Userscripts.org

I for one, think that superficial attempts to circumvent their tracking will probably fail, while giving the appearance of success. If anyone is patient and sophisticated enough to delve into what their event listeners do (sorrowfully, I am not), then please prove me wrong. This is not just a hunch. I did notice that once when I fiddled with this, it broke their code producing an error message coming from their event handler: "a.something". Also, attempts to overwrite their clk function thusly: unsafeWindow.clk = function(){return} also fail, which seems to prove that an event listener is acting to restore their desired behavior.

If you think about it, they almost have to have such an ironclad tracking system, since they get PAID for sponsored clicks. In fact, just the fact that such a tracking method could be written nearly proves that it has been. They're not about to let greasemonkeys like us cheat them out of their primary revenue stream!!! Anyone know how to put a trace on the "killed" click event to see if it still goes back to a google server?

Another way to test this would be to track a paid adword combination by paying for a completely unthinkable word combination. If the hacked onMousedown event fails to trigger a paid click, then we will know it works.

Unfortunately, I think the big brother approach is most likely: they are probably tracking the natural results as well. They get "paid" for these clicks in a more indirect way - by "improving" their search results. But the potential for side benefit abuse, including to intelligence communities is undeniable. Google has claimed that they have recorded every search ever performed since their inception. That includes the ip addresses of all search requests. More than spooky!

9 calls to onMousedown events (one or more of these could be re-instating your removed code)
34 calls to onClick events (the ultimate failsafe could compare onClicks to onMousedowns)
3 calls to addEventListener (only takes 1 of these to intercept your clicks/mousedowns)
3 calls to stopPropagation (these calls can cancel attempts to override their listeners)
4 instances of setting cancelBubble=[true/var] (another indication of halted event propagation)
12 calls to setTimeout() (could be used to check for changes to the DOM and repair them)
2 calls to setInterval() ""

With all this potential weaponry and armor, it stands to reason that it will take more than a stone to fell the mighty Googliath. They have the resources to hire the best programmers and develop the most airtight code possible. They can certainly anticipate attempts by rogue programmers to interfere with their game plan.

Like the self-replicating agent in the Matrix (reloaded), they can easily anticipate and defend against attacks on their own turf, including re-instating hacked variables and functions. And we are playing in their matrix when we piggyback using Greasemonkey against 43k bytes of highly sophisticated, optimized and obfuscated code. I suspect that the best way to defeat them is to remove ourselves from the matrix altogether. That is -- to turn off javascript for their search pages. This can be conveniently done using a little-known add-on called Script Skipper. Unlike the popular (and cumbersome) "NoScript" add-on (which uses an opt-in white-list), this uses an opt-out blacklist to defeat scripts on a site basis. It operates prior to page load, which is something I wish Greasemonkey could do. Unfortunately, it officially works only with Firefox 2.0, but still worth checking out. One of the great things about Script Skipper is that Greasemonkey will still work on an affected page! So you are free to alter the tracking urls without fear of a back door.

In the end however, all attempts to defeat Google's all-seeing eye are futile, unless a proxy server is involved. In order to serve your results at all, your ip address is handed over on a silver platter. Is it really so important that they know the specific sites visited when they already know the primary terms you are searching for?

BTW, I was not picking on you. I wrote a google script Google Static Nav Bar and found myself knee deep in all this same stuff.

This also explains why overwriting the clk function by way of: unsafeWindow.clk = function(){return} does nothing. It appears that the clk function is either a backup - or more likely - a total decoy. The trackers are obviously still active through another hidden function triggered by an onClick event captured from an eventListener. Unless used for a more obscure browser, or as a legacy fallback, the onMousedown event is a total facade.

Well, in the spirit of mythbusters, I guess Google's clicktrack onMousedown event code is now: BUSTED! Please double check my findings for verification and I still suggest that you leave some version of your script online so that others searching on this topic will find this thread and be forewarned.

One of my biggest gripes about Greasemonkey is there is no option to pre-process the raw html before scripts start running. So GM is useless for saving the time eaten up by all the initializing code - including ad code. Many scripts are out there for removing ads but they still take time pulling those ads into the page to begin with (even when ads are ajaxed, those processes cannot easily be interrupted). This is why I value the Script Skipper add-on so much, since it actually turns off JS before it ever gets a chance to do any work on the page. (BTW, it does this by selectively turning off the javascript in a FF setting). So your best way to prevent code from ever running (and continuing to run) will be to use Script Skipper in conjunction with GM.

Well just an idea. But instead of playing on Google's terms, or killing all scripts (which I had been doing with NoScript), what about just extracting the desired info (URLs and descriptive text, etc.), then totally replace the page (with a window.open() or something) and remake the page from scratch with just plain links and text but still a look-alike?

I know it's not a nice surgical strike as would normally like to do with GM. But then if what we have is a handful of medical trainees vs. the top surgeons in the world, we might not want to have such a duel.

Or... Could just try *asking* Google what would be a nice way to do it, as long as we guarantee to make certain all advertising tracking stays fully in place. They may actually be willing to cooperate rather than lose ad links through a more blunt force approach.

Squirrelly: Not a bad idea. That is essentially what clipland has attempted with this script. Unfortunately, to fully accomplish this, there needs to be a convenient way to turn off scripting. Greasemonkey is the wrong tool for this since it gets to the page too late to stop the bleeding (embellishing your medical analogy). And NoScript - from what I've read about it - seems to be the wrong tool entirely as it doesn't even allow surfing the "real" internet - since it turns javascript off indiscriminately for all sites except for those you specifically opt to allow it. This is overkill, to say the least.

The Script Skipper add-on is the right tool, since it turns off scripting only for sites that you specify. It turns JS off before the page loads, which is important since we don't want to wait for lots of useless scripting, which primarily serves google, not us. However, it doesn't kill the cookies, so tracking is still possible. For that, you can simply use the built in cookie manager within Firefox, and disallow google.com & www.google.com. I have not seen any downside to it except that user preferences (such as number of results per page) are not retained. Signing in, of course is not an option at all if you don't want to be tracked.

Quoting an earlier post: "In the end however, all attempts to defeat Google's all-seeing eye are futile, unless a proxy server is involved. In order to serve your results at all, your ip address is handed over on a silver platter. Is it really so important that they know the specific sites visited when they already know the primary terms you are searching for?"

So unless you have a truly dynamic ip address (not common in broadband) you need to resort to something like anonymouse.org as a proxy server which will hide your ip address. Then google cannot even attempt to build a profile on you, since you don't exist.

Thanks, Paka. Yeah Script Skipper sounds like a good app. For me though NoScript is actually better, as I *do* want to block scripts for *all* sites except those I need it for. There is security, but even more so for nuisances. I often go to all sorts of random pages when researching something with Google or such. And a bunch of the places with forums or answer sections also have some of the more annoying ads, pop-up media, hover and click junk, and stuff that slows the page down. So it really cuts down on all that. And just a click to turn on scripting for a page permanently, or just for that visit.

But enough promoing other tools. :-) What I'm here for is hopefully something for GM. I already use GM and NoScript. I would actually like to reenable Google in NS, but just don't much care for them tracking each page I go to. I know they'll track the searches themselves, and would rather they didn't, but overall I'm okay with that. Maybe that's weird, donno. :-) To me, with the terms I usually use, that's much more general, and they can have very little idea just what particular sort of content I'm looking for. But when they track the individual pages, then that's a lot more personal, and I feel uncomfortable with it.

So you're saying that's what Clipland is trying here, and I do need to spend some time checking out the script.. but it doesn't sound like what I was talking about. What I've heard is modifying the existing page, which does have the scripts and everything running, yes. What I'm talking about is fetching the content of that page, but then scrapping the page all together for a new generated one of your own, which then won't have any scripts or triggers running. Then fill it in to look like the Google page.

If I get a chance, I'll see if can doodle up a very simple version.

But I am glad this is being addressed here. I had seen other GM scripts for Google like this, but they don't bring up these important issues, or say if they've addressed them (which I'd assume means they didn't).

Thanks again!

Squirelly said: what about just extracting the desired info (URLs and descriptive text, etc.), then totally replace the page (with a window.open() or something) and remake the page from scratch with just plain links and text but still a look-alike?

But google only uses plain links these days. They have abandoned the links which start with "google.com?" and gone to standard links. So there is no need to "remake the page from scratch" if you use Script Skipper as suggested. Without their javascript, there is no tracking of clicks.

There is another greasemonkey script that claims to stop tracking of results, GoogleMonkeyR. You might want to look at that.

Due to the way it works, some of the advanced features don't work with script blockers though.