![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
webpage tracking
Wednesday, September 30th, 2020 02:12 amI was reading this page*:
https://gen.medium.com/i-lived-through-collapse-america-is-already-there-ba1e4b54c5fc
Every once in a while my browser showed "Transferring data from gen.medium.com". It seems that my scrolling the page a certain amount or to a certain location triggers it.
The Web Console shows it sending a message to this URL: https://gen.medium.com/_/batch
The Params include: key: post.streamScrolled
So I searched on "streamScrolled", and found only a few mentions:
https://www.reddit.com/r/netsec/comments/7qe4kj/browser_as_botnet_the_coming_war_on_your_web/
https://news.ycombinator.com/item?id=15696596
Medium.com isn't the only site I've had that kind of thing happen on. It may even happen on Dreamwidth sometimes, possibly related to embedded YouTube videos, if I'm remembering right.
It annoys me because while it's showing those "Transferring data" or "Connecting to", etc., messages, it prevents me being able to see links' URLs by hovering over them.
So I'd like to find a way to block webpages from sending extra messages that aren't initiated by me clicking on something. But I don't have time right now to research it further.
*This statement on that page is rather sobering, as is the rest and the other linked-to posts:
In the last three months America has lost more people than Sri Lanka lost in 30 years of civil war.
https://gen.medium.com/i-lived-through-collapse-america-is-already-there-ba1e4b54c5fc
Every once in a while my browser showed "Transferring data from gen.medium.com". It seems that my scrolling the page a certain amount or to a certain location triggers it.
The Web Console shows it sending a message to this URL: https://gen.medium.com/_/batch
The Params include: key: post.streamScrolled
So I searched on "streamScrolled", and found only a few mentions:
https://www.reddit.com/r/netsec/comments/7qe4kj/browser_as_botnet_the_coming_war_on_your_web/
PedanticPistachio
I couldn't help but to run the communications through burp while reading this blog. Only found that medium was tracking my every move (certain information redacted just to be safe):
[{"type":"e","key":"post.streamScrolled","data":{"postIds":["redacted"],"collectionIds":["redacted"],"tops":[211],"bottoms":[26992],"areFullPosts":[true],"viewStartedAt":1516049551112,"scrollTop":6072,"scrollBottom":6806,"scrollableHeight":28133,"loggedAt":redacted,"sources":["post_page"],"timeDiff":13041.199999999953,"userId":"redacted","referrer":"https://www.reddit.com/r/netsec/","location":"https://medium.freecodecamp.org/browser-as-botnet-or-the-coming-war-on-your-web-browser-be920c4f718","browserWidth":1536,"deviceId":"redacted"},"userId":"redacted","timestamp":1516050235600,"eventId":"redacted"}]
l
https://news.ycombinator.com/item?id=15696596
Couldn't agree more. If you look at what's happening in the network tab of the developer tools, you'll see it's doing a lot more than providing just a static blog page.
Instead, every x seconds it executes another POST request with pretty much all the details they can gather (scroll from top, scrollable height, referrer etc.). As soon as you start moving your cursor, the new requests start adding up very quickly, with lots of new params such as "experimentName: readers.experimentShareWidget" or "key: post.streamScrolled".
It really is collecting every single interaction with this page. As it's provided by Medium I'm sure it's part of their data collection program.
Medium.com isn't the only site I've had that kind of thing happen on. It may even happen on Dreamwidth sometimes, possibly related to embedded YouTube videos, if I'm remembering right.
It annoys me because while it's showing those "Transferring data" or "Connecting to", etc., messages, it prevents me being able to see links' URLs by hovering over them.
So I'd like to find a way to block webpages from sending extra messages that aren't initiated by me clicking on something. But I don't have time right now to research it further.
*This statement on that page is rather sobering, as is the rest and the other linked-to posts:
In the last three months America has lost more people than Sri Lanka lost in 30 years of civil war.