Saturday, December 16, 2017

Stop Tracking Cookies using a whack-a-mole

Block advertising cookies, and email tracking 1-pixel graphics using this technique.  This is an admittedly a whack-a-mole solution, but it works for all software installed on your PC.


While surfing, websites drop tracking cookies (tracking files) on your computer and these can track where you have been and what advertisements you should receive.  These can also be used to raise prices on car rentals, hotels and air fares.


Not all cookies are bad.  Some keep you logged-in as you move from, say, one Google product to another (Gmail, Youtube, etc.).  And others, such as your bank, use them to help control the current banking session.  But a majority benefit only advertisers -- and not you.

This article discusses how you can control and tame them.

These instructions are for Windows 10 but will work with all versions of Windows.

A lot of the sites I visit now feature this graphic -- and I am happy to see this:



In other words, I have successfully blocked doubleCli.net from even knowing I am browsing that page.  This is neat, but a bit geeky.

New: 2017.12 - You can also use this technique to block the most common email-tracking techniques.  I have added a list of the 30 most popular email-trackers to the Host file below.



An Interesting Test - Try this:

To give you an idea about how they are being used:  Try booking a fictitious airline flight on any site, such as Delta, or Expedia.  Note the cost.  Go to another site and search that same flight's date/time, then return to the original site and look again.  You will find the cost is $15 to $20 higher.  They are trying to scare you into the purchase.  Clear your browser's cache and cookies, and reboot your router (to get a new external IP address), and search again.  The price will have dropped back down. 


This is technical article, and if you follow all the steps, it is a whack-a-mole problem, 
where you have to do some chasing.  But it is relatively easy to do, 
a bit fun, and geeky.  This is low-risk because everything can be un-done. 


1. Start Here - Drop Third-Party Cookies

All computer users, using any browser, should do this step, even if you do not follow the rest of this article.

Make your browser erase third-party cookies when the session ends.  This allows any site to create cookies as it-sees-fit, but then, when you are done, they are all erased.  This is recommended.

The settings are:  "Always accept third-party cookies" -- but set them to "Keep until you close".


Steps vary, depending on the browser. To avoid cluttering this article, see this keyliner article for Firefox, Chrome, IE, and Edge:

Keyliner link: Disable third-party Cookies.

Again, do these steps, even if you don't do the remaining steps in this article. 


2.  Research Ad Domains


Using your favorite browser, browse all the sites you like to visit.  For example, Yahoo.com, MSN.com, Time.com, Food.com etc..  Spend a few minutes browsing around.  Open an article here-and-there.  Just poke-around, loading-up your cookie inventory.

Using your browser's Options or Settings menu (see steps above), look at the cookies gathered.  You will find these in the browser's Options, "Privacy" area. 

For example, Firefox, select the hamburger-menu (tools, options), Privacy, "Show Cookies"

click for larger view

In the cookie list, look for cookies that might be advertisements and write them down in a notepad file.  For example, I found these obvious candidates after surfing MSN and Yahoo (see end of this article for a complete listing):

taboola.com
gravity.com
scorecardresearch.com
icanbuy.com
go.com
quantserve.com
babator.com
optimizely.com
dynamicyield.com
keywee.co              #Note the .co, not .com
ru4.com
imrworldwide.com
doubleclick.net
doubleclick.com
123banners.com
adforce.com
imgis.com
advertising.com
teknosurf.com
appnet.com
avenuea.com
bluestreak.com
burstmedia.com
burstnet.com
engage.com
extreme-dm.com
l90.com
stats.net
valueclick.com
websidestory.com
fastclick.net

Ignore those that belong to the site you are surfing, such as MSN.com or Yahoo.com; these are undoubtedly needed for the site to work properly.  Ignore those cookies on sites you like to do business with, such as Amazon, twitter, your bank, etc.  For duplicates, such as "cdn.taboola.com", and "taboola.com", combine into their domain name, "taboola.com".  The list is not order dependent.


3.  Install and Run the Acrylic DNS Service

This gets geeky, but the steps are easy.  Your Internet Service Provider provides Domain Name Services when your computer connects to the Internet.  The DNS resolves names, such as "msn.com" to its real internet ipaddress, e.g. 23.101.196.141.

This next series of steps installs a new DNS service on your computer.  This intercepts DNS requests at your machine and gives you a chance to insert your own values.  Sounds complicated, but it is not. 

As a technical aside, for those who know this trick, the Windows etc Hosts. file does not work well in this situation because etc-Hosts does not allow "wild-card" domain names.  Because of this, this article replaces the Windows DNS and etc.hosts with a new product.  There are many to choose, I am using "AcrylicDNS".  As a benefit, Acrylic points to Google's Domain Name Controllers.

A.  Locate the Acrylic Download

Google this search term, "Acrylic DNS", locating their home page.

or click this link, as of 2017.06:
http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome

(Note: This is now a SourceForge link.  When arriving at the download page, ignore the registration screen.)

-Select Download Setup for Windows
-Download and save "Acrylic.exe" to your downloads folder
-Open the folder (open containing folder)
-Launch "Acrylic.exe" and install, accepting all defaults

The install will not create a desktop icon or tile in your Start Menu -- there is no need because this is a background program.

B.  Configure your Network Adapter

Once installed, follow the steps on the Acrylic home page for configuration.  In the home page, scroll past the release notes and find the "How to install Acrylic" instructions.  They have well-documented steps for Windows 7 and Windows 10 -- click the link for your operating system.

In summary,
Open the "Network and Sharing Center" Control Panel
Click "Change Adapter Settings"
On your adapter(s) - see illustration directly below

Change IPv4's "Use the following DNS server addresses: "  to 127.0.0.1
Change IPv6's "DNS Server Address" to ::1  (colon-colon-one)

and

where "127.0.0.1" indicates your local PC (do not use your PC's local IP Address, you must use 127.0.0.1  (or ::1 for ipv6).

Do this for each active network adapter. 
Desktops typically only have one.  Laptops may have two, typically called 'Ethernet' and 'WiFi.'  Do not set this for your bluetooth adapter, if present.  If needed, see Acrylic's site for more detailed, and illustrated instructions.


C.  Run the Service

From the Windows 10 Start Menu (tile menu), type "Services.msc"

-In the Services list, Acrylic is probably the first on the list
-Click the service once to highlight
-Other-mouse-click the service name, choose "Start" (or Restart)
-Close the services window



Note: This starts the new DNS server.  There is no indication the program is starting; it runs in the background as a "service."

You are almost done.



4.  Edit the Hosts File

A.  Return to the Windows Start Menu (tiles menu). 

B.  Again, search for "Acrylic" in the search area

C.  Click  "Edit Acrylic Hosts File" 
(or alternately, from Notepad, File Open, "C:\Program Files (x86)\Acrylic DNS\AcrylicHosts.txt"  (your path may be different))


E.  In the opened Notepad document ("AcrylicHosts.txt"),

Scroll to the bottom
Paste all the domain names recorded from your research steps.
Add a "127.0.0.1"  and a carrot ">" to the front of each domain, one domain name per line.

For example:
taboola.com becomes

127.0.0.1         >taboola.com

See file illustration, below, where carrots are greater-than-symbols

where:
127.0.0.1   - redirects all traffic for this domain to your local PC, bypassing the net.  The traffic will not be able to resolve and it will simply die, with nowhere to go.  The advertising cookie or advertisement will not appear in the browser.  This was your goal!

The carrot (greater-than-symbol) >taboola.com  - acts as a wild-card, saying all addresses ending in this domain.  Acrylic supports wild-cards whereas the Windows etc.Hosts. file does not.  This is why you installed Acrylic.

Use spaces after the 127.0.0.1 to make a cosmetically pleasing look to the file.  Make them as wide as you want, but use at least 3 spaces. 

My AcrylicHost.txt file looks like this:

Click for larger view
F.  Save and close the file.

Below, is a copy-and-paste version of my blocked domains.  You are welcome to copy.  


Restart the Service

With every saved-edit in the AcrylicHost.txt file, you must manually restart the services (or reboot) for the changes to take effect. 

A.  Start, Run (or Windows-R), type "Services.msc"

-In the Services window, locate the Acrylic DNS Service.
-Highlight Acrylic
-Restart the Service, as illustrated 



Testing

In your browser's Privacy area, clear all cookies.  Re-browse MSN, etc., and then re-examine the stored cookies.  None from the hosts file will be there.  You have blocked them.  They cannot track you.

Effects

You can be aggressive with the hosts file, adding hundreds of entries.  If you block domains that drop cookies, they will quietly and unobtrusively fail and you will never even know the attempt was made. 

If you block a domain that is presenting an advertisement or banner ad, the ad will not appear on the page and instead it may display a red-X or a short text saying "server cannot be reached".  In effect, this is similar to ad-blocking.  This can make some pages look strange -- but no ads from that domain!

Be careful about blocking all domains.  You usually cannot block domains/cookies that drive the site itself (eg. MSN.com, Yahoo.com).  If you block >Facebook.com (go ahead and try this; remember to restart the service), you will not be able to open any pages on Facebook.  This is an effective way to block sites.

Changes to the host file affect all browsers simultaneously.  No additional work is required.

By default, Acrylic uses Google's DNS servers for all name resolutions, bypassing your ISP's domain services.  Google is a trustworthy source for DNS and I like the idea of this change.  By using Google for your DNS, your ISP will have a harder time slipping-in their own advertisements into your data-streams.


Un-Installing

For documentation, use these steps to undo everything and return to a standard Windows setup:

1.  Open the Network and Sharing Center control panel:

2. Select "Change Adapter Settings"
3. Select your Ethernet Adapter, Properties
4.  Select "Internet Protocol Version 4 (TCP/IPv4)
     Properties
5.  Change from "Use the following DNS Server Addresses" to
     (*) Obtain DNS Server Address Automatically
6.  Select "Internet Protocol Version 6 (TCP/IPv6)
     (*) Obtain DNS Server Address Automatically
7.  In Control Panel, Programs and Features, Un-install Acrylic DNS.
8.  Reboot



Here is my current AcrylicHosts.txt file.   Now includes email tracking pixel vendors!  When pasting, you may need to change all ampersand-GT's to >
 
I will change this often.  Last Edited 2017.12.15.

#############################################################################
#                   #
# IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS #
# PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.        #
#                   #
# This is the AcrylicHosts.txt file.          #
#                   #
# It contains predefined mappings between domain names and addresses the #
# same way the native Windows HOSTS file does but with a few upgrades.  #
#                   #
# The format is: IPADDRESS DOMAINNAME1 [DOMAINNAME2] [DOMAINNAME3] ...  #
#                   #
# Where IPADDRESS is in dotted-quad notation for IPv4 or in colon-separated #
# groups for IPv6 and DOMAINNAME1, DOMAINNAME2 and DOMAINNAME3 are strings. #
#                   #
# Domain names can contain wildcard characters '*' (matches zero or more #
# characters) and '?' (matches exactly one character):      #
#                   #
# 127.0.0.1 ad.* ads.*              #
#                   #
# Domain names can be regular expressions if starting with a '/' character: #
#                   #
# 127.0.0.1 /^ads?\..*$              #
#                   #
# Note that there's no final '/' at the end of a regular expression. More #
# info about the regular expression engine and its syntax can be found at: #
#                   #
# http://www.pcre.org/              #
#                   #
# A '>' character at the beginning of a domain name is a convenient #
# shortcut for representing all domain names ending with what follows after #
# that character. For example an entry like this one:      #
#                   #
# 127.0.0.1 >google.com              #
#                   #
# Is equivalent (and internally is expanded to) an entry like this one:  #
#                   #
# 127.0.0.1 google.com *.google.com           #
#                   #
# When using wildcard characters or regular expressions you can specify #
# exceptions like these for example to filter out all ads.* like domain #
# names except for the ads.test1 and the ads.test2:       #
#                   #
# 127.0.0.1 ads.* -ads.test1 -ads.test2          #
#                   #
# For easier maintenance of HOSTS files coming from multiple sources it is #
# also possible to "include" external HOSTS files using the following #
# syntax (the line must start with a '@' character followed by a space and #
# then by a relative or an absolute file name):        #
#                   #
# @ AcrylicHostsGroup1.txt             #
# @ AcrylicHostsGroup2.txt             #
#                   #
# A line starting with the '#' character (and everything after it if it's #
# found within a line) is considered a comment and therefore ignored.  #
#                   #
# Note: If all domain names are provided in ascending order Acrylic will be #
# able to load them much faster (avoiding a costly sort at the end of the #
# load and parse process).             #
#                   #
#############################################################################
# Restart Acrylic services with any change

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain

127.0.0.1    >123banners.com
127.0.0.1    >l90.com
127.0.0.1    >adforce.com
127.0.0.1    >advertising.com
127.0.0.1    >agkn.com
127.0.0.1    >appnet.com
127.0.0.1    >avenuea.com
127.0.0.1    >babator.com
127.0.0.1    >bananatag.com   #email tracking
127.0.0.1    >bluekai.com
127.0.0.1    >bluestreak.com
127.0.0.1    >burstmedia.com
127.0.0.1    >burstnet.com
127.0.0.1    >cirrusinsight.com  #email tracking
127.0.0.1    >clearslide.com    #email tracking
127.0.0.1    >clipix.com
127.0.0.1    >contactmonkey.com  #email tracking
127.0.0.1    >demdex.net
127.0.0.1    >deskun.com      #email tracking
127.0.0.1    >didtheyreadit.com  #email tracking
127.0.0.1    >doubleclick.com
127.0.0.1    >doubleclick.net
127.0.0.1    >dynamicyield.com
127.0.0.1    >engage.com
127.0.0.1    >exelator.com
127.0.0.1    >extreme-dm.com
127.0.0.1    >fastclick.net
127.0.0.1    >filepicker.io
127.0.0.1    >g2crowd.com      #email tracking iko system also velocify
127.0.0.1    >getnotify.com     #email tracking
127.0.0.1    >gigya.com
127.0.0.1    >gmelius.com      #email tracking
127.0.0.1    >gobankingrates.com
127.0.0.1    >go.com
127.0.0.1    >gravity.com
127.0.0.1    >hubspot.com      #email tracking
127.0.0.1    >icanbuy.com
127.0.0.1    >imgis.com
127.0.0.1    >imrworldwide.com
127.0.0.1    >intelliverse.com    #email tracking
127.0.0.1    >keywee.co       #Note the .co, not .com
172.0.0.1    >livehive.com      #email tracking
127.0.0.1    >mail-track.com     #email tracking
127.0.0.1    >minute.ly
127.0.0.1    >newtonmail.com     #email tracking
127.0.0.1    >nr-data.net
127.0.0.1    >optimizely.com
127.0.0.1    >outbrain.com
127.0.0.1    >outreach.com      #email tracking
127.0.0.1    >pagefair.com
127.0.0.1    >pixelsite.info     #email tracking
127.0.0.1    >pubexchange.com
127.0.0.1    >quantserve.com
127.0.0.1    >remail.com       #email tracking
127.0.0.1    >remail.io       #email tracking
127.0.0.1    >rlcdn.com
127.0.0.1    >rocketbolt.com     #email tracking
127.0.0.1    >ru4.com
127.0.0.1    >salesloft.com      #email tracking
127.0.0.1    >sidekick.com      #email tracking, now hubspot
127.0.0.1    >saleshandy.com     #email tracking
127.0.0.1    >scorecardresearch.com
127.0.0.1    >stats.net
127.0.0.1    >streak.comp
127.0.0.1    >sync.optimatic.com
127.0.0.1    >taboola.com
127.0.0.1    >teknosurf.com
127.0.0.1    >tinypass.com
127.0.0.1    >toutapp.com      #email tracking
127.0.0.1    >tru.am
127.0.0.1    >valueclick.com
127.0.0.1    >velocify.com      #email tracking Velocity Pulse
127.0.0.1    >voicefive.com
127.0.0.1    >websidestory.com
127.0.0.1    >w55c.net
127.0.0.1    >yesware.com      #email tracking



# or copy details from here.   Restart Acrylic services with any change

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain

127.0.0.1       >123banners.com
127.0.0.1       >l90.com
127.0.0.1       >adforce.com
127.0.0.1       >advertising.com
127.0.0.1       >agkn.com
127.0.0.1       >appnet.com
127.0.0.1       >avenuea.com
127.0.0.1       >babator.com
127.0.0.1       >bananatag.com      #email tracking
127.0.0.1       >bluekai.com
127.0.0.1       >bluestreak.com
127.0.0.1       >burstmedia.com
127.0.0.1       >burstnet.com
127.0.0.1       >cirrusinsight.com    #email tracking
127.0.0.1       >clearslide.com       #email tracking
127.0.0.1       >clipix.com
127.0.0.1       >contactmonkey.com    #email tracking
127.0.0.1       >demdex.net
127.0.0.1       >deskun.com           #email tracking
127.0.0.1       >didtheyreadit.com    #email tracking
127.0.0.1       >doubleclick.com
127.0.0.1       >doubleclick.net
127.0.0.1       >dynamicyield.com
127.0.0.1       >engage.com
127.0.0.1       >exelator.com
127.0.0.1       >extreme-dm.com
127.0.0.1       >fastclick.net
127.0.0.1       >filepicker.io
127.0.0.1       >g2crowd.com            #email tracking iko system also velocify
127.0.0.1       >getnotify.com          #email tracking
127.0.0.1       >gigya.com
127.0.0.1       >gmelius.com            #email tracking
127.0.0.1       >gobankingrates.com
127.0.0.1       >go.com
127.0.0.1       >gravity.com
127.0.0.1       >hubspot.com            #email tracking
127.0.0.1       >icanbuy.com
127.0.0.1       >imgis.com
127.0.0.1       >imrworldwide.com
127.0.0.1       >intelliverse.com       #email tracking
127.0.0.1       >keywee.co              #Note the .co, not .com
172.0.0.1       >livehive.com           #email tracking
127.0.0.1       >mail-track.com         #email tracking
127.0.0.1       >minute.ly
127.0.0.1       >newtonmail.com         #email tracking
127.0.0.1       >nr-data.net
127.0.0.1       >optimizely.com
127.0.0.1       >outbrain.com
127.0.0.1       >outreach.com           #email tracking
127.0.0.1       >pagefair.com
127.0.0.1       >pixelsite.info         #email tracking
127.0.0.1       >pubexchange.com
127.0.0.1       >quantserve.com
127.0.0.1       >remail.com             #email tracking
127.0.0.1       >remail.io              #email tracking
127.0.0.1       >rlcdn.com
127.0.0.1       >rocketbolt.com         #email tracking
127.0.0.1       >ru4.com
127.0.0.1       >salesloft.com           #email tracking
127.0.0.1       >sidekick.com            #email tracking, now hubspot
127.0.0.1       >saleshandy.com          #email tracking
127.0.0.1       >scorecardresearch.com
127.0.0.1       >stats.net
127.0.0.1       >streak.comp
127.0.0.1       >sync.optimatic.com
127.0.0.1       >taboola.com
127.0.0.1       >teknosurf.com
127.0.0.1       >tinypass.com
127.0.0.1       >toutapp.com            #email tracking
127.0.0.1       >tru.am
127.0.0.1       >valueclick.com
127.0.0.1       >velocify.com           #email tracking Velocity Pulse
127.0.0.1       >voicefive.com
127.0.0.1       >websidestory.com
127.0.0.1       >w55c.net
127.0.0.1       >yesware.com            #email tracking