb-DesignerMedianTelecommunicationIdeal (ethics)Extension (kinesiology)SoftwareNichtlineares GleichungssystemSymmetry (physics)Link (knot theory)Integrated development environmentWeb 2.0InformationConnected spaceForcing (mathematics)Flow separationFocus (optics)AreaPoint cloudService (economics)MathematicsWeb pageBlock (periodic table)Element (mathematics)ResultantPower (physics)Game theoryDomain nameUniqueness quantificationHTTP cookieYouTubeScripting languageGoogolTrailCode
Normal (geometry)DataflowComputer fileOrder (biology)Software bugCodeFilm editingWebsiteHypermediaPlug-in (computing)1 (number)Shared memoryGoogolFacebookFormal languageInformation privacyLecture/ConferenceComputer animation
Transcript: English(auto-generated)
So, now welcome to Antoine or Flabbergand. So, Flabbergand is a Mozilla rep from France. He is especially interested by online privacy and projects like Collusion.
He is making presentations to inform people and explain them how they can set Firefox and other Mozilla tools to protect their online life. Antoine is also a Muffler. So, he is belonging to the new generation of the French community and this is the nickname I've given them with love.
So, Muffler is a small fry in English and they even are now planning some Muffler meetups in the French community. So, please welcome my beloved Muffler, Antoine. Can you hear me? Yeah? Okay, that's nice.
For those who want, the presentation is already online on GitHub, so you can follow the slide on your computer. Okay, here we go.
This presentation will be with a lot of speed because I usually talk about that during house and I got only 25 minutes, so here we go. So, I'm Antoine Gbare. I think I don't need to talk more about that. I contribute to just around Mozilla projects because I care about privacy on the internet.
The first thing that I wanted to tell to you today is that the internet is powerful, the web is powerful. We are doing things today with a web that nobody imagined when the web was built at the first time. So, we are building an operating system for mobile phone.
We are doing a lot of stuff. I recently saw a fridge with Twitter on it. So, the web is not only about a browser on a computer, it's on many devices, it's everywhere. And unfortunately, only a few persons are able to understand how the web is working.
One of the bad sides, the downside of this is that many people just don't care about their data and what the web can be wrong with them. So, just a number, 300 millions of pictures of images uploaded on Facebook every day.
So, most of them are very personal or maybe professional data, but that's an amazing amount of data which are transferring using the web every day.
And unfortunately, the people who deal with those data are doing that to have more money. The goal of a corporation is to have money every day.
I think you know that if you're in the first time today, the difference between non-profit and corporation. So, my point today is in the web, it's pretty different because you say, okay, I'm dealing with company almost every day.
Like, I'm going to my bank, I'm going to the bakery, but those companies are just right next to you. If you have a problem with Google, with Facebook, with a big company on the web, you will not be able to easily contact them. You will see just after I will give an example of a story which is really sad about someone who tried to contact Google.
So, they are far away from you. You cannot do anything. You cannot go there and talk with them. Most of them are really big. Like, if today you say, okay, what Facebook is doing
with my data is wrong, I don't want to use Facebook anymore, I will use something else. It will be really, really hard for you to find an equivalent in the services. There is no equivalent to Facebook. There is no equivalent to Google. It's something too big to compete with. So, this kind of company Owning Our Data is a problem.
The states Owning Our Data is a problem too. I think you probably know this slide. They come from the prisoner story in the NSA that Snowden revealed to everyone in last June. One of the reasons I'm doing this speech, once again, because I already did it last for them, but I think it's important because this changed.
So, I don't know if you can read easily, but that's all the corporation. The NSA have an agreement with them to directly take data inside this database.
So, if you're using a software or services of one of those companies, so you got Microsoft, Yahoo, Google, Facebook, YouTube, Skype, Apple, everybody. So, you'll probably have your data somewhere. I mean, I try to have none of account on all these companies and it's really hard to do.
So, here is the situation, now the point. The next day, now that I'm sharing Kitten's picture on the internet, who cares? Well, there is many problems about that. The first one is the dependency you have to these services.
For example, the story I was talking about was an artist who was working using almost every Google services. So, he got Gmail to talk with all the contacts he has. He used Picasa to share his work.
He used an Android phone and one day, like every morning, he just switched on his computer. And so, okay, you're not allowed to access Gmail anymore because your account was closed. You do not respect anymore the terms of use.
So, he was like, okay, no explanation, no thing. So, say, okay, so I cannot write you an email because you just closed my email. I will try to call you. So, he picked his phone and the historian was marking, okay, you cannot use this phone anymore because you do not respect the term of use. So, no phone, no email.
And he tried to do a lot of research during one week to know why his account was closed. And it's been one week before succeeded to talk to a human. Someone from Google able to say, oh, it's because one of our bot detect that on one of your pictures, one of the work you're doing,
there is a naked shield, so it was considering as pedophilia. But this kind of art you can find in many church, well, nothing problematic. So, Google just say, okay, excuse us, we are sorry about that.
Your account is here again, every data out here. But during one week, no phone, no email, no work, nothing. I think you can imagine that it's really problematic to be as dependent as a service like that. The other point is targeted advertisement. You can say the same.
I don't care if someone know that I'm looking for a camera on the internet. The point is today with the different tools the advertisers use, they are able to know which side you are visiting. So, they can say to you, okay, you were to Amazon, you didn't find the camera, so you go to eBay.
And this kind of information is really, really, really, really important for every person who do some sales online. If you're able to say, imagine in real life, in the street, you go on a shop and you don't find the shoes you were looking for.
You go back and you go to another shop. And if the seller in that shop can know that you didn't find something in a concurrent of him, he can sell you exactly what you want. He can order it. He can maximize every sale he will do.
So, online this is possible. And this is dangerous for us because we will just sell all that and we will just buy tons of stuff we don't really need. So, this is also a problem when you start thinking about profiling.
For example, if you say, okay, I just like some kittens on Facebook. I don't see the problem about that. But you don't know why. Maybe someone somewhere will see that statistically people loving kittens are more probable.
There is more probability to have a car accident if you love kittens. Nothing can say that in real life, but maybe statistically you will see that. Okay. So, what is the consequences of that? The insurance will directly say, oh, you will have probably a car accident.
So, you will pay your insurance more just because of that. Profiling is really, really dangerous too because it impacts directly your money. It impacts directly yourself outside of the web in the real world. And, of course, that could be bad for your job too and for the state.
I think that we saw what happened in Syria, what is happening in a lot of countries in the world around there. We don't want our information to be as easy as it is right now. It's too easy for people to access our information. Especially, you can say, okay, I'm in Europe, maybe in Germany or in France.
So, the government there are not bad. They are here for us at the beginning, the idea about that. But, nobody can say what will be legal or illegal in ten years. If today loving kittens is a good idea, maybe in ten years it will be completely forbidden.
And then you can go in jail because your data from ten years ago was already accessible. So, we have to do something about that. The first thing we have to do is to choose the services and the software we are using.
So, the question to ask ourselves about that is, first of all, what do I want to hide? If I try to, I don't know, if I'm in China and I want to post something very controversial on the internet,
I will need something really, really secure. It's not the same as if I just don't want Google to know that I'm looking for shoes. So, who is providing the service? If it's someone who is doing that to have more money or if it's someone nonprofit like Mozilla can be.
And especially how much time and money and how much knowledge I have. How much can I invest myself in this project? If I know nothing, I don't want to spend any money because I don't care about my data and I don't have time to.
Well, I will use the first email provider I will find like Gmail, Oatmeal, stuff like that and that's all. And the last point is where is it located? What's the law in the country where my data are? Is it in the USA? Is it in Europe? Where is it?
So, when you put that, this question, you see that you can go from top to bottom. The top will be something which we already spent. You will have to spend a lot of time on it, a lot of money and you will need knowledges to be able to do that. And at the bottom, it's just, okay, I don't care. I choose one company and that's all.
The first thing which is important now is to use free software. Because if you need to encrypt completely your data like you say, okay, I will use Tor to protect myself.
But if you do that on Windows, for example, you're just wrong. Because the information you're entering on your keyboard are already record before going to Tor. So, it just uses. Okay, so now I will talk about LightBeam. LightBeam is the new version of Collusion.
So, it's a project from one year ago, one, two years. And it allows us to monitor online web tracking. So, I will show a short video to you because I don't have Wi-Fi really easy. So, I did that this afternoon seeing that this morning was out.
So, here is LightBeam. So, as you can see, we just discovered that ubuntu.com was already found on the first page on ubuntu. This is an empty profile in Firefox. On the right, you can see the localization of the server. So, it's in United Kingdom.
And now I'm going to just go to different website to see what happens. So, here we go, Electronic Frontier Foundation. Okay, there is only one node. So, here will be a graph. And each node of this graph will be the website I visited directly or indirectly. So, at the moment, it's only directly.
I went to ubuntu.com. I went to the Electronic Frontier Foundation. Now I will go to the New York Times website. And there, you will see that it's very different. So, the website is loaded. And here you go. You have the New York Times website.
So, when the shape is a circle, I directly visit it and hold the website around the New York Times. I'm aware that I went to the New York Times website, but I didn't want to say that to them. So, let's take the example I said just before going to eBay.
I'm looking for a camera. So, the eBay website, I have also third-party sites inside it. So, just looking at, as you can see, you probably can't see it well.
But the interesting point is that some of the third-party websites are connected to the two websites I visited. So, at the middle is doubleclick.net. It's a famous advertisement company. They are able to say, okay, this person went from New York Times website to eBay.
Why did they do that? This kind of information is frustrating. Here is another website. It's Price Minister. So, as you can see, there is tons of content included from other sites.
And so now, yeah, I'm looking to the camera, too. Yeah, the point is, like, doubleclick, for example, is able to say all my navigation on the web are directly tracked by this website. So, unfortunately, I will not have time to really explain that.
How much time do we have? Okay, you can see that there is tons of third-party websites. So, you can see that Lightbeam now allows you to filter, yeah, Lightbeam allows us to
filter different, to display only the website I already visited or only the third-party website. It allows us to show all that connection between these websites.
Even Hello has to block websites and to watch some websites, especially to keep the focus on them. So, doubleclick, you can see, is in the USA. Another view, interesting view, is the list of all the websites you visited.
You can, from this list, block a domain. You can also see the clock view. This view is loud, so this was an empty profile, so it's only today, but when you keep browsing during, for example, one week, it's really time-consuming. So, you have a big, big graph. If you want to only see what's interesting inside, you need to use the clock view.
And the last thing I want to show you is the contribute data. This allows Mozilla to try to make a graph or advertiser spying on you. So, if you want to contribute, that could be nice.
I don't really have time to explain to you how is that working, technically, but we can talk about that outside. The thing you have to know is, it's not only about cookies and everything like that today. The new fashion, if I can say it like that, is just to try to see if your browser is unique.
For example, the Electronic Frontier Foundation created a new project which will look only to your browser to see if it's unique. Looking at the user agent, looking at the plug-in available, looking at the times on you, the fonts, almost everything.
And just by looking at that, they are able to almost identify you as unique. Almost each time, they will be able to say, even if they do not use cookies or stuff like that.
So, as a user, what can I do? So, in Firefox, block third-party cookies and do not track. And you have some automatic solution add-ons like Ghostery, which is not free software, unfortunately. Disconnect.me, it's almost the same, and it's free software.
It's not as good as Ghostery at the moment, but if you contribute, it will become better. No script and request policy, for example, to block everything from our website, but you have to be more technical to do that. And you have to, yeah, you have nothing with a goat wheel anyway, so be careful.
So, if I show you the difference now, I will, yeah. So, here is the preference to set inside Firefox. So, the do not track is just a flag to say I don't want to be tracked.
The website, nothing obliges the website to listen to you, but at least you said it. Legally, it's important. Clear the history. And as you can see, I now have Ghostery in the extension.
So, let's see the difference in Lightbeam. All the tabs I had was the webpage I visited just before, without anything activated. So, I just refreshed it. So, New York Times, eBay.com.
And you will see at the right, there is a purple bubble, which is all the external content that Ghostery blocked to protect you. If you click on Ghostery, you can find inside it the exact element which was blocked.
And you have some links to have more information about why and from where. And now, if we go to the graph, here we are. So, I think the result is way better.
I think we can just say that this graph is really, really, really nicer than the previous one. And especially, there is no common node between the city I visited. So, no navigation history. Okay, and just to finish, what you can do as a power with your user, because I know we are in the first game.
Usually, I do not put that here, but you're able to change your services. So, there is a full list on pre-break.hog of services you can replace. You can, for example, host your own services instead of using Google for your agenda, your to-do list, or stuff like that.
Enclude and CozyCloud are a new project about that, and they are really great. You should try them. And you should try to use Oasis, which are free software. I think you already know that.
And spread the word. And especially the last slide, what you can do as a web developer, try to avoid inclusion of external content if you can. It's not that hard. If you want to embed a social button like the like button from Facebook, for example, you can put an image with just the button.
You will host the image yourself, not on Facebook. And if someone clicks on the image, you will just put a little bit of JavaScript to replace it with the real iframe provided by Facebook. But at least if someone doesn't click on the button, it will not be tracked by facebook.com.
So, think about it when you include the same for YouTube videos. It's easy to put just the first image of the video, and then when the user clicks on it, to replace it by the iframe with how to play on it. It's easy to do, and it saves a lot of privacy for your visitor. You can use PwC instead of Google Analytics.
Google Analytics is everywhere. It's more than 90% of the websites of the world, which are Google Analytics included in it. So, Google is aware of almost everything which is happening on the internet, and that's bad. And you can use Persona 2. You had a presentation of it just today, which allows you to connect using your Google account.
But without seeing it to Google as directly as if you're interested in a website or Facebook connect to. You can avoid hosters like Amazon or Windows Azure. Because, of course, all the visitor IP will be tracked by this.
Okay, it was really quick. Do you have any questions? We do, do you allow this? Do you allow this? Okay, thank you.
I give two questions. So, first and then. Is Lightbeam compatible with Sea Monkey, and if not, why not? Is Lightbeam compatible with Sea Monkey? That's the question? Well, honestly, I didn't try. I don't know. I just made the permission of Lightbeam, but I didn't write the code of the item, so I don't know.
In order for it to be compatible, it needs the proper paragraph in the installer.df file. Well, the code is on GitHub, so if you have any suggestions, you can just open an issue or find a bug about that.
Easy answer. Not quite a question. There's actually a jQuery plugin by a German IT publication, which enables two-click. So, first activate, then register for Facebook, Google+, Twitter, and stuff.
It's called Social Share Privacy. Oh, nice. Fully localized in English, and I think they have five or six languages now. Thank you for noticing me. That's cool. But don't include jQuery from Google. But, yeah. I had another question. Okay, another one? Yeah?
Isn't it somewhere in your interest to fund Google? Because Google funds Firefox. So, isn't it in your interest to allow all these websites to track you? Well, no, because we care about our users first.
Surely, the user first. If you want to continue to speak about that, I can go outside and we will. Thank you so much. Maybe after I've touched on the bell, because I want to listen to you.