'Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged'

Baserk · #1 July 30th, 2011, 05:13 PM

"Researchers at U.C. Berkeley have discovered that some of the net’s most popular sites are using a tracking service that can’t be evaded — even when users block cookies, turn off storage in Flash, or use browsers’ “incognito” functions.

The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics.

But the researchers say the site is using sneaky techniques to prevent users from opting out of being tracked on popular sites, including the TV streaming site Hulu.com.
...
“Both the Hulu and KISSmetrics code is pretty enlightening,” Soltani told Wired.com in an e-mail. “These services are using practically every known method to circumvent user attempts to protect their privacy (Cookies, Flash Cookies, HTML5, CSS, Cache Cookies/Etags…) creating a perpetual game of privacy ‘whack-a-mole’.”

“This is yet another example of the continued arms-race that consumers are engaged in when trying to protect their privacy online since advertisers are incentivized to come up with more pervasive tracking mechanisms unless there’s policy restrictions to prevent it.”

From Wired.com article link

Social Science Research Network Full report link

tlu · #2 July 31st, 2011, 12:20 PM

Rather terrifying, isn't it?

Same sites where you can test the fingerprint of your browser are:

http://www.leader.ru/secure/who.html
http://centralops.net/asp/co/BrowserMirror.vbs.asp
http://panopticlick.eff.org/

It's interesting to see on, e.g., the latter site what difference it makes if you whitelist this site in Noscript or not. This emphasizes that blocking scripting and plugins by default is not only a security but also a privacy issue.

Cudni · #3 July 31st, 2011, 02:19 PM

Looks like Ghostery and Adblock Plus block the approach

dw426 · #4 July 31st, 2011, 05:28 PM

Quote:

Originally Posted by Cudni

Looks like Ghostery and Adblock Plus block the approach

On Firefox that's probably the case. On Chrome, it may be a crapshoot due to the limitations placed on extensions. For instance, under Chrome, not only is Ghostery unable to to stop all trackers (they attribute this also to the "speed of the page load"), but trackers that can be blocked sometimes are not until you manually refresh the page. As for ABP under Chrome, it's well known that many ads can't be stopped (especially Flash-based).

m00nbl00d · #5 July 31st, 2011, 05:33 PM

I personally use the hosts file to block ads and trackers. The tracker mentioned here is blocked.

dw426 · #6 July 31st, 2011, 08:49 PM

Quote:

Originally Posted by m00nbl00d

I personally use the hosts file to block ads and trackers. The tracker mentioned here is blocked.

MVPSHost seems to have gone down in quality, I'm testing it now and see a lot of ads still, and Ghostery is still blocking or attempting to block many trackers. Oh well, AdblockPlus is back as an addition, hehe. Ads are getting good and avoiding blocks.

cm1971 · #7 July 31st, 2011, 08:52 PM

Quote:

Originally Posted by Cudni

Looks like Ghostery and Adblock Plus block the approach

I was going to bring up Ghostery and ask if it protected against this.

m00nbl00d · #8 July 31st, 2011, 08:59 PM

Quote:

Originally Posted by dw426

MVPSHost seems to have gone down in quality, I'm testing it now and see a lot of ads still, and Ghostery is still blocking or attempting to block many trackers. Guess I'll be using more than one Host file

MVPS hosts file seems to only block two domains related to KISSmetrics.

hpHosts is blocking 4, including the main domain (http://hosts-file.net/default.asp?s=kissmetrics)

MVPS hosts blocks one that hpHosts doesn't, though. Vice-versa.

funkydude · #9 July 31st, 2011, 11:35 PM

If it's 3rd party tracking fanboy's TPL's probably cover it.

tlu · #10 August 1st, 2011, 07:16 AM

Quote:

Originally Posted by Cudni

Looks like Ghostery and Adblock Plus block the approach

Cudni, I personally think that Ghostery is actually redundant if you

1. block 3rd party cookies in Firefox by default and
2. use the EasyPrivacy or Fanboy Tracking list subscription in Adblock Plus.

It's also a matter of course that cookies must be blocked by default or - as a compromise - allowed only as session cookies whereever possible

Web bugs can be blocked by Noscript. This extension is - as mentioned in post #2 - necessary anyhow as blocking javascript and plugins by default significantly reduces the size of your browser fingerprint. This can not be achieved by ABP (and/or Ghostery) alone.

Cudni · #11 August 1st, 2011, 07:23 AM

Quote:

Originally Posted by tlu

Cudni, I personally think that Ghostery is actually redundant if you

1. block 3rd party cookies in Firefox by default and
2. use the EasyPrivacy or Fanboy Tracking list subscription in Adblock Plus.

However, there are other browsers that equally need protection

tlu · #12 August 1st, 2011, 07:29 AM

Quote:

Originally Posted by Cudni

However, there are other browsers that equally need protection

That's true

However, both measures are also available for Chrome. I'm not sure about other browsers.

J_L · #13 August 1st, 2011, 12:15 PM

Look at all the dodging solutions just mentioned. Title is BS as usual.

lotuseclat79 · #14 August 4th, 2011, 11:08 AM

Class-action complaint against Kissmetrics and others for use of Flash LSO [pdf] (935.8 KB: 30 pages).

-- Tom

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search