A Push to Limit the Tracking of Web Surfers’ Clicks

Discussion in 'privacy general' started by Dogbiscuit, Mar 20, 2008.

Thread Status:
Not open for further replies.
  1. Dogbiscuit

    Dogbiscuit Guest

    Article
     
  2. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    A nice idea, but I am always uncomfortable when the government seeks to expand its power over the internet. Moderation is not one of their strong points. An easier and less expensive way for Mr. Brodsky to do this would be to send a flier to his constituents suggesting steps to take to limit this kind of tracking. Somerhing like "Brodsky, tough on crime and cookies" or "Keep America strong and disable javascript"
     
  3. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Agreed benny bronx. End user education is the solution, not government intervention.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: A Push to Limit the Tracking of Web Surfers’ Clicks

    Correct me if I'm wrong:

    Unless you store a permanent cookie for a site, you cannot be tracked.

    For example, I keep a permanent cookie at Amazon.com, a site I use many times a week.
    It's convenient to recognized automatically upon connecting to the site, with recommendations
    listed based on my past history:

    amazon-1.gif
    ________________________________________________________________

    Without that cookie, Amazon doesn't know who I am, as evidenced by their greeting:

    amazon.gif
    ________________________________________________________________

    From Amazon's privacy statement:

    ----
    rich
     
    Last edited: Mar 20, 2008
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Partial quote above.

    You are mistaken.

    You can be tracked through 'web bugs', sometimes also called 'web beacons'. There may be other names.

    You may also be tracked by your IP. Most broadband users have what is usually a static IP, even if configured as dynamic. And not every ISP allows you to change your IP ! If your IP is completely dynamic, it is (almost?) not an issue.

    Some people who use IE 7 allow direct cookies, and block indirect cookies.
    This can be circumvented by basically switching domains, effectively making the 'third part' briefly the 'first part'. This is often (always?) done in combination with web bugs. (Please don't ask me about the technical aspects, I read about it in one of the podcasts on www.grc.com -in writing, the podcasts take too much time).

    There are also flash cookies (good idea to upgrade to the latest version, and to configure the security settings). There may also be other 'cookies' as well.

    If you have a static 'machine name' (often associated with a static IP) you may be tracked that way as well.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: A Push to Limit the Tracking of Web Surfers’ Clicks

    My understanding of web beacons is this:

    http://en.wikipedia.org/wiki/Web_bug
    This tells me that if one has a dynamic IP address, then subsequent visits cannot be correlated.

    I've spoken in person with my ISP (local business in town) about client privacy. He said that an ISP can maintain logs on the server of each client as long as the ISP wants to. His policy is to clear all logs each evening. I concluded that if you can't trust your ISP, then you should change.

    Unless you use online services where you store a cookie, I don't think this is much of a privacy issue at all. Again, if one can't trust the services, or doesn't belive their privacy policy, then one should do business elsewhere.


    ----
    rich
     
  7. Dogbiscuit

    Dogbiscuit Guest

    Well...
     
  8. Dogbiscuit

    Dogbiscuit Guest

    "Educating Users" - One of The Six Dumbest Ideas in Computer Security
     
  9. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    @ Dogbiscuit. I will for ever say education is the answer. It is up to them to remain current. If they choose to remain ignorant then so be it. As the article states, the way I read it, PC knowledge is an almost evolving thing as more and more children\people are now growing up with computers in their home.

    IMO it is about self reliance.....or as close as an individual can obtain. I am the Family Geek. I am the "Help Desk" the Tech. that makes free house calls. I try to explain things as simply as I can. I give them the basics to protect themselves. If they call with more questions, I gladly answer them. If they willingly\knowingly ignore my advice and run into trouble I send them down the road to the local Tech. shop. This usually only happens one time. After they see the bill they admit to the error of their ways and really do start listening and learning.

    Example: My Son-in-Law is becoming a budding Geek. When he first started questioning me about security I explained to him about the basics then went in to it in a bit more detail. How his PC being infected could\would effect others for instance. He stated as long as it did not screw up his PC, slow it down etc., he did not care. I told him he was on his own and I would not assist him any longer. He has since had a change of heart. He runs FF with NoScript in Sandboxie as well as an AV and a firewall. Would love to see him use a HIPS of some sort.......but at least it is a start.

    My attitude in a nutshell, I would rather teach a person to fish then give him one.

    ThunderZ stepping of off his soapbox. :blink:
     
    Last edited: Mar 22, 2008
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: A Push to Limit the Tracking of Web Surfers’ Clicks

    (my emphasis)

    Yes, very interesting studies indeed -- who comprised the sample?

    The non-significant percentage who didn't trade, and the other 1/2 of humanity who don't click on just anything, are those who have been taught (dare I say educated?) by someone who took the time to explain about scams and enticements.

    That's just a dumb statement.


    ----
    rich
     
  11. Dogbiscuit

    Dogbiscuit Guest

    @ Rmus, I know some of the terms the author used are provocative, and his evidence was anecdotal at best, but I thought his point about there being limits to educating users was sound, given my experience anyway.

    @ ThunderZ, I agree with your statements and have had similar experiences. I just go a step further.

    Education certainly hasn't solved the problem yet (although that doesn't prove it can't). Sometimes more is needed. In this case, I believe more has to be done to look out for the unaware and gullible. It's called consumer protection.

    Certainly the new laws restricting spam, for example, as feeble as they seem to be now, are better than nothing.

    But I respect your position. You may be correct that this isn't a situation requiring any legal restrictions. But like you, I have to say that it just doesn't look that way to me now - I can't imagine that it should be legal for your ISP to sell your name, address, phone number and a history of the web sites you visit (and what you look at) to the highest bidder without any restrictions whatsoever.

    If nothing else, don't you think you should get something for selling your personal information?
     
    Last edited by a moderator: Mar 22, 2008
  12. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    But you do you do........at the very least you get a bunch of spam. :cautious: :eek: :D ;)
     
  13. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Phorm is what it is all about not what you guys or Mr Brodsky are going on about. Mr. Brodsky is behind the times and his bill is not needed.

    Phorm is already wrecking havoc on users with the three major English ISPs and, according to the New York Times, will be coming to the USA to some broadband providers very soon. Phorm is currently in negotiations with Verizon, Comcast and AT&T. If allowed to place their hardware on these broadband providers networks, the internet as we know it will cease to exist. Now is the time to educate ourselves and start protesting. Phorm is man-in-the-middle physical attack hardware that will snoop on your EVERY move on the internet without your permission. This includes reading your email and your Instant Messages. Phorm is a nasty spyware company, a rootkit peddler ...remember PeopleonPage? That is Phorm coming soon to your ISP.

    I started a thread at the Avira forum on this issue and there is another one at dslreports. If you begin to research Phorm you will find a great deal of information that will sicken you. Start with my thread at Avira where I, and others, placed a lot of very pertinent links. Also read the dslreports thread.

    http://forum.avira.com/thread.php?threadid=35032
    http://www.dslreports.com/forum/r20093862-ISP-Based-Contextual-Advertising
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: A Push to Limit the Tracking of Web Surfers’ Clicks

    http://www.guardian.co.uk/technology/2008/mar/06/internet.privacy
    My Browser is configured to accept only Cookies as specified in the Server Manager. So, am I immune from this Phorm cookie "with a unique number ... set on your browser?"


    ----
    rich
     
  15. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    Regarding Amazon:

    They have improved much over the years but consumers should be informed on how their clicking, reading, and purchase habits are profiled and used.

    The privacy notice describes some of processing practices. Does not discuss what is done with 'clickstream' and 'cookie data', i.e. whether Amazon tracks usage, popularity, and then profiles.

    A quick note: customers may close their accounts, but this is only possible through an email sent to them, and you must be signed in as an account holder in order to do that.
     
  16. Dogbiscuit

    Dogbiscuit Guest

    @Mele20, I'm not sure I understand your point.

    Are you saying this law doesn't restrict ISPs (and Phorm) from tracking the websites you visit and selling this data, only that it restricts your ISP (or any website) from linking that data with your name, address, or phone number, and trying to selling it?

    "THIRD PARTY INTERNET ADVERTISING CONSUMERS` BILL OF RIGHTS ACT OF 2008" (Bill Summary)

     
    Last edited by a moderator: Mar 25, 2008
Loading...
Thread Status:
Not open for further replies.