webglstats.com

[cheery]

You've created a censorship machinery that abusive anti-piracy and governments mostly end up just dreaming about. You can block stuff, leaving people to scratch their heads why that stuff doesn't work consistently across all browsers.

Exaggerating a bit, huh?

It is the very same mechanism, even if they can legally opt out from ad blocking. I'm not exaggerating how strong power it is. Giving it subtle blocking rules, it could be used to disturb quite any organization for personal gains. The attack is feasible because the system is too centralized. Everybody are using the same blocklist even if using different ad blocking tools.

Given a situation where the problem occurs, how does an user know that the site isn't working like intended? Or that ad blocking causes it to malfunction?

I have had ad blocking out of my computer for three days now. I understand that your intentions have been good. And for long time I thought that ad blocking is good stuff. Here's the problem: people&companies who arbitrarily advertise on their site are worthless, ignorant and irresponsible. They are also most likely suspects for linkbaiting. Exaggerating their titles and subjects to drive you to their site. The adverts are excellent cue to recognise that you've been misled and that you should close the browser. I'm trying this nontechnical solution for a change.

[Guest]

The adverts are excellent cue to recognise that you've been misled and that you should close the browser.

All blockers show the number of requests blocked on a page. No need to let the ads or whatever else invisible download first to get a cue.

[pyalot]

You've created a censorship machinery that abusive anti-piracy and governments mostly end up just dreaming about. You can block stuff, leaving people to scratch their heads why that stuff doesn't work
False positives happen and we fix them and that's why we have this forum for example so users can report issues with our lists. Adblock Plus for Firefox has a built-in issue reporter to report unblocked ads and issues with it. You can also contact us via e-mail.
Filters that continuously break sites are removed.

Have a look at http://statcounter.com/ with ublock and its default setting enabled. Pretty huh? That didn't get reported? Fancy that.

The problem is that you're establishing a list of "forbidden" filenames. And this changes, it's continually expanded to include new names. You are breaking other peoples websites. And there's a black number of unreported breakages. Not everybody comes to report a problem with the list. I'd say the black number is quite large. Countless websites are probably broken because of EasyList, and nobody ever reported it. The authors of these websites probably don't even know that their websites are broken because of you.

And even if breakage is detected, and intented to be fixed, sometimes you may find that the rule you put in there, cannot be fixed because somebody who you deem to be objectionable, is still using that name, even though, completely different people use the same name, people who you deem non objectionable.

You have become the arbiter of "acceptable filenames" on the internet. Also the arbiter of "acceptable domain names" and subdomain names. And file extensions.

[MonztA]

Have a look at http://statcounter.com/ with ublock and its default setting enabled. Pretty huh? That didn't get reported? Fancy that.

No, I didn't get that report because it doesn't affect any of our lists.

Given a situation where the problem occurs, how does an user know that the site isn't working like intended? Or that ad blocking causes it to malfunction?

It's mostly videos that don't play, certain navigation functionality or simply removed elements that aren't visible. The easiest way would be to temporarily disable the adblocker and check if that helps.

[AshleyScirra]

From what I can tell, nobody has denied that WebGL statistics are useful for developers.

I am not clear on what the privacy risk to users is if a website is sent technical information like the maximum size texture their graphics hardware can handle. What negative effect can result to the user from that? And on what basis does that outweigh the utility of what appears to be universally agreed as a useful service to developers?

[gorhill]

Have a look at http://statcounter.com/ with ublock and its default setting enabled. Pretty huh? That didn't get reported? Fancy that.

The problem is not with EasyList et al.: the domain is blacklisted in four other different lists from different sources, each with its own maintainer: Peter Lowe's, MVPS, Dan Pollock's and hpHosts. Are you also going to complain to each one of them about them being "Lord of the internet"?

Thanks for reporting, I fixed the problem with statcounter.com site.

[gorhill]

Given a situation where the problem occurs, how does an user know that the site isn't working like intended?

How does a user know that a third-party (say webglstats.com) is silently gathering data from his browser when visiting a web site (say example.com)? And even if a user knew, what if s/he disagrees to be data mined? That's why people use EasyPrivacy, to be pre-emptively protected against something they don't agree in the first place. Your current mindset is that your right to silently data-mine people is greater than the right of people to be protected by default against such practice -- even if they are branded as benevolent. I disagree, that's why I use EasyPrivacy and other such lists.

[gorhill]

Given a situation where the problem occurs, how does an user know that the site isn't working like intended?

Sorry, in my post above I meant to quote cheery, I ended up misattributing the quote to MonztA.

[pyalot]

How does a user know that a third-party (say webglstats.com) is silently gathering data from his browser when visiting a web site (say example.com)? And even if a user knew, what if s/he disagrees to be data mined? That's why people use EasyPrivacy, to be pre-emptively protected against something they don't agree in the first place. Your current mindset is that your right to silently data-mine people is greater than the right of people to be protected by default against such practice -- even if they are branded as benevolent. I disagree, that's why I use EasyPrivacy and other such lists.

I understand your point of view. You presume guilt by default, because otherwise you'd need to extend trust, and that's messy for you to do.

I think there's a variety of problems with blocklists, such as client side resource use, breaking of the web, centralization, web-bitrot, prevention of useful statistics, promulgation of ad-infested web sites, unlist extortion rackets, lack of oversight/regulation, lack of a structured recourse process, lack of dispute resolution process, ineffectiveness (fonts.googleapis.com not blocked?!) and so forth. And I believe that in time, you will come to realize that these problems will exasperate themselves, mutating into a case of the cure being worse than the disease, forcing you to abandon your effort, at which point you'll have left the web worse of for wear in terms of usability, privacy and advertising density.

But regardless of our disparate believes about the usefulness or objectionable nature of each others work, I have asked for guidance if there's anything I can do to make you happy. No such suggestion was forthcoming, so I presume that no such suggestion exists. If you're found to be morally objectionable by the bureau for acceptable names on the internet, that's the end of the story. And that really irks me. Because I share a lot of values with your strive to rid the web of ads and to keep it private. I just don't agree that this requires inflicting massive collateral damage.

Now obviously I cannot prove to you my intent not to track users, for there is no way for me to rid a data collection of every bit of information that could conceivably be used to track users. For example, even if I could cause the browser not to send any headers, I'd still have to pickup the connection and get an IP, and I'd suspect, you'd object to that too. Neither do I feel a strong privacy policy would assuage your paranoia. And the effort to voluntarily promise to observe some "do not track header" would be an entirely futile suggestion to begin with from your point of view.

So the tragic in this situation is that even though I believe in privacy, and I hate ads, you and I cannot see eye to eye about how to resolve this situation. And this isn't because I set myself on a course with you, this is because you set yourself on a course of collision with the web at large. I'm but the harbinger of grief to come at your doorstep. In time, you will learn the enormity of your presumption.

[cheery]

Given a situation where the problem occurs, how does an user know that the site isn't working like intended?

How does a user know that a third-party (say webglstats.com) is silently gathering data from his browser when visiting a web site (say example.com)? And even if a user knew, what if s/he disagrees to be data mined? That's why people use EasyPrivacy, to be pre-emptively protected against something they don't agree in the first place. Your current mindset is that your right to silently data-mine people is greater than the right of people to be protected by default against such practice -- even if they are branded as benevolent. I disagree, that's why I use EasyPrivacy and other such lists.

I unfortunately, stay in my outrageous mindset.

When you connect to my website, you become statistics in my server logs. You might disagree with the fact that your IP address was recorded there. Little you can do. The technical details are in way for implementing protection against data-mining, equivalent to how they are in way of preventing piracy. Collection of statistics will be used for both good and evil. By forbidding that you exclude the good use. The evil use persists because it won't obey your wishes. If you seriously wanted to prevent this, you'd have to refrain from connecting to the internet. Similar to how publishers should stop publishing if they really wanted to prevent piracy.

EasyPrivacy as the "solution" consists of punching holes into my namespace by excluding names my program might use. It will break my apps. You're probably enjoying too that you won't need to install these "apps" to your computer, and that these apps have restricted access to your computer contents. The fix could be simple as disabling the EasyPrivacy on my app site. Everyone just doesn't understand to do this. Also the possible errors that come are arbitrary. I can't identify one to trigger and show a message for user to disable ad blocking. Heck. The error handling code itself could be blocked. To workaround here, I'd need to add the text: "If this site doesn't work, try with adblocking & privacy tools disabled". But you could actually block that too. I have no quarrantees that my sites will work with these tools enabled. Therefore they break the internet.

[fanboy]

When you connect to my website, you become statistics in my server logs. You might disagree with the fact that your IP address was recorded there. Little you can do. The technical details are in way for implementing protection against data-mining, equivalent to how they are in way of preventing piracy. Collection of statistics will be used for both good and evil. By forbidding that you exclude the good use. The evil use persists because it won't obey your wishes. If you seriously wanted to prevent this, you'd have to refrain from connecting to the internet. Similar to how publishers should stop publishing if they really wanted to prevent piracy.

"Good" vs "Evil" is just a mindset, for some people tracking is tracking whether you're doing good or not. Easyprivacy list doesn't play and shouldn't play favorites. Simply put if you install an privacy/anti-tracking list that is what it does, it'll protect you from the majority of tracking servers, tracking pixels, site specific beacons.

I do understand you may have good motives, or good intentions for webgl statistics. But in the end its still tracking the user.

EasyPrivacy as the "solution" consists of punching holes into my namespace by excluding names my program might use. It will break my apps. You're probably enjoying too that you won't need to install these "apps" to your computer, and that these apps have restricted access to your computer contents. The fix could be simple as disabling the EasyPrivacy on my app site. Everyone just doesn't understand to do this. Also the possible errors that come are arbitrary. I can't identify one to trigger and show a message for user to disable ad blocking. Heck. The error handling code itself could be blocked. To workaround here, I'd need to add the text: "If this site doesn't work, try with adblocking & privacy tools disabled". But you could actually block that too. I have no quarrantees that my sites will work with these tools enabled. Therefore they break the internet.

The end user has no say when they visit the site(s), and tracking server is loaded and data is mined. However if someone *chooses* to install Easyprivacy it is there choice to install it, no one forced them to subscribe to the list.

[AshleyScirra]

There is a distinction between tracking and collecting stats. As far as I understand it, "tracking" involves uniquely identifying a user across domains, such as by creating a cookie on one domain, and then looking for that cookie on another domain; if that cookie is found, it can be determined that it is the same visitor, and thus you have "tracked" their movement from one website to another.

I do not run WebGLstats but AFAIK they implement no such tracking. There is no attempt to identify a user as being the same as a prior visit. It simply measures the technical details then forgets that user. Many WebGL implementations also take steps to make it difficult to fingerprint users based on WebGL statistics - for example usually by default the particular graphics card model name and driver version is masked, and some unusual values are rounded down to common values, to make it more difficult to uniquely identify users based on that information. Only the genuinely useful technical limitations are exposed, since it is difficult to write good WebGL applications without knowing what they are.

WebGL should be considered in the league of user agent, HTTP_ACCEPT headers, screen size and color depth, and so on, which as far as I know no service attempts to block or consider dangerous to the user's privacy even though they can be used to fingerprint visitors (see https://panopticlick.eff.org/). If you try to block these values, since they have genuine utility, the usability of the web will suffer.

[gorhill]

I understand your point of view. You presume guilt by default, because otherwise you'd need to extend trust, and that's messy for you to do.

No, you obviously do not understand why people use EasyPrivacy (recommended by EFF). They do not want to be data mined, regardless of intent. Going ad hominem on me is not going to change this reality.

[fanboy]

There is a distinction between tracking and collecting stats. As far as I understand it, "tracking" involves uniquely identifying a user across domains, such as by creating a cookie on one domain, and then looking for that cookie on another domain; if that cookie is found, it can be determined that it is the same visitor, and thus you have "tracked" their movement from one website to another.

You're trying to define tracking? Tracking involves more than just cookies, but will include data mining, tracking pixels, tracking cookies, browser tracking/measurement, analytics, referral tracking, Impression's and counters (to name a few). In the case webglstats it is used for data mining/browser tracking and analytics thus falls into Easyprivacy.

Datamining: using scripts to discover what "features" your browser has.
Analytics: graphing/storing/measuring the information gained.

WebGL should be considered in the league of user agent, HTTP_ACCEPT headers, screen size and color depth, and so on, which as far as I know no service attempts to block or consider dangerous to the user's privacy even though they can be used to fingerprint visitors (see https://panopticlick.eff.org/). If you try to block these values, since they have genuine utility, the usability of the web will suffer.

Obviously running server side stats like awstats (apache/nginx logs) is accepted given there isn't a way to block it and its completely serverside. The user agent, screen size etc didn't leave the site, its not like a 3rd party script loaded on a site to measure this info. Trying to simplify it as "like HTTP_ACCEPT" is incorrect.

Your site won't fall apart because some users like to retain some privacy, its been there for 5 months already. And again, as stated its an optional list which people can choose to have.

[pyalot]

No, you obviously do not understand why people use EasyPrivacy (recommended by EFF). They do not want to be data mined, regardless of intent. Going ad hominem on me is not going to change this reality.

I don't go ad hominem at you, I put it how it is. You just don't like that point of view. Now as to why the EFF would endorse a centrally controlled internet bitrot mechanism that's ineffective (as it doesn't even block google fonts, which pretty much track you) is beyond me, maybe take it up with them?

[pyalot]

Obviously running server side stats like awstats (apache/nginx logs) is accepted given there isn't a way to block it and its completely serverside. The user agent, screen size etc didn't leave the site, its not like a 3rd party script loaded on a site to measure this info. Trying to simplify it as "like HTTP_ACCEPT" is incorrect.

Your site won't fall apart because some users like to retain some privacy, its been there for 5 months already. And again, as stated its an optional list which people can choose to have.

If you write WebGL, then for instance, it's important to know what texture sizes you should not use, or use only with fallbacks to smaller sizes. For instance, everybody supports 2048 textures, 97% support 4069, but only 74% support 8192. This is fairly vital information to know. The only way to discover this information, is by writing a script, and sending this information back to your server. Then, plot this information, and make decisions about software architecture based on that data.

I simplified collection of this data, because it's hard for people to set this up, and, it's hard to get a representative sample base if all you have available is your own site.

As I have said, again and again, make a suggestion what I can do to make you happy, and I will listen. NOBODY has made any such suggestion. This means, that there is no way, to make you happy. And that, sir, is not my fault.

[gorhill]

As I have said, again and again, make a suggestion what I can do to make you happy, and I will listen. NOBODY has made any such suggestion. This means, that there is no way, to make you happy. And that, sir, is not my fault.

Create a visible widget (instead of an invisible iframe) which ask people to submit voluntarily their hardware profile to the webglstats database by clicking on it. This would direct people to your website where you can gather the data -- and show the results at the same time. That's the ethical way to do it: informed consent.

[pyalot]

Create a visible widget (instead of an invisible iframe) which ask people to submit voluntarily their hardware profile to the webglstats database by clicking on it. This would direct people to your website where you can gather the data -- and show the results at the same time. That's the ethical way to do it: informed consent.

I like the idea. I need to think about this some, perhaps A/B test it. One of the goals is breath of sample base in order to get reliable statistics, so comparing how often people click that widget and what the data difference is, would be important.

A nitpick on the suggestion, it's not related to what you do to me. You'd block me regardless, but thanks for the input.