party

T-Mobile US 打算要賣使用者的瀏覽記錄了

全美第二大的 T-Mobile US 打算要賣使用者的瀏覽記錄了，除非你登入進去選擇退出：「T-Mobile to Step Up Ad Targeting of Cellphone Customers」，Hacker News 上的討論則可以看「T-Mobile to share customers' data with advertisers unless they opt out (thehill.com)」這邊。

The No. 2 U.S. carrier by subscribers said in a recent privacy-policy update that unless they opt out it will share customers’ web and mobile-app data with advertisers starting April 26.

這次的改變包括了 2020 年併購 Sprint 的使用者：

T-Mobile’s new policy will also cover Sprint customers acquired through the carriers’ 2020 merger. Sprint had previously shared similar data only from customers who opted into its third-party ad program.

所以連在美國都有 DNS over HTTPS (或是 DNS over TLS) 與 ESNI 需求了...

Webkit 的「反追蹤反追蹤」功能...

第一次看到標題的時候的確是 WTF 的感覺，愈來愈感覺到大戰的開始：「Preventing Tracking Prevention Tracking」。

在蘋果的平台上有 Intelligent Tracking Prevention (ITP) 功能，但先前這個功能比較簡單，所以還是有很多地方可以被當作 browser fingerprint 的一部份分析，所以蘋果決定改善，然後在新版的軟體裡引入：

This blog post covers enhancements to Intelligent Tracking Prevention (ITP) included in Safari on iOS and iPadOS 13.3, Safari 13.0.4 on macOS Catalina, Mojave, and High Sierra.

包括了跨站台時 Referer 的省略：

ITP now downgrades all cross-site request referrer headers to just the page’s origin. Previously, this was only done for cross-site requests to classified domains.

然後後面三個改善都跟 3rd-party cookie 有關，其中預設擋掉帶 cookie 的 3rd-party requests 應該會讓一些網站掛掉：

ITP will now block all third-party requests from seeing their cookies, regardless of the classification status of the third-party domain, unless the first-party website has already received user interaction.

早期自己做自家 SSO 的奇技淫巧中，會設計出透過 ajax 打多個不同的網域自動登入，看起來應該會需要檢查了...

所以蘋果開始放鬆 iPhone 的第三方電池保固問題了？

MacRumors 上看到的，先前只要透過第三方更換電池，蘋果就會拒絕後續所有保固，現在內部文件改成不保固電池的部分，其他的元件還是會提供保固：「Apple Says iPhones With Third-Party Batteries Now Eligible for Repairs」。

iPhones with aftermarket batteries installed by third-party repair shops are now eligible for service at Genius Bars and Apple Authorized Service Providers, according to an internal Apple document obtained by MacRumors from three reliable sources.

不確定是不是全球性的，但至少法國已經是了？

突然想到『FTC 警告 Nintendo 與 Sony「拆封喪失保固」違反聯邦法』這篇，雖然兩者討論的主題不太一樣...

Internet 上的 3rd party js 的情況

在 Twitter 上看到這則：

Tweeted once, will tweet again. Third Party Web, a very detailed summary of which third party scripts are most responsible for excessive JavaScript execution (and slowing you down). / via @umaar

↬ 3rd-Party Scripts Impact https://t.co/h9LsYSqXre pic.twitter.com/e7HvW2Emsx

— Smashing Magazine (@smashingmag) February 20, 2019

裡面提到了「patrickhulce/third-party-web」的分析 (作者是從 HTTP Archive 的資料分析)，裡面依照不同種類的 3rd party js (像是 ad，或是 social element，或是分析工具) 需要執行的時間，以及使用的站台數量。

Social 那邊意外看到 PIXNET 有上去，然後速度只比 Disqus 快一些，應該是沒有 optimize 的關係。

如果整體一起看的話 (總和花費時間)，可以看到 Google 各項產品都在最前面，畢竟裡面每個項目都是被廣泛使用的。

Gmail 支援第三方軟體掛入了...

以往都是第三方廠商要透過 browser extension 硬掛進去 (當 Gmail 改版的時候又要修)，現在 Gmail 直接提供界面讓他們掛進來了：「Do more from your inbox with Gmail Add-ons」。

包括 Gmail 以及 G Suite 都能用 (應該會需要管理員掛進來？)：

Knock out action items the minute they hit your inbox. G Suite and Gmail users can check out the G Suite Marketplace to find and install Gmail Add-ons.

另外也可以自己開發掛入：

If you're a developer, you can also easily create add-ons for your app or your organization—write your add-on code once and it will run natively in Gmail on web and Android right away. Learn more.

分析 FCC 對網路中立性的留言，將鄉民與機器人分開來分析

Boing Boing 的立場其實還蠻鮮明的，所以有時候他們的新聞看看就好...

但這篇真的很有趣，把 FCC (美國的聯邦通信委員會) 上兩千兩百萬則對網路中立性的留言拿出來分析，結果發現真人與機器人的差異超明顯 XDDD：「Analysis of 22 million FCC comments show that humans love Net Neutrality and bots really, really hate it」，引用的文章在「Discovering truth through lies on the internet - FCC comments analyzed」這邊。

分析可以發現，真人偏好網路中立，而機器人反對網路中立 XDDD：(其實大家心裡都有底是怎麼玩出來的... 只是這次有機會分析，讓事情更明顯)

Data analysis company Gravwell ingested 22,000,000 comments sent to the FCC's docket on Net Neutrality and posted their preliminary findings, which are that the majority of comments came from bots, and these bots oppose Net Neutrality; of the comments that appear to originate with humans, the vast majority favor Net Neutrality.

文章中列出幾個有趣的現象，像是機器人的 comment 大量重複：

A very small minority of comments are unique -- only 17.4% of the 22,152,276 total. The highest occurrence of a single comment was over 1 million.

甚至是 pornhub.com 的郵件位置 XDDD：

Most comments were submitted in bulk and many come in batches with obviously incorrect information -- over 1,000,000 comments in July claimed to have a pornhub.com email address

然後機器人的 pattern 也很容易辨別：

Bot herders can be observed launching the bots -- there are submissions from people living in the state of "{STATE}" that happen minutes before a large number of comment submissions

這個有點類似「50 Cent Party (五毛黨)」，但是是自動化機器人，而且產出的「品質」不太好 XDDD

EFF 的 Privacy Badger

EFF 推出新的延伸套件 (有 Firefox 與 Google Chrome 版)，透過演算法阻擋嘗試追蹤你的單位：「Privacy Badger」。

在官網上有比較技術面的說明：

At a more technical level, Privacy Badger keeps note of the "third party" domains that embed images, scripts and advertising in the pages you visit. If a third party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third party tracker. In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies.

技術上的作法是分析 third party domain 的行為，用演算法阻擋可能的追蹤。與 Ghostery 這類工具使用人力建立清單的方法不太一樣。

裝起來跑看看，感覺還蠻有趣的...