I’m a broken record: block Google (or whomever) with network-based blocking (IP and/or DNS), these guys have third-party tracking in virtually every website and app.
Almost every B2C company I’ve worked at, I’ve written or had my devs write proxies for whatever trackers we use. The reality is that every company to whom this data matters to figure out their business model will proxy their trackers. If they don’t they need to fire their lead engineers.
It’s actually pretty easy to disguise this traffic even to the point where you can use the originating server/cdn to interleave the tracking with the content source.
I’m a broken record: block Google (or whomever) with network-based blocking (IP and/or DNS), these guys have third-party tracking in virtually every website and app.
Almost every B2C company I’ve worked at, I’ve written or had my devs write proxies for whatever trackers we use. The reality is that every company to whom this data matters to figure out their business model will proxy their trackers. If they don’t they need to fire their lead engineers.
It’s actually pretty easy to disguise this traffic even to the point where you can use the originating server/cdn to interleave the tracking with the content source.
Proxy? Is it that hard to figure out how to bundle and serve assets from the same domain? 😂
It’s not about serving assets it’s about hiding telemetry from adblockers, dns filters, ip lists, etc.
businesses are truly developing malware
as an additional measure, sure. but these blocks are not hard to circumvent, so it’s not enough in itself
They’re not hard to circumvent, sure but then why am I so effectively blocking almost everything not tied to the “real” first-party domains?
because they don’t yet circumvent it. but also, are you completely sure everything is blocked? DoT, DoH traffic and such?