New Technique for Tracking Web Site Visitors

bigtallmofo writes "According to Jupiter Research, 58% of web surfers deleted cookies from their system in 2004. This has sent a loud message to marketers in regard to consumer's preference as to tracking their online activities. The marketers have responded with PIE. Persistent Identification Element (PIE) is a technology that uses Macromedia's Flash MX to track you even without using cookies. Macromedia has created a page to instruct users on how to disable this."

Not actively deleting cookies

[suso]

Somehow I doubt that 58% of users are actively going into their browser settings and deleting cookies themselves. This is most likely users are reinstalling their operating systems [microsoft.com] or using some spyware removing software that is removing their cookies. So I think that this PIE software will not help much. Trying to track visitors is an uphill battle.

Flash(id)blocker

[iamavirus]

Request: Can someone make a plugin for moxilla/firefox that blocks this? This would be somewhat akin to the flashblocker plugin that already exists (and is highly recommended).

Camera / Microphone

[beerman2k]

I've noticed for a while that Flash, by default, denies access to your camera and microphone. I'm wondering however, why there is even a setting for this. Who in the right mind would allow random Flash applications access to their camera and microphone? What use would this have?

Re:Not actively deleting cookies

[Anonymous Coward]

Why isn't using an antispyware program to delete cookies considered "actively deleting cookies"? Just because you use software that accomplishes the same thing doesn't mean the cookies aren't getting deleted. That percent is probably accurate.

As far as reinstalling operating systems. Do you really think people really reinstall that often?

58% misguided fools

[yipyow]

the whole delete your cookies thing is silly. i run several web sites that use cookies to track logins, not for me to track them but for the site to track who is logged in. the browser sends the cookie to the site, and if the cookie's id matches the one stored in the database, the user is trusted. this is a fairly good way of identifying logins and if you delete your cookie you will simply be logged out. most sites use cookies this way and if you have a good browser, you can see what info is stored there anyway. i suggest opera [opera.com] because it has a good cookie manager that also integrates well with its password manager. if those numbers are correct, then 58% of internet users have been misled by some media outlet into believing that browser cookies are evil. that's not to say that some aren't used for marketing purposes, but really, if you think a site is trying to track all that info then find a better site. don't just randomly delete cookies, some web administrator put them there for a reason, and it's probably to help you use their site.

Re:This gives me a great reason

[NinjaFarmer]

To require that all websites ask your permission before using your camera or microphone, or to prevent any website from accessing your camera or microphone, you use the Global Privacy Settings Panel.

To specify the amount of disk space that websites you haven't yet visited can use to store information on your computer, or to prevent websites you haven't yet visited from storing information on your computer, you use the Global Storage Settings Panel.

To specify if certain websites are allowed to access information on other websites, you use the Global Security Settings Panel.

To specify if and how often Flash Player should check for updated versions, you use the Global Notifications Settings Panel.

To view or change the privacy settings for websites you have already visited, you use the Website Privacy Settings Panel.

To view or change the storage settings for websites you have already visited, or to delete information that any or all websites have already stored on your computer, you use the Website Storage Settings Panel.

If you have to disable all that, flash better not be on my computer.

Re:This gives me a great reason

[ajs]

Flash has a number of excellent features, which will continue to be a useful and valuable thing until SVG integration into mainstream browsers is complete.

Vector drawing is one of those things that sounds like a useless add-on until you consider how much time and disk cash you devote to every two-bit logo you see every day. If logos were all vector graphics, they'd be far smaller, far better looking on whatever display type you happen to have (because YOU get to choose how the rendering is optimized for that device) and generally much more usable.

Woefully, this isn't why people use Flash. People use Flash because they want to ANIMATE, and animation is rarely a boon for the end-user.

Even worse, it's often used to hijack the look and feel of your browser, imposing some horrid DVD-like menu system that you have to re-learn to interact with (and have no hope if you're disabled).

Re:Here's another hint...

[XorNand]

What do you expect from the company that "invented" those multimedia, pop-up elements that take over the entire browser window (aka "Shoshkeles [unitedvirtualities.com])?

Re:Just don't have flash installed or activated.

[bratmobile]

For the last year or so, I've run with Flash disabled. I use Avant Browser, which is a shell around IE, and which fixes a LOT of the problems with IE. It provides a very fast way to toggle Flash on and off. Ordinarily, I ALWAYS have Flash disabled, and I only enable it if there is a specific site that I look at. Browsing the web without all those stupid animated ads is SOOOO much better. (I also have animated GIFs/JPEGs turned off, too. No more god damned click-the-monkey ads!)

I like Firefox, but this is one thing I miss. Does anyone know of a plug-in for Firefox that lets you easily toggle Flash on/off?

If you have to use IE for some reason, try Avant [http://www.avantbrowser.com] [avantbrowser.com]. It's a BIG improvement over the vanilla IE, and it uses the same rendering engine. So Avant works with sites that only work with IE. Not that I want to encourage that sort of thing (IE lock-in), but sometimes you don't have any other choice.

SVG's probably not gonna take off

[Anonymous Coward]

I'd like to see SVG gain ground but have doubts as to its viability. If you've ever tried to develop an SVG app, or reviewed some of what's out there, you quickly realize that these are going to be HUGE AND SLOW for anything more than very simple animation and interactions. A comparable Flash app is often 1/5th the size and capable of running multiple threads of media and interactions in real-time.

flame away ;)

For your convenience

[JadeNB]

It never ceases to amaze me how even the most bend-over-and-take-it initiative from companies/governments/&c. is billed as for your convenience, even when this is ludicrous (e.g. -- to bring up a real if slightly off-topic example -- `For your convenience and safety, outside food and drink are not allowed in this movie theatre').

I am particularly thrilled with Mookie's quote, `The user is not proficient enough in technology to know if the cookie is good or bad, or how it works.' Not some users aren't -- no user is. Shame on you, Slashdotters who delete cookies! You're practically stealing from Mookie, and putting yourself in danger besides! Imagine if your favourite site could no longer address you by name!

Stop tracking the easy way.

[Anonymous Coward]

It appears that if you want to stop tracking, you have to do it for every site you visit. So, I found an alternater method:

rm ~/.macromedia;ln -s /dev/null ~/.macromedia

Re:Here's another hint...

[Maestro4k]

P.S. I block Flash during normal browsing. One more beauty of non-IE browsers!

• By default, yes, IE can't block flash. Firefox doesn't come configured to block it out of the box (although if you don't install the plugin you're not going to have it) as well though. Personally I use Maxthon, an IE browser wrapper that is quite nice. Unlike Firefox it comes preloaded with ad blocking settings for inline ads and popup ads. Turning on ad blocking will eliminate a good 90% of the ads online and it's easy to add more with a right click selection.

• So not trying bash Firefox or anything but it's not the be all, end all of browsers. It can be difficult for novices as well since they visit sites that we (more tech-oriented people) don't, such as all the silly humor and greeting card sites that just rehash ancient jokes with images and music. I had a hell of a time getting Firefox to play background wav files on my mother's computer, something that was important to her no matter how silly I thought it was. It'd have been nice if I could have found an answer to this on Mozilla.org/Getfirefox.com but I wasn't able to. I finally figured it out from some developer questions on a forum asking how to get background wav files to play in Firefox/Mozilla. (The solution was installing Quicktime alternative and setting the mime type for Wav files to be associated with it. For some strange reason Firefox wants to use Quicktime to handle wav files. This was highly unintuitive, especially when Firefox would claim a required plugin wasn't available for a page and then say it was Quicktime (which was installed). It took a lot of looking at the source of pages before I realized that the background wav files were linked to Firefox saying Quicktime was needed but not installed on some pages. Some Google searches later I found the forum posts and it all finally made sense.)

  All that said, I want to see Firefox improve and continue to challenge IE and take away market share. In the long run we're all going to be better off with the competition. Hell, eventually IE might even end up safe to run for regular users. (OK, probably not but it would be nice. :) )

Wrong conclusion drawn from the results

[c0d3h4x0r]

This has sent a loud message to marketers in regard to consumer's preference as to tracking their online activities.

Bad assumption. This could just mean that people value their privacy. Most people don't even know what cookies are, but they do know that when they clear history, cookies, and everything else, then the next person who uses their computer to hit MSN or Yahoo or a variety of other sites won't accidentally be logged in using their cached credentials.

Also, you're forgetting about all the false positives that many corporate firewalls will generate.

This survey is hopelessly flawed. If you want to collect real data, you have to track how many times users actually go into their browser settings and manually clear the cookies, and you have to also ask them why they are doing it.

Will anti-spyware (Ad-Aware? Spybot?) catch this?

[parsnip11]

Just wondering if any of the existing anti-spyware packages out there are wise to this and disable the flash setting as per the macromedia instructions... one would hope they would (or at least will in the near future).

Re:Here's another hint...

[Al Dimond]

"If you are visiting a site, the developer of that site has every right to track your page views while you're there..."
You're not *there*. The developer isn't putting ads on his site, the developer is putting ads on your computer screen. More specifically, you tell your computer to send a request to a server for information. The server sends back information (often an html page) with references to other information: the advertisements and other images on the page. If you don't need or want to see the advertisements, why should you waste your own bandwidth sending more requests to the server and downloading ads?

As far as cookies go, at the "bodega on the corner" the "guy who works there" writes down *in his own records* when you came and what you bought. He doesn't give you a piece of paper and ask you to file it in your records and then bring it back to him next time you visit.

Re:This gives me a great reason

[Storlek]

One really neat feature of Flash is its ability to stream an MP3 file within the browser, and do so portably and easily. Take the Xploding Plastix [xplodingplastix.com] site -- this is an excellent demonstration of Flash done right. (It also helps that their music's great.) Pure Volume [purevolume.com] and My Space [myspace.com] have Flash-based players as well, though the S/N ratio there is pretty weak.

It's a double-edged sword, though, and for every site that uses Flash in a decent manner like this, there's a Flash ad with sound effects, and two more with graphics that slide, blink, spin, change colors, and suck up a lot of CPU for no good reason. On top of that, now we have Flash-based click tracking. This seems to happen with a lot of promising technologies; it has an obvious benefit, but the wrong people started using it for the wrong things. Fortunately, at least there's Flash click-to-play.

Re:AdAware / AntiSpy (was Re:Not actively deleting

[Anonymous Coward]

Actually we just like screwing up the advertisers and making them waste their money. This isn't about us users desiring to be advertised to in an efficient and effective way. It's war against marketers. We hate you.

Re:AdAware / AntiSpy (was Re:Not actively deleting

[Lumpy]

nope what you say does not affect anyone in the corperation I work for.

all WEB internet traffic is filtered through privoxy.. therefore you can try to show any of us here the same ad over and over all you want. they do not get through and they do not get displayed.

we cut internet bandwidth use by almost 45% by adding a privoxy proxy in front of the corperate proxy.

if we block all your cookies and ad's it's extremely effective.

BTW, you cant track any of us in this company by IP. because it looks like there is one IP address that is surfing a whole crapload of places.

another nice side effect of ad filtering proxies.

I just wish that ISP's would offer a free privoxy proxy for it's users... an opt in for the customer to opt out of all the annoying web content and tracking.

So I can account for several thousand websurfers out there that you can not track and your ad's never get seen by. and I'm betting there are many many more than just the ones that work here.

Re:AdAware / AntiSpy (was Re:Not actively deleting

[Anonymous Coward]

>- we can't tie cookie data to private user data. >I'm sure some people try to (although everyone >involved, including the user, would have to jump >through some pretty annoying hoopes ...

This is just not true. The key issue here that most people are ignoring is email. If the email content is HTML then you can tie someones email to cookies. It requires no hoops or anthing like that. This by the way is one reason that the Thunderbird email client does not allow remote loading of content by default to prevent this privacy hole.

My solution is simple

[TractorBarry]

Well I've already bypassed this new fanlged "PIE" crap by not installing Macromedias bloody Flash in the first place.

Seriously what good at all is Flash ? All it's used for is yet more marketroid spam. Having a flash enabled browser is like inviting an obnoxious teenager to come in your house and yell at you.

So what do I miss not having it ? About 3 mildly entertaining "cartoon" like things (I've seen these on a co workers box and whilst they're quite amusing I don't see my life as being any poorer by not seeing them more often) It utterly amazes me that people will willingly run this crap.

Sorry but I'm old fashioned. The only thing I want from a website is some well crafted HTML/CSS, with some supporting plain "non animated" images, and at the most, some simple client side javascript for stuff like menus (and don't worry I'll be looking at your script first. If I can't see it, it ain't running) You can do what you want on your server but not in my broser.

History has told me that allowing anything else is a disaster waiting to happen (Active-X anyone ?)

But ultimately my message to advertisers etc. is simple. You're not using my resources to advertise at me, to track me, in fact to do anything. You're not welcome to phone me, send me junk mail, knock on my door or stop me in the street. Bother me with your crap and you'll get a simple reply "Fuck off and die".

There that told 'em ;)

Re:AdAware / AntiSpy (was Re:Not actively deleting

[drinkypoo]

we can't send you to the right clickthru! I know we dont click on banners very often, but when you do, wouldn't you rather go to the correct clickthru rather than an the clickthru beloning to somebody else's impression who is behind the same firewall as you?

Uh, this is only true if you are complete and utter idiots. Are you a complete and utter idiot? All you have to do is parse the clickthrough from the URL information and bingo, you can grab unique strings. If you are currently using a cookie to do that, you are stupid. There is much less overhead involved in just putting the link in the URL.

You, sir, are simply spreading bullshit to try to get people to not delete your stupid asinine spyware clickthrough crap. I both block advertising cookies when I can, and use adblock to block ads so I don't have to see them at all. Consequently, I can't click through, because I don't even see the ad. This all works out perfectly for me. Meanwhile you can blow your cookies out your ass.

Opera blocker

[rishistar]

The Opera 8 [opera.com] Beta I use has a nice turn plugins on/off button which I put next the turn images on/off button. Admitedly these are global rather than per site, but in most cases flash is used in adverts so it doesn't trouble me having plugins turned off all the time.

Re:AdAware / AntiSpy (was Re:Not actively deleting

[SirSlud]

Oh my. Where to begin.

> all WEB internet traffic is filtered through privoxy.. therefore you can try to show any of us here the same ad over and over all you want. they do not get through and they do not get displayed.

Where, in my parent post, did I say anything about blocking the actual ad requests? I have no problem with this, and if you do it, more power to you. I was talking STRICLY about cleaning cookies as a means of fighting advertisers.

> BTW, you cant track any of us in this company by IP. because it looks like there is one IP address that is surfing a whole crapload of places.

Again, my p[arent post goes to great lengths to point out that I know that, and when we cant use cookies, we use IP addresses, which are inherently less accurate for the very reason you repeat for me.

Its funny, the combative tone some of these replies take. I have no problem with anyone blocking ad servers via proxies .. go for it. I only meant to point out that relying on the deletion of cookies to thrawt advertisers is not a terribly effective tactic. Proxying out requests to ad servers and networks works wonderfully; but if we dont serve an ad to you, why the hell would we want to track you? To us, you wouldn't exist, which is fine by us and you.

users are often instructed...

[krunk4ever]

to delete cookies to fix problems. when my dad couldn't get his bofa online account to work, the customer service rep told him to delete his cookies as well as the temporary internet files. and guess what, that did the trick!

Re:AdAware / AntiSpy (was Re:Not actively deleting

[SirSlud]

Thanks for the insults! I think they really helped in making your point.

One small problem tho. You're dead wrong if you're running an ad network. There are some very good business reasons for using cookies to tie the click to the impression, but I'd rather not enlighten you since you're not terribly interested in anything other than:

a) insulting me
b) noting that you block all ad requests, making your input to this discussion even LESS relevant (since the original discussion was about deleting cookies, not blocking ad requests.)

Man, I have no problem with anyone blocking ad requests. I'm sure you'd all love it if I got mad or thought that blocking ad requests was wrong, but hey, if you can do it, more power to you. I dont think your indebted to view advertising, although you clearly wish I did. My only point was that IF you view internet advertising, its in the end users' interest to use cookies .. blocking them simply makes the user experience even WORSE.

However, if you wanna take a stab at it, try and figure out why using cookies is better than parsing URLs. I'll give you some credibility if you can; otherwise, I'll assume you're a techy end user who is a little out of his industry element.

Re:AdAware / AntiSpy (was Re:Not actively deleting

[Anonymous Coward]

"A few things happen if you dont have cookies, the most important being that we can still do pretty much everything we can do with a cookie, only with less accuracy (since the fallback is to track ads seen/clicked via your IP address):"

- only the first time I visit a site, after the first load of the page I'll have all the ad-images, iframes containing ads, flash ads, url's of ad-servers I find referenced on the page, urls for javascripts used for tracking or ad related javascripts etc etc blocked via Firefox's very nice adblock extension. You only get info via those sources from me once.

"- we can't implement frequency capping very well. this means you have a much higher chance of seeing the same damn ad, again and again and again. you like?"

- Again, adblock nicely prevents this. No damn ads... I've got hundreds of adservers and thousands of specific images/dirs on sites with adimages etc etc blocked via adblock, I hardly ever see a new ad when visiting a new site (since most get ads from the same few places) and the web has become a much nicer place.

"One thing for sure is that internet advertising isn't going away, and sites that you like (this one included) stand a much better chance of staying subscription-free if the advertiser pays /. more for every impression or click. More optimized delivery = more money for publisher = less ads for you."

- AdBlock already gives me less (next to none) ads - I'm happy... Sites may make less money by me not loading their ads, but honestly I don't give a damn, I didn't ask for the ads, I don't want the ads, it's not my problem if they can't find a less annoying source of income. If that means some sites close down, well tough, I think I'll survive.

Ohh, an on the subject of cookies, I do allow some of them - but only if related to the same site as I'm browsing, and only from sites I trust, and in any case they all get deleted when I close my browser.

Choice is a four letter word.

[Anonymous Coward]

"So it's our choice and we're making it.

Now whether you like it or not I WILL stop you from spewing your damn graffiti onto my hard drive. If you want to keep precious IP tracking data on your drive then that's up to you. I won't let door to door salesmen make chalk marks on the side of my house for later reference either. Why do you find this so hard to understand?"

Choice is all fine and good. Howver were the "choice" crowd fails is in realizing that decisions have consequences, and they don't want to bear them. Is it any wonder the majority don't take the "choice" crowd and their stance seriously?

Re:AdAware / AntiSpy (was Re:Not actively deleting

[Anonymous Coward]

To not advertise is suicide.

Then get on with it.

I want advertising officially classified as toxic waste and strictly regulated by the government.

Already there are laws against letting your dog shit in the street, against dumping rubbish in parkland, and against playing loud music in the middle of the night. I want the same protection against the torrent of advertising that washes over us like the outpouring of a broken sewer.