Slashdot Mirror
Web Bug Detector
(H)elix1 writes: "I'm sure /. is about to be hit with this, but CNET just released a story about a web bug detector plug-in for IE called Bugnosis by the Privacy Foundation. An interesting toy, but the thing that grabbed my attention was the Web Bug Gallery. It would seem our beloved slashdot has them as well. Course, so did CNET, but that is a different story...." I think improved cookie-handling is much more useful in preventing tracking, but this is interesting because it provides visible feedback about tracking efforts.
Heck, Netscape 4.75 has this, and as far as I recall, earlier versions did too. Lynx, of course, is still my first choice for browsing. Too bad the fscking text entry box is so lame.
Cookies definitely can exasperate the problem by providing additional information. But bugs are not reliant on cookies. You can block all cookies and block all images and you will not block all web bugs. The reason advertising companies like to use cookies is that you can track additional information easily, because the browser obligingly stores the data and spits it back on demand, even after you shut the browser down and start it back up, often hours, days or weeks later.
For reference, check the Web Bug Report quote in the CNET article and you'll notice that the report shows the types of bugs (imgs, iframes, etc.) that are present. A very large # of them are not images...
So a web site includes an inline image loaded from another site. And the graphic is so small you might not notice it. Whoop de do. People have been doing essentially the same thing with web counters for years. Now it's the /. scandal of the day?
This is a common misconception; the reality, however, is much more disturbing. The little blinky dot you humans call webbugs are actually tiny miniature CIA cameras implanted in your screens to take pictures of you surfing Slashdot naked. Us CIA guys only admitted to using DNABots when they were already obsolete, much like the obsolete Echelon system, which has been replaced by people using Windows XP. We find it's much easier to allow the citizens to administer their own surveillance device. Saves us mucho manpower.
Therefore, buy XP and save the government valuable surveillance budget dollars.
Agent Bitterman, Superspy
President Chief Head Director of the Leadership Branch of the Executive Level of the CIA
- A.P.
--
Forget Napster. Why not really break the law?
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
--
"Hot lesbian witches! It's fucking genius!"
As a sidenote, this just occured to me... since web bugs, like cookies, can track a single user through a site, can they be used in place of cookies to add state, if for example the user has disabled cookies? Are web bugs as accurate as cookies in identyfying users? I guess it's sort of a moot point, when a user disables cookies they also acknowledge they don't want to have state...
--
"Hot lesbian witches! It's fucking genius!"
One of the main points of a "WebBug," as Bugnosis has termed them, is to track a user across multiple sites. The slashdot bug would fit this description exactly.
OSDN could easily track what the overlap is between slashdot and kuro5hin users, how many slashdot users are later making thinkgeek purchases, or how many people follow links to sister sites.
Just because the sites are owned by the same company does not mean that these are not WebBugs.
thanks :) I haven't seen it in a little while...
--
the telephone rings / problem between screen and chair / thoughts of homocide
"don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
A is True, and B is True, but A does not imply B.
Why 'of course'? What benefit is it to VA that they know I read Freshmeat, Slashdot and Sourceforge but not QuestionExchange (mainly because of their sub-literate banner ad)? I've never noticed a difference in advertising content across the sites...
--
the telephone rings / problem between screen and chair / thoughts of homocide
"don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
The third party cookie distinction is back in IE6 again (at least it is in the latest WinXP beta, and they share the same codebase). You can say Accept, Block, or Prompt separately for first and third party cookies, as well as accepting or rejecting all session (not persistent) cookies.
So you can accept all first party cookies, and be prompted about any third party ones.
- Steve
It's back in the current 6 betas.
I think we need a new moderation choice: 'Didn't get the joke'
The Active X controls are required only for the somewhat unusual download and installation and then can be disabled according to the author.
.exe from us. The Bugnosis control that we
------------
You only have to enable ActiveX control downloading in order to install
Bugnosis -- you can disable it after installation. That makes it really no
different than downloading an
download isn't scriptable, so other Web sites and email users will find it
harder to abuse.
Regards,
David
Prof. David Martin
University of Denver Math/CS
The installation requires Active X controls = on. So that makes the cure worse than the disease. I'll trade some privacy for not opening up my machine to remote execution Active X shit.
Oh course, Lynx doesn't normally load images anyway, so it's reasonably immune to web bugs...
--
As
--
echo '[q]sa[ln0=aln80~Psnlbx]16isb15CB32EF3AF9C0E5D727
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
FilterProxy can remove web bugs by stripping them straight out of the html. Oh, and it removes ads too.
</plug>
--Bob
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
It's a pretty cool tool.
/. annoying (since every page is bugged).
;)
Just one annoying thing:
Every time it finds a web bug (definite web bug), it brings up the report. Makes reading
STOP TRACKING ME YOU COMMIES!
Okay, you can resize it to like a single line (or 1 pixel) at the bottom of the page if you want, so it's not that annoying.
If you do the one pixel high thing, just watch the toolbar in IE5 for when the bug turns red if you want to know if you're being bugged...
Err, just right click and turn off pop-up if you don't like it, nevermind.
Yep, not really a bug unless it pulls a cookie from you--it'd be nice to have the a checkbox for this int he options.
Just right-click the report window and disable "popup when webbug found".
That tells them what timezone you're probably in....
Then they could build demographics profiles -- for example, people who are on at 3 AM in the USA are probably students or security guards or something.
A beta of IE5 between 5.01 and 5.5 had the same feature, "Accept third-party cookies" Always/Prompt/Never, but they took it out in 5.5
Yea.. it's possible.. kinda interesting in a way. I have to wonder though at the glee in which he expresses 'wouldn't it be fun knock their table design out of alignment!' ..
.. I wonder what he seeks to get out of it. "Look! I can screw up my browser so webpages look funny!! .. wooo .. I'm l33t!" ..
Um.. I guess so.
Considering he's not actually defacing the web page and his 'wonderful tricks' are visible to JUST HIM
Hmm.
--
Delphis
Delphis
b) he would have to use IE.
:>
Two things that the Slashdot crew will never do.
Nah, really.. they're all using Windows machines, running IE and absolutely love Bill Gates. They only talk about this Linux thing to throw us off.
--
Delphis
Delphis
Of course /. uses web bugs. They still use GIFs, too. This is a "do what we say" website, not a "do what we do" one.
-- Don't Tase me, bro!
slashdot.org, redhat.com, and spamcop.net all pop up alerts (granted, Spamcop's alert is compeltely bogus)
microsoft.com, sun.com, and ibm.com come up clean.
-LjM
The web bug conspiracy was addressed (its mentioned ed by Jamie a couple of times in that article - direct links to posts don't work on archived articles) almost a year ago. That link found with google. I seem to remember a fuller explanation at about the same time, but I couldn't find it.
...
--
I hope we shall crush in its birth the aristocracy of our monied corporations
And I'd be a Libertarian, if they weren't all a bunch of tax-dodging professional whiners.
Berke Breathed
I think some people around here tend to get too worked about the way slashdot runs, and tend to jump to conspiracy explanations too quickly.
Thanks for the hint about links, I was trying the sid form. I still can't find the other explanation about web bugs. Maybe it got modded down.
...
--
I hope we shall crush in its birth the aristocracy of our monied corporations
And I'd be a Libertarian, if they weren't all a bunch of tax-dodging professional whiners.
Berke Breathed
The real humor is that some moderators didn't recognize this as a well-known non sequitur and marked it "Informative". Next time you may have to actually include the smiley to help out some of our "special" moderators...
Caution: contents may be quarrelsome and meticulous!
Your right to not believe: Americans United for Separation of Church and
Cookies (sometimes) have a valid use, such as the session info in Slash.
Web bugs have only one use, to gather info on your habits, preferences and views without your knowledge. Therefore they all bite and leave infectious wounds.
When you go to a store, there are video cameras watching you, and records of your sales, etc...why shouldn't a website know which pages were visited?
:-)
Minor detail, the store has a sign, right at the entrance saying something like "We are using video surveillance for your protection". There is no sneaking around and trying to hide that fact. Also I do not care much that Slashdot knows that I visit. However, Webbugs are usually used by others, say doubleclick. It would bother me alot if an ad company collected info of the sort "does not like MS, likes privacy" etc, and then maybe even sold that to the attitude adjustment department at a certain Redmond WA based corporation
Actually that about the cookies isn't right. Looking at the OSDN image on Slashdot's page, OSDN can't pick up any slashdot.org cookies from it. Not unless the browser is failing to apply the same-domain rule, that is. You can do some things with Javascript to put osdn.com cookie information into the image request query string, but the OSDN code doesn't do that.
Pull up the Tasks menu, Security and Privacy, Cookie Manager, and hit the Cookie Sites tab. Find the sites you want to allow cookies for and remove them from the list of blocked sites.
Well, yes. But then again, Slashdot could add a module to the Web server that logged their cookie info along with the hit data and timestamps into a file and e-mail that file to anyone they felt like, too. Some shell scripting and a cron job and it'd be completely automatic. That's not Web bugs leaking the information to a third party, that's the main site deliberately giving that information to a third party. I may have concerns about the main site doing that, but Web bugs don't add anything to that concern IMHO seeing as the conduit exists without Web bugs.
And yes, I have thought about that sort of Apache ( and possibly IIS ) module. It's got applications for legitimate site statistics, not just unethical tracking.
Only point, though: if a site's coding custom Javascript to transfer their cookies to a third-party site, they're planning on synchronizing information in advance already. That or the ad site's handing them cut-and-paste code to use and they aren't checking it, and that can be seen in the HTML source. Pulled-in scripts where the JS in question doesn't appear in the page source won't work, because browsers enforce cookie-domain rules based on the source of the script, not the page pulling it in.
As for difficulty in synchronizing, think about the trio of timestamp, source IP address and referring URL. Off the cuff estimate, I could probably get 95% accuracy from those on any given hit, and over the course of a few hits I'd get effectively 100% accuracy for any given surfer. All automatic once it's created, no effort needed on the part of the operators once the software's installed.
As for what you call Web bugs being only for the info transfer, that depends on what sort of info transfer you're talking about. I can tell you right now that the OSDN 'bug' on Slashdot's pages doesn't do what you're suggesting, so right off there's a counterexample to your assertion. Ditto at least Hitbox's stuff. The only problem is that the illegitimate tracking ones and the legitimage statistics ones look almost identical in the code, until you start really digging into the Javascript ( if any ) and the back-end systems. That's a job that's too complicated usually for a simple plug-in.
As for HTML e-mail bugs, that assumes that a) the user's using a mail reader that renders HTML and b) that mail reader's dumb enough to pull in content not contained in the e-mail message. If your mail reader's a Web browser, then you're obviously open to all the exploits that can be applied to a Web browser. That's why I don't use a Web browser to read mail. :)
NAT makes the IP address ambiguous, yes. That's why I specified that triple instead. To make the triple ambiguous you need to have two people behind the same NAT box hit the same URL within a second or so of each other. That is a lot less likely, and if they hit different URLs then I can match the referrer in my logs against the URL in their logs and disambiguate the sources. Ditto if they hit it at different times. As far as time synchronization, see NTP. Time sync within a few hundred milliseconds isn't hard at all.
As for what the bug's there for, that's the whole point. "Page X on your site was viewed N times by M unique people." is a perfectly legitimate Web-site statistic. So is "Q people followed this path through your site and abandoned it at page B.". In fact a lot of sites could use smacked over the head with that latter statistic, to prove to the salescritters that huge Flash delays, overly-busy and confusing index pages and disruptive intersitial advertisements do indeed make people go elsewhere. Then one comes to Doubleclick and such, who use the same methods to record things like "Person Z browsed these pages on these sites today.". That's getting way past the bounds of acceptable, but it's being done by the same technique.
Just calling it "info transfer" and then saying that all info transfer is bad because some of it's bad is missing the point. The problem isn't that information is being transferred, it's what information is transferred and what's done with it. Dropping the OSDN image, where no personal information or tracking data can be transferred through it because of the way it's coded, into the same category as Doubleclick's bugs, which do transfer a tracking cookie back to a company that's said flat-out that tracking personal habits is their business, is at best disingenuous.
As for why the images are small and transparent, let me ask this: if the only purpose of the image is in fact to collect legitimate site statistics, what purpose does it serve to have it taking up more real-estate on the page and more bandwidth on the network than it absolutely has to to do it's job? Which leads right back to the same problem, that the logical, minimally-disruptive way of doing something legitimate is on the surface identical to what you'd do if you were trying to conceal evil intent. For myself I tend to be quick to block things I don't know, but it annoys me that I have to block or interfere with legitimate things in order to keep out the slime. I'd much rather LART the abusers off the net.
There's also another point. All those Web bugs look identical from an HTML/HTTP point of view, but they're radically different from a data-collection point of view. Hitbox, for example, uses those bugs solely for site statistics. They can tell when two hits were from the same person and can tell a site things like how many people followed a given path through it, but they've no idea who a given person is and don't store any information on which paths a particular person followed in the database the sites access.
Disclaimer: I only program the systems for Hitbox/WebSideStory. I don't represent them or their opinions, they pay the executives to do that.
There are various recommendations scattered througout this discussion for webwasher, adsoff, etc. It's hard to find 'em all.
Reply to this message with the product name in your subject line and put a link in the body if you've got one.
Persons wishing to add information about specific products can then reply to those messages. --Charlie
KookaBurra Software sells a product called "Cookie Pal" that allows you to filter cookies and responses to cookies in real time. Extremely configurable, shareware, inexpensive, works on MSWindows operating systems.
It can work with Netscape and Explorer simultaneously. I've been using it on my windows boxen for years quite happily.
--Charlie
Actually Opera has this. There is a bunch of options for cookies, including refusing 3rd partie cookies and filtering by server, domain etc.
"When I was a little kid my mother told me not to stare into the sun...
"If liberty means anything at all, it means the right to tell people what they do not want to hear"
I parsed "Web Bug Gallery. It would seem our beloved slashdot has them as well." and thought, well, duh, that's common knowledge. Then I read the article, and realized that they meant the spy-type of bug, rather than the slopped-together-code-type.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
They did, however, release a version for Mac OS X, so you can have your BSD goodness and a crazy German Mac bigot browser at the same time. ;)
-- the_Librarian
Netscape couldn't overtake a browser that came with theOS, why do you think Mozilla will?
Besides, IE5.x has had the same functionality. And, power users can get Guidescope (http://www.guidescope.com/) or Junkbuster if they want to manage their cookies effectively.
CookiePal does just this, although it's a Windows only application.
I can deny all cookies from a domain, accept all cookies for a domain or view the cookie and decide if I want to accept it. I can see all the cookies that are set and delete them also.
------
IanO
------
Objects in Mirror are Losing!
"Every time someone asks when I will release slash to the public, I extend the date by one day."
Jesus was all right but his disciples were thick and ordinary. -John Lennon
http://ideageek.com/security/iecookies
It's just a registry dump from my computer from this morning. I really need to automate it.
Anyway, that's my list. Would love to compare.
In the realm of cosmic irony, I installed the web bug tracker, then went into this full article, and promptly got the OSDN web bug.
:-) If someone wants a copy of the list, I could find a home for it.
If you're among the folks like me that have to use IE, use that Restricted Sites setting under the security tab (and while you're in there, crank that restricted zone up to disallow derned near everything). Also set your browser to warn you when you get cookies. Add entire that want to set cookies to your restricted zone. None of the muss and fuss of an ad filter (which breaks everything when I have to VPN to the office).
For the first couple of weeks, you'll be adding a few sites per week. I also added to mine the list someone posted of the sites that track users the most. I don't get cookies now, unless I'm actually shopping online.
I tried
Sure, so can you explain where /. uses these? I can think of a few related things it does do:
Each of these might trip a web bug detector, but I don't think any of them qualifies under your definition (also in the Bugnosis FAQ -- I got to that).
So, does /. use web bugs or not?
Dude, I can stare at a blank screen for as long as I like, it won't help. The original poster suggested he may have been having the same trouble.
There's another way to sidestep web bugs: use Lynx.
That way you only view the images you really want to see.
Sorry, I forgot there are ads on the Web; I use Lynx.
Actually it doesn't. I would assume because the image server isn't writting cookies.
It uses a table, so the formatting on this will be way off
Bugnosis analysis of: Articles: Web Bug Detector (http://slashdot.org/comments.pl?sid=01/06/08/1220 230&op=Reply&threshold=-1&commentsort=0&mode=neste d&pid=18)
Highlighted images may be Web bugs.
Properties Contact Image URL
Tiny, Once, Domain, TPCookie (anon=anon_id&-1-vGtvAizyjA&boxex&%27whatsnew%27%2 C%27slashdot-main%27%2C%27freshmeat-main%27%2C%27n ewsforge-newsvac%27%2C%27sourceforge-news%27%2C%27 linux-news%27%2C%27open-mag%27%2C%27questionexchan ge-top10%27%2C%27themes-new%27%2C%27thinkgeek-new% 27&exboxes&%27whatsnew%27%2C%27slashdot-main%27%2C %27freshmeat-main%27%2C%27newsforge-newsvac%27%2C% 27sourceforge-news%27%2C%27linux-news%27%2C%27open -mag%27%2C%27questionexchange-top10%27%2C%27themes -new%27%2C%27thinkgeek-new%27) http://sd-
images.osdn.com/Slashdot/pc.gif?comments,992003991 337
Property name Description
Tiny image is tiny, so is probably not meant to be seen
Protocols image URL contains more than one Web protocol name (e.g., "http:" twice)
Cookie image URL overlaps with the cookie field too much
Lengthy image URL is unusually long
Domain image comes from a different domain than the main document
Once image is used only once in the document
TPCookie image comes from a different domain than the document and manipulates a cookie (Third Party Cookie)
Recognized compares the URL against a set of recognized Web sites
Nah, Lynx users just have to learn to parse the URLs out of JavaScript.... ;-)
Jeff
... has this feature returned.
This page contains 2 cookies from ads.example.com.
(_) This cookie only
(_) All cookies from this domain
(_) All cookies
[Accept] [Reject] [Cancel]
This way, I can choose once per site whether to allow cookies. Slashdot gets cookies. Sites where I'm not registered don't.
--
Forward, retransmit, or republish anything I say here. Just don't misquote me.
Of course Slashdot contains an OSDN webbug. Slashdot is owned by OSDN. Some people gotta turn their paranoia control WAY down, otherwise they're gonna start seeing black helicopters soon.
-russ
Don't piss off The Angry Economist
My netscape browser can detect any web bug ! it prints "Bus error (core dumped)" everytime it sees one !
From www.slashdot.org/ :
d ex,");
d ex,992004976" WIDTH=1 HEIGHT=1 BORDER=0><BR>
<SCRIPT LANGUAGE="JAVASCRIPT">
<!--
now = new Date();
tail = now.getTime();
document.write("<IMG SRC='http://sd-images.osdn.com/Slashdot/pc.gif?in
document.write(tail);
document.write("' WIDTH=1 HEIGHT=1 BORDER=0><BR>");
//-->
</SCRIPT>
<NOSCRIPT>
<IMG SRC="http://sd-images.osdn.com/Slashdot/pc.gif?in
</NOSCRIPT>
Yep, there they are. Web bugs if I've ever seen 'em...
-grendel drago
Laws do not persuade just because they threaten. --Seneca
Your post: "Websites that use webbugs should be drug out back and shot!!"
Best Slashdot Co
Oh My God! Rusty's tracking me! That Low-Life Capitalist Corporate Big Business Pig! What do he and Inoshiro want with me! Why can't you guys leave me alone!!!!
Best Slashdot Co
No, the webbuggers do not have your data, because they didn't get the cookie.
"Only the small secrets need to be protected. The big ones are kept secret by public incredulity." - Marshall McLuhan
The ability to blank out ads by size sounded interesting...until he mentioned that the image is still downloaded. If it's still downloaded, it still registers on the server and it probably still has a cookie attached. I think I'll stick with Squid and ad-blocking Perl.
20 January 2017: the End of an Error.
It parses the HTML returned by a site and removes tags that would load banner ads and web bugs (among other things). If the size attributes are in the IMG tag, I'd assume it uses those. If those attributes aren't included, it would need to download the image and check its size before deciding if it should include the tag.
20 January 2017: the End of an Error.
What the difference between these so called 'web bugs' and 'cookies'?
Hell, if you link to an image off-site, someone can get your IP address, etc. [With a little bit of javascript and a redirect, you can get a whole crapload of information about the person that you're not supposed to]
Personally, I refuse to download any software, not only because it's for IE, but because then the people I'm downloading from would know my IP address. [Can someone please tell me how people are supposed to send you content if you don't give them an IP address?]
Build it, and they will come^Hplain.
Another Junkbuster plug here.
Everyone who shows up at my cubicle at work marvels at how "fast" my web surfing is.
It's amazing what a difference it makes on some sites when you're downloading 3K of text content, 20K of surrounding Javshit (which I've disabled), and about 20K of site graphics, but at least I can skip the 60K of banner ads.
(Most of the time, I surf with images off and skip the site graphics too :)
Wouldn't asking for each cookie and using ad filtering software have the same effect?
This is informative? Propagandizing, yes, but even that poorly.
...when Mozilla is released and starts to take chunks out of IE's dominance...
This is not meant as flamebait, but just who is going to start using Mozilla unless AOL adopts it? The vast majority of web users don't even know what Mozilla is, and this isn't likely to change soon.
If 100% of Slashdot readers, and 100% of Linux users started using Mozilla tomorrow (which isn't going to happen) that still wouldn't qualify as taking chunks out of IE's dominance.
Neopets - the best free game on the Int
Anyone ever notice how Netscpae has a feature in Edit/Preferences that says "Only accept cookies sent back to original server" well use it. Personally I use Junkbuster with about 3 sites allowed to send me cookies. Only problem I get with this is when I visit Slashdot I'm never truly logged in until I post since no info is sent back up until I go to post.
There was a method about a year ago if I'm not mistaken between August - Novemember about an email trick or service to track whether someone read your email. Marketing companies are all run by Dr. Evil anyway so there isn't much you can do. You complain they remove X service and replace it with something more evil.
Want Root?
I've been using AtGuard for a while on my widows machine. It's the best cookie and ad blocker I've used yet. It alows you to block/accept from specified domains (it can distinguish sub domains too - you can block cookies from www.x.y, but accept from forums.x.y). It also can serve as a firewall. Using the firewall feature, I've found (and blocked) several programs that "call home" without telling you.
You could always write such a thing for Mozzilla.
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
To all you who are off writing you panicky responses about evil cookies coming to get you, why don't you use a sane cookie filtering system like Junkbuster?
Don't like having DENY ALL/ALLOW EXPLICIT control? Or R/O cookies for certain sites? Than keep to your naked browsers with Javascirpt and other things turned on, and don't complain!
Plus you get the added benefit of no ads.
--
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
You could author a simple script to do that. The problem is that some cookies you probably want to live. For example, I want my NYTimes cookie to live, so I dont have to login all of the time. Same with my slashdot cookie. I dont care if the NYtimes tracks my demo-data: He logins in, he views the front page, he views the tech page, he views the business page, he views the science page, he never clicks on an add. However, I don't want some pr0n site tracking my movements, nor some crappy software company that's going to correlate me with an email address that I registered to buy something with.
Someone you trust is one of us.
If I were designing a browser, I would have a cookie monitoring window, which would log cookie activity. One could author filtration scripts to block certain domains from cookie access, manually delete cookies from the monitor window, etc.
Someone you trust is one of us.
Of course, Lynx also doesn't support javascript or anything else of that nature, so it's reasonably immune to browsing as well :)
sneh. Should have mentioned that it's for windoze only
Almost ALL grownup webservers do this.
It's a rational requirement for auditing, not for privacy but for functionality and operations.
McNealy was right "You have zero privacy anyway,"... "Get over it.".
It isn't a pleasant thought, but it is reality.
Everyone from the phone company (or cable) to the author of a GeoCities site can get information about you activities to one degree or another.
It's kind of like going to the grocery store and not wanting ANYONE to know you picked up a copy of RedBook magazine. The retailer has to know, and there's no way to keep the person behind you in line from knowing. In that sense you have more privacy on the web than you do in the temporal world.
"First of all, companies with web sites are(in most countries) legally required to tell you about what kind of data they collect and what they do with it."
Which countries? What laws?
I'm serious. I'm not aware of any.
The author of the CNET article chould have taken one more step in research... and the author of the slashdot article should have verified.
http://www.slashdot.org
Contained a bug from the Open Source Development Network (OSDN.com)
SLASHDOT is part of the OSDN pages by VA Linux.
It's not a 'bug'.
Bugnosis isn't smart enough to tell the difference between a real bug and a simple page counter, and probably can't be. We should really worry about much more important things and stop feeding paranoia.
Well, I hereby award bigbrotheraward.de (and Sven Tuerpe) this year's cluelessness award for slagging Apache without bothering to understand what access logging is for. I run an Apache webserver on my home machine, for personal and family use only, and I keep access logs. I get a lot of hits from 31337 haxor d00dz who are obviously trying to crash my server or find security holes. I log their IP addresses. Tuerpe is a twerp if he thinks that I am victimizing these idiots by logging their attacks on my system: obviously, they are victimizing me.
I have written a truly remarkable program which this sig is too small to contain.
Junkbusters is your friend. Tested it against the Washington Post example page. With out the Junkbusters proxy, four "bugs" found. With the Junkbusters proxy, zero "bugs" and fewer ads. (http://junkbusters.com) You may need to spend some time getting your configuration the way you want it. There is a RPM package with some "improvements" and workable block/cookie files. Microsoft Windows users will have to create their own config files.
What's stopping companies from sharing the entire damn server log? This "web bug" thing is a non-story.
Right on.
I'm thinking that the reverse approach might be helpful here.
That is, instead of filtering to remove webbugs, they should be culled out carefully and rebroadcast to some zombies that will keep those nosy sites more than tickled with a flood of requests.
"Provided by the management for your protection."
a) Michael would actually have to do some investigating
b) he would have to use IE.
Two things that the Slashdot crew will never do.
Everytime something happens with Napster or the MPAA, someone on Slashdot says "well stop sitting there talking about it on Slashdot and actually *do* something! Go boycott them or donate to the EFF" blah blah blah. So maybe instead of just talking about privacy issues or the tyranny of gif patents, Slashdot could actually get off its duff and do it. I know how much time it takes to convert a whole website, but its something that could be done incrementally.
"One World, one Web, one Program" - Microsoft promotional ad
The Anti-Blog
Actually, I've been doing restricting sites in IE (at work) for some time in this manner.
u rr entVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]
Windows stores these restricted sites in a location in the registry, here's an example:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\C
"*"=dword:00000004
I made a big list of these using one of those websites that list tracking networks and a short Perl script, then edited it for the particular machine I was on (Windows 2000 requires the header "Windows Registry Editor Version 5.00" whereas older versions of Windows require "REGEDIT4").
You can export these lists and share them with everyone but be careful when you accept these as people can add themselves to unrestricted zones if you don't read the registry files (note the dword value at the end, should be "4").
"We apologize for the inconvenience."
It's already there:
I run across this meta-moderating all the time.
I've installed the webbug detector but am about to uninstall it as it merely seems to be an annoyance designed to make me aware and complain to the offending site, but does nothing (that I can tell) to protect me from these evil creatures. I don't like to be annoyed...
--
-- @rjamestaylor on Ello
I realized that was possible, but my point really was that the software did not protect but merely detect. So, in addition to being easy prey to webbuggers I can choose to be alerted when being bugged. Whoop-dee-doo.
Call me when the program stops, deflects or damages (say by corrupting the database?) the webbuggers.
--
-- @rjamestaylor on Ello
Without getting into the innefectiveness and perhaps uselessness that other people have spoken about, it looks like this should be very easy to circumvent. What I understood from the page is that it looks for 1x1 images from a different site. Changing it to a 2x2 image would probably not do it (although keeping dimensions blank and returning a small image might). All you need to do is set up an image file on your server which basically has "Location: http://www.i.spy.net/paranoia/whatever". They will think the image is on the server, but it is elsewhere.
There is always something like this going around. First of all, I do not see the problem with some computer knowing that person 4352354 with a certain IP is male and Canadian. Anyways, this is largely unjustified because people are basically BORING. I have read people's email (for the record I have not; anything otherwise is false and I only see people's email wheb they forward it to me. Now back to the truth) and I stopped because it is BORING. Wow, this person signed up to the Motley Fool and received an annoying forward from another boring person.
Bugnosis only runs on Microsoft Explorer so why was this article on Slashdot? From what I've been reading lately (especially from Jon Katz) I thought that all Microsoft products were evil and stuff. Would someone at Slashdot make up their mind?
"A plan fiendishly clever in its intricacies"- Homer Simpson
LOL Cute ;P
Why not make a filtering method that can rather than just block the cookie, communitate with the cookie, have a section of the cookie be a message explaining to the filtering software what the cookie does where its from, etc... and display this to the user. Sure some sites could lie about what the cookie is actually doing, but in the case of my former employer, a online stock trading site, they use a cookie to time your login time, which expired after an hour. So when people block cookies they can't get logged in and they called us mad as hell that we wouldn't let them log in, this way if they're filtering cookies with this method, they would see that that cookie is used to log them in and only that. Any feedback people?
Everybody denies I am a genius--but nobody ever called me one!
If you poke around in the html you'll see that the images are hosted at "www.inetarena.com/~pjrc", and of course my site is "www.pjrc.com". Saddly, this web bug thingy will probably tell you that I'm conspiring with inetarena.com to track you, when in fact they're just my ISP providing some server space for the images. There are not web bugs on my site.
I really ought to set up the image server with a domain name like images.pjrc.com. That costs extra (ISPs love to find things to charge for that don't cost anything)... but the cost isn't the primary concern. My little ISP has changed admins and they're not as stable as one might expect paying for frame relay service. I'll probably move to a new ISP soon, and that'll be a good time to set up a proper name for the image server.
The point is that it makes a lot of sense for a site to host bandwidth hogging files from a different server. In my case, it's to facilitate spending my creative energy in my free time on the site (didn't do much on it for a couple years without direct access to the server). I regularily poke around looking at people's html source, and I've seen several major sites use a different server for images, PDF files, etc. It's not an uncommon practice, and there's a lot of good reasons to do it other than tracking users. From what I can see, it looks like the folks at the Privacy Foundation aren't aware of this.
PJRC: Electronic Projects, 8051 Microcontroller Tools
There are some proxies out there that filter banner ads / cookies / and web bugs.
:)
One of the most interesting ones is webwasher (http://www.webwasher.com - for windows & linux, free for personal use, not open source).
Webwasher does not use regular expressions to filter images: it filters them by size. Most banner ads have a standard size (for ex 468x60). Webwasher has a list of known banner sizes and filters all images which match the list of sizes. And it's efficiency is very impressive!
Thus, using webwasher, it's very easy to filter all web bugs which are usually 1x1
Alas, webwasher is not opensource and has some issues. But I think that the idea behind this product is great and I'd love to see it implemented in an opensource proxy
The way webwasher handles cookies is also very interesting: you can specify 3 sorts of cookies
- the good ones (allow them, keep them)
- the neutral ones (allow them, delete them after 24 hours)
- the bad ones (always block)
The default policy for unknown cookies is to set them to neutral; that lets the user visits site normally (without the occasional glitches that happen when you block all cookies with sites that won't let you browse without allowing them), without compromising the privacy of the users for cookies are deleted after 24 hours.
!
^_^
Just look int he source and see if it was written with Front Page...easy way to find bad html
Two wrongs don't make a right, but 3 lefts do - Lew of GO magazine
First post insanity aside (trust me, it's only fun for about 5 minutes and bad for your karma because moderators despise it), there's this quote featured in the CNN article (yes, I do actually read the related articles before posting flamebait):
"Our goal with the software is to reveal how Web bugs are tracking all of us on the Internet and to get companies to 'fess up' about why they are using them," Richard Smith, the Privacy Foundation's chief technology officer, wrote in his privacy tip sheet.
"Any company that uses Web bugs on their site should say so clearly in their privacy policies and explain the following: why they are being used, what data is sent by a bug, who gets the data, and what they are doing with it," he added.
There are two things that I'd like to point out about those statements. First of all, companies with web sites are (in most countries) legally required to tell you about what kind of data they collect and what they do with it. The majority of such privacy statements either consist of the usual "we don't collect any information that can personally identify you" variety or they are hidden beneath so many links at the very bottom of the most obscure pages in the site that your average user never reads them.
Second of all, I agree with your point regarding the suggestion that companies should be required to thoroughly explain what kind of bugs they use (if any), what's sent and received and where the data goes. I personally think it's a great idea. And it's all well and good for sites that deploy their own web bugs. But what about the web sites who use web bugs belonging to other websites (e.g sites who use DoubleClick web bugs, or Slashdot using a web bug from OSDN)? The application should be the same, of course, but how is that handled from a legal perspective? Who is responsible for the "bug"? The company who wrote/owns it, or the company that deploys it? Answers to any of these questions are more than welcome (particularly by someone involved in the legal profession), as I'm sure that there's at least some of us Slashdot readers that would like to know.
Self Bias Resistor
"Imagination is more important that knowledge." - Albert Einstein
----------
When the pin is pulled, Mr. Grenade is no longer our friend.
Am I the only one who finds it ironic that M$ didn't have such a bug and slashdot did?
m
Of course, real OS fanatics would use:
telnet slashdot.org 80
GET / HTTP/1.0
Browser? We don't need no stinkin' browser!
/* 0x2b | ~0x2b is in fact -1 */
See "sarcasm"...
I modded the Troll Investigation and I got
lmao, i wish i had mod points today:--)
---
As any open source fanatic will tell you, it is imperative that you read the HTML source of every page that you view.
We don't need no stinkin' Bug Detector!
--- note sarcasm ---
"My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
Even our private information? This really is a tyrannical paradox isn't? I would rather have information remain un-free then, thank you.
The LCD screen on it displays the Slashdot web bug as a 1 pixel white spot above the banner. If Slashdot didn't have a black background, I wouldn't have seen it.
I find it curious, that with all the discussion on privacy and our rights on line, that Slashdot would use web bugs. I imagine that when it comes right down to it they had to make a choice: no web bug or money, and they went for the money.
With all the talk about the higher priciples of Information Wants To Be Free, Privacy, Rights, Free Software, Etc., the inclusion of this tracking technology into Slashdot really shows that the Dollar is really more powerful than some would like to admit.
If Spend.com sent the infomation to Bug.com without going through Alice's computer, then all Bug.com could learn is that someone created a login at Spend.com with the e-mail address alice@example.com.
Wait a minute. spend.com knows all of the information that they discuss (ip, browser type, etc). What prevents spend.com from transmitting this information to bug.com through a separate channel without Alice's knowledge? -bs
The Daily Build
I use Junkbuster for all my filtering needs. I've got a long list of stuff that gets killed automatically including lots and lots of webbugs. It's easy to maintain - all I do is occasionally look through my cache and plonk anything I don't like. An added benefit, at least back when I was dialing up, was the increased page load speed because I didn't have to wait for banners and counter gifs and so forth.
Do they plan to release plugins for other browsers? No word about that in their faq...
I found that if the image is being loaded as a Javascript object, it will not detect Bugnosis.
When the browser fetches the Slashdot page, it sends the Slashdot cookie if any. Slashdot can then encode that cookie into the name of the Web bug image, so when the browser fetches the image from OSDN, it effectively tells OSDN the user's Slashdot cookie. No JavaScript required.
I'm not saying that Slashdot and OSDN are actually doing this -- just that the info conduit allows it.
David
I have to disagree. There is a very important difference between the info transfer with a Web bug (or equivalent) and just sending around log files behind the scenes. Our FAQ covers this.
In the scenario I described, OSDN ends up with both cookies. This allows OSDN to synchronize with Slashdot, allowing both sites to realize they're discussing the same user, no matter when the sites originally assigned the cookies, and without planning to synchronize in advance. If on the other hand Slashdot just sends a log file to OSDN, then the synchronization is much harder to achieve, and in practice, would probably not even be attempted.
Basically, it's the same old third-party cookie synchronization threat. Now, cookie sync can be done with banner ads or other 3rd-party content and is not uniquely associated with Web bugs. But when you encounter a Web bug, it is absolutely clear that (1) it's there for the info transfer alone and (2) it's trying to slip under the radar. That makes it a pretty interesting device, from a policy point of view.
By adding a Web bug to HTML email, you can track the progress of your emails, and under further assumptions, you can even intercept comments added by people who forwarded your email: see our email wiretapping report, originally described by Carl Voth. A yet-to-be-distributed version of Bugnosis examines Outlook and Outlook Express emails for Web bugs too.
I still say that the Web bug is there for info transfer only. It certainly isn't there for visual purposes, so what other explanation is there? When I was going off about cookie sync I was talking about the capability of the channel, not Slashdot/OSDN's practices in particular, and I didn't intend to imply that the very broad term "info transfer" is a synonym for the very specific term "cookie sync". In the case of Slashdot/OSDN I would guess the bug is an aggregate hit counter of some type. To me, that's a type of info transfer, not image display, and I agree they indeed could achieve the same with out-of-band log swapping.
David
Many people have been asking (cursing, etc. :) for Mozilla, Mac, Opera etc. support. I think it would be great to investigate, and I have a student trying to learn something about Mozilla now. We just don't have the expertise yet. I'd be very interested in hearing from potential contributors. Heck, just a plugin or diff that shows how we can tap into browsing events and access the DOM in Mozilla could make it possible for us to proceed. Frankly, IE support was pretty easy because of all the books and sample code out there. Besides, we had just finished a long-winded report on IE browser extensions & their privacy practices when we started this project, which made Bugnosis pretty easy to envision.
We decided not to make Bugnosis a Web bug blocker, just a good analysis and exposition tool. See, the problem with many "privacy enhancing technologies" is that they put the burden on users to protect themselves. I firmly believe that being concerned about privacy shouldn't mean that you have to make it a huge personal priority, say, by committing time to downloading, maintaining, and upgrading yet another piece of software. Privacy should just be built in. Bugnosis shows how the current infrastructure is being used, and so contributes to the debate on what reasonable standards should be. In the privacy arms race, I'd much rather be a reporter in the trenches than an arms manufacturer -- even defensive arms.
Any CS students interested in working with us? We'll be setting up at Boston University in the fall.
David
Netscape couldn't overtake a browser that came with theOS, why do you think Mozilla will?
Because Mozilla will exist on more platforms than just PCs. Mozilla can be embedded into PDAs, web terminals, set-top boxes and the like, and since many of these platforms are open-source derived, mozilla is a preferential choice over IE for the developers.
One of the cool things about Mozilla (and its Linux and Windows derivatives) is the opportunity to only accept cookies from the current page. I'm sure that when Mozilla is released and starts to take chunks out of IE's dominance, people will start to use this feature and web bugs will become less useful.
Is bugnosis open-source?
And if it's not, how do I know that it's not spying on me?
You see? You see? Your stupid minds! Stupid! Stupid!
I'm still thinking about the consequences. A few years ago every idiot i ran into tried to convince me of disabling Cookies while I still think it's a great idea.
Now I find myself left wondering wether it's ok for one website to transmit this sort of information to another website. I'm even wondering why they try to sneek it into the client like this instead of just sending each other grepped weblogs.
What's useful about this?
And what are the privacy implications?
Slashdot uses an image to do tracking, but from the osdn.com domain. They are part of that network of sites. Therefore, slashdot uses a pretty nifty way of doing tracking, but isn't guilty of "web bugging"
What's the big deal with web bugs, anyway? As long as the tracking that's being done is for use by the site I am visiting, I see no problem with them...it's just a tactic for getting usage statistics about your site. And what's wrong with that? When you go to a store, there are video cameras watching you, and records of your sales, etc...why shouldn't a website know which pages were visited? As long as the information being collected can't be used to uniquely identify me, I see no problem with it. A web bug can't collect any more information than your standard log file, and maybe get access to your cookies. But it can only access cookies *that were set by it in the first place*. Web sites don't have the luxury of talking face to face to everyone who comes to the site, like a retail store does. Somehow, they need to monitor what's going on, and a web bug is one way to do a good job of it. One could easily add the same code the web bug executes to the top of every page...and I don't think there would be any problem with that. Web bugs are just a more elegant solution -- you can abstract out all those tracking functions, and use it as a module.
In other news: "Do Nothing" Congress Becomes "Highly Ineffectual" Congress
I use it for the cookie-blocking, but the ad-blocking is a nice side effect. I let ads through for those sites that I regularly visit and aren't riddled with seizure-inducing 150x600 pixel monstrosities. Hmm... come to think of it, only four sites I visit these days even fits into that category!
It keeps stats. I block about 300 cookies, 40 popups, and 700 ads over the course of a day.
I don't know about web-bugs, but I do keep getting hits from images.slashdot.com on my firewall...
Gotta pay the bills somehow, right? Also, they demonstrated their bad habit of sticking in "www", even though NONE of the links here have it. How dare they.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Is THIS why /. requires its users to have cookies turned on even though they never transmit them to our browsers? No, I am not paranoid, but that would make sense.
Holy s-, it's Jesus!
Actually, there is a darn good use for these sorts of things. Its called a Gif-Pipe, and it can be used by dynamic sites to submit and resend data from the browser to the server, without the need to refresh the page.
This can result in better control over session timeouts and logins, help manage form submissions much better (e.g. a database driven form that can change as a user fills out information, again all without refreshing the page, proactive data processing and validation, et cetera).
For a good article on usinng Gif Pipes, check out this think.
And for an interesting (if somewhat simple) example of a Gif Pipe, go here.
----
One of us needs to stick ones' head in a bucket of ice water.
- Hobbes
Even simpler, toss doubleclick.net into c:\windows\hosts and point it to 127.0.0.1
One line blog. I hear that they're called Twitters now.
Trolls throughout history:
Trolls throughout history:
Jonathan Swift
Up until 2 years ago, Chase sold credit card balance information. The DMV in all but 2 states sells your address (which you have to change w/in 10 days of a move). Stores like LL Bean, EMS, etc. sell your purchasing habits.
But what is the harm? They don't personally know you and the information is just one bit of data in a terrabyte database. In effect, it's still private. On the flip side, it lowers prices to consumers. Instead of buying expensive TV advertising, a direct marketer can buy just a targetted list. Lower costs to producers mean lower prices for consumers.
Hey slashdot's bugging us!
From a web developer's point of view, if they didn't, how would your log-in information be retained when you look at a web page that isnt dynamicly (sp?) created, then look back at one of the comments.pl pages? huh?
If all of the site was dynamic content, then i suppose authentication info could be embedded into each page. But not all pages are dynamic, so the information's gotta be stored somewhere - and that somewhere isn't server-side (think what happens if you're on a dial-up connection and you pull your plug, someone else gets your IP and without cookies, the server doesn't know that its a different person).
Cookies have their valid uses, and I'm sure slashdot knows that and that's why they use them. I think its time people stopped being upset about every site that uses cookies and start focusing on only the ones that do Nasty Things with them.
Follow me
Tivo's lack of 30 second skip removes 60% of the reason to buy one. As does the closed nature of the box. It is not possible to move data from one Tivo device to another via wireless ethernet, it is not even possible to add extra drives to the box - not without inordinate hassle.
Tivo will die, good riddance. They will be replaced by cheap commodity appliances from manufacturers that do not charge inflated subscription fees, or by better TV tuner card software for PCs. Why do people who would never buy a crippleware 'email appliance' leap to the defence of the grasping business model of Tivo?
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
How did that post get into the Web Bugs thread ?? Did IE have a nervous breakdown?
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
... where you can share all your favourite core dumps from Mozilla and other programs.
WARNING: sharing core dumps from proprietary programs might be an infringement of copyright.
--
Every bloody emperor has his hand up history's skirt [Peter Hammill/VdGG]
From a web developer's point of view, if they didn't, how would your log-in information be retained when you look at a web page that isnt dynamicly (sp?) created
Did you read what the article is about? Its not about cookies, its about web bugs, which are a totally different thing. They may use cookies, but cookies themselves are not web bugs. Slashdot can perfectly well retain your log-in information using cookies without bugging you.
I see no problem with them...it's just a tactic for getting usage statistics about your site. And what's wrong with that
You missed the point. Thats fine, there is nothing wrong with that, but that is not the issue here. Web bugs are not attempt to gather statistics at a specific site, web bugs are attempts to track surfing across multiple unrelated sites. For example, say I visit a gay porn site, which have some doubleclick ads with hidden bugs in. Then off I go to Amazon.com to order a book about fly fishing, and unbeknownst to me, once again doubleclick has web bugs on Amazons site. So now a company (doubleclick) has a database linking the same user to those two completely unrelated activities. Now all doubleclick needs to do is establish some sort of affiliation with Amazon, and whammo, doubleclick suddenly knows my name, and has a database indicating that I have bought books on fly-fishing, like gay porn, browse slashdot, am anti-Microsoft, enjoy reading The Onion every Wednesday, whatever, they have a huge database on me. All without my consent or knowledge (which happens to be illegal in my country, but it would seem not in the US.) Sure you can say "don't use cookies" or "delete your cookies regulary", but what the fuck, thats not a solution, thats purely symptomatic treatment of the REAL problem, which is that these companies should be strictly prohibitied from doing this sort of thing in the first place. Either way, more than 80% of people are not even going to know how to delete their cookies or will just be too ignorant of the problem to care. Americans seem to love treating the symptoms of a problem but ignoring the actual problem itself.
And you may not think doubleclick would be able to collect much info - but trust me on this - double is EVERYWHERE. It is virtually impossible to do casual web browsing for more than a few hours without getting doubleclick cookies. Try it. Delete all your cookies, browse for a while (casual browsing, e.g. some slashdot, maybe some cnn or other news sites, maybe some gaming sites etc), and see what cookies you have. Chances are extremely good you have doubleclick.net, bfast.com, hitbox.com, flycast.com, avenuea.com and a few of the other very common ones.
We're not talking about web statistics or cookies here. Get the facts straight.
Another nice way to detect those (and do much more) is to use Eric Meyer's tactics outlined in his CSS anarchist articles (1,2). This method is fully standards compliant, easy to customize and even fun...
I mostly hyperlink my point of view. http://www.afroginthevalley.com/
Seems to me we Have to be tracked somehow for karma *usage* stats to accumulate... bugz, cookies, whats the diff, hoestly? I *trust* /.
-- "It's tough to run with both feet stuck in your mouth" - Zoe's evil side
Junkbusters now recommends a newer, more user-friendly proxy called Guidescope. See Junkbusters' Guidescope FAQ. I've been using Guidescope betas for 6 months with few complaints. They say they will release the source code 8 months after the 1.0 binary release.
slashdot has had the 1 pixel gif in their page for a loooooong time now. if you haven't noticed, i don't know where you've been.. a simple view source will show you. this isn't any amazing tool
doug
From their FAQ:
So yeah, they're German Mac bigots. Guess it takes all types.
Fight for your right to read books!
Yet another reason iCab is my favorite browser.
It has the most sophisticated filtering system I've seen. You can filter cookies using many criteria, including (my favorite) blocking cookies that come from a different domain from the main page. AND you can filter IMAGES by size, w/ options to exclude sizes including 1x1px (this blocks most web bugs) as well as most common advertisement sizes, like the ubiquitous banner. What you get instead is a blank banner-(or whatever-)sized space with an icon of a coffee filter in the corner. Hee!
And speaking as a web designer, the feature doesn't compromise the legitimate use of spacer GIFs.* Page design is preserved, and who cares if the 1-px. GIF is actually loaded or not.
*Yes, I know that with CSS we shouldn't need spacer GIFs. I will rejoice when browser support for CSS is consistent enough for us to rely on them. Meanwhile, though, clients still tend to expect web pages to be as as precisely designed as print, and sometimes you gotta cheat. But that's another discussion.
Fight for your right to read books!
*cough*..
Well I do admit I posted that a bit quick in an effort to grab First Post but I DID read the article... just explained myself poorly.
Just for kicks... I'll rephrase: Does anybody have any knowledge what kind of webbugs our 'beloved slashdot' is running.
------ cat ~/lamesig >> ~/lamecomment ------
'..that kernel panicked like a nun in a crack house!'
-----------------
"Bloody marvelous."
Now gone are:
The TimeCube guy
The Madonna-and-the-U.S.-Navy-are-after-me guy
Surely others (please reply w/ some links, folks)
After all, if /. has bugs then /. is just a part of the conspiracy. Kinda makes me curious as where /. was on the morning of November 22, 1963...
"What is the sound of one belly slapping?"
that little /. bug is intended to merely collect your anatomical information and take a little something we like to call a "DNA fingerprint".
makes it easier for everyone to know what kind of As-Seen-On-TV products you might wanna buy.
_______________________________________________
But I was hit with a strong sense of irony when I saw "Microsoft" and "Web Bug" and thought that someone had developed a plug-in that would tell you if the page you were viewing was written in bad html.
OK, neat toy but very annoying, over time. How do I get this Piece of Shit off my system, or disable it?! -spammy the clown