Do Not Call Site Has AT&T Stats Tracker?

hookedup writes "The Register is carrying an article about suspicious content at the FTC's Do Not Call site. It has been a runaway hit with US consumers, with over fifty million signing up to avoid spam calls from telemarketers. But the web site hides a little secret: a 1x1 pixel image tracking visitors... and where does the trail lead but to the AT&T, one of the most persistent telemarketers." However, the tipster, James 'Kibo' Parry, notes: "There isn't any evidence proving they _are_ up to anything improper, but this relationship between the FTC and AT&T fails to avoid the potential for impropriety."

Nitpick

[trveler]

Just a small nitpick - the article fails to mention that only users of browsers capable of (or set to by default) showing images can be tracked by this method.

Long live lynx!

There it is!!!

[EggMan2000]

It is http://aens.net/ [aens.net]

Att Managed Services. I assume that it the ISP that is hosting this site or something?

ATT has the contract to impliment the DNC

[Christopher_G_Lewis]

Um...

AT&T Government Solutions Will Operate Do-Not-Call List [donotcall.com]

Re:should be called

[pla]

the "don't call me, spam me" list.. saying they are collecting millions of email from users and have a dubious privacy policy.

Agreed. So, why do Slashdotters, a group I consider more privacy-aware than most people, sign up through their website? Use the 800 number, and you don't need an email address (and you don't really "give up" any info by telling them your phone number, since they need to know it to block it anyway).

Strange. I agree completely this looks a tad bit unkosher, but a very very simple way around it exists. Use the phone, Luke!

Re:There it is!!!

[jsprat]

And it is inside a <noscript> tag, which will only be fetched if javascript is disabled. Lynx and links will only fetch it if you ask them to.

It looks like its purpose is tracking how many people surf with javascript disabled.

AT&T Runs the site!

[Anonymous Coward]

IIRC, AT&T runs and hosts the site for the FTC - there's no way they could do it themselves... And the webbug is probably part of the standard configuration...

No it ought not to be there, but I assume they are all over the friggin place, and run WebWasher to filter them...

check the privacy policy

[I Want GNU!]

First off, they can log information with or without these "web bugs." I know this because I run my own websites and I track visits because I like knowing how much traffic I'm getting, with what terms, etc.

Given that, this article is useless.

But even more so, if you go to the site it says at the bottom:

This site is operated by Consumer.net and is not operated or controlled by the US Government or the telemarketing industry

Consumer.net testified at Federal Trade Commission Workshops for Internet Privacy in 1997 and the "Do-Not-Call" Forum in 2000.
Consumer.net authored a paper for an Online Profiling workshop at the Department of Commerce in 1998.

The Consumer.net Privacy Policy is found at PrivacyPolicy.com

This privacy policy states:

Web Site Log Files: We site log files are generated that collect the IP Address of the visitor, date, time, and pages visited. Aggregate reports for web site visitors are generated that do not contain personally identifiable information.

Advertising reports are generated that show the IP addresses of visitors who clicked on ads. This information may be sent to the advertiser to confirm the number of "click-throughs." The advertiser normally already has this information as a result of the user clicking on the adverstisement. No additional information about the visitor is supplied to the advertiser. The log files are eventually deleted.

There. Case solved. Stop being paranoid about such silly things. If you want to be paranoid, be paranoid that the MPAA might accidentally associate your IP with file sharing even if you don't file share, or be paranoid that John Ashcroft is using the PATRIOT Act or Patriot Act II (to be introduced in Congress soon) to spy on you for reasons unrelated to terrorism (as he has done). Better yet, donate some money to the ACLU [aclu.org] to protect your civil liberties or to the EFF [eff.org] to protect your electronic freedoms.

Re:AT&T has the server logs!

[matthewn]

Server logs don't tell you everything you need to know if you're going to run a serious, full-service Web site -- things like what resolution your lusers are running at, etc. You need to use 1x1 shenanigans for that. Period.

Re:Kibo?

[joe_bruin]

wow, the same kibo of usenet fame now graces slashdot.
for those of you not familiar with one who has been once declared a "USENET Deity", here's a brief article [wired.com] describing the man, the myth, the legend.

Now THIS is interesting...

[MP3Chuck]

Shortly after I signed up for the Do Not Call list through the website, I began recieving calls (about 4 calls since around Sept 1, I believe) from AT&T about getting long distance service. Or I was eligable to recieve a phone card. Or something. I wasn't really listening. Since I live on a college campus there's really no reason for them to be calling.

Re:AT&T has the server logs!

[pediddle]

As other people have mentioned, the image is inside a <noscript> tag, which means it's very simply a tracker to see how many people surf with Javascript disabled. Server logs won't tell you that.

Re:Nitpick

[Anonymous Coward]

Maybe we should include a "this does not affect the .01% of tinfoil hat-wearing weirdos that use lynx" disclaimer

So I guess you've never come across Mozilla's "Accept images that come from the originating server only" setting?

Re:Oh NO! A tracking pixel!

[LVWolfman]

It probably is a counter. AT&T is the company that the FTC contracted to host the DNC servers. That was mentioned in articles when the DNC site went up and got slammed. The articles stated that AT&T was scrambling to add extra servers to the pool to handle the unexpected load.

Re:AT&T has the server logs!

[crapulent]

Uh, what? How does loading a 1x1 GIF reveal anything about your screen resolution? It will simply be another entry in a log file, which records the URL, the IP address, the time, the referer, and the user-agent. All of those fields are present in the log of the server that's serving the main html page.

In order to determine any further info about the user, you'd have to use Javascript to get this information from the DOM, and then somehow code that into a URL which gets submitted or posted to a server somewhere. From the blurb in the article there was no such code, just a simple IMG tag.

Re:AT&T is a huge corporation

[southpolesammy]

As someone who used to run www.att.com [att.com], I think I can safely say that they know each other.

Intimately.

NOT the same company

[shaunj]

AT&T the phone company is NOT the same as their hosting company. They may both be affiliated, but they can do seperate business. Common people!