fsebugoutzone.org:9999

       Post B0XF6AshH5CKPdsB4y by rainynight65@aus.social
 (DIR) More posts by rainynight65@aus.social
 (DIR) Post #B0WJ57IpIchpgOsz9E by tomasino@tilde.zone
       2025-11-23T00:17:28Z
       
       0 likes, 1 repeats
       
       A single page load on a basic font-download site triggered all of this:29 separate ad-tech and tracking companies, each making multiple callsGoogle’s entire ad stack (DoubleClick, AdServices, GStatic, GVT beacons, FundingChoices, anti-fraud checks)Amazon’s ad marketplace (aax.amazon-adsystem.com)Header-bidding networks like PubMatic, AppNexus/Xandr, Rubicon/Magnite, SmartAdServer, OneTagFingerprinting and identity-sync systems including Dotomi, LiveIntent, OnAudience, Evolution.ai, BTLabsCross-site device matchers (Bidswitch, DeepIntent, CPE Dotomi)Telemetry/redirector nodes like 4DEX, Infolinks, Erne, BumlamBehavioral profiling engines (bttrack.com)Dozens of DNS lookups in parallel just to build a single ad frameA fragile multi-stage real-time auction, where every bidder must respond for the ad to renderRepeated fallbacks and retries, because the chain breaks constantlyAggressive layout shifts, “expanding shelf” ads, and late-loading frames caused by auction timingNo functional relevance to the site, just monetization layers stacked on a simple font pageSilent third-party data exposure across global trackers and brokersNearly 2,400 logged network events for a page that should need maybe 20
       
 (DIR) Post #B0WJP1IpJhvYrkNPTE by tomasino@tilde.zone
       2025-11-23T00:21:04Z
       
       0 likes, 0 repeats
       
       I should call out bad actors. In this case it was https://befonts.com/
       
 (DIR) Post #B0WJsslBdtRd3ish9s by tomasino@tilde.zone
       2025-11-23T00:26:28Z
       
       0 likes, 0 repeats
       
       I should also call out the good actors. Enabling private DNS with quad9 completely removed the issue. Quad9 isn’t an ad blocker, but it is a security DNS. It quietly drops or refuses to resolve a bunch of shady ad-tech, tracking, and fingerprinting domains. On sites that rely on huge real-time ad auctions, breaking even a few of those domains makes the entire ad unit fail to load. So the page looks “clean,” not because Quad9 blocks ads, but because the ad supply chain collapses when the bad actors can’t resolve.I think it&#39;s extra cool that a company doing a few correct things can undermine so much shit almost accidentally. Kudos to that team.
       
 (DIR) Post #B0WKrNWgNrcZqxwZou by PresGas@freeradical.zone
       2025-11-23T00:37:25Z
       
       0 likes, 0 repeats
       
       @tomasino whoa! This project looks amazing! I will definitely be diving into their web page to get more info
       
 (DIR) Post #B0WZ0Vbz5eh8tWfhCK by megatronicthronbanks@mastodon.social
       2025-11-23T03:15:56Z
       
       0 likes, 0 repeats
       
       @tomasino And then when it _gets_ to the content serving it does 5 seconds worth of unnecessary node.js and god knows what other bollocks just to render a page with some text and a picture on it.
       
 (DIR) Post #B0XARqVvBHNBqPjZlg by webhat@infosec.exchange
       2025-11-23T10:15:27Z
       
       0 likes, 0 repeats
       
       @tomasino out of interest, which DNS resolves the hostname of quad DNS to an IP?
       
 (DIR) Post #B0XCGhnvQGGlYSyFl2 by simon_brooke@mastodon.scot
       2025-11-23T10:35:51Z
       
       0 likes, 0 repeats
       
       @tomasino And this is why you should never serve fonts or #JavaScript libraries from commercial repositories. Instead, download them yourself to your own server, and serve them from there without tracking.Yes, this may mean you serve buggy code for a few days longer than you otherwise would, but you save your users all of that abusive shit.
       
 (DIR) Post #B0XF6AshH5CKPdsB4y by rainynight65@aus.social
       2025-11-23T11:07:30Z
       
       0 likes, 0 repeats
       
       @tomasino I have to occasionally use a website for a local squash competition. The fixtures page shows over 3000 blocked elements in Ublock Origin. The site is also broken in Firefox.
       
 (DIR) Post #B0XGL3dcaQbgFKTwuG by tomasino@tilde.zone
       2025-11-23T11:21:27Z
       
       0 likes, 0 repeats
       
       @simon_brooke agreed! Just host your own stuff. Though I&#39;ll say in this particular case the website was to download a font for doing exactly that, not serve it cross domain.
       
 (DIR) Post #B0XGknkCIoBMTtpjjk by tomasino@tilde.zone
       2025-11-23T11:26:05Z
       
       0 likes, 0 repeats
       
       @rainynight65 there&#39;s a good pun in there somewhere, but i haven&#39;t had my coffee yet. Imagine i had a witty one liner response, okay?
       
 (DIR) Post #B0Y6A3NmOKebsv97wG by Photo55@mastodon.social
       2025-11-23T21:02:07Z
       
       0 likes, 0 repeats
       
       @tomasino one bit of brokenness that annoys me is how CSS is used.CSS is super. One stylesheet file for a whole site, and those styles declared in the header and occasionally elsewhere in the HTML pages.Quick, clean.Actual use: a whole stylesheet for each paragraph or title or word, embedded in a monstrously swollen HTML file.I blame MS of course, and obscurantists.