Researchers Expose Tracking Service That Can't Be Dodged 173
Worf Maugg writes with this excerpt from Wired:
"Researchers at U.C. Berkeley have discovered that some of the net's most popular sites are using a tracking service that can't be evaded — even when users block cookies, turn off storage in Flash, or use browsers' 'incognito' functions. The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics."
more importantly... (Score:5, Informative)
Re: (Score:1)
And even more importantly, how does this qualify as "tracking?" I don't see anything in the description of this thing that suggests it looks at what other sites you go to (aside from how you got to theirs, which is hardly an issue) or what you do on them.
This sounds to me like just a way for devs to examine how their site is used so they can make it more efficient and useful. Calling it "tracking" is practically a smear unless the summary is wholl
Re:more importantly... (Score:5, Interesting)
How about actually reading the article?
Kissmetrics has a single identifier that is used and tracked across all sites that use it for an identifiable visitor. It would be stupidly easy to aggregate this data and get a complete profile of a person, esp. considering the sites using it - what shows they watch, when they watch them, what music they listen to and when, combined with geolocation data, where they do these things, and for sites with subscriptions, they will have credit card information and home location and contact information. The researchers have no way of knowing if such information is sold between sites, but if there was no "tracking" application to it, why is the identifier not unique between sites?
Re: (Score:2, Interesting)
ok, so how do they collect their data if it is not through cookies?
Re: (Score:1)
Using a JS file in the browser cache. (You could have figured that out yourself.)
Re: (Score:3)
Have you RTFA? The image is quite informative: they put an user id both in a JS file and on that file's ETag. So when the user goes to a different site that also uses KISSmetrics, it'll ask for the same JS file and send the ETag/userid (in the 'If-None-Match' header).
Re:more importantly... (Score:5, Insightful)
Re: (Score:3)
or perhaps a plugin that blocks execution of javascript by default, and only executes it on sites that the user "whitelists" or on request. We could call it "NoScript".
Re: (Score:2)
Hm, yea. Actually, I wonder: With NoScript, JS isn't run, but is it cached anyway? If so, it wouldn't solve the problem. If not... Great!
Re: (Score:2)
And anyway, a method of adding polluted data to their pool rather than adding none at all appeals to my sense of mischief.
Re: (Score:2)
Then they'll change the JS script to an image, a CSS or HTML files and track you anyway - any of those can have an ETag with your user id.
Re: (Score:2)
The cache is already tied to the URL, but many sites link to centralized "tracking" services with their own domain.
The only way would be to tied the cache to the "parent" domain too, but that would break some advantages of centralized CDNs (if everyone uses JQuery from e.g.Google's CDN, the client doesn't have to redownload it every time).
The real solution I see is not allowing servers to choose their own ETag, and instead use an hash of the content. That way, you still know if the content has changed or no
Re: (Score:2)
"I feel a plugin coming on that will randomise the ID reported this way."
Or a plug-in that simply throws up random Google search phrases and randomly clicks links while your computer is idle, thus making any data obtained stained with uselessness and buried in garbage...kind of like my last 4 or 5 "bright ideas".
Re: (Score:2)
Re: (Score:1)
Just add a line to your hosts files redirecting the KISS***** domains to 127.0.0.1.
A good hosts file can be downloaded from MVP just google for it.
Re: (Score:2)
0.0.0.0 fail faster
Re: (Score:1)
Oh, what a surprise, someone mentioned the hosts file and look.. not half a day later and a fat, mindless maggot called APK pops up like an ugly little prairie dog.
I reject your invitation as I prefer to make a counter-offer: *I* invite *YOU* to die slowly in a fire.
P.S. => Please tell me you haven't spawned.
Re:more importantly... (Score:5, Informative)
Or, since the i.js and j.js scripts are usually hosted on the domain you're browsing, just follow KISSmetric's own recommendation:
For consumers who do not wish to be tracked by KISSmetrics, the freely available AdBlock Plus extension will prevent their information from being tracked by KISSmetrics. Learn more about AdBlock Plus.
Re: (Score:2)
Also I don't see that text on their site (and google can't find it). They do have an "opt out" button, but it's implemented client-side using cookies, which isn't a particularly great solution either.
Re: (Score:2)
My superior solution uses both Adblock Plus lists and Hosts lists. Basicly it a script that pulls several Adblock Plus and Hosts lists, mangles them and converts them to a format that SquidGuard can eat. My firewall redirects all HTTP traffic SquidGuard which then redirects all hits to a PHP page that checks for the mimetype of the offensive link and returns a clean tiny of same mimetype to my browser. This way the site thinks I've downloaded the ad, but it is never shown nor do I have to wait any longer th
Re: (Score:1)
Here's a more concise way of writing all that (and remember, ANY DNS service you use gets complete access to your domain lookup history):
First line of defense: fairly generic HOSTS list, pointed to 0.0.0.0
Second: use Privoxy (you can actually forego the HOSTS list and just filter at the Privoxy level if you want, but I keep a generic HOSTS list of stuff I know I'll ALWAYS want to block).
Third: Run Firefox with NoScript, TACO and AdBlock Plus.
Fourth: use a TRUSTED DNS. I used to use OpenDNS, but stopped, as
Re: (Score:1)
:^\ -- you read everything but the first part of my post, where I said I was summarizing the voluminous amount of data you posted into something succinct (possibly missed due to bad word choice on my part -- precise instead of succinct) (so that people could actually internalize it). I did, of course skip the more esoteric parts, as anyone who was interested in those would likely have read all your posts. I also attempted to abstract the statements so that they would apply to any modern OS, not just Windo
Re: (Score:2)
APK, is that you?
Re: (Score:1)
Haven't you figured it out yet? Nobody cares about your fucking hosts file bullshit.
We especially don't care if it works or not, because this is fucking Slashdot and if we thought a hosts-file-based solution was the right choice WE'D HAVE FUCKING DONE IT OURSELVES ALREADY.
You are truly some special kind of stupid.
Tracking Service That Can't Be Dodged (Score:1)
Ghostery claims to block KISSmetrics fully...
MOST importantly... (Score:2)
Where can I get software to defeat it? Or a clear enough description that would allow me to write that software?
Re:MOST importantly... (Score:4, Informative)
Where can I get software to defeat it? Or a clear enough description that would allow me to write that software?
According to a link [kissmetrics.com] in the TFA (directly from KissMetrics), just use AdBlock Plus.
Seems to take a bit of wind out of the summary's sails.
Re: (Score:2)
Google and Facebook are more likely to be able to track you despite you trying to avoid it. Their stuff is "everywhere". If you use their services and go somewhere else but somehow still load stuff (images/scripts) from their servers (or servers they can get info from) they know who you are and what IP you are currently using. Even if yo
Re: (Score:3)
Adblock can help you with the loading of facebook stuff on other sites, if you want.
I have mine set up to only allow content of any sort to be loaded from facebook.com (or the fbcdn sites) if I'm actually browsing those sites.
Google, more difficult I guess, I may not want to block everything from them when it's not first party.
Re: (Score:2)
If you don't want to use adblock or scriptblock, or use a browser that they do not support so can't use them even if you want to, then there is this plugin: http://webgraph.com/resources/facebookblocker/ [webgraph.com] - there are versions for Firefox, Chrome, Opera and Safar
RequestPolicy (Score:5, Informative)
Google and Facebook are more likely to be able to track you despite you trying to avoid it. Their stuff is "everywhere". If you use their services and go somewhere else but somehow still load stuff (images/scripts) from their servers (or servers they can get info from) they know who you are and what IP you are currently using.
That's what RequestPolicy [requestpolicy.com] is for. You can control what images/scripts/content from other domains gets loaded on a site-by-site basis in a way similar to Noscript. It's great in addition to Noscript (not as a replacement).
For example, when you load Slashdot with RequestPolicy turned on, you don't get any of the static content like images/css because that all seems to be stored on fsdn.com. You can easily select the RequestPolicy icon and tell it to allow requests from slashdot.org to fsdn.com. In a similar manner, you can let google.com load scripts and content from google.com while preventing other domains from doing so.
It's really the only way to prevent client-side tracking services that haven't yet hit the blacklists. It's more than the average user would be willing to do, but if you really want to stop tracking or you're just interesting in seeing which CDNs and how many off-domain resources sites use, it's worth checking out.
Re: (Score:2)
Blocking JavaScript does not defeat ETAGs (Score:4, Informative)
JavaScript is not needed at all: an etag header can be used to track you across different sites by including say a .CSS or .GIF file served by using a shared "tracking url" at a known site.
Example:
In the first request, the response header has ETag: "97a-494505e0c46c0"
In the second request, the request header has If-None-Match: "97a-494505e0c46c0" - this acts like a cookie.
If the "tracking" server receives a request with no If-None-Match: header, it replies with the file and sets the ETag to a unique value (exactly equivalent to the "cookie" value). If the server receives a request with the If-None-Match:, the value can be used to track the user... for example the server takes the If-None-Match: value, and returns back the image with the same etag value, and *also* set a cookie with that value in the response header!
Re: (Score:2)
It's a TRAP!
Javascript tracking? lol (Score:1, Informative)
It seems their tracking is using some javascript code. Noscript. No problem.
Re: (Score:1)
Re:Javascript tracking? lol (Score:4, Informative)
Maybe you read a different article. The one I read had almost no technical information, but did have a link to KiSSMetric's explanation [kissmetrics.com], which states:
When i.js loads, we set ETags and HTTP headers to tell the browser to cache the value of i.js for as long as possible. We also set the person’s random identity in a first-party cookie and as a third-party cookie on our domain (i.kissmetrics.com).
Blocking the javascript files (or blocking cookies and the ETag header) would eliminate the tracking.
Re: (Score:2)
The first image in TFA is very clear, it shows a piece of JS with the ID, and you can see that it's exactly the same as the ETag.
Re: (Score:1)
eTags aren't special. They have been known about since forever.
Pretty sure browsers clear them on cache-clearance too.
If not, shame on browser makers. Every single thing a site is capable of saving should be capable of being deleted, regardless of how small it is.
Re: (Score:1)
I use the "Modify Headers" firefox add-on to filter the If-Match, If-None-Match, If-Modified-Since etc. headers, because they can all be used to store cookie-like bits of data. This has been known about for a while.
The documentation for evercookie lists the methods it uses for tracking: http://samy.pl/evercookie/ [samy.pl]
But most of all, Samy is my hero.
Re: (Score:2)
So, for me this is like a session-cookie, if it even gets loaded: I have my FF cache folder symlinked to a folder in my ram-backed /tmp/ folder(does provide a speed-increase). On shutdown it gets wiped, there goes all my eTags, js and other cached files.
Re: (Score:2)
You do know Firefox has an option 'clear cache whre Firefox closes' ?:
http://support.mozilla.com/en-US/kb/Options%20window%20-%20Privacy%20panel?as=u [mozilla.com]
Re: (Score:2)
Yes... but so what? My solution is designed for better performance; getting rid of the cache on shutdown is just a side effect.
Re: (Score:2)
Performance ? Downloading all the files and images again when visiting a site is probably a lot slower. ;-)
But I guess that is what you want as you want privacy.
Re: (Score:2)
javascript tries to hide what its doing in plain site. I disable js for most sites. its evil.
flash also exists MOSTLY to deliver ads. I have flash disabled and hard linked to /dev/null. no way any flash cookies are saved on my system.
if I need to view youtube (rarely) I use the cli util 'youtube-dl'. nice side effect: I get to KEEP a local copy of the video, should the 'job creators' (...) decided to pull the content back at some point in the future.
not even installing the flash plugin for the web save
Why do you need Javascript or Flash for YouTube? (Score:2)
Some of us sheeple like to watch youtube.
You do I (sometimes), but I use only HTML5 video tags to do so... no javascript (or Flash) required.
Ghostery FTW (Score:4, Informative)
Any free software equivalents to Ghostery? (Score:2)
It's a real pity that Ghostery isn't free software.
It has a look-but-don't-touch licence for the source code. Being able to look is better than nothing, but if no one can modify or fork it, then it's unlikely that anyone's reading the source code at all. I wouldn't trust my privacy to something with no community or third-party oversight.
Here's gnu.org's list of free, mozilla-compatible add-ons:
http://www.gnu.org/software/gnuzilla/addons.html [gnu.org]
For privacy, there's only really Noscript and Requestpolicy.
Re: (Score:2)
Adblock Plus and Cookie Monster are on there too!
Re: (Score:2)
Mod this up. Ghostery is the answer. They deterministically block 100s of trackers (by essentially refusing to load javascript/pages/what have you from their sites/of specific appearance etc).
Blocks KISSmetrics just fine. Nothing to see here.
Re: (Score:2)
Re: (Score:2)
I currently have nothing in my whitelist and have had to temporarily allow certain scripts maybe 6 times.
Ghostery is a solid tool and a mainstay in my suite of privacy addons along with:
Adblock Plus
NoScript
RefControl
BetterPrivacy
QuckJava
Torbutton (useful even when not using Tor).
Comment removed (Score:3)
Re: (Score:2, Insightful)
There are always ways. It only depends on how much effort you want to put into it. You could use proxy servers to mask IP and change them frequently or even jump from one free wifi hotspot to another. You could repeatedly purge all your cache, cookies, history etc after every site you visit.
If you RTFA, you'll see that this service is using persistent storage on your computer that is NOT contained in your cache, cookies, or browser history. Even using a DIFFERENT BROWSER on the same computer (i.e. Firefox, then Chrome) this site can track you and link your sessions. I regard this a as a browser bug, and it needs to be fixed in the browser. We can't rely on legislation or promises of good behavior from website operators to fix this problem. It really needs to be fixed in the browser, or, i
Re: (Score:2)
yes, most porn on internet originally originated from paper publications. midget, animal, everything.
in such, it's the internet that proved to everyone that yeah, sexual stuff does happen. you no longer needed to go to a city with a sleaze district to know.
anyways, if sites are dynamically created, it's easy enough to make every link ride POST information or a trailing argument in the url which can used for tracking a particular users link journey through the site. how it would be news I don't know though.
Antivirus/FBI (Score:1)
So when are the antivirus companies going to block it?, its clearly malware, and are the FBI going to investigate them for "hacking" ?
Can't be dodged by the lay man (Score:2)
It CAN be dodged (Score:2)
According to the KISSmetrics site [kissmetrics.com]:
Now, I'm no fan of tracking or advertising, but TFS/A sounds like scaremongering to me, I fail to see how this service is any more "unblockable" than other analytics providers such as Google. Moreover, since many people are signed into Google all the time for things like Gmail, I'd say Google has the capabi
Re: (Score:2, Insightful)
If I'm understanding their site correctly, it's also blocked by NoScript (or, for that matter, just turning JavaScript off).
There are many sites that are useless without Javascript, but it's hardly surprising to me that allowing a general-purpose programming language to run on your browser creates privacy problems. Many of those sites don't really need Javascript, and I block as much JS as possible. I've walked away from sites rather than turn on JS; that's both my loss and theirs.
Re: (Score:2)
But most noscript users allow the "same domain" as the site they are visiting, so the page is usable (navigation, ajax, etc). If i.js and j.js are hosted on the same domain you are visiting (not 3rd party hosted) then noscript may not help you. Even those users that are super-strict about allowing scripts will often temporarily-allow a subdomain for the purpose of using the site. A few temp-allows between some major sites will thus lead to you being tracked across those sites.
ACOOKIE (Score:2)
Looking at my cookies, I see a bunch from different sites which are all called ACOOKIE and all start "C8ctAD" and have other long string matches in the content.
I wonder if this is doing the same thing.
For those too lazy to look for themselves: (Score:5, Informative)
"How KISSmetrics Tracking Works
KISSmetrics uses a variety of technologies to track people across the various browsers and computers they use. In doing so, we provide our customers a full view into how their customers interact with their websites.
Sites who use KISSmetrics may choose to provide us with personally identifiable information for their customers, or they may choose to use anonymized identities.
Sites have always had the option of using one of our server-side APIs, which do not set cookies or use any other means of identification. As of July 2011, sites may also choose to use only traditional cookie-based KISSmetrics tracking, which means that user information would be cleared whenever the consumer cleared their browser cookies.
For consumers who do not wish to be tracked by KISSmetrics, the freely available AdBlock Plus extension will prevent their information from being tracked by KISSmetrics. Learn more about AdBlock Plus.
The Technical Details
When a person visits a site that is using the KISSmetrics Javascript API, two javascripts are loaded:
t.js
i.js
t.js is the same for all people who visit a specific site (t.js is unique to each KISSmetrics customer).
i.js returns a unique âoeidentityâ for each person. This identity is just a random set of characters â" it does not contain an email address, name, IP address, or anything else that would be useful for identifying a person outside of KISSmetrics.
When i.js loads, we set ETags and HTTP headers to tell the browser to cache the value of i.js for as long as possible. We also set the personâ(TM)s random identity in a first-party cookie and as a third-party cookie on our domain (i.kissmetrics.com).
This means that if a person clears their browser cache or cookies, the random identity is likely to persist and that person will keep being âoeknownâ as a consistent random identity. If the random identity persists in one of these methods, we will reset the others so they all share that same random identity.
We do not use CSS or other versions of the technique known as history knocking.
The cached value for i.js is unique to a person, regardless of which site they are visiting. This means that to KISSmetrics, we know a single person by the same randomly-generated identity whether theyâ(TM)re visiting customer site A or customer site B. However, there is no way for our customers to access each others' data or know anything about a person's activities on other sites.
This is similar to credit card purchases â" Store A knows what you bought at Store A with your Visa. Store B knows what you bought at Store B with your Visa. Visa knows what you bought on Store A and Store B, but does not share that information between vendors. Just like Visa, KISSmetrics does not share any information about your interactions with Site A with Site B or with any third parties.
The Privacy Details
KISSmetrics has never, and will never, share personally-identifiable customer information with any third party sites.
KISSmetrics has never, and will never, share anonymous customer activity of what people did on customer Aâ(TM)s site with customer B.
Person data is available to the KISSmetrics customer for the lifetime of their relationship with KISSmetrics. When a customer ends their relationship with KISSmetrics, they may request that their data be deleted within 30 days.
If you have questions, weâ(TM)re happy to answer them at privacy@kissmetrics.com."
Let's mess with them (Score:1)
Get everyone to set their key to the same value. >:D
"This guy's been on 2,500 websites every 6 seconds!"
Re: (Score:1)
Not contradictory (Score:2)
In the case of the VISA card two companies could check with each other if any customers were using the same car too. But that is not enabled by the system other than being the source of the single identifier in the same way VISA is...
However the difference really is that the person has no idea said unique identifier is being assigned to them.
Here is my KISSmetrics for kissmetrics.com... (Score:3)
goto http://www.kissmetrics.com/how-it-works [kissmetrics.com] and get tracked:
{!-- KISSmetrics for kissmetrics.com -->
{script type="text/javascript">
var _kmq = _kmq || [];
function _kms(u){
setTimeout(function(){
var s = document.createElement('script'); var f = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true;
s.src = u; f.parentNode.insertBefore(s, f);
}, 1);
}
_kms('//i.kissmetrics.com/i.js');_kms('//doug1izaerwt3.cloudfront.net/bd3a8adc30561f08e0ccb9ad3120aa1d14b25d05.1.js');
{/script>
with my htttp://i.kissmetrics.com/i.js :
var KMCID='IEkB3hUXZTz9zHRV1r51WjJJlB8';if(typeof(_kmil) == 'function')_kmil();
Re: (Score:3)
Then the good stuff is here:
'//doug1izaerwt3.cloudfront.net/bd3a8adc30561f08e0ccb9ad3120aa1d14b25d05.1.js
Re: (Score:2)
write a dpi signature to block js files from cloudfront.net that create a script element for insertion. got it. thanks!
site that is using the KISSmetrics Javascript API (Score:2)
So there you go. NoScript->no KISSmetrics. "Can't be dodged"? Nonsense. For those who canot live without JS it should be trivial for a plugin to detect and delete their scripts. As usual the evil "tracking" requires the active cooperation of your browser.
Re: (Score:2)
> ...it should be trivial for a plugin to detect and delete their scripts.
And in fact Ghostery already does so.
KISSmetrics (Score:2)
Question:
Would modifying my MacAddress stop this kind of tracking?
Re: (Score:2)
This has nothing to do with your MAC address, which is not accessible to Web sites in any case.
Re: (Score:1)
Thanks. for clarifying this for me.
The Wired article mentioned -- "That tracking trail would remain in place even if a user deleted her cookies, due to code that stores the unique ID in places other than in a traditional cookie"
I wasn't sure if this unique ID was synonymous with MAC address.
Re: (Score:2)
Actually, someone did create a Java-applet ones used for getting the MAC addresses of website visitors.
Re: (Score:2)
don't legislate technology - target behaviour (Score:3)
This sort of thing is why the EU's half-witted privacy rules on cookies miss the point.
The thing to control is the tracking of users (particularly without their consent), and the storage and onward transmission/sale of user-information - not some particular technology that is being used to do that at any given stage in the evolution of the web.
Of course, if your legislative process is owned by the corporate world, or your voters believe in the rights of corporations, rather than citizens, that is unlikely to happen.
Re: (Score:2)
Nobody has any tracking information about you that your browser didn't actively give them, and your browser is entirely under your control.
Google Analytics blocked by too many. (Score:1)
On our site we did a comparison between our local stats and Google analytics, we found that so many people are blocking them ithere was a skew that fluctuated between 5 to 15% from day to day....
We now run OWA which does a pretty good job.
*cant* be defeated? (Score:2)
1 - Anonymous redirection, something like TOR
2 - Forbid anything of theirs to run on your computer.
And then, for #3. Find out who is using it and boycott their companies products/services.
Win for iOS? (Score:2)
The main trick used was to persistently store data via Flash. The article did say that other persistent storage techniques were used (SQLite, localStorage, etc .. technologies iOS has as well) but one less, and a very commonly used technique, is rendered useless if you're on an iPhone or iPad.
You're already using unblockable tracking (Score:4, Informative)
It's called a web browser.
EFF has shown that you free transmit all sorts of info, that taken as a whole, can uniquely identify you. [slashdot.org]
Visit it yourself [eff.org] and see where you're at: it told me my fingerprint was unique out of over 1.6M browsers already checked.
You can block pieces - such as using NoScript, or Tor - but then you only *reduce* your uniqueness
Re: (Score:2)
Re: (Score:2)
Write a Firefox plugin that returns a generic fingerprint.
Haha! (Score:2)
I went to that site and it said
Your browser fingerprint appears to be unique among the 1,684,880 tested so far.
HAHA! ... Wait, what?
Re: (Score:2)
All it said to me was "Please wait..."
Oh, they all say you are special... (Score:2)
Your browser fingerprint appears to be unique among the 1,684,880 tested so far.
Yeah right, that's what they whisper in your ear, telling you you are the only special one in the whole universe... until you find the web site has been seeing lots of other browsers, frequently, and without protection.
Ew!
Re: (Score:1)
It says 1 in 168000 for me so, I guess that's about 100 identical Linux setups detected; along with Firefox auto-deleting cookies and NoScript blocking both JS and flash.
On a Windoze box that would be 10x bigger pool again. Gonna have to do better to track me.
lies, damn lies! (Score:1)
just how many entries does kissmetrics.com have for Lynx? [wikipedia.org]
Darn it! (Score:1)
I was kind of hoping this was Google's doing - I was looking forward to the hilarity of watching Slashdotters' verbal and logical contortions while attempting to explain why it's actually a good thing...
Well, it's not illegal. (Score:2)
block javascript functions ? (Score:1)
Since this uses specific js-tech/js-functions, is there a way to block specific js-functions ? e.g block calls to ajax by specific websites, cuz a website could easily mask as something useful but make calls to java functions that could be used for mischief.
No such thing as privacy on the web. The end. (Score:2, Informative)
As someone who writes "visibility software" let me just say, there is absolutely no way you will ever have privacy on the web. You can use TOR, or TOR like services, if you don't mind TOR servers being the ones that track you. You can use VPN's if you don't mind the people selling VPN connectivity tracking you. If your traffic is not encrypted or terminates at an untrusted site it is visible. Oh. And just so you know. Encrypted packets carry your mac address because there isn't changes to the headers
Re: (Score:2)
No. I'm one of those assholes that writes software with the explicit intention of allowing applications like snort to protect people. Unfortunately, it is also usable for other things. The mac address of the machine is encap'd in the header of the packet before decryption. When it is decrypted the mac information is still there. The outer headers of the packet (post encryption) do not have the mac address of the machine. The mac address of the last hop is what you will see in those headers. I suspect
Re: (Score:2)
The hardware address is in the packet before encryption. Set up a Linux box with Arpwatch and OpenVPN and see for yourself.
You start following the trail here: http://www.coffer.com/mac_find/ [coffer.com]
Re: (Score:2)
EISA 3Com Ethernet cards
Nice. I remember them well.
Re: (Score:2)
This can be dodged by disabling javascript, like everyone already does, who cares about privacy.
I also appear to have dodged it by having their servers blocked in /etc/hosts. Not sure at which point I did that.
Re: (Score:1)
This can be dodged by disabling javascript, like everyone already does, who cares about privacy.
I also appear to have dodged it by having their servers blocked in /etc/hosts. Not sure at which point I did that.
Blocking access to the KISSmetric site is only a temporary solution as it will do nothing to solve the underlying security problem which this site is exploiting. There's nothing to prevent other services from springing up which do much the same thing. This is a problem which must be solved in the browser.
Re: (Score:2)
I disabled jscript by default and only allow a few whitelisted sites to run em. Much easier on me and keeps FF running a bit faster because I don't have tons of shit in the about:config listing for noscript.
Re: (Score:2)
The difference is that you can see the cameras in the store as you walk in, you don't necessarily get to see the tracking mechanisms when you browse the web.
Re: (Score:1)
It tracks your presence and where you go on THEIR site. If you don't like it then don't go there.
Be MORE than happy to, gimme a list of the sites using this shit and I'll be damned sure not to go there....