Given that "consent walls" are not legal in Europe (https://www.termsfeed.com/blog/gdpr-no-cookie-consent-walls/) and the likes of Google explicitly have a JS blocking extension for users who don't want to consent to tags I really don't see how this is legal in my jurisdiction.
I don't want to be tracked. I want privacy. If this appeared on a website I cared about, I'd stop using it -- and that includes ones like the guardian, for whom I pay a subscription but always browse privately and adblock. If I saw it on another site, I'd most likely move on. I browse with dev tools open and do actually watch xhr requests: this would stick out like a sore thumb.
This product is not ethical.
nikitaeverywher · 36m ago
DataUnlocker has nothing to do with "consent walls" or cookies, nor does it allow nor enable websites to circumvent laws like GDPR. I'm honestly (understandably) surprised it's being perceived this way — that's great feedback to improve our communication!
Let me put this absolutely clear: DataUnlocker does not change how a website handles privacy or consent.
1. If a website uses a "consent wall", that's the website's decision — not something introduced or enabled by DataUnlocker.
2. If a website properly implements GDPR-compliant consent, no tracking occurs without the user's approval, even when DataUnlocker is in place.
So what does DataUnlocker actually do?
- It wraps the web app's code in a way that software like blockers can no longer tamper with or disable it — making the site's intended logic (like analytics, post-consent) function reliably.
Restoring analytics data lost to blockers is just one (though probably the main) use case for this new approach.
Does this explanation help to clarify things better?
JohnFen · 10h ago
This sort of garbage is why I only rarely allow websites to use client-side scripting. It's just too risky.
nikitaeverywher · 9h ago
What's your main risk?
JohnFen · 9h ago
In this context, the main risk is the exfiltration of data about me or my use of my machines to others without my active informed consent.
This tool is designed and proudly intended to allow exactly that. After all, someone taking actions to prevent data collection is unambiguously signalling that they do not consent to being spied on, and this tool intentionally subverts their wishes.
nikitaeverywher · 8h ago
I see your point – it's valid, but perhaps a bit overgeneralized. Let me explain.
You don't wear a balaclava to walk down the street just to avoid being seen – you still share some minimal data with the world, like your appearance.
Similarly, on the Internet, some minimal metadata is inevitably shared, even if you're privacy-conscious.
So a genuine question is: what do you consider acceptable "minimal data" to share with websites? None?
JohnFen · 2h ago
"Minimal data" would be my IP address, as that's necessary in order for traffic to be exchanged.
Everything else should only be collected with my informed consent. If I've consented, then whatever I've consented to is acceptable.
There is absolutely a gray area, though, where data collection may be unobjectionable. The reason I consider it a "gray area" is because it requires trusting whoever is collecting the data, and history has very clearly shown that trust is misplaced. I'm talking about things like: just counting, in the aggregate, how many times users have clicked a button is OK, but recording entire sessions is not (even if that recording is "anonymized"). But as an end user, it's impossible for me to tell who is being well-behaved and who isn't, so I have to assume that everyone is ill-behaved.
Detects and blocks nonfree and potentially dangerous JavaScript.
I am sure Ublocks gorhill will be on this
nikitaeverywher · 8h ago
They'd need to block all JavaScript – essentially disabling interactivity — or develop custom workarounds for every single website, ensuring they don't break any logic (like checkout flows). That’s an utterly extreme complexity solution (believe me, DataUnlocker is, too). I hope to publish an article soon outlining a more cooperative path forward, where blockers and websites don't have to be at odds. Part of that will include DataUnlocker's internal rules, just like cookie consent mechanisms – but thoughtfully introduced over time.
Here's the bigger picture, from my point of view:
The web is shifting toward consent-based tracking – and rightly so. Cookie and data collection consents are now standard (and even legally required in the EU). DataUnlocker is fully compatible with this. When implemented on the website, it activates only after user consent – just like any compliant tracking setup. The tech to do that wasn't trivial a few years ago, and it still catches up. https://support.google.com/tagmanager/answer/10718549?hl=en
In fact, if you visit pages with an ad blocker, cookie consent modals will not even appear – meaning no tracking starts at all. That's a win–win: privacy respected, no shady behavior, "no" is the default. Big companies can't afford to violate that.
What DataUnlocker addresses is a different issue:
Let's say a user wants to grant "essential" tracking consent — they've consented — but uses an ad blocker by default. They load the page, bounce in 5 seconds, and are gone. Most won't bother to disable the blocker for 5 seconds – maybe 1–2% will. So how do you solve this from the publisher's perspective?
Even the best tools can be misused (think Google Sheets). But when used responsibly, DataUnlocker simply helps fix a technical blind spot – surely not spy on people who didn't opt in.
pickleglitch · 10h ago
Here's my feedback: This product aims to further enable the surveillance state and erode our privacy. Go fuck yourself.
nikitaeverywher · 9h ago
I'm prepared for this kind of feedback, but please – no need to be rude.
Let me give you more context.
DataUnlocker has a long history and comes from years of hard work, mainly to help developers and product teams deal with missing data. If you’re in tech or marketing, you know how critical accurate metrics are – attribution, conversion rates, traffic volumes. The goal isn't to track individuals – it's to ensure these metrics aren't broken.
I’d ask you to consider this perspective:
- People who want to stay anonymous, will stay anonymous. DataUnlocker doesn’t interfere with that at all!
- It fixes just the technical accounting of data. Things like location masking, anti-fingerprinting, VPN use, etc., – all still apply and protect your privacy (and moreover I can confirm there's no way around them).
Hence, even on websites which don't respect your privacy (there are not many, to be completely honest) and try to misuse tracking, blocker users would still appear as anonymous, ID-less visitors. That’s by design, here to stay – and I can assure this from my experience.
DataUnlocker just. Fixes. Tech. (think of it like DataUnlocker making web apps behave more like mobile apps — hard to tamper with)
pickleglitch · 7h ago
Sorry, not sorry. Spin it however you want to help yourself sleep at night, but this product exists to capture data that users don't want captured, and I find that to be rude. Even if the data is "anonymous", it's still fed into algorithms and LLMs built explicitly for mass manipulation. And even anonymized data can be de-anonymized if you have enough points of cross reference.
Accurate metrics may be useful, but business got along just fine without all this data for centuries, so to say they are critical is a joke. Targeted advertising might make a lot of money for a very small number of people, but it has been a disaster for society at large.
nikitaeverywher · 55m ago
I'm a tech person who works with data tools and back/front end code daily, this is fun to explain.
Businesses have back end data collection for centuries you can't avoid. It's limited, but it's still enough for all that absurd manipulation conspiracy you believe in. Period – no need to even start discussing blocker software.
Yes, indeed, the world generates data, and it can be analyzed. Not a surprise. This data is inevitably generated: every single machine you connect to via network records something. As soon as you buy internet from your internet provider, you're on a digital paper.
Typically, back ends log user's IP, user agent and pages you access, regardless of the software and VPNs you have. Hence, by your own logic, there's enough data points already.
Now, having something from JavaScript can enrich this data. That's perhaps what you want to avoid. The question to ask is, why. The most important data is already captured.
When your blocker blocks Google Analytics for instance, you kind of just opt out of showing your 1 visit of "example.com/some-article" to the website's owner, because they're not spending 10s of hours to implement back end tracking. That's really all it changes. You're still profiled by your internet provider, even more than Google Analytics. You're still giving your data to your DNS provider. If using privacy VPN, what makes you sure they don't store your data somewhere? I believe all these Masonic conspiracies about Big Brother play into the hands of those who sell you a "protection" from the imaginary "surveillance" of you on the Internet. Or if you don't pay, you tell it to others (like me) – and some % will pay for it. We see what we want to see, it's a game on both sides, with a large user base on them both.
The best part:
It's impossible to know whether a random site on the internet doesn't "track" you in one way or another, with or without DataUnlocker, even if you install all protections available on this mother Earth [I personally believe using Tor browser is enough]. You can't prohibit JavaScript, C#, Java. Filter lists maintained by ad blocking community we monitor are updated nearly hourly, new and new entries appear, but they can't cover the entire web. HUGE WORK to try to maintain EVERY WEBSITE, reminds me of writing "cracks" to software in 2000s, but this time for imaginary value – only to get down ~50% of client-side tracking (0% server-side, in the meaning of what servers collect – IPs and user agents). What matters really in this context is that this % will never be 100%.
Think about it – the real value from all that tracking prevention is *lowering the number of KBs transferred over the network*, which maybe speeds up a website for a fraction of a second, along with not telling website owners what page of a website [they've built for you] you tried to visit.
A real-life analogy is you demand to be unseen when you walk out of your house and go shopping. Have no passport. Etc. Not possible. Physically. Can it be minimized? Yes it can. But what it really changes for you?
nikitaeverywher · 11h ago
Analytics and marketing tools used on all websites – such as Google Analytics, GTM (both client- and server-side), Facebook Pixel, and many more – are increasingly blocked by privacy tools and ad blockers. As a result, 15–50% of front-end data (conversions, attribution, referrals) never reaches dashboards. This missing data has long been accepted as the norm, to the point where front-end analytics are treated as unreliable and approximate.
DataUnlocker 2.0 offers a drop-in solution: a proxy and JavaScript protection layer that shields tracking from blockers. It becomes an integral part of your web application — not only hiding analytics from generic blocking filters, but also making the code essential for the app to function. Blockers simply have no safe way to remove it.
Your feedback is welcome – happy to dive deeper.
azalemeth · 11h ago
Interesting work! I have a question -- How can I block it in umatrix?
nikitaeverywher · 10h ago
There's no way to block it — that's by design. The only way would be to block the entire website or disable JavaScript entirely. DataUnlocker makes the app function as a single integrated unit, so trying to cut out one piece causes the whole thing to stop working.
It's a broader topic worth deeper discussion to be honest. I'll be posting more on it soon — including why I believe the internet privacy "movement" should align with this: instead of breaking tools used in web apps (while I agree if you can, you can), the focus should go on pseudo-anonymizing users (web clients) while preserving functionality – parts of it are already implemented (VPNs, one-time sessions, etc). I can honestly see both sides of the debate — it's a long-standing and nuanced topic.
JohnFen · 10h ago
Pseudo-anonymizing is worthless snake oil, and provides little in the way of actual privacy. This tool is just an escalation in the level of contempt being routinely shown against actual people.
nikitaeverywher · 8h ago
Can you explain more on why "Pseudo-anonymizing is worthless snake oil, and provides little in the way of actual privacy"?
I'm sure when one uses Tor browser (an example of what I mean under pseudo-anonymizing), they are as safe from tracking as possible. They will get tracking cookies and all that, but from a random location, and all IDs the web app could have created will be destroyed right after closing the browser tab.
JohnFen · 2h ago
Well, for starters, I don't consider the Tor browser to be anonymizing. It only offers protection against outside attackers, it offers almost no protection against the websites you may browse to (how could it?)
Pseudo-anonymization is snake oil because it's not that hard to reverse. All you have to do is combine the "anonymized" data with data from other sources and you can identify people. It doesn't even take that much data from other sources.
True anonymization is possible: it requires the collector to just keep general aggregate statistics and to immediately delete the individual telemetry reports. But few entities do that, and we have to just trust that the ones the claim they do are being honest and competent about it. But the track record is extremely poor so trusting in such claims is, in my opinion, very foolish.
I don't want to be tracked. I want privacy. If this appeared on a website I cared about, I'd stop using it -- and that includes ones like the guardian, for whom I pay a subscription but always browse privately and adblock. If I saw it on another site, I'd most likely move on. I browse with dev tools open and do actually watch xhr requests: this would stick out like a sore thumb.
This product is not ethical.
Let me put this absolutely clear: DataUnlocker does not change how a website handles privacy or consent.
1. If a website uses a "consent wall", that's the website's decision — not something introduced or enabled by DataUnlocker. 2. If a website properly implements GDPR-compliant consent, no tracking occurs without the user's approval, even when DataUnlocker is in place.
So what does DataUnlocker actually do?
- It wraps the web app's code in a way that software like blockers can no longer tamper with or disable it — making the site's intended logic (like analytics, post-consent) function reliably.
Restoring analytics data lost to blockers is just one (though probably the main) use case for this new approach.
Does this explanation help to clarify things better?
This tool is designed and proudly intended to allow exactly that. After all, someone taking actions to prevent data collection is unambiguously signalling that they do not consent to being spied on, and this tool intentionally subverts their wishes.
You don't wear a balaclava to walk down the street just to avoid being seen – you still share some minimal data with the world, like your appearance.
Similarly, on the Internet, some minimal metadata is inevitably shared, even if you're privacy-conscious.
So a genuine question is: what do you consider acceptable "minimal data" to share with websites? None?
Everything else should only be collected with my informed consent. If I've consented, then whatever I've consented to is acceptable.
There is absolutely a gray area, though, where data collection may be unobjectionable. The reason I consider it a "gray area" is because it requires trusting whoever is collecting the data, and history has very clearly shown that trust is misplaced. I'm talking about things like: just counting, in the aggregate, how many times users have clicked a button is OK, but recording entire sessions is not (even if that recording is "anonymized"). But as an end user, it's impossible for me to tell who is being well-behaved and who isn't, so I have to assume that everyone is ill-behaved.
https://icecatbrowser.org/
Jshelter will block that shit https://jshelter.org/
Detects and blocks nonfree and potentially dangerous JavaScript.
I am sure Ublocks gorhill will be on this
Here's the bigger picture, from my point of view:
The web is shifting toward consent-based tracking – and rightly so. Cookie and data collection consents are now standard (and even legally required in the EU). DataUnlocker is fully compatible with this. When implemented on the website, it activates only after user consent – just like any compliant tracking setup. The tech to do that wasn't trivial a few years ago, and it still catches up. https://support.google.com/tagmanager/answer/10718549?hl=en
In fact, if you visit pages with an ad blocker, cookie consent modals will not even appear – meaning no tracking starts at all. That's a win–win: privacy respected, no shady behavior, "no" is the default. Big companies can't afford to violate that.
What DataUnlocker addresses is a different issue:
Let's say a user wants to grant "essential" tracking consent — they've consented — but uses an ad blocker by default. They load the page, bounce in 5 seconds, and are gone. Most won't bother to disable the blocker for 5 seconds – maybe 1–2% will. So how do you solve this from the publisher's perspective?
Even the best tools can be misused (think Google Sheets). But when used responsibly, DataUnlocker simply helps fix a technical blind spot – surely not spy on people who didn't opt in.
Let me give you more context.
DataUnlocker has a long history and comes from years of hard work, mainly to help developers and product teams deal with missing data. If you’re in tech or marketing, you know how critical accurate metrics are – attribution, conversion rates, traffic volumes. The goal isn't to track individuals – it's to ensure these metrics aren't broken.
I’d ask you to consider this perspective: - People who want to stay anonymous, will stay anonymous. DataUnlocker doesn’t interfere with that at all! - It fixes just the technical accounting of data. Things like location masking, anti-fingerprinting, VPN use, etc., – all still apply and protect your privacy (and moreover I can confirm there's no way around them).
Hence, even on websites which don't respect your privacy (there are not many, to be completely honest) and try to misuse tracking, blocker users would still appear as anonymous, ID-less visitors. That’s by design, here to stay – and I can assure this from my experience.
DataUnlocker just. Fixes. Tech. (think of it like DataUnlocker making web apps behave more like mobile apps — hard to tamper with)
Accurate metrics may be useful, but business got along just fine without all this data for centuries, so to say they are critical is a joke. Targeted advertising might make a lot of money for a very small number of people, but it has been a disaster for society at large.
Businesses have back end data collection for centuries you can't avoid. It's limited, but it's still enough for all that absurd manipulation conspiracy you believe in. Period – no need to even start discussing blocker software.
Yes, indeed, the world generates data, and it can be analyzed. Not a surprise. This data is inevitably generated: every single machine you connect to via network records something. As soon as you buy internet from your internet provider, you're on a digital paper.
Typically, back ends log user's IP, user agent and pages you access, regardless of the software and VPNs you have. Hence, by your own logic, there's enough data points already.
Now, having something from JavaScript can enrich this data. That's perhaps what you want to avoid. The question to ask is, why. The most important data is already captured.
When your blocker blocks Google Analytics for instance, you kind of just opt out of showing your 1 visit of "example.com/some-article" to the website's owner, because they're not spending 10s of hours to implement back end tracking. That's really all it changes. You're still profiled by your internet provider, even more than Google Analytics. You're still giving your data to your DNS provider. If using privacy VPN, what makes you sure they don't store your data somewhere? I believe all these Masonic conspiracies about Big Brother play into the hands of those who sell you a "protection" from the imaginary "surveillance" of you on the Internet. Or if you don't pay, you tell it to others (like me) – and some % will pay for it. We see what we want to see, it's a game on both sides, with a large user base on them both.
The best part:
It's impossible to know whether a random site on the internet doesn't "track" you in one way or another, with or without DataUnlocker, even if you install all protections available on this mother Earth [I personally believe using Tor browser is enough]. You can't prohibit JavaScript, C#, Java. Filter lists maintained by ad blocking community we monitor are updated nearly hourly, new and new entries appear, but they can't cover the entire web. HUGE WORK to try to maintain EVERY WEBSITE, reminds me of writing "cracks" to software in 2000s, but this time for imaginary value – only to get down ~50% of client-side tracking (0% server-side, in the meaning of what servers collect – IPs and user agents). What matters really in this context is that this % will never be 100%.
Think about it – the real value from all that tracking prevention is *lowering the number of KBs transferred over the network*, which maybe speeds up a website for a fraction of a second, along with not telling website owners what page of a website [they've built for you] you tried to visit.
A real-life analogy is you demand to be unseen when you walk out of your house and go shopping. Have no passport. Etc. Not possible. Physically. Can it be minimized? Yes it can. But what it really changes for you?
DataUnlocker 2.0 offers a drop-in solution: a proxy and JavaScript protection layer that shields tracking from blockers. It becomes an integral part of your web application — not only hiding analytics from generic blocking filters, but also making the code essential for the app to function. Blockers simply have no safe way to remove it.
Your feedback is welcome – happy to dive deeper.
It's a broader topic worth deeper discussion to be honest. I'll be posting more on it soon — including why I believe the internet privacy "movement" should align with this: instead of breaking tools used in web apps (while I agree if you can, you can), the focus should go on pseudo-anonymizing users (web clients) while preserving functionality – parts of it are already implemented (VPNs, one-time sessions, etc). I can honestly see both sides of the debate — it's a long-standing and nuanced topic.
I'm sure when one uses Tor browser (an example of what I mean under pseudo-anonymizing), they are as safe from tracking as possible. They will get tracking cookies and all that, but from a random location, and all IDs the web app could have created will be destroyed right after closing the browser tab.
Pseudo-anonymization is snake oil because it's not that hard to reverse. All you have to do is combine the "anonymized" data with data from other sources and you can identify people. It doesn't even take that much data from other sources.
True anonymization is possible: it requires the collector to just keep general aggregate statistics and to immediately delete the individual telemetry reports. But few entities do that, and we have to just trust that the ones the claim they do are being honest and competent about it. But the track record is extremely poor so trusting in such claims is, in my opinion, very foolish.