In this context, the main risk is the exfiltration of data about me or my use of my machines to others without my active informed consent.
This tool is designed and proudly intended to allow exactly that. After all, someone taking actions to prevent data collection is unambiguously signalling that they do not consent to being spied on, and this tool intentionally subverts their wishes.
They'd need to block all JavaScript – essentially disabling interactivity — or develop custom workarounds for every single website, ensuring they don't break any logic (like checkout flows). That’s an utterly extreme complexity solution (believe me, DataUnlocker is, too). I hope to publish an article soon outlining a more cooperative path forward, where blockers and websites don't have to be at odds. Part of that will include DataUnlocker's internal rules, just like cookie consent mechanisms – but thoughtfully introduced over time.
Here's the bigger picture, from my point of view:
The web is shifting toward consent-based tracking – and rightly so. Cookie and data collection consents are now standard (and even legally required in the EU). DataUnlocker is fully compatible with this. When implemented on the website, it activates only after user consent – just like any compliant tracking setup. The tech to do that wasn't trivial a few years ago, and it still catches up. https://support.google.com/tagmanager/answer/10718549?hl=en
In fact, if you visit pages with an ad blocker, cookie consent modals will not even appear – meaning no tracking starts at all. That's a win–win: privacy respected, no shady behavior, "no" is the default. Big companies can't afford to violate that.
What DataUnlocker addresses is a different issue:
Let's say a user wants to grant "essential" tracking consent — they've consented — but uses an ad blocker by default. They load the page, bounce in 5 seconds, and are gone. Most won't bother to disable the blocker for 5 seconds – maybe 1–2% will. So how do you solve this from the publisher's perspective?
Even the best tools can be misused (think Google Sheets). But when used responsibly, DataUnlocker simply helps fix a technical blind spot – surely not spy on people who didn't opt in.
I'm prepared for this kind of feedback, but please – no need to be rude.
Let me give you more context.
DataUnlocker has a long history and comes from years of hard work, mainly to help developers and product teams deal with missing data. If you’re in tech or marketing, you know how critical accurate metrics are – attribution, conversion rates, traffic volumes. The goal isn't to track individuals – it's to ensure these metrics aren't broken.
I’d ask you to consider this perspective:
- People who want to stay anonymous, will stay anonymous. DataUnlocker doesn’t interfere with that at all!
- It fixes just the technical accounting of data. Things like location masking, anti-fingerprinting, VPN use, etc., – all still apply and protect your privacy (and moreover I can confirm there's no way around them).
Hence, even on websites which don't respect your privacy (there are not many, to be completely honest) and try to misuse tracking, blocker users would still appear as anonymous, ID-less visitors. That’s by design, here to stay – and I can assure this from my experience.
DataUnlocker just. Fixes. Tech. (think of it like DataUnlocker making web apps behave more like mobile apps — hard to tamper with)
Sorry, not sorry. Spin it however you want to help yourself sleep at night, but this product exists to capture data that users don't want captured, and I find that to be rude. Even if the data is "anonymous", it's still fed into algorithms and LLMs built explicitly for mass manipulation. And even anonymized data can be de-anonymized if you have enough points of cross reference.
Accurate metrics may be useful, but business got along just fine without all this data for centuries, so to say they are critical is a joke. Targeted advertising might make a lot of money for a very small number of people, but it has been a disaster for society at large.
Analytics and marketing tools used on all websites – such as Google Analytics, GTM (both client- and server-side), Facebook Pixel, and many more – are increasingly blocked by privacy tools and ad blockers. As a result, 15–50% of front-end data (conversions, attribution, referrals) never reaches dashboards. This missing data has long been accepted as the norm, to the point where front-end analytics are treated as unreliable and approximate.
DataUnlocker 2.0 offers a drop-in solution: a proxy and JavaScript protection layer that shields tracking from blockers. It becomes an integral part of your web application — not only hiding analytics from generic blocking filters, but also making the code essential for the app to function. Blockers simply have no safe way to remove it.
There's no way to block it — that's by design. The only way would be to block the entire website or disable JavaScript entirely. DataUnlocker makes the app function as a single integrated unit, so trying to cut out one piece causes the whole thing to stop working.
It's a broader topic worth deeper discussion to be honest. I'll be posting more on it soon — including why I believe the internet privacy "movement" should align with this: instead of breaking tools used in web apps (while I agree if you can, you can), the focus should go on pseudo-anonymizing users (web clients) while preserving functionality – parts of it are already implemented (VPNs, one-time sessions, etc). I can honestly see both sides of the debate — it's a long-standing and nuanced topic.
Pseudo-anonymizing is worthless snake oil, and provides little in the way of actual privacy. This tool is just an escalation in the level of contempt being routinely shown against actual people.
Can you explain more on why "Pseudo-anonymizing is worthless snake oil, and provides little in the way of actual privacy"?
I'm sure when one uses Tor browser (an example of what I mean under pseudo-anonymizing), they are as safe from tracking as possible. They will get tracking cookies and all that, but from a random location, and all IDs the web app could have created will be destroyed right after closing the browser tab.
This sort of garbage is why I only rarely allow websites to use client-side scripting. It's just too risky.
What's your main risk?
In this context, the main risk is the exfiltration of data about me or my use of my machines to others without my active informed consent.
This tool is designed and proudly intended to allow exactly that. After all, someone taking actions to prevent data collection is unambiguously signalling that they do not consent to being spied on, and this tool intentionally subverts their wishes.
I see your point – it's valid, but perhaps a bit overgeneralized. Let me explain.
You don't wear a balaclava to walk down the street just to avoid being seen – you still share some minimal data with the world, like your appearance.
Similarly, on the Internet, some minimal metadata is inevitably shared, even if you're privacy-conscious.
So a genuine question is: what do you consider acceptable "minimal data" to share with websites? None?
https://www.gnu.org/philosophy/javascript-trap.html
https://icecatbrowser.org/
Jshelter will block that shit https://jshelter.org/
Detects and blocks nonfree and potentially dangerous JavaScript.
I am sure Ublocks gorhill will be on this
They'd need to block all JavaScript – essentially disabling interactivity — or develop custom workarounds for every single website, ensuring they don't break any logic (like checkout flows). That’s an utterly extreme complexity solution (believe me, DataUnlocker is, too). I hope to publish an article soon outlining a more cooperative path forward, where blockers and websites don't have to be at odds. Part of that will include DataUnlocker's internal rules, just like cookie consent mechanisms – but thoughtfully introduced over time.
Here's the bigger picture, from my point of view:
The web is shifting toward consent-based tracking – and rightly so. Cookie and data collection consents are now standard (and even legally required in the EU). DataUnlocker is fully compatible with this. When implemented on the website, it activates only after user consent – just like any compliant tracking setup. The tech to do that wasn't trivial a few years ago, and it still catches up. https://support.google.com/tagmanager/answer/10718549?hl=en
In fact, if you visit pages with an ad blocker, cookie consent modals will not even appear – meaning no tracking starts at all. That's a win–win: privacy respected, no shady behavior, "no" is the default. Big companies can't afford to violate that.
What DataUnlocker addresses is a different issue:
Let's say a user wants to grant "essential" tracking consent — they've consented — but uses an ad blocker by default. They load the page, bounce in 5 seconds, and are gone. Most won't bother to disable the blocker for 5 seconds – maybe 1–2% will. So how do you solve this from the publisher's perspective?
Even the best tools can be misused (think Google Sheets). But when used responsibly, DataUnlocker simply helps fix a technical blind spot – surely not spy on people who didn't opt in.
Here's my feedback: This product aims to further enable the surveillance state and erode our privacy. Go fuck yourself.
I'm prepared for this kind of feedback, but please – no need to be rude.
Let me give you more context.
DataUnlocker has a long history and comes from years of hard work, mainly to help developers and product teams deal with missing data. If you’re in tech or marketing, you know how critical accurate metrics are – attribution, conversion rates, traffic volumes. The goal isn't to track individuals – it's to ensure these metrics aren't broken.
I’d ask you to consider this perspective: - People who want to stay anonymous, will stay anonymous. DataUnlocker doesn’t interfere with that at all! - It fixes just the technical accounting of data. Things like location masking, anti-fingerprinting, VPN use, etc., – all still apply and protect your privacy (and moreover I can confirm there's no way around them).
Hence, even on websites which don't respect your privacy (there are not many, to be completely honest) and try to misuse tracking, blocker users would still appear as anonymous, ID-less visitors. That’s by design, here to stay – and I can assure this from my experience.
DataUnlocker just. Fixes. Tech. (think of it like DataUnlocker making web apps behave more like mobile apps — hard to tamper with)
Sorry, not sorry. Spin it however you want to help yourself sleep at night, but this product exists to capture data that users don't want captured, and I find that to be rude. Even if the data is "anonymous", it's still fed into algorithms and LLMs built explicitly for mass manipulation. And even anonymized data can be de-anonymized if you have enough points of cross reference.
Accurate metrics may be useful, but business got along just fine without all this data for centuries, so to say they are critical is a joke. Targeted advertising might make a lot of money for a very small number of people, but it has been a disaster for society at large.
Analytics and marketing tools used on all websites – such as Google Analytics, GTM (both client- and server-side), Facebook Pixel, and many more – are increasingly blocked by privacy tools and ad blockers. As a result, 15–50% of front-end data (conversions, attribution, referrals) never reaches dashboards. This missing data has long been accepted as the norm, to the point where front-end analytics are treated as unreliable and approximate.
DataUnlocker 2.0 offers a drop-in solution: a proxy and JavaScript protection layer that shields tracking from blockers. It becomes an integral part of your web application — not only hiding analytics from generic blocking filters, but also making the code essential for the app to function. Blockers simply have no safe way to remove it.
Your feedback is welcome – happy to dive deeper.
Interesting work! I have a question -- How can I block it in umatrix?
There's no way to block it — that's by design. The only way would be to block the entire website or disable JavaScript entirely. DataUnlocker makes the app function as a single integrated unit, so trying to cut out one piece causes the whole thing to stop working.
It's a broader topic worth deeper discussion to be honest. I'll be posting more on it soon — including why I believe the internet privacy "movement" should align with this: instead of breaking tools used in web apps (while I agree if you can, you can), the focus should go on pseudo-anonymizing users (web clients) while preserving functionality – parts of it are already implemented (VPNs, one-time sessions, etc). I can honestly see both sides of the debate — it's a long-standing and nuanced topic.
Pseudo-anonymizing is worthless snake oil, and provides little in the way of actual privacy. This tool is just an escalation in the level of contempt being routinely shown against actual people.
Can you explain more on why "Pseudo-anonymizing is worthless snake oil, and provides little in the way of actual privacy"?
I'm sure when one uses Tor browser (an example of what I mean under pseudo-anonymizing), they are as safe from tracking as possible. They will get tracking cookies and all that, but from a random location, and all IDs the web app could have created will be destroyed right after closing the browser tab.