You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004. - Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.
Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.
Touch grass. Install @ublockorigin
reshared this
viq, da_667, hypebot, Juggling With Eggs, peelinggecko, Frankie ✅, Shaun Chamberlin, Azuaron, Pete Prodoehl 🍕, Galactic Stone, DoomsdaysCW, diana 🏳️⚧️🦋🌱, Dusk to Don, your auntifa liza 🇵🇷 🦛 🦦, Mariya Delano, Nullstring 🏴☠️, Simon and Cad, Aleksandr Koltsoff, Joy_intl, Lambert Heller, Aral Balkan, Melissa BearTrix, Mre. Dartigen [maker mode], Glyn Moody, Androcat, María Arias de Reyna, Jim Gardner, Starhawk and M Schommer reshared this.
David W. Jones
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to David W. Jones • • •Sergio
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to Sergio • • •@sergiodomeyko every time you open one of these AI chat websites, before you type a single word, the website is secretly making hundreds of connections to other companies’ servers in the background.
those connections are sending those companies information about you — what browser you use, what computer you have, your screen size, your timezone, sometimes a unique digital fingerprint that can identify you specifically.
you’re paying a monthly subscription for these AI tools, and they’re ALSO selling information about how you use them to analytics companies, ad companies, and in Google’s case, adding it to the giant file they already have on you from Gmail, Search, Maps, and everything else.
uBlock Origin is a free browser extension that blocks all of this. it’s like a bouncer for your browser. Lmk if you want some help installing it 😀
hope that helps. welcome to the modern internet - it’s a mess out here.
your auntifa liza 🇵🇷 🦛 🦦 reshared this.
Sergio
in reply to k3ym𖺀 • • •Joseph Lim
in reply to k3ym𖺀 • • •🙏
Your simplified explanation is a godsend, thank you!🏆
Did I understand this thread correctly that Mistral also does the same "bouncer" function as UBlock origin, but with the added advantage of EU ethos?
k3ym𖺀
in reply to Joseph Lim • • •@joseph11lim @sergiodomeyko
Not quite - it's not that Mistral is doing the same "bouncer" function as uBlock, it's that Mistral is built differently than the other AI websites in that it doesn't discretely spy on you.
In essence, there's very little (or nothing) for the bouncer (i.e. uBock) to do when you're using Mistral.
either way I highly encourage everyone to use uBlock 😀
Joseph Lim
in reply to k3ym𖺀 • • •Thank you so much, it's crystal clear now!🙏🙏
#instantfollow 😊
Natanox 🇺🇦🇵🇸
in reply to k3ym𖺀 • • •Olivier Burnier
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to Olivier Burnier • • •@OlivierBurnier
Mistral: two blocked requests.
Cloudflare Insights ("is the site up") and a single Intercom beacon POST that didn't even retry.
that's it. no Statsig. no tracking GIFs. no Google Analytics. no distributed tracing. no proof-of-work challenge. no
KETCHUP_DISCOVERY_CARD. nothing.a French AI company nobody talks about is running the cleanest frontend in the entire field by a factor of roughly 150x and we're all sleeping on it
les français ont tout compris
#mistral #privacy #infosec
your auntifa liza 🇵🇷 🦛 🦦 reshared this.
Fokeu 🇪🇺🚩
in reply to k3ym𖺀 • • •chris
in reply to k3ym𖺀 • • •@k3ym0@infosec.exc#duckhange @OlivierBurnier @ublockorigin What is your take on duck.ai?
Further limiting user profiling by using the Tor Browser?
#chat #privacy #tor #duckduckgo
x0
in reply to k3ym𖺀 • • •Nazo
in reply to k3ym𖺀 • • •Kobold
in reply to Nazo • • •Viss
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to Viss • • •@Viss ask and you shall receive.
Luke Harby
in reply to k3ym𖺀 • • •@Viss
😱
Viss
in reply to k3ym𖺀 • • •Zennblack
in reply to k3ym𖺀 • • •Siklist
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to Siklist • • •snowyfox
in reply to k3ym𖺀 • • •Sensitive content
MayaMayaMaya
in reply to k3ym𖺀 • • •> Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
I was working on an internal analytics dashboard at some other Very Large Company What Competes With Google and someone pushed a change to fetch and run an analytics package directly from Google servers. I had to spend almost a week ripping out their changes and redoing the analytics using a lib that wasn't directly sourced from our primary competition (also I'm pretty sure the way it was used violated it's license).
So yea my lack of surprise is palpable.
your auntifa liza 🇵🇷 🦛 🦦 reshared this.
CandlesARG
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to CandlesARG • • •@CandlesARG just checked - lumo comes back clean - 0 blocked requests.
in case you want to check it out for yourself, here are the docs: github.com/gorhill/uBlock/wiki…
The logger
GitHubQuercus
in reply to k3ym𖺀 • • •k3ym𖺀
in reply to Quercus • • •@QuercusMacrocarpa uMatrix is unfortunately abandoned — development ended in 2021, same developer as uBlock Origin, he just stopped. there's also an unpatched vulnerability in it so I'd avoid it at this point.
uBlock Origin in medium mode covers most of what uMatrix used to do for this specific threat — it blocks third party scripts and XHR requests by default which is exactly what catches the telemetry pipelines I documented.
one important caveat though: if you're on Chrome, uBlock Origin was gutted by Google in late 2024 as part of their Manifest V3 changes. the full version no longer works on Chrome. for real protection you need Firefox or Brave with uBlock Origin installed. which, honestly, is probably worth a separate post.
Kerplunk
in reply to k3ym𖺀 • • •@QuercusMacrocarpa
one important caveat though: if you're on Chrome, uBlock Origin was gutted by Google in late 2024 as part of their Manifest V3 changes. the full version no longer works on Chrome. for real protection you need Firefox or Brave
OR UngoogledChromium uBlock from
github.com/gorhill/uBlock/rele…
Add localcdn or privacy Badger.
Do not use googles store, it is a pernicious tracker... and
Releases · gorhill/uBlock
GitHubAnsar Smagul
in reply to Kerplunk • • •@Kerplunk @QuercusMacrocarpa
We're building an open-source, system-wide ad-blocker called Zen.
It sits outside the browser, so it's unaffected by the artificial limitations of Manifest V3 (among other benefits), so I'd recommend it to anyone still using Chrome.
We're aiming for 100% feature parity with uBO and other ad-blockers (already 90% there). Check it out if you're interested: github.com/ZenPrivacy/zen-desk…
GitHub - ZenPrivacy/zen-desktop: Simple, free and efficient ad-blocker and privacy guard for Windows, macOS and Linux.
GitHubNotFrenchJack
in reply to k3ym𖺀 • • •I only use the free models on offer by duck.ai, and do it sparingly and in a self-contained manner. I decided that if those models are not enough for a problem, then I would probably be better off seeking a source with real authority and intelligence. They can track my anonymous private (network and browser) sessions all they want 😎, if they wish to.
(And that annoying non-cross-poster can go fuck itself. I'm deliberately posting this here because of it. So, Mission Accomplished!)
Gabriel H. Nunes
in reply to k3ym𖺀 • • •plan-A (゚ヮ゚)
in reply to k3ym𖺀 • — (8 - Bit) •Here the saying is adverse you see?
"If you don't pay a product, you are the product" from Kevin M ( may he rest in peace ) do not count for me and many many others that opened their mind to it as one day you'll have to compete, or troubleshoot your network problem offline etc etc while I use the product and them not me.
And spare me the legality of things aspect, they are all open source> just look around.
plan-A (゚ヮ゚)
in reply to k3ym𖺀 • — (8 - Bit) •@k3ym𖺀 Now you will tell me but it stay's slop while I kept proving that it is not the case and that you can learn it if you took the trouble and time to read the official docs of those open source models.
You can do or make your own RAG system as making your own checker that no API can do for those that pay.
I oppose the fact that they push it ( Big tech Corp's ) to even GitHub and so many things where the consumer has no choice ( as some mobile phones ) or the search engines AI likes or the ones you use in fact and pay for it that really scrape the web aggressively for the cash.
But do not tell me that all AI is what you seem to use.
All telemetry and websocket etc issues are a no brainer as solution to run it on local host no internet needed.
Wishing you a good day
Michael T Babcock
in reply to k3ym𖺀 • • •Imagine what a bad actor could manipulate you into believing through prompt responses based on its deep knowledge of your past thinking.
The psychological manipulation possibilities are truly frightening.
#skynet #ai #cybersecurity
k3ym𖺀
in reply to Michael T Babcock • • •@mikebabcock
That’s an understatement.
“We kill people based on metadata.”
— Michael Hayden, Former Director of the NSA
sauce
"We kill people based on metadata" - General Hayden (2014)
Woke Media (1) (YouTube)computer toucher ._.
in reply to k3ym𖺀 • • •Menel :xmpp:
in reply to k3ym𖺀 • • •I've got ublock since ages but deploying custom filters like that is way over my head.
k3ym𖺀
in reply to Menel :xmpp: • • •caneToad
in reply to k3ym𖺀 • • •Thanks for your analysis, good stuff. Confirms my suspicion that GenAI LLM are a kind of AdTech Surveillance Capitalism on steroids, draining way more data from the victim than 'traditional' TechBro corporate eavesdropping.
I suggest to establish digital self defence:
1) Use common sense and avoid bullshit products based on stolen data (GenAI LLMs use HUGE amounts of energy and water for ... what?). Practice good thinking and figure what you can do on your own, with your brain, and without a lying electric parrot crutch.
2) Harden your browser > uBlock Origin, and get to protect your network on DNS level > e. g., with Pi-hole. There, add AI blocklists.
3) Get independent, and off TechBro ripoff services and subscription products. Reclaim your digital freedom.
DoctimusLime
in reply to k3ym𖺀 • • •I love you, I'm proud of you.
in reply to k3ym𖺀 • • •MarjorieR
in reply to I love you, I'm proud of you. • • •Tatara🌱
in reply to k3ym𖺀 • • •walnut 🌱
in reply to k3ym𖺀 • • •@k3ym0
That's incredibly rich coming from them
finallymadeanaccount
in reply to k3ym𖺀 • • •Ω 🌍 Gus Posey
in reply to k3ym𖺀 • • •Kat the Leopardess
in reply to k3ym𖺀 • • •Luke Harby
in reply to k3ym𖺀 • • •Crazy about ChatGPT or then again maybe not.
It's like a race to see which company can become the most insidious.
Christmas Tree
in reply to k3ym𖺀 • • •