Wednesday, June 1, 2016

Online Banking and Hosts File

Over the years, I've had my fair share of runaway data.  This is usually caused by Bell Canada, as they resell your data to third parties (if you want privacy, you have to pay Bell an extra fee of $2 per month), and once that data has left Bell, it's going to run and run as it passes from marketing company to aggregator to directory service to marketing again.

As a result of Bell Canada and the three year battle to get a data noose around them, we have a strange win-win situation; Bell Canada sells my data over and over to the marketing people so they get their money, and the buyers (marketing people, directory services, etc) then scrub my details from the incoming data.  That stopped the runaway data in it's tracks. As a bonus, I left my old residential data that Bell leaked some years ago online, so now it optically looks like Bell puts out stale data about me.  It's a wonderful system and works really well.

For this post, I'm going to cover how I tidied up a similar problem a while back with online banking.  When I log in to my two banks, I want to be dealing with the bank and the bank alone, not sharing my purchasing habits with the bank through a third party, or even know that any third party is tracking me at the bank and then reporting that to some computer hardware store 30 minutes later.

Both my banks use Omniture/Adobe Analytics.  Right there, you got the holy trinity of data sharing going on.  Between the two banks and Apple (all the iTunes and Apple store run through the same system), the amount of back and forth of data would be astonishing.  So, a while ago, I did something about it as a result of trying to work out why a password issue (unrelated) was giving me so much hassle.

I ended up just driving all the junk requests for tracking and analytics, and marketing to localhost (127.0.0.1). Yes, I could opt out of some of this stuff (the banks don't offer you the ability to opt out, but if you track where the banks send this stuff, you eventually end up at Adobe and THEY have a link that allows you to opt out), but that just sets a cookie in your browser, and as a developer, I'm resetting my browser cookies and environment more frequently than the average person, and that would opt-me-in again.  

So, my solution was just hack this stuff off at the knees by permanently editing my hosts file.  If anyone sends a page asking my browser to go talk to Adobe Analytics so it can generate another damn survey or indirect piece of targeted marketing, it will now go into a dark hole and never be seen again.

NOTE:  Only change your hosts file if you know what you're doing. I'm not going to tell you how to change the file, as I don't want to be responsible for what you might break. I'm just telling you what I did. YMMV.

So, what entries are in my hosts file? 

The Scotiabank entries look like this:

#ScotiaBank Changes
#Callback with Trusteer DMG.
127.0.0.1       www.splash-screen.net
#Omniture Profiling & Tracking
127.0.0.1       somniture.scotiabank.com
#Oracle Maxymiser, marketing & optimisation

127.0.0.1       service.maxymiser.net

The CIBC entries look like this:

##CIBC Related Changes
#Marketing
127.0.0.1       adobetag.com
#Omniture Profiling & Tracking
127.0.0.1       cdn.tt.omtrdc.net
127.0.0.1       adobe.tt.omtrdc.net
#General Adobe Hidden Profiling
127.0.0.1       adobe.demdex.net
#Oracle/TAG merchandising, marketing and live chat
127.0.0.1       as00.estara.com
127.0.0.1       liveperson.net
127.0.0.1       sales.liveperson.net
#More Marketing, targetting & feedback.
127.0.0.1       iperceptions.com
127.0.0.1       iperceptions01.azureedge.net
#Even More marketing.
127.0.0.1       api.demandbase.com

And there you go.  

It works for me.  Your mileage might vary.