IE 5.5 Tracking Default Bookmarks

Paul Guinnessy writes: "Has anyone else noticed that the default bookmarks in Microsoft Explorer 5.5 do not go directly to a site such as cnn.com, but instead go via a redirection via Microsoft. I'm just a bit curious (and a bit uncomfortable) to know what they will gain in gathering this sort of personal information. " There's been a lot of slimey stuff with browsers (remember the What's Related problems not so long ago?). I guess I'm glad Mozilla is coming of age. As long as Web sites don't start doing something stupid like requiring IE... oh... wait.

Re:Let's all do this:

[dattaway]

If you want to rig the tally counter:

watch wget http://www.microsoft.com/isapi/redir.dll?prd=linux &target=http://www.slashdot.org

this makes a request to microsoft every two seconds. It doesn't do the redirection, but just makes the request from microsoft's site.

the *default* bookmarks only?

[DreamerFi]

If that's with the default bookmarks only, the issue is not with microsoft, but with yourself. I mean, of course the default bookmarks are whatever microsoft wants them to be. If you want Yahoo as a bookmark, bookmark them yourself.

Um, aren't we a little hasty?

[XNormal]

Netscape is doing the same, and it's not exactly new either: this feature is there since version 4.0 (1998?). The default bookmarks in the Personal Toolbar Folder redirect through Netscape's site.

The redirection URL is http://home.netscape.com/bookmark/(version)/(bookm arkname).html

Take a look at http://home.netscape.com/bookmark/ to see all supported versions.


----

There may be an innocent reason

[dsplat]

The URLs that they are forwarding to are subject to change under the control of other companies. Microsoft certainly may be tracking usage. However, they may have also been building in the flexibility to change the URL without having to update the client software.

Re:There may be an innocent reason

[Bazzargh]

I actually think this MS activity is fairly innocent, but your reasoning here (that its something like Purls) is all wrong. That facility is provided by a decent implementation of HTTP, to wit dealing with 301 responses as per section 10.3.2 of rfc2616:

10.3.2 301 Moved Permanently

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible.

(my emphasis). If MS had set things up so that the URLs were like http://www.ms.com/redir?news_service_1 , and were switching between providers, then yes I would agree with you that this was a valid argument, but thats not what they're at.

As long as they dont mess with *my* bookmarks I don't mind, I've never yet felt the need to use the ones supplied by the browser vendors.

Let's all do this:

[Black+Perl]

I'm going to change my slashdot bookmark to
h ttp://www.microsoft.com/isapi/redir.dll?prd=linux& target=http://www.slashdot.org

and if we all do the same, it'll really throw the Microsoft statistics gatherers. "This month we got 34,432 redirections for the Windows page and 485,550 redirections in a category of 'linux'".

Possible explaination

[StarFace]

I think there is a simple reason for this, and Netscapes redirection schemes. The links that come default with the browser are very likely purchased by websites. Think of it this way, if you have an airplane ticket sale sight, what would be the best way to advertise? Banners? Hardly anybody clicks on those, or notices them, some even filter them. Spamming your site to the top of websearch engines? That used to work with old search tech. Now with engines like Google, and human sorted directories that are big enough to be useful (dmoz.org) that doesn't work so well either.

That leaves convincing the browser producers to use your link as a default. Microsoft and Netscape very likely get payed to put those links there, and naturally they are going to want to track the usage of those links, so that they can see which ones are beneficial and which ones are duds. The purchasers of the default link would no doubt be interested in those statistics as well.

I have no idea if this is the case, but it seems to fit together for me.

Corel Do the Same with their Linux

[bfree]

I am running Corel Linux Second Edition (2.2.16 kernel) at present and all of its Netscape Bookmarks (and it has a relatively nice selection including Slashdot) pass through product.corel.com, as does the default Homepage which is a corel page. I presume this is to gather usage info and stats and don't really have a problem with this sort of tactic. If you don't like the extra smidge of traffic generated fix your bookmarks. If you don't know about it should you care? I don't think so. You are simply providing some usage analysis data and all that is visible is the standard CGI environment (such as User Agent, IP, etc.). It lets them (Corel, MS, Netscape) see just how many users they have, what versions they are using and how useful their bookmarks are. Personal info gathering is still down to the browser (and whether it allows javascript etc), nothing has changed. It has the potential to be about as obnoxious as doubleclick and deserves the same treatment, care and fix it or don't care and let them gather some info based on your usage. Now if anyone can prove that these redirects are used to do some form of persistent tracking and that they are gathering email addresses I will take a different view. Until then ...Dear Slashdot, please stop posting stupid argumentative stories (like InterVideo's press release dissappearing when it is sitting in plain site).

Re:I find it disturbing that....

[guran]

someone would even consider using a non-open source browser -- especially one that is made by the evil empire. You should be using some open source browser, or better yet, write your own from scratch.

I'd love to. unfortunately I lack time and skill to code my own browser (if I want something more than text, at least)

But the sad state of affairs is that INTERNET EXPLORER CURRENTLY IS THE ONLY BROWSER THAT FUCKING WORKS!

Don't tell me about standards and how the evil empire embraces and extends. I'm talking reality here. So many sites uses MS specific code that I'll always need IE as a backup. I do web pages for a living. (or rather the heavy stuff behind the pages, not the stupid html/javascript shit) and I see why Microsoft is winning. It is easy. They give people what they want!

People want "cool" sites. I know it is stupid, and so do you, but the other 99% of the web surfers think those flash intros and AciveX gizmos are nice. If a page renders and updates faster in IE than netscape, people will use IE. If a page is inaccessible with Lynx, nobody will use Lynx (exept hard core geeks and disabled persons) If people get a virus because of shitty security in IE and windows they will complain about "that damned Gates" and continue to use Windows and IE because they work. Someone will switch to Linux only to find that his favorite web site no longer works. (and that Netscape crashed three times) "Sorry, Linus. Nice system and all, but I'll stick to windows, since they have this working web browser."

I'm worried, because if there is not a serious competitor to MSIE out there soon we will have a MS proprietary web.

Boy, am I pessimistic today?

BUGTRAQ's cookie issue in MSIE 5+

[daitengu]

I've been following an interesting thread on BUGTRAQ about something similar to this, it seems that Microsoft is tracking alot of your web browsing habits, you are able to turn cookies off in IE 5+ but MS can still track your movements... a message that really caught my eye follows:

"Guille Bisho" wrote in message

news:39B84795.8A32DC4F@redestb.es...

(snip possible good catch)

Good possiblity something fishy going on there. The XMLHTTP object is installed and registered with IE5 and functions without prompt under default settings. The example code below will send an HTTP request to MS, fetch and parse as html the response:

&ltscript&gt
function SubmitTrackingInfo(){
var objHTTP = new ActiveXObject
("Microsoft.XMLHTTP")
objHTTP.open("GET", "http://www.microsoft.com", false)
objHTTP.send()
xmlDoc=objHTTP.responseText
document.write("" + xmlDoc + "")
}
SubmitTrackingInfo()
&lt/script&gt

In the case of the search.msn.com example. There is additional data being sent back to the server: objHTTP.send("BSTR")}function fnInit(store). Clearly the name of the function firing all this: "SubmitTrackingInfo" can suggest some things. More so the recent "ballyhoo'd" anouncement by MS to allow greater control over privacy for their customers, with the addition of a "cookie" privacy control add-on for Internet Explorer 5:

http://www. microsoft.com/presspass/features/2000/jul00/07-20c ookies.asp

So, while _everyone_ else's "cookies" are curtailed by this privacy add-on for Internet Explorer, Microsoft's operations utilise this method of 'non-cookie" tracking?

Conspiracy theory of course ;-) but perhaps worth investigating thoroughly by someone with experience as to what exactly is going on?

WARNING! slashdot banner ads redirect you!!

[levendis]

check this out:

http://images.slashdot.org/cgi-bin/adlog.pl?arti cle,tkgk0081en

This is a link from a /. banner ad, and it redirects you to another site! Oh my god! Evil Andover is tracking my browsing!

Sorry, just feeling a bit paranoid this morning... web redirects are nothing new. They can be used for a variety of legitimate features such as load balancing, randomizing, hit tracking, etc etc. Why is it inherently evil when Microsoft does it?

Re:I find it disturbing that....

[guran]

Here is a typical conversation between a web site developer and a customer:

Customer: I want a site that looks something like this, and I want these functions on it
Developer: OK That will cost XX $ for IE users.
Customer: Uhm OK
Developer: ...and YYY $ extra to get it to work with Netscape
Customer: YYY $ extra? Why?
Developer: Well, IE and NS have some different features. Those functions you described are easier to make for IE
Customer: OK I guess you know what you are talking about. I assume we must support Netscape too
Developer: And then there are some other browsers. If you want them supported you must cut back on functionality, or make a parallell low-feature site.
Customer: an extra site just in case someone doesn't use IE or Netscape?
Developer: Yes to catch everybody
Customer: Guess I don't want to lose any customers. How much would that be?
Developer: ZZ $
Customer: ZZ $? How many are using omething else than the major two browsers?
Developer: Less than one percent of your target group, I'd say
Customer: OK here is the deal. Start making my site for IE users. Then you can add functionality for Netscape (if they are still around then). I don't think we'll bother with the rest.
Developer: Are you sure? It might not look so good if some people can't even access your site.
Customer: Yeah, but it would cost too much. And most people does have IE somewhere if they really want to get here don't they?
Developer: Yes. Lynx and Opera users are used to being shut out. They may complain, but they'll know how to get aroud the problem.