Curse LLC - more than 280 firms have access to data on our pcs while visiting CFC

[Civinator]

Since the new rules the EU just approved about the protection of personal data for CFC members in the EU, an information window is popping up, informing the CFC member, that this site is using an ad delivery service provided by a firm with the nice name 'Curse' (!). It seems CFC members outside the EU don´t receive any information what really happens at CFC. As in another thread in this forum about the 'Curse banner' screenshots were demanded, I will add screenshots to this post.

In the first information window you get the following information:



If you here simply click on 'Got it, thanks', you will never have any glimpse what really happens at CFC by Curse LLC and more than 280 other firms, which seem to have access to the data in your pc while visiting CFC.

If you click on 'Learn more', the following information window is popping up:



Now comes the first big question for me:

Is setting all the options in that window to 'Inaktiv' really completely eliminating all activities of Curse and the other more than 280 firms on my pc while visiting CFC?

Here I have some doubts, because when clicking on 'Learn more & Set Preferences' in that information window, the following information boxes are popping up:



It seems 'toggling out' is not working well for eliminating the access and storing of information on the user´s pc, as in this window (if you have ever clicked on it) there is the information, that for 'opting out' of the activities of many firms you have to visit other sites on the internet and to do further steps for (hopefully) exluding these firms from your pc. This concerns more than 80 of the more than 280 firms that have access to the user´s pc while visiting CFC (if I counted well 88 firms). Screenshots with the lists of these firms and the requirement of visiting the internet at other sites 'to opt out' will come later in this post.

Another unsolved question is, what must be done, if Curse adds new firms to have access to the pc to opt them out. Must each member now watch Curse every day to see, if they have added a new firm and than again have to opt these firms manually out?



Here especially the very global clause, that Curse and the other more than 280 firms can gather any information about the user´s activity on that device (showing that this permission is considered globally by using the formulation 'including web pages and mobile apps visited or used'), is triggering sorrows, as this sounds like a license for completely outspying the user´s pc (not only the browser´s data) -and this is not acceptable.

By klicking in the information box shown in screenshot 2 also the following information boxes are popping up:










These information boxes are showing, that these firms perform personalisation and gathering and combining of personalized datas of the user. The occurrencies around Cambridge Analytica make me very sceptical, what can happen here, if there is only one 'black sheep' among those more than 280 firms that have access to the data in the user´s pc when visiting CFC, that is not gathering datas only for the user, but about the user and is taking advantage with those informations by selling them (around several corners) to employers, banks, insurances, political groups or is using them for criminal purposes.

The following screenshots show the more than 280 firms that have access to data from a user´s pc while visiting CFC:





The list will be continued in the next post as no more uploads in this post are allowed.

 

[Civinator]

Continued: List of firms that have access to a user´s pc while visiting CFC:






















List will be continued in the next post.

 

[Civinator]

List continued:

















In the discussions about Curse between CFC members outside the CFC forums some, especially American CFC members, couldn´t believe, that such an amount of data mining is done at CFC. My guess is, that it is done to all CFC members outside the EU, too, as the EU members of CFC were only informed when the new law was approved and there was the danger of very cost intensive actions of European lawyers.

I think this post would be a good possibility to clarify if such data mining by Curse and the more than 280 firms is also done to CFC members outside the EU, especially to CFC members in the USA - and if this is done to those members, too, what can they do to protect against it.

Now my second big question arises: Isn´t it better to maintain CFC by donations instead of data mining by Curse and over 280 other firms?

 

[Noble Zarkon]

Thank you very much for all your research that went into this very informative post, and for agreeing to some minor changes as per our discussions. I just want to clarify a few things. GDPR legislation has menat that more people are now aware of how the Internet is being used and some of the implications - what we do at Civ Fanatics is no different than many other sites so if the information here is of concern then it is not simply Civ Fanatics you need to think about.

Is setting all the options in that window to 'Inaktiv' really completely eliminating all activities of Curse and the other more than 280 firms on my pc while visiting CFC?

Yes. The rest of the options give you control over specific companies but are only relevant if you allow the access in the first place.

Another unsolved question is, what must be done, if Curse adds new firms to have access to the pc to opt them out. Must each member now watch Curse every day to see, if they have added a new firm and than again have to opt these firms manually out?

If you want to control which specific companies have access to your data then yes, however you could just set all the options to inactive if you have concerns.

Isn't it better to maintain CFC by donations

Absolutely - we have memberships that eliminate ads whilst still allowing you to contribute to our costs (Server, Storage, bandwidth etc), ideally every member would become a supporter and we would have no need for ads.

Supporter (Non-Recurring): 12.00 USD for 1 year only
Supporters see no banner ads on the forums, gets a "Supporter" badge, and can use bigger avatar file size (100 KB instead of 50 KB).

Supporter (Recurring): 12.00 USD every year
Same benefits as the first one, but is recurring.

Supporter (Permanent Upgrade): 36.00 USD
Same benefits as the other ones, but is a permanent account upgrade.

The different options allow you to pay a one off, support us every year or pay a larger sum for a permanent upgrade.

 

[Civinator]

Also a thank you very much to you, Noble Zarkon, for helping to inform the CFC members, what really happens by Curse when visiting CFC. Many years ago in a discussion about the future financing of CFC, I opted for 'financing' by advertisment. Now I´m really shocked when seeing what happens here on my pc by Curse. The decision to become a supporter for me seems to be the right one.

The problem is, that a supporter only can stop this data mining for himself. I hope, CFC will gain so many supporters when seeing the truth, that even for members, who cannot afford such a support, the adware of Curse can be abolished somewhere in the future and my post can contribute something to achieve this aim. At least by now, every CFC member in the EU can make the proof of the activities by Curse and the many firms behind it, by simply not clicking on 'Got it. Thanks' - but on the link 'learn more' when the 'Curse Banner' is appearing.

I now will become one of the first new supporters of CFC. But I have one more question to clarify, about becoming a supporter of CFC:

Does the Supporter (Permanent Upgrade) for 36.00 USD mean, that the future access to CFC will be free for all time (as long as CFC is existing) from any advertisement and all ad ware?

 

[Noble Zarkon]

Does the Supporter (Permanent Upgrade) for 36.00 USD mean, that the future access to CFC will be free for all time (as long as CFC is existing) from any advertisement and all ad ware?

Yes, that is correct.

 

[Civinator]

Yes, that is correct.

Thank you very much for that information.

Edit: The 36 USD are now on the way to CFC via PayPal.

 

[Noble Zarkon]

The problem is, that a supporter only can stop this data mining for himself. I hope, CFC will gain so many supporters when seeing the truth, that even for members, who cannot afford such a support, the adware of Curse can be abolished somewhere in the future and my post can contribute something to achieve this aim.

That would be great - and thank you for your support.

 

[Quintillus]

A very informative post, and an appropriate name for the LLC. I am in the U.S., but do see the cookies popup as Civinator described when visiting (and not logged on) via Firefox and Vivaldi. I don't see the notice when visiting in IE11 or Opera 12, however. But I'm glad to see that the notification and preference options are available in the U.S. as well. I've noticed these on quite a few other sites over the past month, too, particularly ones with a non-U.S. focus. It's often simpler to apply the new options globally than to only do them by region, and I'm glad how in that way GDPR is improving privacy options outside of Europe as well.

Also a small technical clarification - Curse LLC and other similar companies would not have access to local files stored on your PC, such as in your My Documents folder on Windows, or your Civ save files. In order for that to happen, they would have to exploit security flaws in your browser, as your browser is built to prevent this sort of general access. Otherwise it would be far too easy for someone to set up a website to harvest user's financial documents, tax returns, etc. Curse LLC thus won't have access to all the data on your PC while browsing CFC.

However, there is a lot more latitude on gathering information about sites visited, cookies from other sites, and generally data about what web sites you've interacted with, and advertisers do put a lot of effort into tying together this information to build a targeted advertising profile on you as much as possible. This is a real concern, and part of what GDPR is meant to regulate. From the description, it sounds like the latitude on mobile devices may also be wider than on desktop, particularly the note about which mobile apps were used. I am not a mobile expert, and unable to confirm either way on that.

In addition to recommending supporting sites you regularly visit financially if you can afford it (and especially if it gives an ad-free experience as it does at CFC), another setting I recommend checking for in your browser is the "Block 3rd Party Cookies" one. Checking this will reduce the amount of cross-site tracking that advertisers can do (regardless of GDPR compliance), and thus make it at least somewhat more difficult for them to build targeted advertising profiles. Finally, many browsers have a "Ask websites not to track me" option, which I recommend. While sites are not obliged to honor this request, for those that do it will reduce how much advertising is targeted towards you.

 

[Omega124]

I have a question for more tech savvy people than me.

If I use an adblocker, do services like this still track me?

 

[Synobun]

I have a question for more tech savvy people than me.

If I use an adblocker, do services like this still track me?

Depends on the adblocker and its block list, but usually yes.

 

[Quintillus]

To expand upon Synsensa's answer...

If an ad blocker block's an advertiser's domains (and thus prevents it from loading JavaScript, images, and other data), then they will have no means with which to track you. So, for example, if your ad blocker blocks the domains belonging to A Million Ads, Limited, then that one of the 280 firms will have no way to track you. But the same ad blocker may not block A.Mob's data. It's a bit of a game of cat and mouse, between the new ad firms (or new domains for existing ad firms) and the ad blockers.

It does also depend on your ad blocker. Some ad blockers, such as Ad Block Plus, have programs where in exchange for a monetary payment and abiding by some restrictions around the types of ads (such as not having pop-up ads), the ad blocker will allow some firms' ads through. Their rationale is that it's really misleading/annoying/screen-grabbing ads that users want to block... but also that they (the ad-blocker) needs a way to make money. If your goal is to avoid all ads, or avoid being tracked by advertisers, however, this is obviously a loophole, which can be pretty large.

These days, uBlock Origin is the ad blocker that seems to be most generally recommended as effectively and universally blocking ads, and not accepting payments for exceptions. From my understanding, it's essentially operated as a Civ mod here would be - done in people's free time, and not as their primary means of income. Although of course that can lead to availability-of-people-to-make-updates issues, so far it seems to be working better than the ad-blocker-which-needs-to-support-people's-livelihoods model. You can also selectively un-block ads on sites you want to support.

Another finer point that bears mentioning is tracking via images. A common technique nowadays is for advertisers to embed tiny, 1-by-1 pixel images either on websites or in e-mails, for tracking purposes. It's most easily explained by e-mail. Let's say your e-mail is cfcisawesome@somewhere.net. You sign up for a mailing list of some commercial store or site. They send you next week's e-mails, and in addition to whatever text is there, can include an invisible image, which might be customized. Maybe it loads from http://www.amillionads.com/smallEmailImage.gif?email=cfcisawesome@somewhere.net. As soon as your e-mail client loads that e-mail (if it loads images), that image will be loaded, and if they've set up their message to include your e-mail in the image URL, and the server to monitor for it, they now know that you've opened that e-mail. Similar techniques (though perhaps relying on somewhere more obscure identifiers) work on websites as well - so if an ad blocker blocks JavaScript, but not images, from advertisers, it's only partially effective.

 

[Civinator]

What happens here ?? Even as a supporter this site now wants to add advertising spyware to me. In the last time more and more posts I did at CFC appeared twice after revisiting that thread at CFC and shortly after I posted them I saw them 4 times or three times.

Please stop that immediately !

 

[Civinator]

This *** advertisement banner even stops me to add the links to some of these 'doubleposts' done by CFC. The banner forces me to accept the advertisement t even reach the 'edit' button for my last post.

So here are the links to some of these doubleposts:

https://forums.civfanatics.com/threads/ccm2-epic-mod.625812/page-19#post-15498387
https://forums.civfanatics.com/threads/age-of-colonisation.240776/page-28#post-15502790
https://forums.civfanatics.com/threads/age-of-colonisation.240776/page-28#post-15502791

 

[Civinator]

 

[Civinator]

This banner is still there... If you click it once, you will never know that there is addware used to supporters despite they have paid that this is not used. And what is with all the civers living outside Europe, that don´t see this warning and don´t know that they have to deal with addware even if they are supporters ?

I think the answer is urgent!

 

[Synobun]

Almost every single website on the internet uses the cookie consent banner now.

 

[Civinator]

Almost every single website on the internet uses the cookie consent banner now.

Please read the answer to me that was given by CFC and played a big role that I payed the supporter fee:
https://forums.civfanatics.com/thre...-pcs-while-visiting-cfc.633988/#post-15166634

I cannot believe that this is the earnest of CFC, as this would be a word, that I don´t want to post here at this time. I still believe this is only a big mistake that happens here to the supporters of CFC, that should be stopped immediately. This banner appeares since today again after it was not there for many months, since I paid CFC for the supporter status - and as you can read in the screenshot, it spokes about 'engage in advertising activities.

 

[Noble Zarkon]

I still believe this is only a big mistake that happens here to the supporters of CFC, that should be stopped immediately.

The system only knows if you are a supporter when you are logged in, perhaps your login expired - try logging out and back in again.

 

[Civinator]

The system only knows if you are a supporter when you are logged in, perhaps your login expired - try logging out and back in again.

Hi Noble Zarkon, I don´t think that this is the reason for receiving this banner, as my posts above show, that the system was and is aware of my supporter status. As pms at CFC are blocked by not accepting this banner (the reply button cannot be reached and even with my new posts at CFC I have some big problems by trying to reach some buttons blindly and some options are complete unreachable), some mails to other supporters show, that this can become a bigger problem for CFC, as other supporters have this problem, too and some felt to be forced to trigger that 'accept' button by the restrictions that come with that banner to their posts so they have an 'advertisment free' CFC membership.

I will try to log out and to log in again.