NameSilo

How far do registrars and domain auction houses go to track you?

Labeled as question in General Domain Discussion, started by WhoaDomain.com, Mar 4, 2020

Replies:
21
Views:
621

  1. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,389
    Likes Received:
    8,698
    Lately I find myself using wifi in public spots but I use several methods to protect myself including using a vpn. with that said I haven't accessed any sites like Godaddy auctions or Ebay auctions or Namejet or Dropcatch or Sedo sites yet. For fear that I can be tracked or whatever. Been pretty paranoid about being hacked lately and have someone gain access to my Godaddy or even domain auction accounts. with Godaddy it's both your registrar and your auction.

    so to what extent does sites like Godaddy or even Sedo or Namejet to track it's users?
    another way of saying this is. How much data do these websites collect on it's users?

    AND is there anyway to be COMPLETELY PRIVATE when entering websites like Godaddy or Sedo or Namejet?

    Will you get banned or blocked for using say a VPN?

    What other methods do you think they use?

    The usually suspects are below.

    1. IP
    2. Cookies auto installed into your pc if you have your browser set.
    3. MAC address
    4. This new thing called a Super Cookie or aka Evercookie.

    As a "regular guy" I would assume the solutions for all the above would be:

    1. VPN or IP switcher.
    2. Turn off Cookies or just go incognito or use Mozilla but even now this might be obsolete due to EverCookie.
    3. Changing your MAC address.
    4. But this Super Cookie or EverCookie thing (if Godaddy is using it) seems to be impossible to prevent from tracking you.
    5. Oh and of course don't visit any of these sites while logged into your social media accounts since those share info to other websites.

    Just paranoid about my privacy. Coming from one who is pretty much has diarrhea of the mouth and is an open book. NOT GOOD.

    Is there anything I missed here?
    Some insight would be helpful for not just me but for all.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Mister Funsky

    Mister Funsky Top Contributor VIP

    Posts:
    3,757
    Likes Received:
    12,697
    I just got an email from Godadd telling me that names I recently looked at were now available and I should act to get them.

    These are names I own...good to know they are on the ball.
     
  3. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    9,512
    Likes Received:
    12,318
    They are retail companies, not the CIA. You do sound a little too paranoid.

    If you are concerned about domain theft make sure you have 2 stage authentication on.
    If you have a GoDaddy account manager use DTVS.

    Other than that, I have no idea about the rest.

    Brad
     
  4. Abdullah Abdullah

    Abdullah Abdullah Top Contributor VIP

    Posts:
    3,178
    Likes Received:
    3,864
    I have no rep there but I noticed when I move names like 3Ls of .com or co or nl.net and 4 ls and 1 words, they also send me an email asking me to verify even though I already verified through the control panel.
     
  5. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    9,512
    Likes Received:
    12,318
    Interesting. I would not be surprised if that is an extra check for the type of domains that are the most popular targets of thieves.

    Brad
     
  6. Abdullah Abdullah

    Abdullah Abdullah Top Contributor VIP

    Posts:
    3,178
    Likes Received:
    3,864
    Yeah that is what I thought. Then I had to send and reply the email which comes from transfer verify.
     
  7. Pay.My.id

    Pay.My.id Established Member

    Posts:
    1,042
    Likes Received:
    856
    Almost registrar apply a cookies or tracker / analytics in order to give best experience for customer in their website, we can remove cookies easily after close the browser , or clear all data when we quit browser
     
  8. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,389
    Likes Received:
    8,698
    I guess my point is privacy in general. Especially in a time when data breaches "happen" and stuff like Cambridge Analytica where any and all data can be used to track your "habits" and then that data is packaged and sold.

    If someone company is going to track my "habits" however innocent and harmless and make money off me by packaging it and selling it. I'd like to know and I'd like to get my "cut" lol.

    If I use incognito or switch IP's or use VPN or turn off cookies will I in turn be banned from Godaddy or Namejet or Sedo?

    This is real reason I'm asking.

    Since I'm assuming these companies track us. There are probably mechanisms in place to prevent us from being private.

    I haven't done so yet but would like to if it does not ruin my account in anyway.
     
  9. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,389
    Likes Received:
    8,698
    understood but is it mandatory to allow them to just to access their website and do transactions? Don't really care about "Experiences" just go in there do my thing and move on privacy intact.
     
  10. Mister Funsky

    Mister Funsky Top Contributor VIP

    Posts:
    3,757
    Likes Received:
    12,697
    I don't think they would ban you, but you may have to 'uncloak' to do certain things. The BRAVE browser is awesome in weeding out a lot of the pesky stuff without going full dark.
     
  11. Internet.Domains

    Internet.Domains Top Contributor VIP

    Posts:
    2,711
    Likes Received:
    6,628
    Some people might say you are being paranoid about privacy. Although, many would say you are realistic about privacy.

    I won't speak for the domain industry companies, but I will say that the large tech companies are tracking more than most imagine. Much more. I am unable to disclose details as an employee with a NDA.

    There is a project in the works by some tech executives that will touch on the point of privacy and give a more clear picture on the boundaries being overstepped. I hope to have more details soon.
     
  12. Pay.My.id

    Pay.My.id Established Member

    Posts:
    1,042
    Likes Received:
    856
    Sometime cookies is very complicated , not only for website, but we also need to check our ISP and our browser. Google using smart cookies to track everything from A to Z
     
  13. Internet.Domains

    Internet.Domains Top Contributor VIP

    Posts:
    2,711
    Likes Received:
    6,628
    Because privacy is such an important issue currently, I would like to invite @Rob Monster to this conversation. As a CEO and a technology entrepreneur his opinion and views regarding "privacy" would be very insightful.

    Of course anyone from other companies are welcome to join the conversation on "Privacy" as well.
     
    Last edited: Mar 4, 2020
  14. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,389
    Likes Received:
    8,698
    hmm brave? Better than Mozilla? or just going Incognito?

    I'll give you an example that "worried" me.

    I tried a certain "website" not going to mention which. But it's a "useful" website but not as BIG as Godaddy or SEDO or Namejet etc etc.

    It has a trial that allows you to use their website like a couple of times. After which. you get sent to the sign up page. because your "trial" has ended.

    So I did a test and tried to see how sophisticated their system was.

    First went incognito. That didn't work. got sent to the sign up page.
    Then used my VPN. tried every country choice. That didn't work. got sent to the sign up page.
    then went to my neighborhood PC guy and was told to change my MAC address. That didn't work. got sent to the sign up page.

    like WOW! mind you this is not a "big" website or company. But it seems they are using that pesky "Evercookie"?

    just google it.

    Evercookie is a JavaScript-based application created by Samy Kamkar which produces zombie cookies in a web browser that are intentionally difficult to delete.[1][2] In 2013, a top-secret NSA document was leaked by Edward Snowden,[3] citing Evercookie as a method of tracking Tor users.

    Background[edit]
    A traditional HTTP cookie is a relatively small amount of textual data that is stored by the user's browser. Cookies can be used to save preferences and login session information; however, they can also be employed to track users for marketing purposes. Due to concerns over privacy, all major browsers include mechanisms for deleting and/or refusing to accept cookies from websites.

    Adobe Systems claimed that the size restrictions, likelihood of eventual deletion, and simple textual nature of traditional cookies motivated it to add the local shared object (LSO) mechanism to the Adobe Flash Player.[4] While Adobe has published a mechanism for deleting LSO cookies (which can store 100 KB of data per website, by default),[5] it has met with some criticism from security and privacy experts.[6] Since version 4, Firefox has treated LSO cookies the same way as traditional HTTP cookies, so they can be deleted together.[7][8]

    Description[edit]
    Samy Kamkar released v0.4 beta of the Evercookie on September 13, 2010, as open source.[2][9][10] According to the project's website:

    Evercookie is designed to make persistent data just that, persistent. By storing the same data in several locations that a client can access, if any of the data is ever lost (for example, by clearing cookies), the data can be recovered and then reset and reused.

    Simply think of it as cookies that just won't go away.

    Evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

    Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

    An Evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired.[11] Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:

    The developer is looking to add the following features, among others[12]:

     
  15. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,389
    Likes Received:
    8,698
    One word. Blockchain.
     
  16. Ryan217

    Ryan217 Established Member

    Posts:
    862
    Likes Received:
    1,362
    Once you log into your account they got you and everything you did before logging in tied to you. I use something like expireddomains.net for research and only goto them and log in to place specific bids.
     
  17. gabri3l

    gabri3l Established Member

    Posts:
    32
    Likes Received:
    43
    Plot twist, a lot of VPNs collect user data.

    As for the cookies you don't need to panic, the important stuff is on the server side.

    "Cookies perform essential functions in the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in."
    Wikipedia - HTTP cookie

    Can't live without them!
     
  18. lock

    lock BACKLINKRZ.COM VIP

    Posts:
    4,263
    Likes Received:
    3,939
    You have good reason to worry I find only visiting a handful of domaining site I will have files and cookies that will be tracking that will be considered high risk from antivirus etc.
     
  19. alcy

    alcy Top Contributor VIP

    Posts:
    17,622
    Likes Received:
    28,829
    public wifi is tricky.
    but thats partly why they added the S to http isn't it? ;)
    well.. so what? didn't it solve the problem still?
    as in.. if the site you visit says https instead of old http.. then u should be alright.. (?)

    all in all, I don't think anyone except paypal (and maybe your online banks) will care about your vpn... imo

    but.. if u do hold dear your paypal accnt, then i'd definitely not use vpn....nor login to it while outside your country for tat matter.... too many horror stories on the net about instant ban usually taking months to resolve when you do that... not all cases of course.. but its a chance most wont take when comes to their pp accnt i think.

    cheers
     
    Last edited: Mar 5, 2020
  20. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,814
    Likes Received:
    2,764
    Some general observations:

    Yes, what we are discussing is a big problem. There is no 100% workaround, as, basically, we are dealing with a digital fingerprinting, so, each measure discussed would rather add more unique criterias to allow _them_ to better identify us:
    https://en.wikipedia.org/wiki/Device_fingerprint
    https://en.wikipedia.org/wiki/Canvas_fingerprinting
    https://en.wikipedia.org/wiki/Browser_fingerprint

    From the sites I am frequently visiting as a domainer, the most tracking / cookies / etc occurs at GoDaddy. The prrof:
    1) Visit www.godaddy.com using Firefox
    2) Click on "show site information" in address bar ( "i" icon located before the green https sign)
    3) The list of ~25 (!) 3rd party trackers will be shown

    Some workarounds:

    1) Install a better browser such as Brave (chromium based, but ungoogled) or Palemoon (Firefox based)

    https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)

    2) Brave tends to replace google spying with its own, so some extra efforts to make it workable are needed:
    https://spyware.neocities.org/articles/brave.html

    3) Replace brave adblocking with ublock origin using strict blocking rules (antitracking including)

    4) Install and configure canvas defender, decentraleyes or similar extensions

    5) Still check and block what things are the websites using to track you. Even popular domaining/IT forums and blogs are guilty.

    As for VPN, 3rd party VPNs are not necessary helpful. Who knows what they are logging and for whom. I'd have more trust to my local 4g mobile providers actually (dynamic IPs, good speed). Vs. home dsl which has the same static IP for years. It assumes that I do not do anything bad online of course. An own vpn run on a vps may also be a solution in some cases. Not to forget about using virtual machines (virtualbox etc), and 100% eliminating windows10 (which itself is a big spyware), Linux or well configured mac is a must thing nowadays.
     
  21. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,389
    Likes Received:
    8,698
    Thanks for all the info. Will look into this. What about RDP since you mentioned virtual machines?
     
  22. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,814
    Likes Received:
    2,764
    Remote desktop may also be useful. Actually, it may be more practical to configure it "home made" (sort of), as datacenter IPs are frequently blocked on destination websites one may want to visit. Such as: a server machine in office accessed by rdp from home. Or vice versa.

    Speaking about virtual machines, I meant local. Routine surfing / potentially untrused sites? Start a virtual machine with a linux inside. One computer inside another computer. Let them track or try to infect it :) Finished surfing - VM shutdown and reset. This idea was further developed by Qubes OS ( www.qubes-os.org ), a linux distro. It is somewhat advanced, so, may not be good to try and learn linux though. For 1st steps in linux, I'd recommend something like Ubuntu.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...