Do Not Call Site Has AT&T Stats Tracker?

hookedup writes "The Register is carrying an article about suspicious content at the FTC's Do Not Call site. It has been a runaway hit with US consumers, with over fifty million signing up to avoid spam calls from telemarketers. But the web site hides a little secret: a 1x1 pixel image tracking visitors... and where does the trail lead but to the AT&T, one of the most persistent telemarketers." However, the tipster, James 'Kibo' Parry, notes: "There isn't any evidence proving they _are_ up to anything improper, but this relationship between the FTC and AT&T fails to avoid the potential for impropriety."

So what?

[larry+bagina]

Slashdot runs MS ads.

Re:So what?

[Kenja]

Dear God your RIGHT! Lock the doors Martha, there gona be comming for me any second now. Get out my good shotgun and push the couch up against the window. You'll never take me alive Slashdot Bastards! You or your Microsoft Overlords.

More Info

[c0dedude]

I went to ftc.gov to see if such a link is standard operating procedure for them. It isn't on that site. Strange, no? Why would they track anyone who wants to stop receiveing phone ads? To make up for it in spam! :-)

ATT has the contract to impliment the DNC

[Christopher_G_Lewis]

Um...

AT&T Government Solutions Will Operate Do-Not-Call List

AT&T has the server logs!

The article says, "The FTC confirmed that AT&T Managed Services is its contractor, and hosts the website."

They don't need a 1x1 image to track usage... they have the server logs!

Re:AT&T has the server logs!

[matthewn]

Server logs don't tell you everything you need to know if you're going to run a serious, full-service Web site -- things like what resolution your lusers are running at, etc. You need to use 1x1 shenanigans for that. Period.

Re:AT&T has the server logs!

[pediddle]

As other people have mentioned, the image is inside a tag, which means it's very simply a tracker to see how many people surf with Javascript disabled. Server logs won't tell you that.

The real question

[b1t+r0t]

Kibo is the one who found this?

In that case, what everyone really wants to know is: "Is AT&T allowed ?

Re:Oh NO! A tracking pixel!

[Kenja]

Sure, it seems like nothing now. But once all the Opera and Mozilla users have been rounded up, put into camps and executed it'll be too late.

AT&T is a huge corporation

[dcocos]

I'd be willing to be that AT&T hosting people don't even know that the AT&T phone people exist.

Re:Off by a power of ten?

[c0dedude]

You must be new here. That's only one order of magnatude. Around here, that's pretty good.

Ahem...

[inertia187]

Will someone please tell me what would prevent a telemarketing company outside the US from obtaining this very accurate list of phone numbers?

Re:Ahem...

Nothing, considering they will be getting it on cd from the FTC in order to comply with the program if they are conducting buisness within the US, just like every other telemarketing company.....

Re:Ahem...

[edrugtrader]

i just found this list on a soviet russia telemarketing list... i think they already got it!

(408) 100-0000
(408) 100-0001
(408) 100-0002
(408) 100-0003
(408) 100-0004
(408) 100-0005
(408) 100-0006
(408) 100-0007
(408) 100-0008
(408) 100-0009
(408) 100-0010
(408) 100-0011
(408) 100-0012
(408) 100-0013
(408) 100-0014 ... ...
seriously, this goes on for pages!

Re:So?

[Christopher_G_Lewis]

The web bug is to http://g6589dcs.nyc2.aens.net

Aens.net is
AT&T Enhanced Network Services (AENS6-DOM)
POB 919014
San Diego, CA 92191-9014
US

Which is basically AT&T Managed Services.

I'm assuming its a bug to make sure the site is up and running...

Course I could be wrong, and it is a part of a national conspiracy to make my dinner get cold.

Re:There it is!!!

[jsprat]

And it is inside a tag, which will only be fetched if javascript is disabled. Lynx and links will only fetch it if you ask them to.

It looks like its purpose is tracking how many people surf with javascript disabled.

Re:Off by a power of ten?

[Murdock037]

Wait until the story is duped a few times, they should all add up to the right number eventually.

check the privacy policy

[I+Want+GNU!]

First off, they can log information with or without these "web bugs." I know this because I run my own websites and I track visits because I like knowing how much traffic I'm getting, with what terms, etc.

Given that, this article is useless.

But even more so, if you go to the site it says at the bottom:

This site is operated by Consumer.net and is not operated or controlled by the US Government or the telemarketing industry
Consumer.net testified at Federal Trade Commission Workshops for Internet Privacy in 1997 and the "Do-Not-Call" Forum in 2000.
Consumer.net authored a paper for an Online Profiling workshop at the Department of Commerce in 1998.

The Consumer.net Privacy Policy is found at PrivacyPolicy.com

This privacy policy states:

Web Site Log Files: We site log files are generated that collect the IP Address of the visitor, date, time, and pages visited. Aggregate reports for web site visitors are generated that do not contain personally identifiable information.

Advertising reports are generated that show the IP addresses of visitors who clicked on ads. This information may be sent to the advertiser to confirm the number of "click-throughs." The advertiser normally already has this information as a result of the user clicking on the adverstisement. No additional information about the visitor is supplied to the advertiser. The log files are eventually deleted.

There. Case solved. Stop being paranoid about such silly things. If you want to be paranoid, be paranoid that the MPAA might accidentally associate your IP with file sharing even if you don't file share, or be paranoid that John Ashcroft is using the PATRIOT Act or Patriot Act II (to be introduced in Congress soon) to spy on you for reasons unrelated to terrorism (as he has done). Better yet, donate some money to the ACLU to protect your civil liberties or to the EFF to protect your electronic freedoms.

Copy and Paste?

[akiy]

Soooooo....

What would happen if all of us started putting the below image on all of the websites that we run?

Hmm...

<img BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://g6589dcs.nyc2.aens.net/DCS000003_6D4Q/ njs.gif?dcsuri=/nojavascript">

Re:Kibo?

[joe_bruin]

wow, the same kibo of usenet fame now graces slashdot.
for those of you not familiar with one who has been once declared a "USENET Deity", here's a brief article describing the man, the myth, the legend.

Its to count the number of people w/o javascript..

[molo]

Here is the snippet from the page http://www.donotcall.gov/ Note that the img tag is embedded in the noscript tag. That is, this img is only loaded in graphical browsers that don't use javascript. Since AT&T has the government contract to implement the DNC list, I don't think there's anything sinister going on here, they just want a count of the number of users that don't use/enable javascript.

-molo

<noscript>
<img BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://g6589dcs.nyc2.aens.net/DCS000003_6D4Q/ njs.gif?dcsuri=/nojavascript">
</noscript>

But maybe MY tin-foli hat is on too tight

[orthogonal]

I'm glad this was reported, and I think it needs to be looked into more closely.

But.

There's this taunting little voice in my head wondering if somebody didn't say,

Web Developer 1: "Hey, let's add a web bug to Do Not Call page, and then we'll leak it to Slashdot."

Web Developer 2: "WTF would we want to do that?

Web Developer 1: "So when they find out about it, we can watch those Slashdot monkeys dance!"

Web Developer 2: "Yeah, yeah, dance dance dance in their tin-foil hats! Coool!"

Re:Off by a power of ten?

[letxa2000]

Yeah, well to me the amazing thing in the story is that the government apparently paid AT&T $3.5 million to build the website. Have you visited the website? I've built more complex websites in a matter of weeks. Even charging $200/hour that would be easily less than $32k.

I would hope that "building" the site for $3.5 million also includes running it, ongoing maintenance, etc. Because if the government really paid AT&T $3.5 million to BUILD it and still has to pay some ongoing fee, they got ripped by an order or two of magnitude.

Government waste isn't surprising, but it's sad when it is made so obvious. A good percentage of the folks here at Slashdot could have done just as good a job for a fraction of the cost and STILL recorded a very good year income-wise.

Web bugs are a violation of federal policy

[sakusha]

I clearly remember reading that the fedgov had implemented a strict ban on web bugs and cookies. I couldn't find the exact law, but here's an interesting tidbit from a .mil site:
http://www.defenselink.mil/nii/org/cio/doc/ cookies .html

The Office of Management and Budget (OMB) has reaffirmed (attachment 1) that it is Federal policy that each Federal agency operating a public web site, or contractors operating such sites on behalf of an agency, must post clear privacy policies at their principal web sites, at known, major entry points to the sites, and at those sites where the agency or the contractor collects substantial personal information from the public. The OMB emphasizes that it also is Federal policy that web technology, such as "cookies," should not be used at Federal web sites to identify and track the activities of web users unless a compelling need exists to collect such information, appropriate publicized procedures are established to safeguard the information, and collection has been personally approved by the head of the agency.