Disarm Advertisers Abusing Our Privacy

Annoying banners! They are everywhere, and they have rapidly evolved. It all started with ordinary pictures, but it's been evolving for decades, and these days, we have to defend against web spyware; a software which tracks the sites we visit, logs the keystrokes on our keyboards, records our IP addresses, attempts to steal our email addresses, and does a bunch of other things, among assisting to marketing experts. I see a possible source of the SPAM in it, but I have a definitive solution of this problem, let's simply filter all those small information hungry bastards out of our browsers, NOW.

A Possible Common Scenario

The advertiser sends a cookie with a unique ID to your browser.
With each visit, your browser sends that cookie back to the advertiser and URI of the web site is stored by the advertiser. It can just as well be your IP address, timestamp of visit, timezone (to determine your language), user-agent (and operating system), referrer, and possibly some other information.
The advertiser makes your personal profile based on commonly visited web sites and needs only your email address(es).
When you create an account using a web site, which has ADs in iframes, your email might be stored to advertiser's DB without your permission. The webmaster of a site, you're registered at, is not responsible for what the advertiser does in invisible iframe, which loads content from a non-related domain.
The complete profile of your preferences, with your email address included, is going to be sold to 3rd party marketing experts, who WILL spam you.

The most common method to determine whether you checked the offer is an invisible transparent GIF 1x1 pixels. When your mail client downloads it, the IP address is already logged on advertiser's server, so it's easy to prove you really read the marketing message, and your profile (+ email address) can be reselled to the others.

These days, affilate marketing is real business on the internet, and most people are not protected against this threat. Some of them do not realize that ordinary "web surfing" is dangerous, but that's not my case, because I believe, the best protection is a proxy server with AD filter, cookie filter, and JavaScript filter. Firefox has some well known extensions to secure you, but it's not so easy with the other browsers, and I don't want to maintain a couple of different filters. Especially extensions are responsible for web browsing, which is a lot slower than necessary.

My Cross-browser solution

Simple HTTP proxy server for GNU/Linux, programmed in C++. I named it HeavenForce, and have already made default lists to filter ADs and web spyware, that abuses our privacy.

It's still in development, thus not ready for production use, yet. Configuration files are transparently designed, and stored in plain-text. There is no need to fill the blacklists and whitelists all over again. Once you create some, you can reuse them with any copy of HeavenForce.

How to get it

In case you'd like to give it a shot, download a testing version, unpack it with tar -xvjf heavenforce-0.6.tar.bz2, change directory to heavenforce-0.6, compile it with make, and execute with ./heavenforce 8080. Note, that 8080 is the port HeavenForce is listening on.

How to use it

Set your browser's HTTP proxy server to 127.0.0.1, enter the port number you selected (usually 8080), and try to visit a web site which is usually full of ADs. Also, don't forget to delete all your cookies, and cache. If you fail at this point, ADs can be still visible, and Tracking Cookies can still work against you.

How to customize it

All URIs you attempt to visit with your browser are passed trough the PROXY server, and then compared to your blacklist and whitelist. Each line in uri_blacklist and uri_whitelist must contain some part of URI. If you want to filter everything, that contains "banner" in its title, simply add "banner" to blacklist. Note, that banner is already in there by default, for better convenience.

The other important point is cookies. They're filtered by default, and you can decide what domains are allowed to save a cookie on your PC, using cookie_whitelist. Each line in cooke_whitelist must be some part of URI.

Known bugs

HTTP POST is not supported, yet.
Browser has to wait until the whole file is downloaded by the PROXY server.

Both known bugs will be fixed with next release.

Important notice

I found many web sites simply storing their crappy cookies using JavaScript inlined in the document. This is not handled by HeavenForce, yet. It is advised to either disable JavaScript by default, and allow it only for the particular trusted web sites, or to make your browser ask before it stores any cookie. At least Opera, Firefox and M$IE support this option, so it's up to you.