question How far do registrars and domain auction houses go to track you?

I just got an email from Godadd telling me that names I recently looked at were now available and I should act to get them.

These are names I own...good to know they are on the ball.

They are retail companies, not the CIA. You do sound a little too paranoid.

If you are concerned about domain theft make sure you have 2 stage authentication on.
If you have a GoDaddy account manager use DTVS.

Other than that, I have no idea about the rest.

Brad

bmugford said:

They are retail companies, not the CIA. You do sound a little too paranoid.

If you are concerned about domain theft make sure you have 2 stage authentication on.
If you have a GoDaddy account manager use DTVS.

Other than that, I have no idea about the rest.

Brad

Click to expand...

I have no rep there but I noticed when I move names like 3Ls of .com or co or nl.net and 4 ls and 1 words, they also send me an email asking me to verify even though I already verified through the control panel.

Abdullah Abdullah said:

I have no rep there but I noticed when I move names like 3Ls of .com or co or nl.net and 4 ls and 1 words, they also send me an email asking me to verify even though I already verified through the control panel.

Click to expand...

Interesting. I would not be surprised if that is an extra check for the type of domains that are the most popular targets of thieves.

Brad

bmugford said:

Interesting. I would not be surprised if that is an extra check for the type of domains that are the most popular targets of thieves.

Brad

Click to expand...

Yeah that is what I thought. Then I had to send and reply the email which comes from transfer verify.

Almost registrar apply a cookies or tracker / analytics in order to give best experience for customer in their website, we can remove cookies easily after close the browser , or clear all data when we quit browser

I guess my point is privacy in general. Especially in a time when data breaches "happen" and stuff like Cambridge Analytica where any and all data can be used to track your "habits" and then that data is packaged and sold.

If someone company is going to track my "habits" however innocent and harmless and make money off me by packaging it and selling it. I'd like to know and I'd like to get my "cut" lol.

If I use incognito or switch IP's or use VPN or turn off cookies will I in turn be banned from Godaddy or Namejet or Sedo?

This is real reason I'm asking.

Since I'm assuming these companies track us. There are probably mechanisms in place to prevent us from being private.

I haven't done so yet but would like to if it does not ruin my account in anyway.

Pay.My.id said:

Almost registrar apply a cookies or tracker / analytics in order to give best experience for customer in their website, we can remove cookies easily after close the browser , or clear all data when we quit browser

Click to expand...

understood but is it mandatory to allow them to just to access their website and do transactions? Don't really care about "Experiences" just go in there do my thing and move on privacy intact.

WhoaDomain.com said:

If I use incognito or switch IP's or use VPN or turn off cookies will I in turn be banned from Godaddy or Namejet or Sedo?

Click to expand...

I don't think they would ban you, but you may have to 'uncloak' to do certain things. The BRAVE browser is awesome in weeding out a lot of the pesky stuff without going full dark.

Some people might say you are being paranoid about privacy. Although, many would say you are realistic about privacy.

I won't speak for the domain industry companies, but I will say that the large tech companies are tracking more than most imagine. Much more. I am unable to disclose details as an employee with a NDA.

There is a project in the works by some tech executives that will touch on the point of privacy and give a more clear picture on the boundaries being overstepped. I hope to have more details soon.

Sometime cookies is very complicated , not only for website, but we also need to check our ISP and our browser. Google using smart cookies to track everything from A to Z

WhoaDomain.com said:

I guess my point is privacy in general.

Click to expand...

Because privacy is such an important issue currently, I would like to invite @Rob Monster to this conversation. As a CEO and a technology entrepreneur his opinion and views regarding "privacy" would be very insightful.

Of course anyone from other companies are welcome to join the conversation on "Privacy" as well.

Mister Funsky said:

I don't think they would ban you, but you may have to 'uncloak' to do certain things. The BRAVE browser is awesome in weeding out a lot of the pesky stuff without going full dark.

Click to expand...

hmm brave? Better than Mozilla? or just going Incognito?

I'll give you an example that "worried" me.

I tried a certain "website" not going to mention which. But it's a "useful" website but not as BIG as Godaddy or SEDO or Namejet etc etc.

It has a trial that allows you to use their website like a couple of times. After which. you get sent to the sign up page. because your "trial" has ended.

So I did a test and tried to see how sophisticated their system was.

First went incognito. That didn't work. got sent to the sign up page.
Then used my VPN. tried every country choice. That didn't work. got sent to the sign up page.
then went to my neighborhood PC guy and was told to change my MAC address. That didn't work. got sent to the sign up page.

like WOW! mind you this is not a "big" website or company. But it seems they are using that pesky "Evercookie"?

just google it.

Evercookie is a JavaScript-based application created by Samy Kamkar which produces zombie cookies in a web browser that are intentionally difficult to delete.[1][2] In 2013, a top-secret NSA document was leaked by Edward Snowden,[3] citing Evercookie as a method of tracking Tor users.

Background[edit]
A traditional HTTP cookie is a relatively small amount of textual data that is stored by the user's browser. Cookies can be used to save preferences and login session information; however, they can also be employed to track users for marketing purposes. Due to concerns over privacy, all major browsers include mechanisms for deleting and/or refusing to accept cookies from websites.

Adobe Systems claimed that the size restrictions, likelihood of eventual deletion, and simple textual nature of traditional cookies motivated it to add the local shared object (LSO) mechanism to the Adobe Flash Player.[4] While Adobe has published a mechanism for deleting LSO cookies (which can store 100 KB of data per website, by default),[5] it has met with some criticism from security and privacy experts.[6] Since version 4, Firefox has treated LSO cookies the same way as traditional HTTP cookies, so they can be deleted together.[7][8]

Description[edit]
Samy Kamkar released v0.4 beta of the Evercookie on September 13, 2010, as open source.[2][9][10] According to the project's website:

Evercookie is designed to make persistent data just that, persistent. By storing the same data in several locations that a client can access, if any of the data is ever lost (for example, by clearing cookies), the data can be recovered and then reset and reused.

Simply think of it as cookies that just won't go away.

Evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

An Evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired.[11] Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:

• Standard HTTP cookies
• local shared objects (Flash cookies)
• Silverlight Isolated Storage
• Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
• Storing cookies in Web history
• Storing cookies in HTTP ETags
• Storing cookies in Web cache
• window.name caching
• Internet Explorer userData storage
• HTML5 Session Web storage
• HTML5 Local Web storage
• HTML5 Global Storage
• HTML5 Web SQL Database via SQLite

The developer is looking to add the following features, among others[12]:

• Caching in HTTP Authentication
• Using Java to produce a unique key based on NIC information.

Internet.Domains said:

Because privacy is such an important issue currently, I would like to invite @Rob Monster to this conversation. As a CEO and a technology entrepreneur his opinion and views regarding "privacy" would be very insightful.

Of course anyone from other companies are welcome to join the conversation on "Privacy" as well.

Click to expand...

One word. Blockchain.

Once you log into your account they got you and everything you did before logging in tied to you. I use something like expireddomains.net for research and only goto them and log in to place specific bids.

Plot twist, a lot of VPNs collect user data.

As for the cookies you don't need to panic, the important stuff is on the server side.

"Cookies perform essential functions in the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in."
Wikipedia - HTTP cookie

Can't live without them!

You have good reason to worry I find only visiting a handful of domaining site I will have files and cookies that will be tracking that will be considered high risk from antivirus etc.

public wifi is tricky.
but thats partly why they added the S to http isn't it?
well.. so what? didn't it solve the problem still?
as in.. if the site you visit says https instead of old http.. then u should be alright.. (?)

all in all, I don't think anyone except paypal (and maybe your online banks) will care about your vpn... imo

but.. if u do hold dear your paypal accnt, then i'd definitely not use vpn....nor login to it while outside your country for tat matter.... too many horror stories on the net about instant ban usually taking months to resolve when you do that... not all cases of course.. but its a chance most wont take when comes to their pp accnt i think.

cheers

Some general observations:

Yes, what we are discussing is a big problem. There is no 100% workaround, as, basically, we are dealing with a digital fingerprinting, so, each measure discussed would rather add more unique criterias to allow _them_ to better identify us:
https://en.wikipedia.org/wiki/Device_fingerprint
https://en.wikipedia.org/wiki/Canvas_fingerprinting
https://en.wikipedia.org/wiki/Browser_fingerprint

From the sites I am frequently visiting as a domainer, the most tracking / cookies / etc occurs at GoDaddy. The prrof:
1) Visit www.godaddy.com using Firefox
2) Click on "show site information" in address bar ( "i" icon located before the green https sign)
3) The list of ~25 (!) 3rd party trackers will be shown

Some workarounds:

1) Install a better browser such as Brave (chromium based, but ungoogled) or Palemoon (Firefox based)

https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)

2) Brave tends to replace google spying with its own, so some extra efforts to make it workable are needed:
https://spyware.neocities.org/articles/brave.html

3) Replace brave adblocking with ublock origin using strict blocking rules (antitracking including)

4) Install and configure canvas defender, decentraleyes or similar extensions

5) Still check and block what things are the websites using to track you. Even popular domaining/IT forums and blogs are guilty.

As for VPN, 3rd party VPNs are not necessary helpful. Who knows what they are logging and for whom. I'd have more trust to my local 4g mobile providers actually (dynamic IPs, good speed). Vs. home dsl which has the same static IP for years. It assumes that I do not do anything bad online of course. An own vpn run on a vps may also be a solution in some cases. Not to forget about using virtual machines (virtualbox etc), and 100% eliminating windows10 (which itself is a big spyware), Linux or well configured mac is a must thing nowadays.

tonyk2000 said:

Some general observations:

Yes, what we are discussing is a big problem. There is no 100% workaround, as, basically, we are dealing with a digital fingerprinting, so, each measure discussed would rather add more unique criterias to allow _them_ to better identify us:
https://en.wikipedia.org/wiki/Device_fingerprint
https://en.wikipedia.org/wiki/Canvas_fingerprinting
https://en.wikipedia.org/wiki/Browser_fingerprint

From the sites I am frequently visiting as a domainer, the most tracking / cookies / etc occurs at GoDaddy. The prrof:
1) Visit www.godaddy.com using Firefox
2) Click on "show site information" in address bar ( "i" icon located before the green https sign)
3) The list of ~25 (!) 3rd party trackers will be shown

Some workarounds:

1) Install a better browser such as Brave (chromium based, but ungoogled) or Palemoon (Firefox based)

https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)

2) Brave tends to replace google spying with its own, so some extra efforts to make it workable are needed:
https://spyware.neocities.org/articles/brave.html

3) Replace brave adblocking with ublock origin using strict blocking rules (antitracking including)

4) Install and configure canvas defender, decentraleyes or similar extensions

5) Still check and block what things are the websites using to track you. Even popular domaining/IT forums and blogs are guilty.

As for VPN, 3rd party VPNs are not necessary helpful. Who knows what they are logging and for whom. I'd have more trust to my local 4g mobile providers actually (dynamic IPs, good speed). Vs. home dsl which has the same static IP for years. It assumes that I do not do anything bad online of course. An own vpn run on a vps may also be a solution in some cases. Not to forget about using virtual machines (virtualbox etc), and 100% eliminating windows10 (which itself is a big spyware), Linux or well configured mac is a must thing nowadays.

Click to expand...

Thanks for all the info. Will look into this. What about RDP since you mentioned virtual machines?

WhoaDomain.com said:

What about RDP since you mentioned virtual machines?

Click to expand...

Remote desktop may also be useful. Actually, it may be more practical to configure it "home made" (sort of), as datacenter IPs are frequently blocked on destination websites one may want to visit. Such as: a server machine in office accessed by rdp from home. Or vice versa.

Speaking about virtual machines, I meant local. Routine surfing / potentially untrused sites? Start a virtual machine with a linux inside. One computer inside another computer. Let them track or try to infect it Finished surfing - VM shutdown and reset. This idea was further developed by Qubes OS ( www.qubes-os.org ), a linux distro. It is somewhat advanced, so, may not be good to try and learn linux though. For 1st steps in linux, I'd recommend something like Ubuntu.