this post was submitted on 02 Dec 2025

22 points (100.0% liked)

Privacy

43836 readers

348 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

How did the Ad Networks find my search? (lemmy.ml)

submitted 2 weeks ago* (last edited 2 weeks ago) by Tenderizer78@lemmy.ml to c/privacy@lemmy.ml

54 comments fedilink hide all child comments

So a bit ago I got an add for "canned rambutan". I had looked up Rambutan a few days prior after hearing it mentioned 10 hours into the video game Baby Steps. I wasn't using a VPN at the time and I didn't have fingerprinting protections active but I only mentioned it to a few sources (according to my browser history) all of which generally are implied to be private.

Which of these do you think is the reason the ad networks know?

Wikipedia
Startpage Search
Duckduckgo Search
My ISP
Firefox
My Firefox Extensions
Kubuntu
CachyOS
The omnipotent algorithm connecting my mentions of Baby Steps with my progress through the game.
Does this only make sense if my browser history is incomplete?
Maybe I was using DNS over HTTPS via Cloudflare at the time of my search.

Any guesses as to where the weak link is?

you are viewing a single comment's thread
view the rest of the comments

[–] PiraHxCx@lemmy.ml 0 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Well, without a VPN your ISP sees every site you enter. I wasn't aware they might be selling that data for targeted ads, but it makes sense, why wouldn't them?

[–] Tenderizer78@lemmy.ml 1 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Looking it up my ISP isn't exactly trustworthy, but there have been no clear allegations. I'd say it's the most likely cause if not my Firefox extensions.

EDIT: I just got another theory, Cloudflare, I'll add it to the list.

[–] nkk@programming.dev 0 points 2 weeks ago (1 children)

If you're really crazy about your privacy I'd recommend getting rid of any extensions you don't 100% need (keep ublock origin though) as not only can they stalk you themselves but it can also help websites fingerprint you. Keeping your extensions to a minimum will help you blend in with the crowd, especially if you use a hardened browser like LibreWolf and/or Mullvad Browser

[–] Tenderizer78@lemmy.ml 1 points 2 weeks ago (1 children)

I use AdGuard rather than uBlock Origin for adblocking, because it allows me to opt-in and only block ads when they are aggressive enough to be annoying. But I've not been trying to minimize fingerprinting. The issue is just that everything I used in this instance came with either a tacit or explicit promise not to track me and I don't know which is lying.

Other extensions I use are:

Remove YouTube Suggestions
10ten Japanese Reader (just now disabled)
Tampermonkey
Proton Pass (because my government services require 2FA, but only offer an official government app that uses the play integrity API, or a Passkey which is only natively supported on Windows or Mac)
Time Tracker - Web Habit Builder
Improve Crunchyroll (which seems to have stopped Crunchyroll from forcefully dropping my resolution to 144p).
SteamDB (just now disabled)

[–] nkk@programming.dev 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I've never used AdGuard but you can customize uBlock Origin to fit your needs and block specific things for specific websites. uBlock Origin is commonly used as a default in hardened browsers which would help you fit in with the crowd even more (although I realize you said you weren't going for anti-fingerprinting, just something to consider)

I switched to using Grayjay Desktop rather than my browser for YouTube

If you need a userscript manager, Violentmonkey is an open source alternative

Proton Pass has an app, yes less convenient without the autofill but better for privacy not to have the extension

Personally, I would just sail the seven seas

[–] Tenderizer78@lemmy.ml 1 points 2 weeks ago (1 children)

I have Freetube installed but I found no reason to really use it when I have this browser extension and adblock (though I don't have one enabled for YouTube so I have no idea why I'm not seeing ads). I can probably do what Remove YouTube Suggestions does with Tampermonkey or Violentmonkey anyway so I might switch.
Didn't realize Tampermonkey wasn't open source. I'll look into it when I can eventually be bothered.
I can't use a Passkey on my phone. GrapheneOS doesn't support passkeys.
Piracy isn't worth the hassle to me, though it's not like Crunchyroll has been much better lately.

[–] nkk@programming.dev 1 points 2 weeks ago (1 children)

If you want maximum privacy, Grayjay and Freetube don't link to accounts so Google doesn't know what you're doing (especially if you're on a VPN) but again, it's understandable if you don't feel that's worth it.

Ah got it, didn't realize you were using passkeys.

If you're willing to do a bit of setup, Stremio + RealDebrid ($40 a year) + Torrentio/AIOStreams is pretty much perfect to me (although if you watch a lot of super obscure shows maybe not the way to go as RealDebrid doesn't cache everything)

[–] Tenderizer78@lemmy.ml 2 points 2 weeks ago

I'm not really interested in maximum privacy, at least right now. I'm slowly moving there though.

[–] ryannathans@aussie.zone 0 points 2 weeks ago (1 children)

Microsoft serves ads through duckduckgo that could connect the search to your IP perhaps if you clicked one

[–] Tenderizer78@lemmy.ml 0 points 2 weeks ago (1 children)

I'm pretty sure I never clicked on one. And I've turned off Firefox link previews too IIRC.

[–] ivn@jlai.lu 0 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

It doesn't matter if you click on it. The ad space auction is already done.

[–] Tenderizer78@lemmy.ml 0 points 2 weeks ago (1 children)

Apparently Startpage and Duckduckgo use contextual advertising (rather than targeted advertising) so the advertisers on an unrelated website shouldn't know I was looking up rambutan.

[–] lefthandeddude@lemmy.dbzer0.com 1 points 2 weeks ago* (last edited 2 weeks ago)

If you do searches on DDG, which is powered by Bing, you get responses that are relevant to your IP-based location, which means something about your IP is being passed to Bing aka Microsoft. That's how.

[–] ryannathans@aussie.zone 0 points 2 weeks ago (1 children)

That's not true, your ISP might see your DNS and unencrypted web traffic sure but web searches use HTTPS so ISPs aren't reading the query or results

[–] PiraHxCx@lemmy.ml 0 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Aren't they seeing all the urls you access?

[–] ivn@jlai.lu 1 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

No, unless you browse http website. They'll only see the domain name in the request SNI or during the DNS request.

[–] far_university1990@reddthat.com 0 points 2 weeks ago (1 children)

But see ip you connect to. Reverse dns using own dns could show set of url possible on ip.

[–] ivn@jlai.lu 1 points 2 weeks ago (1 children)

Reverse DNS would only show domain name, not URL. And even then a lot of websites are sharing IPs. No point in doing that when you've got SNI.

[–] far_university1990@reddthat.com 1 points 2 weeks ago (1 children)

True only domain. TIL about sni. But vpn still protect against sni analysis no?

[–] ivn@jlai.lu 1 points 2 weeks ago

With a VPN it's the VPN that has access to the list of domain you visit instead of your ISP. Whether you should put your trust in your ISP or a VPN is another question.

[–] pHr34kY@lemmy.world -1 points 2 weeks ago (2 children)

...and if you use DoH, they won't even see DNS.

I would argue that you don't need a VPN. It's just another entity that can see your traffic, and there's no reason to trust them over your ISP. They're all for-profit companies.

[–] Skankhunt420@sh.itjust.works 3 points 2 weeks ago

https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid

Yeah you're right man the VPN that got raided and proven to keep no logs is the exact same as ATT that helped the NSA spy on everyone in the USA and has your credit card and address on file.

https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/

Sure something like NordVPN wouldn't be trustworthy but come on, saying all VPNs are just as trustworthy as ISPs is absolutely insane

[–] ivn@jlai.lu 0 points 2 weeks ago (1 children)

But they'll still see the SNI.

[–] pHr34kY@lemmy.world 1 points 2 weeks ago (1 children)

Not for long. That's about to get fixed with encrypted client hello.

[–] ivn@jlai.lu 1 points 2 weeks ago

Yes but ECH/ESNI have been around for some time now, even if the official spec is recent, but adoption is stil l very low.