So a bit ago I got an add for “canned rambutan”. I had looked up Rambutan a few days prior after hearing it mentioned 10 hours into the video game Baby Steps. I wasn’t using a VPN at the time and I didn’t have fingerprinting protections active but I only mentioned it to a few sources (according to my browser history) all of which generally are implied to be private.
Which of these do you think is the reason the ad networks know?
- Wikipedia
- Startpage Search
- Duckduckgo Search
- My ISP
- Firefox
- My Firefox Extensions
- Kubuntu
- CachyOS
- The omnipotent algorithm connecting my mentions of Baby Steps with my progress through the game.
- Does this only make sense if my browser history is incomplete?
- Maybe I was using DNS over HTTPS via Cloudflare at the time of my search.
Any guesses as to where the weak link is?
You must log in or register to comment.
You say you were not using a vpn. Then the site has your ip and probably has meta/google ads or other shit running on it and links the product with your ip.
This data is added to some data broker/ ad network and you see an ad when you visit a site using this network as you have “signalled” interest in the product by viewing the product page the first time.
I don’t see ads but if I were to, and despite all my precautions some would be on topic based on my past behavior I would methodically dissect to find out the leak. Namely I would try to automate the process :
- identify a place showing ads
- take an action, e.g. search or browser, on a verifiable unique topic (in order to prevent from generic suggestions, e.g medication during flu season)
- verify if the ads become relevant
- enable/disable any of the tools used, repeat
one of the sites you looked at while looking up rambutan? no vpn too, if a page you looked at was served ads by an ad provider they could track you with your ip, as well as assosciating you with a unique fingerprint since you dont have fingerprinting protection. if you only used wikipedia, there is a second rambutan season in some places from november to january, so its possible that they (the rambutan or fruit processing and agricultural industry) are just trying to pick up sales ahead of the season.
if you have sus extensions too.
If the EFF de anonymization tool can de anonymize your browser, then the ad network can too.
Try searching for something with tor browser - no javascript
This isn’t a matter for fingerprinting. I haven’t directly visited any sites about rambutan other than Startpage, Duckduckgo, and Wikipedia.
well, it would make no fucking difference if you had a vpn on, ALL IT DOES IS MOVE YOUR EXIT POINT. it cannot touch your browser traffic.
frustrates me to bo end the bullshit fucking ads/lies vpn companies peddle
If my exit point is my ISP, and my ISP is selling my data to advertisers (hypothetically), then a VPN would make a difference. That’s why I mentioned it.
search data would be difficult to obtain for a service provider. it would require a retargeting campaign or something to extract your search values.
search data is already tls encapsulated at the browser. isp can see your tcp metdata, but not the data.
also… not the point. sorry
I should’ve known that but forgot. You’re right, my ISP shouldn’t be able to see anything but that I visited Wikipedia. They wouldn’t know that I searched for rambutan.
A vpn is just another isp, which could also sell your data
I would trust something like Mullvad more than ATT or Verizon to not sell my data, wouldn’t you?
I would trust Mullvad more than Verizon or ATT to not sell my data.
Wouldn’t you?
I would trust Mullvad more than Verizon or ATT to not sell my data.
Wouldn’t you?
I would trust Mullvad more than Verizon or ATT to not sell my data.
Wouldn’t you?
And it also could not. Either way it wasn’t active at the time so it’s down to whether my ISP is selling it.
How old is that game? Are there other people in your demographic who also play the game, and then searched for the same thing?
September 2025
I would guess the likely culprits are
Firefox extensions
Search engines
Wikipedia
Other search results you may have opened or pre-loaded (not a default Firefox behaviour)
I don’t think Wikipedia is a likely culprit. I haven’t heard anything about them selling data.
You’ll need to provide all the sites you visited immediately after each of the ones you searched. Your
originheader will give that info away freely. So if it’s in the query parameters of the URL, then you go to Facebook, it’s as easy as{k: v for k, v in (pair.split("=", 1) for pair in response.headers["origin"].split("?", 1)[-1].split("&"))}Firefox only stores the time of my most recent visit so I don’t have that information anymore, so let’s just assume I went to YouTube immediately afterwards.
I have noticed ublock origin block counter go up on Wikipedia but haven’t looked into why
I might be wrong but I believe the ‘other annoyances’ option in uBlock Origin removes the Wikipedia “donate” banner. That could be what that is.
Well, without a VPN your ISP sees every site you enter. I wasn’t aware they might be selling that data for targeted ads, but it makes sense, why wouldn’t them?
That’s not true, your ISP might see your DNS and unencrypted web traffic sure but web searches use HTTPS so ISPs aren’t reading the query or results
Aren’t they seeing all the urls you access?
No, unless you browse http website. They’ll only see the domain name in the request SNI or during the DNS request. C
But see ip you connect to. Reverse dns using own dns could show set of url possible on ip.
Reverse DNS would only show domain name, not URL. And even then a lot of websites are sharing IPs. No point in doing that when you’ve got SNI.
True only domain. TIL about sni. But vpn still protect against sni analysis no?
With a VPN it’s the VPN that has access to the list of domain you visit instead of your ISP. Whether you should put your trust in your ISP or a VPN is another question.
…and if you use DoH, they won’t even see DNS.
I would argue that you don’t need a VPN. It’s just another entity that can see your traffic, and there’s no reason to trust them over your ISP. They’re all for-profit companies.
But they’ll still see the SNI.
Looking it up my ISP isn’t exactly trustworthy, but there have been no clear allegations. I’d say it’s the most likely cause if not my Firefox extensions.
EDIT: I just got another theory, Cloudflare, I’ll add it to the list.
If you’re really crazy about your privacy I’d recommend getting rid of any extensions you don’t 100% need (keep ublock origin though) as not only can they stalk you themselves but it can also help websites fingerprint you. Keeping your extensions to a minimum will help you blend in with the crowd, especially if you use a hardened browser like LibreWolf and/or Mullvad Browser
I use AdGuard rather than uBlock Origin for adblocking, because it allows me to opt-in and only block ads when they are aggressive enough to be annoying. But I’ve not been trying to minimize fingerprinting. The issue is just that everything I used in this instance came with either a tacit or explicit promise not to track me and I don’t know which is lying.
Other extensions I use are:
- Remove YouTube Suggestions
- 10ten Japanese Reader (just now disabled)
- Tampermonkey
- Proton Pass (because my government services require 2FA, but only offer an official government app that uses the play integrity API, or a Passkey which is only natively supported on Windows or Mac)
- Time Tracker - Web Habit Builder
- Improve Crunchyroll (which seems to have stopped Crunchyroll from forcefully dropping my resolution to 144p).
- SteamDB (just now disabled)
I’ve never used AdGuard but you can customize uBlock Origin to fit your needs and block specific things for specific websites. uBlock Origin is commonly used as a default in hardened browsers which would help you fit in with the crowd even more (although I realize you said you weren’t going for anti-fingerprinting, just something to consider)
-
I switched to using Grayjay Desktop rather than my browser for YouTube
-
If you need a userscript manager, Violentmonkey is an open source alternative
-
Proton Pass has an app, yes less convenient without the autofill but better for privacy not to have the extension
-
Personally, I would just sail the seven seas
- I have Freetube installed but I found no reason to really use it when I have this browser extension and adblock (though I don’t have one enabled for YouTube so I have no idea why I’m not seeing ads). I can probably do what Remove YouTube Suggestions does with Tampermonkey or Violentmonkey anyway so I might switch.
- Didn’t realize Tampermonkey wasn’t open source. I’ll look into it when I can eventually be bothered.
- I can’t use a Passkey on my phone. GrapheneOS doesn’t support passkeys.
- Piracy isn’t worth the hassle to me, though it’s not like Crunchyroll has been much better lately.
-
Do any extensions have permission to view your browsing data? You can check by opening the extension manager, clicking the extension and clicking the ‘permissions and data’ tab. I would suspect 5 and 6 the most, 1 might be suspect too. Those extensions by nature would need such permissions to some extent.
AdGuard, ProtonPass, TamperMonkey, Time Tracker, and 10ten have those permissions. The others don’t. I don’t think any of these extensions would be able to function without these permissions.
Microsoft serves ads through duckduckgo that could connect the search to your IP perhaps if you clicked one
I’m pretty sure I never clicked on one. And I’ve turned off Firefox link previews too IIRC.
It doesn’t matter if you click on it. The ad space auction is already done.
Apparently Startpage and Duckduckgo use contextual advertising (rather than targeted advertising) so the advertisers on an unrelated website shouldn’t know I was looking up rambutan.
The ISP shouldn’t even see the search term given basically everything on the internet uses https.
The ISP will see the domain names of the pages you visit if you use their DNS or some other unencrypted DNS but those are unlikely to contain the search term.
Even if you use encrypted DNS they’ll still be able to see the domain in the SNI. Websites using ECH are very rare.
Did you click on any search results?
I found that the Firefox Browser history is often incomplete.
As far as I can remember, only the Wikipedia one.
Any extension could leak this information as well.
Is your default engine something other then the mentioned search engines? The search suggestion feature leaks information too.
I had removed all but Duckduckgo and Startpage from my browser.
My browser extensions are a good angle. If they’re selling my data to fund themselves that’d explain some things.
