Curse LLC - more than 280 firms have access to data on our pcs while visiting CFC

[Noble Zarkon]

I left the CFC forums again without logging out and deleted all cookies and other spyware of the last 24 hours on my browser.

As per previous discussions this isn't spyware, it's an advertising service. As far as I understand it the system knows not to serve to you it by reading the cookies on your computer, if you clear your cookies you will see banners etc again, unfortunately that's the way the Internet works for most sites.

Paging @The_J in case there's anything he wants to add.

 

[Civinator]

As per previous discussions this isn't spyware, it's an advertising service. As far as I understand it the system knows not to serve to you it by reading the cookies on your computer, if you clear your cookies you will see banners etc again, unfortunately that's the way the Internet works for most sites.

Paging @The_J in case there's anything he wants to add.

Noble Zarkon, name it as you want. I don´t want and don´t need this "advertising service" that is registering personal data from me that I don´t want to be registered. Until yesterday I had no problems in accessing CFC, but now I have.

Before accessing CFC I had 6 Browser entries and cookies from 5 websites in the last 24 hours, after accessing CFC directly after the first screenshot I have now 8 Browser entries and cookies from 8 websites.

I understand that one cookie is needed for identifying me when entering CFC, but what is with the other cookies from 3 additional websites (minus one for CFC) and 2 additional browser entries after being forced to accept these not wanted and not needed "service" ? Are they also only needed to identify me using CFC, or are they added for that "service" - a "service" that should not molest me as a paying supporter ?

 

[Takhisis]

Civinator, does the use of adblockers and other extension help against this?

 

[The_J]

As per previous discussions this isn't spyware, it's an advertising service. As far as I understand it the system knows not to serve to you it by reading the cookies on your computer, if you clear your cookies you will see banners etc again, unfortunately that's the way the Internet works for most sites.

Paging @The_J in case there's anything he wants to add.

That is correct.

There is also no need to click the "accept" button. You can ignore it, then no cookies will be set, and no profiling is done. Means you can log in without clicking the "accept" button.

 

[Ozymandias]

What browser are you using?

 

[Dale]

As per previous discussions this isn't spyware, it's an advertising service. As far as I understand it the system knows not to serve to you it by reading the cookies on your computer, if you clear your cookies you will see banners etc again, unfortunately that's the way the Internet works for most sites.

Paging @The_J in case there's anything he wants to add.

Kaspersky openly defines your advertising system as spyware, and Norton goes right up to the edge without clearly stating it, but it appears they intend their definition to cover advertising systems such as the one here on CFC. Saying "this isn't spyware, it's an advertising service", does not in any way cover the fact their software acts, inhabits your personal devices, and treats your personal data, the same way malicious spyware does. And quite often with deliberately confusing, hidden, extremely difficult to opt out of, operations.

"Spyware can also refer to legitimate software that monitors your data for commercial purposes like advertising." - https://www.kaspersky.com/resource-center/threats/spyware

"There are four common types of spyware. Their function ranges from tracking your browser activity so marketers can target your interests,..." - https://us.norton.com/blog/malware/spyware

 

[Noble Zarkon]

We'll pass this on to @Thunderfall but spyware is generally regarded as having a malicous element to it (not just advertising that people might object to).

Our system isn't that hard to bypass as long as you enable cookies, which is how the Internet works basically - we need to store your preferences. We can't do that in your profile under Xenforo unfortunately so it has to be cookies (unless someone can come up with another idea we haven't thought of).

what is with the other cookies from 3 additional websites

A cookie is only valid on the domain it is set on, these ads aren't getting sent from civfanatics.com but from a third party supplier.

 

[Dale]

We'll pass this on to @Thunderfall but spyware is generally regarded as having a malicous element to it (not just advertising that people might object to).

Our system isn't that hard to bypass as long as you enable cookies, which is how the Internet works basically - we need to store your preferences. We can't do that in your profile under Xenforo unfortunately so it has to be cookies (unless someone can come up with another idea we haven't thought of).

You say "our advertising friends aren't malicious", I say Cambridge Analytica. The collection of data may not be malicious, but it's what they or third partys do with it.

Just pointing out there are better alternatives to cookies. Cookies are insecure, and open to breaches. There are secure alternatives, including encrypted alternatives. I used alternatives in the 10 years I did web dev.

Besides that, 99% of sites don't need cookies. Any developer who says they have to use a cookie (except maybe a shopping cart, but even then there are alternatives) I would argue isn't thinking of their audience.

 

[Fippy]

Quick test..with adblockers on i was never asked about cookies.
Adblockers off: cookies consent popup instantly.

Well i never missed cookies (other than in RL ) here and everything seems to work fine without them.
In general i can understand Civinators frustration with them..who isn't bored of instant popups on almost every website these days, not like most show any finesse in limiting the annoyance factor.

 

[Civinator]

I am sorry about the delay in answering to your interesting posts, but today I had an extraction of a tooth and now is the first time, that my right hand can be used for tipping again and not any longer for pressing coolboxes against my cheek. But in the meantime I had some glimpses on that thread at CFC and I am surprised about the number of posts that followed in this thread. A big thank you very much to every forum member who participated in the discussion.

That is correct.

There is also no need to click the "accept" button. You can ignore it, then no cookies will be set, and no profiling is done. Means you can log in without clicking the "accept" button.

I did what you suggested before writing my first post to this problem and logged in at CFC without pressing the "accept" button. The log in worked without any problems. Then I pressed the check for the added cookies on my browser again and was very surprised, that now cookies from three websites were added, so all needed cookies for visiting CFC as a supporter should be available in the older installations.

The pop up I received before logging in at CFC not only contained the "accept" button, but also the message, that by continuing to use this site, I am consenting to the use of cookies of these - not wanted - "services". My suspicion was, that even to log in at CFC by these "services" is seen as such a further use of the CFC site because: Why were additional cookies by three websites be added to my browser, so all should still be available without these cookies for logging in at CFC ? I only deleted cookies set in the last 24 hours and not the existing older ones.

Unfortunately I cannot see what cookies here were added (or may be I don´t have the knowledge for making them visible), as in this case it would have been clear what websites set those new cookies. Therefore I decided to post this problem here in the hope that somebody can explain, what additional three websites did set these cookies. My browser is Google Chrome.

I say Cambridge Analytica.

Exactly these are my concerns. And the cornucopia of "services" and their partly special rules are practically not controllable - at least not for a human being like me.

 

[The_J]

You say "our advertising friends aren't malicious", I say Cambridge Analytica. The collection of data may not be malicious, but it's what they or third partys do with it.

Just pointing out there are better alternatives to cookies. Cookies are insecure, and open to breaches. There are secure alternatives, including encrypted alternatives. I used alternatives in the 10 years I did web dev.

Besides that, 99% of sites don't need cookies. Any developer who says they have to use a cookie (except maybe a shopping cart, but even then there are alternatives) I would argue isn't thinking of their audience.

While you are right about this, 2 points need to be considered
a) you will not find any advertiser which will e.g. use google's FLoC instead of cookies, so we have no leverage there
b) as mentioned before, NO cookies will be set if you reject them, so there is NO issues here

I'll be addressing Civinator's concern in a second.

 

[The_J]

The pop up I received before logging in at CFC not only contained the "accept" button, but also the message, that by continuing to use this site, I am consenting to the use of cookies of these - not wanted - "services". My suspicion was, that even to log in at CFC by these "services" is seen as such a further use of the CFC site because: Why were additional cookies by three websites be added to my browser, so all should still be available without these cookies for logging in at CFC ? I only deleted cookies set in the last 24 hours and not the existing older ones.

This is confusing in Chrome, it took me a while to figure out.

The short version: There are NOT 3 additional cookies set. At this point 3 sides have attempted to set cookies, but could not, due to you not consenting to it.

Picture #1, cookies from CFC:

This shows a clean Chromium browser, CFC has been loaded, and I have rejected the cookies from the main popup.
On this screen you can see civfanatics (where the arrow is coming from) is setting a range of cookies on the right, 18 in total, if I counted this right.
These are cookies only used from CFC itself, not from the advertisers, and this is the stuff which is necessary to have you logged in.


Picture 2: No cookies:

On the left, where the arrow is coming from, you see 3 more entries, 2 from googlesyndication.com, one from privacy-mgmt.com (the cookie popup). These sites have attempted, or wanted to set cookies. As you can see on the right, in the red square, no cookies were set, since nothing is displayed there.
(the label in the picture should probably not read "visited sites", but rather "loaded sites", or something similar; sorry for the confusing captioning)



#3 picture 3, the difference to actual advertisers:

This is an example if you agree to the advertising. As you can see on the left, the list of sites setting cookies or wanting to set cookies (I'm not 100% certain about that) is a lot longer, and on the right you see that they actually do set cookies.





Short version again:
If you do not consent to cookies being set, then no cookies are set.
To use CFC only CFC cookies are necessary, and these are not used for advertising. You do not need to agree to advertising cookies, you can use CFC without them.

 

[Civinator]

The_J, thank you very much for all your efforts. I will reread the details tomorrow. Important is, if I understood this well, that the attempt from three sites to set cookies is blocked by the missing consent, but is shown in my google Chrome as added cookies. So in reality all is working well with the supporters.

 

[The_J]

Yes, indeed, this is how I understand it and what the data shows (I think).
This is made very confusing I have to say. It is displayed better in Firefox, where these "emtpy attempts" (or however you want to call it) are not displayed.

And sorry in case the last post sounded a bit technical/sober/without human nature (also here, however you want to call it), it has been a long day :/.

 

[Dale]

While you are right about this, 2 points need to be considered
a) you will not find any advertiser which will e.g. use google's FLoC instead of cookies, so we have no leverage there
b) as mentioned before, NO cookies will be set if you reject them, so there is NO issues here

I'll be addressing Civinator's concern in a second.

Absolutely. Plus, here you are also limited by XenForo.

I just didn't like the misinformation above that advertisers collecting your information isn't malicious (it could be as has been proven multiple times in the past, where there's information and profit to be made, someone will do it), and that this is how the internet works so suck it up, when there are much better alternatives out there.

The use of cookies within websites in this day and age is quite simply lazy programming/design.

 

[Civinator]

And sorry in case the last post sounded a bit technical/sober/without human nature (also here, however you want to call it), it has been a long day :/.

Your post in my eyes had a very good technical, understandable and considering the human nature format.

 

[Noble Zarkon]

e.g. use google's FLoC instead of cookies

The use of cookies within websites in this day and age is quite simply lazy programming/design.

FLoC is dead and the alternative seems, to me, to be much worse than cookies which remain the standard way the Internet operates.

 

[Dale]

FLoC is dead and the alternative seems, to me, to be much worse than cookies which remain the standard way the Internet operates.

Cookies will be defunct in the next year or two. Google has already announced chrome won't support 3rd party cookies from end of 2023, and MS is considering stopping support next year.

As for alternatives, there are so many! Just search "web cookie alternative".

Cookies are horrible, and as I said, a sign of lazy design and programming in this day and age.

 

[The_J]

If any of the big advertisers make a move, then we'll consider it.
Until then we're stuck with the current solution, I'm afraid.

 

[Takhisis]

What is the point of keeping advertisement-oriented cookies if just about everybody here uses ad-blocking extensions and ofter also private browsing windows, container tabs and so on?