You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
-
@k3ym0 @ublockorigin And how do you block all that in uBlock? Thanks.
@dancingtreefrog @ublockorigin download the browser extension! it will work with the default config
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 oh man, is all of this just in the js console? i wanna see
-
@k3ym0 oh man, is all of this just in the js console? i wanna see
@Viss ask and you shall receive.
-
@k3ym0 @ublockorigin What about Mistral ? This is the one I use.
Mistral: two blocked requests.
Cloudflare Insights ("is the site up") and a single Intercom beacon POST that didn't even retry.
that's it. no Statsig. no tracking GIFs. no Google Analytics. no distributed tracing. no proof-of-work challenge. no
KETCHUP_DISCOVERY_CARD. nothing.a French AI company nobody talks about is running the cleanest frontend in the entire field by a factor of roughly 150x and we're all sleeping on it
les français ont tout compris
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 @ublockorigin
I don't understand all of that but it sounds worse than what Snowden told us! -
@dancingtreefrog @ublockorigin download the browser extension! it will work with the default config
@k3ym0 @ublockorigin I have uBlock Origin, been using it for many years. I didn't know it blocked all that LLM stuff. Thanks.
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
I use Claude Code, which runs outside the browser. Do you think pihole can block disproportionate requests as well as uBlock blocks browser requests?
-
I use Claude Code, which runs outside the browser. Do you think pihole can block disproportionate requests as well as uBlock blocks browser requests?
@siklist pihole can block requests by fqdn, but as you’ll notice, a lot of the third-party tracking infra was being proxied through other non-tracking infra to get around this. If Claude code is somehow loading in JS artifacts (idk if it can or not) it could bypass pihole.
-
@k3ym0 @ublockorigin I have uBlock Origin, been using it for many years. I didn't know it blocked all that LLM stuff. Thanks.
@dancingtreefrog @k3ym0 @ublockorigin
This will help a lot too.. Its an AI block list.
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 @ublockorigin
> Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.I was working on an internal analytics dashboard at some other Very Large Company What Competes With Google and someone pushed a change to fetch and run an analytics package directly from Google servers. I had to spend almost a week ripping out their changes and redoing the analytics using a lib that wasn't directly sourced from our primary competition (also I'm pretty sure the way it was used violated it's license).
So yea my lack of surprise is palpable.
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 can you translate for us older genx non computer folks? thanks
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 @ublockorigin lowkey curious about lumo ai by proton
-
@k3ym0 can you translate for us older genx non computer folks? thanks
@sergiodomeyko every time you open one of these AI chat websites, before you type a single word, the website is secretly making hundreds of connections to other companies’ servers in the background.
those connections are sending those companies information about you — what browser you use, what computer you have, your screen size, your timezone, sometimes a unique digital fingerprint that can identify you specifically.
you’re paying a monthly subscription for these AI tools, and they’re ALSO selling information about how you use them to analytics companies, ad companies, and in Google’s case, adding it to the giant file they already have on you from Gmail, Search, Maps, and everything else.
uBlock Origin is a free browser extension that blocks all of this. it’s like a bouncer for your browser. Lmk if you want some help installing it
hope that helps. welcome to the modern internet - it’s a mess out here.
-
@cloud @k3ym0 @OlivierBurnier @ublockorigin
Huh, free-online Mistral handles COBOL requests better than free-online Claude. At least the code is complete and compiles.
-
@sergiodomeyko every time you open one of these AI chat websites, before you type a single word, the website is secretly making hundreds of connections to other companies’ servers in the background.
those connections are sending those companies information about you — what browser you use, what computer you have, your screen size, your timezone, sometimes a unique digital fingerprint that can identify you specifically.
you’re paying a monthly subscription for these AI tools, and they’re ALSO selling information about how you use them to analytics companies, ad companies, and in Google’s case, adding it to the giant file they already have on you from Gmail, Search, Maps, and everything else.
uBlock Origin is a free browser extension that blocks all of this. it’s like a bouncer for your browser. Lmk if you want some help installing it
hope that helps. welcome to the modern internet - it’s a mess out here.
@k3ym0 thank you. For your explanation. I will look into it.
-
@cloud @k3ym0 @OlivierBurnier @ublockorigin
Huh, free-online Mistral handles COBOL requests better than free-online Claude. At least the code is complete and compiles.
@jakebrake @cloud @OlivierBurnier @ublockorigin i’m fucking terrified to ask why you know that.
-
You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you're allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.Touch grass. Install @ublockorigin
@k3ym0 @ublockorigin Fascinating and worrisome. For the less technically adept… would uMatrix be as effective? Or are these specific capabilities of uBO?
-
@k3ym0 @ublockorigin Fascinating and worrisome. For the less technically adept… would uMatrix be as effective? Or are these specific capabilities of uBO?
@QuercusMacrocarpa @ublockorigin uMatrix is unfortunately abandoned — development ended in 2021, same developer as uBlock Origin, he just stopped. there's also an unpatched vulnerability in it so I'd avoid it at this point.
uBlock Origin in medium mode covers most of what uMatrix used to do for this specific threat — it blocks third party scripts and XHR requests by default which is exactly what catches the telemetry pipelines I documented.
one important caveat though: if you're on Chrome, uBlock Origin was gutted by Google in late 2024 as part of their Manifest V3 changes. the full version no longer works on Chrome. for real protection you need Firefox or Brave with uBlock Origin installed. which, honestly, is probably worth a separate post.
-
@k3ym0 @ublockorigin I have uBlock Origin, been using it for many years. I didn't know it blocked all that LLM stuff. Thanks.
@dancingtreefrog @ublockorigin so long as you're using the LLM stuff within a browser, it's all the same
-
@sergiodomeyko every time you open one of these AI chat websites, before you type a single word, the website is secretly making hundreds of connections to other companies’ servers in the background.
those connections are sending those companies information about you — what browser you use, what computer you have, your screen size, your timezone, sometimes a unique digital fingerprint that can identify you specifically.
you’re paying a monthly subscription for these AI tools, and they’re ALSO selling information about how you use them to analytics companies, ad companies, and in Google’s case, adding it to the giant file they already have on you from Gmail, Search, Maps, and everything else.
uBlock Origin is a free browser extension that blocks all of this. it’s like a bouncer for your browser. Lmk if you want some help installing it
hope that helps. welcome to the modern internet - it’s a mess out here.
@k3ym0 @sergiodomeyko
Your simplified explanation is a godsend, thank you!
Did I understand this thread correctly that Mistral also does the same "bouncer" function as UBlock origin, but with the added advantage of EU ethos?
