Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Security Your Rights Online

Do Not Call Site Has AT&T Stats Tracker? 323

hookedup writes "The Register is carrying an article about suspicious content at the FTC's Do Not Call site. It has been a runaway hit with US consumers, with over fifty million signing up to avoid spam calls from telemarketers. But the web site hides a little secret: a 1x1 pixel image tracking visitors... and where does the trail lead but to the AT&T, one of the most persistent telemarketers." However, the tipster, James 'Kibo' Parry, notes: "There isn't any evidence proving they _are_ up to anything improper, but this relationship between the FTC and AT&T fails to avoid the potential for impropriety."
This discussion has been archived. No new comments can be posted.

Do Not Call Site Has AT&T Stats Tracker?

Comments Filter:
  • shouldn't that be FIFTY million, not five million?
    • It's fifty million phone numbers that have been registered, not customers. Many (most?) customers register more than one phone number, so there are probably fewer than 50 million customers, but certainly more than 5 million.

    • by c0dedude ( 587568 ) on Wednesday October 08, 2003 @05:25PM (#7166817)
      You must be new here. That's only one order of magnatude. Around here, that's pretty good.
    • by Murdock037 ( 469526 ) <tristranthorn@NOspAM.hotmail.com> on Wednesday October 08, 2003 @05:34PM (#7166910)
      Wait until the story is duped a few times, they should all add up to the right number eventually.
    • by letxa2000 ( 215841 ) on Wednesday October 08, 2003 @06:44PM (#7167416)
      Yeah, well to me the amazing thing in the story is that the government apparently paid AT&T $3.5 million to build the website. Have you visited the website? I've built more complex websites in a matter of weeks. Even charging $200/hour that would be easily less than $32k.

      I would hope that "building" the site for $3.5 million also includes running it, ongoing maintenance, etc. Because if the government really paid AT&T $3.5 million to BUILD it and still has to pay some ongoing fee, they got ripped by an order or two of magnitude.

      Government waste isn't surprising, but it's sad when it is made so obvious. A good percentage of the folks here at Slashdot could have done just as good a job for a fraction of the cost and STILL recorded a very good year income-wise.

  • should be called (Score:2, Interesting)

    by joeldg ( 518249 )
    the "don't call me, spam me" list.. saying they are collecting millions of email from users and have a dubious privacy policy.

    • Re:should be called (Score:3, Informative)

      by pla ( 258480 )
      the "don't call me, spam me" list.. saying they are collecting millions of email from users and have a dubious privacy policy.

      Agreed. So, why do Slashdotters, a group I consider more privacy-aware than most people, sign up through their website? Use the 800 number, and you don't need an email address (and you don't really "give up" any info by telling them your phone number, since they need to know it to block it anyway).

      Strange. I agree completely this looks a tad bit unkosher, but a very very simp
      • I think I used a mailinator.com address when I signed up.

    • ...is exactly why I haven't signed up (and don't plan to) with the no-call list. Seems like a giant reverse honeypot. "Get on our website [tracker bug] so you can sign up [provide all your juicy contact & demographic info] so we can make sure you don't get bothered again [make sure ultra-crosslinked, up-to-date data on you is in all our 'affiliates'' clutches so you'll never recover from the flood you're about to get]."

      It's like the occasional spams I get with the subject "Tired of spam?".

      I'll take
  • So what? (Score:5, Funny)

    by larry bagina ( 561269 ) on Wednesday October 08, 2003 @05:14PM (#7166703) Journal
    Slashdot runs MS ads.
    • Re:So what? (Score:5, Funny)

      by Kenja ( 541830 ) on Wednesday October 08, 2003 @05:19PM (#7166753)
      Dear God your RIGHT! Lock the doors Martha, there gona be comming for me any second now. Get out my good shotgun and push the couch up against the window. You'll never take me alive Slashdot Bastards! You or your Microsoft Overlords.
    • Slashdot runs MS ads.

      They also have (or had at one time) web bugs on their site... :)

    • "Slashdot runs MS ads."

      So that means you can thank Slashdot for being here. Not just by providing a scapegoat for the world's problems, but also for paying Slashdot to stay alive!
    • Re:So what? (Score:3, Interesting)

      by Paul Jakma ( 2677 )
      Oh even better, Slashdot run ads for bulk-mailers [jakma.org]and spam, sorry, "opt-in" [jakma.org] address list resellers. Kind of ironic considering slashdot's editorial stance on spam: "Spam is evil and bad", - unless of course its money they send you rather than spam...
  • Nitpick (Score:2, Informative)

    by trveler ( 214816 )
    Just a small nitpick - the article fails to mention that only users of browsers capable of (or set to by default) showing images can be tracked by this method.

    Long live lynx!
    • Just a small nitpick - the article fails to mention that only users of browsers capable of (or set to by default) showing images can be tracked by this method.

      Long live lynx!


      Heh moderately funny.

      Almost as funny as being moderated informative.
    • I disagree that this is Nitpicking.

      If over 90% of the browser market share is owned by Internet Explorer, does that not mean that over 90% of visitors to the Do Not Call site will be affected?

      That's a major effect to me. Not a nitpick.

      Just how many people do you think actually browse the internet at all times with a text mode browser? I'm asking people here - not scripts or web spiders or any such thing, so be careful when quoting numbers :)
    • Why are comments like this still getting modded up to +5?

      It's 2003, the web has images, and noone uses Lynx to browse. Stop kidding yourselves.
  • More Info (Score:4, Redundant)

    by c0dedude ( 587568 ) on Wednesday October 08, 2003 @05:15PM (#7166716)
    I went to ftc.gov to see if such a link is standard operating procedure for them. It isn't on that site. Strange, no? Why would they track anyone who wants to stop receiveing phone ads? <conspiracytheory> To make up for it in spam!</conspiracytheory> :-)
  • I can't find the referenced att pixel in the html. Is it on the actual DNC list? only see the page saying the list is closed.
  • Re: (Score:2, Insightful)

    Comment removed based on user account deletion
    • by Kenja ( 541830 ) on Wednesday October 08, 2003 @05:22PM (#7166792)
      Sure, it seems like nothing now. But once all the Opera and Mozilla users have been rounded up, put into camps and executed it'll be too late.
      • I don't care what they do with those Opera/Moz freaks. I use Konqy, and they aren't going after us.

        • First they came for the Netscape users and I did not speak out because I was not a Netscape user.
          Then they came for the Opera users and I did not speak out because I was not an Opera user.
          Then they came for the Mozila users and I did not speak out because I was not a Mozila user.
          Then they came for me and there was no one left to speak out for me.

          If Pastor Martin Niemoller had been a Slashdot user.

      • But once all the Opera and Mozilla users have been rounded up, put into camps and executed it'll be too late.
        I'm sure glad I'm using Safari (a Konqueror derivative)... :^)
      • Except that us Moz users also tend to have the PrefBar [mozdev.org] Images checkbox cleared on many sites. Heck, if someone is feeling bored one weekend I'm sure they could hammer out a XUL plugin to automatically disable images (and/or Flash) in certain domains.
      • The joke is on them. Opera lets you pretend to be any one of a multitude of web browsers. Right now, I'm MSIE 6.0, tomorrow I could be Mozilla 4.78. Technology is grand!
    • I know you're joking, but that information is really valuable. On a page with that many hits, a survey to be used in web design could be quite accurate of the general population and could likely be sold for quite a bit. Bet that wasn't in the contract... I'm not saying it is, or is going to be, but it could.
    • Oh yeah, just look at it IMG tag!!!! This is bad!!

      <img BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1"SRC="http://g6589dcs.nyc2.aens.net/DCS00 0003_6D4Q/njs.gif?
      dcsuri=/nojavascript&name=supu n&ip=127.0.0 .1
      &likes=long%20walks,ice&cream,supermodels&
      dislikes=spiders,spiders,spiders&
      breath=bad&cl ean_underwear=false&nose=picking" >
    • It probably is a counter. AT&T is the company that the FTC contracted to host the DNC servers. That was mentioned in articles when the DNC site went up and got slammed. The articles stated that AT&T was scrambling to add extra servers to the pool to handle the unexpected load.
  • Kibo? (Score:2, Funny)

    by kaden ( 535652 )
    Kibo [kibo.com] is submitting to Slashdot? Party like it's 1989!
    • by Faust7 ( 314817 )
      Why do they need a 1x1 pixel tracking bug to maintain a Do-Not-Call list? Aren't the telephone numbers of the participants sufficient? What reason directly related to the administration of this list is there for this? If the answers to these questions were obvious, the Register (to give them the benefit of the doubt) wouldn't be asking them.
      • Re:So? (Score:5, Interesting)

        by Christopher_G_Lewis ( 260977 ) on Wednesday October 08, 2003 @05:28PM (#7166855) Homepage
        The web bug is to http://g6589dcs.nyc2.aens.net

        Aens.net is
        AT&T Enhanced Network Services (AENS6-DOM)
        POB 919014
        San Diego, CA 92191-9014
        US

        Which is basically AT&T Managed Services.

        I'm assuming its a bug to make sure the site is up and running...

        Course I could be wrong, and it is a part of a national conspiracy to make my dinner get cold.
      • It could easily be to prevent someone from writing a script to add every number in the phone book to the list. They may have a flag get raised if for instance one ip address adds 100+ phone numbers
  • by Anonymous Coward on Wednesday October 08, 2003 @05:19PM (#7166752)
    The article says, "The FTC confirmed that AT&T Managed Services is its contractor, and hosts the website."

    They don't need a 1x1 image to track usage... they have the server logs!
  • ...are the damned phone companies. In our first apartment, 1 out of every 3 calls was Qwest offering us new services. That was the only DNC list I've ever felt the need to be put on.

    I can't fathom what they think they might do with this information, though. Maybe my mind isn't quite twisted enough...
  • Incest? (Score:2, Funny)

    by rlandrum ( 714497 )
    Big Brother and Ma Bell in cahoots? Say it's not so!

    I'd be willing to bet that after the collosal failure of the FTC site after launch that the FTC sought the hosting services of a more robust entity. AT&T probably said "IT" first.
  • by b1t r0t ( 216468 ) on Wednesday October 08, 2003 @05:21PM (#7166782)
    Kibo is the one who found this?

    In that case, what everyone really wants to know is: "Is AT&T allowed [slashdot.org]?

    • Real men don't go to kibo.com, they contact kibo through kibo@world.std.com.

      Kibo # 66

      AT&T is owned by spot, so it is not allowed.

    • > Kibo is the one who found this?
      >
      > In that case, what everyone really wants to know is: "Is AT&T allowed ?

      I SLASHDOTTED K1B0!

      Does that mean I can finally use a fractional Kibo number?

      Or at least put a "K++++andahalf" in my Geek Code entry? I mean, [censored]ing Kibo's webserver is pretty close to [censored] with Kibo himself.

    • Kibo is the one who found this?

      Yeah, they must have put put "kibo" in the ALT tag or something, I guess.


      --YLFI
  • But.... (Score:2, Funny)

    by MobileDude ( 530145 )
    It's just a tiny, wafer-thin image...

    (please review Monty Python Meaining of Life prior to modding down)
    • Please do not use any more Monty Python humor. That wasn't in the least bit funny. John Clease is coming to kick your ass.
  • by dcocos ( 128532 ) on Wednesday October 08, 2003 @05:23PM (#7166801)
    I'd be willing to be that AT&T hosting people don't even know that the AT&T phone people exist.
  • Checking the page info with moz Firebird...i don't see it. Maybe they got rid of the thing?
  • Ahem... (Score:5, Insightful)

    by inertia187 ( 156602 ) * on Wednesday October 08, 2003 @05:25PM (#7166819) Homepage Journal
    Will someone please tell me what would prevent a telemarketing company outside the US from obtaining this very accurate list of phone numbers?
    • Re:Ahem... (Score:3, Insightful)

      by Anonymous Coward
      Nothing, considering they will be getting it on cd from the FTC in order to comply with the program if they are conducting buisness within the US, just like every other telemarketing company.....
    • From most countries it costs a fair bit to call the US... So probably not worth the money.
    • Long distance charges.
    • Hey, better yet, let's combine it with the "809" Telephone Scam. People on that list are going to assume any business call left on their machine is legitimate - OR else be calling to get the ID of the company so they can sue. They'd make millions. (look here [about.com] for info on the basic scam)
    • Re:Ahem... (Score:5, Funny)

      by edrugtrader ( 442064 ) on Wednesday October 08, 2003 @06:48PM (#7167442) Homepage
      i just found this list on a soviet russia telemarketing list... i think they already got it!

      (408) 100-0000
      (408) 100-0001
      (408) 100-0002
      (408) 100-0003
      (408) 100-0004
      (408) 100-0005
      (408) 100-0006
      (408) 100-0007
      (408) 100-0008
      (408) 100-0009
      (408) 100-0010
      (408) 100-0011
      (408) 100-0012
      (408) 100-0013
      (408) 100-0014 ... ...
      seriously, this goes on for pages!
  • huh? (Score:3, Insightful)

    by scovetta ( 632629 ) on Wednesday October 08, 2003 @05:27PM (#7166841) Homepage
    How is this a problem? The URL is not dynamic, so unless there is a back-end conspiracy between the dnc list and AT&T, what the hell is AT&T going to do with 50 million IP addresses? They can't look them up to people unless they get info from elsewhere. If AT&T and the dnc list were sleeping together, then the dnc list could give AT&T the IP/name/phone/etc ANYWAY, and that would be a MAJOR betrayal of trust. It's probably just for web-traffic analysis-- pretty standard these days, so the dnc people can say, ooh, 3000 people per second are signing up, and the such.
  • I remember seeing one of AT&T's agents concerned about the amount of E-Mail being generated from the site and posted it on NANOG (North American Network Operators Group) which you can see here. [merit.edu] I don't really think that there is any "shady" tactics going on here, I think it's more for one of their in house monitoring apps, especially considering the amount of traffic [merit.edu] that they received initially.
  • by I Want GNU! ( 556631 ) on Wednesday October 08, 2003 @05:36PM (#7166927) Homepage
    First off, they can log information with or without these "web bugs." I know this because I run my own websites and I track visits because I like knowing how much traffic I'm getting, with what terms, etc.

    Given that, this article is useless.

    But even more so, if you go to the site it says at the bottom:
    This site is operated by Consumer.net and is not operated or controlled by the US Government or the telemarketing industry

    Consumer.net testified at Federal Trade Commission Workshops for Internet Privacy in 1997 and the "Do-Not-Call" Forum in 2000.
    Consumer.net authored a paper for an Online Profiling workshop at the Department of Commerce in 1998.

    The Consumer.net Privacy Policy is found at PrivacyPolicy.com
    This privacy policy states:
    Web Site Log Files: We site log files are generated that collect the IP Address of the visitor, date, time, and pages visited. Aggregate reports for web site visitors are generated that do not contain personally identifiable information.


    Advertising reports are generated that show the IP addresses of visitors who clicked on ads. This information may be sent to the advertiser to confirm the number of "click-throughs." The advertiser normally already has this information as a result of the user clicking on the adverstisement. No additional information about the visitor is supplied to the advertiser. The log files are eventually deleted.
    There. Case solved. Stop being paranoid about such silly things. If you want to be paranoid, be paranoid that the MPAA might accidentally associate your IP with file sharing even if you don't file share, or be paranoid that John Ashcroft is using the PATRIOT Act or Patriot Act II (to be introduced in Congress soon) to spy on you for reasons unrelated to terrorism (as he has done). Better yet, donate some money to the ACLU [aclu.org] to protect your civil liberties or to the EFF [eff.org] to protect your electronic freedoms.
    • There. Case solved. Stop being paranoid about such silly things. If you want to be paranoid, be paranoid that the MPAA might accidentally associate your IP with file sharing even if you don't file share, or be paranoid that John Ashcroft is using the PATRIOT Act or Patriot Act II (to be introduced in Congress soon) to spy on you for reasons unrelated to terrorism (as he has done). Better yet, donate some money to the ACLU to protect your civil liberties or to the EFF to protect your electronic freedoms.

  • by akiy ( 56302 ) on Wednesday October 08, 2003 @05:42PM (#7166963) Homepage
    Soooooo....

    What would happen if all of us started putting the below image on all of the websites that we run?

    Hmm...

    <img BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://g6589dcs.nyc2.aens.net/DCS000003_6D4Q/ njs.gif?dcsuri=/nojavascript">
  • by MP3Chuck ( 652277 ) on Wednesday October 08, 2003 @05:44PM (#7166981) Homepage Journal
    Shortly after I signed up for the Do Not Call list through the website, I began recieving calls (about 4 calls since around Sept 1, I believe) from AT&T about getting long distance service. Or I was eligable to recieve a phone card. Or something. I wasn't really listening. Since I live on a college campus there's really no reason for them to be calling.
  • by molo ( 94384 ) on Wednesday October 08, 2003 @05:44PM (#7166983) Journal
    Here is the snippet from the page http://www.donotcall.gov/ Note that the img tag is embedded in the noscript tag. That is, this img is only loaded in graphical browsers that don't use javascript. Since AT&T has the government contract to implement the DNC list, I don't think there's anything sinister going on here, they just want a count of the number of users that don't use/enable javascript.

    -molo

    <noscript>
    <img BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://g6589dcs.nyc2.aens.net/DCS000003_6D4Q/ njs.gif?dcsuri=/nojavascript">
    </noscript>
  • Warning:

    Your computer is broadcasting an "IP Address" which others can use to track your activity on the Internet.

    Gimme a break. This is every bit as lame as the above message we've all received as popup spam.
  • From the source code of http://www.donotcall.gov/:

    <span id="userHeader_lblError"><!-- Date: 10/8/2003 Time: 6:53 PM From: W3 --></span>

    <br>
    <noscript>
    <img BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://g6589dcs.nyc2.aens.net/DCS000003_6D4Q / njs.gif?dcsuri=/nojavascript">
    </noscript>

    .....
  • YHBT. YHL. HAND.
  • by 4of12 ( 97621 )

    Those of us behind proxies (Squid) aren't too concerned about ATT finding 500 sign ups coming from megacorp.com .

    They've probably found out that many dozens of employees at att.com have been signing up to avoid voice spam.
  • by orthogonal ( 588627 ) on Wednesday October 08, 2003 @06:37PM (#7167357) Journal
    I'm glad this was reported, and I think it needs to be looked into more closely.

    But.

    There's this taunting little voice in my head wondering if somebody didn't say,

    Web Developer 1: "Hey, let's add a web bug to Do Not Call page, and then we'll leak it to Slashdot."

    Web Developer 2: "WTF would we want to do that?

    Web Developer 1: "So when they find out about it, we can watch those Slashdot monkeys dance!"

    Web Developer 2: "Yeah, yeah, dance dance dance in their tin-foil hats! Coool!"
  • by codepunk ( 167897 ) on Wednesday October 08, 2003 @06:41PM (#7167380)
    Just link that image into the slashdot home page. That ought to give them about 6 million worthless hits per day...
  • Could somebody tell the non-web-developers in the audience how a 1x1 pixel can track you? Sounds a bit evil to me...
    • Could somebody tell the non-web-developers in the audience how a 1x1 pixel can track you? Sounds a bit evil to me...

      Most folks call them web bugs. The idea is the img src makes an HTTP request to a web server - the sneaky buggers then return a transparent 1x1px graphic. One the client side, it has very little impact. On the server side, you get all sorts of data you can mine from the request - browser type, os, IP, etc - usually just pulled from the log files, though some go strait to cgi (or their co
  • Thanks to Google for archiving [google.com] my struggle against AT&T.

    Not sure if I mentioned it in the USENET postings, but I just started documenting things around Oct. 1, when DNC was supposed to go into effect. We registered our number almost as soon as DNC was available. In reality there were at least 10, perhaps even 15 calls to me from AT&T "Advantage" wireless, and even without the DNC they are still not supposed to be telemarketing me after I've informed them that I don't want to be called.

    I have n

  • I am under the impression that AT&T and other regulated telephone and airline agencies are already regulated in terms of telemarketing calls they can make and are not affected by the Do Not Call list. At least that's what the rules of the do not call list indicate.

    Maybe we're just a little paranoid?
  • by sakusha ( 441986 ) on Wednesday October 08, 2003 @07:50PM (#7167808)
    I clearly remember reading that the fedgov had implemented a strict ban on web bugs and cookies. I couldn't find the exact law, but here's an interesting tidbit from a .mil site:
    http://www.defenselink.mil/nii/org/cio/doc/ cookies .html

    The Office of Management and Budget (OMB) has reaffirmed (attachment 1) that it is Federal policy that each Federal agency operating a public web site, or contractors operating such sites on behalf of an agency, must post clear privacy policies at their principal web sites, at known, major entry points to the sites, and at those sites where the agency or the contractor collects substantial personal information from the public. The OMB emphasizes that it also is Federal policy that web technology, such as "cookies," should not be used at Federal web sites to identify and track the activities of web users unless a compelling need exists to collect such information, appropriate publicized procedures are established to safeguard the information, and collection has been personally approved by the head of the agency.
  • by rice_burners_suck ( 243660 ) on Wednesday October 08, 2003 @11:53PM (#7169257)
    Hmmm... I know a lot of people who signed up for that stupid do not call thing. They hardly ever got calls before. But now, they're getting tons of telemarketing calls. Know why? Because the law doesn't take effect until next year, and in the meantime, telemarketers have access to the list. Furthermore, to show you how stupid government is: The government is now mandating that companies purchase the list of people they cannot call, and furthermore, the law says that only companies that purchase this list are affected by the law. In other words, if you don't buy the list, you can make the calls. Punishing the companies that did buy the list. Does that make any sense?

    That's your tax dollars at work.

    It only goes to prove that GOVERNMENT SHOULD NOT GET INVOLVED IN STUPID STUFF LIKE WHO CAN CALL WHO. Don't like telemarketers? Nobody likes them? Then run marketing campaigns all over the damn country that tell everyone to HANG UP when a telemarketer calls! If EVERYBODY hangs up WITHOUT listening to anything that telemarketers say on the phone, then guess what? THE TELEMARKETERS WON'T CALL ANYMORE, BECAUSE IT WOULD NO LONGER BE PROFITABLE ANYMORE!!!

  • by Animats ( 122034 ) on Thursday October 09, 2003 @01:08AM (#7169515) Homepage
    You can read the Do Not Call site's Javascript. [donotcall.gov] Here's an excerpt:
    • // START OF Data Collection Server TAG
      // Copyright 2002 NetIQ Corporation
      // V2.1
      ...
      var dcsADDR="g6589dcs.nyc2.aens.net";

    What's that doing in there?

    There's also a link to Microsoft's Intellisense web site on the Government's Do Not Call page, but that looks like typical Microsoft dreck from their page generator. The "NetIQ" stuff was put there on purpose.

    All this is totally unnecessary. The pages are so simple that all this stuff is doing nothing useful.

Whoever dies with the most toys wins.

Working...