Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

PRIVACY ISSUE WITH the new White House web site? CORRECTION

From: David Farber <dave () farber net>
Date: Wed, 21 Jan 2009 11:38:23 -0500


Begin forwarded message:

From: Karl Auerbach <karl () cavebear com>
Date: January 21, 2009 11:09:30 AM EST
To: Gene Gaines <cheryl.gaines () gainesgroup com>, dave () farber net
Subject: Re: [IP] IRGENT PRIVACY ISSUE WITH the new White House web site? CORRECTION 

Gene Gaines wrote:

Karl, Dave
CORRECTION, PLEASE.



Perhaps the privacy statement served to you was incomplete,
I would imagine that files had to propagate through a number of
servers, in view of the volume of hits the new source must have
experienced since noon Jan. 20.  Perhaps you accessed an early,
incomplete version.
I am taking a look again. Remember, I did not say that the website was injecting a tracking cookie, rather that it has a classic "web bug" - a 1x1 pixel invisible image - http://en.wikipedia.org/wiki/Web_bug
The whitehouse.gov also loads a chunk of 685 lines of Webtrends javascript that assists that web bug by dredging through the user's computer and building a URL extension to be sent to the web bug's home site when the web bug 1x1 image is fetched. In my case here is the data that the whitehouse.gov site sends to that non-governmental, private company, webtrends, when I look at the privacy policy:
http://statse.webtrendslive.com/dcs0l9nq800000ctek411lue6_2c8b/dcs.gif?&dcsdat=1232551756592&dcssip=ww \ w.whitehouse.gov&dcsuri=/about/white_house_101/&dcsref=http://www.whitehouse.gov/privacy/&dcscfg=1&WT .\ co_f = 29c77f877e6cfcdfbb81232561960511 &WT.vtid=29c77f877e6cfcdfbb81232561960511&WT.vtvs=1232551160511&W\ T.tz=-8&WT.bh=7&WT.ul=en- US&WT.cd=24&WT.sr=1024x768&WT.jo=Yes&WT.ti=White%20House %20101&WT.js=Yes&WT.j\ v=1.7&WT.ct=unknown&WT.bs=883x559&WT.fv=9.0&WT.slv=Not %20enabled&WT.tv=8.6.0&WT.dl=0&WT.ssl=0&WT.es=ww\ 
w.whitehouse.gov/about/white_house_101/&WT.vt_f_tlh=1232551559
That's a lot of stuff, much of it. Some of it obvious - such as my screen resolution, whether I've got Microsoft Silverlight. But a lot of it is opaque to me. Webtrends gets to see this, to keep it, to aggregate and cross-link it with other data, and to sell it to others, with no visible constraint from the whitehouse.gov privacy policy.
It appears to me that that webtrendslive javascript may be injecting the web bug HTML into the DOM (data object model) that the browser uses to construct the page. That means that the web bug itself may not be visible to the whitehouse.gov webmaster when he/she inspects the HTML source on the web server.
Moreover, considering the way that cookies work, had there been other webtrendslive.com cookie in my browser, presumably placed there by another site that uses webtrendslive (as many do), then those other cookies would have been transmitted in via my whitehouse.gov access to webtrends, thus allowing them to link my whitehouse.gov access to other sites that I have accessed.
So *every* time a citizen loads the whitehouse.gov page (and it appears true of other pages on the whitehouse.gov site) that user's browser loads the webbug and leaves a record in a log file (and presents an opportunity to plant and reap cookies.)
And in this case that web bug comes not from the whitehouse.gov site but from a private web tracking company, webtrendslive, which is in the business of harvesting the information from their log files.
The privacy policy does not mention web bugs, particularly ones that cause user data to be sent to private companies such as webtrendslive.
In summary: The whitehouse.gov site is using the services of a private web tracking company and that private company is under no constraints, at least not as indicated by the whitehouse privacy statement, to protect the data that users disgorge to it whenever they access the whitehouse.gov website or to refrain from cross-linking that data to other, non-whitehouse.gov web accesses that also use the webtrendslive.com service. 


Regarding tracking cookies, here is an excerpt from the current
privacy statement at http://www.whitehouse.gov/privacy:



I commend the entire Privacy Statement to you.
I find it excellent.


You might find my own website privacy policy amusing: http://www.cavebear.com/privacy-policy.html

                --karl--




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: