It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
An Image Tracker Experiment Revised.
page: 12
share:
I recently made a thread concerning what I call an "image tracker", and it seems perhaps I was a bit too bold in my presentation, this time I have not
embedded my tracking image, so it's not possible I'm logging people.
My intention clearly is not to track people, I made this thread to point out how exceptionally easy it is for people to use a simple image to track people. Dynamic images like these are very common.
It would be as simple as pie for me to track people on ATS using these images if I wanted to. There's no way to tell if the dynamic image can track you. This is fairly common technical knowledge, and this is not a hoax.
I wouldn't have made this example application if I wanted to harvest data about members, so feel safe any data logged in my last thread is completely deleted. So now, lets discuss this rationally.
The reason people found this concerning is because simply loading my tracker image triggers a PHP script which generates the image and sends it back.
My tracker image then shows information such as your IP, Browser, OS, location etc. Obviously a real tracker image would just look like a normal image, as to avoid attention.
The point of real concern however, was that I could also tell the PHP script to save all this data to a database or file. In fact there was quite harsh skepticism surrounding this FACT.
By using the [ats] tag to embed it on an ATS thread, the referral URL also lets me see which page the person was on when they viewed the image. That means I've got their IP and the page they were looking at.
Basically, I can keep track of anyone who views my threads by embedding these images. My thread was obviously removed because I posted a simple image that had the ability to track people (no one would have known unless I told them).
Anyone could put these images in their signature or threads and there would be no way to tell if it's just a simple image, or if it's actually saving your information to a database every time you load it.
This is a problem with nearly all forums and many other websites that allow users to post images. So instead of blatantly ignoring this common information I think it deserves some consideration.
Link to dynamic tracking image (view at your own risk): www.imagetracker.co.cc...
**it will not log you, but there's no way for me to prove that**
**lots of websites log your visit anyway**
**if you don't trust me don't click the link**
My intention clearly is not to track people, I made this thread to point out how exceptionally easy it is for people to use a simple image to track people. Dynamic images like these are very common.
It would be as simple as pie for me to track people on ATS using these images if I wanted to. There's no way to tell if the dynamic image can track you. This is fairly common technical knowledge, and this is not a hoax.
I wouldn't have made this example application if I wanted to harvest data about members, so feel safe any data logged in my last thread is completely deleted. So now, lets discuss this rationally.
The reason people found this concerning is because simply loading my tracker image triggers a PHP script which generates the image and sends it back.
My tracker image then shows information such as your IP, Browser, OS, location etc. Obviously a real tracker image would just look like a normal image, as to avoid attention.
The point of real concern however, was that I could also tell the PHP script to save all this data to a database or file. In fact there was quite harsh skepticism surrounding this FACT.
By using the [ats] tag to embed it on an ATS thread, the referral URL also lets me see which page the person was on when they viewed the image. That means I've got their IP and the page they were looking at.
Basically, I can keep track of anyone who views my threads by embedding these images. My thread was obviously removed because I posted a simple image that had the ability to track people (no one would have known unless I told them).
Anyone could put these images in their signature or threads and there would be no way to tell if it's just a simple image, or if it's actually saving your information to a database every time you load it.
This is a problem with nearly all forums and many other websites that allow users to post images. So instead of blatantly ignoring this common information I think it deserves some consideration.
Link to dynamic tracking image (view at your own risk): www.imagetracker.co.cc...
**it will not log you, but there's no way for me to prove that**
**lots of websites log your visit anyway**
**if you don't trust me don't click the link**
edit on 2-4-2011 by WhizPhiz because: (no reason given)
I clicked on it ...
and it was dead accurate..
pretty cool...
in a sinister kind of way....
and it was dead accurate..
pretty cool...
in a sinister kind of way....
reply to post by WhizPhiz
So, now that we know they are there, what do we do about them? From what I understand, utilizing free proxy servers can be just as much a security risk, as not. Would you please give the readers alternatives, should they decide to investigate further?
So, now that we know they are there, what do we do about them? From what I understand, utilizing free proxy servers can be just as much a security risk, as not. Would you please give the readers alternatives, should they decide to investigate further?
reply to post by LadySkadi
You can't really do anything about them, that's what sucks. These images are used all over the internet, so unless you want to disable images all together, the risk will remain. These types of tracking images are commonly used in emails to detect when you open it and read it.
So, now that we know they are there, what do we do about them?
Yes, proxies can be dangerous, and I wouldn't really recommend using them. The easiest way to avoid tracking via this method is to change your IP on a regular basis (you will still be logged obviously). That's a bit troublesome for some people though, and I'm sure their are other ways to hide/change your IP. All your locational data is drawn from your IP, but the browser and OS details aren't. Even I don't have a reasonable solution to this. Normal page scripts are easy to stop, but PHP is server side, you can't stop it.
From what I understand, utilizing free proxy servers can be just as much a security risk, as not. Would you please give the readers alternatives, should they decide to investigate further?
edit on 3-4-2011 by WhizPhiz because: (no reason given)
reply to post by WhizPhiz
That resulting image says "Log time: 2011-04-03 01:19:30 PM [UTC]", but it's (was) 19:19 here in Portugal.
The city is also wrong, but all sites that try to find my location fail.
That resulting image says "Log time: 2011-04-03 01:19:30 PM [UTC]", but it's (was) 19:19 here in Portugal.
The city is also wrong, but all sites that try to find my location fail.
reply to post by ArMaP
I think the time is taken from the server. It's possible the server time is set incorrectly, I never paid much attention to it. BTW, is it possible to get this thread moved out of the off-topic forum, I wanted to keep it on the down low since a lot of people seemed to freak out last time, but now it seems to be getting virtually no response.
I think the time is taken from the server. It's possible the server time is set incorrectly, I never paid much attention to it. BTW, is it possible to get this thread moved out of the off-topic forum, I wanted to keep it on the down low since a lot of people seemed to freak out last time, but now it seems to be getting virtually no response.
reply to post by WhizPhiz
The server answered "Sun, 03 Apr 2011 19:51:54 GMT", so I guess it must be something else.
And I think this is on the right forum, it's not a conspiracy, it's a technical thing.
The server answered "Sun, 03 Apr 2011 19:51:54 GMT", so I guess it must be something else.
And I think this is on the right forum, it's not a conspiracy, it's a technical thing.
reply to post by ArMaP
Oh, that's odd, I simply used date_default_timezone_set('UTC'); because I thought that would set the server time to UTC. Then I used date('Y-m-d h:i:s A').' [UTC]'; in order to get the date. I'm not quite sure what's wrong with that. It's obviously because I'm adding UTC to the string manually but the date function isn't giving me UTC time.
Fair enough point.
EDIT: I actually just looked at the time on the tracker image and it's correct for me. Odd.
The server answered "Sun, 03 Apr 2011 19:51:54 GMT", so I guess it must be something else.
Oh, that's odd, I simply used date_default_timezone_set('UTC'); because I thought that would set the server time to UTC. Then I used date('Y-m-d h:i:s A').' [UTC]'; in order to get the date. I'm not quite sure what's wrong with that. It's obviously because I'm adding UTC to the string manually but the date function isn't giving me UTC time.
And I think this is on the right forum, it's not a conspiracy, it's a technical thing.
Fair enough point.
EDIT: I actually just looked at the time on the tracker image and it's correct for me. Odd.
edit on 3-4-2011 by WhizPhiz because: (no reason given)
reply to post by WhizPhiz
Another ATSer used to have this link on their siggy line.
IP Banner
This one doesn't require you to open anything or save anything, it just shows your IP address, and a little info. I thought it was pretty cool!
Another ATSer used to have this link on their siggy line.
IP Banner
This one doesn't require you to open anything or save anything, it just shows your IP address, and a little info. I thought it was pretty cool!
I want to add something here.
Firstly, Whiz, you got me I honestly thought the images on here would have resolved to ATS and not the machine viewing them. SO in that you are owed an apology from me.
However, unless you were to specifically target people in U2U, you would never be able to put an IP to a username. Unless you were very lucky and they posted to reveal who it was that was actually viewing.
So in a large thread you'd receive dozens of not more IP addresses.
While this can be in and of itself negative for the overall members, it is only with a singled out individual can you retrieve the IP in conjunction with the user.
For those thinking the details you see linked in the Image are nifty - there are many services that you can use in order to get information about an IP - and as Armap stated, not all of it is accurate.
I'm sure Whiz coded his however, and knowing the method he uses, I know it is indeed possible.
Infact, you wouldn't even be aware of it should someone use a transparent 1x1 pixel image in their signature.
The signature is not revealed in code should someone quote the reply. So you'd never know your IP was sent by merely looking at a thread let alone they had an image that was invisible.
Again Whiz, my apologies for my misconception. You were half right, but had you not U2U'd me, you'd still never have been able to prove to me as you did
I take that as a lesson learned - hello constant proxy !!
lol
Firstly, Whiz, you got me I honestly thought the images on here would have resolved to ATS and not the machine viewing them. SO in that you are owed an apology from me.
However, unless you were to specifically target people in U2U, you would never be able to put an IP to a username. Unless you were very lucky and they posted to reveal who it was that was actually viewing.
So in a large thread you'd receive dozens of not more IP addresses.
While this can be in and of itself negative for the overall members, it is only with a singled out individual can you retrieve the IP in conjunction with the user.
For those thinking the details you see linked in the Image are nifty - there are many services that you can use in order to get information about an IP - and as Armap stated, not all of it is accurate.
I'm sure Whiz coded his however, and knowing the method he uses, I know it is indeed possible.
Infact, you wouldn't even be aware of it should someone use a transparent 1x1 pixel image in their signature.
The signature is not revealed in code should someone quote the reply. So you'd never know your IP was sent by merely looking at a thread let alone they had an image that was invisible.
Again Whiz, my apologies for my misconception. You were half right, but had you not U2U'd me, you'd still never have been able to prove to me as you did
I take that as a lesson learned - hello constant proxy !!
lol
edit on 5/4/2011 by badw0lf because: (no reason given)
reply to post by badw0lf
Thank you for being able to apologize and correct yourself. You just went back into my good books. Another lesson you might want to take from this, is to remain cool headed until you absolutely know you are correct.
Firstly, Whiz, you got me I honestly thought the images on here would have resolved to ATS and not the machine viewing them. SO in that you are owed an apology from me.
Yes, that is something I can't do, I can't actually connect IP's to ATS usernames. I have thought of ways it might be possible, but it seems unlikely.
However, unless you were to specifically target people in U2U, you would never be able to put an IP to a username. Unless you were very lucky and they posted to reveal who it was that was actually viewing.
new topics
-
San Francisco Program To Give Free Booze to the Homeless
Social Issues and Civil Unrest: 7 minutes ago -
Avatar Crucifix in my baked potato! Before surgery + more. Palestinian nurse, Christian patient.
General Chit Chat: 1 hours ago -
Senator Karim Bianchi, from Chile, telling was abducted 2012.
Aliens and UFOs: 2 hours ago -
Gaza Genocide Real or Propaganda
Middle East Issues: 4 hours ago -
Akkabadori: history of tolerant euthanasia
History: 8 hours ago -
Don Trump-Quixote
Political Issues: 10 hours ago -
Paranoia that will tear apart Russia and China
World War Three: 11 hours ago
top topics
-
Egypt to join South Africa genocide case at ICJ
Middle East Issues: 16 hours ago, 9 flags -
Gaza Genocide Real or Propaganda
Middle East Issues: 4 hours ago, 6 flags -
SecretKnowledge sez howaryiz all, im back.
Introductions: 13 hours ago, 5 flags -
Don Trump-Quixote
Political Issues: 10 hours ago, 5 flags -
Akkabadori: history of tolerant euthanasia
History: 8 hours ago, 5 flags -
Paranoia that will tear apart Russia and China
World War Three: 11 hours ago, 3 flags -
Senator Karim Bianchi, from Chile, telling was abducted 2012.
Aliens and UFOs: 2 hours ago, 3 flags -
Avatar Crucifix in my baked potato! Before surgery + more. Palestinian nurse, Christian patient.
General Chit Chat: 1 hours ago, 2 flags -
San Francisco Program To Give Free Booze to the Homeless
Social Issues and Civil Unrest: 7 minutes ago, 1 flags
active topics
-
Russia Ukraine Update Thread - part 3
World War Three • 5785 • : gortex -
NASA Black Hole Visualization - Go Beyond the Brink
Space Exploration • 18 • : DragonGod77 -
Gaza Genocide Real or Propaganda
Middle East Issues • 45 • : Lazy88 -
Egypt to join South Africa genocide case at ICJ
Middle East Issues • 36 • : YourFaceAgain -
San Francisco Program To Give Free Booze to the Homeless
Social Issues and Civil Unrest • 0 • : FlyersFan -
The biggest problem with the Hush money trial
US Political Madness • 184 • : Vermilion -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 1519 • : network dude -
Christianity superior to other faiths for very specific reasons. Awaken to true FREEDOM..!!
Conspiracies in Religions • 36 • : jofafot -
Don Trump-Quixote
Political Issues • 19 • : FlyersFan -
A new Why Files How CRISPR and AI Destroy the World
Science & Technology • 26 • : FlyInTheOintment
2