Slashdot Mirror
Browser Spyware: Watching Where You Linger
An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.
"I can tell because when you read a webpage, you do one of a couple of things. You either shovel the mouse off to the right ..."
I guess I shall just have to become left handed then.
Get ready for the "marketing geniuses" to take advantage of this...by having new windows pop up right when you move your mouse to the back button...
Anyone else up for using keyboard shortcuts now?
When nuance becomes the only objective we lose the ability to function
Must hit post before I think about repercusions.
--- Matthew Hill
"To quote the self is an act of the self riteous and uninitiated sub-moronic" - Matthew Hill
What matters here is who they tell, and who they sell it to.
I can't stop them from tracking (yet.) I do turn off all activeX, ask on cookies, no scripting, etc... but if they can get around my disabled browsing habits, then what matters is who they tell.
Time to go back to safeweb, as well.
Or perhaps someone else is already doing this, and hasn't told you.
Somebody was up late playing Deus Ex last night, right timothy??
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
....be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.
Does anyone actually *READ* porn sites? Maybe the keyboard needs a 'moisture detector' to see when and if the user is drooling, then send the result back to the spy server.
I wish sites would realize that pissing off their viewers with popups and big honking ads, does not make the viewer more likely to visit the advertisers site or buy their product. It has quite the opposite effect. I've stopped going to some sites that I like for the simple reason that I really F*ing hate popups!
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Unlike other forms of spyware, this would be easy to resist... Wouldn't people who were concerned about their privacy just get in the habit of swirling their mouse around while reading web pages?
I can't give a logical reason why this particular technology disturbs me more than other types of spyware, but for some reason the idea of my mouse movements being tracked just makes my skin crawl... Does anyone else have that sort of gut-level revulsion?
God is real unless declared integer
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
For crying out loud, /., lighten up. Remember back in '95 when you couldn't turn on the TV or read a news magazine without some lame story about online stalking or pedophiles in chatrooms? And we all mocked them by saying "that's no different than real-life, what's all the hullabaloo"?
"Brick and mortar" stores do exactly this same thing. Many have cameras, the rest use "secret shoppers" (people who look like they are shopping but are really watching YOU) to discourage shoplifting, check competitor prices AND research in-store "migratory patterns". For instance, haven't you ever noticed that ALL grocery stores have the fresh fruits and vegetables right by the door?
This isn't "Your Rights Online". This is "Translating Nothing Cares About In RealLife Into A Scare Story About 'The Net' In Order To Attract Eyeballs To Slashdot."
324006
The system developed by the team at MIT is called Cheese, since they are following the mouse, like a mouse follows cheese.
Wouldn't a better title have been "Cat"? Or perhaps "Rodent Stalker"?
Oh, come on. This is pure garbage. How much info could one possibly glean from whatever javascript the researchers were using to capture the mouse movements? For me, whom uses the keyboard excessively and only moves the mouse when I'm sure I want to click on a link, there isn't anything that they can possibly gather. Besides, if they want to monitor my mouse movements, maybe they can see how quickly my reflexes to close pop-up windows before I even know what's in them come into play.
Join the Slashcott! Stay away entirely Feb 10 thru Feb 17! Close all tabs to prevent autorefresh!
Yeah....or I'm one of the 5% of the computer market with a Mac and I'm one of the 90% of Mac users that have discovered that when I type the mouse goes away. So I press down arrow and *poof* I don't need to move the mouse out of the way, and my finger is right where I need it to scroll down to read more of the story.
(Or I could turn off JavaScript, which is a good idea because it gets rid of a lot of irritating popup and popunder ads -- which is a pretty good idea, even 'tho it breaks a few sites)
I, for one, won't run a client that allows a site to profile me in this way.
If I understand this correctly, this technology would require the client to send data to the server about mouse movements, etc, for tracking purposes.
So I could simply elect not to use this type of software, correct?
Making web sites easier to use and catoring the content to what the users expect isn't a bad thing. Microsoft does very similar things in their GUI design. They get a large group of people together and have them do common tasks and watch every mouse movement and click and find ways to speed up the process.
Sure, I don't want someone tracking me, but keeping aggregate data wouldn't be bad. By doing this maybe they can speed up access to information instead of having me hunt around for what I want.
The problem is, there will always be misdirected marketing as long as our interests are inferred rather than taken directly from us. Sure, some methods will produce better results. But if I get up from my desk, I push my keyboard tray in, and the mouse almost always moves. So they will think that because the pointer stops on a pantyhose ad for several minutes that I am suddenly very interested in pantyhose. OK, so I've never seen pantyhose ads on the net, but you get the point...
Konqueror and Mozilla both allow you to disable popups while allowing JavaScript to run. I believe that at least Konqueror and possibly Mozilla as well will allow you disable or enable features on a site by site basis. The web has become a whole lot less obnoxious since I set Mozilla up to disable popups and animation. I highly recommend running a browser that will let you do this. Mozilla is now fast enough that I can actually tolerate using it and has been since a CVS build about a month and a half ago.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
First spyware and then web bugs. What needs to happen is that the public has to say "Enough is Enough" and not use products or services that violate their privacy or utilize these types of tools.
Unfortunately, the average person takes what is available to them simply because of the convienience of doing so. Apathy sucks, doesn't it.
Anybody up to writing an HTTP proxy or filter that strips out this info as it is being returned to the offending site? I guess it should then redirect the user to a site informing them of what has or was about to happened. Maybe the internet community should develop an RBL-like list for websites that pull this stunt? Anyone up for an RFC?
Here's a thought...remember Dr. Hawking's fear that machines may someday subjugate us? Image a concious website that maniputes us into doing whatever it wants us to do or believe. Damn...my computer is calling me again....
Stop right there, because that's your answer. It will never be moderate. As soon as they can, it is in the marketers best interest to get as much advertising to you as they can in the shortest amount of time, and the more they know, the more they will.
It is sad, but in the future, we'll probably look back fondly on things like PeoplePC which gave only one advertiser the keys to the car...
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
While reading the article, I left the mouse in the main browser window and used the keyboard to scroll. So if their system was used, it would make it appear that I was not reading the article, even though I did in fact read it.
Really, if you stay on a page for more than a few seconds, you're probably reading it. And that would surely be simple enough to determine, although you'd have to figure out a bulletproof way to put up an invisible frame in order to send the information to the mother ship. It would probably be easiest done in Java, which can do that without pulling up a web page, but many people have non-working Java, so even that's not foolproof.
Unfortunately for the people who created this model, once people become aware of how it works, it will no longer function. People who would formerly hover the mouse over a link would simply refrain from doing so and therefore give the system no useful data. I also suspect individual personal styles are going to be different enough to stymie them in the end. I am not convinced that people only visit links directly if they have been to the site before, for example.
For the person who said a scroll mouse would defeat this system, I'm sure signals from the scroll wheel can be read as well.
When I am hesitating between multiple items, I will often put them in my cart, look at the total and then remove the one that makes the total too high, or that I'm unsure about. Anything I put in my cart and took out, and any abandoned shopping cart contents, would be a ripe selling weapon that can already be used without relying on this technique.
I think this one's too flaky for practical use. But as always, we'll see.
D
This is yet a little more frightening...
I think that the idea that some AI code can tell what I'm truly interested in and what I'm going to buy is ridiculousness. While it may be true that most people do work in similar ways with the interfaces of web-published documents, what goes on in the individual mind during the process is certainly unknowable.
This technology sounds like it could cause more harm than good. I can see this sort of thing narrowing the scope yet again of what content is available online.
This will lead to the customisation of individual users' content without them even being aware that it is happening. "Can you imagine if I can actually tell that you wanted to press a link but didn't". (What?! Maybe there's a reason why I didn't!?)
It's bad enough that content it already spoon-fed to most people already - does it have to be chewed for us now first too? And when the people are only exposed to the things that the corporations will believe that we're interest in, it will lead further to the atrophy of the collective consumer consciousness.
Fortunately for me, I'm still using the 10th Edition of the Newspeak Dictionary... perhaps I'm a dying breed. *shrug*
"Sic transeunt omnia."
Look, since day one of the commercial web, sites have obsessively tracked how many hits they get, where they're coming from, how a user moves through the pages, where they spend time and how often they return. (As if Andover/OSDN isn't doing all of those things -- or is this like with web bugs where we're just supposed to care about them on other sites?) That's one of the great edges the net was going to have over other media. To the degree that people are bothered by that and to the degree that they're technically sophisticated, they turned off cookies and otherwise interfered. And what does Junkbuster have to do with anything?
What this seems to be is an incremental advance in tracking how pages are read -- there's a little added feedback about mouse movements and maybe scrolling. As always, if this takes off it will be trivial to block for those who know and care about such things. And everyone else has far more important privacy invasion being done to them.
and it's enabled by default on all major commercial browsers. Yes, you can turn it off, but then you'll miss out on the gee-whiz stuff that sites put up in lieu of content.
<rant>
What really pisses me off is sites that have information that I want (in HTML) but won't give it unless I pass through their flash corridor.
</rant>
Yes, the nick is flamebait
Though what they propose probably has some application to the majority of users, I'm just as sure there are others who would not fit their expectations:
Besides, cheese is often placed in a mousetrap. This kind of technology feels like users are the ones being tempted by the cheese; what kind of trap are we getting into?
I have not yet grabbed the applet and tried to decompile it (mostly for lack of time), so I do not know exactly what it is doing in addition to sending time information, but it struck me as extremely obnoxious.
I am stuck using Win98 and Netscape 4.7 at work, so I cannot use a more enlightened browser that selectively grants/denies JavaScript and Java access by domain name. So...I am stuck being watched to a certain extent.
Is it just me or is anyone else sick and tired of being treated like some company's asset? I am tired of the companies I deal with trying to suck every possible dime out of the relationship they have with me -- ESPECIALLY when it comes to selling my personal information.
Laws affecting technology will always be bad until enough techies become lawyers.
How difficult is it to configure one's web browser so that it rejects most of the scripting junk out there? If you are using IE, check out the security zones feature that allows you to toggle scripting, cookies, and so forth depending on to which of four security zones a particular site belongs. I'm sure the free browsers have something much more sophisticated. Use it!
I'm proud of my Northern Tibetian Heritage
But you never know, some marketroid can probably read meaning into how fast you can type GET / HTTP/1.0
check out the Majestic game advert at: http://www.scifi.com/farscape/ . Looks like what you mention is not too far away!
Wouldn't it be illegal if I tried to insert something into their web server to spy on what information they're collecting about me while I'm viewing their web page? Is my computer not protected by the same laws that theirs are?
I suppose you could argue that I'm leaving myself open to such invasion if I don't disable scripting - so why doesn't that argument hold when a web site doesn't close known security holes? At least there're valid reasons for wanting to leave scripting enabled!
Hmm - if I declare my actions in browsing their website - mouse movements other than intentional feedback like clicking on a link - to be copyrighted material, could I get protection from the DMCA? Then that script to spy on me would be a tool designed to crack my copy protection scheme (which would consist of recording all mouse movements to a file with "(C) 2001" at the top and encrypting it by XORing with a 'secret' key). The fact that they intercept it before I record it just means that they have found a technical means of bypassing my protections).
Of course, there probably would be abuses of privacy by "marketing firms", but in the case of website that actually try to provide really useful information, this sort of feedback could really help direct the very limited time and effort towards improving the parts of the site that really need it. In my own case, it's often the classic example of a long-time expert not being able to identify with the pains of brand new users.
Of course, there is the traditional usability study approach. Maybe someday I'll spend some money and do it.
PJRC: Electronic Projects, 8051 Microcontroller Tools
I don't know about the rest of you, but when I visit any website, even one I've never seen before, I use my eyeballs before I move the mouse--it's naturally much more efficient that way. In fact, most of the time it's my scrollwheel that's moving, and not the mouse itself.
Honestly, I consider my mouse movement patterns almost completely useless, and I have no idea what good a website that "changed according to mouse behaviour" could possibly do me. Well, maybe links that I almost never hover could be tucked away; but I doubt ads would be included in that bunch.
Eye-tracking has much greater potential...
Power to the Peaceful
This suggests that it's probably done with Javascript. People that care about privacy, security, and avoiding annoyances, haven't had Javascript enabled in 5 years. Although that technically makes it "opt-out", turning off Javascript is such a basic an almost automatic thing that web users do, that it's practically "opt-in."
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
1) WebWasher (www.webwasher.de). It blocks cookies, scripts animations, web bugs, referer URLs, images, and a whole host of other things. It is highly configurable can be used as a proxy server if you have an in-house LAN connected to a shared broadband connection, and is much more powerful than Guidescope (which Junkbuster recommends for use under Windows).
2) Ad-Aware 5.6 (www.lavasoftusa.com). Run this at least once a week. It will find any ad tracking cookies, spy-ware and various other privacy invading data/programs that get left on your machine. The new version scans your memory, your registry, and your entire HD (very quickly). It finds and removes everything privacy invasion related.
No, the e-tailor doesn't.
The more carpet-bombing they do, the more return they get, with a near-zero investment. And the more info they have, the more they can do it and make it look like they're not doing it.
This is proven Internet marketing practice. Do you know why every half-wit and his brother spams? Because people make it profitable for them to do so. "Legitimate" Internet companies have to play a closer line, but it all works out to the more they send out, the more they get back in. Period.
You want to chill your very soul? Read a marketing trade mag. I think that would change your mind pretty quick.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
I guess that filtering the javascript involved would do the trick, or selectively writing a filter with Proximitron to catch the cookies, etc..
This shouldn't be too hard to defeat, regardless.
What gall for trying though. It reminds me of a Gibson story, (fuzzy on the details) but essentially "sensing" the patterns in someone's data enabled the corporations of the future to do precise targeting of consumers. Scary how we inch towards that every passing year.
Hotblack_Desiato
** By reading this post, you've agreed to my EULA - which includes not modding-down due to difference in opinion. **
This is not Your Rights Online nor is it news. Lets go back to bashing M$oft.
Rant Mode OFF.The Anti-Blog
Just because a store researches something doesn't mean they're going to make the shopping experience better for the consumer.
Case in point: The grocery store you referenced. Haven't YOU ever noticed that the dairy, bread, and fresh vegetables/fruits are scattered at different corners of the store.
And you know why, to make you wander the other aisles to get you to buy crap you didn't originally walk in to get.
"We're sorry, but the website you're trying to reach has been disconnected."
I don't browse webshites.
Got friends?
Ok folks, before everyone goes ballistic about the latest way to monitor what goes on in a browser (I'm probably too late), consider this. If they really see how we ignore banner ads and slam close popup windows, is this a bad thing? Maybe the Evil Marketing People(tm) will finally realize what doesn't work with ads and quit doing them. Maybe they'll realize that more-intrusive-ad!=more-attention.
Sometimes you have to look at things for what they can do positively, not just negatively.
Electronic Frontier Foundation for online civil rights information
"[T]he Internet is as public as Grand Central Station, or Central Park. People should have no reasonable expectation of privacy on the internet."
That depends on what you mean by "reasonable expectation of privacy." I am well aware that when I go to a public area such as Grand Central Station that I might been observed by people who know me or people who don't, and that I might or might not be aware of it.
However, I do not consider it likely that someone who knows nearly everything about me will track where I go in Grand Central Station, what I do there, how long I take to do it, whether I do it alone, and so forth -- and I damn sure don't consider it likely that this mysterious individual about whom I will know almost nothing will have the ability and the desire to sell what he has learned about me to a third party so that that third party may increase what _it_ knows about me. Some people think that way, but in general we mock and deride them for being paranoid. Yet on the Web, we mutely accept such a state of affairs and often mistakenly tell people that such is no different from our daily life.
The legal phrase "reasonable expectation of privacy" is like "shadows and penumbras" -- it gives the lawyers and the IANALs something to quote and sound very wise but it doesn't _mean_ anything other than what the judge of the moment thinks it means. That's not a solid legal footing for anything. And with technology far outpacing our legal system, perhaps even this shifting-sand legal foundation should be revisited.
If I may address your initial point, that you are satisfied with moderate advertising in exchange for some surrender of your personal privacy, I don't think that many would disagree. However, the Web and indeed any purchase that involves either plastic or corporations or both will not permit that bargain. They _demand_ that you surrender everything about yourself (and they will fill in the gaps by "sharing information" with their "partners" to "serve you better") and they then bombard you with promotional materials that have only the most tenuous connection to your purchasing interests. And yet people continue to happily accept that, in exchange for a nickel off here or a rebate coupon there -- and these people are fouling it up for the rest of us who _don't_ share your opinion that a little marketing is worth a little privacy. When I buy groceries, I have to fight off the "Frequent shopper card?" chirping from the clerk. When I want a thirty-cent resistor at Radio Shack I have to deal with "Home address?" from the clerk. It's time to return to the day when a business transaction consisted of a person giving money for a product, no more, no less. Keep your advertising and your targeted marketing and your insiders-only discounts. Just gimme my damn resistor, sir.
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus
2) Run your own Spider - Jam the recording site with "Noise" web traffic associated with your cookie/session. A good spider/robot could simulate mouse coordinates, etc.
Just a couple of quick thoughts. I'm sure there are more...
jeremiah cornelius
"Flyin' in just a sweet place,
Never been known to fail..."
Or you leave the room, or you hit the "mute" button. Or you tape, and skip over the commericals during playback.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
I could almost buy the tracking "migratory patterns" argument- but they get that without needing any of the other spyware. Hell, the server tracks that as usage log information. The other reasons are just non-valid (Checking competitor prices? Go hit their site. Shoplifters? Don't make me laugh...).
There is NO good reason for the spyware. If the hit info isn't giving them things they like, maybe there is a reason for it. Could be they're doing something wrong- or maybe they bet on the wrong thing...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Why do people need all this fancy mouse tracking.
(grumpy old man)
In MY day, we looked at the logs to see what people are looking at
(/grumpy old man)
Don't Tread on Me
Their stated motivation is:
The technique they used was to "add Javascript externally to an existing web page." They mention using barnesandnobel.com, amazon.com, and ashford.com explicitely, but more had to be used given the nature of the tasks given. This seems to imply that they are able to, as a third party, add the javascript tracking to already existing sites. However, they also may be using the fact that they control the testing environment to do this, such as by inserting the code using an http proxy. Details related to how the code was introduced are not given, and would be necessary to determine how much of a privacy threat this is.
"I'm a man... But I can change... If I have to... I guess..." -- the man's prayer, Red Green Show
Mozilla definitely does allow you to disable popups. See http://www.mozilla.org/projects/security/component s/configPolicy.html
Even more off-topic:
Does anyone know how to make Mozilla lie about what User-Agent it is? My bank software rejects Mozilla, claiming it's not compatible. I'm pretty sure it is, and I want to try to make Mozilla claim to be IE on that domain.
except that as long as the invasiveness is largely invisible, no one will really know except those of us who can decipher JavaScript or other embedded objects in pages... and just think how much extra work it will be to decipher what is actually happening in an applet or a similarly embedded object where the source isn't easily viewed via "View Source". The only time the public knows or cares is when you give them an active demonstration on the TV news. Or when something goes wrong and it becomes painfully obvious, i.e. trojaned applets and things like that.
I do not have a signature
It's not too difficult to look into your statusbar as you hover over a link.
In Mozilla you can disable any javascript method or property on a site by site basis.
So you can disable window.open, OnClose and other annoying methods.
Deny scripts access to data on your browser, screen dimensions etc.
See here for info on how to do it.
Reality check here...
People are going to collect information on the sites you visit. If you don't like it, there are some easy ways to get around the problem.
Personally, I don't mind most sites looking my stats over. This sort of thing keeps a lot of sites free. There are worse options like interrupted browsing. All they have to do is remove the page from direct access and lots of bad things happen. Let the marketing departments pay for something easy that those of us who want to can get around. The alternatives are harder and costly.
1. Fast connection means nothing because you have to wait along with everyone else for the ad server to show you the ad, then the page....
2. Searching becomes harder.
3. The web becomes less cross-platform as the ads require tools not avaliable everywhere.
So,
Use an anon service and surf that way if it is a problem.
Or here is another option. Enable your usual blocking tools hit the page and copy the page to local storage and read as long as you want.
I will do this anyway from time to time because I want to archive some content for reading later offline or on a PDA.
Big deal.
Blogging because I can...
Lets see... I think its doubleclick.com that places ad banners that track people across server boundaries then sells the results. Web servers moniter traffic and analyze logs to find out which pages are getting hit most frequently. I'd bet with a little bit of creative Java (or maybe even JavaScript) you could tell how far down the page someone is(can anyone verify or disprove this?), from that figure out their reading speed, what sections of the page they weren't interested enough to read, and which they just skimmed, and who knows what else. Combine these technologies and there you have it, you have an exact picture of what interests a specific person. Throw in an IP address, and maybe some demographic information and you have an awesome marketing tool, with no new technology involved. I wouldn't say "perhaps", I think its a sure bet someone is already doing this.
The targets specified in this article were obviously computer illiterate run of the mill folk living the average life. The kind of person that actually reads the help files that come with microsoft products. Also, the kind of person that can't read anything without a physical reference point, i.e. a mouse cursor. For people like myself... who don't hold on to the mouse unless the intention is on clicking what is being looked it... it wouldn't work. And I dont' shove my cursor off to the right, It's not that big, it does fine right where it's at.
This would take me a week to implement in JavaScript. Set up listeners for nearly and and all mouse events. Log them using a Javascript Object. Serialize it to XML or some tighter data format. Analyze later. The tricky part is the analysis and figuring out exactly what you want to have listeners for. Still.. not that difficult at all.
Jeremy
Upon reading this I looked at my mouse cursors position. It was dead in the middle of the screen, over some of the text I had read before I scrolled down using my mouse wheel, and had been there since I opened the page. (I take the second case he descibes as 'you use the mouse to hold the vertical position on the page where you're currently reading', as oppose to 'you use your mouse wheel to scroll')
I'm presuming here that what the person means by walking your mouse down the page, is that you are "reading" the text with your mouse pointer (like using your finger in a book). Many people here mention that they get around this by using their scroll wheel. They can probably track scroll wheel movements pretty easy. A simplistic method would be in javascript. You should just need something like:
in your scripting area. I think this will take care of 'tracking' your mouse anywhere on the screen. So if the mouse is anywhere over the document, an event is fired off calling the function. I'm sure you've seen a site that has those anoying 'mouse trails' that can follow your cursor...similar concept. It's not limited to links, so provided your mouse pointer is anywhere over the page, it will track it. If you are using the scroll wheel, the page moves under the mouse...but the pointer ends up over a different section of page. Thus it looks like the mouse has moved. So the function could start a timer every time it is called. This could give you an idea of how long they spend viewing a portion of the screen before moving on (scrolling down, etc.).
Now, you could probably circumvent this by putting the mouse cursor off of the browser window altogether and use the arrow keys to scroll. Put you'll probably need to tab between the links in order to get to the one you want. This selects each link, which again should be viewable through a javascript event (can remember the handler off top of head, onfocus perhaps?) tagged to each link.
Other parts of the article mention being able to provide you with a site that tailors itself to you on the fly. Simple server-side scripting will do this. However, I fear sites becoming over-zealous with a feature like this. Many sites end up only providing you with common content it thinks you want, while hiding the content it thinks you don't want. This is to presumably speed up my experience because I wont have to see the other site information downloaded (quicker access over those modem links). After a while, I might not know what said site has to fully offer, as I get 'stuck in a rut' so to speak. They would need a 'show everything site has' (site map) link on everything single page to help offset this. Unfortunately, many sites don't adhear to this simple requirement. Consequently, many users never use certain sites to their full potential.
- A non-productive mind is with absolutely zero balance.
- AC
I have a mutli-level armored approach to browsing:
All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.
I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.
Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.
Duh. The comic shop I used to work at (Action Comics. Quite an original name, no?) did this with the new comics. They were along the back wall so people would have to walk past all of the games/toys/cards and other assorted whatnot to get their biweekly X-Men fix. This isn't bad for the consumer. Sure you've got to walk an extra 15 feet or so (God forbid) but you also get to be exposed to different crap that you might not have been exposed to before (impulse buy!). Unfortuantely, this did not work for Action and they are now long out of business.
The sole purpose of the Internet is to get porn and bomb making plans into the hands of children.
Since the crucial part is not the javascript getting mouse positions, the crucial part is javascript communicating those positions back to the web server.
Mozilla already has fine-grained control over which sites you allow to send cookies to. Someone could add another fine-grained feature to control what sites you allow javascript to send http GET/POST commands to. It could also set which javascript commands you want to enable. This is already the case with window.open()
I also thought maybe we could make the broswer show you what info it is posting back, and let you approve it. But then, sites would just encode it so its not human-readable.
So this is a complicated issue, but one we can deal with, since we have Open Source Mozilla.
On the topic of pop-ups, I've read through the page you cited, but I still have one more question: does Mozilla have the ability to enable pop-ups only from clicking on a link? Disabling pop-ups entirely is irritating as many genuinly useful sites use pop-ups when a link is clicked. It seems that the Mozilla solution is to add each legitimate site by hand; hardly an optimal solution.
FWIW, OmniWeb has this feature.
- j
Why isn't MIT trying to figure out how to make SMTP a secure method of communication. Or adding a better way of removing spam off mailservers.
You know what I'd rather see, is a way of an end user setting up server side spam filters so that one does not have to download spam email to the machine and have the email client do the filtering. This would eliminate 50% of my junk email and probably yours too.
Why cant they create something useful to the users.. guess this means that there needs to be a privacy project started on sourceforge... Whats a good name for that???
Only 'flamers' flame!
You get used to it (or have you stopped watching television?)
:). Anyway, my point wasn't that advertising isn't necessary or ok at some level, my point was that the totally in your face advertising can't possibly be selling more product, it is probably selling less due to the fact that the advertisers are pissing off rather than attracting customers.
Actually I don't watch television any more, i watch Tivo
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
However, I do not consider it likely that someone who knows nearly everything about me will track where I go in Grand Central Station, what I do there, how long I take to do it, whether I do it alone, and so forth -- and I damn sure don't consider it likely that this mysterious individual about whom I will know almost nothing will have the ability and the desire to sell what he has learned about me to a third party so that that third party may increase what _it_ knows about me.
There already are people tracking your every move in public places. These people already are selling some of your personal information to third parties. Question is, do enough people care about this to do anything about it?
./sig
Nope, no sig
They're going to have a tough time with me, considering I usually switch between an average of 10 browser windows at one time...
Most pop-up ads come from one of the usual banner-ad sites, not the actual website, so this feature works pretty well.
Here's my user.js file - you may find it useful. I allow pop-ups by default, except for the listed sites.
I'm a leaf on the wind. Watch how I soar.
I hate commercials on TV, but they have to pay for the content. Therefore, I stopped watching, but I don't complain about it - there's no point. Who likes popups? You could use technology to circumvent them, but this is unethical at best.
Unethical? What about the fact that I'm the one paying to download their advertisement? Since I'm the one paying for my connection to the Internet, and all of the traffic on that connection, I have the right to decide what content is appropriate on that connection. If I decide to block useless ads and popups that's entirely my right.
In general, I think that companies which try all of these very annoying advertising strategies are ultimately wasting their time and money. They should go read the Cluetrain Manifesto and get a clue.
To email me,subtract my nick from my email address, starting with the second character. (hint: adto.uiuc.edu is wrong)
Doesn't the latest version of Opera support mouse gestures a la Black & White? Wouldn't this wreak havoc on any data they gather using this mouse position tracking system? I can just see hordes of Opera-using /.ers descending on the first website to employ this methodology for the sole purpose of screwing up the stats...
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
I found the Web page of project "Cheese" at MIT. They don't seem to be using their own mouse tracking technique yet. The publication that the researchers have produced doesn't provide much more information than the BBC article.
Likely in the same way they'll find out that it's because their entire inventory is tacky and overpriced. That way is... who cares? It's their problem.
They'll either find out and correct it, or continue what they're doing with less customers, perhaps drastically less.
You could, if you're bored, write them an email and explain this, but I doubt any company that hired an IE5-obsessed, javascript-dependent monkey to do their pages has any clue about reading feedback from their users.
Companies that took the time to research the net, even only in so much as finding a consultant who wasn't an idiot, won't have javascript dependant pages, and will periodically try out any new browsers (both by searching for them, and by checking the server logs for user-agent strings) to make sure that their site is properly functional in all browsers.
This has been my point since I started: Your sale doesn't matter. They will get sales, and much more sales, through carpet-bombing. That is what works. That is why it will never be a moderate amount of targeted advertising. It is in their best interest to get the most advertising to the most people, and if they can fake tailor it to you, that's fine, but your sale doesn't matter. The percentage sales they would get from doing advertising "by the rules" would not be the same as doing it en masse.
So they won't.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Well, one thing that strikes me about this is:
For all this data collected from all the surfers to a busy site, where on earth are they going to store it all for any length of time??
I work for a company with a sizable web traffic (250 million pageviews/month). The bane of my life is the logs. Processing them, and storing them for the length of time to draw meaningful trends takes a huge amount of space. All of which needs to be on a RAID, just in case..
Then, of course, there's the software to mine this collection of data, the amount of time required to search the disks for the relevant data, and the setting of the resolution of the data capture from the mouse (needs to be pretty fine resolution to achieve any meaningful results)...
Just think, if they adopted this scheme, it'd be great fun to write a device driver for a pseudomouse that sat the cursor over the web browser, and randomly moved it around, generating millions of data events, all of which get logged on the web site archives...
It's fine to do this for a small scale site, with plenty of funding, but I think there'd be huge problems with the sheer logistics of collecting and analysing this data for anyone without almost bottomless pockets as far as funding goes...
Personally, I don't reckon this will be a big brother tech anytime in the near future...
Cheers,
Malk
is that a bit of a freudian slip?
Even more off-topic:
Does anyone know how to make Mozilla lie about what User-Agent it is? My bank software rejects Mozilla, claiming it's not compatible. I'm pretty sure it is, and I want to try to make Mozilla claim to be IE on that domain.
The pref is called "general.useragent.override". See http://mozilla.org/unix/customizing.html for an example and instructions on how to set the pref if you're not familiar with prefs.js and user.js. (Note that even though the URL contains "unix", most of the prefs there work equally well on all platforms Mozilla runs on.)
Adding something to the preferences panel to allow changing the useragent without editing a text file is bug 46029.
The shareholder is always right.
Two weeks ago, Rob Ginda and Mitch Stoltz added a weaker version of what you're asking for. Instead of only allowing pop-ups for click/enter, it blocks pop-ups for onload, inline scripts (run before onload), onunload, and timer events. This is effective against most existing pop-ups, but will stop being effective when aggressive advertisers realize they can use onfocus or onmouseover instead of onload (if they think enough people are using Mozilla and enable this pref).
To block pop-ups in onload and onunload events, add this line to your prefs.js file (or to a user.js file in the same directory):
user_pref("dom.disable_open_during_load", true);
The shareholder is always right.
I'm not the only one, but I posted an abridged version. I'm also not the orginal author - I just collected the data from various sources and put them into one HOSTS file.
I'll post mine when I get home tonite.
For Win NT4 / NT5 the hosts is found in
%SystemRoot%\system32\drivers\etc\
Hey, wow, finally someone else who uses NetCaptor!
What's also cool is that they have a version that's going to use Gecko in the works, too...
-- Veni, vidi, dormivi
I can't believe that people are upset over this. Wake up, smell the coffee, and welcome to the real world. Please notice that this reality does not precisely follow your expectations. Part of growing up is learning to deal with it.
If you stand up, walk to the corner, enter a liquor store, and buy a pack of condoms, PEOPLE ARE GOING TO KNOW ABOUT IT! Do you expect the clerk to wear blindfolds so he doesn't know who he is selling to?
It is perfectly reasonable, and expected by most people, that their actions which interact with other people will not be private. You call your mother on the phone and you mother will know about it. Duh! You talk to your mother in a crowded room and lots of people will know about it. You shout to your mother from across Grand Central Station, and hundreds of people will know about it.
That is why the law has a certain thing known as "reasonable expectation of privacy". The information about your website is already collected and available to the website. Go peruse your own apache logs if you don't believe me. They know what files you visited and in what order. Do you really expect them, if they are in the business of marketing a product, not to corrolate that information? They would be stupid if they did not.
You cannot expect that you will live life in a vacumn. You cannot expect that online businesses will behave differently than brick-and-mortor businesses. You cannot expect that one party in a transaction will forget all details about it after it concludes.
A Government Is a Body of People, Usually Notably Ungoverned
You're correct. I'm left-handed, mouse right-handed and use the mousewheel instead of the scrollbar whenever possible. I can be jotting down notes or checking items off a list with a pen in my left hand while I wheel/scroll with the right hand. The only thing that's hard for me to do with the mouse in my right hand is freehand drawing. I think most left-handed people develop some degree of ambidexterity.
The best thing about being left-handed is that you're always in your right mind.
"I can tell because when you read a webpage, you do one of a couple of things. You either shovel the mouse off to the right so that it is out of the way, or you will walk down the page with your mouse,"
What would a circular motion of the mouse mean? Is my mouse dirty? Maybe they could automaticaly send some mouse cleaning consultant over.
If you're concerned about this, disable javascript and/or vbscript.
I always have two browsers on my computers. One that prompts for cookies and has java and javascript enabled, and the other rejects all cookies, and has java and javascript disabled. I use the secure(r) one for cruising the web, and if I need to go to a useful site that requires javascript and/or cookies, I use the less secure one.
That's part of the reason there is the DMCA and the possibly-soon-to-be SSSCA. To make skipping commercials illegal. (*) Heck, with DVDs it is illegal to make a player that lets you skip unskippable ads - you either have to violate the CSS license or implement CSS yourself, which is a DMCA violation.
(*) It won't strictly be illegal - that would raise an outcry. Just that getting around the technology that stops you would be an illegal "act of circumvention". That way anyone that tries to give you control could be painted as an "evil hacker", likewise for anyone using any circumvention methods.
After all, only "evil people" try to make the computer do anything it isn't designed for, or do anything the computer tries to prohibit. The machine is "always right", since the "nice" corporations made them.
(The above was heavily laced with sarcasm - obviously I am oppossed to DMCA/SSSCA).
Just because it CAN be done, doesn't mean it should!
It seems its from a company called NetActive Inc. and the file version is 4.2.3 (build Lithium)!
Since I'm the one paying for my connection to the Internet, and all of the traffic on that connection, I have the right to decide what content is appropriate
EXACTLY! You have the RIGHT to decide if their ads are not the type of content you want on your pipe - don't go to their site and you won't see the ads. You're argument is like stating, "I shouldn't have to pay for this book, I have the RIGHT to view this book, so I'm going to steal it".
It's not your right to circumvent their revenue model Do you really believe that you have some God Given Right to have access to a website's content? If you want their content, you have to agree to their revenue model to use it (monthly subscription fee, advertising, etc.) If a site requires a $10 monthly fee, is it okay to hack an account on their system? Filtering ads is no different.
Note to moderators, I just got modded down for a legit post in this thread - please do not mod based on personal opinion or bias.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
He sees you when you're sleeping.
He knows when you're awake.
He knows if you've surfed for porn.
don't jack-off for goodness sake.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
If you like OmniWeb, also check out iCab for OS X
:)
It allows you to filter InScript/JavaScript on a site by site basis. For each site, you can allow/disallow the following:
-access 'Referer'
-access history
-write in status line
-create cookies
-ask for cookies
-open windows
-change window size/location
-hide toolbars
It also has excellent cookie filtering. Between OmniWeb and iCab I can deny anything.
This will saddly remain true for scams and fraud, where the goal is to find a few hundred desparate/stupid people among many millions, with no regard for pissing off everyone with the good sense to know they're not going to "get rich quick".
But for marketing legitimate products and services, more will not always be better for advertisers. Ultimately sales are what matters, and pissing off customers and damaging ones reputation among them just doesn't make good long-term business sense. Sure, there are some examples of mass-mailing, but in the long run semi-targeted email is what will work for legit products. There are plenty of people like Mike that don't mind getting a few messages a week that are actually along his line of interest.
It's crap this these (all received in my inbox within the last few days) that will be the things that make sense to mass-email without any targeting. Just inside anyone reading this doesn't know what true garbage anyone who's publically visible and widely distributes their email address has to put up with, here's a little sampling (about 20%) of the spams I've received in the last 4 days:
Well, that's about 20% of the spams I've received in the last 4 days. There were some really amazing ones in there but they were a giant mess of html... not easy to copy into slashdot. I kept holding out for one of the really dumb sex pills ads... ah, here it was (yet again) on Sept 5th:
The old saying goes:
If it sounds too good to be true....
PJRC: Electronic Projects, 8051 Microcontroller Tools
In keeping with that second point, I'd like to point out the dishonesty of the researcher claiming this will help to be 'more responsive to customers' or whatever cant he used. Commercial web sites have already shown their utter unresponsiveness to customers. Even when a customer took the time to compose a detailed email explaining what was wrong with a site, it was either discarded or read with gales of laughter. I know because I was there. If web sites want to serve customers better, they could start by reading and responding to email. Second, watch the error log and fix bugs. Third, watch the access log and find 'dead ends' where people give up. There is no need to spy on customers.