This simple whack-a-mole game can tell what sites you've visited, even if you use uBlock with all lists, uMatrix with the recommended settings, and block third-party cookies:
gorshill's extensions are placebo.
UBlock and uMatrix are USELESS for privacy
Chase Stewart
Other urls found in this thread:
cnn.com
news.ycombinator.com
reddit.com
amazon.com
twitter.com
donaldjtrump.com
farmersonly.com
diapers.com
duckduckgo.com
developer.mozilla.org
stackoverflow.com
myredditvideos.com
twitter.com
Joseph Morales
it's pretty smart really, it creates a bunch of links to common websites and checks the colour of the text. most browsers change the colour of visited links, so it can tell which ones you've been on. also noscript has an option to disable visited link colours.
Joseph Roberts
>implying ad blockers are supposed to be privacy tools
>implying blocking ads doesn't help with privacy anyway
>implying cookie-less tracking is anything new
OP is a fag
Ian Price
All done!
Websites you visited:
(None - are you in incognito?)
Not visited:
cnn.com
news.ycombinator.com
reddit.com
amazon.com
twitter.com
donaldjtrump.com
farmersonly.com
diapers.com
And I don't even have noScript/uMatrix/whatever installed, lel.
Leo Cox
Wow. Indeed pretty smart.
FUCKING HELL. WHY CANT I EVER COME UP WITH SUCH NEW IDEAS?
PLS KILL ME FĂ€M.
Luis Young
be more smarterer.
Logan James
The point is that, had you visited those pages, whack-a-mole would be able to tell it.
Nothing prevents any other website to make a much larger list of websites and track your browsing habits down. Facebook can know that you visit Sup Forums, for example.
Ethan Sanders
Wait a second, with the "webzones you attended to: none!" part I thought it'd extract my traffic history or something. Why are you saying it only checks for me ever looking up www.diapers.com and such and not everything?
You trying to trick me.
Juan Brown
>placebo
I asked for ads to be blocked, that's what I received. There is no placebo going on
Kayden Garcia
check my explanation, that's exactly what it does.
Ian Gonzalez
This litterally has nothing to do with uBlock and uMatrix. They do what they are supposed to do just fine.
If you want to stop this kind of attack you need to disable :visited links in your browser, either through the config or a plugin.
What would be good though, is a plugin that turns it off by default, but then lets you whitelist certain websites you trust where seeing visited links is actually useful, or a way of doing it so the website cant find out anything, but you still see it on your browser.
Connor Anderson
Website doesn't even work properly.
Mason Taylor
?
Austin Long
again, check literally the first reply in this thread. the site only checks against that tiny list as a showcase, you'd need a gigantic list for it to be worthwhile.
Levi Perez
>The point is that, had you visited those pages, whack-a-mole would be able to tell it.
No. Due to privacy technologies, the only one who can tell that you visited those websites is YOU by seeing them there. The site itself CANNOT collect this data or make use of it in other ways.
Xavier Evans
but you could just use some basic javascript to see if the the link is :visited, what privacy technologies are you talking about?
Hunter Robinson
uBlock blocks known ads, and uMatrix controls requests according to source, destination and type.
Apparently you allowed that website to execute javascript code in uMatrix, else it doesn't work.
Come back if it works despite JS not being allowed in uMatrix.
Aaron Parker
So where's this addon?
Ryan Roberts
So OP
I know FULL well I have never been ANY of this site using this browser
Never been to CNN ever
Never been to farmersonly
Never been to ycombinator
I have visited twitter
And I may have visited Amazon
0/10 SHIT troll
Wyatt Reyes
> 0/10 SHIT troll
Nah, just a tech demo.
Go to one of the sites it hasn't picked up yet and see if it picks it up then.
Joseph Fisher
This one is really old, i think i've seen one which worked basiclally the same 5 years ago or so.
Also isn't this clickjacking?
Tyler Walker
>just a tech demo.
Nah, just a very poor effort to advertise uBlock as "placebo" so people may remove their adblockers.
Didn't convince anyone though
Julian Bennett
lmao
this is literally broken
Connor Clark
> Also isn't this clickjacking?
No. You could have looked up that term yourself, but it's not that.
It's just javascript.
Jeremiah Lewis
layout.css.visited_links_enabled = false
Cooper Allen
Literally have some of these open in other tabs.
Cameron Ross
So i reloaded the page and clicked again
Alexander Rogers
Sooo, I went straight to cnn.com and then reloaded the page:
All done!
Websites you visited:
news.ycombinator.com
amazon.com
farmersonly.com
Not visited:
cnn.com
reddit.com
twitter.com
donaldjtrump.com
diapers.com
Bentley Ross
Maybe your browser or a plugin prevents this technique?
Aaron Butler
/thread
OP at least you tried
Mason Morales
I'm using a plugin called No History, probably that.
Bentley Williams
How the fuck can anyone actually believe uBlock is placebo when you simply install it and it literally blocks ads?
Jack Cruz
Daniel Barnes
What about if you use a separate browser for Facebook? I use Chrome for normie stuff and Firefox for Sup Forums and porn. Does this help or no?
Landon Lewis
It doesn't work for me
Josiah Johnson
wrong image
I'm not in incognito
I probably have some kind of privacy setting enabled that breaks it
Christopher Hill
Prettymuch what this does is change
>layout.css.visited_links_enabled
in about:config
to false
Christopher Harris
This has been known for ages, but I thought it was already fixed.
developer.mozilla.org
Bentley Nelson
...
Ethan Allen
It just randomly shows visited and not visited sites. Confirmed fake and gay.
Michael Cooper
What do I do with my browser to stop this?
Camden King
I'm Probably somewhere in here
Christian Flores
Apparently firefox prevents it by default.
Kayden Wright
>It thinks I am incognito
>It thinks I did not visit leddit today
>It thinks I want to visit diapers.com
topkek
Benjamin Cox
about:config
layout.css.visited_links_enabled = false
restart
Gavin Miller
That won't work if you have your browser set to not remember these things, like not keeping history or private browsing.
Andrew Brown
Or if your browser lies, like firefox does.
Austin Myers
Is that all?
Jackson Edwards
hahahahahahahahahaha
fucking hell, it's not accurate at all
Benjamin Sanchez
>press the mole once
>you've visted ycomb,diapers, and cnn!
>close tab and then reopen and test whack a mole
>Are you in incognito?!
what a wonderful tool that doesnt work.
Ryan Morgan
...
Charles Bell
Nothing to do with ad blockers, Just turn off layout.css.visited_links_enabled.
Landon Turner
I don't use uBlock for privacy, I use it to keep my screen unmolested by cancerous video/audio ads and their worst possible placement.
The only thing I really wish I could get rid of is when you're on a website and it brings up a pop-up and the background gets all dark and you're not allowed to get out of it unless you either pay them money or sign up "for free" where they can then steal your info and sell it, and then you have to inspect element and remove it all, only for it to appear again when you go to another page on the site.
Joshua Martinez
I did visit at least two of those and it still says it's got nothing on me.
Austin Butler
You can't do that.
stackoverflow.com
>Correct, it is not possible for javascript to detect if a link is visited in either Firefox or Chrome -- which are the only 2 browsers applicable in this Greasemonkey context.
>
>That is because Firefox and Chrome take security and privacy seriously. [...]
The way it works is simple. The site has loads of those moles. One for every possible combination of sites visited. Only the one applicable to you will be visible. Just click on some black spots on that site and you'll see.
Aaron Young
Why would anyone use uBlock instead of uBlock Origin?
Evan Young
>(None)
Joke on you.
Nolan Collins
Reminder that NoScript is effective solution to this faggotory
Nathan Taylor
It's not an issue. You're tricked into thinking that this can be used to track the sites you visited, but it cannot.
developer.mozilla.org
Brandon Gutierrez
Fucking shill pls go.
Just because something isn't 100% foolproof solution doesn't mean it's useless.
You're still a million times better off with uMatrix than without. You simply need even more tweaks and extensions…
Caleb Martin
The thing in the OP doesn't even work in recent versions of firefox and chrome. Google and Mozilla both decided that the functionality to view css styling rules for links wasn't worth keeping around for privacy reasons so they effectively disabled it. The functionality will always return the same value as if the link wasn't visited even if the link is a different color.
Luis Fisher
ofc it does, it's pretty good actually
you can also do completely seperate installs of the same browser, or simply tell your browser to not track this kind of stuff.
Blake Perry
I always recommend umatrix to people who get turned off by how ugly and poorly designed noscript is. Simple, it works, design conveys how it works, and voila now more people are browsing the web without a bunch of needless shit bogging down their experience.
Jason Sanders
>or a way of doing it so the website cant find out anything, but you still see it on your browser.
when this was originally discovered the guy sort of made a captcha that made unvisited links invisible to the user
Owen Rivera
this, no need to install plugins for such a small change
Ian Jones
use ublocks block element?
Gabriel Williams
But that disables them globally, which is inconvenient. Is there an addon that lets you whitelist a bunch of domains?
Ryder Carter
There's another failing to it though. You actually have to click links to those exact URLs.
If you get linked to a news story on cnn.com that URL won't change color.
Henry Campbell
Websites you visited:
(None - are you in incognito?)
Xavier Gonzalez
>most browsers change the colour of visited links
that's only if you're a faggot and don't have bowser history turned off.
Logan Nguyen
I have ADHD so browsing history helps me remember what the fuck I was doing when I go off a tangent.
Easton Diaz
Wow super smart
Cooper Hughes
>gorshill's extensions are placebo.
idk about the others but uBlock is indeed placebo
Grayson Brown
Fuck! Meant to reply to Better take my meds.
Carter Stewart
So this website is useless if you stay in incognito or private browsing at all times?
Aiden Brooks
this
Zachary Gonzalez
Some sites are using the smaller distance between text after ads were blocked to show you an anti-adblock message.
Hunter King
OP is a retard, and uMatrix is a wonderful add-on.
I'd say it's single-handedly the most important add-on I use. Being able to see and block JS, cookies, frames, XHR, even CSS to avoid shitty Google fonts with such a simple interface is just great. Plus it also takes care of user-agent and referer spoofing and lets you toggle strict HTTPS with a quick switch.
And I'm not saying this because I'm a shill, but because I'm thankful to gorhill for creating a simple and extensive security+privacy add-on. 100% recommended to anyone, though be aware that it takes some manual tuning to fit your needs at first, but once you've created rulesets for the sites you often visit to work well, you'll barely have to touch it.
Jackson Watson
There is a Firefox about:config option that disables access to the page status. That is you prevent the site of knowing the alteration of visited links which is what is being tracked as pointed.
Joshua Ramirez
This isn't like it's possible to resend the information back to a server(unless you click one of the moles, which is a very unusual case in an actual website). What it does is it makes some moles invisible using CSS :visited, and one mole visible(which will have preset text that corresponds to a visited/unvisited site list). Essentially useless. And no, you can't use JS to detect which links are :visited and which links are not.