Are you being tracked?

[DamianTV]

Im always concerned about my privacy and it is never respected by advertisers. It seems to me that every advertiser on the planet and 95% of the websites all want to track you. Doesnt matter taht they dont ask for your permission, or even tell you that they are going to try to track you, or collect statistical information on you without your knowledge or permission, and I want to know what you guys all do to fight it.

I do some php programming where I work and wrote a script that may help you see if you are being tracked or not. If you want to see if you have your system set up correctly, take a look at this webpage. I'll explain a bit more in a second about what it does...

http://www.775.net/ps3/

Once it loads, then try refreshing the page.

Now what it actually is basically is a very simple cookie script. Not just your average cookie script but a self restoring cookie script using both flash cookies (a.k.a. LSO or Local Shared Objects or just SO Shared Objects). If you get the same numbers over and over again then I can use this type of technology to track who you are and where you go on the internet. Now there may be some of you that block http cookies. Good for you. But how about Flash cookies? This script basically tests to see if I can set an HTTP Cookie and a Flash Cookie, and since HTTP are easier to get rid of, if the script sees that there is a flash cookie with no corresponding HTTP cookie, it restores the Flash cookie, and your efforts to evade my tracking are in vain.

What you should see is just a number. That number is all that is important to me. On my end what I can do with it is tie it to a statistical database and start building an extensive profile on your behavior. What I am actually doing is only counting the total number of hits, and not doing statistcal tracking, although you wouldnt really have any way of knowing if I did or did not. Im not really tracking you but this is how it would be done by those with less than honorable intentions.

-------------------------------------

PLAYSTATION 3 OWNERS!!! PLEASE TEST THIS SCRIPT ON YOUR PS3's WEB BROWSER AND SEE IF YOU CAN BLOCK OR GET RID OF THE FLASH COOKIE. IF YOU CAN THEN YOU SHOULD GET A DIFFERENT FINAL NUMBER. From what I have tested thus far, it is IMPOSSIBLE to delete flash cookies from the PS3 Web browser, and you have absolutely no say so in whether or not Im going to track you or not. If you have found a way to delete your flash cookies on your PS3, please let me know cuz I have not found a way to do it yet, thus anyone that uses a PS3 for browsing the web (god only knows why someone would be insane enough to do that tho...) your privacy is at great risk. Be advised.

Anyone else I'd like to know what you do to protect your privacy.

[Uriel999]

Good thing I never use my ps3's web abilities, just online gaming at most...I don't even ever really use that much either...

[Kludge]

wtf am I doing on my ps3 web browser? It's difficult to even use without plugging in a compatible mouse and keyboard. I need to get linux on it some day.

[DamianTV]

Ok well the point of it kind of was that IF you use your PS3's web browser at all, even for downloading demos, you will be tracked and there is absolutely nothing you can do to stop it. Only way to fix it is to hit teh macromedia flash settings webpage where you can allow 3rd parties to store local content on your machine but every time I've tried with the PS3 browser, that flash thing wont run. And thats the problem. You have no possible way to actually protect your privacy on a PS3 even with all your security things turned all the way up. But the settings for flash SHOULD run on your computer however.

http://www.macromedia.com/support/do...s_manager.html

Thats where you control your flash settings to allow or deny "Allow 3rd Party Flash content to store data on your computer." which is also used for tracking by major ad agencies on THIS link...

http://www.macromedia.com/support/do...manager03.html

Now, the other important thing is that if you try hitting this little test script that I wrote just using your computer regularly, try refreshing the page and see if you can block all my cookies or if I am able to restore the hidden tracking cookies back to your original number.

[DamianTV]

Then I see this in the news on slashdot...

http://yro.slashdot.org/article.pl?s...25245&from=rss

[LittleLightShining]

I clicked your link and this is what I got:

cookie not set, tried to set a cookie with an ID value of 104

Delete Cookie

Delete Cookie is an active link, which I didn't click. Also, there is some sort of flash thing going on underneath it, but I have NoScript as an add-on for firefox 3. The only way I'd know what that is is to click it.

After refreshing I get this:

got a cookie back and its numeric
Cookie Id: 104
cookie updated
db updated, counter increased by 1 to 2


Delete Cookie

Does this mean my NoScript is little more than a pain in the neck? What else should I do?

[pcosmar]

Isn't PS3 a SONY product?

I refuse to use or buy any SONY product since their "rootkit" was discovered.
http://www.wired.com/politics/securi.../2005/11/69601
I do not care for that kind of business practice.
I do not care for that kind of disrespect.
I will not support their company in any way.

It is the same reason I do not like Window$, and made the switch to Linux a few years ago.
http://www.defectivebydesign.org/
http://www.eff.org/

[DamianTV]

I clicked your link and this is what I got:


Delete Cookie is an active link, which I didn't click. Also, there is some sort of flash thing going on underneath it, but I have NoScript as an add-on for firefox 3. The only way I'd know what that is is to click it.

After refreshing I get this:



Does this mean my NoScript is little more than a pain in the neck? What else should I do?

The noscript that firefox blocks refers to javascript. Javascript is only one of many ways that HTTP cookies can be stored on your computer. The script I wrote is a server side script based in php so clients never execute my source code. Also flash uses its own scripting language called actionscript so even though you deleted the http cookie, and have the noscript plugin running, on my server I was able to restore your cookie and could effectively track you.

How to fix: Sounds like you have firefox set to allow cookies. noscript isnt the most effective way to prevent cookies, you have to change that setting in firefox to block all cookies, or at least prompt or try a cookie managing plugin. What your noscript will do is to block some cookies and some popups that are run on your computer from javascript. javascript is a CLIENT side scripting language, and noscript plugin wont do anything against server side scripts.

[hillbilly123069]

The money in your pocket is being tracked.
Link coming.
http://www.youtube.com/watch?v=NwEa5A15-fs

[DamianTV]

I clicked your link and this is what I got:


Delete Cookie is an active link, which I didn't click. Also, there is some sort of flash thing going on underneath it, but I have NoScript as an add-on for firefox 3. The only way I'd know what that is is to click it.

After refreshing I get this:



Does this mean my NoScript is little more than a pain in the neck? What else should I do?

The noscript that firefox blocks refers to javascript. Javascript is only one of many ways that HTTP cookies can be stored on your computer. The script I wrote is a server side script based in php so clients never execute my source code. Also flash uses its own scripting language called actionscript so even though you deleted the http cookie, and have the noscript plugin running, on my server I was able to restore your cookie and could effectively track you.

How to fix: Sounds like you have firefox set to allow cookies. noscript isnt the most effective way to prevent cookies, you have to change that setting in firefox to block all cookies, or at least prompt or try a cookie managing plugin. What your noscript will do is to block some cookies and some popups that are run on your computer from javascript. javascript is a CLIENT side scripting language, and noscript plugin wont do anything against server side scripts.


-----

Edit: @pcosmar, yeah PS3 is a Sony problem, er product. And yeah the were the same bastards that introduced the world to the worst kind of virus imaginable, the rootkits. I cant blame you for switching to anything but windows, but all these software developers are becoming clones of each other. For example, I tried to fire up Roxio on this computer Im working on now, and the first thing that I got was a Internet Explorer prompt to ALLOW or BLOCK cookie from Roxio. Wait a sec, I didnt go to Roxio's website, I just opened the program and even though the burning program doesnt need to talk back to their network at all, it still did just to track me! How BS is that?

Or lets look at some of the other major $#@!s in the market other than Micro$oft. Lets look at Adobe. Free version of Adobe Photoshop now claims that any picture you create, edit, manipulate, or modify becomes the intellectual property of adobe. And if you run a packet sniffer to see what these programs are trying to send back to homebase, you'll find that most of these programs want to track everything you do, and I guarantee it is NOT just for updates. Ok, how about EA games? Why does every single one of their programs need to phone home every time you run a SINGLE PLAYER game? Ok, sure there is the whole lets check for update things, but based on some of the packets that are being sent back to them, they are totally encrypted! What is so special about checking for an update that it needs to be requested in an encrypted format, unless...... oh its NOT an update its looking for! And since Adobe took over Macromedia's Flash, the newest version of Flash studios do the same thing, they send back more than most people are aware of to their parent company!

Now heres the important thing about it. Did they ASK you for permission! NO. Did they even bother to try to tell you that they would try to track everything that you do? NO. Do they have the right? Sure, if you agree to give them permission to do so. Doubleclick.net wants to put a cookie on your computer so they can find out exactly who you are and what you are most likely to purchase. Is that ok? Not unless they give you a way to Opt Out, or even at least let you know in some way shape or form. Your single player game wants to let the parent company know what else you have installed on your computer? (*cough* WoW).

Then we get this on BluesNews yesterday...

Users talk the talk, but don't walk the walk on privacy

[LittleLightShining]

The noscript that firefox blocks refers to javascript. Javascript is only one of many ways that HTTP cookies can be stored on your computer. The script I wrote is a server side script based in php so clients never execute my source code. Also flash uses its own scripting language called actionscript so even though you deleted the http cookie, and have the noscript plugin running, on my server I was able to restore your cookie and could effectively track you.

How to fix: Sounds like you have firefox set to allow cookies. noscript isnt the most effective way to prevent cookies, you have to change that setting in firefox to block all cookies, or at least prompt or try a cookie managing plugin. What your noscript will do is to block some cookies and some popups that are run on your computer from javascript. javascript is a CLIENT side scripting language, and noscript plugin wont do anything against server side scripts.

I thought I had firefox set up so I wouldn't accept cookies from unauthorized sites. I'll have to take a look at this and see if I can fix it.

[american.swan]

If I manually "delete all cookies" in firefox does that work to stop you from tracking me?

A couple of thoughts. From a business standpoint tracking a user for targeted advertising seems like a good idea. I even like the idea of ads being shown to me that I might be interested in especially if haven't heard about said product or "news", now that would be cool, targeted news items on web pages. Anyways, I also see a lot of problems with "abuse" issues. So though the idea is nice, it's just too risky from a privacy point of view. I don't want the government watching what websites I've been too, because I don't trust the government and there is little reason for me to trust any other corporation. So definitely I see reason for concern and a need for privacy.

[DamianTV]

If I manually "delete all cookies" in firefox does that work to stop you from tracking me?

A couple of thoughts. From a business standpoint tracking a user for targeted advertising seems like a good idea. I even like the idea of ads being shown to me that I might be interested in especially if haven't heard about said product or "news", now that would be cool, targeted news items on web pages. Anyways, I also see a lot of problems with "abuse" issues. So though the idea is nice, it's just too risky from a privacy point of view. I don't want the government watching what websites I've been too, because I don't trust the government and there is little reason for me to trust any other corporation. So definitely I see reason for concern and a need for privacy.

That is actually part of what I was trying to show is that I can restore your deleted cookies thru the use of a second Flash cookie that acts as a backup. Flash can load external content, and thru actionscript, I can use that to see if you did delete your cookie, then I can restore its original value, even if you did delete it, so short answer, deleting just your cookies in firefox or any other browser by itself does NOT stop me from tracking you.

Now it definitely is not my place to tell you that you should do this or you cant do that. It should be your CHOICE. As in companies must respect your choice also. You want to sign up and have targetted advertising because it gives you a discount on something, its not my call for me to make for you in how to live your life. At the same time, its not the companies call to just instantly assume that you choose to not have any privacy because the company want to show you ads. But I do get the balance that ads have to be shown to support many websites. I dont have any sort of a beef with that. Just when the company, like Yahoo, prior to thir announcement that they will now allow users to OPT OUT of targeted behavioral advertisments, would be companies like Yahoo that did not allow you to opt out no matter what.

Personally what I do is I block a lot of advertisers. And its not all privacy. The sheer volume of ads that comes off of the internet is beyond stupid. And I've done some statistical analysis on myself also. By using a HOSTS file, and a script on a webserver, I can see the total number of ads that by myself I have blocked. And it only came to 15 million. I replaced it with an empty 404 page that every time it gets hit, increments one counter. 15 million. As in 15,000,000. And if you figure the ammt of time, even on broadband that it takes for me to get all this content, 15,000 bytes (15k) as opposed to 4 bytes for header data only, times 15,000,000, I have sped up my internet by 225,000,000,000 bytes of unnecessary transfer, or 225,000 Megs. 22.5 Gigs of advertising data. How long would it take you to download 22.5 gigs? I estimated it on my average speed as being 11.6 (yeah my hi speed isnt that fast, it pretty well sucks) days per year just waiting for advertisements to download. And thats only with a small list of advertisers.