JSFoo 2019

The battle between browsers and trackers has been raging for a few years now. As a web developer, I’m all for privacy of users, the prospect of consent, and protecting the data of users and not sharing it with unauthorised third parties. But also I’ve had experience working for the other side. As a JavaScript developer who has developed and worked on solutions to circumvent anti-privacy rules implemented by browsers, I couldn’t help but feel like a spy in this big battle of privacy. It’s a cat-and-mouse game, where browser vendors and trackers step up their game in each iteration.

Outline

The battle between browsers and trackers has been raging on for several years now. As a web developer, I’m all for privacy of users, the prospect of consent, and protecting the data of users and not sharing it with unauthorised third parties. But also I’ve had experience of working for the other side. As a JavaScript developer who has developed and worked on solutions to circumvent anti-tracking rules implemented by browsers, I couldn’t help but feel like a spy in this big battle of privacy. It’s a cat-and-a-mouse game, where browser vendors and trackers step up their game in each iteration.

In this talk, we discuss what goes behind the scenes when you click that little checkbox that says “I agree to the terms and conditions” of using a website. GDPR laws and active measures taken by browsers have made things a little better, but we still have a long way to go. I will talk about how you are being watched on the Internet, how every little mouse movement and every little keystroke is tracked, and where all that information goes, other than your target website. Clear your cookies, clear your cache, use private browsing — do whatever you want — they still know who you are. If they don’t, they will lock you behind a paywall.

Finally I will conclude with a few tips and tricks of keeping yourself and your data safe, especially the data is sensitive to you, like credit card numbers and passwords. And some other things like opting out of tracking, using browser plugins to block ads and trackers, fighting spam, identifying phishing attacks and using multi-factor authentication. This battle is far from over, and will rage on for years. But, for now, if some of us folks can “opt out” of it, let us do that.

Speaker bio

Himanshu is currently a Senior Frontend Engineer at GitLab Inc. He has been writing JavaScript since it was popularly known as DHTML and had an alternative language VBScript to code in. He has written server-side JavaScript with classic ASP, Windows Scripting Host (WSH), HTML Applications (HTA), and more recently in the browsers for large-scale applications and on the backend using Node.js.

In his spare time, he likes to create video games. He created Sheeping Around — a multiplayer card game about grazing and stealing sheep. He also likes to do illustration and travel to places.

Links

• First concerns regarding cookies in 1996: https://www.nytimes.com/2001/09/04/business/giving-web-a-memory-cost-its-users-privacy.html
• NYT calls cookies “surveillance files”: https://www.nytimes.com/1999/04/06/opinion/privacy-isn-t-dead-yet.html
• New methods to detect incognito mode: https://bleepingcomputer.com/news/google/google-chrome-incognito-mode-can-still-be-detected-by-these-methods/
• Bypassing Incognito mode in Chrome 74+: https://mishravikas.com/articles/2019-07/bypassing-anti-incognito-detection-google-chrome.html
• Fingerprinting Demo: https://panopticlick.eff.org/
• Canvas Fingerprint Demo: https://browserleaks.com/canvas
• Don’t share your email if you don’t have to: http://tenminuteemail.com
• Use privacy-friendly search engines: https://itsfoss.com/privacy-search-engines/
• Hide your real online behaviour in a mess of fake behaviour: http://trackmenot.io/
• Create noise in your ad tracking: https://adnauseam.io/

Slides

https://docs.google.com/presentation/d/1OvJ6CMO1f8ft3MsvNc2dZ8_TJZfVo-x2UVN_FHTdfOg/edit?usp=sharing