Slashdot Mirror
Browser Spyware: Watching Where You Linger
An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.
Get ready for the "marketing geniuses" to take advantage of this...by having new windows pop up right when you move your mouse to the back button...
Anyone else up for using keyboard shortcuts now?
When nuance becomes the only objective we lose the ability to function
What matters here is who they tell, and who they sell it to.
I can't stop them from tracking (yet.) I do turn off all activeX, ask on cookies, no scripting, etc... but if they can get around my disabled browsing habits, then what matters is who they tell.
Time to go back to safeweb, as well.
Or perhaps someone else is already doing this, and hasn't told you.
Somebody was up late playing Deus Ex last night, right timothy??
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
I wish sites would realize that pissing off their viewers with popups and big honking ads, does not make the viewer more likely to visit the advertisers site or buy their product. It has quite the opposite effect. I've stopped going to some sites that I like for the simple reason that I really F*ing hate popups!
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
For crying out loud, /., lighten up. Remember back in '95 when you couldn't turn on the TV or read a news magazine without some lame story about online stalking or pedophiles in chatrooms? And we all mocked them by saying "that's no different than real-life, what's all the hullabaloo"?
"Brick and mortar" stores do exactly this same thing. Many have cameras, the rest use "secret shoppers" (people who look like they are shopping but are really watching YOU) to discourage shoplifting, check competitor prices AND research in-store "migratory patterns". For instance, haven't you ever noticed that ALL grocery stores have the fresh fruits and vegetables right by the door?
This isn't "Your Rights Online". This is "Translating Nothing Cares About In RealLife Into A Scare Story About 'The Net' In Order To Attract Eyeballs To Slashdot."
324006
The system developed by the team at MIT is called Cheese, since they are following the mouse, like a mouse follows cheese.
Wouldn't a better title have been "Cat"? Or perhaps "Rodent Stalker"?
Yeah....or I'm one of the 5% of the computer market with a Mac and I'm one of the 90% of Mac users that have discovered that when I type the mouse goes away. So I press down arrow and *poof* I don't need to move the mouse out of the way, and my finger is right where I need it to scroll down to read more of the story.
(Or I could turn off JavaScript, which is a good idea because it gets rid of a lot of irritating popup and popunder ads -- which is a pretty good idea, even 'tho it breaks a few sites)
Konqueror and Mozilla both allow you to disable popups while allowing JavaScript to run. I believe that at least Konqueror and possibly Mozilla as well will allow you disable or enable features on a site by site basis. The web has become a whole lot less obnoxious since I set Mozilla up to disable popups and animation. I highly recommend running a browser that will let you do this. Mozilla is now fast enough that I can actually tolerate using it and has been since a CVS build about a month and a half ago.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
First spyware and then web bugs. What needs to happen is that the public has to say "Enough is Enough" and not use products or services that violate their privacy or utilize these types of tools.
Unfortunately, the average person takes what is available to them simply because of the convienience of doing so. Apathy sucks, doesn't it.
Anybody up to writing an HTTP proxy or filter that strips out this info as it is being returned to the offending site? I guess it should then redirect the user to a site informing them of what has or was about to happened. Maybe the internet community should develop an RBL-like list for websites that pull this stunt? Anyone up for an RFC?
Here's a thought...remember Dr. Hawking's fear that machines may someday subjugate us? Image a concious website that maniputes us into doing whatever it wants us to do or believe. Damn...my computer is calling me again....
Stop right there, because that's your answer. It will never be moderate. As soon as they can, it is in the marketers best interest to get as much advertising to you as they can in the shortest amount of time, and the more they know, the more they will.
It is sad, but in the future, we'll probably look back fondly on things like PeoplePC which gave only one advertiser the keys to the car...
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
While reading the article, I left the mouse in the main browser window and used the keyboard to scroll. So if their system was used, it would make it appear that I was not reading the article, even though I did in fact read it.
Really, if you stay on a page for more than a few seconds, you're probably reading it. And that would surely be simple enough to determine, although you'd have to figure out a bulletproof way to put up an invisible frame in order to send the information to the mother ship. It would probably be easiest done in Java, which can do that without pulling up a web page, but many people have non-working Java, so even that's not foolproof.
Unfortunately for the people who created this model, once people become aware of how it works, it will no longer function. People who would formerly hover the mouse over a link would simply refrain from doing so and therefore give the system no useful data. I also suspect individual personal styles are going to be different enough to stymie them in the end. I am not convinced that people only visit links directly if they have been to the site before, for example.
For the person who said a scroll mouse would defeat this system, I'm sure signals from the scroll wheel can be read as well.
When I am hesitating between multiple items, I will often put them in my cart, look at the total and then remove the one that makes the total too high, or that I'm unsure about. Anything I put in my cart and took out, and any abandoned shopping cart contents, would be a ripe selling weapon that can already be used without relying on this technique.
I think this one's too flaky for practical use. But as always, we'll see.
D
Look, since day one of the commercial web, sites have obsessively tracked how many hits they get, where they're coming from, how a user moves through the pages, where they spend time and how often they return. (As if Andover/OSDN isn't doing all of those things -- or is this like with web bugs where we're just supposed to care about them on other sites?) That's one of the great edges the net was going to have over other media. To the degree that people are bothered by that and to the degree that they're technically sophisticated, they turned off cookies and otherwise interfered. And what does Junkbuster have to do with anything?
What this seems to be is an incremental advance in tracking how pages are read -- there's a little added feedback about mouse movements and maybe scrolling. As always, if this takes off it will be trivial to block for those who know and care about such things. And everyone else has far more important privacy invasion being done to them.
Though what they propose probably has some application to the majority of users, I'm just as sure there are others who would not fit their expectations:
Besides, cheese is often placed in a mousetrap. This kind of technology feels like users are the ones being tempted by the cheese; what kind of trap are we getting into?
I was thinking the same thing, how can they do this since web browsing involves stateless, connectoinless technologies.
So I thought about it, and here is a possiblity:
If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page. Every link on that page fires off a JavaScript which will submit the form and then redirect you to which ever page you requested. The mouse movement data can only be reported if you select another page.
In all honesty, paying attention to your actions is the same thing any brick and mortar shop owner can do why watching you walk down the aisles. When stores were smaller and people friendlier, shop owners made it their job to remember your name, your family, and your preferences (The usual, Mr Smith?). What this technology is trying to do is no different than that, it is just not always being done by not-so-friendly people.
I have not yet grabbed the applet and tried to decompile it (mostly for lack of time), so I do not know exactly what it is doing in addition to sending time information, but it struck me as extremely obnoxious.
I am stuck using Win98 and Netscape 4.7 at work, so I cannot use a more enlightened browser that selectively grants/denies JavaScript and Java access by domain name. So...I am stuck being watched to a certain extent.
Is it just me or is anyone else sick and tired of being treated like some company's asset? I am tired of the companies I deal with trying to suck every possible dime out of the relationship they have with me -- ESPECIALLY when it comes to selling my personal information.
Laws affecting technology will always be bad until enough techies become lawyers.
check out the Majestic game advert at: http://www.scifi.com/farscape/ . Looks like what you mention is not too far away!
Then the javascript code in the main window will fill a string with your mouse movement like:
(100,100)-(110,100)-(110,109)-...
After the buffer is filled enough, it will update the hidden frame with a code like:
TrackerFrame.URL = "http://server/track.cgi?" + str;
That's it. That's all. Your tracking is complete.
Of course, there probably would be abuses of privacy by "marketing firms", but in the case of website that actually try to provide really useful information, this sort of feedback could really help direct the very limited time and effort towards improving the parts of the site that really need it. In my own case, it's often the classic example of a long-time expert not being able to identify with the pains of brand new users.
Of course, there is the traditional usability study approach. Maybe someday I'll spend some money and do it.
PJRC: Electronic Projects, 8051 Microcontroller Tools
If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page
No ifs about it. Javascript has quite a number of mouse dependant event-handlers, onMouseOver, onMouseOut, onMove, onClick, onMouseDown, onMouseUp.
Getting the details back to the server is even easier, just condense mousemovements into a bunch of characters (like Logo commands), stick them into a query string.
Now use a hidden image (a transparent 1x1 gif), useing javascript you can change this object on the fly - change the src attribute of that image to a cgi script, with the query string attached, plus a timestamp (making the url unique, thus not cached). The cgi-script then stores/analyses/ignores the data presented, and returns a status 204 - No change.
Its too simple, really.
On the plus side, hopefully it will convince more and more people to disable Javascript - and then boycott any websites that rely/insist on having it enabled. There's enough sites out there as competition to safely avoid intrusive websites - if not, then there's a niche market you can join.
This is not Your Rights Online nor is it news. Lets go back to bashing M$oft.
Rant Mode OFF.The Anti-Blog
Just because a store researches something doesn't mean they're going to make the shopping experience better for the consumer.
Case in point: The grocery store you referenced. Haven't YOU ever noticed that the dairy, bread, and fresh vegetables/fruits are scattered at different corners of the store.
And you know why, to make you wander the other aisles to get you to buy crap you didn't originally walk in to get.
"We're sorry, but the website you're trying to reach has been disconnected."
Mozilla definitely does allow you to disable popups. See http://www.mozilla.org/projects/security/component s/configPolicy.html
Even more off-topic:
Does anyone know how to make Mozilla lie about what User-Agent it is? My bank software rejects Mozilla, claiming it's not compatible. I'm pretty sure it is, and I want to try to make Mozilla claim to be IE on that domain.
I have a mutli-level armored approach to browsing:
All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.
I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.
Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.
On the topic of pop-ups, I've read through the page you cited, but I still have one more question: does Mozilla have the ability to enable pop-ups only from clicking on a link? Disabling pop-ups entirely is irritating as many genuinly useful sites use pop-ups when a link is clicked. It seems that the Mozilla solution is to add each legitimate site by hand; hardly an optimal solution.
FWIW, OmniWeb has this feature.
- j
I hate commercials on TV, but they have to pay for the content. Therefore, I stopped watching, but I don't complain about it - there's no point. Who likes popups? You could use technology to circumvent them, but this is unethical at best.
Unethical? What about the fact that I'm the one paying to download their advertisement? Since I'm the one paying for my connection to the Internet, and all of the traffic on that connection, I have the right to decide what content is appropriate on that connection. If I decide to block useless ads and popups that's entirely my right.
In general, I think that companies which try all of these very annoying advertising strategies are ultimately wasting their time and money. They should go read the Cluetrain Manifesto and get a clue.
To email me,subtract my nick from my email address, starting with the second character. (hint: adto.uiuc.edu is wrong)
Well, one thing that strikes me about this is:
For all this data collected from all the surfers to a busy site, where on earth are they going to store it all for any length of time??
I work for a company with a sizable web traffic (250 million pageviews/month). The bane of my life is the logs. Processing them, and storing them for the length of time to draw meaningful trends takes a huge amount of space. All of which needs to be on a RAID, just in case..
Then, of course, there's the software to mine this collection of data, the amount of time required to search the disks for the relevant data, and the setting of the resolution of the data capture from the mouse (needs to be pretty fine resolution to achieve any meaningful results)...
Just think, if they adopted this scheme, it'd be great fun to write a device driver for a pseudomouse that sat the cursor over the web browser, and randomly moved it around, generating millions of data events, all of which get logged on the web site archives...
It's fine to do this for a small scale site, with plenty of funding, but I think there'd be huge problems with the sheer logistics of collecting and analysing this data for anyone without almost bottomless pockets as far as funding goes...
Personally, I don't reckon this will be a big brother tech anytime in the near future...
Cheers,
Malk