1. We have added a Gift Upgrades feature that allows you to gift an account upgrade to another member, just in time for the holiday season. You can see the gift option when going to the Account Upgrades screen, or on any user profile screen.
    Dismiss Notice

Curse LLC - more than 280 firms have access to data on our pcs while visiting CFC

Discussion in 'Site Feedback' started by Civinator, Jun 30, 2018.

  1. Civinator

    Civinator Blue Lion Supporter

    Joined:
    May 5, 2005
    Messages:
    5,653
    Since the new rules the EU just approved about the protection of personal data for CFC members in the EU, an information window is popping up, informing the CFC member, that this site is using an ad delivery service provided by a firm with the nice name 'Curse' (!). It seems CFC members outside the EU don´t receive any information what really happens at CFC. As in another thread in this forum about the 'Curse banner' screenshots were demanded, I will add screenshots to this post.

    In the first information window you get the following information:



    If you here simply click on 'Got it, thanks', you will never have any glimpse what really happens at CFC by Curse LLC and more than 280 other firms, which seem to have access to the data in your pc while visiting CFC.

    If you click on 'Learn more', the following information window is popping up:



    Now comes the first big question for me:

    Is setting all the options in that window to 'Inaktiv' really completely eliminating all activities of Curse and the other more than 280 firms on my pc while visiting CFC?


    Here I have some doubts, because when clicking on 'Learn more & Set Preferences' in that information window, the following information boxes are popping up:



    It seems 'toggling out' is not working well for eliminating the access and storing of information on the user´s pc, as in this window (if you have ever clicked on it) there is the information, that for 'opting out' of the activities of many firms you have to visit other sites on the internet and to do further steps for (hopefully) exluding these firms from your pc. This concerns more than 80 of the more than 280 firms that have access to the user´s pc while visiting CFC (if I counted well 88 firms). Screenshots with the lists of these firms and the requirement of visiting the internet at other sites 'to opt out' will come later in this post.

    Another unsolved question is, what must be done, if Curse adds new firms to have access to the pc to opt them out. Must each member now watch Curse every day to see, if they have added a new firm and than again have to opt these firms manually out?



    Here especially the very global clause, that Curse and the other more than 280 firms can gather any information about the user´s activity on that device (showing that this permission is considered globally by using the formulation 'including web pages and mobile apps visited or used'), is triggering sorrows, as this sounds like a license for completely outspying the user´s pc (not only the browser´s data) -and this is not acceptable.

    By klicking in the information box shown in screenshot 2 also the following information boxes are popping up:










    These information boxes are showing, that these firms perform personalisation and gathering and combining of personalized datas of the user. The occurrencies around Cambridge Analytica make me very sceptical, what can happen here, if there is only one 'black sheep' among those more than 280 firms that have access to the data in the user´s pc when visiting CFC, that is not gathering datas only for the user, but about the user and is taking advantage with those informations by selling them (around several corners) to employers, banks, insurances, political groups or is using them for criminal purposes.

    The following screenshots show the more than 280 firms that have access to data from a user´s pc while visiting CFC:





    The list will be continued in the next post as no more uploads in this post are allowed.
     

    Attached Files:

    Last edited by a moderator: Jul 4, 2018
    ryanmusante, Hygro and Omega124 like this.
  2. Civinator

    Civinator Blue Lion Supporter

    Joined:
    May 5, 2005
    Messages:
    5,653
    Continued: List of firms that have access to a user´s pc while visiting CFC:






















    List will be continued in the next post.
     

    Attached Files:

  3. Civinator

    Civinator Blue Lion Supporter

    Joined:
    May 5, 2005
    Messages:
    5,653
    List continued:

















    In the discussions about Curse between CFC members outside the CFC forums some, especially American CFC members, couldn´t believe, that such an amount of data mining is done at CFC. My guess is, that it is done to all CFC members outside the EU, too, as the EU members of CFC were only informed when the new law was approved and there was the danger of very cost intensive actions of European lawyers.

    I think this post would be a good possibility to clarify if such data mining by Curse and the more than 280 firms is also done to CFC members outside the EU, especially to CFC members in the USA - and if this is done to those members, too, what can they do to protect against it.

    Now my second big question arises: Isn´t it better to maintain CFC by donations instead of data mining by Curse and over 280 other firms?
     

    Attached Files:

    Last edited by a moderator: Jul 4, 2018
    Wolfhart and Vuldacon like this.
  4. Noble Zarkon

    Noble Zarkon Civ IV Emperor EQM Moderator Hall of Fame Staff Supporter GOTM Staff

    Joined:
    Sep 6, 2012
    Messages:
    4,572
    Gender:
    Male
    Location:
    Fife, Scotland
    Thank you very much for all your research that went into this very informative post, and for agreeing to some minor changes as per our discussions. I just want to clarify a few things. GDPR legislation has menat that more people are now aware of how the Internet is being used and some of the implications - what we do at Civ Fanatics is no different than many other sites so if the information here is of concern then it is not simply Civ Fanatics you need to think about.

    Yes. The rest of the options give you control over specific companies but are only relevant if you allow the access in the first place.

    If you want to control which specific companies have access to your data then yes, however you could just set all the options to inactive if you have concerns.

    Absolutely - we have memberships that eliminate ads whilst still allowing you to contribute to our costs (Server, Storage, bandwidth etc), ideally every member would become a supporter and we would have no need for ads.

    Supporter (Non-Recurring): 12.00 USD for 1 year only
    Supporters see no banner ads on the forums, gets a "Supporter" badge, and can use bigger avatar file size (100 KB instead of 50 KB).

    Supporter (Recurring): 12.00 USD every year
    Same benefits as the first one, but is recurring.

    Supporter (Permanent Upgrade): 36.00 USD
    Same benefits as the other ones, but is a permanent account upgrade.

    The different options allow you to pay a one off, support us every year or pay a larger sum for a permanent upgrade.
     
  5. Civinator

    Civinator Blue Lion Supporter

    Joined:
    May 5, 2005
    Messages:
    5,653
    Also a thank you very much to you, Noble Zarkon, for helping to inform the CFC members, what really happens by Curse when visiting CFC. Many years ago in a discussion about the future financing of CFC, I opted for 'financing' by advertisment. Now I´m really shocked when seeing what happens here on my pc by Curse. The decision to become a supporter for me seems to be the right one.

    The problem is, that a supporter only can stop this data mining for himself. I hope, CFC will gain so many supporters when seeing the truth, that even for members, who cannot afford such a support, the adware of Curse can be abolished somewhere in the future and my post can contribute something to achieve this aim. At least by now, every CFC member in the EU can make the proof of the activities by Curse and the many firms behind it, by simply not clicking on 'Got it. Thanks' - but on the link 'learn more' when the 'Curse Banner' is appearing.

    I now will become one of the first new supporters of CFC. But I have one more question to clarify, about becoming a supporter of CFC:

    Does the Supporter (Permanent Upgrade) for 36.00 USD mean, that the future access to CFC will be free for all time (as long as CFC is existing) from any advertisement and all ad ware?
     
  6. Noble Zarkon

    Noble Zarkon Civ IV Emperor EQM Moderator Hall of Fame Staff Supporter GOTM Staff

    Joined:
    Sep 6, 2012
    Messages:
    4,572
    Gender:
    Male
    Location:
    Fife, Scotland
    Yes, that is correct.
     
  7. Civinator

    Civinator Blue Lion Supporter

    Joined:
    May 5, 2005
    Messages:
    5,653
    Thank you very much for that information.:)

    Edit: The 36 USD are now on the way to CFC via PayPal.
     
    Last edited: Jul 4, 2018
    Noble Zarkon likes this.
  8. Noble Zarkon

    Noble Zarkon Civ IV Emperor EQM Moderator Hall of Fame Staff Supporter GOTM Staff

    Joined:
    Sep 6, 2012
    Messages:
    4,572
    Gender:
    Male
    Location:
    Fife, Scotland
    That would be great - and thank you for your support.
     
  9. Quintillus

    Quintillus Archiving Civ3 Content Supporter

    Joined:
    Mar 17, 2007
    Messages:
    6,223
    Location:
    Columbus
    A very informative post, and an appropriate name for the LLC. I am in the U.S., but do see the cookies popup as Civinator described when visiting (and not logged on) via Firefox and Vivaldi. I don't see the notice when visiting in IE11 or Opera 12, however. But I'm glad to see that the notification and preference options are available in the U.S. as well. I've noticed these on quite a few other sites over the past month, too, particularly ones with a non-U.S. focus. It's often simpler to apply the new options globally than to only do them by region, and I'm glad how in that way GDPR is improving privacy options outside of Europe as well.

    Also a small technical clarification - Curse LLC and other similar companies would not have access to local files stored on your PC, such as in your My Documents folder on Windows, or your Civ save files. In order for that to happen, they would have to exploit security flaws in your browser, as your browser is built to prevent this sort of general access. Otherwise it would be far too easy for someone to set up a website to harvest user's financial documents, tax returns, etc. Curse LLC thus won't have access to all the data on your PC while browsing CFC.

    However, there is a lot more latitude on gathering information about sites visited, cookies from other sites, and generally data about what web sites you've interacted with, and advertisers do put a lot of effort into tying together this information to build a targeted advertising profile on you as much as possible. This is a real concern, and part of what GDPR is meant to regulate. From the description, it sounds like the latitude on mobile devices may also be wider than on desktop, particularly the note about which mobile apps were used. I am not a mobile expert, and unable to confirm either way on that.

    In addition to recommending supporting sites you regularly visit financially if you can afford it (and especially if it gives an ad-free experience as it does at CFC), another setting I recommend checking for in your browser is the "Block 3rd Party Cookies" one. Checking this will reduce the amount of cross-site tracking that advertisers can do (regardless of GDPR compliance), and thus make it at least somewhat more difficult for them to build targeted advertising profiles. Finally, many browsers have a "Ask websites not to track me" option, which I recommend. While sites are not obliged to honor this request, for those that do it will reduce how much advertising is targeted towards you.
     
    Noble Zarkon likes this.
  10. Omega124

    Omega124 Challenging Fate

    Joined:
    Nov 1, 2008
    Messages:
    6,990
    Gender:
    Female
    Location:
    Albany, New York
    I have a question for more tech savvy people than me.

    If I use an adblocker, do services like this still track me?
     
  11. Synsensa

    Synsensa Warlord Retired Moderator

    Joined:
    Nov 19, 2006
    Messages:
    16,073
    Depends on the adblocker and its block list, but usually yes.
     
  12. Quintillus

    Quintillus Archiving Civ3 Content Supporter

    Joined:
    Mar 17, 2007
    Messages:
    6,223
    Location:
    Columbus
    To expand upon Synsensa's answer...

    If an ad blocker block's an advertiser's domains (and thus prevents it from loading JavaScript, images, and other data), then they will have no means with which to track you. So, for example, if your ad blocker blocks the domains belonging to A Million Ads, Limited, then that one of the 280 firms will have no way to track you. But the same ad blocker may not block A.Mob's data. It's a bit of a game of cat and mouse, between the new ad firms (or new domains for existing ad firms) and the ad blockers.

    It does also depend on your ad blocker. Some ad blockers, such as Ad Block Plus, have programs where in exchange for a monetary payment and abiding by some restrictions around the types of ads (such as not having pop-up ads), the ad blocker will allow some firms' ads through. Their rationale is that it's really misleading/annoying/screen-grabbing ads that users want to block... but also that they (the ad-blocker) needs a way to make money. If your goal is to avoid all ads, or avoid being tracked by advertisers, however, this is obviously a loophole, which can be pretty large.

    These days, uBlock Origin is the ad blocker that seems to be most generally recommended as effectively and universally blocking ads, and not accepting payments for exceptions. From my understanding, it's essentially operated as a Civ mod here would be - done in people's free time, and not as their primary means of income. Although of course that can lead to availability-of-people-to-make-updates issues, so far it seems to be working better than the ad-blocker-which-needs-to-support-people's-livelihoods model. You can also selectively un-block ads on sites you want to support.

    Another finer point that bears mentioning is tracking via images. A common technique nowadays is for advertisers to embed tiny, 1-by-1 pixel images either on websites or in e-mails, for tracking purposes. It's most easily explained by e-mail. Let's say your e-mail is cfcisawesome@somewhere.net. You sign up for a mailing list of some commercial store or site. They send you next week's e-mails, and in addition to whatever text is there, can include an invisible image, which might be customized. Maybe it loads from http://www.amillionads.com/smallEmailImage.gif?email=cfcisawesome@somewhere.net. As soon as your e-mail client loads that e-mail (if it loads images), that image will be loaded, and if they've set up their message to include your e-mail in the image URL, and the server to monitor for it, they now know that you've opened that e-mail. Similar techniques (though perhaps relying on somewhere more obscure identifiers) work on websites as well - so if an ad blocker blocks JavaScript, but not images, from advertisers, it's only partially effective.
     
    Olleus and Birdjaguar like this.

Share This Page