Domain: bugnosis.org
Stories and comments across the archive that link to bugnosis.org.
Comments · 8
-
I use a modified hosts file
I use an altered hosts file to block some of the advertising related communication that goes on in the background when visiting many ordinary webpages. Mike's Ad Blocking Hosts File diverts known advertising related URLs to the 126.0.0.1 loopback address. I block the advertising related communication partially for privacy reasons but also because it make many of the webpages load more quickly on my 26.4K dial-up internet connection. The modified hosts keeps about 1/3 of the advertisements from appearing in most wepages. The missing advertisemnts appear as empty rectangles. The webpages download more quickly when not downloading the graphics intense advertisements. Broadband and DSL are not available are not yet available where I live and the local telephone lines are only good for 26.4K (even with a 56K modem). I use the modified hosts files on both my Windows computer and my Linux computer.
I also chose the option in my email prgram set to not automatically display the graphics in my email messages. Many of the graphics in the messages are downloaded from links to an IP address. So if I understand correctly, when someone views a piece of spam it is conceivably possible for the spammer to tell when the message has been received by the grapics being downloaded. He would then know that he had used a valid email address and should keep sending you more spam. I the the Linux version of the Thunderbird email program and it has the option of not displaying the graphics on some or all of my email. Most email programs for Windows or Linux have that option. I haven't heard if Outlook has that option or not.
I am not sure how up to ate this info is but, have you heard of webbugs? A Web bug is a graphic on a Web page or in an e-mail message designed to monitor who is reading the page or message. Have you heard of Bugnosis the webbug detector for Windows? I do not use Windows very much anymore so I haven't tried using the program in recent years so don't know much about Bugnosis (or webbugs).
If you go the the websites for DoubleClick or some of the other similar companines that monitor us you will also find that you can choose to have an opt-out cookie downloaded to your browser which stops them from moitoring you.
-
Re:What's that weird button in Kazaa?Here's a theory I can't test because I don't have Kazaa (and I'm not about to install it for fun).
Is it possible that this is a very tiny pop-up that houses a type of spyware that can be found using Bugnosis in a regular IE window?
-
Re:Outlawing CookiesI agree. I work in a Windows environment (Win2kPro, specifically). Cookie control is very cumbersome, but at least possible. It involves a lot of playing with the security settings. Essentially, you have to allow the sites you want (e.g. slashdot, google, etc.) to put persistent cookies on your box, then (unintuitively enough) turn cookies completely off. This leaves your current cookies still functioning, whilst denying any new ones. (Per-session cookies are another matter.)
I've found that webbugs are much more intrusive, and there's no way to control them on Windows. Or at least there wasn't, until Bugnosis came along. It's a beautiful little IE plugin. It's got a lot of options, and can be configured to essentially entirely disable webbugs while remaining totally transparent to the user. But at a click, a large amount of extra info is availble, so you can see exactly who's bugging you, etc. Only for IE5.0 and higher, but it's definitely worth it. Is there anything similar for mozilla, opera, etc.?
-
Re:Use smart settings to avoid this:
There's a program called Bugnosis which can alert you of single-pixel tracking images like these, but can't block them (yet). It also only works with IE.
What browsers need is an option not to block all single-pixel images, but to block automatic loading of all images that aren't from the same server as the HTML page itself. Most of the tracking images are loaded from servers such as DoubleClick. Netscape has an option for only accepting cookies that are to be returned to the same server as the Web page came from; we need the same thing for images.
-
Several answers
I have a mutli-level armored approach to browsing:
- I installed Bugnosis which is designed specifically to deal with single pixels images that might be web bugs.
- I use Proxomitron to do Javascript filtering. It cuts out the worst examples of Javascript annoyances (popups, leaving the page triggers, etc.) The filters are editable, so you can customize them yourself to filter out things like this spy script.
- I route everything through Junkbuster, which gets rid of the ads that Proxomitron misses.
All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.
I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.
Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.
-
Re:Many ways to block ads
Oops
I swear I clicked the preview button. -
Re:Many ways to block ads
One more thing, because I assume by 1x1 images you mean , right? If you block the server the bug is on, the actual
.gif file won't be saved to your drive (under temporary internet files in Windows). -
Re:Comments from a Bugnosis authorThat's not Web bugs leaking the information to a third party, that's the main site deliberately giving that information to a third party. I may have concerns about the main site doing that, but Web bugs don't add anything to that concern IMHO seeing as the conduit exists without Web bugs.
I have to disagree. There is a very important difference between the info transfer with a Web bug (or equivalent) and just sending around log files behind the scenes. Our FAQ covers this.
In the scenario I described, OSDN ends up with both cookies. This allows OSDN to synchronize with Slashdot, allowing both sites to realize they're discussing the same user, no matter when the sites originally assigned the cookies, and without planning to synchronize in advance. If on the other hand Slashdot just sends a log file to OSDN, then the synchronization is much harder to achieve, and in practice, would probably not even be attempted.
Basically, it's the same old third-party cookie synchronization threat. Now, cookie sync can be done with banner ads or other 3rd-party content and is not uniquely associated with Web bugs. But when you encounter a Web bug, it is absolutely clear that (1) it's there for the info transfer alone and (2) it's trying to slip under the radar. That makes it a pretty interesting device, from a policy point of view.
By adding a Web bug to HTML email, you can track the progress of your emails, and under further assumptions, you can even intercept comments added by people who forwarded your email: see our email wiretapping report, originally described by Carl Voth. A yet-to-be-distributed version of Bugnosis examines Outlook and Outlook Express emails for Web bugs too.