The Market Ticker
Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
MUST-READ Selection:
Delusion Will Not Get You Hired

Display list of topics

Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-03-23 13:39 by Karl Denninger
in Flash , 113 references
[Comments enabled]  

If you do not understand why you just got taxed at 500% what you were allegedly "cut" you're too dumb to vote.

Or reproduce.

If you voted for Trump, well, jokes on you jackass.


when they see what is to come.....


Email for pricing and specifics; as with all her pieces this is an original.

View this entry with comments (opens new window)

2018-03-23 07:00 by Karl Denninger
in Technology , 215 references
[Comments enabled]  

Folks, cut the crap ok?

I know what you're thinking -- I'll just turn off "third party cookies" and all will be ok (in relation to my previous article.)

Incidentally, that is not the default for Chrome and other browsers.  Gee, I wonder why?  Who runs all sorts of third-party ad networks again?

But that aside this doesn't work.

The reason is an HTTP field called an "Etag."

Etags, along with expiration dates and "If-Modified-Since" allow a browser to quickly check with a host whether or not content has changed, without re-downloading it.  Let's say you get an image on the web.  Later, you go back to the same page and the same image is there, since it has not changed.  If the image is still in your cache it is very wasteful to send the whole thing again -- which could be several megabytes.  Instead, if it hasn't changed, you can just display what's in the cache.

Well, to know that, you need to know if the resource changed on the server end.  There are two ways to do this -- using a date stamp, and using what's called an "Etag."

The latter can be attached to any resource, although it's usually attached to images.  The server sends down an Etag: field with the image in the HTTP headers, which is an opaque identifier.  In other words, from the browser's point of view it does not care what the string is; it doesn't represent a time, date, or anything other than a promise from the server that it shall change if the content has changed and needs to be re-sent.

If this sounds like a cookie that's because it can be abused to become one, and you cannot shut it off unlike cookies!

So let's say you disable third-party cookies.  Fine, you think.  Nope.

I have a "Like" button.  Said button has an image.  That image is the finger pointing up, of course, and you must transfer it at least once.  I send an Etag with it, but instead of it being a change index it's unique to you!

Now, every single time you request the button you send the Etag for the image.  If it hasn't changed (and it basically never will, right -- it's an upturned finger!) I send back "Not modified".  Except.... I just pinned to you, personally, that access to the page and you have third-party cookies turned  off!

So I send back "Not modified" but you just told me who you are, what web page you were viewing, and your browser ID and IP address.

I get all of this for every page you visit where such a button or function is present even if you never use it.


Oh by the way this works with beacons of course, since they're 1-pixel transparent images.  And no, I wasn't the first to figure this one out many years ago, and it's been known and in active use on the web for a long time.

The premise that blocking third-party cookies prevents these folks from being able to figure out who you are and what arbitrary web content you are viewing is false!  Nice switch Mr. Browser writer, too bad it doesn't solve the problem!

What this means is that you can be tracked specifically and individually, as you personally, with knowledge of who you are, where you are, when you clicked it and exactly what page you looked atwhenever you visit a page that has any such thing on it without your knowledge or consent should any such resource be included in that page.  It is inherently part of the web server's logs that the owner of the page you visit gets your browser ID, IP address and what you viewed.  But what you probably didn't know and certainly did not consent to is that through very trivial abuse any resource that comes from some other web property -- a like button, a sign-in option for other than a locally-stored account, even an ad can cause your system to obtain, store and regurgitate a unique identifier specific to you and your device whenever that resource is encountered, anywhere.  As soon as you do anything that links that identifier to you as a human that relationship is then known and never lost.  Indeed it can happen retroactively in that the tag can be generated one day and then days, weeks, months or even years later you might provide the missing component (your identity) on some other page that contains the same resource.

There is no way for you to consent because it happens before you can possibly know it will and thus you can't give consent.  You also can't know in advance where else that "capturing" system for your presence might be operating. It works exactly like a third-party cookie except that you cannot shut it off other than by operating system (or firewall) blocking of the entire domain or IP address involved or by clearing all cached data on every access, which is extraordinarily wasteful.  If you're on an Android phone or an iPhone, since both prohibit editing the /etc/hosts file that would otherwise make blocking such possible without too much trouble (e.g. through "Adblock") you cannot reasonably interdict this at all on the stock browsers.

You also cannot block this on desktop or tablet browsers without severely damaging your browsing experience.  Specifically, while you could conceivably load an extension to block all Etag headers doing so would probably get you blackballed on many sites (it sure would here and probably automatically as the system would consider it abuse!) because doing that would result in your data transfer requirements from the site skyrocketing as every single image would have to be sent on every access even if you already had an unaltered copy in your local system's cache in memory or on disk.

Facebook's entire business model relies on this.  That is why they "offer" their sign-on system to newspapers, blogs and other web sites all over the world.  It is also why they have their "like" buttons everywhere.  It is through those "features" that they track everything you do online, even if you don't have an account with them, and all of that tracking processing and sale of whatever they learn of your personal life is done without any consent because it is not possible to consent to what you're not aware of in advance.

This is why the only solution to Facebook's data mining, and they're not alone in this (and yes, it has to apply to all of these firms and those yet to come), is legislative.  This sort of activity -- collecting anything from those places where "like" buttons or any other third-party content is placed, or where sign-on credentials are used, and where that data is either used to inform decisions (e.g. advertising) or sold must be considered a felony criminal offense punished with the revocation of corporate charters and indictment of every officer and director of the firm involved.

could trivially commit this sort of abuse, by the way, on The Ticker.  It would require a hell of a lot of storage, but it would be easy to do. 

I don't do it because it's wrong.

Others don't give a crap if it's wrong.

Zucker****er is one of the worst.  His latest missive is especially damning, in that it deliberately omits the fact that Obama's 2012 campaign used such data mining.  He didn't object then because they wanted the Democrats to win.  Note that he takes no credit for that, nor does he accept blame.  He simply lies by omission.

No, you can't fix this by not having a social media account personally since you don't have to sign in for you to be tracked and the tracking not only happens on the site in question it happens anywhere connections to that site are found such as images, buttons or other related functionality.

For this reason the problem can only be fixed legislatively or if all of said firms are driven out of business due to mass-revulsion by the people -- either way the only fix is if pulling this crap is an instant corporate death sentence right here, right now.

View this entry with comments (opens new window)

2018-03-22 13:00 by Karl Denninger
in POTD , 74 references

You know you want to....


Email for pricing and specifics; like all of her work this is an original!

View this entry with comments (opens new window)

2018-03-22 12:04 by Karl Denninger
in Flash , 131 references
[Comments enabled]  

Be writing on Zucker****er's "apology" .... Later tonight or tomorrorw.

Along with why you better not believe that jackass.

View this entry with comments (opens new window)