I feel like whoever is running the phishing op to scam fediverse people out of money may not be that great at their jobs

.world and .social are making me very grumpy today.

I'm getting so many pings about cyber physical elements in the growing israel-iran-us-everyone-else conflict,

- no, i haven't slept and i'm running on robutussin and rage
- yes stuff is very much happening, and we are working hard validating and tracking
- its chaos for everyone; everybody's models just went out the window and there seem to be few plans involved
- humans are generally concerned with explosions, foremost
- losing c&c causes unpredictable responses
- some stuff probably isn't even being detected and reported yet because MISSILES

Microsoft trying to ban the word Microslop being used by customers is sending me 🤣 https://www.windowslatest.com/2026/03/02/microsoft-gets-tired-of-microslop-bans-the-word-on-its-discord-then-locks-the-server-after-backlash/

I've helped fellow travelers in fluent French, okay Spanish, and even my sketchy Russian, but I will never be as badass as this person.

You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.

I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.

Claude:

• Six parallel telemetry pipelines.
• A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
• Intercom running a persistent WebSocket whether you use it or not.
• Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:

• proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
• uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
• Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
• Also runs a proof-of-work challenge before you're allowed to type anything.

Gemini:

• play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
• Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.

When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.

Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.

All three of these products cost money.
One of them is also running ad infrastructure.

Touch grass. Install @ublockorigin

#infosec #privacy #selfhosted #foss #surveillance