Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Spyware: Watching Where You Linger

Posted by timothy on from the matter-of-time dept.

An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.

19 of 395 comments (clear)

  1. What matters is who they tell, by firewort · · Score: 3, Interesting

    What matters here is who they tell, and who they sell it to.

    I can't stop them from tracking (yet.) I do turn off all activeX, ask on cookies, no scripting, etc... but if they can get around my disabled browsing habits, then what matters is who they tell.

    Time to go back to safeweb, as well.

    --

  2. This is garbage by Velex · · Score: 2, Interesting

    Oh, come on. This is pure garbage. How much info could one possibly glean from whatever javascript the researchers were using to capture the mouse movements? For me, whom uses the keyboard excessively and only moves the mouse when I'm sure I want to click on a link, there isn't anything that they can possibly gather. Besides, if they want to monitor my mouse movements, maybe they can see how quickly my reflexes to close pop-up windows before I even know what's in them come into play.

    --
    Join the Slashcott! Stay away entirely Feb 10 thru Feb 17! Close all tabs to prevent autorefresh!
  3. Eh? by stripes · · Score: 4, Interesting
    "I can tell because when you read a webpage, you do one of a couple of things. You either shovel the mouse off to the right so that it is out of the way, or you will walk down the page with your mouse," he told the BBC's Go Digital programme.

    Yeah....or I'm one of the 5% of the computer market with a Mac and I'm one of the 90% of Mac users that have discovered that when I type the mouse goes away. So I press down arrow and *poof* I don't need to move the mouse out of the way, and my finger is right where I need it to scroll down to read more of the story.

    (Or I could turn off JavaScript, which is a good idea because it gets rid of a lot of irritating popup and popunder ads -- which is a pretty good idea, even 'tho it breaks a few sites)

  4. Enough... by Ronin+Developer · · Score: 3, Interesting

    First spyware and then web bugs. What needs to happen is that the public has to say "Enough is Enough" and not use products or services that violate their privacy or utilize these types of tools.

    Unfortunately, the average person takes what is available to them simply because of the convienience of doing so. Apathy sucks, doesn't it.

    Anybody up to writing an HTTP proxy or filter that strips out this info as it is being returned to the offending site? I guess it should then redirect the user to a site informing them of what has or was about to happened. Maybe the internet community should develop an RBL-like list for websites that pull this stunt? Anyone up for an RFC?

    Here's a thought...remember Dr. Hawking's fear that machines may someday subjugate us? Image a concious website that maniputes us into doing whatever it wants us to do or believe. Damn...my computer is calling me again....

  5. Weaknesses in the Theory by martyb · · Score: 4, Interesting

    Though what they propose probably has some application to the majority of users, I'm just as sure there are others who would not fit their expectations:

    • Keyboard-centric:Though most users primarily use a mouse, I've found in many cases it is much faster for me to keep my hands on the keyboard and navigate with page-up/page-down and cursor keys. Menu navigation can be much quicker too as I can make choices with keyboard shortcuts and mnemonics without first having to wait for each menu and submenu to paint.
    • Large display: Use a 21" monitor running at 1600 x 1200. That means there are many pages where there's no need to scroll; and those that need it, well, just use the page-down or arrow keys.
    • Touch screens There's no "hovering" or mouse trail; just TAP and you are there, with no record of any "path" across the screen. This will become more prevalent with PDAs.

    Besides, cheese is often placed in a mousetrap. This kind of technology feels like users are the ones being tempted by the cheese; what kind of trap are we getting into?

    1. Re:Weaknesses in the Theory by thelexx · · Score: 2, Interesting

      Recently I started using a pen tablet, got totally hooked and use it for 99% of my pointer input now. I'd be interested to know how their system works with one for the same reason you mention with a touch screen. Once you use a tablet for a little while your brain figures out the aspect ratio and you can pull the pen out of the input field and put it back down somewhere else with decent accuracy. As a result the pointer disappears and reappears across the screen. Anyway, just one more wrinkle for them to iron heh...

      LEXX

      --
      "Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
  6. Excite may already be doing this by Compulawyer · · Score: 5, Interesting
    I have noticed that when I log into Excite, some pages I view have been loading a 1 X 1 Applet that is transmitting information (at least time spent on the page) back to servers. As far as I am concerned the only uses for a 1 X 1 ANYTHING on a web page are no good.

    I have not yet grabbed the applet and tried to decompile it (mostly for lack of time), so I do not know exactly what it is doing in addition to sending time information, but it struck me as extremely obnoxious.

    I am stuck using Win98 and Netscape 4.7 at work, so I cannot use a more enlightened browser that selectively grants/denies JavaScript and Java access by domain name. So...I am stuck being watched to a certain extent.

    Is it just me or is anyone else sick and tired of being treated like some company's asset? I am tired of the companies I deal with trying to suck every possible dime out of the relationship they have with me -- ESPECIALLY when it comes to selling my personal information.

    --

    Laws affecting technology will always be bad until enough techies become lawyers.

  7. Re:marketing - how's this for annoying by marcop · · Score: 3, Interesting

    check out the Majestic game advert at: http://www.scifi.com/farscape/ . Looks like what you mention is not too far away!

  8. Re:Use smart settings to avoid this: by Ed+Avis · · Score: 4, Interesting

    We really need a browser that lets you *selectively* disable Javascript. I think the default setting should be to have JS turned on, but with a few particularly obnoxious features (popping up new windows, adding hooks to the scrollbar or mouse movement) turned off. You should be able to adjust these preferences on a site-by-site basis.

    --
    -- Ed Avis ed@membled.com
  9. Re:Sinister... by guuyuk · · Score: 2, Interesting
    Your example of when stores were smaller and people friendlier has a minor flaw. You, as a patron of that store, often knew as much abour the shopkeeper as he/she did about you. We don't have that option in this case.


    Interesting thought to have a Javascript that makes a webpage act as a giant rollover. Perhaps one which tracks cursor coordinates in realtime, along with mouse button presses...

    --
    We're sorry, the phone number you have reached is imaginary. Please rotate your phone 90 degrees and try your call again
  10. Say hello to Webwasher and Proximitron by Desiato_Hotblack · · Score: 2, Interesting

    I guess that filtering the javascript involved would do the trick, or selectively writing a filter with Proximitron to catch the cookies, etc..

    This shouldn't be too hard to defeat, regardless.

    What gall for trying though. It reminds me of a Gibson story, (fuzzy on the details) but essentially "sensing" the patterns in someone's data enabled the corporations of the future to do precise targeting of consumers. Scary how we inch towards that every passing year.

    Hotblack_Desiato

    --
    ** By reading this post, you've agreed to my EULA - which includes not modding-down due to difference in opinion. **
  11. Paranoia setting in on Slashdot by M_Talon · · Score: 2, Interesting

    Ok folks, before everyone goes ballistic about the latest way to monitor what goes on in a browser (I'm probably too late), consider this. If they really see how we ignore banner ads and slam close popup windows, is this a bad thing? Maybe the Evil Marketing People(tm) will finally realize what doesn't work with ads and quit doing them. Maybe they'll realize that more-intrusive-ad!=more-attention.

    Sometimes you have to look at things for what they can do positively, not just negatively.

    --
    Electronic Frontier Foundation for online civil rights information
  12. Two Methods to Defeat/Confuse this. by Jeremiah+Cornelius · · Score: 2, Interesting
    1) Voice navigation - I think that I finally found an everyday use for this...

    2) Run your own Spider - Jam the recording site with "Noise" web traffic associated with your cookie/session. A good spider/robot could simulate mouse coordinates, etc.

    Just a couple of quick thoughts. I'm sure there are more...

    jeremiah cornelius

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  13. Opera by Gambit253 · · Score: 1, Interesting

    So, if they read my mouse movements, what happens when they try to predict what I want from my mouse gestures in Opera?

  14. This is Stupid! by PotatoHead · · Score: 2, Interesting

    Reality check here...

    People are going to collect information on the sites you visit. If you don't like it, there are some easy ways to get around the problem.

    Personally, I don't mind most sites looking my stats over. This sort of thing keeps a lot of sites free. There are worse options like interrupted browsing. All they have to do is remove the page from direct access and lots of bad things happen. Let the marketing departments pay for something easy that those of us who want to can get around. The alternatives are harder and costly.

    1. Fast connection means nothing because you have to wait along with everyone else for the ad server to show you the ad, then the page....

    2. Searching becomes harder.

    3. The web becomes less cross-platform as the ads require tools not avaliable everywhere.

    So,

    Use an anon service and surf that way if it is a problem.

    Or here is another option. Enable your usual blocking tools hit the page and copy the page to local storage and read as long as you want.

    I will do this anyway from time to time because I want to archive some content for reading later offline or on a PDA.

    Big deal.

    --
    Blogging because I can...
  15. This should not be too difficult to implement by Anemophilous+Coward · · Score: 2, Interesting
    From the article:

    "I can tell because when you read a webpage, you do one of a couple of things. You either shovel the mouse off to the right so that it is out of the way, or you will walk down the page with your mouse,"

    I'm presuming here that what the person means by walking your mouse down the page, is that you are "reading" the text with your mouse pointer (like using your finger in a book). Many people here mention that they get around this by using their scroll wheel. They can probably track scroll wheel movements pretty easy. A simplistic method would be in javascript. You should just need something like:

    if (browser is IE)

    document.onmouseover = call function here;

    if (browser is Netscape)

    document.addEventListener("mouseover", call function here, true);

    in your scripting area. I think this will take care of 'tracking' your mouse anywhere on the screen. So if the mouse is anywhere over the document, an event is fired off calling the function. I'm sure you've seen a site that has those anoying 'mouse trails' that can follow your cursor...similar concept. It's not limited to links, so provided your mouse pointer is anywhere over the page, it will track it. If you are using the scroll wheel, the page moves under the mouse...but the pointer ends up over a different section of page. Thus it looks like the mouse has moved. So the function could start a timer every time it is called. This could give you an idea of how long they spend viewing a portion of the screen before moving on (scrolling down, etc.).

    Now, you could probably circumvent this by putting the mouse cursor off of the browser window altogether and use the arrow keys to scroll. Put you'll probably need to tab between the links in order to get to the one you want. This selects each link, which again should be viewable through a javascript event (can remember the handler off top of head, onfocus perhaps?) tagged to each link.

    Other parts of the article mention being able to provide you with a site that tailors itself to you on the fly. Simple server-side scripting will do this. However, I fear sites becoming over-zealous with a feature like this. Many sites end up only providing you with common content it thinks you want, while hiding the content it thinks you don't want. This is to presumably speed up my experience because I wont have to see the other site information downloaded (quicker access over those modem links). After a while, I might not know what said site has to fully offer, as I get 'stuck in a rut' so to speak. They would need a 'show everything site has' (site map) link on everything single page to help offset this. Unfortunately, many sites don't adhear to this simple requirement. Consequently, many users never use certain sites to their full potential.

    - A non-productive mind is with absolutely zero balance.

    - AC
  16. Several answers by Croaker · · Score: 5, Interesting

    I have a mutli-level armored approach to browsing:

    1. I installed Bugnosis which is designed specifically to deal with single pixels images that might be web bugs.
    2. I use Proxomitron to do Javascript filtering. It cuts out the worst examples of Javascript annoyances (popups, leaving the page triggers, etc.) The filters are editable, so you can customize them yourself to filter out things like this spy script.
    3. I route everything through Junkbuster, which gets rid of the ads that Proxomitron misses.

    All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.

    I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.

    Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.

  17. It's all in the logs. by malkavian · · Score: 3, Interesting

    Well, one thing that strikes me about this is:

    For all this data collected from all the surfers to a busy site, where on earth are they going to store it all for any length of time??

    I work for a company with a sizable web traffic (250 million pageviews/month). The bane of my life is the logs. Processing them, and storing them for the length of time to draw meaningful trends takes a huge amount of space. All of which needs to be on a RAID, just in case..
    Then, of course, there's the software to mine this collection of data, the amount of time required to search the disks for the relevant data, and the setting of the resolution of the data capture from the mouse (needs to be pretty fine resolution to achieve any meaningful results)...
    Just think, if they adopted this scheme, it'd be great fun to write a device driver for a pseudomouse that sat the cursor over the web browser, and randomly moved it around, generating millions of data events, all of which get logged on the web site archives...
    It's fine to do this for a small scale site, with plenty of funding, but I think there'd be huge problems with the sheer logistics of collecting and analysing this data for anyone without almost bottomless pockets as far as funding goes...
    Personally, I don't reckon this will be a big brother tech anytime in the near future...

    Cheers,

    Malk

  18. It's damn simple by Lord+Kestrel · · Score: 2, Interesting

    If you're concerned about this, disable javascript and/or vbscript.
    I always have two browsers on my computers. One that prompts for cookies and has java and javascript enabled, and the other rejects all cookies, and has java and javascript disabled. I use the secure(r) one for cruising the web, and if I need to go to a useful site that requires javascript and/or cookies, I use the less secure one.