Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Spyware: Watching Where You Linger

Posted by timothy on from the matter-of-time dept.

An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.

9 of 395 comments (clear)

  1. Use smart settings to avoid this: by hardaker · · Score: 5, Informative
    If you carefully configure your web browser I would think you could avoid being tracked:
    • Turn off javascript support. This is likely how their doing their "what part of the page you're looking at" tricks (watching the scrollbar usage).
    • Don't accept cookies. Don't go to sites that force you to accept them.
    • Turn off auto-loading of images. This is the one that no-one does, but with the increasing frequency of single pixel tracking images, it might be a wise thing to do. Junkbuster is certainly a good alternative, but it won't catch everything.
    • Konqueror has the ability to change your user agent. It'd be cool to write a "random" mode to it where it randomly selected from it's list of user agents to send to the remote site ;-)

    --
    The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
    1. Re:Use smart settings to avoid this: by UM_Maverick · · Score: 5, Informative

      have you actually used the web lately? Your ideas are great in theory, but in practice they take you back about 6 years. E-commerce goes out the window w/out cookies. Many sites become unusable w/out javascript (Not just sites that do "onclick=location.href", but there are many sites that actually use javascript *well*). Turning off images means that you won't see half of most sites...and the list goes on...

      Now I know what you're going to say: "If site X won't let me browse my way, then I don't need site X". Well, damn near every site out there is becoming site X. Whether you like it or not, that's the way the world is moving, and you can either accept their way of doing things, or stay in 1995.

      Hmm...just re-read that, and it sounds like a flame...I really didn't intend it to be...just meant it to be more of a wake-up call.

      --
      Juiced? Or Not?
    2. Re:Use smart settings to avoid this: by hardaker · · Score: 3, Informative
      • It seems like it'd be a good idea if Konqueror added an option to ignore single-pixel tracking images... should we submit this to bugs.kde.org?

      It's a good point, however I don't think it'll help. Many sites are finding otherways of getting around that like using forms parameters within the URL itself. Eventually they'll get intelligent and name the larger images with a tracker extension, but still return the same image. IE, src="logo.jpg-234987575" and merely have their nifty web server strip the extension off (and use it) before returning the image to the caller. You don't need 1x1 imagse when you can use real images.

      --
      The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
  2. Re:Is it just me or is the web becoming too annoyi by Greyfox · · Score: 5, Informative

    Konqueror and Mozilla both allow you to disable popups while allowing JavaScript to run. I believe that at least Konqueror and possibly Mozilla as well will allow you disable or enable features on a site by site basis. The web has become a whole lot less obnoxious since I set Mozilla up to disable popups and animation. I highly recommend running a browser that will let you do this. Mozilla is now fast enough that I can actually tolerate using it and has been since a CVS build about a month and a half ago.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  3. Re:Client side cooperation required by stikves · · Score: 5, Informative
    No it is not necessary. The site can have two "frames". One of them would be the main frame filling the entire window, the other will be the tracking frame, which is insivible (or 1 pixel high).


    Then the javascript code in the main window will fill a string with your mouse movement like:


    (100,100)-(110,100)-(110,109)-...


    After the buffer is filled enough, it will update the hidden frame with a code like:



    TrackerFrame.URL = "http://server/track.cgi?" + str;



    That's it. That's all. Your tracking is complete.

  4. Re:Sinister... by Isofarro · · Score: 5, Informative

    If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page



    No ifs about it. Javascript has quite a number of mouse dependant event-handlers, onMouseOver, onMouseOut, onMove, onClick, onMouseDown, onMouseUp.



    Getting the details back to the server is even easier, just condense mousemovements into a bunch of characters (like Logo commands), stick them into a query string.



    Now use a hidden image (a transparent 1x1 gif), useing javascript you can change this object on the fly - change the src attribute of that image to a cgi script, with the query string attached, plus a timestamp (making the url unique, thus not cached). The cgi-script then stores/analyses/ignores the data presented, and returns a status 204 - No change.



    Its too simple, really.



    On the plus side, hopefully it will convince more and more people to disable Javascript - and then boycott any websites that rely/insist on having it enabled. There's enough sites out there as competition to safely avoid intrusive websites - if not, then there's a niche market you can join.


  5. Oh brother ... by Christianfreak · · Score: 3, Informative
    Typical /. "Big brother is watching us" paranoia. Come on! Did no one read the article? Some interesting points about it:
    • No client software required: In other words its a stupid Javascript. Translation you can turn it off
    • They only tested 17 people. Translation either the MIT student doing this is an idiot or the BBC article is hype. I vote for "C" both.

    This is not Your Rights Online nor is it news. Lets go back to bashing M$oft.

    Rant Mode OFF.
    --
    The Anti-Blog
  6. The bread, milk, and fresh fruits are scattered. by laetus · · Score: 5, Informative

    Just because a store researches something doesn't mean they're going to make the shopping experience better for the consumer.

    Case in point: The grocery store you referenced. Haven't YOU ever noticed that the dairy, bread, and fresh vegetables/fruits are scattered at different corners of the store.

    And you know why, to make you wander the other aisles to get you to buy crap you didn't originally walk in to get.

    --

    "We're sorry, but the website you're trying to reach has been disconnected."
  7. Re:Is it just me or is the web becoming too annoyi by wurp · · Score: 3, Informative

    Mozilla definitely does allow you to disable popups. See http://www.mozilla.org/projects/security/component s/configPolicy.html

    Even more off-topic:
    Does anyone know how to make Mozilla lie about what User-Agent it is? My bank software rejects Mozilla, claiming it's not compatible. I'm pretty sure it is, and I want to try to make Mozilla claim to be IE on that domain.