Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Earthlink's Extra HTTP Header

michael posted more than 13 years ago | from the snooping-for-fun-and-profit dept.

Privacy 271

HerrHair had the first reader submission of this, but it took a few days to look into it. If you use Earthlink's customized browser/email/chat/kitchen sink application, which Earthlink recommends for all of its new customers, you are sending an extra HTTP header called HTTP_ELNSB50 with every HTTP request (every download of a file or image), and the data for this header is a lengthy alphanumeric string, which readers took to be a unique ID of some sort. This does not appear to be the case.

Steve Gibson was apparently the first one to look into this browser serial number. I'm a little hesitant to link to that page, since its contents have changed dramatically twice in the last 24 hours. Gibson initially had a page claiming it was privacy-invading unique ID. He changed it to include a disclaimer in a large red box, and has now changed it again to display the information Earthlink provided about the serial number. Earthlink provided much the same information to slashdot after our query.

The header information sent is similar to the codes below. Depending on how logging is set up on a given webserver, they may or may not be logged, but enough server logs are accessible across the net that typing ELNSB50 into any search engine will find examples. (ELNSB50, by the way, apparently stands for "Earthlink Sandbox 5.0".)

ELNSB50::0000411003200258029a012800000000050300280 0000000
ELNSB50::0000411003200258029a012d000000000503002a0 0000000
ELNSB50::0000411003200258029a013200000000050300280 0000000
ELNSB50::0000411003200258029a0132000000000503002a0 0000000
ELNSB50::0000411003200258029a013b000000000503002a0 0000000
ELNSB50::0000411003200258029a013d000000000503002a0 0000000
ELNSB50::0000411003200258029a014700000000050300280 0000000

Even a cursory examination should show that these numbers don't have enough uniqueness to be globally unique IDs. Microsoft's GUID had 128 bits; a good hash function might have 160 bits; those serial numbers, culled from widely scattered machines, aren't unique enough.

This is what Earthlink sent us about the codes:

reserved: 14 future growth
monitorDepth: 8 monitor bit depth
browserFontSize: 3 browser font -- small to large
connectionSpeed: 3 One of 4 categories
connectionType: 4 Modem, high speed, etc.
monitorHorz: 16 horizontal area
monitorVert: 16 max vertical area
browserViewHorz: 16 views horizontal area
browserViewVert: 16 views vertical area
popID: 32 numerical POP ID
sandboxVersion: 32 what version of the sandbox sent this?

Most items should be self-explanatory. ConnectionSpeed has four possible values: slow dialup (<56K), fast dialup (56K), slow broadband, and fast broadband. The POP ID refers to which of Earthlink's Point-of-Presences you are dialed up to - which bank of modems you called. The rest should be clear. If you assume the codes are a number in hexidecimal, and the above are the number of bits dedicated to each bit of information, they appear to agree well. This table differs slightly from Steve Gibson's version. The differences appear to be minor and reconcilable - Earthlink doesn't seem to like the use of the word "Sandbox" in external publications, but it's their own term for their software and it seems quite appropriate: a closed environment which has all the toys you need and which you don't want to/are not able to escape from. (A screenshot of Earthlink's Sandbox is available.)

While I was looking into this, I also noted (Ethereal strikes again) that Earthlink's Sandbox sends a good chunk of data back to Earthlink's servers upon initial installation - this data is PGP-encrypted, or at least it is preceded by a header indicating that it is. This data is sent whether or not the user is signing up for a new account or just re-installing the software on an old machine. There is no easy way to determine what information is being sent back without performing a comprehensive disassembly of the software. As of press time, Earthlink has not provided any information about what is being sent to Earthlink's servers when their software is installed.

So, there you have it. Is Earthlink's code a unique ID? Apparently not. Does it reveal more information about you when you are browsing the web than is revealed by any other web browser? Yes. Can you turn it off? No, but you could use another browser. Will 99% of Earthlink's users ever know about it? No.

cancel ×

271 comments

Sorry! There are no comments related to the filter you selected.

software phones home (1)

Anonymous Coward | more than 13 years ago | (#352121)

Earthlink's Sandbox sends a good chunk of data back to Earthlink's servers upon initial installation ... There is no easy way to determine what information is being sent back without performing a comprehensive disassembly of the software.

Let alone the HTTP header, the installation transmission seems to be an issue. It's not the first time I see software doing it, and I'm getting sick of it. I don't want my software to "phone home" every time it's installed or run. That's when I jumped in the open source/free software bandwagon. I won't run ANYTHING without the source code available. Granted, I will not always CHECK the source code, but at least I can.

CC/PP (1)

Anonymous Coward | more than 13 years ago | (#352122)

There is a W3C standard called CC/PP for telling web servers all about your browser (so that it can send you some useful content rather than just telling you 'this page is best viewed in 800x600 in lots of colours). This seem to be doing much the same, abeit in a non-standard way. Then again, everyone is ignoring CC/PP.

CC/PP (1)

Anonymous Coward | more than 13 years ago | (#352123)

Timely article. W3C just advanced a working draft [w3.org] of CC/PP to Last Call.

It stands for Composite Capabilities/Preferences Profiles. It's a language that your browser could use to describe its capabilities and your preferences, e.g. "32-bit display, 800x600 browser window, PPC hardware, no applets."

The idea is, of course you want the server to know what you've got, so it doesn't send you useless content. Like it or not, your browser will be having deeper conversations with servers, pretty soon.

...On the other hand, this language (CC/PP) looks too complicated to use.

I'm a web developer. If I'm on the server, I want to deliver content to the browser and let the browser format it appropriately, taking into account resolution, window size, color depth, user colorblindness, and so on. Heaven knows I don't want to write an IF statement for every possible pipe size.

There just needs to be a way for me to write "you've got a choice-- low-bandwidth or high-bandwidth media; 8-bit or 32-bit images" using tags in my HTML, and the user's browser should decide what to do with that information. Often it can just pick the best alternative for that client. If not, it can always just render two links and let the user choose.

--
Jason - too lazy to log in

Re:The real issue (2)

sjames (1099) | more than 13 years ago | (#352134)

Earthlink could do themselves a big favour by revealing exactly what is being sent.

We can make several guesses based on the fact that it is encrypted. It is encrypted because:

  1. It's customer's private information that they filled in themselves.
  2. It's information that Earthlink definatly doesn't want anyone to know they are gathering
  3. It can be.

3 is unlikely (why spend money for a totally unnecessary feature). Since I have no idea what sort of information is entered for installation, I'll guess 1.

In the case of 1 or 2, they'll never give enough information to verify any of it. If it is 1, that's with good and honorable reason.

Why need this information? (3)

Masem (1171) | more than 13 years ago | (#352136)

As others have stated, it's not really a uniqueid, your connecting IP is giving away more information that this. But why do they need all this data?

The only thing that it would seem to me is that it is because Earthlink has poor web page design (not browser, their internal web pages!) that they require to know 1) what speed you can handle , as to adjust A/V content as to suit your connection speed, 2) what your screen layout is as to probably used fixed width tables effectively in the HTML layout, and 3) where you are located in the country (via the POP bank info). Neither of which is even necessary if you follow HTML 4 specs, with effective use of the OBJECT tag, relative table sizes, and use of the standard HTTP header and/or cookies, respectively.

In other words, their customized browser appears to be covering up for lame web page designers.

Re:Horrors! (3)

Genom (3868) | more than 13 years ago | (#352145)

The sad thing is, the law actually goes the other way and protects THEM from YOUR possible DECRYPTING of the information.

They invade your computer, grab some personal information and encrypt it, then send it back to their servers (without your knowledge). You find out about this, and find a way to decrypt it. You find out they've taken a LOT more than anyone would want them to, so you publish your findings. They don't like this (it's bad press) so they sue you under the terms of the DMCA (the material was "protected" by encryption, and decrypting it for any reason is illegal...)

Sad state of affairs in this country. Very, very sad.

Causes Extra Bandwidth? (2)

wynlyndd (5732) | more than 13 years ago | (#352148)

By implementing this extra header on every HTTP request (every html, every jpg, every gif) can we estimate how much extra bandwidth Earthlink incurs?

for anyone too lazy to do it themselves.... (3)

mcramer (7010) | more than 13 years ago | (#352150)

print join("\t", qw(reserved monitorDepth browserFontSize connectionSpeed connectionType monitorHorz monitorVert browserViewHorz browserViewVert popID sandboxVersion)), "\n";
while(<>) {
($misc, $monx, $mony, $browsx, $browsy,
$popid, $sand) = map {hex} unpack("A8 A4 A4 A4 A4 A8 A8", $_);

$res = ($misc & 0xffc0000) >> 18;
$dep = ($misc & 0x003fc00) >> 10;
$fon = ($misc & 0x0000380) >> 7;
$spe = ($misc & 0x0000070) >> 4;
$typ = ($misc & 0x000000f);

print join("\t", $res, $dep, $fon, $spe, $typ, $monx, $mony, $browsx, $browsy, $popid, $sand), "\n";
}

Re:Not an HTTP header (1)

wik (10258) | more than 13 years ago | (#352154)

It's an HTTP header. Check the HTTP 1.1 RFC [isi.edu] , around page 116. HTTP is a generic application-level protocol that is frequently used to transfer text/html files, but also Content-types of image/jpeg and other useful data formats.

Re:As A Web Designer (2)

wik (10258) | more than 13 years ago | (#352155)

Even high-speed people mind waiting if you have a complex page!

Take a look at www.microchip.com [microchip.com] . On every page they serve, they have a unobtrusive link called "Page Options" at the top where you can choose what page you want to get: text only, graphics or Java frame. As it turns out, I use all three versions from my university ethernet connection, depending on if I want the heavy-duty search in Java (like a MSFT help search, index, etc box), I just want to browse (I'll use graphics) or I really need something fast (text-only). It's not polite to NOT give these choices to the user!

It works great! I don't know how much more it costs them to do this, but it definitely makes for happy customers. Each version is based off a different root directory on the server and all three are probably generated automatically without the web designer having to think twice.

As far as having something else to do, generally it's looking at one or two other active Netscape windows.

Re:Why need this information? (1)

jonbrewer (11894) | more than 13 years ago | (#352156)

Why would I need this information?

Choices concerning data presentation.

The fact is that given a large dataset, I'd rather present a java grid to people with the bandwidth than the ten pages of html tables required for friendly modem usage.

I'd like to make it as big as I can fit on the user's screen. With HTML I don't have a choice - if there are eighteen columns the users will have to scroll horizontally and vertically. With a Java grid I can size it perfectly, but only if I know how big the user's screen is beforehand.

You make the assumption that "web pages" are all about good design or poor design, and you take a dig at their designers. You forget that some people actually use the web to present data.

Hopefully now you'll see some usefulness in these new HTTP headers.

Re:As A Web Designer (2)

sammy baby (14909) | more than 13 years ago | (#352162)

This is bad for two reasons:

I disagree about as strongly as it's possible to disagree. Content negotiation is a Good Thing(tm).

Here's an example: when I go to a web site, I expect (hope?) that the content of the site will be rendered in English. For large web sites with a multi-lingual user base, that's not always a safe assumption. Fortunately, content negotiation makes that possible.

3.10 Language Tags
A language tag identifies a natural language spoken, written, or otherwise conveyed by human beings for communication of information to other human beings. Computer languages are explicitly excluded. HTTP uses language tags within the Accept-Language and Content-Language fields.
- from RFC 2616 [isi.edu]

Apache makes on-the-fly decisions about what content to send based on this [apache.org] .

Does that mean that webmasters need to be careful about how they set up their sites if they're using this technique? Sure. But it also opens up a wide range of options.

1. It's more expensive to design 2 sets of pages. That money should be spent on more content.

Speaking on behalf of webmasters everywhere: thanks for telling me how to spend my money. Allow me to suggest that doing two versions of the same image - one at a high bit-depth, and another at a lower quality - isn't too much of a strain on my budget.

2. Sometimes people with slow modems don't mind waiting - maybe they let your site load in the background while they do something else. It's not polite to make these choices for your users.

Content negotiation doesn't have to be like making the choice for the user. Instead, it can work as a reasonable best-guess. Besides which, I've seen plenty of sites which simply assume high bandwidth (or pathetic bandwidth) and make all the design decisions based on that information. In what way is that giving the user a choice, other than to vote with his feet?

-----
"You owe me a case of beer. Sucka'."

Re:I would love this feature if it was improved (2)

Tim C (15259) | more than 13 years ago | (#352167)

Not to mention that the questions mentioned can be answered using client-side javascript, at least in modern browsers.

(Okay, so you can only test capability and not preference...)

Cheers,

Tim

Re:Enough bits? (2)

Todd Knarr (15451) | more than 13 years ago | (#352169)

I think they're referring not to just the number of bits but to the amount of variation ( or lack thereof ) between different headers for that number of bits. Sure you've got 192 bits, but they don't change enough between different user's browsers to be usably unique. Compart that to MS GUIDs, that vary drastically from one system to another.

Information revealed (2)

Todd Knarr (15451) | more than 13 years ago | (#352170)

Actually I don't think the Earthlink header reveals too much unpleasant. In any browser that has Javascript active, any Web page out there can pull out the same information. The only thing they can't is the POP ID, and they can infer that from the IP address you're using if they want to. I don't like that they're sending the info without saying they are, but the info itself isn't particularly distressing. Maybe we need something like P3P but working the other way, telling you what information your browser is going to send and making sure that matches your preferences before sending it?

This does solve one problem.... (4)

EvilJohn (17821) | more than 13 years ago | (#352174)

...with targeted ads. One of the most desired features from current advertisers is the ability to target ads based on the users location. Doing this by IP is very spotty, the POPID would solve that problem fairly safely.

// EvilJohn
// Java Geek

Re:As A Web Designer (1)

Nightpaw (18207) | more than 13 years ago | (#352176)

1. It's more expensive to design 2 sets of pages. That money should be spent on more content.

Duh, you put the content in really plain HTML files and use Perl or PHP to use the right template as the page goes out.

whats happening to slashdot? (2)

Apps (21158) | more than 13 years ago | (#352178)

"but it took a few days to look into it"
first they remove a post because of the Scientology movement threatning to sue, now they are researching the stories before posting them!!

I remember the old days when this sort of thing would never happen ;-)

This isn't anything special, folks. (1)

Jobe_br (27348) | more than 13 years ago | (#352181)

Not to offend anyone, but this information just isn't anything special. Of the information that is provided by the sandbox:

  • monitor depth
  • browser font size
  • connection speed
  • connection type
  • monitor horz
  • monitor vert
  • browser view horz
  • browser view vert

The only portion that can't be gleaned from the browser via JavaScript is the connection speed/type. While you probably won't be able to determine the connection type, it certainly isn't difficult to determine the connection speed. And when it comes to anything related to web design, the connection type itself is unimportant. Hence, when you determine the connection speed via a simple server-side script, you have all the relevant information that the sandbox provides.

Now, I agree with many of the posters - you shouldn't use connection speed info to determine what you serve up, maybe to make an informed decision of the default, but if you have multiple types of content created, you should always give the user the option to choose.

Note that gleaning the sandbox info and using it to determine what content to serve up may backfire on you anyway: two cases come to mind: a shared network at home is one, the second is downloading the kernel or maybe the latest Mandrake iso while you're surfing the web ... in either case, there may not be nearly as much bandwidth available as the sandbox reports.

Re:As A Web Designer (1)

0xdeadbeef (28836) | more than 13 years ago | (#352182)

For the uninitiated, when a web designer says this, he actually intends the obnoxious, bandwidth hogging version to be "high quality". They're funny like that.
--
Bush's assertion: there ought to be limits to freedom

Re:Do your math (1)

jellicle (29746) | more than 13 years ago | (#352184)

I'm aware of that. But since the numbers from widely varying machines are not widely varying, most of the number isn't available for use as a unique ID - this is clear immediately.

Example: if you have an ID string from a machine in China and a machine in New York and the two strings are:

FOOBAR-5654375

FOOBAR-6327264

You'd probably suspect that the FOOBAR- part of the string did not differ between machines and so can't count for uniqueness. Go look at the examples provided again.

Re:Some thoughts on Earthlink... (1)

jellicle (29746) | more than 13 years ago | (#352185)

It would, except that, as I noted, it is sent whether or not you are signing up for a new account.

Re:As A Web Designer (1)

Kartoffel (30238) | more than 13 years ago | (#352186)

Use Opera.
Opera is MDI. bletch.
--

Re:The real issue (1)

taer (31134) | more than 13 years ago | (#352188)

Or they could have given the public key, as public key encryption allows you to do, which would require no passphrase or private key.

Re:Sig Critic (1)

thal (33211) | more than 13 years ago | (#352193)

As a side note, Ted Turner just had to apologize after calling people with ashes on their foreheads "Jesus freaks".

Yeah, but that's a Catholic thing, who are very much a minority in the US.

--

Re:Not an HTTP header (3)

MemRaven (39601) | more than 13 years ago | (#352197)

It's probably rightfully considered an HTTP header indicating that what follows is HTML. HTML is only considered in the payload of the transmission, and that occurs in the HTTP header before you get to the payload. Otherwise, it would make little sense to have text/plain as a Content-type, since you can transmit that over HTTP with no HTML coming in at all. Content-type: text/html just indicates that what's about to come over the wire is in HTML form.

Re:As A Web Designer (2)

prizog (42097) | more than 13 years ago | (#352199)

"As a web designer, I'd love to have this information. I only wish more browsers immediately told me what speed the person was at. Then you could do the high/low quality links for them."

This is bad for two reasons:

1. It's more expensive to design 2 sets of pages. That money should be spent on more content.

2. Sometimes people with slow modems don't mind waiting - maybe they let your site load in the background while they do something else. It's not polite to make these choices for your users.

Where are the mod points when I need them? (1)

wiredog (43288) | more than 13 years ago | (#352200)

Perhaps someone who has the points could mod this up for me? Clinko makes a good point here.

Re:Google.com, from non-US anyone ? (3)

wiredog (43288) | more than 13 years ago | (#352202)

They just don't want to get sued by France (as yahoo did) if you, or other users, look up sites containing Certain Illegal(in France) Information. Try doing a google search (from the redirect) on that info. Bet it won't allow it.

Re:whats happening to slashdot? (1)

cyberdonny (46462) | more than 13 years ago | (#352203)

> first they remove a post because of the Scientology movement threatning to sue, now they are researching the stories before posting them!!

Didn't Scientology actually own Earthlink at a certain time? Or still own it?

Re:I would love this feature if it was improved (1)

Mr. Slippery (47854) | more than 13 years ago | (#352204)

I think that screen size falls under "function" and not "form". People with small screens need information (regardless of what it is) presented in a long tall format so they only have to scroll down, not side to side. People with huge screens need information presented in a short wide format so they don't have to scroll at all.

Does no one remember that ancient mantra, "Trust The Browser"?

Way back when (you know, like four or five years ago), there was this idea that web servers would serve content. And web browsers would format it and display it. So, if my server was serving up, say, my resume [infamous.net] , you could make your browser window skinny or fat or whatever and your browser would format it long and tall or wide-screen as needed.

Tom Swiss | the infamous tms | http://www.infamous.net/

Re:I would love this feature if it was improved (1)

cyberdemo (49375) | more than 13 years ago | (#352206)

or, you could write a page that will open in any browser [anybrowser.org] .
--

Re:Not an HTTP header (1)

hucke (55628) | more than 13 years ago | (#352210)

> Umm... isn't Content-type: text/html an HTML header, not an HTTP header?

Uh, no. HTML is a language that uses tags enclosed in angle brackets ("<" and ">") to define the structure of the document. HTTP headers precede a document of any type and are of the form "keyword: value". "Content-type: text/html" is not HTML, it's HTTP.

Re:I would love this feature if it was improved (4)

romco (61131) | more than 13 years ago | (#352211)

"Yes, imagine. Imagine if web designers weren't obsessed with style over content, with special effects over usability, with animated intros over usefulness, with exactly positioned layout over standards that are easily accesible by the visually impaired or degrade well for old browsers."

I think you will find most good web designers do care about these things...It's the marketing droids that want the shiny spinning stuff and the locked layouts

Re:The real issue (2)

goldmeer (65554) | more than 13 years ago | (#352214)

What is even more insane is if it *IS* PGP, then they've given you a private key, and probably the passphrase.

Nope.

It's likely that the key used is their public key. That way, only their private key can decrypt.

That's the beauty of PGP.

-Joe

Re:This benefits Joe User (1)

Cplus (79286) | more than 13 years ago | (#352220)

You just referenced Ivory Soap. Four out of dentists approve.

Macintouch shows even more info divulged (2)

BAM0027 (82813) | more than 13 years ago | (#352223)

Macintouch [macintouch.com] shows that doing a web search on 'ELNSB50' provides more info than simply codified attributes of your client connection. Clicking on results from Google display "Web Browser Agent/Platform Statistics" which can be used to determine which websites a person visits.

At random, I chose the browser ID of "000041100320025802940113000000000502000800000000" and searched on that. I found that browser had visited four specific sites.

I don't want my tracks to be available to everyone. I understand that my perusals are logged in my company's system since that's my net connection, but these aforementioned actions are available publicly. That's not a good thing.

Re:The real issue (1)

ckaminski (82854) | more than 13 years ago | (#352224)

What is even more insane is if it *IS* PGP, then they've given you a private key, and probably the passphrase.

Some ambitious hacker could then figure out the passphrase, and impersonate Earthlink. :-) How stupid of them Earthlink....

-Chris

Shady irony. (2)

supabeast! (84658) | more than 13 years ago | (#352226)

I saw an Earthlink commercial on TV the other night. It went on and on about all of the shady things people do to strip away privacy on the internet. Then it stated that Earthlink would never do those things.

Given this stuff is not actually tracking anyone, but it does carry more information than is at all necessary (Not than any is really necessary.).

Of course, given the history net companies have with privacy, it really is not surprising.

Will 99% of Earthlink's users care? (1)

n8_f (85799) | more than 13 years ago | (#352227)

No. It was a nice attempt to stir up controversy on a story that isn't really that interesting, though.

Will 99% of Earthlink's users ever know about it? No.

Re:not sure about this... (1)

jamesoutlaw (87295) | more than 13 years ago | (#352228)

I agree with you. I'm really tired of designers who choose style over substance. I am all for making sites beautiful, but adding Java applets and Flash aimations just to "show off" rather than actually enhance the user's experience is a complete waste of time. In the right hands, information such as the bit-depth & connection speed of the end-user's computer would be very useful. Unfortunately, there are too many of the wrong hands designing web pages.

Damn Straight! (3)

Greyfox (87712) | more than 13 years ago | (#352230)

It's like The Prisoner...

Web Designer: What do you want?
Customer: Information!
Web Designer: You won't get it!

Would Proximitron help? (2)

BobGregg (89162) | more than 13 years ago | (#352231)

I don't know if the EarthLink browser can be set to run through a local proxy, but if it can, then Proximitron [spywaresucks.org] can prevent the extra HTTP header from being sent at all. I just started using it, and it works wonderfully. Plus the paranoid among us can open the HTTP log window and watch what's being sent out and received, for that warm-and-fuzzy reassuring feeling.

Earthlink Avoids AOL Fiasco? (1)

Havokmon (89874) | more than 13 years ago | (#352232)

So you mean to tell me that Earthlink is monitoring who is browsing from what POP, and to where on the internet? So that can use that information for what purpose?

The only one I can think of is customer service. Everyone knows someone who tries to dial into AOL on a busy night and gets a busy signal. Those boxes should also be giving usage info, but I don't see Slashdot throwing a fit over that. What do you do with that info? You decide whether you need more or less dial-in servers at any location.

This is the same thing for internet traffic. So what if Earthlink rearranges their peering to accomodate heavier volume in other areas? If I was an Earthlink customer, I'd be happy to know that they're making sure high bandwidth users who goto a similar location just might be re-arranged so as to not interfere with the rest of their users.

Re:I would love this feature if it was improved (2)

JoeShmoe (90109) | more than 13 years ago | (#352233)

I think that screen size falls under "function" and not "form". People with small screens need information (regardless of what it is) presented in a long tall format so they only have to scroll down, not side to side. People with huge screens need information presented in a short wide format so they don't have to scroll at all.

Remember when most sites had a "text only" link? Maybe if the browsers make it easy to identify text-only users then that kind of duality can come back. Right now I think web designers don't want to have to present the text-only question before jumping to the content. But that's laziness more than anything.

- JoeShmoe

I would love this feature if it was improved (5)

JoeShmoe (90109) | more than 13 years ago | (#352234)

Imagine never having to answer stupid questions like "flash or html?" "800x600 or 1024x768?"

Its possible that based on the connection speed, you could default modem users to the HTML site and broadband customers to the flash site (of course, with links to the opposite choice). You could also arrange the tables so people with smaller screen sizes are scrolling left to right and people with large screen sizes aren't forced to scroll down a website that fits into the first three inches of their screen.

I do think there is something else they should flag...system color scheme. I use a darker scheme where my text is white and my workspace is black. On many websites with hardcoded white background I can't read a thing. I usually end up having to disable them. It would be nice if a website could ask my browser what my default text color is and send out the appropriate background.

Re:As A Web Designer (1)

ChristTrekker (91442) | more than 13 years ago | (#352239)

Use Opera [opera.no] . It has a handy 3-way image toggle button right in the window. The user has final control, no matter how badly dee-zyne-ers want to usurp it.


Flamebait != Disagree

you miss the point - graceful degradation (3)

ChristTrekker (91442) | more than 13 years ago | (#352245)

Screen size is a matter of "form". A "short fat screen" has a different form factor than a "tall skinny screen", right? A properly designed web page is not constrained to any one resolution or window size. CSS has provisions for layout boxes defined as a %-age of the parent element and for floating elements. If I resize my browser window, the web page should reflow into the available content area, not be locked to a particular presentation.

Do you really want to build a site 4 times to accommodate 4 different ways a user might access it? What happens if a 5th method is developed — do you retrofit all your existing sites? No! Build the site correctly and you only have to do it once!

Remember when most sites had a "text only" link? Maybe if the browsers make it easy to identify text-only users then that kind of duality can come back.

There never was a duality, except when lazy web designers were involved. Web content is primarily textual. If you have inline images or other media, you're expected to provide ALT text and similar fallback mechanisms. Graceful degradation [anybrowser.org] and device independence [w3.org] are the key, but the concept seems to have flown right over the heads of an entire generation of dee-zyne-ers.


Flamebait != Disagree

Re:I would love this feature if it was improved (4)

ChristTrekker (91442) | more than 13 years ago | (#352246)

Imagine never having to answer stupid questions like "flash or html?" "800x600 or 1024x768?"

Imagine sending your content in a universally accessible fashion, rather than a proprietary format that requires a plugin. Imagine designing a site correctly so that it automatically fits any size browser with no extra work or finagling on your part.

Its possible that based on the connection speed, you could default modem users to the HTML site and broadband customers to the flash site (of course, with links to the opposite choice).

If you recognize here that people want a choice, why don't you recognize their choices (system preferences) in other areas as well?

You could also arrange the tables so people with smaller screen sizes are scrolling left to right and people with large screen sizes aren't forced to scroll down a website that fits into the first three inches of their screen.

See above. A good design accommodates variable screen sizes without the need for "detection scripts" and such. You don't need to know the user's screen size.

I do think there is something else they should flag...system color scheme. I use a darker scheme where my text is white and my workspace is black. On many websites with hardcoded white background I can't read a thing. I usually end up having to disable them. It would be nice if a website could ask my browser what my default text color is and send out the appropriate background.

Similar functionality exists in CSS. If the site uses your system colors [w3.org] it will behave as you describe.


Flamebait != Disagree

Re:Not a Big Deal (2)

TopShelf (92521) | more than 13 years ago | (#352247)

Or did They simply snip out that reference without you even knowing???

Re:As A Web Designer (2)

jmv (93421) | more than 13 years ago | (#352248)

Sometimes people with slow modems don't mind waiting

...and the other way 'round. I have DSL, but I still hate those big pages with all the text dislayed as gif, and which I can't read, since my monitor is 120 dpi and it's written with 75 dpi...

I always choose "slow connection" for sites, when I have the choice

Re:CC/PP (2)

Shimbo (100005) | more than 13 years ago | (#352250)

There is a W3C standard called CC/PP ... Then again, everyone is ignoring CC/PP.

I just checked, and it seems to be still a working draft. Given that just about all browsers have basic HTTP, HTML4 or CSS2 bugs, CC/PP can probably wait a while.

More proof we need government intervention (5)

blueskyred (104505) | more than 13 years ago | (#352252)

The big companies will always be ahead of crusade sites like Slashdot. Even though we will eventually find out what is going on, it is always after some form of privacy trampling has taken place.

There needs to be a law on the books that prevents the transmission of any information without the user's express consent. I'm not talking about the "If you install this software, you agree to these terms" type of consent, but the "we are sending the following information to our central database: connection speed, monitor type, ..." with a OK/Cancel popup. This becomes important when you start sending things like "We are sending the following to the Microsoft database: Your hard drive's serial number, your mother board's serial number, your up-to-date billing statement ensuring you have paid for this week's use of Windows XP,..."

Of course, the odds of such a law happening are slim; the odds of a well-crafted law passing are about zero. We need some Slashdotters in Congress, I guess...

Re:The real issue (5)

andy@petdance.com (114827) | more than 13 years ago | (#352259)

Earthlink could do themselves a big favour by revealing exactly what is being sent.

Yeah, but 90% of /.ers wouldn't believe them anyway.

--

You can get this info with a standard browser (2)

boldra (121319) | more than 13 years ago | (#352262)

Easily done with a javascript/cgi combo.

<script language=javascript>
var peek;
peek = getMaxScreenX + getMaxScreenY (etc etc)
document.writeln('<IMG SRC="/cgi-bin/peek.pl?'+peek+'">');
</script>

Nothing fancy, but with 4+ version browsers you have some extra info. You can even get plugin info this way.

Enough bits? (2)

micco (126992) | more than 13 years ago | (#352272)

ELNSB50::0000411003200258029a014700000000050300280 0000000

Even a cursory examination should show that these numbers don't have enough uniqueness to be globally unique IDs. Microsoft's GUID had 128 bits; a good hash function might have 160 bits; those serial numbers, culled from widely scattered machines, aren't unique enough.

It's beside the point, but exactly how many bits do you think are in there?

It looks like you have 48 characters after the colons. That's more than enough bytes to encode the bits you say you need to be a unique ID. If each pair of characters is a hex representation of an 8-bit number, then you have a 192-bit space.

Re:The real issue (1)

stilwebm (129567) | more than 13 years ago | (#352273)

At least they are sufficiently concerned about our privacy so as to encrypt the information. That should keep it from snoopers!

Oh wait...

Targetted advertising! (1)

bildstorm (129924) | more than 13 years ago | (#352274)

I used to work for an ISP and we had ideas about things like this.

If you have all that information coming in to the web server, then you can server ads based on their configuration and location.

The more they use it, the more sites end up in their history or cookies, and the more you know about what they like.

Basically it's great for generating revenue. Sucks for the privacy level, but isn't illegal if done right.

Re:Google.com, from non-US anyone ? (1)

bildstorm (129924) | more than 13 years ago | (#352275)

They're really checking the ISP?

I've been working from Switzerland, and they originally sent me to Google in German. But then I realised my redirect was because of my browser settings, being set for being in Switzerland with a Swiss German keyboard.

A soon as I changed my location settings, I was fine.

Re:As A Web Designer (1)

chrischow (133164) | more than 13 years ago | (#352278)

don't diss the web designer for not providing content, thats not their job! its the client!

not sure about this... (1)

iainl (136759) | more than 13 years ago | (#352279)

While I can see some web designers going crazy about the possibility of knowing the exact bit-depth and dimensions of the browser window I'm reading their site in, I rather suspect they are the same ones that would rather send me a couple of hundred k of java every time I want to read their site.

Besides, just because I might be using a fatter pipe than my home 56k dialup, it doesn't mean you can go 'if the client has broadband then lets eat all his bandwidth'.

Re:As A Web Designer (1)

iainl (136759) | more than 13 years ago | (#352280)

"Sometimes people with slow modems don't mind waiting"

And sometimes they really do mind waiting and want the low bandwidth version even though they are using a few spare moments while their broadband connection is downloading the latest bignum meg Counterstrike patch or acting as a fileserver. Either way, please be polite and ask them which one they would like?

Re:I would love this feature if it was improved (5)

gowen (141411) | more than 13 years ago | (#352286)

Imagine never having to answer stupid questions like "flash or html?" "800x600 or 1024x768?"
Yes, imagine. Imagine if web designers weren't obsessed with style over content, with special effects over usability, with animated intros over usefulness, with exactly positioned layout over standards that are easily accesible by the visually impaired or degrade well for old browsers.

I want the old internet back.

Google.com, from non-US anyone ? (3)

f5426 (144654) | more than 13 years ago | (#352299)

[This is partly-offtopic]

Since a couple of weeks ago, my home page, which is www.google.com is displayed in french. More precisely, www.google.com send me a redirect to www.google.fr. My browser is set to request only english documents, so I suspected they base the redirect on thIP address.
A quick direct connection show it:

15:36:10|152 [ladybug:~] fred% telnet www.google.com 80
Trying 216.239.37.100...
Connected to google.lb.google.com.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 302 Moved Temporarily
Date: Tue, 20 Mar 2001 14:59:24 GMT
Server: GWS/1.10
Connection: close
Set-Cookie: PREF=ID=19fe6a8304c33946:TM=985100364:LM=985100364 ; domain=.google.com; path=/; expires=Sun, 17-Jan-2038 19:14:07 GMT
Location: http://www.google.fr/
Cache-Control: No-Cache
Content-Length: 161
Content-Type: text/html

<HTML><HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<BODY>
<H1>302 Moved</H1>The document has moved
<A HREF="http://www.google.fr/">here</A>.
</BODY></HTML>
Connection closed by foreign host.
15:36:24|153 [ladybug:~] fred%

I beleive they crossed the line here. I really feel that the fact my ISP is in France is none of their business.

Cheers,

--fred

PS: while I am here, is there any way for me to get back www.google.com ?

Re:As A Web Designer (4)

f5426 (144654) | more than 13 years ago | (#352300)

> As a web designer, I'd love to have this information

As a web user, I'd love to smash your head with a 21" monitor.

> Then you could do the high/low quality links for them

Please don't. If I want to download a high quality link on a 56k modem, it is my business. If I want only the lowres from my DSL line, it is my business too.

Web designer should stop trying to think for the users, like google that insist that I have the french version of the page.

Of course, you're going to tell me that you would provide a link to the other version of the site, but the truth is that you wouldn't.

Try broswing ati.com with mozilla. Isn't that nice, a 'Web Designer' that make decisions for its users ? (The site sort-of works with Mac OS X Server Omniweb, or lynx, so it is just becasue they are lazy assholes)

If such headers were commons, it'll take a couple of year until:

1/ Users will have only one link and the server will choose what content is best for him
2/ Users with browsers that don't give the info will be redirected to a please-use latest IE page.

It have been that way for most web [mis]features.

Cheers,

--fred

This benefits Joe User (2)

Gothmolly (148874) | more than 13 years ago | (#352305)

Yes, its an invasion of privacy. Is it malicious? Probably not. Will it help Earthlink monitor their service, make it more efficient, and potentially more usable (display depth, etc.)? Yes. While I think it's crummy of Earthlink to keep quiet about this, it's no big deal. The average user is going to end up with better service or potentially lower prices because of more efficient use of Earthlink's resources. The average AOLer doesn't think about privacy the way Slashdotters do, witness Smartmouth [smartmouth.com] , an online service which references the database of Stop&Shop, a grocery store, to provide calorie and fat content info on all your groceries. 99 44/100 % of users will think this is a Good Thing.

Re:As A Web Designer (2)

John_Booty (149925) | more than 13 years ago | (#352307)

"This is bad for two reasons"

It would be cool because the designer could make a more intelligent default choice for the user... lots of artery-clogging graphics, or few artery-clogging graphics?

Then again, considering how shitty 99% of web design is, maybe it's better than designers code their pages in assumption that users have 28.8 modems. I'm freaking tired of graphic design overload and NO content.

Putting your bandwidth in the HTTP request would only be good if...
1. Users could override what goes in the header... for example I have DSL but I hate graphic overload so I'd probably self-identify as a 14.4 modem user :)
2. Users had the power to switch to the low- or high-bandwidth site.

http://www.bootyproject.org [bootyproject.org]

Not a Big Deal (1)

Rura Penthe (154319) | more than 13 years ago | (#352309)

Doesn't seem to be a big deal then. I realize some people are going to say "but this is just the beginning, soon they'll be " but the information collected *seems* benign (based on the information Earthlink provided) at this time. Hell, I'd love to see what information they've collected, I'm interested in the statistics on those items. ;)

Re:Not a Big Deal (1)

Rura Penthe (154319) | more than 13 years ago | (#352310)

That'll teach me to preview...I meant to say "but this is just the beginning, soon they'll be (insert random conspiracy theory here)". Oops.

Sandbox not required (4)

big_cat79 (156695) | more than 13 years ago | (#352313)

I'm an Earthlink user, and it isn't required that you install the Sandbox software. You just have to be able to set-up a Dial-up networking connection in Windows. Which, even for slightly novice users, isn't particuraly difficult between the Dial-up networking wizard and Earthlink's instructions. My fiance uses the Sandbox stuff. The only thing I see that she gets from using it is a prettier display while the modem is dialing up.

As far as the potential unique serial number not being true, I'm not surprised. Earthlink did stand up against the FBI when it came to installing Carnivore.
BigCat79

Re:Google.com, from non-US anyone ? (1)

sro (160168) | more than 13 years ago | (#352316)

I had the same problem a few weeks ago. It seems that Google has recently made some changes to the site in order to display the Google front page based upon nationality or something similiar.

As my Spanish isn't THAT good I searched frantically for a solution to the problem. On IRC I was told that Google was using my Language Preference.

You can set this preference in IE in Tools -> Internet Options -> Languages.

Hope this works.

AOL (1)

kruczkowski (160872) | more than 13 years ago | (#352317)

I wonder if AOL or MSN does this? I kind of think this would be a good idea if it send info on speed, monitor resolution, and other good info that could make sites load faster or have a more personolized content. After all, cookies do similar things.

Some thoughts on Earthlink... (4)

yankeehack (163849) | more than 13 years ago | (#352318)

First, about the popID in the HTTP header, I hate to tell you this, but I happen to know that my Earthlink IP address is "nicely" masked via my geographic POP location. Ex. cust1.citystate.etc.etc So, Earthlink in masking my IP numerics uses the city where I dialup from.

Secondly, as long as they don't make me use their in house software as a condition of using their service, I don't care what they develop. I like Earthlink because they do actively support LINUX/PPP connections with very little hassle. I understand that these folks are having support issues, especially that they just ate a number of the remaining clueless lusers from mindspring and onemain.com. Oh, and another thing, that Sandbox screenshot is old. Member start pages (that blue page) were changed in Jan/Feb.

Third, has anyone stopped to think that perhaps the PGP encryption during install might be a new subscribers CC number and other personally identifiying information? Wouldn't that make sense?

Re:The real issue (5)

Lostman (172654) | more than 13 years ago | (#352326)

I had this same problem when dealing with an "application" that insisted on sending information about my computer out.

What I end up doing was having a registry monitoring program called regmon to to monitor all registry access, then I loaded up the program and then stopped monitoring registry... I found that they wanted to send a LOT of VERY personal info out.

No real disassembly is needed... load up regmon or filemon (file access monitoring program) and note what it looks at... betcha you would be surprised...

Re:As A Web Designer (1)

DivideX0 (177286) | more than 13 years ago | (#352327)

You can get most of the info through javascript then return it to a cgi for logging purposes.

example:

Sah=Saw=Scd=Sh=Spd=Sw=0;

if(screen.availHeight)
Sah=screen.availHeight;
if(screen.availWidth)
Saw=screen.availWidth;
if(screen.colorDepth)
Scd=screen.colorDepth;
if(screen.height)
Sh=screen.height;
if(screen.pixelDepth)
Spd=screen.pixelDepth;
if(screen.width)
Sw=screen.width;

document.writeln("<img src=\"/userinfo/index.cgi?i="+Sah+","+Saw+","+Scd+ ","+Sh+","+Spd+","+Sw+"\" border=\"0\" width=\"1\" height=\"1\">");

Then you have the cgi return a single pixel gif.

Horrors! (4)

LNO (180595) | more than 13 years ago | (#352328)

this data is PGP-encrypted

There needs to be some sort of law to prevent these criminals from encrypting our personal information. This is why encryption should be outlawed - since clearly, only outlaws use encryption.

Re:This benefits Joe User (1)

bluesninja (192161) | more than 13 years ago | (#352334)

Yes, its an invasion of privacy

Oh really? How is that? I think maybe your definition of privacy is a little different from mine. I would consider privacy the right to maintain control over intimate, personal information. Nothing in the information they are sending in that header comes even close to being intimate or even personal. So they know the resolution of your monitor -- big deal, so does the company that sold it to you. So they know your connection speed -- big deal, so does your ISP.

I think people here should chill out and take some time to think about what makes privacy important. It is NOT the ability to live in absolute secrecy while obtaining free services, anonymously, from others.

In order to live in a society of other people, you have to tell people *something* about yourself. When you meet someone face-to-face, you tell them plenty about yourself. They now know all of your general physical features and personality characteristics. So what? This is the same thing, essentially. Earthlink is just requesting gross physical characteristics of your online presence.

You just need to know where to draw the line. This is well short of the line, folks.

/bluesninja

Re:Excellent news. (1)

linzeal (197905) | more than 13 years ago | (#352336)

Hey wasn't there a article about scientology a few days ago? Why don't you ask about the earthlink founder sky davis and his intentions with this information maybe one day we will get little animated gifs nearly like the ones we requested off the porn site but instead of deep throat action we will get little brainwashing slogans like "Got Dianetics?" "L Ron Hubbard is God!" "Smite the christian infidels!" . . .

for those not in the know earthlink's founders contained some scientologists like Mr. Sky Davis

Great googly-moogly, a Slashdot editor researches? (5)

mblase (200735) | more than 13 years ago | (#352338)

This has got to be a historic first. I... I feel faint...

Obfuscated information (1)

micromoog (206608) | more than 13 years ago | (#352339)

The numbers from Earthlink don't cover the entire string. Obviously they're using the remaining bits in a sinister plot to compromise user security.

If they encode a piece of user information into the remaining bits, they could use as little as 1 bit per request (or less!) to steal vital information from your computer, such as:

  • credit card numbers
  • your favorite pr0n sites
  • that business proposal for "world-of-spatulas.com" you've been working on
  • your Earthlink email address (just imagine the potential damage!)
  • your amihotornot.com user ID
This is worse than the Prodigy "we cache private files" scandal of the early 90s. Earthlink must be stopped.

Re:Not an HTTP header (1)

closedpegasus (212610) | more than 13 years ago | (#352341)

It most definately is an HTTP header. HTTP can transmit any MIME type, but whether or not the type is text/html has nothing to do with the fact that HTTP is still the protocol being used.

The real issue (4)

davidmb (213267) | more than 13 years ago | (#352343)

The problem doesn't seem to be the id string that the browser uses, but that PGP-encrypted data that gets sent back to Earthlink upon installation.

Earthlink could do themselves a big favour by revealing exactly what is being sent.

Oh great! (1)

AFCArchvile (221494) | more than 13 years ago | (#352344)

Now with these new headers being sent, if the user is at a high resolution and has DSL or broadband, the server will change from using 468x60 GIF banners to 936x120 Flash banners, complete with sound and annoying pictures!

I hate Flash banners! They take so long to load, and you have to hack into the page source to find the source URL so you can bind the offending server to 127.0.0.1 in /etc/hosts. And now they'll tailor your "online experience" (more like advertisement torture session) by stuffing the page full of shameless, bloated drivel!

Re:Sig Critic (1)

GMontag451 (230904) | more than 13 years ago | (#352347)

As a side note, Ted Turner just had to apologize after calling people with ashes on their foreheads "Jesus freaks".

And George Bush Sr. never had to apologize for saying that he thought atheists shouldn't be considered citizens or be allowed to vote.

As A Web Designer (5)

clinko (232501) | more than 13 years ago | (#352348)

As a web designer, I'd love to have this information. I only wish more browsers immediately told me what speed the person was at. Then you could do the high/low quality links for them.

Do your math (2)

MeowMeow Jones (233640) | more than 13 years ago | (#352349)

Even a cursory examination should show that these numbers don't have enough uniqueness to be globally unique IDs. Microsoft's GUID had 128 bits; a good hash function might have 160 bits; those serial numbers, culled from widely scattered machines, aren't unique enough.

There are 48 (presumably) hex digits there. Each hex digit represents 4 bits. So the number is a 192 bit value.

Is the number large enough? (1)

ishrat (235467) | more than 13 years ago | (#352353)

"Is Earthlink's code a unique ID? Apparently not. Does it reveal more information about you when you are browsing the web than is revealed by any other web browser? Yes. Can you turn it off? No, but you could use another browser. Will 99% of Earthlink's users ever know about it? No."

The question however is, what percent of internet users use earthlink and what percent of those users actually care?

Good Thing (1)

OpCode42 (253084) | more than 13 years ago | (#352356)

I like this idea. if all browsers sent this type of info as a http_header it would make it so much easier to direct people reliably to a version of a site which suited their bandwidth / screen resolution better.

-----

Could have published the spec first (2)

Zeinfeld (263942) | more than 13 years ago | (#352362)

I see a number of problems with the earthlink approach

1. Notification

I think Earthlink should have published the spec in advance, if for no other reason than to protect their shareholders from privacy scares. Earthlink has invested millions in its 'serf at AOL' campaign. They need to protect their pro-geek branding.

Another reason for publishing is so people can make use of the tag.

2. Standards Approach

As one of the original designers of HTTP the tag as specified sucks. It is fixed field after fixed field, no extensibility. I think that the idea is fine, but the syntax choosen is not.

First off a non-standard header should have an X- prefix.

Secondly, the scheme does not work for text to voice displays, or for that matter very high definition displays (>100dpi) that are on the horizon. It would be handy to be able to give the monitor size and also the gamma. These are all real needs for real people today, and will be mainstream in a couple of years.

Now there have been folk who have created similar schemes from time to time, none has taken off due to apathy at Netscape and Mr Softy. But that is no real excuse for earthlink. If they don't like the schemes on offer they might at least state why.

GUIDs (2)

dachshund (300733) | more than 13 years ago | (#352363)

GUIDs consist of a unique system serial number and a time stamp. That's what makes each one 'unique'. The system serial number should be significantly smaller than the full GUID.

Re:As A Web Designer (1)

popular (301484) | more than 13 years ago | (#352364)

I'll happily take the rich bandwidth version by default on the T1 at work or my DSL line at home if it means I never have to see another "choose your bandwidth" page again. They suck just as much as splash pages.

I would only find it impolite if I was directed to the heavy page without being given the option to use the light version instead.

--

Re:As A Web Designer (1)

popular (301484) | more than 13 years ago | (#352365)

And to clarify exactly what that means, what I attempted to say was that the heavy content should be automatically loaded, but should also provide a link to the light version, if you'd prefer.

--

Re:As A Web Designer (2)

cavemanf16 (303184) | more than 13 years ago | (#352368)

Very interesting point, and a good reason for this type of technology to be used. But I, like many /.'ers, really dislike/distrust the idea that you never find out about what Earthlink or other companies are sending back to their servers until after someone digs through their code. I've only ever seen a few programs that actually explain up front what security issues are involved in using their software, AND how to protect yourself.

I wanted to try the free Earthlink service about a year ago, and when I installed it, it automatically installed their IE5.0 browser over top of what I already had. I was pissed! Their install program never asked me if I wanted to do that. To this day, that old computer of mine has the crappy Earthlink browser installed. I never use it, but I also haven't figured out a way to get rid of it other than a complete reworking of the registry (not a good idea!) to make sure I've irradicated Earthlink crap.

Re:The real issue (1)

BigDogKelly (304379) | more than 13 years ago | (#352369)

You are absolutely correct! If EarthLink would open up and say, "Yeah, we encoded X,Y and Z in those strings. They are used for (insert idea here) and will not be sold licensed, leased, etc. to outside companies, partners, mergers etc...." Now all we have to do is hope that X,Y and Z are all nice and good. But thats just what I think.

Re:I would love this feature if it was improved (1)

kylepike (304383) | more than 13 years ago | (#352370)

You are still making assumptions about the browsing experience.

  • My screen resolution is 1600x1200 but I never, ever, ever maximixe my browser window. My browser window never gets wider than about 1024 pixels -- Unless a lame site (like heavy.com) decides to maximize it for me.
  • I have an intellimouse. If only HTTP headers could tell us who has wheel-mice. See, I don't mind scrolling. I'd rather scroll than have to read a column of text that's 1000 pixels wide. Any day.
  • I still run 56K dialup. So given the option of 1024 or 800, I'll choose 800 every time because the overall load time is bound to be shorter.

I hate to make sweeping generalizations, but it seems to me web designers whose roots in web design come from programming understand the concept of user preference. It also seems to me that the designers with their roots in print, or interactive, want to control every little aspect of the user experience. They want to maximize your window (or worse - use 6 frames) and force you to watch the flash intro and absolutely position every pixel on the page.

Sending screen resolution isn't anything new when it comes to HTTP headers. IE for windows has been doing it since 4.0. Netscape does it too, they just subtract the area that windows' taskbar eats up. I find it interesting that Sandbox is sending the viewable browser size too, which is a much more usable statistic. See this link [evolt.org] for more info on that..
(http://evolt.org/article/Real_World_Browser_Siz e_ Stats_Part_II/20/2297/) for the timid.

Devil's Advocate (3)

clark625 (308380) | more than 13 years ago | (#352374)

I'd hate to play devil's advocate here, but to be honest I rather like this idea. The information isn't any more identifiable than, say, an IP address. One big benefit is if other browsers begin to include this type of information: PHP could use this information to choose the "best" version of a webpage, video stream, etc to send you. I know I personally get annoyed when a webpage is designed for a much higher resolution than I have set. Similarly, inexperienced internet users shouldn't be allowed to attempt to stream 1Mb/Sec of video through a 56K modem. Sure, it'll look like crap and it's all the end-user's fault but marketing people will tell you that if the end-user screws up you can lose customers because of it (they can go elsewhere, you can't).

OFF TOPIC-Re:Great googly-moogly (1)

tdye (308813) | more than 13 years ago | (#352375)

Ha! another Maggie and the Ferocious Beast afficionado!

chuckle...

Not an HTTP header (5)

Yoshi Have Big Tail (312184) | more than 13 years ago | (#352380)

This isn't an extra HTTP header, as is correctly stated at the article. It's a modification of a value of an existing one.

An HTTP header is e.g., Content-type: text/html; this is just changing the value of an existing one.

And, what is more, the User-Agent header is an informative header, so it's just adding more information about the user agent. So what?

Excellent news. (3)

Jakob Sorrel (321598) | more than 13 years ago | (#352385)

I use Earthlink and had been aware of this for a while, but had been unable to find any solid information regarding the extra header.

I have an Earthlink connection; it's the best I can do because of my location. Anyway, I had written an HTTP proxy Perl script, simply for my own educational purposes. You can imagine my surprise when I noticed this extra header! I could not find a reference to HTTP_ELNSB50 in any of the rfc's or manuals I consulted and I noticed that it never changed.

I did in fact email Earthlink about this, because I feared it might be an invasive identifier. I am disappointed, though, to report that even after repeated emails, I received no answer regarding my queries. I do not grudge Earthlink for this, but I do not think it is the best customer service. I nearly cancled my account when I could not discover what this mysterious header was.

Suffice to say, though, I am very grateful to Slashdot for answering my questions!

what bothers me is (1)

asop (324038) | more than 13 years ago | (#352389)

not soo much the extra "HTML Header" or whatever you guys decide it is, but the information it sends out when you instrall their client. THAT is where i see a greater privacy breach.. THere is nothing at that point of the buisness relationship that they need to know, that they dont already know.
they already have my name, phone #, addy, E-mail, and credit info.. what else do they need to know that they get from my computer..? the more paranoid portion of my brain says there looking at he contents of the system ala registry (regardless of wether or not its possible)....
other than that, Earthlink is a crappy provider anywayas........ especially since they bought out my home isp.. it makes me sad :(

----------
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?