Let me give you more context.
DataUnlocker has a long history and comes from years of hard work, mainly to help developers and product teams deal with missing data. If you’re in tech or marketing, you know how critical accurate metrics are – attribution, conversion rates, traffic volumes. The goal isn't to track individuals – it's to ensure these metrics aren't broken.
I’d ask you to consider this perspective: - People who want to stay anonymous, will stay anonymous. DataUnlocker doesn’t interfere with that at all! - It fixes just the technical accounting of data. Things like location masking, anti-fingerprinting, VPN use, etc., – all still apply and protect your privacy (and moreover I can confirm there's no way around them).
Hence, even on websites which don't respect your privacy (there are not many, to be completely honest) and try to misuse tracking, blocker users would still appear as anonymous, ID-less visitors. That’s by design, here to stay – and I can assure this from my experience.
DataUnlocker just. Fixes. Tech. (think of it like DataUnlocker making web apps behave more like mobile apps — hard to tamper with)
Accurate metrics may be useful, but business got along just fine without all this data for centuries, so to say they are critical is a joke. Targeted advertising might make a lot of money for a very small number of people, but it has been a disaster for society at large.
Businesses have back end data collection for centuries you can't avoid. It's limited, but it's still enough for all that absurd manipulation conspiracy you believe in. Period – no need to even start discussing blocker software.
Yes, indeed, the world generates data, and it can be analyzed. Not a surprise. This data is inevitably generated: every single machine you connect to via network records something. As soon as you buy internet from your internet provider, you're on a digital paper.
Typically, back ends log user's IP, user agent and pages you access, regardless of the software and VPNs you have. Hence, by your own logic, there's enough data points already.
Now, having something from JavaScript can enrich this data. That's perhaps what you want to avoid. The question to ask is, why. The most important data is already captured.
When your blocker blocks Google Analytics for instance, you kind of just opt out of showing your 1 visit of "example.com/some-article" to the website's owner, because they're not spending 10s of hours to implement back end tracking. That's really all it changes. You're still profiled by your internet provider, even more than Google Analytics. You're still giving your data to your DNS provider. If using privacy VPN, what makes you sure they don't store your data somewhere? I believe all these Masonic conspiracies about Big Brother play into the hands of those who sell you a "protection" from the imaginary "surveillance" of you on the Internet. Or if you don't pay, you tell it to others (like me) – and some % will pay for it. We see what we want to see, it's a game on both sides, with a large user base on them both.
The best part:
It's impossible to know whether a random site on the internet doesn't "track" you in one way or another, with or without DataUnlocker, even if you install all protections available on this mother Earth [I personally believe using Tor browser is enough]. You can't prohibit JavaScript, C#, Java. Filter lists maintained by ad blocking community we monitor are updated nearly hourly, new and new entries appear, but they can't cover the entire web. HUGE WORK to try to maintain EVERY WEBSITE, reminds me of writing "cracks" to software in 2000s, but this time for imaginary value – only to get down ~50% of client-side tracking (0% server-side, in the meaning of what servers collect – IPs and user agents). What matters really in this context is that this % will never be 100%.
Think about it – the real value from all that tracking prevention is *lowering the number of KBs transferred over the network*, which maybe speeds up a website for a fraction of a second, along with not telling website owners what page of a website [they've built for you] you tried to visit.
A real-life analogy is you demand to be unseen when you walk out of your house and go shopping. Have no passport. Etc. Not possible. Physically. Can it be minimized? Yes it can. But what it really changes for you?
https://www.scientificamerican.com/article/psychological-wea...
I said there always will be data to manipulate masses. If all of us use blockers, masses will be manipulated based on back end (and other available) data.
No way to escape that, and blockers won't change it.
This tool is designed and proudly intended to allow exactly that. After all, someone taking actions to prevent data collection is unambiguously signalling that they do not consent to being spied on, and this tool intentionally subverts their wishes.
You don't wear a balaclava to walk down the street just to avoid being seen – you still share some minimal data with the world, like your appearance.
Similarly, on the Internet, some minimal metadata is inevitably shared, even if you're privacy-conscious.
So a genuine question is: what do you consider acceptable "minimal data" to share with websites? None?
Everything else should only be collected with my informed consent. If I've consented, then whatever I've consented to is acceptable.
There is absolutely a gray area, though, where data collection may be unobjectionable. The reason I consider it a "gray area" is because it requires trusting whoever is collecting the data, and history has very clearly shown that trust is misplaced. I'm talking about things like: just counting, in the aggregate, how many times users have clicked a button is OK, but recording entire sessions is not (even if that recording is "anonymized"). But as an end user, it's impossible for me to tell who is being well-behaved and who isn't, so I have to assume that everyone is ill-behaved.
(1) Minimal data (as per your comment): - Your IP address (hence, your location and the internet provider you use)
(2) Inevitably collected data (you can't avoid not giving this data for things to operate): - The website domain (goes to DNS and your internet provider / VPN) - The page URL you access (goes to your website and Cloud/CDN provider they use) - Timestamp of the request (goes to all) - Cookies, user agent, referral and other headers your browser typically sends (goes to your website and Cloud/CDN provider they use)
(3) Client-side collected data (arbitrary JavaScript and what blockers typically block): - Same data as above (but let's say, instead being fed to a third party like Google) - Some client-only data (screen dimensions, session duration) - Behavioral data (page element clicks, cursor moves, etc) - Whatever the website itself wants to collect (typically, ad conversions, attribution, purchases etc)
It's absolutely valid (3) can be misused and it's fair to be minimized. But to same extent (2) can. It all just narrows down to giving less data, to less third parties. A random ad-heavy site on the internet still has a little chance to know you've purchased a new pair of shoes in some random store.
There are truly genuine and legit cases when website owners would like to use (3) for whatever purpose, but they can't get accurate data (and with some blocker extensions, even after the consent has been granted). Like, you may want to see how many scroll it down, read and to what extent. There's value. Each website decides this for themselves – they are the builders.
Jshelter will block that shit https://jshelter.org/
Detects and blocks nonfree and potentially dangerous JavaScript.
I am sure Ublocks gorhill will be on this
Here's the bigger picture, from my point of view:
The web is shifting toward consent-based tracking – and rightly so. Cookie and data collection consents are now standard (and even legally required in the EU). DataUnlocker is fully compatible with this. When implemented on the website, it activates only after user consent – just like any compliant tracking setup. The tech to do that wasn't trivial a few years ago, and it still catches up. https://support.google.com/tagmanager/answer/10718549?hl=en
In fact, if you visit pages with an ad blocker, cookie consent modals will not even appear – meaning no tracking starts at all. That's a win–win: privacy respected, no shady behavior, "no" is the default. Big companies can't afford to violate that.
What DataUnlocker addresses is a different issue:
Let's say a user wants to grant "essential" tracking consent — they've consented — but uses an ad blocker by default. They load the page, bounce in 5 seconds, and are gone. Most won't bother to disable the blocker for 5 seconds – maybe 1–2% will. So how do you solve this from the publisher's perspective?
Even the best tools can be misused (think Google Sheets). But when used responsibly, DataUnlocker simply helps fix a technical blind spot – surely not spy on people who didn't opt in.
I don't want to be tracked. I want privacy. If this appeared on a website I cared about, I'd stop using it -- and that includes ones like the guardian, for whom I pay a subscription but always browse privately and adblock. If I saw it on another site, I'd most likely move on. I browse with dev tools open and do actually watch xhr requests: this would stick out like a sore thumb.
This product is not ethical.
Let me put this absolutely clear: DataUnlocker does not change how a website handles privacy or consent.
1. If a website uses a "consent wall", that's the website's decision — not something introduced or enabled by DataUnlocker. 2. If a website properly implements GDPR-compliant consent, no tracking occurs without the user's approval, even when DataUnlocker is in place.
So what does DataUnlocker actually do?
- It wraps the web app's code in a way that software like blockers can no longer tamper with or disable it — making the site's intended logic (like analytics, post-consent) function reliably.
Restoring analytics data lost to blockers is just one (though probably the main) use case for this new approach.
Does this explanation help to clarify things better?
If I see an obsfucated load of JS as a website, I (and good search engines like Kagi) automatically distrusted that site and I will be far less likely to visit in the future. Give me plain html, make it fast, and make it readable. I realise most people aren't as extreme as perhaps I am, but honestly I suspect a very high percentage of computer-using professionals are -- and we're likely to be a particular market segment that the owners of sites that would be your target audience would wish to court.
2. Open dev tools right now and search for /s.gif – you'll see it collecting extra data from you. It's not blocked by (at least) uBlock. It's not needed to run the website. Surprised? It's okay if you decide to leave Hacker News now, since it collects more data than needed and tricks your ad blocker (because it doesn't use a standard tracking URL). Does that break the law? Absolutely not. At worst, they could just disclose in their Privacy Policy that they track how long you spend reading comments, without any PII, and it's up to you whether or not to use their resource.
TL;DR: Even with blockers installed, you can't guarantee websites won't run some custom code or proxy or whatever else to collect data. Tracking can be minimized, but never completely removed.
Now, think about mobile apps. How often do you read their source code before using them? Ad blockers can't modify mobile apps. Legally, the same framework applies: the app outlines Terms & Conditions / Privacy Policy, says what it collects, and you decide whether to proceed. Same as cookie banners on websites. If a business wants your email or phone number in exchange for services – and makes that clear – that's legal.
In this context, DataUnlocker just turns web apps into mobile apps, protecting them from tampering.
It's like writing your web app in WebAssembly and canvas, where browser extensions can't Ctrl+R their logic (i.e., can't inspect or block as easily). It's technically feasible to cut ads or tracking from a plain HTML+JS app – but not so with WebAssembly. Historically, the flexibility of web architecture allowed for modification, but some people now demand web apps to be fully tailored to what they want, be free, no ads etc. That's not illegal by any stretch.
> you are directly _not_ complying with my requests and your actions – and this product – may well be manifestly illegal.
It's not you who sets the rules of service usage by installing extensions. The service provider does. If you don't agree with a website's Terms or Privacy Policy – just leave. That's okay. The web is just an instrument.
My website could easily state: only Microsoft Edge Mobile users are allowed. If I block all others via JS, I'm not violating laws – I'm enforcing access terms. If you write JS to bypass that, you're the one violating them.
At least for now, no country mandates that websites must serve everyone. This is business. Not politics.
TL;DR: DataUnlocker is legal as long as (for instance) Google Analytics is legal. Proxies (like Cloudflare) are legal – it's about how you use them, not the fact that you use them. When you install a blocker software you're right, you are so much signaling to the web service that you don't want to be tracked, and at the same time will reject all their ads. But at the end of the day, it's up to a service provider whether to provide you their service. You can use Mastodon instead of X. You can use GIMP instead of Adobe Photoshop. You're free to choose.
> In 2025, the popularity of ad blockers, VPNs, and privacy browsers continues to grow and disrupt how websites and web apps operate.
Is a bit like saying "We are proud to present the performance collars 2.0. Many mining operations are increasingly affected by employees managing to break free of their performance collars, especially younger employees below the age of 12. With the new and improved performance collars 2.0 you can improve site productivity by 15-50% depending on your employee demographics."
Building tools to give the more powerful parties in an interaction, i.e. corporations even more power against users sucks, and speaks of an utter lack of moral character.
And before anyone comments, saying, no no analytics are good for users and the benevolent companies with great track records will use this power for good, go and read [1], a small excerp:
> There's plenty else WEI can do (it would make detecting ad-fraud much easier), but for every legitimate use, there are a hundred ways this could be abused. It's a technology purpose-built to allow rent extraction by stripping us of our right to technological self-determination. Releasing a technology like this into a world where companies are willing to make their products less reliable, less attractive, less safe and less resilient in pursuit of rents is incredibly reckless and shortsighted. You want unauthorized bread? This is how you get Unauthorized Bread.
In contrast, what actually makes me "feel my food coming back up" is the fact that some privacy browsers advertise how they block (for instance) YouTube ads. On one hand, I think: "Well deserved, YouTube – your UX with 1-minute unskippable ads is more than terrible." On the other – what a piracy leader move. Reminds me of the 2000s when I was buying game disks with cracks that cost almost the same as legit ones. Anyways, this market has to exist and be used – it's a law of nature and I have nothing against it to be honest. One day, maybe, we’ll release a new kind of privacy browser or similar product – just not one that strips a web app down to its bare, minimal functionality like plucking a chicken.
On subscriptions:
If someone doesn't want to pay a subscription (for a car), they'd probably just buy another car. We live in an open market. If a fraction of people hates subscriptions, there'll always be alternatives. Same with the cited article: Chrome dominates, but if they kill off extensions like ad blockers (which BTW work fine even now with Manifest V3 etc), they'll lose a chunk of market share to competitors. It's an open market, and most people choose Chrome today — because it's just a good browser. Numbers say it, not me.
Software businesses chose subscription models for a reason – mostly predictive budgeting. Sure, there are cases when subscriptions feel super-odd (like warming up a car seat), bad monetization design. There are also "lifetime subscription" examples. Too broad to dive into here. I will just conclude that if subscriptions are everywhere, there's a reason for it. Denial or Anger it is normal (as per Five Stages of Grief).
I'll counter a couple of points that hold up your arguments.
> and network filters just make it feel like you're outsmarting the system — trying to change how physics works while withholding website data like "how long did you keep your tabs open", for instance.
There is plenty of creepy tracking going on that goes much further than that and has demonstrably been used to for example advertise to gambling addicts, insecure teenage girls, easily scam-able elderly people and more. The blockers have proven to help in that regard. The websites in question work perfectly fine without that information, they need that information the same way I need you to wire me 10k.
> In contrast, what actually makes me "feel my food coming back up" is the fact that some privacy browsers advertise how they block (for instance) YouTube ads.
Tricky topic and I feel the way they seek to profit off of blocking ads is somewhat scammy. But the underlying issue that Google and co. have made the internet progressively unbearable without an adblocker remains. Sometimes when faced with greedy and immoral behavior, the answer isn't to simply accept it lying down.
> which BTW work fine even now with Manifest V3 etc
No they don't. Filter list update rate is now tied to how often Google approves extension updates, that gives them a significant leg up.
> We live in an open market.
LOL no we don't. Big-Tech uses IP law, specifically DMCA 1201 to block competitors from interoperating with their services and try their best to buy and destroy any kind of competition. They have all been convicted by the FCC of monopolistic actions. The same players like Microsoft and Apple that reverse engineered the for example document formats of their competitors and engaged in adversarial compatibility, while now strictly blocking it as best as they can. Let's look at how the famous Apple boys got started:
> A blue box is an electronic device that produces tones used to generate the in-band signaling tones formerly used within the North American long-distance telephone network to send line status and called number information over voice circuits. During that period, charges associated with long-distance calling were commonplace and could be significant, depending on the time, duration and destination of the call. A blue box device allowed for circumventing these charges by enabling an illicit user, referred to as a "phreaker", to place long-distance calls, without using the network's user facilities, that would be billed to another number or dismissed entirely by the telecom company's billing system as an incomplete call. A number of similar "color boxes" were also created to control other aspects of the phone network. [...] Blue box designed and built by Steve Wozniak and sold by Steve Jobs before they founded Apple.
> If a fraction of people hates subscriptions, there'll always be alternatives.
Not if the monopolistic players have a say in it. Take Adobe for example. They don't want any competition to their service and recently tried to buy Figma.
> Software businesses chose subscription models for a reason [...] I will just conclude that if subscriptions are everywhere, there's a reason for it.
Yes, greed and a lack of regulation. Slavery was a very popular thing for thousands of years, your reasoning could be applied to say it was everywhere so there's a reason for it. Paying employees no money vs paying them money is often cheaper .. doesn't mean it's ok and right. We are talking about moral and regulatory questions here, behavior existing does not imply anything about it's morality.
nikitaeverywher•7mo ago
DataUnlocker 2.0 offers a drop-in solution: a proxy and JavaScript protection layer that shields tracking from blockers. It becomes an integral part of your web application — not only hiding analytics from generic blocking filters, but also making the code essential for the app to function. Blockers simply have no safe way to remove it.
Your feedback is welcome – happy to dive deeper.
azalemeth•7mo ago
nikitaeverywher•7mo ago
It's a broader topic worth deeper discussion to be honest. I'll be posting more on it soon — including why I believe the internet privacy "movement" should align with this: instead of breaking tools used in web apps (while I agree if you can, you can), the focus should go on pseudo-anonymizing users (web clients) while preserving functionality – parts of it are already implemented (VPNs, one-time sessions, etc). I can honestly see both sides of the debate — it's a long-standing and nuanced topic.
JohnFen•7mo ago
nikitaeverywher•7mo ago
I'm sure when one uses Tor browser (an example of what I mean under pseudo-anonymizing), they are as safe from tracking as possible. They will get tracking cookies and all that, but from a random location, and all IDs the web app could have created will be destroyed right after closing the browser tab.
JohnFen•7mo ago
Pseudo-anonymization is snake oil because it's not that hard to reverse. All you have to do is combine the "anonymized" data with data from other sources and you can identify people. It doesn't even take that much data from other sources.
True anonymization is possible: it requires the collector to just keep general aggregate statistics and to immediately delete the individual telemetry reports. But few entities do that, and we have to just trust that the ones the claim they do are being honest and competent about it. But the track record is extremely poor so trusting in such claims is, in my opinion, very foolish.
nikitaeverywher•7mo ago
I'm struggling to understand why. Can you give a very specific example of how I, using Tor browser to browse web, can still be tracked as an individual? What are "other sources"?
Each session of Tor browser has a randomized IP and user agent, and moreover if JavaScript requests for instance the "screen width" of the device, it gives some random numbers. Letterboxing, anti-fingerprinting in action: https://support.torproject.org/tbb/maximized-torbrowser-wind...
> True anonymization is possible: it requires the collector to just keep general aggregate statistics and to immediately delete
Most businesses store all that "raw" data (pageview and other events) to process it later. It's reasonable – hard to build and unify it otherwise, but at the end of the day it gets aggregated. To add, they have their own data retention policy. So the best and minimally required one can do IMO is to use aka "incognito mode" when browsing, if it matters.