Browser Spyware: Watching Where You Linger 395
An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.
Sinister... (Score:2, Funny)
I guess I shall just have to become left handed then.
Re:Sinister... (Score:3, Insightful)
So I thought about it, and here is a possiblity:
If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page. Every link on that page fires off a JavaScript which will submit the form and then redirect you to which ever page you requested. The mouse movement data can only be reported if you select another page.
In all honesty, paying attention to your actions is the same thing any brick and mortar shop owner can do why watching you walk down the aisles. When stores were smaller and people friendlier, shop owners made it their job to remember your name, your family, and your preferences (The usual, Mr Smith?). What this technology is trying to do is no different than that, it is just not always being done by not-so-friendly people.
Re:Sinister... (Score:2, Informative)
I can imagine it now: hundreds of hits a day showing that the only widget the cursor moves to is to close the browser window. Confusion in the corporate ranks as a solution is desperately sought to the mysterious problem causing so much loss of revenue. Complete site redesign at the cost of millions. And hopefully, they'll run out of possibilities and twig to the idea of removing the spyware, and voila, hits increas again. Bleh, yeah right.
Re:Sinister... (Score:5, Informative)
If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page
No ifs about it. Javascript has quite a number of mouse dependant event-handlers, onMouseOver, onMouseOut, onMove, onClick, onMouseDown, onMouseUp.
Getting the details back to the server is even easier, just condense mousemovements into a bunch of characters (like Logo commands), stick them into a query string.
Now use a hidden image (a transparent 1x1 gif), useing javascript you can change this object on the fly - change the src attribute of that image to a cgi script, with the query string attached, plus a timestamp (making the url unique, thus not cached). The cgi-script then stores/analyses/ignores the data presented, and returns a status 204 - No change.
Its too simple, really.
On the plus side, hopefully it will convince more and more people to disable Javascript - and then boycott any websites that rely/insist on having it enabled. There's enough sites out there as competition to safely avoid intrusive websites - if not, then there's a niche market you can join.
Re:Sinister... (Score:2)
If I'd been given more time to do it, and the ideas hadn't kept changing, I'm sure that could have been better engineered.
Re:Sinister... (Score:2, Interesting)
Interesting thought to have a Javascript that makes a webpage act as a giant rollover. Perhaps one which tracks cursor coordinates in realtime, along with mouse button presses...
Re:Sinister... (Score:2, Insightful)
No. I am using my hardware, and my bandwidth and watching it in my home. This is more like Victoria's Secret setting up an X10 in my bathroom to do "market research" on how i view their catalog.
Re:Sinister... (Score:2)
Not necessarily. I get the scrollbar on nearly all of my programs situated properly - on the left. However, I rarely actually use a scrollbar anyway - preferring to use the keyboard whenever possible, and page-up/page-down almost always works. So even with the scrollbars on the left, the mouse pointer is most often shoved out of the way to the top-right corner of screen, simply because that's the most natural-feeling place to flick it. So I'd guess a leftie would tend toward the top left?
marketing (Score:3, Offtopic)
Anyone else up for using keyboard shortcuts now?
Re:marketing - how's this for annoying (Score:3, Interesting)
Re:marketing (Score:2, Funny)
Popups will only get worse (Score:2, Funny)
Must hit post before I think about repercusions.
What matters is who they tell, (Score:3, Interesting)
I can't stop them from tracking (yet.) I do turn off all activeX, ask on cookies, no scripting, etc... but if they can get around my disabled browsing habits, then what matters is who they tell.
Time to go back to safeweb, as well.
Enough... (Score:3, Interesting)
Unfortunately, the average person takes what is available to them simply because of the convienience of doing so. Apathy sucks, doesn't it.
Anybody up to writing an HTTP proxy or filter that strips out this info as it is being returned to the offending site? I guess it should then redirect the user to a site informing them of what has or was about to happened. Maybe the internet community should develop an RBL-like list for websites that pull this stunt? Anyone up for an RFC?
Here's a thought...remember Dr. Hawking's fear that machines may someday subjugate us? Image a concious website that maniputes us into doing whatever it wants us to do or believe. Damn...my computer is calling me again....
Deus Ex (Score:3, Funny)
Somebody was up late playing Deus Ex last night, right timothy??
A better idea.... (Score:2, Funny)
Does anyone actually *READ* porn sites? Maybe the keyboard needs a 'moisture detector' to see when and if the user is drooling, then send the result back to the spy server.
Re:A better idea.... (Score:2)
Is it just me or is the web becoming too annoying (Score:3, Insightful)
Re:Is it just me or is the web becoming too annoyi (Score:5, Informative)
Re:Is it just me or is the web becoming too annoyi (Score:3, Informative)
Even more off-topic:
Does anyone know how to make Mozilla lie about what User-Agent it is? My bank software rejects Mozilla, claiming it's not compatible. I'm pretty sure it is, and I want to try to make Mozilla claim to be IE on that domain.
Re:Is it just me or is the web becoming too annoyi (Score:3, Insightful)
On the topic of pop-ups, I've read through the page you cited, but I still have one more question: does Mozilla have the ability to enable pop-ups only from clicking on a link? Disabling pop-ups entirely is irritating as many genuinly useful sites use pop-ups when a link is clicked. It seems that the Mozilla solution is to add each legitimate site by hand; hardly an optimal solution.
FWIW, OmniWeb [omnigroup.com] has this feature.
- j
Example: Stopping popups in Mozilla (Score:2, Informative)
Most pop-up ads come from one of the usual banner-ad sites, not the actual website, so this feature works pretty well.
Here's my user.js file - you may find it useful. I allow pop-ups by default, except for the listed sites.
Re:Is it just me or is the web becoming too annoyi (Score:2, Informative)
In Mozilla you can disable any javascript method or property on a site by site basis.
So you can disable window.open, OnClose and other annoying methods.
Deny scripts access to data on your browser, screen dimensions etc.
See here [mozilla.org] for info on how to do it.
Re:Is it just me or is the web becoming too annoyi (Score:2)
Or you leave the room, or you hit the "mute" button. Or you tape, and skip over the commericals during playback.
Re:Is it just me or is the web becoming too annoyi (Score:2)
Actually I don't watch television any more, i watch Tivo
Re:Is it just me or is the web becoming too annoyi (Score:3, Insightful)
I hate commercials on TV, but they have to pay for the content. Therefore, I stopped watching, but I don't complain about it - there's no point. Who likes popups? You could use technology to circumvent them, but this is unethical at best.
Unethical? What about the fact that I'm the one paying to download their advertisement? Since I'm the one paying for my connection to the Internet, and all of the traffic on that connection, I have the right to decide what content is appropriate on that connection. If I decide to block useless ads and popups that's entirely my right.
In general, I think that companies which try all of these very annoying advertising strategies are ultimately wasting their time and money. They should go read the Cluetrain Manifesto and get a clue [cluetrain.net].
This would be easy to resist (Score:2)
I can't give a logical reason why this particular technology disturbs me more than other types of spyware, but for some reason the idea of my mouse movements being tracked just makes my skin crawl... Does anyone else have that sort of gut-level revulsion?
Re:This would be easy to resist (Score:2)
(Offtopic) One should note that most companies do not rigidly enforce this and a short talk will usually result in them dropping the request.
Use smart settings to avoid this: (Score:5, Informative)
Re:Use smart settings to avoid this: (Score:4, Insightful)
Re:Use smart settings to avoid this: (Score:3, Informative)
It's a good point, however I don't think it'll help. Many sites are finding otherways of getting around that like using forms parameters within the URL itself. Eventually they'll get intelligent and name the larger images with a tracker extension, but still return the same image. IE, src="logo.jpg-234987575" and merely have their nifty web server strip the extension off (and use it) before returning the image to the caller. You don't need 1x1 imagse when you can use real images.
Re:Use smart settings to avoid this: (Score:5, Insightful)
Example: Let's say you want to draw a horizontal bar with a rounded edge, ala slashdot. You can make an image that has the rounded edge, then a seperate image that's simply a one pixel gif of the same color, that you then stretch by using height and width attributes on the img tag.
This will prevent the color differences between the two images, as they'll both be using the same graphics library to display. This however also minimizes download time, because all you really need to make a colored bar is one pixel of the exact color you want.
Be less paranoid.
Re:Use smart settings to avoid this: (Score:2)
I believe the problem is with grpahics that are 1x1 pixel and not scaled by the img attributes. So I would block any gif that's 1x1 and not scaled in the HTML (or any graphic that's explicitly scaled to 1x1). These are the dangerous ones, and your example does not fall into this category.
Re:Use smart settings to avoid this: (Score:2)
That's still a broken concept. If browsers start blocking unscaled 1x1 images, they'll scale their 1x1 image to be 1x2, and then what? Block all 1x2 images as well? It's a slippery slope.
The fact that they're small does not make them "dangerous". Any image, whatsoever, can be used as a bug. You could use my example of a large horizontal bar as a bug, or the title graphic of the page, or the image used on the search graphic. Every single image on a page can be a "bug". Additionally, every link can contain trackable identifiers if the website designer so wishes.
Re:Use smart settings to avoid this: (Score:5, Informative)
Now I know what you're going to say: "If site X won't let me browse my way, then I don't need site X". Well, damn near every site out there is becoming site X. Whether you like it or not, that's the way the world is moving, and you can either accept their way of doing things, or stay in 1995.
Hmm...just re-read that, and it sounds like a flame...I really didn't intend it to be...just meant it to be more of a wake-up call.
Re:Use smart settings to avoid this: (Score:2, Insightful)
And single pixel images are used in many sites. Again, freshmeat uses single pixel images for thin lines. (I also use them too).
Anyway, forget it. Web is no longer a medium to distribute content, but now formatting and layout.
Re:Use smart settings to avoid this: (Score:2)
not in years, no.
The way I figure it, if you have to buy something then you're stuck turning on those features. However, since you're submitting your address, credit-cards and other personal-info to them it's unlikely you'll care much about mere tracking information. They've already got you, essentially.
Actually, I've been amazed at the number that do work. You're right, of course, many require them. And I do have Konqueror configured to allow JS on some sites. However, by default preference setting is "off" for any "untrusted" site. The sites that I generally turn them on for are E-commerce (as you mentioned above) and other account-type sites where I have accounts located there.
Re:Use smart settings to avoid this: (Score:5, Insightful)
Actually, I usually surf with javascript turned off, and the sites where this causes problems can be counted on the fingers of one hand. And for those rare sites I have the choice of
- not there going again
- just allowing those sites in my konqueror browser's javascript ACL.
Of course, if you're in the habit of surfing to porn sites, you might be somewhat more dependant on javascript...Actually, using javascript well should mean to not make an obligation out of it, but to use it solely to provide additional and optional functionality. The site should still stay useable even if the user doesn't want or isn't able to use javascript. You know, blind people who are bound to surf using lynx (because their braille lines, or text-to-speech engines only support text browsers) cannot just turn on javascript, even if they wanted!
Re:Use smart settings to avoid this: (Score:4, Interesting)
Re:Use smart settings to avoid this: (Score:2)
Re:Use smart settings to avoid this: (Score:2)
I have ACLs for cookies, the sites that actually have some legitimate reason to use them are allowed, the ad-tracker sites are dissallowed. Works great. You can do this in Opera and Konqueror and (I think) Mozilla.
I turn off image loading regularly, and the number of sites that are worth loading and won't work without images I can count on one hand. There's... my bank. Hrmm... can't think of even one more right off, although there probably is.
Same comment for javascript. It's always been more abused than used, and except for my bank I can get by just fine with it turned off.
How many web sites are there out there? Now how many of those are actually worthwhile? Big difference. If you think looking for content, rather than glitzy layout, is "stay[ing] in 1995" then you are the one that needs a wake-up call.
Doing whatever everyone else is doing, just so you can feel like you're current, is not a commendable or desirable habit.
Several answers (Score:5, Interesting)
I have a mutli-level armored approach to browsing:
All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.
I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.
Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.
Re:Use smart settings to avoid this: (Score:2, Funny)
That or type left handed - that always throws them off. Gotta run before they figure out my whereabouts from this post.
Chet
Online molesters are targetting OUR KIDS! (Score:5, Insightful)
"Brick and mortar" stores do exactly this same thing. Many have cameras, the rest use "secret shoppers" (people who look like they are shopping but are really watching YOU) to discourage shoplifting, check competitor prices AND research in-store "migratory patterns". For instance, haven't you ever noticed that ALL grocery stores have the fresh fruits and vegetables right by the door?
This isn't "Your Rights Online". This is "Translating Nothing Cares About In RealLife Into A Scare Story About 'The Net' In Order To Attract Eyeballs To Slashdot."
Re:Online molesters are targetting OUR KIDS! (Score:2, Insightful)
The bread, milk, and fresh fruits are scattered. (Score:5, Informative)
Case in point: The grocery store you referenced. Haven't YOU ever noticed that the dairy, bread, and fresh vegetables/fruits are scattered at different corners of the store.
And you know why, to make you wander the other aisles to get you to buy crap you didn't originally walk in to get.
Re:The bread, milk, and fresh fruits are scattered (Score:2)
Brick and mortar stores != the WWW... (Score:2)
There is NO good reason for the spyware. If the hit info isn't giving them things they like, maybe there is a reason for it. Could be they're doing something wrong- or maybe they bet on the wrong thing...
Re:Online molesters are targetting OUR KIDS! (Score:2, Troll)
Please, someone bounce it back down.
Now, getting to what the article actually says: I'm getting closer and closer to the opinion that we're in the middle of a war on privacy (to use a US-world-view phrase). It started out with the usual garbage about how companies needed to know how good their advertising was (to which I ask "why?").
But, this clearly crosses the line. No one needs to know that on a page with 7 stories, I spent more time looking at the one on penguins. There is no good excuse for this.
"Cheese"? (Score:3, Funny)
Wouldn't a better title have been "Cat"? Or perhaps "Rodent Stalker"?
Re:"Cheese"? (Score:2, Insightful)
Re:"Cheese"? (Score:2)
This is garbage (Score:2, Interesting)
Oh, come on. This is pure garbage. How much info could one possibly glean from whatever javascript the researchers were using to capture the mouse movements? For me, whom uses the keyboard excessively and only moves the mouse when I'm sure I want to click on a link, there isn't anything that they can possibly gather. Besides, if they want to monitor my mouse movements, maybe they can see how quickly my reflexes to close pop-up windows before I even know what's in them come into play.
Eh? (Score:4, Interesting)
Yeah....or I'm one of the 5% of the computer market with a Mac and I'm one of the 90% of Mac users that have discovered that when I type the mouse goes away. So I press down arrow and *poof* I don't need to move the mouse out of the way, and my finger is right where I need it to scroll down to read more of the story.
(Or I could turn off JavaScript, which is a good idea because it gets rid of a lot of irritating popup and popunder ads -- which is a pretty good idea, even 'tho it breaks a few sites)
Client side cooperation required (Score:2)
If I understand this correctly, this technology would require the client to send data to the server about mouse movements, etc, for tracking purposes.
So I could simply elect not to use this type of software, correct?
It's called JavaScript (Score:2)
<rant>
What really pisses me off is sites that have information that I want (in HTML) but won't give it unless I pass through their flash corridor.
</rant>
Re:Client side cooperation required (Score:5, Informative)
Then the javascript code in the main window will fill a string with your mouse movement like:
(100,100)-(110,100)-(110,109)-...
After the buffer is filled enough, it will update the hidden frame with a code like:
TrackerFrame.URL = "http://server/track.cgi?" + str;
That's it. That's all. Your tracking is complete.
Mozilla patch or option (Score:2)
Mozilla already has fine-grained control over which sites you allow to send cookies to. Someone could add another fine-grained feature to control what sites you allow javascript to send http GET/POST commands to. It could also set which javascript commands you want to enable. This is already the case with window.open()
I also thought maybe we could make the broswer show you what info it is posting back, and let you approve it. But then, sites would just encode it so its not human-readable.
So this is a complicated issue, but one we can deal with, since we have Open Source Mozilla.
Re:No client-saide participation: scripting (Score:2, Funny)
But you never know, some marketroid can probably read meaning into how fast you can type GET / HTTP/1.0
Maybe not so bad... (Score:2)
Sure, I don't want someone tracking me, but keeping aggregate data wouldn't be bad. By doing this maybe they can speed up access to information instead of having me hunt around for what I want.
Reading the article (Score:3, Insightful)
Really, if you stay on a page for more than a few seconds, you're probably reading it. And that would surely be simple enough to determine, although you'd have to figure out a bulletproof way to put up an invisible frame in order to send the information to the mother ship. It would probably be easiest done in Java, which can do that without pulling up a web page, but many people have non-working Java, so even that's not foolproof.
Unfortunately for the people who created this model, once people become aware of how it works, it will no longer function. People who would formerly hover the mouse over a link would simply refrain from doing so and therefore give the system no useful data. I also suspect individual personal styles are going to be different enough to stymie them in the end. I am not convinced that people only visit links directly if they have been to the site before, for example.
For the person who said a scroll mouse would defeat this system, I'm sure signals from the scroll wheel can be read as well.
When I am hesitating between multiple items, I will often put them in my cart, look at the total and then remove the one that makes the total too high, or that I'm unsure about. Anything I put in my cart and took out, and any abandoned shopping cart contents, would be a ripe selling weapon that can already be used without relying on this technique.
I think this one's too flaky for practical use. But as always, we'll see.
D
Info, info everywhere, but not a thought to think. (Score:2, Insightful)
I think that the idea that some AI code can tell what I'm truly interested in and what I'm going to buy is ridiculousness. While it may be true that most people do work in similar ways with the interfaces of web-published documents, what goes on in the individual mind during the process is certainly unknowable.
This technology sounds like it could cause more harm than good. I can see this sort of thing narrowing the scope yet again of what content is available online.
This will lead to the customisation of individual users' content without them even being aware that it is happening. "Can you imagine if I can actually tell that you wanted to press a link but didn't". (What?! Maybe there's a reason why I didn't!?)
It's bad enough that content it already spoon-fed to most people already - does it have to be chewed for us now first too? And when the people are only exposed to the things that the corporations will believe that we're interest in, it will lead further to the atrophy of the collective consumer consciousness.
Fortunately for me, I'm still using the 10th Edition of the Newspeak Dictionary... perhaps I'm a dying breed. *shrug*
I don't get this... (Score:4, Insightful)
Look, since day one of the commercial web, sites have obsessively tracked how many hits they get, where they're coming from, how a user moves through the pages, where they spend time and how often they return. (As if Andover/OSDN isn't doing all of those things -- or is this like with web bugs where we're just supposed to care about them on other sites?) That's one of the great edges the net was going to have over other media. To the degree that people are bothered by that and to the degree that they're technically sophisticated, they turned off cookies and otherwise interfered. And what does Junkbuster have to do with anything?
What this seems to be is an incremental advance in tracking how pages are read -- there's a little added feedback about mouse movements and maybe scrolling. As always, if this takes off it will be trivial to block for those who know and care about such things. And everyone else has far more important privacy invasion being done to them.
Weaknesses in the Theory (Score:4, Interesting)
Though what they propose probably has some application to the majority of users, I'm just as sure there are others who would not fit their expectations:
Besides, cheese is often placed in a mousetrap. This kind of technology feels like users are the ones being tempted by the cheese; what kind of trap are we getting into?
Re:Weaknesses in the Theory (Score:2, Interesting)
LEXX
Excite may already be doing this (Score:5, Interesting)
I have not yet grabbed the applet and tried to decompile it (mostly for lack of time), so I do not know exactly what it is doing in addition to sending time information, but it struck me as extremely obnoxious.
I am stuck using Win98 and Netscape 4.7 at work, so I cannot use a more enlightened browser that selectively grants/denies JavaScript and Java access by domain name. So...I am stuck being watched to a certain extent.
Is it just me or is anyone else sick and tired of being treated like some company's asset? I am tired of the companies I deal with trying to suck every possible dime out of the relationship they have with me -- ESPECIALLY when it comes to selling my personal information.
Re:Excite may already be doing this (Score:2)
Re:Excite may already be doing this (Score:2)
Browser security settings? (Score:2, Informative)
How difficult is it to configure one's web browser so that it rejects most of the scripting junk out there? If you are using IE, check out the security zones feature that allows you to toggle scripting, cookies, and so forth depending on to which of four security zones a particular site belongs. I'm sure the free browsers have something much more sophisticated. Use it!
So can I do this back to them? (Score:2)
I suppose you could argue that I'm leaving myself open to such invasion if I don't disable scripting - so why doesn't that argument hold when a web site doesn't close known security holes? At least there're valid reasons for wanting to leave scripting enabled!
Hmm - if I declare my actions in browsing their website - mouse movements other than intentional feedback like clicking on a link - to be copyrighted material, could I get protection from the DMCA? Then that script to spy on me would be a tool designed to crack my copy protection scheme (which would consist of recording all mouse movements to a file with "(C) 2001" at the top and encrypting it by XORing with a 'secret' key). The fact that they intercept it before I record it just means that they have found a technical means of bypassing my protections).
It would be nice to know.... (Score:3)
Of course, there probably would be abuses of privacy by "marketing firms", but in the case of website that actually try to provide really useful information, this sort of feedback could really help direct the very limited time and effort towards improving the parts of the site that really need it. In my own case, it's often the classic example of a long-time expert not being able to identify with the pains of brand new users.
Of course, there is the traditional usability study approach. Maybe someday I'll spend some money and do it.
Presumptuous [MIT] nimrods... (Score:2)
I don't know about the rest of you, but when I visit any website, even one I've never seen before, I use my eyeballs before I move the mouse--it's naturally much more efficient that way. In fact, most of the time it's my scrollwheel that's moving, and not the mouse itself.
Honestly, I consider my mouse movement patterns almost completely useless, and I have no idea what good a website that "changed according to mouse behaviour" could possibly do me. Well, maybe links that I almost never hover could be tucked away; but I doubt ads would be included in that bunch.
Eye-tracking has much greater potential...
Grey area between Opt-Out and Opt-In (Score:2)
This suggests that it's probably done with Javascript. People that care about privacy, security, and avoiding annoyances, haven't had Javascript enabled in 5 years. Although that technically makes it "opt-out", turning off Javascript is such a basic an almost automatic thing that web users do, that it's practically "opt-in."
Required Web Privacy Software (for Windows Users) (Score:2, Offtopic)
2) Ad-Aware 5.6 (www.lavasoftusa.com). Run this at least once a week. It will find any ad tracking cookies, spy-ware and various other privacy invading data/programs that get left on your machine. The new version scans your memory, your registry, and your entire HD (very quickly). It finds and removes everything privacy invasion related.
Say hello to Webwasher and Proximitron (Score:2, Interesting)
I guess that filtering the javascript involved would do the trick, or selectively writing a filter with Proximitron to catch the cookies, etc..
This shouldn't be too hard to defeat, regardless.
What gall for trying though. It reminds me of a Gibson story, (fuzzy on the details) but essentially "sensing" the patterns in someone's data enabled the corporations of the future to do precise targeting of consumers. Scary how we inch towards that every passing year.
Hotblack_Desiato
Oh brother ... (Score:3, Informative)
This is not Your Rights Online nor is it news. Lets go back to bashing M$oft.
Rant Mode OFF.no prob here (Score:2)
Paranoia setting in on Slashdot (Score:2, Interesting)
Sometimes you have to look at things for what they can do positively, not just negatively.
Two Methods to Defeat/Confuse this. (Score:2, Interesting)
2) Run your own Spider - Jam the recording site with "Noise" web traffic associated with your cookie/session. A good spider/robot could simulate mouse coordinates, etc.
Just a couple of quick thoughts. I'm sure there are more...
jeremiah cornelius
Why need this? (Score:2, Funny)
(grumpy old man)
In MY day, we looked at the logs to see what people are looking at
(/grumpy old man)
More details (Score:2, Informative)
Their stated motivation is:
The technique they used was to "add Javascript externally to an existing web page." They mention using barnesandnobel.com, amazon.com, and ashford.com explicitely, but more had to be used given the nature of the tasks given. This seems to imply that they are able to, as a third party, add the javascript tracking to already existing sites. However, they also may be using the fact that they control the testing environment to do this, such as by inserting the code using an http proxy. Details related to how the code was introduced are not given, and would be necessary to determine how much of a privacy threat this is.
This is Stupid! (Score:2, Interesting)
People are going to collect information on the sites you visit. If you don't like it, there are some easy ways to get around the problem.
Personally, I don't mind most sites looking my stats over. This sort of thing keeps a lot of sites free. There are worse options like interrupted browsing. All they have to do is remove the page from direct access and lots of bad things happen. Let the marketing departments pay for something easy that those of us who want to can get around. The alternatives are harder and costly.
1. Fast connection means nothing because you have to wait along with everyone else for the ad server to show you the ad, then the page....
2. Searching becomes harder.
3. The web becomes less cross-platform as the ads require tools not avaliable everywhere.
So,
Use an anon service and surf that way if it is a problem.
Or here is another option. Enable your usual blocking tools hit the page and copy the page to local storage and read as long as you want.
I will do this anyway from time to time because I want to archive some content for reading later offline or on a PDA.
Big deal.
I'd wager its already happening. (Score:2)
Lets see... I think its doubleclick.com that places ad banners that track people across server boundaries then sells the results. Web servers moniter traffic and analyze logs to find out which pages are getting hit most frequently. I'd bet with a little bit of creative Java (or maybe even JavaScript) you could tell how far down the page someone is(can anyone verify or disprove this?), from that figure out their reading speed, what sections of the page they weren't interested enough to read, and which they just skimmed, and who knows what else. Combine these technologies and there you have it, you have an exact picture of what interests a specific person. Throw in an IP address, and maybe some demographic information and you have an awesome marketing tool, with no new technology involved. I wouldn't say "perhaps", I think its a sure bet someone is already doing this.
This is pointless for geeks (Score:2)
Difficult? (Score:2, Insightful)
Jeremy
His method isn't perfect. (Score:2)
Upon reading this I looked at my mouse cursors position. It was dead in the middle of the screen, over some of the text I had read before I scrolled down using my mouse wheel, and had been there since I opened the page. (I take the second case he descibes as 'you use the mouse to hold the vertical position on the page where you're currently reading', as oppose to 'you use your mouse wheel to scroll')
This should not be too difficult to implement (Score:2, Interesting)
I'm presuming here that what the person means by walking your mouse down the page, is that you are "reading" the text with your mouse pointer (like using your finger in a book). Many people here mention that they get around this by using their scroll wheel. They can probably track scroll wheel movements pretty easy. A simplistic method would be in javascript. You should just need something like:
in your scripting area. I think this will take care of 'tracking' your mouse anywhere on the screen. So if the mouse is anywhere over the document, an event is fired off calling the function. I'm sure you've seen a site that has those anoying 'mouse trails' that can follow your cursor...similar concept. It's not limited to links, so provided your mouse pointer is anywhere over the page, it will track it. If you are using the scroll wheel, the page moves under the mouse...but the pointer ends up over a different section of page. Thus it looks like the mouse has moved. So the function could start a timer every time it is called. This could give you an idea of how long they spend viewing a portion of the screen before moving on (scrolling down, etc.).
Now, you could probably circumvent this by putting the mouse cursor off of the browser window altogether and use the arrow keys to scroll. Put you'll probably need to tab between the links in order to get to the one you want. This selects each link, which again should be viewable through a javascript event (can remember the handler off top of head, onfocus perhaps?) tagged to each link.
Other parts of the article mention being able to provide you with a site that tailors itself to you on the fly. Simple server-side scripting will do this. However, I fear sites becoming over-zealous with a feature like this. Many sites end up only providing you with common content it thinks you want, while hiding the content it thinks you don't want. This is to presumably speed up my experience because I wont have to see the other site information downloaded (quicker access over those modem links). After a while, I might not know what said site has to fully offer, as I get 'stuck in a rut' so to speak. They would need a 'show everything site has' (site map) link on everything single page to help offset this. Unfortunately, many sites don't adhear to this simple requirement. Consequently, many users never use certain sites to their full potential.
- A non-productive mind is with absolutely zero balance.
- AC
made by MIT (Score:2)
Why isn't MIT trying to figure out how to make SMTP a secure method of communication. Or adding a better way of removing spam off mailservers.
You know what I'd rather see, is a way of an end user setting up server side spam filters so that one does not have to download spam email to the machine and have the email client do the filtering. This would eliminate 50% of my junk email and probably yours too.
Why cant they create something useful to the users.. guess this means that there needs to be a privacy project started on sourceforge... Whats a good name for that???
Good luck tracking my browsing interests (Score:2)
What about Gesturing? (Score:2)
Doesn't the latest version of Opera support mouse gestures a la Black & White? Wouldn't this wreak havoc on any data they gather using this mouse position tracking system? I can just see hordes of Opera-using /.ers descending on the first website to employ this methodology for the sole purpose of screwing up the stats...
Link to project homepage (Score:2, Informative)
I found the Web page of project "Cheese" [mit.edu] at MIT. They don't seem to be using their own mouse tracking technique yet. The publication [mit.edu] that the researchers have produced doesn't provide much more information than the BBC article.
It's all in the logs. (Score:3, Interesting)
For all this data collected from all the surfers to a busy site, where on earth are they going to store it all for any length of time??
I work for a company with a sizable web traffic (250 million pageviews/month). The bane of my life is the logs. Processing them, and storing them for the length of time to draw meaningful trends takes a huge amount of space. All of which needs to be on a RAID, just in case..
Then, of course, there's the software to mine this collection of data, the amount of time required to search the disks for the relevant data, and the setting of the resolution of the data capture from the mouse (needs to be pretty fine resolution to achieve any meaningful results)...
Just think, if they adopted this scheme, it'd be great fun to write a device driver for a pseudomouse that sat the cursor over the web browser, and randomly moved it around, generating millions of data events, all of which get logged on the web site archives...
It's fine to do this for a small scale site, with plenty of funding, but I think there'd be huge problems with the sheer logistics of collecting and analysing this data for anyone without almost bottomless pockets as far as funding goes...
Personally, I don't reckon this will be a big brother tech anytime in the near future...
Cheers,
Malk
Re:It's all in the logs. (Score:3)
Duh. Most of the posts crying "invasion of privacy" have been far off the mark. This isn't technology for tracking individual users -- maybe it could do that, but recording every mouse movement individually would overload most servers. It's an attempt to collect stats on what parts of the page draws attention. Occasionally someone would use that to improve their web site. Mostly, advertisers are going to try to use it to find out if anyone even _looks_ at their ad. I don't think tracking mouse movements will do that too well, but in the absence of equipment to spot where your eyes are looking, they'll record the mouse movements and try to deduce something, then some dumb suits in marketing will take this faulty data as gospel.
And the real problem arises if this is actually accurate enough to reveal that no one looks at the ads... The first generation of spyware revealed that no one clicks on banner ads -- and millions of $ were pulled out of internet web sites and put into TV and magazine ads instead. No one looks at those either, but there is no way of showing just _how much_ we don't look at them. Improve the tools for measuring user interest in ads, and you are going to lose even more ad $...
Re:What's so bad about direct marketing? (Score:2)
Re:What's so bad about direct marketing? (Score:2)
No, the e-tailor doesn't.
The more carpet-bombing they do, the more return they get, with a near-zero investment. And the more info they have, the more they can do it and make it look like they're not doing it.
This is proven Internet marketing practice. Do you know why every half-wit and his brother spams? Because people make it profitable for them to do so. "Legitimate" Internet companies have to play a closer line, but it all works out to the more they send out, the more they get back in. Period.
You want to chill your very soul? Read a marketing trade mag. I think that would change your mind pretty quick.
Re:What's so bad about direct marketing? (Score:5, Insightful)
Stop right there, because that's your answer. It will never be moderate. As soon as they can, it is in the marketers best interest to get as much advertising to you as they can in the shortest amount of time, and the more they know, the more they will.
It is sad, but in the future, we'll probably look back fondly on things like PeoplePC which gave only one advertiser the keys to the car...
Re:What's so bad about direct marketing? (Score:2, Insightful)
That depends on what you mean by "reasonable expectation of privacy." I am well aware that when I go to a public area such as Grand Central Station that I might been observed by people who know me or people who don't, and that I might or might not be aware of it.
However, I do not consider it likely that someone who knows nearly everything about me will track where I go in Grand Central Station, what I do there, how long I take to do it, whether I do it alone, and so forth -- and I damn sure don't consider it likely that this mysterious individual about whom I will know almost nothing will have the ability and the desire to sell what he has learned about me to a third party so that that third party may increase what _it_ knows about me. Some people think that way, but in general we mock and deride them for being paranoid. Yet on the Web, we mutely accept such a state of affairs and often mistakenly tell people that such is no different from our daily life.
The legal phrase "reasonable expectation of privacy" is like "shadows and penumbras" -- it gives the lawyers and the IANALs something to quote and sound very wise but it doesn't _mean_ anything other than what the judge of the moment thinks it means. That's not a solid legal footing for anything. And with technology far outpacing our legal system, perhaps even this shifting-sand legal foundation should be revisited.
If I may address your initial point, that you are satisfied with moderate advertising in exchange for some surrender of your personal privacy, I don't think that many would disagree. However, the Web and indeed any purchase that involves either plastic or corporations or both will not permit that bargain. They _demand_ that you surrender everything about yourself (and they will fill in the gaps by "sharing information" with their "partners" to "serve you better") and they then bombard you with promotional materials that have only the most tenuous connection to your purchasing interests. And yet people continue to happily accept that, in exchange for a nickel off here or a rebate coupon there -- and these people are fouling it up for the rest of us who _don't_ share your opinion that a little marketing is worth a little privacy. When I buy groceries, I have to fight off the "Frequent shopper card?" chirping from the clerk. When I want a thirty-cent resistor at Radio Shack I have to deal with "Home address?" from the clerk. It's time to return to the day when a business transaction consisted of a person giving money for a product, no more, no less. Keep your advertising and your targeted marketing and your insiders-only discounts. Just gimme my damn resistor, sir.
Hasn't anyone been paying attention? (Score:2)
However, I do not consider it likely that someone who knows nearly everything about me will track where I go in Grand Central Station, what I do there, how long I take to do it, whether I do it alone, and so forth -- and I damn sure don't consider it likely that this mysterious individual about whom I will know almost nothing will have the ability and the desire to sell what he has learned about me to a third party so that that third party may increase what _it_ knows about me.
There already are [slashdot.org] people tracking your every move in public places. These people already are [cnn.com] selling some of your personal information to third parties. Question is, do enough people care about this to do anything about it?
./sig
Re:the more invasive they get (Score:2)
Re:What?? (Score:2)