You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.

I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.

Claude:

• Six parallel telemetry pipelines.
• A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
• Intercom running a persistent WebSocket whether you use it or not.
• Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:

• proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
• uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
• Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
• Also runs a proof-of-work challenge before you're allowed to type anything.

Gemini:

• play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
• Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.

When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.

Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.

All three of these products cost money.
One of them is also running ad infrastructure.

Touch grass. Install @ublockorigin

#infosec #privacy #selfhosted #foss #surveillance

so hrtcafe.net went down due to a coordinated terf/far-right action.

and so this is as good a time as it gets to make even more mirrors of https://git.gay/hrt/pages/ (or the github repo this is a mirror of already, if you want to touch github).

clone it, set a cronjob to do a pull every week. set up a web view like https://hrt.soap.systems if you have the means to do so and the willingness to deal with potential terf interference.

trying to shut down online resources hosted by annoyed transfems, that’s totally going to work and have the intended effect, right?

edit: people are asking if I know what actually happened, what kind of attack it was and such.

I didn’t see a lot of confirmed info about it (and didn’t really look too hard either), but judging by what I’ve read so far, I’m assuming a combination of doxxing, pestering the hosting and threatening legal harassment.

supposedly the person who hosted it took it down themselves to get the heat off of them - and I can’t blame them, that’s reasonable, no one doing this should ever feel expected to stand up to being personally targeted. that’s what we have a community for. they can back off to ensure their own safety, while we deploy a hundred more mirrors.

/erin

We present: the Swiss Banks and Insurances holding shares of Palantir...and bought thousand of new shares in 2025 despite of many many controversial headlines.

Die Schweizer Nationalbank nach wie vor weit vorne...

Und wie wird das mit all den ethischen und nachhaltigen Investment-Strategien der Finanzinstitute und Versicherungen gerechtfertigt?

Die ZKB verweist auf den Schweizer Verein für verantwortungs­bewusste Kapital­anlagen und den UN Global Compact, dem sich Firmen anschliessen können. Derzeit sei Palantir bei keiner der beiden Initiativen aufgelistet, so die ZKB, weshalb man weiter investiere.

Allerdings ist die Global-Compact-Liste keine schwarze Liste: Aufgeführt sind vielmehr Firmen, die sich an minimale Standards halten. Palantir ist dort gar nicht gelistet. Damit konfrontiert, antwortet die ZKB wider­sprüchlich, wonach es keine Rolle spiele, ob eine Firma gelistet ist. Wichtig sei, ob sie sich an die Regeln halte.

Wie die ZKB wissen will, dass sich Palantir an die Minimalregeln hält, wenn sie nicht auf der Liste ist, sagt die Bank nicht.

Swiss Life beteuert, dass sie sich unter anderem zu den OECD-Richtlinien verpflichte. Zu ihren Palantir-Investitionen will sie jedoch genauso wenig sagen wie die Zurich-Versicherung.

Und die Nationalbank, von deren Investition am Ende auch Bund und Kantone profitieren, die einen Teil der Nationalbank-Gewinne erhalten?

Man investiere nicht in Unternehmen, «deren Produkte oder Produktions­prozesse in grober Weise gegen gesell­schaftlich breit anerkannte Werte verstossen», schreibt die Nationalbank auf Anfrage. Konkret sind damit Unternehmen gemeint, «die grundlegende Menschenrechte massiv verletzen». Eine Begründung, wie die Investition in Palantir mit diesen Grundsätzen vereinbar sein soll, will auch die Nationalbank nicht liefern. Ihre Sprachregelung: Einzelne Anlagen kommentiere man nicht.

Eine europaweite Recherche, initiiert und koordiniert von Follow the Money EU! Weitere Kooperations­partner neben der Republik sind «De Tijd» (Belgien), «Børsen» (Dänemark), «Der Standard» (Österreich), «Morgenbladet» (Norwegen), «El País» (Spanien) und «The Nerve» (UK).

Der Artikel von Yves Wegelin, Lorenz Naegeli und mir:

https://www.republik.ch/2026/03/19/schweizer-konzerne-finanzieren-palantirs-ueberwachungs-software

I don’t object to ‘if you don’t like it, fork it’ as a response as long as you have structured the project to make it easy for people to maintain downstream forks. Indeed, I consider the existence of downstream forks to be a sign of health in an open-source ecosystem. This means:

• External interfaces to the rest of your ecosystem need to be 100% stable and to be added slowly. You must have feature-discovery mechanisms that make it easy for things to work with old versions of your project.
• Internal code churns infrequently. Pulling in changes from upstream and reviewing them should be easy.
• Internal structure is well documented and modular.

This leads to small projects with loose coupling that can be done (or, at least, ‘maintenance mode’, where they get occasional bug fixes but meet their requirements and don’t need to change).

A lot of projects were like that 20-30 years ago. Reaching the ‘maintenance mode’ state was a badge of honour: you had achieved your goals and no one else needed to reinvent the wheel. New things could be built as external projects. The last few decades have seen a push towards massive too-big-to-fork projects that have external interfaces that the rest of the ecosystem needs to integrate with, which are complex and lead to tight coupling.