How can I figure out where this tracking stuff is coming from?

5

I noticed an SE page was communicating with a load of tracking sites, as in, a load. I did some experiments. I am using Chrome, latest, on Windows 7. I have been using Ghostery and adblock since installation. I have Microsoft Security Essentials (showed up nothing on a full scan, I also did a full scan with AVG), and Windows Firewall enabled. I have cleared my cache. Here is what the network inspector looks like, in an incognito window, logged in:

enter image description here

Here is what the same page looks like in a non-incognito window (but with my cache/cookies etc cleared):

enter image description here

Note that sockets.ny.stackexchange.com is the last connection in the previous image.

How can I work out where this stuff is coming from and remove it?

fredley

Posted 2013-02-19T19:08:25.490

Reputation: 3 197

Answers

6

Some of the entries in your list refer a chrome extension (which are typically not loaded in incognito mode) - the string khbjahpecnkenngkidhioicnfpakihgo under the iframe_raw.js is the Super Full Feeds for Google Reader extension. Based on it's description:

Super Full Feeds for Google Reader™ enables full content feeds for Google Reader™. Provides readable content or iframing of feed entries. Settings are per feed or folder and are transparently built into Google Reader™.

...

  • Pre-fetch readable content for unread entries (optional).

It looks like it might be preloading stuff for you, which might be pulling in those advertisement/tracking sites.

Try disabling that extension in Chrome and see if your log looks any different in regular mode.

Jared Harley

Posted 2013-02-19T19:08:25.490

Reputation: 11 692

Turned out it was some extensions, I just disabled them. – fredley – 2013-02-20T10:16:25.160

1

Install Spybot and run a full scan. When it's done, if you look on the panel on the right side, it should tell your where most of the cookies are reporting to, if nothing else.

You should also close all your browser's and run Immunize, which should cut down on the volume of future junk like this.

David

Posted 2013-02-19T19:08:25.490

Reputation: 6 593

0

based on what I am seeing, the page you are loading is loading scripts from a number of tracker domains. many of these scripts are used across thousands of sites, so if you don't clean your cache regularly, they just get loaded from there, if a current copy is already present.

I use NoScript to selectively allow or block the domains from which scripts can run to eliminate most of it. RequestPolicy is also useful for this purpose but less granular than NoScript. There are several noscript-like plugins for chrome, so check them out. heres some discussion of one of them: http://techie-buzz.com/browsers/disable-javascript-images-cookies-in-google-chrome.html

Frank Thomas

Posted 2013-02-19T19:08:25.490

Reputation: 29 039

1The page the OP is loading is a Stack Exchange page. The vast majority of the network inspector items should not be there. – Dennis – 2013-02-19T19:51:41.833

was wondering what SE page meant. I do see several trackers on SE, including AdZerk, Gravatar, Google-analytics, and quantcast, whidh do account for most of the items shown in the first image, but not the second. – Frank Thomas – 2013-02-19T20:27:52.360

Asked: 2013-02-19T19:08:25.490

Viewed: 242 times

Active: 2013-02-19T20:56:06.060