Reply to: B.scorecardresearch.com

Getting a pre-populated hosts file that is regularly updated to block these types of trackers/linkers is a good idea.

Also speeds up browsing as it removes the need for your browser to do a DNS lookup and try to contact the domain host server, as the change tells your browser that the links are local and therefore unobtainable.

There can be some downsides as things like Google ads may no longer work if they too use a tracking system listed in the hosts file. Can always remove individual entries if you find it too restrictive.

Is the MVPS one still the best and kept as up to date as any others?

Well noscript won't work because as Nick pointed out they use a 1x1 invisible gif to track the information (its old, not exactly efficient, but does work) rather than the more detailed but less efficient javascript based tracking. The only real option is probably to edit the host file.

I'm working on a plan b that does user tracking (plus about two million other similar odds and sods regarding customer experience improvements). From the last set of figures I looked at its remarkable how few people don't have javascript enabled nowadays but then again gmail, google and many other sites simply don't work without it.

Sure, if you want to disable half the web. JS is so ubiquitous now, I don't consider it a real option to work without it - like it or loathe it the web is not about static pages but dynamic online applications now.

@NickFitz

It looks like scorecardresearch.com (SCR) are a web tracking outfit, but a "legitimate" one. They embed an image link in Facebook, which gets a 1x1 pixel transparent GIF, and sets a bunch of cookies as a side effect, which then allows them to track your activity, not just on Facebook but on other sites you visit that use their service.

The certificate fail comes about because they are using Akamai. This is a CDN (Content Delivery Network) which helps to speed up the web by keeping caches of stuff on servers around the world; so, for example, when your browser tries to load images on a website based in Australia, Akamai can return a copy of them from a server in London, which is a lot faster what with the speed of light being what it is.

In the case of Facebook, all traffic is encrypted using SSL (hence your browser location bar will show the location https://www.facebook.com/ rather than http://). However, SCR have apparently screwed up their use of Akamai with SSL, so your browser sees Akamai's SSL certificate rather than SCR's, and warns you that this stuff isn't coming from where it's supposed to.

FWIW, Mr. Obama's homepage was showing the same problem using Akamai last year

SCR's Privacy Policy (which looks tulip because the stylesheet that should make it look pretty, and the banner graphic with their logo, are both 404 Not Found, indicating that they don't put much effort into this aspect of their operations) offers a link to an opt-out page which sets a do-not-track-me-you-bunch-of-bastards cookie. The contents of this cookie are:

which means "No cookies from any directory or document at any SCR domain before the year 2041" and it works, in the sense of being sent to them with all future requests. It also seemed to stop the certificate warnings for me - I tested with Opera just to be sure. So try the opt-out link, and see if that cures your woes.

Add the following line to your host file c:\windows\system32\drivers\etc\hosts
the article you posted also listed two other domains so do the same for them.

I use Opera as my primary browser.

You can also opt-out by running NoScript on FireFox.