Secret Cookies on your computer that you cannot delete

reply to post by SD-JH543


While possible, the potential value of the accumulated data is disputable, and certainly much less valuable that a host of other information about you, that either exists or is currently being shared...
(1) Windows update history (with your specific personal information)
(2) Credit card and debit card purchase history
(3) Tax returns (used by politicians for targeted mailings!)
(4) DMV records -- which are indeed sold

In the scheme of things, there are more important privacy intrusions that get far less attention.

reply to post by SkepticOverlord

the browser fingerprint

You mean the User Agent string, or something else? I don't think the UAS would be too unique.

This article is interesting:

Hidden inside Ashley Hayes-Beaty's computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.

The file consists of a single code— 4c812db292272995e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn.

The code knows that her favorite movies include "The Princess Bride," "50 First Dates" and "10 Things I Hate About You." It knows she enjoys the "Sex and the City" series. It knows she browses entertainment news and likes to take quizzes.

"Well, I like to think I have some mystery left to me, but apparently not!" Ms. Hayes-Beaty said when told what that snippet of code reveals about her. "The profile is eerily correct."

In an interview with WSJ's Alan Murray, WPP CEO Sir Martin Sorrell conceded that advertisers must do better to inform customers about the tracking and mapping of online behavior. On the U.S. economy, he characterized the last 6-7 months as "America Bites Back" but wonders how long the recovery will last.

Ms. Hayes-Beaty is being monitored by Lotame Solutions Inc., a New York company that uses sophisticated software called a "beacon" to capture what people are typing on a website—their comments on movies, say, or their interest in parenting and pregnancy. Lotame packages that data into profiles about individuals, without determining a person's name, and sells the profiles to companies seeking customers. Ms. Hayes-Beaty's tastes can be sold wholesale (a batch of movie lovers is $1 per thousand) or customized (26-year-old Southern fans of "50 First Dates").

"We can segment it all the way down to one person," says Eric Porres, Lotame's chief marketing officer.

One of the fastest-growing businesses on the Internet, a Wall Street Journal investigation has found, is the business of spying on Internet users.

The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry.

• The study found that the nation's 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning. A dozen sites each installed more than a hundred. The nonprofit Wikipedia installed none.

• Tracking technology is getting smarter and more intrusive. Monitoring used to be limited mainly to "cookie" files that record websites people visit. But the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them.

online.wsj.com...

Also of interest: secure.wikimedia.org...

A web bug is any one of a number of techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be used to see if an e-mail was read or forwarded to someone else, or if a web page was copied to another website. The first web bugs were small images.

Some e-mails and web pages are not wholly self-contained. They may refer to content on another server, rather than including the content directly. When an e-mail client or web browser prepares such an e-mail or web page for display, it ordinarily sends a request to the server to send the additional content.

These requests typically include the IP address of the requesting computer, the time the content was requested, the type of web browser that made the request, and the existence of cookies previously set by that server. The server can store all of this information, and associate it with a unique tracking token attached to the content request.

Originally posted by WhizPhiz
You mean the User Agent string, or something else?

The combination of IP address and user agent is indeed rather unique, or at least unique enough.

Additional details are available to JavaScript such as screen-size and installed plug-ins that, when combined, make a very complex and unique identifier. However, the resulting identifier is a rather large collection of string values, and impractical for identifying users.

Originally posted by WhizPhiz
This article is interesting:

online.wsj.com...

Interesting in that it highlights the "big media's" effort to spread fear, uncertainty, and doubt about what "cookies" do and what is being tracked/retained.

That particular article received a great deal of commentary in tech and advertising circles as something that got many details wrong. And I'd like to remind everyone that the "Online" version of the WSJ interviewed myself some months back over Jared Laughner's activity here, and from a rather simple and straightforward interview, got many things wrong and attributed words to me that I never said.

Originally posted by WhizPhiz
Also of interest: secure.wikimedia.org...

That's a very old and highly obsolete piece of information, that references source material from 1999 and 2000. A great deal has changed since then.

In fact, the term "Web Bug" has not been used in a very long time.

reply to post by SkepticOverlord


I did actually think it sounded a bit old, but "web bug" is still used. It took me 2 seconds to find an example of it, I opened up Ghostery and it has two options: "Web Bug Blocking" and "Cookie Protection"...I doubt it would be used in a modern FF add-on that is extremely popular if it were an obsolete word.

reply to post by WhizPhiz


Sure. But the transparency of online advertising has come a long, long way since that article was written, and it has many assumptions/conclusions that simply don't apply any more.

We're part of this: Network Advertising Initiative, and only use third party ad providers who also are.

I'm also part of a committee of the Internet Advertising Bureau, and traveling to Washington in May to help educate representatives on what ethical online advertisers are doing to maintain a high-level of transparency and user privacy.

reply to post by SkepticOverlord

We're part of this: Network Advertising Initiative, and only use third party ad providers who also are.

I'm also part of a committee of the Internet Advertising Bureau, and traveling to Washington in May to help educate representatives on what ethical online advertisers are doing to maintain a high-level of transparency and user privacy.

Wow, what more can ATS members ask for. The people I don't trust are the advertising agencies that track me. Quantcast is embedded into so many websites, what sort of info do they get from me? I understand it's a breach of privacy to attach info such as my name to their collected data, but can they get my IP? If so, that means they can identify me at every website I go to which has their tracking technology enabled. What about the cookies Quantcast stores on my PC when I visit ATS? Since I have opted out of tracking cookies I can't see what content they would normally hold, but there is a cookie called PHPSESSID and it belongs to ads.abovetopsecret.com. It contains a moderately long string of characters, obviously some sort of session ID. It would be capable of identifying me individually, and seems most likely used for targeted advertisement.

Originally posted by WhizPhiz
Quantcast is embedded into so many websites, what sort of info do they get from me?

Quantcast is one of the most transparent "players" in this broad scenario of online audience measurement. There are a host of other firms (Axiom, Experian, etc.) "hidden" within major media sites who are much larger, and much less transparent.

but can they get my IP? If so, that means they can identify me at every website I go to which has their tracking technology enabled.

Even the FTC hasn't considered an IP address as personally identifiable information in this context.

What about the cookies Quantcast stores on my PC when I visit ATS?

Used primarily to measure the kind of audience coming to ATS. It identifies you as a unique user, and on other sites you visit, their system attempts to "guess" at the type of user you (without personal info) represent.

but there is a cookie called PHPSESSID and it belongs to ads.abovetopsecret.com. It contains a moderately long string of characters, obviously some sort of session ID. It would be capable of identifying me individually, and seems most likely used for targeted advertisement.

It's an encrypted session identifier, associated with the core functionality of PHP, which we use to prioritize the delivery of ads. No data is collected or stored.

Originally posted by SiglenDyn
If you use Firefox, you can install a plugin called Better Privacy. It was specifically designed to remove LSO and DOM storage (Supercookies).

I took the Better Privacy route. Sure wish I had known about this three Christmas' ago. Thank you for the info.

Originally posted by SkepticOverlord

In the scheme of things, there are more important privacy intrusions that get far less attention.

For sure I can agree with that.. Most people are oblivious to most of it. I'm sure the demographics from this site are a marketers dream.

SD

reply to post by SkepticOverlord


You've managed to create a mental image inside my brain of an apparatus which is - even though theoretically possible - beyond anything that some US government agency was able to control and maintain for any extended period of time. I have to admit when starting to add up the numbers and putting it into context with the practical gain from such an endeavour, it seems unlikely such mechanism is, indeed, in place. That eases my paranoia level from "exorbitant" to "above critical", I appreciate that : D

Unless of course ...

.. the NSA got their hands on the CPU and foo-matic fluxcompensators of the ET spaceship that crashed on the moons surface, which some guy on the forums posted about.

But that's a whole new story for a whole new thread, some other time .. maybe .. ^^

crap cleaner works great problem solved! they even get rid of lso's. i've been sing it for years.

Originally posted by H1ght3chHippie
beyond anything that some US government agency was able to control and maintain for any extended period of time.

Just about any speculation on a "grand conspiracy" needs to go through such a mental exercise. Attributing massive levels of superb prowess, coordination, extreme-technology, high levels of personnel involvement, and beyond cutting-edge expertise to a government that flubs so many things is often improbable, if not impossible.

reply to post by SkepticOverlord


Awh, how cool !!...Glad its been moved to computers and out of hoax.

OP i thank you for starting this thread,its opened up input from Sceptic that we would have not known..He seems to know what he is saying....I just found out recently from my dd how they track where you go,and i wondered why i would come to this website and see advertisements from skincare co. i was just looking at...They were stalking me...lol

Originally posted by Sarene
Not that I don't trust you, but how do I know that this little batch program is not a virus itself?
I am no computer expert so...
Please just give me your word, and once you do please tell me how to run your program lol
I am serious about computer safety as all my personal files are stored on this one computer and this computer is almost always connected to the internet...

edit: I guess your work is not a virus (as I was posting the above, other posted confirmation)
although, I am still confused as to how to run the batch file (or create it)

edit on 28-3-2011 by Sarene because: saw other posts

I'm not that great at programming, but line 2 "rem :: nuke any existing cookies and subdirectories ::
"
then he proceeds to tell the program what to nuke-which is the macro flash stuff. That's how it looks to me. Still, it is foolhardy to trust anything from people you do not know. Identity theft has taken on Mafioso proportions, as there are organized groups. Even trustworthy sites can become infected with embedded HTML right over the page.

reply to post by boondock-saint


I had an issue from a firefox plug in as well. It was bundled into a Skype app. I finally deleted the plug in.

Originally posted by SkepticOverlord

Originally posted by H1ght3chHippie
Just let's tie the biggest ISP's in here for a brief second, let's asume most major networks might serve a second purpose, beyond what you use them for, and let's assume there are algorithms and mechanisms in place...
>snip<
They've been doing that 20 years ago already, you are aware of that I assume ?

Now, that's something very, very different than concerns over what nefariousness might be possible via cookie abuse -- you're referencing "deep packet inspection," and is a very different animal.

So after monitoring your online behaviour for a couple years, they have the perfect profile about you...

Okay, there's a couple issues here, many are related to misconceptions, but there are concerns.

The most important thing is to visualize the quantity of data, and project forward to the plausibility of such a thing. Imagine a system that would be able to track and quantify all the various IP address you use, in real-time. Not necessarily impossible, but would require highly-sophisticated deep-packet inspect by every network you use, engaged in real-time reconciliation and communication back to some central source. Then, consider how such a system would engage in such real-time reconciliation for every HTTP packet you receive -- just the ATS home page would require more than 100 such packets, many pages use much more. Then imagine the scale of such a thing as it attempts to recognize, reconcile, track, and record every packet received by every person using the web in the United States for just one day. We're talking about dozens of petabytes of data being categorized and exchanged in just one day.

And if you want to scale that even further, consider the amount of data resulting from a month, a year, or several years.

And then, imagine how an inept "government" who is unable to keep an Army Private from stealing secure government communications could create and manage such an unimaginably massive and sophisticate system.

Such a system would require massive bandwidth and more than 50 billion terabytes of data storage for 10 years worth of information. Why... the hard drive maintenance alone would keep an army of IT geeks running in circles.

That level of intelligence as a result of wide-spread deep-packet inspection has received a lot of speculation, but it's not plausible to believe an inept government who can't keep their law enforcement agencies up to speed with computer technology that is less than five years old can pull it off.


However, that's not to say that some level of data reconciliation and inspection isn't going on... we know it is, but just not on the grand scale that would be required above.


Based on the tidbits we know, there are three strategies being used:

(1) Deep packet inspection of certain protocols (such as HTTP post and SMTP) for important keywords, phrases, or destinations.

(2) Monitoring of interconnected communications (using #1 at times) on certain subjects, some of which may be "seeded" by provocateurs or purposeful release of low-level semi-classified information.

(3) Deep packet inspection and monitoring of specific computers that have been identified as a result of #1 and #2.

This is not only much more plausible, but also much more likely to result in a manageable amount of data on which law-enforcement action can be taken.

And on a side note, there's not really a difference between a single webserver and a server farm in terms of transfering data through whatever backbone or WAN link to other domains

Except when you start considering the massive scale of the amount of data you originally proposed. Even in our little cluster for ATS, we often flirt with the upper limits of a 10GB network connection between our database server and web server during spikes of high traffic, and that's just for the posts and threads on ATS.

But all this is not impossible.
Altough I do not know all that much about computers, I think that we (all the others around the world) serve as server farms and maybe without even knowing it. For example take torrent sites which use all the computers that have downloaded something. They are automatically placed in some kind of cloud or cluster, from which when somebody else wants to download something, ( that you also have) the site server automatically puts you into the system to share it.
I also read an article on yahoo quite a long time ago about someone that was caught for pedofilism because some pedofile somehow got into his hard disk and stored it there. The person who was "framed" didnt know a thing about it, and I think, if I can remember correctly, they eventually found him innocent.

So knowing this, I don't see how it would need so many people for maintainance. We are all our own maintainace people for our own computers, plus we provide all the hard disk space for them.
Maybe I'm wrong somewhere or everywhere here, but it's just an assumption.
Personally I dont care that much if cookies are stored in my computer or not, just as long as they dont slow me down or crowd my system.

I would like to say that you have a nice site here, and I stayed because so far I have not seen any discrimination to what is written here. I dont like chounta characteristics in anything (even cookies). I also find it invasive.
As I read earlier in the thread, this topic was moved to the hoax topics which I find a little annoying, because it shows fear of something, or hiding something, apart of the fact that you may be hurting someone else of his credability. So in my opinion, you as the owner should have written and through your statements disproved what was written in this thread, just like any other topic in here. Its the only free speach thng to do.
Sorrry if I sounded kind of harsh in any way, and I did not write this to offend anyone.