Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

if the data transfer is done from the client (and i bet it is, as it's much harder to persuade people to run code on their servers) then ghostery and the like still work, because they block the transfer (since the code to do the transfer must be loaded from the weasel site - same origin policy).


Nah.

    +-------+       +----------------+       +------------+
    |Browser|<==A==>| Visited server |<==B==>| ID service |
    +-------+       +----------------+       +------------+
The client data acquisition is done through A (AJAX), then that info is sent through B (API call) to get the identity. The browser doesn't interact directly with the ID service.

The data acquisition scripts would be served directly by the web sites.


did you read the article? they explicitly say it's implemented in the browser with "tracking code".

you can certainly make something that is "ghostery proof", but (1) this isn't it and (2) it would be more complex to deploy and so gain less traction.


I read the article, and you didn't get my post.

It wasn't about this very company, but tracking in general, which can be implemented without serving code from a third party server.

If solutions like Ghostery become the norm, there are still workarounds, and they will catch up if nothing else works.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: