Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cursor Software Tracks You On Web

Posted by Hemos on from the yet-another-software-spy dept.

fabrini writes "That cute little animated Comet Cursor, that some websites try to send you when you visit their site, is actually doing more than impressing the kids. It's also tracking your activity on over 60,000 websites using a unique serial number -- and all without asking. "

2 of 312 comments (clear)

  1. Criminally illegal in the UK by charlie · · Score: 5
    I am not a lawyer, but it looks to me as if grounds exist for a criminal prosecution of this company in the UK.

    What laws are they breaking?

    For starters, there's the Data Protection Act (amended 1998). This requires all databases to be registered, along with a list of their structure, so that people upon whom information is held can serve a data disclosure notice on the database owners and find out what is being said about them. I believe there's also a requirement to notify the subjects that information about them is being stored.

    (Violation: up to two years in prison and a honking great fine, although it's very rare for infractions to get as far as a prosecution.)

    Next: Computer Misuse Act (1994). This act has teeth -- it was introduced as an anti-hacking measure and it would seem that if they're tampering with or using a computer in the UK for any purpose without the consent of the owner they could be liable for five years as a guest in one of Her Majesty's hotels. It is a criminal offense to run software on a computer without the owner's permission, or to cause software to be run (ditto), or indeed to do anything with a computer without permission from its owner. Oh, and you can be guilty even if you're not in the UK (but meddling with a UK-based computer), or if the computer's not in the UK (but you are).

    Finally there's the EU declaration of human rights which, implemented in law, has an explicit right of privacy. The EU recently disseminated some directives on data security -- specifically banning the export of personal information from jurisdictions with strict privacy laws to other jurisdictions with weaker protection -- that means this company is violating the law, right across the EU.

    Class action lawsuit, anybody?

  2. Comet's denial has a big loophole. by victim · · Score: 5
    Quoting from the article...
    ``We don't know your gender, your age or anything except you're a Web browser visiting sites,'' Comet spokesman Ben Austin said. ``There's not a lot of reason to crunch that data because I don't see that it's in anyone's economic interests. We're stating for the record that we don't do that and we never will.''
    Ok, Comet won't do the correlation analysis, but then they don't have enough information to successfully correlate either. I'd feel much better if they promised not to sell their information to others. The large market analysis firms are the ones that will do the correlation.

    Consider what you get if you buy the access logs for a bunch of web sites (some with login ids that can be tracked to house addresses, maybe from shipping information) and then add user tracker data like Comet that can identify a user between web sites. You can now track the user's access patterns across all the web sites, even those where he was anonymous.

    This isn't anything too new, the banner ad companies do this already.