Yahoo tracking all of your usage WAS: Re: more on <a ping> tracking what links you click on

[David Farber <dave () farber net>]

Begin forwarded message:

From: Ray Everett-Church <ray () everett org>
Date: January 18, 2006 4:22:28 PM EST
To: dave () farber net, jmcmurry () mac com
Subject: RE: Yahoo tracking all of your usage WAS: Re: [IP] more on  
<a ping> tracking what links you click on

This is a bogus, urban legend-type story that's been making the  
rounds for
almost a year now, spread by somebody who doesn't understand what web  
beacons
are, or what they can do. They can indeed be used by a site to track  
when you
open an HTML email message, or when you move between pages within ONE  
website.
But this "track you everywhere" is horsesh*t, which I wrote about  
back in
December when some nitwit radio host tried to reignite the story.

http://www.privacyclue.com/index.php/20051215/anti-yahoo-urban-legend- 
circles/

-Ray

--
Ray Everett-Church, Esq.
Principal, PrivacyClue LLC
http://www.privacyclue.com/consulting
-----------------------
co-author "Internet Privacy for Dummies"
co-author "Fighting Spam for Dummies"
http://www.PrivacyForDummies.com




> -----Original Message-----
> From: David Farber [mailto:dave () farber net]
> Sent: Wednesday, January 18, 2006 11:53 AM
> To: ip () v2 listbox com
> Subject: Yahoo tracking all of your usage WAS: Re: [IP] more
> on <a ping> tracking what links you click on
>
>
>
> Begin forwarded message:
>
> From: James McMurry <jmcmurry () mac com>
> Date: January 18, 2006 2:48:47 PM EST
> To: dave () farber net
> Cc: ip () v2 listbox com
> Subject: Yahoo tracking all of your usage WAS: Re: [IP] more on <a
> ping> tracking what links you click on
>
>   Dave
>
> for sharing with IPers
>
> yahoo now can track your usage PER MACHINE (not account) using Web
> Beacons:
>
>
> The following message was sent to me by the moderator of another
> group that I'm in. Everyone needs to be aware of it as Yahoo is
> tracking people now, even when they are not on the Yahoo site.
>
> If you belong to ANY Yahoo Groups - be aware that Yahoo is now using
> "Web Beacons" to track every Yahoo Group user. It's similar to
> cookies, but allows Yahoo to record every website and every group
> you visit, even when you're not connected to Yahoo.
>
> Look at their updated privacy statement at:
> <http://privacy.yahoo.com/privacy>http://privacy.yahoo.com/privacy
>
> About half-way down the page, in the section on cookies, you will
> see a link that says WEB BEACONS.
>
> Click on the phrase "Web Beacons." On the page that opens, find a
> paragraph entitled "Outside the Yahoo Network."
>
> In that section find a little "Click Here to Opt Out" link that will
> let you "opt-out" of their snooping. Be careful! NOT to click on the
> next button shown. It is an "Opt Back In" button that, if clicked,
> will UNDO the opt-out.
>
> Note that Yahoo's invasion of your privacy - and your ability to
> opt-out of it - is not user-specific. It is MACHINE specific. That
> means you will have to opt-out on every computer (and browser) you
> use.
>
> Please forward this to your other groups. You might complain, too,
> but I'm not sure if anyone is listening..
>
> Related article:
>
> Yahoo Web Beacons Igniting Controversy Yahoo's current privacy
> policy is causing consternation among some users who object to their
> use of so-called 'web beacons'. Known in most circles as web bugs,
> these invisible images are embedded in websites and email and used
> to track your surfing - and even tell whether you've opened a
> particular email.
> http://antivirus.about.com/od/spywareandadware/a/yahoobugs.htm
>
>
>
> On Wednesday, January 18, 2006, at 11:42AM, David Farber
> <dave () farber net> wrote:
>
> > Begin forwarded message:
> >
> > From: Lauren Weinstein <lauren () vortex com>
> > Date: January 18, 2006 1:11:23 PM EST
> > To: dave () farber net
> > Cc: lauren () vortex com
> > Subject: Re: [IP] <a ping> tracking what links you click on
> >
> > Dave,
> >
> > I just posted the following comment regarding this situation
> > on the related discussion board:
> >
> >   - - -
> >
> > Gang,
> >
> > From a privacy policy standpoint, there is a world of difference
> > between exploiting "tricks" for user tracking vs. building them into
> > browsers as standard features.  In the current privacy-invasive
> > environment, while we have to deal with the former case by case,
> > there is really no excuse for the latter.
> >
> > Given that most users stick with defaults, any policy other than
> > disabling such a new "ping" feature by default would be unacceptable
> > from a privacy standpoint.  Efficiency and "golly, there are other
> > ways to track people anyway" arguments are utterly specious.
> >
> > As it stands now, turning off javascript and carefully noting URLs
> > (I usually notice oddball redirect URLs when present) are indeed of
> > some value in controlling certain classes of tracking abuses.  We do
> > not need an even more invisible mechanism built into what has been
> > (up to now) an excellent browser.
> >
> > Limiting the "pings" to the same server does not solve the problem
> > -- abuses of this feature are just as possible (even more likely,
> > actually) using the same server.
> >
> > That the development team would even consider enabling such a
> > feature by default suggests a tin ear when it comes to privacy
> > issues that will be worthy of considerable ongoing concern (an
> > earlier example is the page prefetch feature enabled by default
> > which also carries significant privacy risks).  A clue to fuzzy
> > thinking in these regards is talk of setting the default differently
> > in Firefox vs. Thunderbird -- creating a privacy policy variation
> > with no obvious rationale.
> >
> > I urge the parties involved to reconsider their support of this "URL
> > ping" feature as described, a feature that I can guarantee will
> > bring Firefox under intense public criticism.
> >
> > --Lauren--
> > Lauren Weinstein
> > lauren () vortex com or lauren () pfir org
> > Tel: +1 (818) 225-2800
> > http://www.pfir.org/lauren
> > Co-Founder, PFIR
> >    - People For Internet Responsibility - http://www.pfir.org
> > Co-Founder, IOIC
> >    - International Open Internet Coalition - http://www.ioic.net
> > Moderator, PRIVACY Forum - http://www.vortex.com
> > Member, ACM Committee on Computers and Public Policy
> > Lauren's Blog: http://lauren.vortex.com
> > DayThink: http://daythink.vortex.com
> >
> >  - - -
> >
> > > Begin forwarded message:
> > >
> > > From: Don Drake <don () drakeconsult com>
> > > Date: January 18, 2006 10:49:07 AM EST
> > > To: dave () farber net
> > > Subject: <a ping> tracking what links you click on
> > >
> > > Dave,
> > >
> > >
> > >
> > > I found this via Slashdot, a new attribute to anchor tags that is
> > > being implemented in the next version of Firefox (1.6a)
> that makes it
> > > easier than ever to track what links you?re clicking.
> > >
> > >
> > >
> > > -Don
> > >
> > >
> > >
> > > http://weblogs.mozillazine.org/darin/archives/009594.html
> > >
> > >
> > >
> > > I've been meaning to blog about a new web platform feature
> that we've
> > > added to trunk builds of Firefox. It is now possible to
> define a ping
> > > attribute on anchor and area tags. When a user follows a
> link via one
> > > of these tags, the browser will send notification pings to the
> > > specified URLs after following the link.
> > >
> > >
> > >
> > > I'm sure this may raise some eye-brows among privacy
> conscious folks,
> > > but please know that this change is being considered with
> the utmost
> > > regard for user privacy. The point of this feature is to
> enable link
> > > tracking mechanisms commonly employed on the web to get out of the
> > > critical path and thereby reduce the time required for users to see
> > > the page they clicked on. Many websites will employ
> redirects to have
> > > all link clicks on their site first go back to them so
> they can know
> > > what you are doing and then redirect your browser to the site you
> > > thought you were going to. The net result is that you end
> up waiting
> > > for the redirect to occur before your browser even begins
> to load the
> > > site that you want to go to. This can have a significant impact on
> > > page load performance.
> > >
> > >
> > >
> > > Websites even employ "onmousedown" event handlers that change the
> > > href attribute at the very last second before a click occurs. This
> > > makes it so that hovering over the link displays the location that
> > > you want to go to, but it still ends up taking you someplace else.
> > >
> > >
> > >
> > > This change is being considered in large part because some very
> > > popular websites have asked for a solution to this problem. The
> > > feature itself was designed and specified by the WhatWG.
> > >
> > >
> > >
> > > Donald Drake
> > >
> > > President
> > >
> > > Drake Consulting
> > >
> > > http://www.drakeconsult.com/
> > >
> > > 312-560-1574
> > >
> > >
> > >
> > >
> > >
> > > -------------------------------------
> > > You are subscribed as lauren () pfir org
> > > To manage your subscription, go to
> > >   http://v2.listbox.com/member/?listname=ip
> > >
> > > Archives at:
> http://www.interesting-people.org/archives/interesting-
> > > people/
> >
> >
> >
> > -------------------------------------
> > You are subscribed as jmcmurry () mac com
> > To manage your subscription, go to
> >  http://v2.listbox.com/member/?listname=ip
> >
> > Archives at:
> http://www.interesting-people.org/archives/interesting-
> > people/
>
>
> James McMurry
>
>
>
> -------------------------------------
> You are subscribed as lists () everett org
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at:
> http://www.interesting-people.org/archives/interesting-people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/