Browser Spyware: Watching Where You Linger

An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.

What matters is who they tell,

[firewort]

What matters here is who they tell, and who they sell it to.

I can't stop them from tracking (yet.) I do turn off all activeX, ask on cookies, no scripting, etc... but if they can get around my disabled browsing habits, then what matters is who they tell.

Time to go back to safeweb, as well.

Eh?

[stripes]

"I can tell because when you read a webpage, you do one of a couple of things. You either shovel the mouse off to the right so that it is out of the way, or you will walk down the page with your mouse," he told the BBC's Go Digital programme.

Yeah....or I'm one of the 5% of the computer market with a Mac and I'm one of the 90% of Mac users that have discovered that when I type the mouse goes away. So I press down arrow and *poof* I don't need to move the mouse out of the way, and my finger is right where I need it to scroll down to read more of the story.

(Or I could turn off JavaScript, which is a good idea because it gets rid of a lot of irritating popup and popunder ads -- which is a pretty good idea, even 'tho it breaks a few sites)

Enough...

[Ronin+Developer]

First spyware and then web bugs. What needs to happen is that the public has to say "Enough is Enough" and not use products or services that violate their privacy or utilize these types of tools.

Unfortunately, the average person takes what is available to them simply because of the convienience of doing so. Apathy sucks, doesn't it.

Anybody up to writing an HTTP proxy or filter that strips out this info as it is being returned to the offending site? I guess it should then redirect the user to a site informing them of what has or was about to happened. Maybe the internet community should develop an RBL-like list for websites that pull this stunt? Anyone up for an RFC?

Here's a thought...remember Dr. Hawking's fear that machines may someday subjugate us? Image a concious website that maniputes us into doing whatever it wants us to do or believe. Damn...my computer is calling me again....

Weaknesses in the Theory

[martyb]

Though what they propose probably has some application to the majority of users, I'm just as sure there are others who would not fit their expectations:

• Keyboard-centric:Though most users primarily use a mouse, I've found in many cases it is much faster for me to keep my hands on the keyboard and navigate with page-up/page-down and cursor keys. Menu navigation can be much quicker too as I can make choices with keyboard shortcuts and mnemonics without first having to wait for each menu and submenu to paint.
  
• Large display: Use a 21" monitor running at 1600 x 1200. That means there are many pages where there's no need to scroll; and those that need it, well, just use the page-down or arrow keys.
  
• Touch screens There's no "hovering" or mouse trail; just TAP and you are there, with no record of any "path" across the screen. This will become more prevalent with PDAs.
  

Besides, cheese is often placed in a mousetrap. This kind of technology feels like users are the ones being tempted by the cheese; what kind of trap are we getting into?

Excite may already be doing this

[Compulawyer]

I have noticed that when I log into Excite, some pages I view have been loading a 1 X 1 Applet that is transmitting information (at least time spent on the page) back to servers. As far as I am concerned the only uses for a 1 X 1 ANYTHING on a web page are no good.

I have not yet grabbed the applet and tried to decompile it (mostly for lack of time), so I do not know exactly what it is doing in addition to sending time information, but it struck me as extremely obnoxious.

I am stuck using Win98 and Netscape 4.7 at work, so I cannot use a more enlightened browser that selectively grants/denies JavaScript and Java access by domain name. So...I am stuck being watched to a certain extent.

Is it just me or is anyone else sick and tired of being treated like some company's asset? I am tired of the companies I deal with trying to suck every possible dime out of the relationship they have with me -- ESPECIALLY when it comes to selling my personal information.

Re:marketing - how's this for annoying

[marcop]

check out the Majestic game advert at: http://www.scifi.com/farscape/ . Looks like what you mention is not too far away!

Re:Use smart settings to avoid this:

[Ed+Avis]

We really need a browser that lets you *selectively* disable Javascript. I think the default setting should be to have JS turned on, but with a few particularly obnoxious features (popping up new windows, adding hooks to the scrollbar or mouse movement) turned off. You should be able to adjust these preferences on a site-by-site basis.

Several answers

[Croaker]

I have a mutli-level armored approach to browsing:

1. I installed Bugnosis which is designed specifically to deal with single pixels images that might be web bugs.
2. I use Proxomitron to do Javascript filtering. It cuts out the worst examples of Javascript annoyances (popups, leaving the page triggers, etc.) The filters are editable, so you can customize them yourself to filter out things like this spy script.
3. I route everything through Junkbuster, which gets rid of the ads that Proxomitron misses.

All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.

I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.

Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.

It's all in the logs.

[malkavian]

Well, one thing that strikes me about this is:

For all this data collected from all the surfers to a busy site, where on earth are they going to store it all for any length of time??

I work for a company with a sizable web traffic (250 million pageviews/month). The bane of my life is the logs. Processing them, and storing them for the length of time to draw meaningful trends takes a huge amount of space. All of which needs to be on a RAID, just in case..
Then, of course, there's the software to mine this collection of data, the amount of time required to search the disks for the relevant data, and the setting of the resolution of the data capture from the mouse (needs to be pretty fine resolution to achieve any meaningful results)...
Just think, if they adopted this scheme, it'd be great fun to write a device driver for a pseudomouse that sat the cursor over the web browser, and randomly moved it around, generating millions of data events, all of which get logged on the web site archives...
It's fine to do this for a small scale site, with plenty of funding, but I think there'd be huge problems with the sheer logistics of collecting and analysing this data for anyone without almost bottomless pockets as far as funding goes...
Personally, I don't reckon this will be a big brother tech anytime in the near future...

Cheers,

Malk