Interesting People mailing list archives
How Pop-Ups Could Brand You a Pervert or Crook
From: David Farber <dave () farber net>
Date: Tue, 12 Dec 2006 09:38:41 +0900
Begin forwarded message: From: pfir () pfir org Date: December 12, 2006 8:57:48 AM JST To: pfir-list () vortex com Subject: [ PFIR ] How Pop-Ups Could Brand You a Pervert or CrookReply-To: PFIR - People For Internet Responsibility announcement list <pfir () pfir org>
How Pop-Ups Could Brand You a Pervert or Crook http://lauren.vortex.com/archive/000203.html Greetings. A "New York Times" article today ( http://www.nytimes.com/2006/12/11/technology/11push.html ) explores the problem of Web-based "pop-up" ads being used to artificially inflate Web traffic. I'd like to point out a potentially much more serious problem related to pop-ups that can access arbitrary Web sites -- they could be used for purposes that could get innocent Web users into major legal problems. The issue of sites triggering unsolicited access to other sites is not new. In an IP message over a year ago ("Google's new feature creates another user privacy problem" --http://lists.elistx.com/archives/interesting-people/200506/ msg00190.html ),
I discussed how Google's triggering of top item "prefetch" in returned search results could result in Firefox browsers visiting the referenced site -- and collecting any associated cookies -- without users' knowledge (I also suggested ways to prevent this behavior). The essential problem is that Web logs that record users' access to sites would record such visits as if they had been voluntarily initiated by those users. If those destinations happen to be sites with various forms of "illicit" materials that could be the subject of government or other investigations that would go digging through associated access logs... Well, you can imagine the possible complications. Google's prefetch behavior is an example of a well-intended feature with unfortunate negative side-effects. On the other hand, the sorts of nefarious pop-ups described in the NYT piece have much greater potential for intentionally serious sorts of damage, since they can be far more flexible and directed than simple Web prefetches, and so could put innocent consumers at even greater risk. They might not only access pages that could get people arrested (perhaps c-porn?), but also download files that could trigger RIAA and/or MPAA "automatic" lawsuits, or any number of other nightmare scenarios. It's fair to ask why anyone might want to set loose such technical monsters on innocent victims. The simple answer is that there are quite a few people out there who just want to score a point -- to prove that they can do it -- plus of course the sick minds who enjoy watching other people suffer. If nothing else, this specter is yet another reason to block all pop-ups routinely and to disable browser prefetch as appropriate. Most of all it is a reminder to authorities that just because particular entries are present in subpoenaed Web logs, does not necessarily mean that they are accurate representations of user intent. In many cases you may actually be looking at victims, not perpetrators. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Founder, CIFIP - California Initiative For Internet Privacy - http://www.cifip.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com _______________________________________________ pfir mailing list http://lists.pfir.org/mailman/listinfo/pfir ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- How Pop-Ups Could Brand You a Pervert or Crook David Farber (Dec 11)