How did the Ad Networks find my search? (lemmy.ml)

submitted 4 months ago* (last edited 4 months ago) by Tenderizer78@lemmy.ml to c/privacy@lemmy.ml

60 comments fedilink hide all child comments

So a bit ago I got an add for "canned rambutan". I had looked up Rambutan a few days prior after hearing it mentioned 10 hours into the video game Baby Steps. I wasn't using a VPN at the time and I didn't have fingerprinting protections active but I only mentioned it to a few sources (according to my browser history) all of which generally are implied to be private.

Which of these do you think is the reason the ad networks know?

Wikipedia
Startpage Search
Duckduckgo Search
My ISP
Firefox
My Firefox Extensions
Kubuntu
CachyOS
The omnipotent algorithm connecting my mentions of Baby Steps with my progress through the game.
Does this only make sense if my browser history is incomplete?
Maybe I was using DNS over HTTPS via Cloudflare at the time of my search.

Any guesses as to where the weak link is?

top 50 comments

sorted by: hot top new old

[+] Cyberflunk@lemmy.world 17 points 4 months ago* (last edited 2 months ago)

[deleted]

[-] Tenderizer78@lemmy.ml 9 points 4 months ago

If my exit point is my ISP, and my ISP is selling my data to advertisers (hypothetically), then a VPN would make a difference. That's why I mentioned it.

[-] bananabread@lemmy.zip 2 points 4 months ago

A vpn is just another isp, which could also sell your data

[-] Skankhunt420@sh.itjust.works 3 points 4 months ago* (last edited 4 months ago)

I would trust something like Mullvad more than ATT or Verizon to not sell my data, wouldn't you?

**this comment was posted like 6 tomes because all of the Lemmy instances I've been using have been super weird lately not letting me post comments and stuff so I kept trying and kept trying and then all of them pushed through at once.

load more comments (4 replies)

[-] Tenderizer78@lemmy.ml 1 points 4 months ago

And it also could not. Either way it wasn't active at the time so it's down to whether my ISP is selling it.

load more comments (3 replies)

[-] Skankhunt420@sh.itjust.works 2 points 4 months ago* (last edited 4 months ago)

Wasn't Mullvad famously raided and found to keep no logs?

I'd sure trust that more than any ISP in UK or USA and I think you would be crazy not to as well.

One has a proven track record, the others undoubtedly do it and have been known to do it and tell you they do it.

It frustrates me to no end that people can't understand that truth.

Even with TOR and shit they say don't do that and I think that's wrong. Sure sure, fingerprinting or whatever. I believe there is a much more tangible risk of your ISP knowing that you are connecting to TOR in the first place especially in countries like UK and USA.

Sure if you lived in Belize or something where it doesn't matter it wouldn't be a big deal but living in those two countries and even like Canada and Germany automatically makes you a target for using it.

Out of those options or a VPN I pay anonymously with Monero or mail cash to I would consider that much, much safer than any ISP.

I encourage you to look up what Snowden said about ATT helping the NSA during Prism which is absolutely still ongoing.

In fact, here you go heres a small part of it https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/

But sure keep preaching about how VPNs don't do anything and instead trust the companies that have direct interests to the governments they serve to stay in favor and that have your credit card and address on file. That is much more secure!

load more comments (1 replies)

[-] mspencer712@programming.dev 8 points 4 months ago

How old is that game? Are there other people in your demographic who also play the game, and then searched for the same thing?

[-] Tenderizer78@lemmy.ml 4 points 4 months ago

September 2025

[-] ryannathans@aussie.zone 7 points 4 months ago* (last edited 4 months ago)

I would guess the likely culprits are

Firefox extensions

Search engines

Wikipedia

Other search results you may have opened or pre-loaded (not a default Firefox behaviour)

[-] Tenderizer78@lemmy.ml 5 points 4 months ago

I don't think Wikipedia is a likely culprit. I haven't heard anything about them selling data.

[-] partofthevoice@lemmy.zip 1 points 4 months ago* (last edited 4 months ago)

You’ll need to provide all the sites you visited immediately after each of the ones you searched. Your origin header will give that info away freely. So if it’s in the query parameters of the URL, then you go to Facebook, it’s as easy as {k: v for k, v in (pair.split("=", 1) for pair in response.headers["origin"].split("?", 1)[-1].split("&"))}

load more comments (1 replies)

load more comments (2 replies)

[-] JoeKrogan@lemmy.world 5 points 4 months ago* (last edited 4 months ago)

You say you were not using a vpn. Then the site has your ip and probably has meta/google ads or other shit running on it and links the product with your ip.

This data is added to some data broker/ ad network and you see an ad when you visit a site using this network as you have "signalled" interest in the product by viewing the product page the first time.

[-] Tenderizer78@lemmy.ml 2 points 4 months ago

Except the only sites I visited where I mentioned rambutan were Duckduckgo, Startpage, and Wikipedia.

[-] lefthandeddude@lemmy.dbzer0.com 5 points 4 months ago* (last edited 4 months ago)

It's duckduckgo. Search duckduckgo.com with the term "restaurants near me." You'll often get responses that are close to your IP location.

That couldn't happen unless DDG passes your IP address on to Bing. It's possible they censor part of the IP and only pass part of it to Bing, but probably not.

(Go ahead! Try it!)

Since Bing sells to data brokers, data brokers know your IP is linked to a search for rambutan, even without fingerprinting your browser.

I'm not calling duckduckgo.com a honeypot... I'm also not calling it not a honeypot. But it knows too much for something supposedly private.

Any closed source firefox extension that has access to the browser display could be parsing the texts and selling it and your IP and other identifiers to data brokers. It's part of how these extensions are profitable.

Cloudflare also does highly advanced fingerprinting and has a script called cloudflare insights, so it seems likely that any cloudflare activity is generating marketing data.

[-] florencia@lemmy.blahaj.zone 4 points 4 months ago

If the EFF de anonymization tool can de anonymize your browser, then the ad network can too.

Try searching for something with tor browser - no javascript

[-] Tenderizer78@lemmy.ml 3 points 4 months ago

This isn't a matter for fingerprinting. I haven't directly visited any sites about rambutan other than Startpage, Duckduckgo, and Wikipedia.

[-] lefthandeddude@lemmy.dbzer0.com 2 points 4 months ago

It's DDG

load more comments (2 replies)

load more comments (1 replies)

[-] chgxvjh@hexbear.net 3 points 4 months ago* (last edited 4 months ago)

Did you click on any search results?

I found that the Firefox Browser history is often incomplete.

[-] Tenderizer78@lemmy.ml 2 points 4 months ago

As far as I can remember, only the Wikipedia one.

[-] chgxvjh@hexbear.net 2 points 4 months ago

Any extension could leak this information as well.

Is your default engine something other then the mentioned search engines? The search suggestion feature leaks information too.

[-] Tenderizer78@lemmy.ml 2 points 4 months ago

I had removed all but Duckduckgo and Startpage from my browser.

My browser extensions are a good angle. If they're selling my data to fund themselves that'd explain some things.

[+] PiraHxCx@lemmy.ml 2 points 4 months ago* (last edited 1 month ago)

[deleted]

[-] ryannathans@aussie.zone 9 points 4 months ago

That's not true, your ISP might see your DNS and unencrypted web traffic sure but web searches use HTTPS so ISPs aren't reading the query or results

load more comments (11 replies)

[-] Tenderizer78@lemmy.ml 4 points 4 months ago* (last edited 4 months ago)

Looking it up my ISP isn't exactly trustworthy, but there have been no clear allegations. I'd say it's the most likely cause if not my Firefox extensions.

EDIT: I just got another theory, Cloudflare, I'll add it to the list.

[-] nkk@programming.dev 3 points 4 months ago

If you're really crazy about your privacy I'd recommend getting rid of any extensions you don't 100% need (keep ublock origin though) as not only can they stalk you themselves but it can also help websites fingerprint you. Keeping your extensions to a minimum will help you blend in with the crowd, especially if you use a hardened browser like LibreWolf and/or Mullvad Browser

[-] Tenderizer78@lemmy.ml 3 points 4 months ago

I use AdGuard rather than uBlock Origin for adblocking, because it allows me to opt-in and only block ads when they are aggressive enough to be annoying. But I've not been trying to minimize fingerprinting. The issue is just that everything I used in this instance came with either a tacit or explicit promise not to track me and I don't know which is lying.

Other extensions I use are:

Remove YouTube Suggestions
10ten Japanese Reader (just now disabled)
Tampermonkey
Proton Pass (because my government services require 2FA, but only offer an official government app that uses the play integrity API, or a Passkey which is only natively supported on Windows or Mac)
Time Tracker - Web Habit Builder
Improve Crunchyroll (which seems to have stopped Crunchyroll from forcefully dropping my resolution to 144p).
SteamDB (just now disabled)

[-] lattrommi@lemmy.ml 1 points 4 months ago

Do any extensions have permission to view your browsing data? You can check by opening the extension manager, clicking the extension and clicking the 'permissions and data' tab. I would suspect 5 and 6 the most, 1 might be suspect too. Those extensions by nature would need such permissions to some extent.

[-] Tenderizer78@lemmy.ml 2 points 4 months ago

AdGuard, ProtonPass, TamperMonkey, Time Tracker, and 10ten have those permissions. The others don't. I don't think any of these extensions would be able to function without these permissions.

load more comments (4 replies)

[-] ryannathans@aussie.zone 2 points 4 months ago

Microsoft serves ads through duckduckgo that could connect the search to your IP perhaps if you clicked one

load more comments (4 replies)

[-] chgxvjh@hexbear.net 3 points 4 months ago* (last edited 4 months ago)

The ISP shouldn't even see the search term given basically everything on the internet uses https.

The ISP will see the domain names of the pages you visit if you use their DNS or some other unencrypted DNS but those are unlikely to contain the search term.

[-] ivn@jlai.lu 1 points 4 months ago

Even if you use encrypted DNS they'll still be able to see the domain in the SNI. Websites using ECH are very rare.

[-] stupid_asshole69@hexbear.net 2 points 4 months ago

Have you considered confirmation bias?

It’s rambutan season and you saw an ad for rambutans. You haven’t mentioned that seeing the ad was weird so I gotta assume you see other ads they’re just not related to something that you searched for recently or something you recognize as being related to something you searched for recently.

[-] Tenderizer78@lemmy.ml 2 points 4 months ago

I don't see many ads, and the ads I do see are never food items. I think this canned rambutan was the first food ad I've seen in years.

I can't even fathom this being a coincidence.

[-] utopiah@lemmy.ml 1 points 4 months ago

I don't see ads but if I were to, and despite all my precautions some would be on topic based on my past behavior I would methodically dissect to find out the leak. Namely I would try to automate the process :

identify a place showing ads
take an action, e.g. search or browser, on a verifiable unique topic (in order to prevent from generic suggestions, e.g medication during flu season)
verify if the ads become relevant
enable/disable any of the tools used, repeat

load more comments

this post was submitted on 02 Dec 2025

44 points (100.0% liked)

Privacy

48013 readers

1021 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS