Microsoft: The Biggest Web Bugger 188
An unnamed reader writes: "A recently released web bug report shows
that Microsoft (via Link
Exchange) is bugging more web sites than any other organization.
Less surprisingly, however, the same report shows that by making some rough traffic estimates, DoubleClick
is probably bugging more web traffic than anyone else. (Except of
course those big ISPs running proxy servers...wonder how long
it will be before the ad agencies get into bed with the ISPs?)"
Re:Why does Microsoft do this? (Score:1)
Complain to your browser software company that there is *no* justifiable reason an IMG tag URL should return a cookie and the browser should store and serve said cookies.
And the incredibly sad part is that you are too late to "undo" the theft of your privacy. Hard drives never forget.
Web Advertisers and web-bugs are just another Napster network trading _your_ personal information instead of MP3s.
They're your cookies. If you *have* to keep them in order to use a website, then feel free to *ALTER* them. It's *your* disk drive, and your EULA clearly states that you retain the right to alter any information stored on your media, and do not allow encrypted data to be stored on it, right?
If a company insists upon storing data on your hard drive, you have a right to require they disclose any encryption used and provide a decrypted version of the data they are storing on *your* hard drive.
Work the DMCA - Your EULA for hard drives state that is your policy. Any encrypted data is a "circumventing device" intended to violate your EULA.
Diclaimer - IANAL but isn't the law for *everyone* to obey?
It's easy to block these in IE (Score:1)
Re:Web standards (Score:1)
However, I'd be happy if browsers even had the *option* to enforce compliance.
For instance, if browsers could actually obey the </HTML> tag, then the fascist disclaimer that is automatically appended to all of my pages at NCSU wouldn't show up.
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Buggy vs. Bugging (Score:1)
Microsoft is surely responsible for more buggy web pages, such as any HTML generated by Word or FrontPage, and the creation of their own Windows-only character set that often render what should be simple ASCII punctuation into question marks, or worse. Also, their webpage fonts are incredibly small on any system that doesn't support *their* fonts.
Doubleclick also is responsible for buggy code, specifically something known *as* a "web bug" or a "GIF bug", but that's also used to track people, so that would count as "bugging" as well.
The short answer for that would be to simply install JunkBuster. As for fixing Microsoft's sloppy HTML, I bet a proxy server like Junkbuster could detect a "GENERATOR" tag or maybe an undefined character code and just run the page through the Demoronizer.
But I wish people actually implemented the web standards we had originally, or put such compliance in the web browsers we have now. Netscape and IE are much prettier than Amaya, but they still read past a closing HTML tag...
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Re:Big Brother is Watching (Score:1)
For "normal" user yes certainly, but all of us here usualy optout [doubleclick.net], or you can have some cookies filter.
Anyway I don't know really if optout works, as they could use your IP address to collect info on website you go. Anyway I use 127.0.0.1 for doubleclick.net
--
Re:Congress will investigate Web Bugs (LINK) (Score:1)
Re:"Microsoft: The Biggest Web Bugger" (Score:1)
Re:Bad statistics (Score:1)
Well, there's also the issue that there's been numerous Java install glitches with Mozilla, which probably is the primary browser hitting the site. So, it's possible the ad network figured out that half the hits they got didn't even load the ads.
I thought it funny that I could only see Mozillazine's ads in IE, anyway. (Eventually a massive JVM purge and reinstall sorted the issue out.)
--
Re:In the TANSTAFL department .... (Score:1)
Re:Not likely (Score:1)
That's 'well-educated adults'. Does this matter? No. I knew what you meant. Just like you knew what the good commander meant. So while the grammar may have been a little, shall we say, tacoish, the message - the important bit - got through loud and clear. Lighten up.
And I'm pretty sure the verb is 'to lose', not 'lose'.
Re:Web standards (Score:1)
Although, it would be really nice if IE, Netscape, etc, had a -strict switch.
Re:Other statistics on site (Score:1)
Where do you get your information? check out netcraft. It shows that Apache is most definitely NOT losing ground to IIS. They're staying roughly the same. Apache~60%; IIS~20%
Re:Defeating web bugs (Score:1)
"Microsoft: The Biggest Web Bugger" (Score:1)
--
Re:Who cares? (Score:1)
Hey D.B. Re:Congress will investigate Web Bugs (Score:1)
Spammers sre scum!
Re:Who cares? (Score:1)
We're talking about /web/ bugs here. (Score:1)
---
Re:Defeating web bugs (Score:1)
I use Konquerer under KDE and set it to alert me for any cookie. If a site tries to set a cookie that I don't want, I click "Deny all cookies from that domain." That way I never get bugged about cookies from that site again. It also forces me to only allow cookies from sites that I explicitly allow.
You should use the same philosophy for cookies as you do for access lists: Anything that isn't explicitly allowed should be denied.
By the way this comment was posted in Konquerer, the coolest web browser on the planet.
Re:Bad statistics (Score:1)
I lost 50 pounds!!! Ask me how. Sucker.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Re:We're talking about /web/ bugs here. (Score:1)
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Now I Know Who To Block... (Score:1)
I've been too lazy to actually set it up, now I have a nice neat little list that will make my web browsing "crap free".
Steve
Re:This is old news (Score:1)
BTW, the IP is: 23.75.345.200
Instead, they should have used, say, 192.168.x.x?
Re:Now I Know How To Waste My Time (Score:2)
And that wunderground.com place... what kind of shady organization is the Weather Underground? Are they the people who always make sure that it rains right after I go through a car wash because I carry a cellphone with me? The feds should shut them down!!
Seriously... all they did was search through a bunch of web sites and counted the number of resources (images, frames, etc) pulled down from other sites. This means nothing, because the original web site already has access to everything the other sites do, if not more! If your goal is hiding from marketing people, I suggest the following acl:
access-list 100 deny tcp any any 80
access-list 100 permit ip any any
This will block most traffic that could cause your Web privacy to be breached, protecting you, yourself, from the distant chance that someone, somewhere, might want to know what your computer, in specific, is doing. And note that I said "your computer" -- the web site has no idea who you are, where you are, how to contact you personally, or how to distinguish you (as in, yourself) out of all of this.
'sides, the worst that'll happen is your computer will start getting USEFUL banner ads that you'll WANT to click on, because it's for something you'd like. And what's the problem with THAT?
Whew. First slashdot post in awhile. I think I'll leave this one anonymous
Re:Who cares? (Score:2)
Re:Info v Privacy (Score:2)
From there it's not too long until someone realizes that someone "responsible" can find out who is visiting a site that posts unpopular informaiton so they can get better data on how to fight that thought crime. It's just a another step until unpopular becomes "unamerican," and suddenly your curious browsing of, say, the World Socialism [worldsocialism.org] pages lead to you answering the question, "Are you now, or have you ever been a communist?" You need real privacy to listen to free speech. Without privacy, free speech is worthless.
Does this mean... (Score:2)
Why not create a privacy object model (Score:2)
Re:Confessions of a spammer (Score:2)
You are making your living in an unethical manner. The sooner that you "get out of dodge", the better.
You are aware that "I'm just following orders" is known as the Nuremburg defense? It is not an excuse for actions that are deeply harmful to society. As for "mak[ing] enough to feed myself", being on welfare is more honorable than being a spammer, and the unemployment rate is still so low that most warm-blooded life forms should be able to find a better job than that.
In my view you do not have "something decent on your resume". You have a black mark. Your resume identifies you as a professional spammer.
Error in title of article (Score:2)
Transplanted web pages can cause this, too. (Score:2)
There are other causes as well. For example, people who have set up a web site on GeoCities, Xoom, or wherever frequently make copies of their site by saving pages with their browser. This includes any code that was inserted by that service, whether for advertising or for site features such as counters and statistics, or even clip art. When they decide to move their site to another service they upload these copies -- including all the stuff the old service inserted into the pages. As long as nothing overtly breaks, this sort of stuff just accumulates as pages get moved or updated.
If you're asking youself why anyone would be so stupid, recall that all these page hosting services provide tools for building web pages; the average person with a web page knows little or nothing about HTML, and so doesn't have the slightest idea that some JavaScript appended to their page isn't necessary, and in fact wasn't actually part of the stored page in the first place.
For example, GeoCities inserts a web bug to give each user statistics concerning their web pages and to provide an optional counter. The bug is useless outside of GeoCities, yet I see it fairly frequently on other services. The same with Xoom's counter code, and so on. I suspect in most cases the "foreign" appearances of these bugs just represent noise to the site of origin.
Exactly how long before ISPs and Spammers unite (Score:2)
Re:This is old news (Score:2)
Congress will investigate Web Bugs (LINK) (Score:2)
Obligatory on-topic message:
Visit Junkbusters [junkbusters.com] and view information on Web Bugs [junkbusters.com].
The industry uses the euphemism "clear GIFs" to describe web bugs. Search for "clear gifs" in a search engine as well as "web bugs" if you're after more information. I use TopClick [topclick.com] because it is a privacy-respecting search engine that doesn't use cookies and I have found it to be very good.
*** NEWS FLASH ***
Congress to investigate Web Bugs. More details here [internetnews.com] at intenetnews.com [internetnews.com].
--
Re:This is old news (Score:2)
Instead of using numbers above 255 for fake IP addresses, they should use numbers like 192.168.X.X, 10.X.X.X or other similar numbers assigned to local networks. The clueless won't know the difference. The clueful will appreciate the 555-like nature of the address and won't embarrass themselves for apparently laughing incongruously in a serious scene.
--
Buggy vs. Bugging vs. Buggering (Score:2)
actually, for a second when i saw the title of the story, i thought it was talking about buggering web pages.
Re:Who cares? (Score:2)
Umm... and what do you think happens when you oder something online from one of these sites that has the web bug?
Re:Other statistics on site (Score:2)
In fact, Linux based (i.e. Apache) Internet servers gained market share _faster_ than M$ last year, according to IDC. It has been well reported here and elsewhere.
What's worse, this same approach seems successful in pulling the wool over the eyes of a whole US Appeals Court on the DoJ vs M$ antitrust case!
Anyone got the email addresses of the US Appeals Court judges hearing the DoJ vs M$ Antitrust case?
Is there any process available for impeaching Federal judges for rampant cluelessness in office?
Re:Not likely (Score:2)
If all you children want to hack software, fine. If you want to talk about it amongst the rest of us well educated adults, then learn to hack English appropriately!
Re:Info v Privacy (Score:2)
And don't you think your wife wouldn't pay for that info, too (if you give me a twenty, I'll tell you what she paid for it).
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Re:Confessions of a spammer (Score:2)
If you e-mail me your snail mail address and agree to sell out your company - that is, take as much proprietary information from them as you can and put it on the web, publish their name, basically be a real whistle-blower, I'll mail you a check for $50. It's not much, but it's what I can do right now.
Just following orders is not an excuse and never has been. You're making a moral choice, and by your own admission, you're making the wrong one. You're not only hurting your company's targets, but your own sanity by doing something you know is wrong. Ghandi said: "Almost everything you do is meaningless, but it is still important that you do it." These are words to live by.
ahh yes, marketing (Score:2)
Re:Bad statistics (Score:2)
I also heard someone tell me that some linkexchange ads were at some point in order to allow linkexchange to update the entire banner code whenever they needed to
Actually, the main reason for the script src seems to be the same as for iframes: allow the ad to set cookies, where a simple image couldn't. Just try it in netscape: In Edit->Preferences->Advanced, check the box labeled "Only accept cookies originating from the same server as the page being viewed", and watch how it still lets pass cookies attached to all kinds of includes, such as scriptsrc, iframe etc. Seems only cookies from offsite images are blocked.
Shoot, I parsed it as something entirely different (Score:2)
...as in, I say there old chap, bloody Microsoft seems to have gone and buggered my web page again.
Re:dude! I parsed that as "booger" not "bugger" (Score:2)
//rdj
Web standards (Score:2)
I agree that web tools should output standards copliant HTML, for precisely the same reason - people don't want to fuck around with this shit, they just want it to work. The best way to do this is to only output well-formed files, but load and display any mess of angle brackets that you can figure out.
Re:dude! I parsed that as "booger" not "bugger" (Score:2)
`Bugger', asides from referring to someone who sodomizes others, is also colloqially used in Australia as a curse.
Re:Bad statistics (Score:2)
- IE4 (but not later versions) will replace an entire page with a placeholder page if you go to a site with a missing iframe.
- If you try to block the hoster of an iframe using a "hosts" file and you use Mozilla as your browser, you get an alert each time you visit a site with a missing iframe. Hopefully this will be fixed in bug 28586 [mozilla.org] by implementing placeholder pages for all missing pages.
- Iframes will probably allow cookies for a short amount of time after browsers fix a similar problem for images, simply because it takes more coding to fix the problem for iframes. (Have any major browsers fixed the cookies-on-images bug?)
- Iframes allow Java ads, such as the infamous punch-the-monkey ad. (Jason Kersey removed all ads from mozillazine.org, and I think he did that because people complained about that ad so much.) LE doesn't seem to use Java ads at this point, although I have seen several "fake dialog" ads there.
I also heard someone tell me that some linkexchange ads were <script src="something.linkexchange.com"> at some point in order to allow linkexchange to update the entire banner code whenever they needed to. I think this might have just been a rumor -- can you imaging what a cracking target that would turn linkexchange into? Can anyone confirm or deny this rumor?
Btw, why is it that when I click a linkexchange banner, the site linked to almost never has a linkexchange banner itself?
Re:dude! I parsed that as "booger" not "bugger" (Score:2)
-Dan Posting without reading what I just typed, or checking for any coherent message, or spelling, or anything since... 3 minutes ago.
Re:Bad statistics (Score:2)
By doing exactly what they say they are doing... "accurately identifying the geographic location from which users access your Web site".
Akamai has servers distributed around the world; whenever there is an incoming request, it gets passed to the server closest to the user. Simply looking at which server is handling the request allows akamai to customize content based on the geographic location of users.
A fact of life... (Score:2)
Get ready for hooks in the os that work with web site tracking tools. Not far away.
Re:And a web bug is...? (Score:2)
Hope this helps.
The problem is... (Score:2)
Basically people you need to realize that marketing knows what you are doing and they use this to make more money off of you. Furthermore you need to realize that they make more money off of you by providing you advertising of something you actually want. Is this awful?
Another thing to realize is that none of these companies does a very good job at using the stats they collect. Few if any companies provide an automated targeted ad system. Few if any have solved the problem of sorting these large lists of numbers.
I mean how scared can you get when you get 3 calls a week from the phone company asking you to order phone service that you already get. They don't know what you are doing because there is just to much info.
dude! I parsed that as "booger" not "bugger" (Score:2)
Proof positive I need to drink at least one cup of coffee before reading /. after waking up. The thought of M$ being invovled in some sort of webcam-of-giant-booger, and what nefarous reasons they would have, dude, that's just wrong. :-)
--
News for geeks in Austin: www.geekaustin.org [geekaustin.org]
Re:Who cares? (Score:2)
--
Re:Who cares? (Score:2)
Re:And a web bug is...? (Score:2)
---
How to squash web bugs (Score:2)
I use this feature with the Proxomitron, [cjb.net] a proxy that greps incoming HTML for bad stuff and replaces it with good stuff. I now have my copy looking for web bugs, and modifying the HTML to eliminate them. Specifically, I have it searching for IMG tags that include height and width components that are both five pixels or less. Instead of removing the image (which would cause severe image alignment problems) I simply replaced the SRC= with SRC=.\black.gif, which is just a small black image that gets stretched to fit the requested space. Extra benefit: no waiting for the HTTP connection to the web bug server! The local .GIF loads instantly.
John
In the TANSTAFL department .... (Score:2)
I remember Microsoft used to offer certain levels of access to MSDN (The Microsoft Developers Network) as long as you put a IE Logo on your web page in the form of a link to theirs. I used to think it was an exchange of information that should already be available for free and free advertisement. Now I finally see their real reason for doing this - maybe.
P.S. TANSTAFL == There aint no such thing as a free lunch
Missing the point. (Score:2)
'Anonymous' tracking isn't harmless by any stretch of the imagination.
60% of people who visit the SMAP fanclub homepage visit pages on ecstasy parties within 2 hours afterwards.
Omigod. Call your congressman. SMAP causes drug abuse!
28% of visitors to the XYZ health center visit pages on abortion access.
Where do you get your funding, XYZ?
And, of course, there is a 93% correlation between readers of
*They* don't care about *You* anyways. *You* are insignificant.
But if they could learn how to manipulate/control/smear the whole lot of you, now that would be worth something.
Re:And a web bug is...? (Score:2)
To elaborate on that, they are talking about those lovely cookies that places such as amazon.com and banner ad hosts such as doubleclick put place on your drive in order to indentify you for whatver reason (to track buying patterns in order to serve up custom-talored ads is the first thing that comes to mind).
As for an actual "bug" that tracks every site you visit and then processes or sends it somehow in order to do something such as physically locate you and find out who could be "trouble", well, that's just hype.
--
Re:ahh yes, marketing (Score:2)
It's not without purpose either! Based on the result, iD Software would be able to make the next Quake's railgun more realistic.
--
A question about the proxy use (Score:2)
Re:BSD (Score:2)
Since you've convinced yourself that the real value you and your employer seek can only be found in paid for systems, excluding BSDI, may I recommend you look further at AIX?
At least IBM is contributing to the community that does find value in open-source/free-software, while continuing to improve the AIX offering. Technologies like LVM and JFS, for instance, and others, make AIX a great system. Granted, it still uses CDE, but I expect that'll change, and you can always load your own, or go with that free one, GNOME, like Solaris is choosing to use.
Thanks for voicing your opinion, now go and spend your employer's money. Spread your deathknells for BSD elsewhere, we don't need 'em.
See, you can't kill a free-software (or alternatively, BSD licensed) operating system as long as people continue to use it or work on it. A proprietary operating system can be killed by the company that sells it, but as long as one person uses the system, and one person develops for it, it's a live system.
Now excuse me, I'll be installing Darwin for Intel and OpenStep 4.2 as dual-boot on the same machine. Not exactly free software, but definately open-source, and certainly not dead.
A host is a host from coast to coast, but no one uses a host that's close
What? Me worry? (Score:2)
After all, they give me plenty else to worry about [slashdot.org]. (My thoughts here [slashdot.org])
Don't worry, just a bad case of caffiene deficiency syndrome.
Re:Big Brother is Watching (Score:2)
Even if they are able to track everything perfectly, no one has time to sift that information for anything other than the blandest types of information. Given that all the marketing efforts in the world don't seem to be able to consistently deliver well-targeted ads to either my real mailbox (most of these don't even have my name spelled correctly) or my emailbox assures me that it will be some time before there is really an issue here.
I'm far more worried about the very real news that the FBI engages in constant stings (and in the process may be one of the major providers) for child pornography. I'm a lot more concerned that European police are actually arresting people for "crimes" like using Napster or writing software like DeCSS. In the end, we have much bigger privacy worries with police forces using extremely sensitive infrared, microwave, and other devices to scan our houses (so much for curtains) and maintaining computerized, nationalized databases on citizens (just wait until some hacker manages to get a few good FBI or IRS files).
You say you're glad to not live in the US, so which country can I join you in where freedom is eternal, easy, and government mandated?
Re:This is old news (Score:2)
Is that what the girl at the bar told you when you asked for her number?
How can you blame MS for this? (Score:2)
From the data presented, it seems LinkExchange is the most common "web bugging" service. But that's what it is, a service. The companies paying for LinkExchange ads are the ones driving the "bugging". Without companies wanting to advertise and do business cheaply on the web there would be no LinkExchange/bCentral. Just because LinkExchange seems to be the most popular of web ad services doesn't mean it's some evil MS plot to bug the world. It just seems to be doing good business. If you ran an ad service, wouldn't you dream of the same?
Re:Who cares? (Score:2)
It sums up to a lot of packets.
Damn Buggers (Score:2)
--
Re:This is old news (Score:2)
You think that's bad? (Score:2)
Other statistics on site (Score:2)
The interesting thing was that while Apache still has the lion's share of web servers in the survey, it has been losing ground to IIS. Given all the hacks on IIS-based servers recently, this is an unsettling trend.
Info v Privacy (Score:2)
The ISP is doing this service: connects me to the internet, hosts a lot of the sites I am reading, protects me from spam.
Knowing traffic on certain sites helps my ISP do that.
This information, if properly anonymized, is a useful commodity to other net firms as well, and helps them to provide us with better service.
If someone responsible can find out who is visiting a site that posts illegal information, then they can get better data on how to fight that particular crime.
It is up to users to determine where this technology is applicable. But I wouldn't dismiss web-bugging as a tactic out of hand.
Re:Buggy vs. Bugging (Score:2)
But that leads to the worst outcome of all: unpredictable results.
The one way you can be sure that a web page will work properly everywhere, is if all browsers follow the standard (any standard; I don't particularly care whose). Otherwise there are going to be pages that break some places and not others, and that means higher development costs, testing costs, and lost visitors. An awful thing for the industry (though perhaps a great thing for amateur-hour FrontPage mavens).
Re:A question about the proxy use (Score:2)
If they cared what you do, they could watch your traffic with roughly equal ease whether or not you used the proxy.
Re:Bad statistics (Score:2)
And now for a highlight from akaikai.com -- In today's fierce competition for Internet eyeballs, customized Web site content is big news. Customizing your content to individual end-users makes your site more relevant, enticing visitors to stick around longer-and come back more frequently. Akamai's EdgeScape service enables you to make customization a reality by accurately identifying the geographic location from which users access your Web site and the network origin of the user's request. So, how do you "customize content" without "tracking where people go"?
Re:Who cares? (Score:2)
Copyright your surfing habits? (Score:2)
This would not only make it possible for us normal web users to make a few bucks, but should also shut down this act of privacy violation rather quickly!
You are _not_ anonymous (Score:3)
Re:So um... (Score:3)
Whodathunkit (Score:3)
Yeah, I think we can all agree that Microsoft has buggered the web...
Re:Associating e-mail addresses with cookies (Score:3)
Another way would be to put a web bug in the e-mail that the site uses to confirm the order.
--
Re:Who cares? (Score:3)
How could they ever muster enough money, processing power, database space, and brain power to try and corrolate the information they get from web bugs, sales at one of their subsidiaries, registrations at popular web sites like MSN or hotmail or msnbc, and product registrations of office and IE.
Why that would take millions of dollars and I really don't think MS can afford such a large outlay even if it means making tens of millions selling that information to others.
Re:Associating e-mail addresses with cookies (Score:3)
Re:Who cares? (Score:3)
Re:Info v Privacy (Score:3)
By invading the private lives of every american household, and doubling the world's incarceration rate, the US can effectively wipe out marijuana use completely.
By warehousing consumer data large corporations can market more effectively, that is, convince you that you are not happy w/o their product.
Time to wake up the populace: Your well being is not a univariate function depending only on GDP growth. Crime prevention will not help your well being if the means outweigh the ends. Does nobody care about search and seizure rights?
Since I despise spam I find this from the FAQ (Score:4)
from the web bugs FAQ [privacyfoundation.org]
11. Why are Web bugs used in "junk" Email messages?
To measure how many people have viewed the same Email
message in a marketing campaign.
To detect if someone has viewed a junk Email
message or not. People who do not view a
message are removed from the list for future mailings.
To synchronize a Web browser cookie to a
particular Email address. This trick allows a Web
site to know the identity of people who come to
the site at a later date.
Spam sucks
This is old news (Score:4)
God, that was a bad movie. Thankfully, I don't remember the title.
Google, too (Score:4)
I could probably whip up a Perl script to do this with libwww pretty easily. I can't believe whoever did this survey didn't!
Confessions of a spammer (Score:5)
So, I was thinking about this and that today while I was sending my stupid spam off and something came to me. I know there was a proposal or something not too long ago that had to do with a unique identifier tagging unsolicited email. Now, if ISP's and telco's are supposed to be equivalent (right?), why is it that I hear you can block unknown callers/telemarketers and stuff on your telephone, but I can't block unsolicited email without trying to filter them individually with a spam filter which seems the equivalent of using your call blocking (which by the way has a limit of a few numbers at least in my area). Even if these aren't the same things I still believe it would be best if there was a unique ID on junk email because it is just as much of a problem to me when a phone rings and its junk or when my mail notify goes off and it's junk. How in the hell these two are different is beyond me but looks like that idea just didn't float anyway.
As far as web bugging goes, I could care less whatever doesn't steal from me or interfere with my time. Wading through junk does and it's just not fair. I may sound like a hypocrite for saying all this because of what I do at work, but I'm just following orders so I can make enough to feed myself and have something descent on my resume. I may have a fancy job with email, but i don't make much money and I'm a veteran employee. I'm not a moron, just stuck growing up in kind of a redneck area (with scarce IT jobs) and being taken advantage of by the hi tech that came to town. Cheap labor we are for them. I fully intend to get the fsck out out of dodge.
So um... (Score:5)
- A.P.
--
* CmdrTaco is an idiot.
Bugger (Score:5)
It's worth noting that Bugger [dictionary.com] has a few other meanings than "One who plants bugs."
Associating e-mail addresses with cookies (Score:5)
I place my bugs all over the internet. You visit a site with one of my bugs on it. This sends a new cookie to you. You now have a cookie from "WebBugsAreEvil.com" on your hard drive. Every time you visit another site with one of my web bugs in it, your cookie is sent to my host "WebBugsAreEvil.com" including the URL of the page that you are viewing. Thus, I build up a detailed profile of your web surfing habits.
Now suppose you place an order on one of these sites and leave your e-mail address and other personal information. The site sells your e-mail address and other personal info to "WebBugsAreEvil.com". I now have your personal information and your cookie, but the cookie ID is not yet associated with your personal information because these were collected by two different servers. I need to do one more thing to put them together.
I do a mass mail out with all the new e-mail addresses. The e-mails are HTML-enabled e-mails. Embedded at the bottom of the e-mail is this web bug:
<IMG WIDTH=1 HEIGHT=1 border=0 SRC="http://track.WebBugsAreEvil.com/cgi.bin/ping
It's a 1x1-pixel GIF that has a single clear pixel in it; this is where the euphemism "clear GIFs" comes from. You cannot see this GIF.
When you open the mail, this new web bug is sent to WebBugsAreEvil.com. Because the URL has your e-mail address in it, and it also sends your "WebBugsAreEvil.com" cookie with the HTTP GET request, I can now associate your personal details with your surfing habits.
In short, it is very easy to remove anonymity.
I don't know about you, but I find the idea of anyone having this amount of knowledge about me and my browsing habits to be uncomfortably close to Big Brother's surveillance from George Orwell's novel "1984". Is your telescreen on, Winston?
--
Defeating web bugs (Score:5)
It's not hard to stop a site from using cookies as a tracking tool. If they cannot store a cookie on your hard drive, that cookie cannot be used to profile you.
The way to defeat this is to prohibit the web sites that use web bugs from storing cookies on your computer. A good browser will have security settings that can be customised. I place all web sites that I trust in my collection of trusted sites. These sites can store cookies on my machine. Sites that are not in my collection of trusted sites must go through the default setting where I must approve each cookie with a click before it can be stored on my hard drive. Persistently annoying sites get placed in my collection of restricted sites, which are prohibited from storing cookies. Sometimes, a trusted site that I have omitted gets added to the trusted list.
If you want to start a database of restricted domains, a good place to start is your cookie collection. You will find a lot of sites that you never visited in that list. Add anything suspicious to the restricted list before deleting the cookie.
I have only been doing this for a few weeks, so I haven't got any good results to report so far. I'm sure I'll get good results doing this, and I invite others to try it. It does involve a little work, but eventually I hope to have reasonable web-bug-free privacy online.
--
Re:And a web bug is...? (Score:5)
http://www.privacyfoundation.org/education/webbug. html [privacyfoundation.org]
Re:Associating e-mail addresses with cookies (Score:5)
I do a mass mail out with all the new e-mail addresses. The e-mails are HTML-enabled e-mails. Embedded at the bottom of the e-mail is this web bug:
Actually this extra step of sending a web-bug infested spam is not even needed in most cases. It's enough if the surfer enters his e-mail address into any form on the web which uses the GET method, and which leads to a page having a web bug/banner ad from WebBugsAreEvil.com. The site serving the form does not actually need to be in cahoots with WebBugsAreEvil, apart from the obvious contract for serving its banners. Indeed, with the GET method, form data (containing your E-mail address) will be part of the URL, and thus will be sent to WebBugsAreEvil in the Referer header field. Much more discreet and reliable than sending a webbugged spam, and much more far-reaching too: using the same method, WebBugsAreEvil can collect all kinds of interesting info: First name, last name, home address, all kinds of demographic info such as age, yearly income, hobbies (if user ever participated in a survey having such a form), credit card number (if merchant was foolish enough to have his order form submitted via GET rather than POST). N.B. Even https doesn't protect against this, as this is data that is "intentionnally" sent to WebBugsAreEvil, rather than intercepted...
Why does Microsoft do this? (Score:5)
Like forcing you to use cookies in Internet Explorer, or rather, transmitting cookies to *.msn.com sites no matter what you configured, containing personal information about your windows installation.
See also here (http://slashdot.org/yro/00/11/02/1639247.shtml) [slashdot.org]:
For the sake of the privacy of those who must use Internet Explorer: Firewall msid.msn.com. Forever.
Bad statistics (Score:5)
This is quite bogus, as evidenced by the #2 ranking of akamai; the fact that many high-traffic sites have their images served from akamai's network does not mean that akamai is tracking where people go.
Who cares? (Score:5)