Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Web Bug Detector

michael posted more than 13 years ago | from the kills-bugs-dead dept.

Privacy 190

(H)elix1 writes: "I'm sure /. is about to be hit with this, but CNET just released a story about a web bug detector plug-in for IE called Bugnosis by the Privacy Foundation. An interesting toy, but the thing that grabbed my attention was the Web Bug Gallery. It would seem our beloved slashdot has them as well. Course, so did CNET, but that is a different story...." I think improved cookie-handling is much more useful in preventing tracking, but this is interesting because it provides visible feedback about tracking efforts.

Sorry! There are no comments related to the filter you selected.

Web bugs (2)

Anonymous Coward | more than 13 years ago | (#166597)

So a web site includes an inline image loaded from another site. And the graphic is so small you might not notice it. Whoop de do. People have been doing essentially the same thing with web counters for years. Now it's the /. scandal of the day?

Re:hey guy, it's okay! (4)

Anonymous Coward | more than 13 years ago | (#166598)

This is a common misconception; the reality, however, is much more disturbing. The little blinky dot you humans call webbugs are actually tiny miniature CIA cameras implanted in your screens to take pictures of you surfing Slashdot naked. Us CIA guys only admitted to using DNABots when they were already obsolete, much like the obsolete Echelon system, which has been replaced by people using Windows XP. We find it's much easier to allow the citizens to administer their own surveillance device. Saves us mucho manpower.

Therefore, buy XP and save the government valuable surveillance budget dollars.

Agent Bitterman, Superspy
President Chief Head Director of the Leadership Branch of the Executive Level of the CIA

Funny... (3)

Wakko Warner (324) | more than 13 years ago | (#166599)

...slashdot used to berate sites that used web bugs, but it looks like they have them too now...

- A.P.

--
Forget Napster. Why not really break the law?

Yes, that IS a webbug (1)

Watts (3033) | more than 13 years ago | (#166603)

One of the main points of a "WebBug," as Bugnosis has termed them, is to track a user across multiple sites. The slashdot bug would fit this description exactly.
OSDN could easily track what the overlap is between slashdot and kuro5hin users, how many slashdot users are later making thinkgeek purchases, or how many people follow links to sister sites.
Just because the sites are owned by the same company does not mean that these are not WebBugs.

Re:IE5 had this too (4)

SteveX (5640) | more than 13 years ago | (#166607)

It's back in the current 6 betas.

Re:Apache Privacy Issues (5)

zaf (5944) | more than 13 years ago | (#166608)

I think we need a new moderation choice: 'Didn't get the joke'

Correction (3)

gelfling (6534) | more than 13 years ago | (#166609)

The Active X controls are required only for the somewhat unusual download and installation and then can be disabled according to the author.

------------
You only have to enable ActiveX control downloading in order to install
Bugnosis -- you can disable it after installation. That makes it really no
different than downloading an .exe from us. The Bugnosis control that we
download isn't scriptable, so other Web sites and email users will find it
harder to abuse.

Regards,
David

Prof. David Martin
University of Denver Math/CS

The cure will kill you worse than the disease (4)

gelfling (6534) | more than 13 years ago | (#166610)

The installation requires Active X controls = on. So that makes the cure worse than the disease. I'll trade some privacy for not opening up my machine to remote execution Active X shit.

Re:/. hypocrisy (1)

pen (7191) | more than 13 years ago | (#166612)

Not to mention the DoubleClick ads...

--

/. has even better info. (4)

AftanGustur (7715) | more than 13 years ago | (#166613)


As /. logs witch moderators spend points on witch comments. Slashdot now has the IP address of the CrackSmoking dude who found this 'Informative'.


--
echo '[q]sa[ln0=aln80~Psnlbx]16isb15CB32EF3AF9C0E5D7272 C3AF4F2snlbxq'|dc

pretty cool (2)

Barbarian (9467) | more than 13 years ago | (#166615)

It's a pretty cool tool.

Just one annoying thing:

Every time it finds a web bug (definite web bug), it brings up the report. Makes reading /. annoying (since every page is bugged).

STOP TRACKING ME YOU COMMIES! ;)

me = stupid (2)

Barbarian (9467) | more than 13 years ago | (#166616)

Okay, you can resize it to like a single line (or 1 pixel) at the bottom of the page if you want, so it's not that annoying.

If you do the one pixel high thing, just watch the toolbar in IE5 for when the bug turns red if you want to know if you're being bugged...

Re:me = REALLY stupid (2)

Barbarian (9467) | more than 13 years ago | (#166617)

Err, just right click and turn off pop-up if you don't like it, nevermind.

Re:Does Not Does Not (2)

Barbarian (9467) | more than 13 years ago | (#166618)

Yep, not really a bug unless it pulls a cookie from you--it'd be nice to have the a checkbox for this int he options.

IE5 had this too (3)

Barbarian (9467) | more than 13 years ago | (#166622)

A beta of IE5 between 5.01 and 5.5 had the same feature, "Accept third-party cookies" Always/Prompt/Never, but they took it out in 5.5

Re:Here they are. (1)

Delphis (11548) | more than 13 years ago | (#166623)

Yea.. it's possible.. kinda interesting in a way. I have to wonder though at the glee in which he expresses 'wouldn't it be fun knock their table design out of alignment!' ..

Um.. I guess so.

Considering he's not actually defacing the web page and his 'wonderful tricks' are visible to JUST HIM .. I wonder what he seeks to get out of it. "Look! I can screw up my browser so webpages look funny!! .. wooo .. I'm l33t!" ..

Hmm.

--
Delphis

/. hypocrisy (4)

Col. Klink (retired) (11632) | more than 13 years ago | (#166625)

Of course /. uses web bugs. They still use GIFs, too. This is a "do what we say" website, not a "do what we do" one.

Re:Apache Privacy Issues (2)

ethereal (13958) | more than 13 years ago | (#166629)

The real humor is that some moderators didn't recognize this as a well-known non sequitur and marked it "Informative". Next time you may have to actually include the smiley to help out some of our "special" moderators...

Caution: contents may be quarrelsome and meticulous!

But they do (1)

Hammer (14284) | more than 13 years ago | (#166630)

Cookies (sometimes) have a valid use, such as the session info in Slash.

Web bugs have only one use, to gather info on your habits, preferences and views without your knowledge. Therefore they all bite and leave infectious wounds.

Web bugs = good name, evil tactic (1)

Hammer (14284) | more than 13 years ago | (#166631)

When you go to a store, there are video cameras watching you, and records of your sales, etc...why shouldn't a website know which pages were visited?

Minor detail, the store has a sign, right at the entrance saying something like "We are using video surveillance for your protection". There is no sneaking around and trying to hide that fact. Also I do not care much that Slashdot knows that I visit. However, Webbugs are usually used by others, say doubleclick. It would bother me alot if an ad company collected info of the sort "does not like MS, likes privacy" etc, and then maybe even sold that to the attitude adjustment department at a certain Redmond WA based corporation :-)

Re:Cookie Monitor (1)

Alternity (16492) | more than 13 years ago | (#166640)

Actually Opera has this. There is a bunch of options for cookies, including refusing 3rd partie cookies and filtering by server, domain etc.



"When I was a little kid my mother told me not to stare into the sun...

Re:Mozilla (2)

Quarters (18322) | more than 13 years ago | (#166643)

Netscape couldn't overtake a browser that came with theOS, why do you think Mozilla will?

Besides, IE5.x has had the same functionality. And, power users can get Guidescope (http://www.guidescope.com/) or Junkbuster if they want to manage their cookies effectively.




Re:/. hypocrisy (3)

Quarters (18322) | more than 13 years ago | (#166644)

You forgot raging about the MPAA, asking us to boycott movies, and then providing us with useless Katz reviews of movies *every* week.



Re:Cookie Monitor (2)

IanO (21302) | more than 13 years ago | (#166645)

CookiePal does just this, although it's a Windows only application.

I can deny all cookies from a domain, accept all cookies for a domain or view the cookie and decide if I want to accept it. I can see all the cookies that are set and delete them also.

------
IanO

See the website (2)

scotpurl (28825) | more than 13 years ago | (#166648)

http://ideageek.com/security/iecookies

It's just a registry dump from my computer from this morning. I really need to automate it.

Anyway, that's my list. Would love to compare.

Installed it, and got the OSDN bug on this article (4)

scotpurl (28825) | more than 13 years ago | (#166649)

In the realm of cosmic irony, I installed the web bug tracker, then went into this full article, and promptly got the OSDN web bug.

If you're among the folks like me that have to use IE, use that Restricted Sites setting under the security tab (and while you're in there, crank that restricted zone up to disallow derned near everything). Also set your browser to warn you when you get cookies. Add entire that want to set cookies to your restricted zone. None of the muss and fuss of an ad filter (which breaks everything when I have to VPN to the office).

For the first couple of weeks, you'll be adding a few sites per week. I also added to mine the list someone posted of the sites that track users the most. I don't get cookies now, unless I'm actually shopping online. :-) If someone wants a copy of the list, I could find a home for it.

Re:How Dare they?!?! (1)

31eq (29480) | more than 13 years ago | (#166650)

Try reading the website.

I tried

They explain that webbugs are images, typically 1x1 pixel, that record your personal information and are usually inserted into a page by a third party (i.e. ad agencies).

Sure, so can you explain where /. uses these? I can think of a few related things it does do:

  • Use blank images for alignment
  • Serve images from a dedicated server
  • Send cookies with its banner ads

Each of these might trip a web bug detector, but I don't think any of them qualifies under your definition (also in the Bugnosis FAQ -- I got to that).

So, does /. use web bugs or not?

Of course, if you spent more than 2 seconds looking at the linked page, you would have figured that out.

Dude, I can stare at a blank screen for as long as I like, it won't help. The original poster suggested he may have been having the same trouble.

Re:I don't get it. (1)

Lew Perin (30124) | more than 13 years ago | (#166651)

There's another way to sidestep web bugs: use Lynx.
That way you only view the images you really want to see.

Re:IE5 had this too (1)

Kartoffel (30238) | more than 13 years ago | (#166652)

Yup. IIRC it was "IE 5 Advanced Security Privacy beta". The 3rd part cookie thing is missing in IE6 though. Suckage.

Re:How Dare they?!?! (3)

blowdart (31458) | more than 13 years ago | (#166654)

It uses a table, so the formatting on this will be way off

Bugnosis analysis of: Articles: Web Bug Detector (http://slashdot.org/comments.pl?sid=01/06/08/1220 230&op=Reply&threshold=-1&commentsort=0&mode=neste d&pid=18)

Highlighted images may be Web bugs.

Properties Contact Image URL

Tiny, Once, Domain, TPCookie (anon=anon_id&-1-vGtvAizyjA&boxex&%27whatsnew%27%2 C%27slashdot-main%27%2C%27freshmeat-main%27%2C%27n ewsforge-newsvac%27%2C%27sourceforge-news%27%2C%27 linux-news%27%2C%27open-mag%27%2C%27questionexchan ge-top10%27%2C%27themes-new%27%2C%27thinkgeek-new% 27&exboxes&%27whatsnew%27%2C%27slashdot-main%27%2C %27freshmeat-main%27%2C%27newsforge-newsvac%27%2C% 27sourceforge-news%27%2C%27linux-news%27%2C%27open -mag%27%2C%27questionexchange-top10%27%2C%27themes -new%27%2C%27thinkgeek-new%27) http://sd- images.osdn.com/Slashdot/pc.gif?comments,992003991 337

Property name Description

Tiny image is tiny, so is probably not meant to be seen

Protocols image URL contains more than one Web protocol name (e.g., "http:" twice)

Cookie image URL overlaps with the cookie field too much

Lengthy image URL is unusually long

Domain image comes from a different domain than the main document

Once image is used only once in the document

TPCookie image comes from a different domain than the document and manipulates a cookie (Third Party Cookie)

Recognized compares the URL against a set of recognized Web sites

IE6 (1)

alder (31602) | more than 13 years ago | (#166656)

... has this feature returned.

Slashdot *is* OSDN (3)

Russ Nelson (33911) | more than 13 years ago | (#166658)

Of course Slashdot contains an OSDN webbug. Slashdot is owned by OSDN. Some people gotta turn their paranoia control WAY down, otherwise they're gonna start seeing black helicopters soon.
-russ

Big Deal ! (4)

umeshunni (37684) | more than 13 years ago | (#166659)

My netscape browser can detect any web bug ! it prints "Bus error (core dumped)" everytime it sees one !

Here they are: (5)

Grendel Drago (41496) | more than 13 years ago | (#166660)

From www.slashdot.org/ :

<SCRIPT LANGUAGE="JAVASCRIPT">
<!--
now = new Date();
tail = now.getTime();
document.write("<IMG SRC='http://sd-images.osdn.com/Slashdot/pc.gif?ind ex,");
document.write(tail);
document.write("' WIDTH=1 HEIGHT=1 BORDER=0><BR>");
//-->
</SCRIPT>
<NOSCRIPT>
<IMG SRC="http://sd-images.osdn.com/Slashdot/pc.gif?ind ex,992004976" WIDTH=1 HEIGHT=1 BORDER=0><BR>
</NOSCRIPT>

Yep, there they are. Web bugs if I've ever seen 'em...

-grendel drago

Re:I hate webbugs!! (1)

wiredog (43288) | more than 13 years ago | (#166661)

Your sig:"Keeping /. free of grammatical errors for 3 years."

Your post: "Websites that use webbugs should be drug out back and shot!!"


And more... (3)

wiredog (43288) | more than 13 years ago | (#166662)

Three from our friends at k5 [kuro5hin.org] .

Oh My God! Rusty's tracking me! That Low-Life Capitalist Corporate Big Business Pig! What do he and Inoshiro want with me! Why can't you guys leave me alone!!!!

I don't get it. (2)

oneiros27 (46144) | more than 13 years ago | (#166667)

What the difference between these so called 'web bugs' and 'cookies'?

Hell, if you link to an image off-site, someone can get your IP address, etc. [With a little bit of javascript and a redirect, you can get a whole crapload of information about the person that you're not supposed to]

Personally, I refuse to download any software, not only because it's for IE, but because then the people I'm downloading from would know my IP address. [Can someone please tell me how people are supposed to send you content if you don't give them an IP address?]

cookies and ad filters (1)

mr100percent (57156) | more than 13 years ago | (#166671)

Wouldn't asking for each cookie and using ad filtering software have the same effect?

fancy shmancy (2)

joq (63625) | more than 13 years ago | (#166673)


Anyone ever notice how Netscpae has a feature in Edit/Preferences that says "Only accept cookies sent back to original server" well use it. Personally I use Junkbuster with about 3 sites allowed to send me cookies. Only problem I get with this is when I visit Slashdot I'm never truly logged in until I post since no info is sent back up until I go to post.

There was a method about a year ago if I'm not mistaken between August - Novemember about an email trick or service to track whether someone read your email. Marketing companies are all run by Dr. Evil anyway so there isn't much you can do. You complain they remove X service and replace it with something more evil.

Re:Cookie Monitor (2)

selectspec (74651) | more than 13 years ago | (#166677)

You could author a simple script to do that. The problem is that some cookies you probably want to live. For example, I want my NYTimes cookie to live, so I dont have to login all of the time. Same with my slashdot cookie. I dont care if the NYtimes tracks my demo-data: He logins in, he views the front page, he views the tech page, he views the business page, he views the science page, he never clicks on an add. However, I don't want some pr0n site tracking my movements, nor some crappy software company that's going to correlate me with an email address that I registered to buy something with.

Cookie Monitor (3)

selectspec (74651) | more than 13 years ago | (#166678)

If I were designing a browser, I would have a cookie monitoring window, which would log cookie activity. One could author filtration scripts to block certain domains from cookie access, manually delete cookies from the monitor window, etc.

Re:Apache Privacy Issues (1)

oldstrat (87076) | more than 13 years ago | (#166682)

Almost ALL grownup webservers do this.
It's a rational requirement for auditing, not for privacy but for functionality and operations.

McNealy [http] was right "You have zero privacy anyway,"... "Get over it.".

It isn't a pleasant thought, but it is reality.
Everyone from the phone company (or cable) to the author of a GeoCities site can get information about you activities to one degree or another.

It's kind of like going to the grocery store and not wanting ANYONE to know you picked up a copy of RedBook magazine. The retailer has to know, and there's no way to keep the person behind you in line from knowing. In that sense you have more privacy on the web than you do in the temporal world.

Does Not Does Not (5)

oldstrat (87076) | more than 13 years ago | (#166684)

The author of the CNET article chould have taken one more step in research... and the author of the slashdot article should have verified.

http://www.slashdot.org
Contained a bug from the Open Source Development Network (OSDN.com)

SLASHDOT is part of the OSDN pages by VA Linux.
It's not a 'bug'.

Bugnosis isn't smart enough to tell the difference between a real bug and a simple page counter, and probably can't be. We should really worry about much more important things and stop feeding paranoia.

Re:I don't get it. (4)

cs668 (89484) | more than 13 years ago | (#166687)

Cookies are simply a way of adding state to a stateless protocol. So for the most common example you could automatically remember your username to slashdot the next time you return.

Most good browsers will let you set them to only receive cookies from the host you are connecting to. And cookies should only get sent back to the host that they came from.

These "web bugs" allow a site to send information to a third party( eg Addvertiser, Government agency, ... ) by causing another http request to be made. THis request, although it is for an invisible image, could have peramaters. These parameters could send all of the info that one site has collected about you to another. That third party site could then also send a cookie for its own use to your system.

I hope this makes sense, I am not quite awake.

One word - Junkbusters (2)

artch (90245) | more than 13 years ago | (#166688)

Junkbusters is your friend. Tested it against the Washington Post example page. With out the Junkbusters proxy, four "bugs" found. With the Junkbusters proxy, zero "bugs" and fewer ads. (http://junkbusters.com) You may need to spend some time getting your configuration the way you want it. There is a RPM package with some "improvements" and workable block/cookie files. Microsoft Windows users will have to create their own config files.

Re:I hate webbugs!! (2)

4of12 (97621) | more than 13 years ago | (#166690)

Right on.

I'm thinking that the reverse approach might be helpful here.

That is, instead of filtering to remove webbugs, they should be culled out carefully and rebroadcast to some zombies that will keep those nosy sites more than tickled with a flood of requests.

Of course they didn't check up on the article (2)

edibleplastic (98111) | more than 13 years ago | (#166691)

That would mean:

a) Michael would actually have to do some investigating
b) he would have to use IE.

Two things that the Slashdot crew will never do.

MOD THIS UP!! (3)

edibleplastic (98111) | more than 13 years ago | (#166692)

Everytime something happens with Napster or the MPAA, someone on Slashdot says "well stop sitting there talking about it on Slashdot and actually *do* something! Go boycott them or donate to the EFF" blah blah blah. So maybe instead of just talking about privacy issues or the tyranny of gif patents, Slashdot could actually get off its duff and do it. I know how much time it takes to convert a whole website, but its something that could be done incrementally.

Re:iCab (2)

Christianfreak (100697) | more than 13 years ago | (#166694)

Looks like it could be really cool if the weeny writting it would port it, or allow it to be ported. From the looks of things he's one of those rabid Mac users (there is no other system) :)

"One World, one Web, one Program" - Microsoft promotional ad

Re:Installed it, and got the OSDN bug on this arti (3)

borzwazie (101172) | more than 13 years ago | (#166695)

Actually, I've been doing restricting sites in IE (at work) for some time in this manner.

Windows stores these restricted sites in a location in the registry, here's an example:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu rr entVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]
"*"=dword:00000004

I made a big list of these using one of those websites that list tracking networks and a short Perl script, then edited it for the particular machine I was on (Windows 2000 requires the header "Windows Registry Editor Version 5.00" whereas older versions of Windows require "REGEDIT4").

You can export these lists and share them with everyone but be careful when you accept these as people can add themselves to unrestricted zones if you don't read the registry files (note the dword value at the end, should be "4").

Re:I don't get it. (1)

skwog (101252) | more than 13 years ago | (#166696)

proxies.

Re:I don't get it. (2)

DeepDarkSky (111382) | more than 13 years ago | (#166697)

Not knowing enough about the topic, I can only explain that my understanding is, web bugs use cookies, but not all cookies are for web bugs. Web bugs are things like little one pixel GIF files or banner ads. It's especially useful when you are talking about different website that contains web bugs from the same place, because the site that is serving up the web bugs can track you across web sites using cookies they've placed on your machine.

As far as downloading, people can still send you things if they don't have YOUR IP address - some kind of proxy system would do.

Wait a second... (1)

acoustix (123925) | more than 13 years ago | (#166706)

Bugnosis only runs on Microsoft Explorer so why was this article on Slashdot? From what I've been reading lately (especially from Jon Katz) I thought that all Microsoft products were evil and stuff. Would someone at Slashdot make up their mind?

Re:Apache Privacy Issues (1)

jallen02 (124384) | more than 13 years ago | (#166707)

LOL Cute ;P

an idea on filtering these thigns out (1)

Adler (131568) | more than 13 years ago | (#166709)

Why not make a filtering method that can rather than just block the cookie, communitate with the cookie, have a section of the cookie be a message explaining to the filtering software what the cookie does where its from, etc... and display this to the user. Sure some sites could lie about what the cookie is actually doing, but in the case of my former employer, a online stock trading site, they use a cookie to time your login time, which expired after an hour. So when people block cookies they can't get logged in and they called us mad as hell that we wouldn't let them log in, this way if they're filtering cookies with this method, they would see that that cookie is used to log them in and only that. Any feedback people?

Proxies that filter web bugs (4)

Rushuru (135939) | more than 13 years ago | (#166712)

There are some proxies out there that filter banner ads / cookies / and web bugs.

One of the most interesting ones is webwasher (http://www.webwasher.com - for windows & linux, free for personal use, not open source).
Webwasher does not use regular expressions to filter images: it filters them by size. Most banner ads have a standard size (for ex 468x60). Webwasher has a list of known banner sizes and filters all images which match the list of sizes. And it's efficiency is very impressive!

Thus, using webwasher, it's very easy to filter all web bugs which are usually 1x1

Alas, webwasher is not opensource and has some issues. But I think that the idea behind this product is great and I'd love to see it implemented in an opensource proxy :)

The way webwasher handles cookies is also very interesting: you can specify 3 sorts of cookies
- the good ones (allow them, keep them)
- the neutral ones (allow them, delete them after 24 hours)
- the bad ones (always block)

The default policy for unknown cookies is to set them to neutral; that lets the user visits site normally (without the occasional glitches that happen when you block all cookies with sites that won't let you browse without allowing them), without compromising the privacy of the users for cookies are deleted after 24 hours.

Re:Must be the early morning lack of coffee (1)

technoid_ (136914) | more than 13 years ago | (#166713)

Just look int he source and see if it was written with Front Page...easy way to find bad html

Web Bugs And Corporate Policy (5)

Self Bias Resistor (136938) | more than 13 years ago | (#166714)

First post insanity aside (trust me, it's only fun for about 5 minutes and bad for your karma because moderators despise it), there's this quote featured in the CNN article [cnet.com] (yes, I do actually read the related articles before posting flamebait):

"Our goal with the software is to reveal how Web bugs are tracking all of us on the Internet and to get companies to 'fess up' about why they are using them," Richard Smith, the Privacy Foundation's chief technology officer, wrote in his privacy tip sheet.

"Any company that uses Web bugs on their site should say so clearly in their privacy policies and explain the following: why they are being used, what data is sent by a bug, who gets the data, and what they are doing with it," he added.

There are two things that I'd like to point out about those statements. First of all, companies with web sites are (in most countries) legally required to tell you about what kind of data they collect and what they do with it. The majority of such privacy statements either consist of the usual "we don't collect any information that can personally identify you" variety or they are hidden beneath so many links at the very bottom of the most obscure pages in the site that your average user never reads them.

Second of all, I agree with your point regarding the suggestion that companies should be required to thoroughly explain what kind of bugs they use (if any), what's sent and received and where the data goes. I personally think it's a great idea. And it's all well and good for sites that deploy their own web bugs. But what about the web sites who use web bugs belonging to other websites (e.g sites who use DoubleClick web bugs, or Slashdot using a web bug from OSDN)? The application should be the same, of course, but how is that handled from a legal perspective? Who is responsible for the "bug"? The company who wrote/owns it, or the company that deploys it? Answers to any of these questions are more than welcome (particularly by someone involved in the legal profession), as I'm sure that there's at least some of us Slashdot readers that would like to know.

Self Bias Resistor
"Imagination is more important that knowledge." - Albert Einstein

Re:hey guy, it's okay! (1)

kel-tor (146691) | more than 13 years ago | (#166718)

lmao, i wish i had mod points today:--)

Bah! (4)

Lizard_King (149713) | more than 13 years ago | (#166719)

As any open source fanatic will tell you, it is imperative that you read the HTML source of every page that you view.
We don't need no stinkin' Bug Detector!

--- note sarcasm ---

Re:Slashdot and Web Bugs (1)

gimple (152864) | more than 13 years ago | (#166720)

Even our private information? This really is a tyrannical paradox isn't? I would rather have information remain un-free then, thank you.

Slashdot and Web Bugs (2)

gimple (152864) | more than 13 years ago | (#166721)

My wife has a modified Iopener that is in our kitchen. I use it occasionally to read Slashdot.

The LCD screen on it displays the Slashdot web bug as a 1 pixel white spot above the banner. If Slashdot didn't have a black background, I wouldn't have seen it.

I find it curious, that with all the discussion on privacy and our rights on line, that Slashdot would use web bugs. I imagine that when it comes right down to it they had to make a choice: no web bug or money, and they went for the money.

With all the talk about the higher priciples of Information Wants To Be Free, Privacy, Rights, Free Software, Etc., the inclusion of this tracking technology into Slashdot really shows that the Dollar is really more powerful than some would like to admit.

junkbuster (1)

handle (156615) | more than 13 years ago | (#166723)

I use Junkbuster [junkbuster.com] for all my filtering needs. I've got a long list of stuff that gets killed automatically including lots and lots of webbugs. It's easy to maintain - all I do is occasionally look through my cache and plonk anything I don't like. An added benefit, at least back when I was dialing up, was the increased page load speed because I didn't have to wait for banners and counter gifs and so forth.

What about Mozilla/Netscape and other browsers? (1)

the_olo (160789) | more than 13 years ago | (#166724)

Do they plan to release plugins for other browsers? No word about that in their faq...

Re:One word - Junkbusters (1)

Capt. Beyond (179592) | more than 13 years ago | (#166725)

Microsoft Windows users will have to create their own config files.

No they don't. I even use the same damn files for both platforms.

Mozilla (4)

Jodrell (191685) | more than 13 years ago | (#166732)

One of the cool things about Mozilla (and its Linux [sourceforge.net] and Windows [kmeleon.org] derivatives) is the opportunity to only accept cookies from the current page. I'm sure that when Mozilla is released and starts to take chunks out of IE's dominance, people will start to use this feature and web bugs will become less useful.

Cool, but Someone's gotta watch the watchdogs... (2)

Junior J. Junior III (192702) | more than 13 years ago | (#166733)

Is bugnosis open-source?

And if it's not, how do I know that it's not spying on me?

Re:Mozilla (2)

ichimunki (194887) | more than 13 years ago | (#166734)

IE on Mac OS has this in 4.5, if not earlier. Heck, Lynx has this.

But if you want excellent cookie control-- not to mention some real control over Java[Script]* then the browser to have is Konqueror.

So? (2)

GroovBird (209391) | more than 13 years ago | (#166735)

I'm still thinking about the consequences. A few years ago every idiot i ran into tried to convince me of disabling Cookies while I still think it's a great idea.

Now I find myself left wondering wether it's ok for one website to transmit this sort of information to another website. I'm even wondering why they try to sneek it into the client like this instead of just sending each other grepped weblogs.

What's useful about this?

And what are the privacy implications?

Web bugs = bad name, not so bad tactic (3)

closedpegasus (212610) | more than 13 years ago | (#166738)

What's the big deal with web bugs, anyway? As long as the tracking that's being done is for use by the site I am visiting, I see no problem with them...it's just a tactic for getting usage statistics about your site. And what's wrong with that? When you go to a store, there are video cameras watching you, and records of your sales, etc...why shouldn't a website know which pages were visited? As long as the information being collected can't be used to uniquely identify me, I see no problem with it. A web bug can't collect any more information than your standard log file, and maybe get access to your cookies. But it can only access cookies *that were set by it in the first place*. Web sites don't have the luxury of talking face to face to everyone who comes to the site, like a retail store does. Somehow, they need to monitor what's going on, and a web bug is one way to do a good job of it. One could easily add the same code the web bug executes to the top of every page...and I don't think there would be any problem with that. Web bugs are just a more elegant solution -- you can abstract out all those tracking functions, and use it as a module.

"All your cookies are belong to us" (2)

tenzig_112 (213387) | more than 13 years ago | (#166739)

So /. has been bugging me this whole time. You think you know somebody and then something like this happens. My most paranoid fantasies are coming true.

In other news: "Do Nothing" Congress Becomes "Highly Ineffectual" Congress [ridiculopathy.com]

Re:Web Bugs And Corporate Policy (3)

update() (217397) | more than 13 years ago | (#166742)

Richard Smith writes:
"Any company that uses Web bugs on their site should say so clearly in their privacy policies and explain the following: why they are being used, what data is sent by a bug, who gets the data, and what they are doing with it," he added.

The submitter writes:
It would seem our beloved slashdot has them as well.

Of course, a number of Slashdot readers were already familiar with this topic -- those of us who sometimes read at -1 have seen this subject raised and modded down, and then addressed by Slashdot editors who are then modded down by angry trolls. Or you can read about it on one of the troll web sites.

And this is the way all information about Slashdot is handled. Why did moderation go completely nuts a month ago? The only official word was in a -1 post from Michael buried in a -1 thread. Beyond that, you have to read (site whose name I won't mention to avoid getting 200 idiot sporks and crapflooders on my case) to find out what's going on. As always, security through obscurity doesn't work; it only confines the information to the people you least want to have it.

The bottom line, though, is that it comes down to trust. There's never been an official explanation of what the web bugs here do but while I don't, for instance, trust the editors to have any concept of what it means to be logically or ethically consistent, I do believe that they wouldn't do anything outrageous to my privacy.

Unsettling MOTD at my ISP.

slashdot's 'web bug' (1)

tigrrl (219188) | more than 13 years ago | (#166744)

I don't know about web-bugs, but I do keep getting hits from images.slashdot.com on my firewall...

I'm not surprised. (1)

AFCArchvile (221494) | more than 13 years ago | (#166745)

http://www.slashdot.org Contained a bug from the Open Source Development Network (OSDN.com)

Gotta pay the bills somehow, right? Also, they demonstrated their bad habit of sticking in "www", even though NONE of the links here have it. How dare they.

/. requires cookies (1)

CrayzyJ (222675) | more than 13 years ago | (#166746)

Is THIS why /. requires its users to have cookies turned on even though they never transmit them to our browsers? No, I am not paranoid, but that would make sense.

Re:slashdot pages (1)

AndroidCat (229562) | more than 13 years ago | (#166748)

Even simpler, toss doubleclick.net into c:\windows\hosts and point it to 127.0.0.1

Re:Does Not Does Not (2)

(H)elix1 (231155) | more than 13 years ago | (#166750)

OSDN _used_ a webbug - a 1x1 pixel trans gif.... It could very well be just a page counter. Looking at the one I see right now.

IMG SRC="http://sd-images.osdn.com/Slashdot/pc.gif?com ments,992005157" WIDTH=1 HEIGHT=1 BORDER=0

reguardless of what it is doing, that looks like one to me. guess I could check the source and see what it is up to...

Anyhow, web bugs - like cookies or anything else - can be used for both good or evil. There was no judgment here, just a chuckle at who they listed as sites with web bugs.

Re:I don't get it. (5)

(H)elix1 (231155) | more than 13 years ago | (#166751)

Cookies are not the big deal. I can block those. Its the 1x1 gifs that kick off an HTTP request, with additional params that bother me.

Look at a few and you will see...

http://svr/path/[*.dll|.gif|etc]?param0=xxxx (amps)param1=xxxx...

That, my friend, gives you something far better than just a server log entry. And there is no blocking it... unless you start taking notes and set up your host table to say *.evilsite.com is at 127.0.0.1

Apache Privacy Issues (5)

MeowMeow Jones (233640) | more than 13 years ago | (#166752)

There is a little-known feature in the Apache Webserver that quietly logs your IP address as you view pages from it.

Trolls throughout history:

not all bugs bite (1)

jaavaaguru (261551) | more than 13 years ago | (#166755)

Hey slashdot's bugging us!

From a web developer's point of view, if they didn't, how would your log-in information be retained when you look at a web page that isnt dynamicly (sp?) created, then look back at one of the comments.pl pages? huh?

If all of the site was dynamic content, then i suppose authentication info could be embedded into each page. But not all pages are dynamic, so the information's gotta be stored somewhere - and that somewhere isn't server-side (think what happens if you're on a dial-up connection and you pull your plug, someone else gets your IP and without cookies, the server doesn't know that its a different person).

Cookies have their valid uses, and I'm sure slashdot knows that and that's why they use them. I think its time people stopped being upset about every site that uses cookies and start focusing on only the ones that do Nasty Things with them.

Why I don't own a Tivo (and probably never will) (1)

Zeinfeld (263942) | more than 13 years ago | (#166756)

Tivo is a doomed company. The 'razor and blades' strategy is a profitable one but always fails when someone can buy a razor that does not need new blades. With Tivo the 'subscription' service is simply rental for the machine. There is no reason why TV schedule information should cost the amount they charge. $10 a year would leave them a huge profit on the service component. Tivo lose cash on every box they sell to get people hooked on the service.

Tivo's lack of 30 second skip removes 60% of the reason to buy one. As does the closed nature of the box. It is not possible to move data from one Tivo device to another via wireless ethernet, it is not even possible to add extra drives to the box - not without inordinate hassle.

Tivo will die, good riddance. They will be replaced by cheap commodity appliances from manufacturers that do not charge inflated subscription fees, or by better TV tuner card software for PCs. Why do people who would never buy a crippleware 'email appliance' leap to the defence of the grasping business model of Tivo?

??? Wrong thread ??? (2)

Zeinfeld (263942) | more than 13 years ago | (#166757)

How did that post get into the Web Bugs thread ?? Did IE have a nervous breakdown?

Napster, Aimster, and now ... Dumpster (1)

Pogue Mahone (265053) | more than 13 years ago | (#166758)

... where you can share all your favourite core dumps from Mozilla and other programs.

WARNING: sharing core dumps from proprietary programs might be an infringement of copyright.

--

Re:Apache Privacy Issues (1)

Sven Tuerpe (265795) | more than 13 years ago | (#166759)

There is a little-known feature in the Apache Webserver that quietly logs your IP address as you view pages from it.

According to http://www.bigbrotheraward.de/ [bigbrotheraward.de] (in German), the Apache Software Foundation [apache.org] actually received one of last year's Big Brother Awards.de for the Apache Web server [apache.org] logging IP addresses in default configuration.

Re:So? (1)

Sven Tuerpe (265795) | more than 13 years ago | (#166760)

A few years ago every idiot i ran into tried to convince me of disabling Cookies while I still think it's a great idea.

Cookies certainly are a good idea, if for instance used to transmit session IDs or to save personalized settings. Being a developer, I use cookies myself for purposes like these. But cookies are also abused. It is not acceptable to me, and many other Web users, that a site one never deliberately requested something from, tries to set a cookie valid for the next fourty years with no visible reason. Who do they think they are? Wouldn't it be nice for them to first say: "Hello, my name is ... and I would like to ... ?"

I think it is this style of complete and perfect ignorance which upsets people and makes them turn off cookies. It basically says: "We are going to own your browser, and never release control to you."

Re:Cookie Monitor (2)

Sven Tuerpe (265795) | more than 13 years ago | (#166761)

If I were designing a browser, I would have a cookie monitoring window, which would log cookie activity.

If I had a choice I would prefer a browser that helps me to manage the various cookies (or better cookie-requests) rather than showing me all those cookies in a monitor window.

Cookie management here denotes something which allows to:

  • Reject cookies by originator, lifetime, or purpose, the latter one being particularly difficult to implement,
  • Accept cookies explicitly in certain situations, e.g. when clicking the save-my-settings button somewhere, and
  • Surf the Net undisturbed by cookie request dialog windows.

Compared to Netscape-style cookie warnings, such management would be actually usable and useful. It would give the user actual control instead of a simple cookies/no cookies choice. And such a scheme would preserve the option of using cookies where they offer some added value to the user, like in personalisation of sites.

Personally, I don't want to monitor cookies, I just want to ignore most of those having a lifetime of more than a few days. Web browsers should support this type of control.

Cookie != bug (1)

SpeelingChekka (314128) | more than 13 years ago | (#166765)

From a web developer's point of view, if they didn't, how would your log-in information be retained when you look at a web page that isnt dynamicly (sp?) created

Did you read what the article is about? Its not about cookies, its about web bugs, which are a totally different thing. They may use cookies, but cookies themselves are not web bugs. Slashdot can perfectly well retain your log-in information using cookies without bugging you.

Re:I don't get it. (3)

SpeelingChekka (314128) | more than 13 years ago | (#166767)

What bothers me most is the scale on which the tracking is done; since so many sites use particular ad agencies (say doubleclick) they can build a list of many of the sites I've visited. For example, say I browse a gay porn site, then I browse a Quake3 games site, then I visit Amazon to look for comic books. Double-click need only have an information-supplying affiliation with one of those that may have my "real" personal details, name etc (for example Amazon), from that they can build a fairly extensive database of what I do online. All without my consent, which is against the law in my country, but in the US it seems companies can do this openly with no fear, so I'm guessing its not illegal in the US.

No!! (3)

SpeelingChekka (314128) | more than 13 years ago | (#166768)

I see no problem with them...it's just a tactic for getting usage statistics about your site. And what's wrong with that

You missed the point. Thats fine, there is nothing wrong with that, but that is not the issue here. Web bugs are not attempt to gather statistics at a specific site, web bugs are attempts to track surfing across multiple unrelated sites. For example, say I visit a gay porn site, which have some doubleclick ads with hidden bugs in. Then off I go to Amazon.com to order a book about fly fishing, and unbeknownst to me, once again doubleclick has web bugs on Amazons site. So now a company (doubleclick) has a database linking the same user to those two completely unrelated activities. Now all doubleclick needs to do is establish some sort of affiliation with Amazon, and whammo, doubleclick suddenly knows my name, and has a database indicating that I have bought books on fly-fishing, like gay porn, browse slashdot, am anti-Microsoft, enjoy reading The Onion every Wednesday, whatever, they have a huge database on me. All without my consent or knowledge (which happens to be illegal in my country, but it would seem not in the US.) Sure you can say "don't use cookies" or "delete your cookies regulary", but what the fuck, thats not a solution, thats purely symptomatic treatment of the REAL problem, which is that these companies should be strictly prohibitied from doing this sort of thing in the first place. Either way, more than 80% of people are not even going to know how to delete their cookies or will just be too ignorant of the problem to care. Americans seem to love treating the symptoms of a problem but ignoring the actual problem itself.

And you may not think doubleclick would be able to collect much info - but trust me on this - double is EVERYWHERE. It is virtually impossible to do casual web browsing for more than a few hours without getting doubleclick cookies. Try it. Delete all your cookies, browse for a while (casual browsing, e.g. some slashdot, maybe some cnn or other news sites, maybe some gaming sites etc), and see what cookies you have. Chances are extremely good you have doubleclick.net, bfast.com, hitbox.com, flycast.com, avenuea.com and a few of the other very common ones.

We're not talking about web statistics or cookies here. Get the facts straight.

Re:Here they are. (1)

afroginthevalley (316822) | more than 13 years ago | (#166769)

Another nice way to detect those (and do much more) is to use Eric Meyer's tactics outlined in his CSS anarchist articles (1 [oreillynet.com] ,2 [oreillynet.com] ). This method is fully standards compliant, easy to customize and even fun...

One word - Guidescope (1)

mgarraha (409436) | more than 13 years ago | (#166771)

Junkbusters now recommends a newer, more user-friendly proxy called Guidescope [guidescope.com] . See Junkbusters' Guidescope FAQ [junkbusters.com] . I've been using Guidescope betas for 6 months with few complaints. They say they will release the source code 8 months after the 1.0 binary release.

Re:Proxies that filter web bugs (2)

mgarraha (409436) | more than 13 years ago | (#166772)

Webwasher does not use regular expressions to filter images: it filters them by size.

Excellent! Does it block them based on the <IMG> tag attributes, or does it go ahead and load the image headers? Guidescope [guidescope.com] uses a central database of image URLs that users have chosen to block individually. Now if I can find a way to chain Webwasher and Guidescope together, my solution will be complete.

clearpixel.gif (1)

arktkbear (413652) | more than 13 years ago | (#166773)

slashdot has had the 1 pixel gif in their page for a loooooong time now. if you haven't noticed, i don't know where you've been.. a simple view source will show you. this isn't any amazing tool

doug

Re:iCab (1)

jonathanjo (415010) | more than 13 years ago | (#166774)

From their FAQ: [icab.de]

Will there be a version of iCab for Windows or Linux?

We are not interested in Windows and we believe that the graphical interface of Linux is not very good (compared to the Mac). We would like to focus on the Mac and want to make a good browser for Mac OS in the next few months.

So yeah, they're German Mac bigots. Guess it takes all types.

iCab (4)

jonathanjo (415010) | more than 13 years ago | (#166775)

Yet another reason iCab [icab.de] is my favorite browser.

It has the most sophisticated filtering system I've seen. You can filter cookies using many criteria, including (my favorite) blocking cookies that come from a different domain from the main page. AND you can filter IMAGES by size, w/ options to exclude sizes including 1x1px (this blocks most web bugs) as well as most common advertisement sizes, like the ubiquitous banner. What you get instead is a blank banner-(or whatever-)sized space with an icon of a coffee filter in the corner. Hee!

And speaking as a web designer, the feature doesn't compromise the legitimate use of spacer GIFs.* Page design is preserved, and who cares if the 1-px. GIF is actually loaded or not.

*Yes, I know that with CSS we shouldn't need spacer GIFs. I will rejoice when browser support for CSS is consistent enough for us to rely on them. Meanwhile, though, clients still tend to expect web pages to be as as precisely designed as print, and sometimes you gotta cheat. But that's another discussion.

Re:How Dare they?!?! (1)

TheLostOne (445114) | more than 13 years ago | (#166776)

*cough*..

Well I do admit I posted that a bit quick in an effort to grab First Post but I DID read the article... just explained myself poorly.

Just for kicks... I'll rephrase: Does anybody have any knowledge what kind of webbugs our 'beloved slashdot' is running.

------ cat ~/lamesig >> ~/lamecomment ------

Public relations lesson (1)

Krelboyne (451082) | more than 13 years ago | (#166779)

A quick read of the article reveals the Slashdot "bug" to be of little concern, but... Why not address the issue when posting the story? Kudos for going with the submission that mentioned Slashdot, but don't you think your readers would expect some response? That's a pretty MS thing to do, in my book.

-----------------

Now the paranoid will stay away... (1)

Zen Mastuh (456254) | more than 13 years ago | (#166781)

Now gone are:

The TimeCube [timecube.com] guy

The Madonna-and-the-U.S.-Navy-are-after-me [mansue.com] guy

Surely others (please reply w/ some links, folks)

After all, if /. has bugs then /. is just a part of the conspiracy. Kinda makes me curious as where /. was on the morning of November 22, 1963...

hey guy, it's okay! (3)

turbine216 (458014) | more than 13 years ago | (#166782)

that little /. bug is intended to merely collect your anatomical information and take a little something we like to call a "DNA fingerprint". makes it easier for everyone to know what kind of As-Seen-On-TV products you might wanna buy. _______________________________________________

Must be the early morning lack of coffee (5)

academician (458546) | more than 13 years ago | (#166783)

But I was hit with a strong sense of irony when I saw "Microsoft" and "Web Bug" and thought that someone had developed a plug-in that would tell you if the page you were viewing was written in bad html.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?