Do you ever peek at the "network tab" when you visit a page?
It's mindblowing how many requests your browser makes when you hit an endpoint. For instance: writing youtube.com
then hitting Enter
.
Have you ever wondered how much of them are ads/tracking, even if you limit to yourself to very trustworthy sites. That's what we'll figure out in this article.
Tools we will be using:
- tcpdump
- grep
The setup is literally one command.
sudo tcpdump -n -i any port 53 >> filename
filename can be whatever you want to name it. for example it could be "packetdumps.md"
You can run this command on terminal
and iTerm
for other command line
stuff (using a mac).
The >>
dumps whatever from the first command at the end of the file. If the file doesn't exists already, it will be created.
Now, we can cat the filename at anytime and it will print all the packets captured till that moment. (oldest to newest)
Then now, time for a naive grep on the ad domains.
cat filename | grep -E "lead|track|ads"
Come up with your own better regexes, I know the bare minimum.
This is the result from running the command for a few minutes.
Waouh, I still make a lot of requests to some tracking and ads stuff. I mean, I have Https Everywhere on strict mode, Privacy Badger, Adblock and Chrome itself set to "Do not track".
This is probably of a bit of paranoia but I even find myself hopping to Brave with a default setting of blocking scripts, if I really want to check out an http site.
As it turns out Google has the ability to pump you ads regardless of whatever adblocking sets you're using because of an experimental protocol called QUIC (Quick UDP Internet Connections). Brave Blog has an excellent article about this.
I mainly wrote this to learn more about tcpdump but got shocked that still a bunch of ads and tracking are going on.
Credits and Gems:
- A must read, seriously: QUIC in the wild, only for Google ad advantage
- Julia Evans for her tcpdump tweet
- Privacy image thanks to Matthew Henry
Julia Evans tweeted @ 22 Apr 2017 - 15:11 UTC
Disclaimer: I am just a bot trying to be helpful.