Is Stack Overflow allowing ads to use fingerprinting to track users?

I love how the onus is always on the end user to find and report the &quot;bad&quot; ads. How on earth did that insane status quo become acceptable and widespread? The user is expected to know how to unminify and read JS in order to figure out if they are being screwed or not? Seriously?<p>The first time I got served malware via web ad was in 1998. I started manually blocking ads by modifying my hosts file that day. Haven&#x27;t stopped blocking since.<p>It&#x27;s a broken model, stop forcing it down our throats and stop shrinking the definition of &quot;bad&quot; advertising.

tosdr.org (Terms of service; didn&#x27;t read) is a website that simplifies website&#x27;s Terms of Service and Privacy Policy to make it easier for people to read.<p>Stack Overflow is given the lowest rating (class E) in terms of user rights. (For reference, even Google has a class C rating.) Here are the worst points taken from SE&#x27;s privacy policy:<p>* This service allows tracking via third-party cookies for purposes including targeted advertising.<p>* You agree to defend, indemnify, and hold the service harmless in case of a claim related to your use of the service.<p>* This service forces users into binding arbitration in the case of disputes.<p>* Many third parties are involved in operating the service<p>* The service may use tracking pixels, web beacons, browser fingerprinting, and&#x2F;or device fingerprinting on users.<p>* Blocking cookies may limit your ability to use the service<p>* You waive your right to a class action lawsuit<p>* This service can share your personal information to third parties<p>* The court of law governing the terms is in a jurisdiction that is less friendly to user privacy protection.<p>* The service can sell or otherwise transfer your personal data as part of a bankruptcy proceeding or other type of financial transaction.<p>* The service uses your personal data to employ targeted third-party advertising<p>* This service retains rights to your content even after you stop using your account<p><a href="https:&#x2F;&#x2F;tosdr.org&#x2F;#stackoverflow" rel="nofollow">https:&#x2F;&#x2F;tosdr.org&#x2F;#stackoverflow</a>

But won&#x27;t somebody think of the poor businesses who&#x27;ll surely be driven to ruin if they can&#x27;t track my every step?<p>These people keep shitting in the well, and yelling at us for buying bottled water.

It is ironic that just after I read this item I opened Safari and discovered that the latest update (Safari 13.0) had removed all protection from trackers, malicious advertisers, and unwanted media that I had previously used. So without notice I would be exposing my computer to those hostile elements if I hadn&#x27;t noticed.<p>This is not what I want - Apple has done a bad thing.

I miss the days when you could simply buy an ad spot on a specific site for X days&#x2F;months (no targeting, except when choosing what site to buy ad space on, an no javascript, just regular banner ads).<p>Is there still a market for these kind of low-tech ad buys these days?

Remember when many of these businesses started out with a “don’t be evil” mindset? The incentives always end up chasing the money in the end...

Isn&#x27;t the definition of fingerprinting something to personally identify you? There&#x27;s only one person connected to every fingerprint, and it&#x27;s there to identify you across websites. That&#x27;s what PII means to me. How can stack exchange say fingerprinting isn&#x27;t collecting PII? I wonder what they <i>would</i> call PII.

Hmm... this appears to be an intentional and conscious decision on the part of SO. I guess that means I&#x27;m done with SO.

It seems like our browsers need a sandbox mechanism for 3rd party js to restrict a) dom access b) ajax<p>Of course, I use uMatrix for that at the moment, but it&#x27;d been better if we, as users, can tell what sites are <i>actually</i> interested in providing privacy, by hobbling advertising antics from the get go.

Am I the only one who doesn’t care about this kind of tracking stuff? Like I really don’t care, is there some reason why I should? I feel like the worst thing that can happen is I get shown more relevant ads. If I use Adblock then it’s irrelevant, but if I don’t then what’s wrong with having targeted ads? A court has already ruled an IP address is not a person, they don’t really know it’s me, it’s just a construct they created that they think is me.

I think devices need better security. Anything that JavaScript can access should be set to default values where they all equal null. Only once a user allows a certain website to access certain data will that data become available to that website. If every browser did this along with the apis for cellphones then users can finally regain control of what is collected.

It takes relatively little rep to get the &quot;opt out of ads&quot; privilege on SO.<p>It would be great to have an &quot;opt out of ads for $nn&#x2F;no&quot; option, like Google Contributor. The amount to pay could look uncomfortable, though.

Most adtech is RTB (real-time bidding) where ad slots are auctioned off and filled as you load the page. SO (and publishers) have no real control over the ad payload that comes back. There has been progress to use sandboxed iframes but there&#x27;s still JS running inside those placements.<p>The JS won&#x27;t be going away, it&#x27;s part of a long supply chain of data, verification, viewability, anti-fraud and other layers baked in. For those saying publishers should do 1st party ads, that would lose them most of their income due to operational and sales overhead and doesn&#x27;t really prevent everything anyway because they still have to accept the ads advertisers want to run, including the JS from vendors.<p>However the situation is slowly improving. Adtech has weathered through adblocking, native ads, anti-tracking tech but has failed to police itself because of a lack of consequences. Now there&#x27;s finally regulatory pressure with GDPR, CCPA, and more that will finally force a change from the outside. I expect many of these issues to be greatly reduced within the next 1-3 years.

How does this work technically ?<p>Usually when you submit an ad to a network, you dont get to use your own js or even remote images.<p>Is it the ad network and not the advertiser doing this ?

Cynical pov: if you don&#x27;t use an ad blocker, you know you are exposing yourself to this. Why get upset at all?

Bad conclusion. Web browsers are written to be fingerprintable. They are deliberately anti-user. Expecting web pages to &quot;just not&quot; is pointless. The solution is to fix the browser.