You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
Uncategorized
32
Posts
18
Posters
0
Views
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection β actual JS injected into the page to intercept fetch() at the API level β because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 @ublockorigin Fascinating and worrisome. For the less technically adept⦠would uMatrix be as effective? Or are these specific capabilities of uBO?
-
@k3ym0 @ublockorigin Fascinating and worrisome. For the less technically adept⦠would uMatrix be as effective? Or are these specific capabilities of uBO?
@QuercusMacrocarpa @ublockorigin uMatrix is unfortunately abandoned β development ended in 2021, same developer as uBlock Origin, he just stopped. there's also an unpatched vulnerability in it so I'd avoid it at this point.
uBlock Origin in medium mode covers most of what uMatrix used to do for this specific threat β it blocks third party scripts and XHR requests by default which is exactly what catches the telemetry pipelines I documented.
one important caveat though: if you're on Chrome, uBlock Origin was gutted by Google in late 2024 as part of their Manifest V3 changes. the full version no longer works on Chrome. for real protection you need Firefox or Brave with uBlock Origin installed. which, honestly, is probably worth a separate post.
-
@k3ym0 @ublockorigin I have uBlock Origin, been using it for many years. I didn't know it blocked all that LLM stuff. Thanks.
@dancingtreefrog @ublockorigin so long as you're using the LLM stuff within a browser, it's all the same ;)
-
@sergiodomeyko every time you open one of these AI chat websites, before you type a single word, the website is secretly making hundreds of connections to other companiesβ servers in the background.
those connections are sending those companies information about you β what browser you use, what computer you have, your screen size, your timezone, sometimes a unique digital fingerprint that can identify you specifically.
youβre paying a monthly subscription for these AI tools, and theyβre ALSO selling information about how you use them to analytics companies, ad companies, and in Googleβs case, adding it to the giant file they already have on you from Gmail, Search, Maps, and everything else.
uBlock Origin is a free browser extension that blocks all of this. itβs like a bouncer for your browser. Lmk if you want some help installing it :)
hope that helps. welcome to the modern internet - itβs a mess out here.
@k3ym0 @sergiodomeyko
π
Your simplified explanation is a godsend, thank you!π
Did I understand this thread correctly that Mistral also does the same "bouncer" function as UBlock origin, but with the added advantage of EU ethos? -
@k3ym0 @sergiodomeyko
π
Your simplified explanation is a godsend, thank you!π
Did I understand this thread correctly that Mistral also does the same "bouncer" function as UBlock origin, but with the added advantage of EU ethos?Did I understand this thread correctly that Mistral also does the same "bouncer" function as UBlock origin, but with the added advantage of EU ethos?
Not quite - it's not that Mistral is doing the same "bouncer" function as uBlock, it's that Mistral is built differently than the other AI websites in that it doesn't discretely spy on you.
In essence, there's very little (or nothing) for the bouncer (i.e. uBock) to do when you're using Mistral.
either way I highly encourage everyone to use uBlock :)
-
Did I understand this thread correctly that Mistral also does the same "bouncer" function as UBlock origin, but with the added advantage of EU ethos?
Not quite - it's not that Mistral is doing the same "bouncer" function as uBlock, it's that Mistral is built differently than the other AI websites in that it doesn't discretely spy on you.
In essence, there's very little (or nothing) for the bouncer (i.e. uBock) to do when you're using Mistral.
either way I highly encourage everyone to use uBlock :)
@k3ym0 @sergiodomeyko
Thank you so much, it's crystal clear now!ππ
#instantfollow π -
@k3ym0 @sergiodomeyko
Thank you so much, it's crystal clear now!ππ
#instantfollow π@joseph11lim @sergiodomeyko anytime, internet friend :)
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection β actual JS injected into the page to intercept fetch() at the API level β because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
I only use the free models on offer by duck.ai, and do it sparingly and in a self-contained manner. I decided that if those models are not enough for a problem, then I would probably be better off seeking a source with real authority and intelligence. They can track my anonymous private (network and browser) sessions all they want π, if they wish to.
(And that annoying non-cross-poster can go fuck itself. I'm deliberately posting this here because of it. So, Mission Accomplished!)
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection β actual JS injected into the page to intercept fetch() at the API level β because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 @ublockorigin What about Lumo from Proton?
-
@k3ym0 @ublockorigin lowkey curious about lumo ai by proton
@CandlesARG @ublockorigin just checked - lumo comes back clean - 0 blocked requests.
in case you want to check it out for yourself, here are the docs: https://github.com/gorhill/uBlock/wiki/The-logger
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection β actual JS injected into the page to intercept fetch() at the API level β because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0@infosec.exchange @ublockorigin@lemmy.ml
im never using ai already .__. -
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection β actual JS injected into the page to intercept fetch() at the API level β because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0@infosec.exchange
Thats a funny and interesting read, thank you π.
I've got ublock since ages but deploying custom filters like that is way over my head.
-
undefined oblomov@sociale.network shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@meatlotion wow, it's beautiful!
-
@stefano the view from my bedroom window. Not as colourful, but definitely as hopeful.
-
π¬ NicFab Newsletter #10 | March 3, 2026
Privacy, Data Protection, AI & Cybersecurity β weekly review.
In this issue: EU enforcement actions, EDPB developments, cybersecurity alerts, and AI Act analysis.
π Read the full issue: https://www.nicfab.eu/en/newsletter/2026-03-03-issue-10/
π© Subscribe: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#Privacy #GDPR #DataProtection #AIAct #Cybersecurity #InfoSec
-
@antonemma infatti io NON uso Microsoft ma esclusivamente #Linux e #SoftwareLibero. In particolare ho ancora una TV tradizionale che perΓ² uso come monitor multimediale collegato ad un #Raspberrypi con kodi.tv. Non c'Γ¨ collegato niente altro
-
@esna@serafuku.moe μ΄λ―Έ εζΌ’ζζ··η¨ι«λ‘ μ°κ³ μμ΅λλ€. π
-
@focaccino se la questione Γ¨ evitare substack, ci sono cose tipo ghost e wordpress anche, che possono federare.
-
Cisgiordania, Israele ordina demolizione di campo sportivo nel campo profughi. LβUE βmonitoriamoβ
@news
https://www.eunews.it/2026/03/03/cisgiordania-israele-ordina-demolizione-di-campo-sportivo-nel-campo-profughi-lue-monitoriamo/
Mimmo Lucano (laSinistra) contro la decisione del governo di Benjamin Netanyahu di togliere il calcio ai bambini. Dalla Commissione l'invito a non procedere. E' l'ennesimo richiamo debole ad un Paese sordo
-
μ¬λλ€ λ€ εζΌ’ζ··η¨ι«λ‘ γμ 葨θ¨νμΈμ
