Slashdot Mirror
Microsoft: The Biggest Web Bugger
An unnamed reader writes: "A recently released web bug report shows
that Microsoft (via Link
Exchange) is bugging more web sites than any other organization.
Less surprisingly, however, the same report shows that by making some rough traffic estimates, DoubleClick
is probably bugging more web traffic than anyone else. (Except of
course those big ISPs running proxy servers...wonder how long
it will be before the ad agencies get into bed with the ISPs?)"
Advertisers are very interested in connecting those anonymous statistics to real people. DoubleClick actually did so, but stopped after a public backlash. But they will try again, it's just a matter of time. In the meantime, whenever you enter contact information for a web site, that site may decide to sell that information to someone like DoubleClick. Advertisers really want this information, and they'll keep trying until they get it.
Search 2010 Gen Con events
Perhaps because they have an effective wall between the editorial staff and the advertising staff, thus ensuring that editorial policy (as much as Slashdot has such a thing) is not tainted by advertisers?
Search 2010 Gen Con events
Microsoft: The Biggest Web Bugger, eh?
Yeah, I think we can all agree that Microsoft has buggered the web...
High-speed Road Trip (18.000KPH)
You are correct.
Another way would be to put a web bug in the e-mail that the site uses to confirm the order.
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
You may be right. After all It's not like Microsoft is some giant corporation with hundreds of subsidiaries, thousands of programmers, or terrabytes of storage at their disposal.
How could they ever muster enough money, processing power, database space, and brain power to try and corrolate the information they get from web bugs, sales at one of their subsidiaries, registrations at popular web sites like MSN or hotmail or msnbc, and product registrations of office and IE.
Why that would take millions of dollars and I really don't think MS can afford such a large outlay even if it means making tens of millions selling that information to others.
War is necrophilia.
Actually, it doesn't even take a form with a GET request. Rather than use a cookie, many sites now encode a unique user id in the URL, often after a '$', like http://company.com/page.htm$USERID. (Sites do this so that they can track session data on you even if you deny their cookie and even if you move across servers or domains.) Since WebBugsAreEvil.com gets this full URL, they now have your USERID at the site you visited and can connect their data with the data collected by the site.
A 1x1 pixel image slows your surfing? You still on a 9600 baud modem there?
By invading the private lives of every american household, and doubling the world's incarceration rate, the US can effectively wipe out marijuana use completely.
By warehousing consumer data large corporations can market more effectively, that is, convince you that you are not happy w/o their product.
Time to wake up the populace: Your well being is not a univariate function depending only on GDP growth. Crime prevention will not help your well being if the means outweigh the ends. Does nobody care about search and seizure rights?
Particularly problamatic
from the web bugs FAQ
11. Why are Web bugs used in "junk" Email messages?
To measure how many people have viewed the same Email
message in a marketing campaign.
To detect if someone has viewed a junk Email
message or not. People who do not view a
message are removed from the list for future mailings.
To synchronize a Web browser cookie to a
particular Email address. This trick allows a Web
site to know the identity of people who come to
the site at a later date.
Spam sucks
http://Lenny.com
They made a movie about it with Sandra Bollock. Industry just got smart after that and made it to where you couldn't see the pi, even if you held down control shift. ;)
God, that was a bad movie. Thankfully, I don't remember the title.
Linux - Because Mommy taught me to Share.
Yeah, I noticed Google was on the list, too. A lot of people put the canned HTML code that Google provides on their pages to provide search capability. That includes an image, but it doesn't mean Google is tracking users. I think this survey needs more meat. I shouldn't be whether a page includes images from another domain, but only if cookies from other domains are going to the user from a page.
I could probably whip up a Perl script to do this with libwww pretty easily. I can't believe whoever did this survey didn't!
So, I was thinking about this and that today while I was sending my stupid spam off and something came to me. I know there was a proposal or something not too long ago that had to do with a unique identifier tagging unsolicited email. Now, if ISP's and telco's are supposed to be equivalent (right?), why is it that I hear you can block unknown callers/telemarketers and stuff on your telephone, but I can't block unsolicited email without trying to filter them individually with a spam filter which seems the equivalent of using your call blocking (which by the way has a limit of a few numbers at least in my area). Even if these aren't the same things I still believe it would be best if there was a unique ID on junk email because it is just as much of a problem to me when a phone rings and its junk or when my mail notify goes off and it's junk. How in the hell these two are different is beyond me but looks like that idea just didn't float anyway.
As far as web bugging goes, I could care less whatever doesn't steal from me or interfere with my time. Wading through junk does and it's just not fair. I may sound like a hypocrite for saying all this because of what I do at work, but I'm just following orders so I can make enough to feed myself and have something descent on my resume. I may have a fancy job with email, but i don't make much money and I'm a veteran employee. I'm not a moron, just stuck growing up in kind of a redneck area (with scarce IT jobs) and being taken advantage of by the hi tech that came to town. Cheap labor we are for them. I fully intend to get the fsck out out of dodge.
- A.P.
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
It's worth noting that Bugger has a few other meanings than "One who plants bugs."
Suppose I have my own advertising web site, "WebBugsAreEvil.com", and your e-mail address is YOUR_EMAIL_ADDRESS@yourhost.com.
? email_ID=YOUR_EMAIL_ADDRESS@yourhost.com & sequence=1928d4ae1228">
I place my bugs all over the internet. You visit a site with one of my bugs on it. This sends a new cookie to you. You now have a cookie from "WebBugsAreEvil.com" on your hard drive. Every time you visit another site with one of my web bugs in it, your cookie is sent to my host "WebBugsAreEvil.com" including the URL of the page that you are viewing. Thus, I build up a detailed profile of your web surfing habits.
Now suppose you place an order on one of these sites and leave your e-mail address and other personal information. The site sells your e-mail address and other personal info to "WebBugsAreEvil.com". I now have your personal information and your cookie, but the cookie ID is not yet associated with your personal information because these were collected by two different servers. I need to do one more thing to put them together.
I do a mass mail out with all the new e-mail addresses. The e-mails are HTML-enabled e-mails. Embedded at the bottom of the e-mail is this web bug:
<IMG WIDTH=1 HEIGHT=1 border=0 SRC="http://track.WebBugsAreEvil.com/cgi.bin/ping
It's a 1x1-pixel GIF that has a single clear pixel in it; this is where the euphemism "clear GIFs" comes from. You cannot see this GIF.
When you open the mail, this new web bug is sent to WebBugsAreEvil.com. Because the URL has your e-mail address in it, and it also sends your "WebBugsAreEvil.com" cookie with the HTTP GET request, I can now associate your personal details with your surfing habits.
In short, it is very easy to remove anonymity.
I don't know about you, but I find the idea of anyone having this amount of knowledge about me and my browsing habits to be uncomfortably close to Big Brother's surveillance from George Orwell's novel "1984". Is your telescreen on, Winston?
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Web bugs are usually used in conjunction with cookies to profile your surfing habits. I find this to be a gross invasion of privacy, so I have chosen to fight back.
It's not hard to stop a site from using cookies as a tracking tool. If they cannot store a cookie on your hard drive, that cookie cannot be used to profile you.
The way to defeat this is to prohibit the web sites that use web bugs from storing cookies on your computer. A good browser will have security settings that can be customised. I place all web sites that I trust in my collection of trusted sites. These sites can store cookies on my machine. Sites that are not in my collection of trusted sites must go through the default setting where I must approve each cookie with a click before it can be stored on my hard drive. Persistently annoying sites get placed in my collection of restricted sites, which are prohibited from storing cookies. Sometimes, a trusted site that I have omitted gets added to the trusted list.
If you want to start a database of restricted domains, a good place to start is your cookie collection. You will find a lot of sites that you never visited in that list. Add anything suspicious to the restricted list before deleting the cookie.
I have only been doing this for a few weeks, so I haven't got any good results to report so far. I'm sure I'll get good results doing this, and I invite others to try it. It does involve a little work, but eventually I hope to have reasonable web-bug-free privacy online.
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
http://www.privacyfoundation.org/education/webbug. html
Like forcing you to use cookies in Internet Explorer, or rather, transmitting cookies to *.msn.com sites no matter what you configured, containing personal information about your windows installation.
See also here (http://slashdot.org/yro/00/11/02/1639247.shtml):
For the sake of the privacy of those who must use Internet Explorer: Firewall msid.msn.com. Forever.
Home Page
Looks to me like they are classifying any inline link to a different server as a "web bug".
This is quite bogus, as evidenced by the #2 ranking of akamai; the fact that many high-traffic sites have their images served from akamai's network does not mean that akamai is tracking where people go.
Tarsnap: Online backups for the truly paranoid
So, they collect some *anonymous* usage statistics. So what? They can track your web surfing. Who cares? These stats are *anonymous*, people. They can't be mapped to your physical address, phone number, etc. without a call to your ISP and a good reason. These stats help advertisers market products to you more efficently. It saves them money, and you get the see ads that might encourage you to buy something that is really useful to you. So my question is, why do you care?