Yahoo web beacons

Discussion in 'other security issues & news' started by Franklin, May 17, 2005.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Yahoo tracks all of its users everywhere on the web and the way to opt-out is detailed below. If you have a Yahoo e-mail account or belong to one of Yahoo's many Yahoo groups, this probably applies to you. Yahoo has probably been tracking everything you do online. Follow the instructions precisely to opt out of this. Notice the important part at the very end.

    "Yahoo is now using something called 'Web Beacons' to track Yahoo Group users around the net and see what you're doing and where you are going similar to cookies. Yahoo is recording every website and every group you visit.

    Take a look at their updated privacy statement:

    http://privacy.yahoo.com/privacy

    About half-way down the page, in the section on cookies, you will see a link that says web beacons. Click on the phrase web beacons.

    http://privacy.yahoo.com/privacy/us/beacons/details.html

    That will bring you to a paragraph entitled "Outside the Yahoo Network."

    In this section you'll see a little "click here to opt out" link that will let you "opt-out" of their new method of snooping.

    Once you have clicked that link, you are exempted. Notice the "Success" message on the top of the next page. Be careful because on that page there is a "Cancel Opt-out" button that, if clicked, will **undo** the opt-out. So don't reflexively click that button, or you will undo the opt-out ! Feel free to forward this to other groups."
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hmm, gotta wonder about that one.

    I just followed the instructions, opted out and got a success message.

    The only problem with this scenario is that

    (a) I wasn't logged in to Yahoo Messenger through Trillian and

    (b) I accessed the site through Tor/Privoxy

    So I'm kinda wondering - how in the world could that have possibly succeeded? Pete
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    http://www.webopedia.com/TERM/W/Web_beacon.html

    "Turning off the browser's cookies will prevent Web beacons from tracking the user's activity. The Web beacon will still account for an anonymous visit, but the user's unique information will not be recorded."

    EDIT: Just jogged my memory that HP also uses Web Beacons:

    Use of cookies and Web beacons
    http://welcome.hp.com/country/us/en/privacy/cookies_beacons.html

    -rich
     
    Last edited: May 18, 2005
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    A more serious problem is the use of encrypted web beacons (https:// links) - these will bypass any third-party cookie/web filters (which cannot work on encrypted traffic) so only a filter that can handle https or browser settings would work. See the Dangers of HTTPS thread for more details.

    Yahoo is a particularly obnoxious example since parts of their site (e.g. Yahoo Groups) require cookies to be enabled before allowing you to read content (some filters allow you to specify subdomains so allowing cookies for groups.yahoo.com can allow access while not revealing details to other parts of their site).

    However the original post is incorrect in one respect - Yahoo can track you on their pages via web bugs but cannot see which sites you visit elsewhere. Third party advertisers and trackers (e.g. Doubleclick, Nielsen NetRatings) on the other hand do make more widespread use of web-bugs on other sites and are therefore a more significant privacy threat.

    Also note that using anonymising clients like JAP or Tor make no difference here - it is cookie and web-bug filtering that counts.
     
  6. oldhash

    oldhash Guest

    <yahoo< web beacons have been in use for several years. Spy1 you discussed this a long time ago. Seems I recall that spyblocker works on this exploit. Check with Paul K.
     
  7. smokie420

    smokie420 Registered Member

    Joined:
    May 10, 2005
    Posts:
    64
    Location:
    Louisiana
    Well I guess thats just great! It should be better explained to us 'newbies' to computers and to the internet!! I have already downloaded Yahoo Messenger, and 'toolbar'! I may not understand fully of what I read, but it doesn't sound good, does anyone suggest I do 'something' about the software I've gotton from them. Meaning, should I get it off my computer or anything?
    Regards,
    Smokie
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    As a general guide, try searching for, and trialling, genuinely free software instead (e.g. Miranda for instant messaging, though this is still in development). Steer clear of anything heavily advertised. Adverts cost so who ends up paying ultimately? The customers, in one way or another!
    Plenty of advice is available for new users - but they have to take the initiative in searching for it. For example Cert CC: Before You Connect a New Computer to the Internet, Eric Howes' Protecting Your Privacy & Security on a Home PC and the various FAQ threads here. There is a lot to learn, but your online experience should be greatly improved by knowing what dangers exist and how to counter them.
     
  9. Pollmaster

    Pollmaster Guest

    Yahoo uses a system of cookies and web-bugs to track you. Using Tor or whatnot won't work, since regardless of your ip, the cookie on your computer indentifies you.

    Opt out works the same way by placing a cookie on your computer that yahoo will access each time to learn that you are opting out and so it won't track you.

    Of course, if you clear cookies routinely, the optout will disappear too.
     
Loading...
Thread Status:
Not open for further replies.