Browser Spyware: Watching Where You Linger

← Back to Stories (view on slashdot.org)

Browser Spyware: Watching Where You Linger

Posted by timothy on Monday September 10, 2001 @02:39AM from the matter-of-time dept.

An Anonymous Coward writes: "Just when you you'd installed Junkbuster and thought it was safe to go back onto the web, the BBC runs this story which tells you that webshites will soon(?) be able to tell whether you are reading the page, what parts of it are of interest to you, etc. Guess we can expect porn sites to be the first to take advantage of this." Or perhaps someone else is already doing this, and hasn't told you.

12 of 395 comments (clear)

Use smart settings to avoid this: by hardaker · 2001-09-10 02:47 · Score: 5, Informative
If you carefully configure your web browser I would think you could avoid being tracked:
- Turn off javascript support. This is likely how their doing their "what part of the page you're looking at" tricks (watching the scrollbar usage).
- Don't accept cookies. Don't go to sites that force you to accept them.
- Turn off auto-loading of images. This is the one that no-one does, but with the increasing frequency of single pixel tracking images, it might be a wise thing to do. Junkbuster is certainly a good alternative, but it won't catch everything.
- Konqueror has the ability to change your user agent. It'd be cool to write a "random" mode to it where it randomly selected from it's list of user agents to send to the remote site ;-)
--
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
1. Re:Use smart settings to avoid this: by UM_Maverick · 2001-09-10 02:59 · Score: 5, Informative
  
  have you actually used the web lately? Your ideas are great in theory, but in practice they take you back about 6 years. E-commerce goes out the window w/out cookies. Many sites become unusable w/out javascript (Not just sites that do "onclick=location.href", but there are many sites that actually use javascript *well*). Turning off images means that you won't see half of most sites...and the list goes on...
  
  Now I know what you're going to say: "If site X won't let me browse my way, then I don't need site X". Well, damn near every site out there is becoming site X. Whether you like it or not, that's the way the world is moving, and you can either accept their way of doing things, or stay in 1995.
  
  Hmm...just re-read that, and it sounds like a flame...I really didn't intend it to be...just meant it to be more of a wake-up call.
  
  --
  Juiced? Or Not?
2. Re:Use smart settings to avoid this: by cyberdonny · 2001-09-10 03:23 · Score: 5, Insightful
  have you actually used the web lately? Your ideas are great in theory, but in practice they take you back about 6 years. E-commerce goes out the window w/out cookies. Many sites become unusable w/out javascript (Not just sites that do "onclick=location.href", ...
  Actually, I usually surf with javascript turned off, and the sites where this causes problems can be counted on the fingers of one hand. And for those rare sites I have the choice of
  
  not there going again
  
  just allowing those sites in my konqueror browser's javascript ACL.
  
  Of course, if you're in the habit of surfing to porn sites, you might be somewhat more dependant on javascript...
  ...but there are many sites that actually use javascript *well*).
  Actually, using javascript well should mean to not make an obligation out of it, but to use it solely to provide additional and optional functionality. The site should still stay useable even if the user doesn't want or isn't able to use javascript. You know, blind people who are bound to surf using lynx (because their braille lines, or text-to-speech engines only support text browsers) cannot just turn on javascript, even if they wanted!
3. Re:Use smart settings to avoid this: by mosch · 2001-09-10 03:31 · Score: 5, Insightful
  
  No, because single pixel gifs have legitimate purposes too. Not to mention the fact that any image can be a "tracking" image.
  Example: Let's say you want to draw a horizontal bar with a rounded edge, ala slashdot. You can make an image that has the rounded edge, then a seperate image that's simply a one pixel gif of the same color, that you then stretch by using height and width attributes on the img tag.
  This will prevent the color differences between the two images, as they'll both be using the same graphics library to display. This however also minimizes download time, because all you really need to make a colored bar is one pixel of the exact color you want.
  Be less paranoid.
Online molesters are targetting OUR KIDS! by BillyGoatThree · 2001-09-10 02:48 · Score: 5, Insightful

For crying out loud, /., lighten up. Remember back in '95 when you couldn't turn on the TV or read a news magazine without some lame story about online stalking or pedophiles in chatrooms? And we all mocked them by saying "that's no different than real-life, what's all the hullabaloo"?

"Brick and mortar" stores do exactly this same thing. Many have cameras, the rest use "secret shoppers" (people who look like they are shopping but are really watching YOU) to discourage shoplifting, check competitor prices AND research in-store "migratory patterns". For instance, haven't you ever noticed that ALL grocery stores have the fresh fruits and vegetables right by the door?

This isn't "Your Rights Online". This is "Translating Nothing Cares About In RealLife Into A Scare Story About 'The Net' In Order To Attract Eyeballs To Slashdot."

--
324006
Re:Is it just me or is the web becoming too annoyi by Greyfox · 2001-09-10 02:58 · Score: 5, Informative

Konqueror and Mozilla both allow you to disable popups while allowing JavaScript to run. I believe that at least Konqueror and possibly Mozilla as well will allow you disable or enable features on a site by site basis. The web has become a whole lot less obnoxious since I set Mozilla up to disable popups and animation. I highly recommend running a browser that will let you do this. Mozilla is now fast enough that I can actually tolerate using it and has been since a CVS build about a month and a half ago.

--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Re:What's so bad about direct marketing? by UberOogie · 2001-09-10 03:01 · Score: 5, Insightful

Personally, if companies can direct moderate amounts...
Stop right there, because that's your answer. It will never be moderate. As soon as they can, it is in the marketers best interest to get as much advertising to you as they can in the shortest amount of time, and the more they know, the more they will.
It is sad, but in the future, we'll probably look back fondly on things like PeoplePC which gave only one advertiser the keys to the car...

--
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Excite may already be doing this by Compulawyer · 2001-09-10 03:12 · Score: 5, Interesting

I have noticed that when I log into Excite, some pages I view have been loading a 1 X 1 Applet that is transmitting information (at least time spent on the page) back to servers. As far as I am concerned the only uses for a 1 X 1 ANYTHING on a web page are no good.

I have not yet grabbed the applet and tried to decompile it (mostly for lack of time), so I do not know exactly what it is doing in addition to sending time information, but it struck me as extremely obnoxious.

I am stuck using Win98 and Netscape 4.7 at work, so I cannot use a more enlightened browser that selectively grants/denies JavaScript and Java access by domain name. So...I am stuck being watched to a certain extent.

Is it just me or is anyone else sick and tired of being treated like some company's asset? I am tired of the companies I deal with trying to suck every possible dime out of the relationship they have with me -- ESPECIALLY when it comes to selling my personal information.

--
Laws affecting technology will always be bad until enough techies become lawyers.
Re:Client side cooperation required by stikves · 2001-09-10 03:20 · Score: 5, Informative

No it is not necessary. The site can have two "frames". One of them would be the main frame filling the entire window, the other will be the tracking frame, which is insivible (or 1 pixel high).

Then the javascript code in the main window will fill a string with your mouse movement like:

(100,100)-(110,100)-(110,109)-...

After the buffer is filled enough, it will update the hidden frame with a code like:

TrackerFrame.URL = "http://server/track.cgi?" + str;

That's it. That's all. Your tracking is complete.
Re:Sinister... by Isofarro · 2001-09-10 03:39 · Score: 5, Informative

If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page

No ifs about it. Javascript has quite a number of mouse dependant event-handlers, onMouseOver, onMouseOut, onMove, onClick, onMouseDown, onMouseUp.

Getting the details back to the server is even easier, just condense mousemovements into a bunch of characters (like Logo commands), stick them into a query string.

Now use a hidden image (a transparent 1x1 gif), useing javascript you can change this object on the fly - change the src attribute of that image to a cgi script, with the query string attached, plus a timestamp (making the url unique, thus not cached). The cgi-script then stores/analyses/ignores the data presented, and returns a status 204 - No change.

Its too simple, really.

On the plus side, hopefully it will convince more and more people to disable Javascript - and then boycott any websites that rely/insist on having it enabled. There's enough sites out there as competition to safely avoid intrusive websites - if not, then there's a niche market you can join.
The bread, milk, and fresh fruits are scattered. by laetus · 2001-09-10 03:43 · Score: 5, Informative

Just because a store researches something doesn't mean they're going to make the shopping experience better for the consumer.

Case in point: The grocery store you referenced. Haven't YOU ever noticed that the dairy, bread, and fresh vegetables/fruits are scattered at different corners of the store.

And you know why, to make you wander the other aisles to get you to buy crap you didn't originally walk in to get.

--

"We're sorry, but the website you're trying to reach has been disconnected."
Several answers by Croaker · 2001-09-10 04:36 · Score: 5, Interesting
I have a mutli-level armored approach to browsing:
1. I installed Bugnosis which is designed specifically to deal with single pixels images that might be web bugs.
2. I use Proxomitron to do Javascript filtering. It cuts out the worst examples of Javascript annoyances (popups, leaving the page triggers, etc.) The filters are editable, so you can customize them yourself to filter out things like this spy script.
3. I route everything through Junkbuster, which gets rid of the ads that Proxomitron misses.
All of the above besides Junkbuster are Windows-only. The first one is specific to IE, but I end up using that anyhow, since it's the most stable Windows browser.

I can browse most sites that don't do stupid shit like refuse to serve pages to me if they cannot detect my browser (in which case, they are probably crap, anyhow). For shopping sites, I can just add the site to Junkbuster, or bypass the protection through Proxomitron. I am pop-up ad free, and I give out minimal information about myself. The other better way of browsing I could see would be to use an anonymous proxy, which would protect my IP addess.

Of course, this would bet better implemented via the browser. I was using Konqueror a lot at home under Linux, but it began crashing too much for my tastes. There, I've just stuck to using Mozilla with Junkbuster. Javascripts still sometimes get through, though.