Re: Web bugs

From: Emlyn (onetel) (emlyn@one.net.au)
Date: Mon Jul 03 2000 - 00:55:03 MDT


It should be possible to put together software which at least alerts the
user of the presence of webbugs; scans HTML of the website, kicks up a stink
if it sees 1x1 gifs which are from a different server to other content (esp
the page itself), esp if it sees doubleclick's (or other big ad agencies)
server refered to. By then it is too late of course, unless you can put a
filter between your browser and the net, which can strip out that kind of
crap before the browser gets hold of the page and goes asking for gif. Is
that possible?

I must say I'm most impressed by the technique of putting the bugs in email,
to marry together your machine's cookie with your email address. Very sweet.

There must be loads of ways to deal with cookies; one would be to make
software which detects (just by polling infrequently) when certain org's
cookies turn up, and lets you choose to have them erased immediately/after a
short delay/when you decide to manually. So the double-click cookie turns
up, for instance, then gets blown away say 10 minutes later. Might need to
be smarter than that, on reflection, as that might often have the effect of
logging you out of sites; not in the case of Doubleclick; you could deleted
their stuff immediately, but many sites require cookies to function. That,
after all, is the whole problem; how to allow the "good" cookies, without
the baduns.

So you could have your cookies, and eat them too, yes?

I wonder whether it's worth worrying about that stuff. Probably it is; that
must be what all that "price of freedom is eternal vigilance" hype is about.
Emlyn

> The technique is that DoubleClick pays the adult site to put a 1x1 pixel
> invisible graphic on their site. When your browser hits the site, it also
> loads the graphic which is served from DoubleClick's servers so your
browser
> also sends your DoubleClick cookie (you do have one, don't you?) to them
> along with a referrer URL in the HTTP request that DoubleClick can then
use
> to know what site you are at currently.
>
> Any site you hit with a DoubleClick ad or other image is tracking you. I
> think they still claim that they will not link up your cookie with your
> real name and other info that they also have in their databases, but who
> trusts them?
>
> I wish Netscape had a way to let me disable cookies to only certain web
> servers or wildcards.
>
> > "Emlyn (onetel)" wrote:
> >
> > I found this on slashdot, so lots of you have probably seen it. It's
about web
> > bugs; a method of monitoring who is viewing webpages when, which also
works
> > with html email and new postings. I'm not surprised that this happens,
but I'm
> > interested to see the exact techniques.
> >
> > WebBug FAQ:
> > http://www.tiac.net/users/smiths/privacy/wbfaq.htm
> >
> > Article about monitoring of porn & medical sites by Doubleclick (an
> > interesting read)
> > http://www.politechbot.com/p-01250.html
> >
> > I'm loving the wild west!
> > Emlyn
>



This archive was generated by hypermail 2b29 : Mon Oct 02 2000 - 17:33:52 MDT