ATS should not allow Avatars hosted on other servers!

Not when members can just as easily upload them to their member space!

Why?

1) Because it will speed things up! Every time you load a page, the server has to go out to all the other servers where members are storing their avatars, and this slows things down!

2) Because it will decrease risk. Lately Kaspersky has been going nuts telling me it is detecting viruses or malware attached to avatar location servers, or the avatar itself. Not good. More avoidable if the images are hosted strictly on ATS servers.

3) Much like the adserver problems, when I come to ATS, I come to ATS! Not mediaclick.net or whatever. I don't WANT my computer drawing images or pages or ANYTHING from any other servers anywhere, and/or other outside servers putting cookies down on my machine. And that's exactly what they are doing, too. No, no NO! We are already dealing with this because of the adservers. And I did see what Springer said, that they are trying hard to get direct sales to support the site, so they can lose those pesky servers forever. Good move!

So how about we do the same with member avatars, eh? And just about anything else that causes user computers to draw info from outside servers without explicit user permission!

[edit on 6-12-2008 by TrueAmerican]

This is an important point that should just drift off with no replies.

Externally hosted avatars are a potential privacy security hole, for the paranoid.

By hosting an avatar image on a web-server that logs requester IPs along with date/time of access, personal information (IP) and posting/viewing habits of members could be collected.

To 'monitor' views and posts on a thread, a person with such a 'tracking avatar' would only need to post on the thread, then everyone who views it would be issuing HTTP requests that could be logged.

Whenever a member posts on a thread, the board returns to the last page of that thread, re-requesting avatar images as necessary. That request time could be matched to the post time, identifying a particular member's HTTP request for the avatar image.


Edit: vvv -- LOL, yes, I mean to type should not -- vvv


[edit on 7-12-2008 by Ian McLean]

Originally posted by Ian McLean
This is an important point that should just drift off with no replies.

lol, it should? Or did you mean should NOT?

Yeah, I thought it kinda strange that with all the computer savvy around here, no one backed me up on this except one mod who gave me an applause for this thread.

I have been having to literally block some servers that are hosting member avatars. Pretty sad. And usually SO weighs in on stuff like this, but even he is nowhere to be found.

So thanks for the reply man, and that was a helpful post.

Sometimes, page loads have been delayed a second or more for the Digg logo (hosted on digg servers) and even icq.com for some reason.

It's all pretty rediculous, but that is Web 2.0 for you.

Well, there may be another problem here, and that is if having those links to outside servers for member avatars translates into income for the site in any way. With the nature of search engine rankings depending to a degree on the number of outside links to a site, income may be a consideration in all of this that is not immediately apparent. And is frankly, none of my business until those viruses start affecting me- so I could see in that case why this ain't too popular a thread upstairs.

And then of course there is the other side to this which is sadly that some members may be doing it intentionally- which I really hope is not the case. Some servers do get infected, and in that case the member probably has nothing to do with it. Would be nice to have some input here.

Originally posted by TrueAmerican
1) Because it will speed things up!
2) Because it will decrease risk. Lately Kaspersky.....
3) Much like the adserver problems, when I come to ATS, I come to ATS!
[edit on 6-12-2008 by TrueAmerican]

First off great topic, comes into privacy and all that and I am in much agreeance with you for the most part, however I do have a few questions for you.
1) Are you on 56K? LMAO
2) Are you using FF3? with Abblock? Also a quick Google search tells me Kaspersky is a free antivirus, I mean the first three results were sponosored.....sounds like you know a bit about adense/adwords therefore doesn't that tell you something? I recommend paying for trendmicro internet security pro. I've been using it for years and never had a problem, unless you are a great programmer in which case you can make your own. But for me $70 a year is the way to go atm for a haslte free program.
3) Very good point and this is happening everywhere over the net, really bad of late with people sending people to redirecting sites and so on, there are also those that own their own sites, or are in the business of selling making a site then selling it with so many backlinks and so forth. These people will always put links to their sites anywhere they get a chance. It's not just ATS but the entire www.

Other suggestions.
I know there are some great avatars here on ats, but have you considered, if you are on a low bandwidth, going to the ATS store and getting the low bandwith mode for 50ats points?

Anyone who sees an avatar/picture they like on another site, download it, if it's an avatar specially made then add your own touches as to not copyright it, then upload it to the member space here on ats, copy the url you are given and paste it into the avatar space in your profile. NOTE: Please make your own avatars as I have taken all mine down from the www just beacuse so many people copy something that took hours to make and then claim it as their own unique design, rather than doing the right thing and giving credit to those that made it.

I hope this didn't come across like I was laughing too hard at a n00b, as I was simply trying to help out a brother in need.
Again great subject and something all people should at least be aware of. Looking forward to your response and to see other people's take on the matter at fingertips......LMAO

Originally posted by Ian McLean
By hosting an avatar image on a web-server that logs requester IPs along with date/time of access, personal information (IP) and posting/viewing habits of members could be collected.

So your saying that photobucket.com (who host my avatar) could beuild up a pretty comprehensive picture of my ATS browsing habits if they liked - and if they were in cohorts with other such sites they could cross reference with each other and build up an even more complete 'profile'??

I can see how that is technically possible - are they really that bothered?

Originally posted by kingdogol
1) Are you on 56K? LMAO

It's not the speed of our connections, it's the external servers. We can't control that.

If we do that the lets bring back page views count.

That way it will be like old times again.

Originally posted by YourForever
It's not the speed of our connections, it's the external servers. We can't control that.

Yeah man I know that, hence the LMAO and again now!
I look at it like the good threads are over a full page, therefore even on old ADSL the first post still loads in like 0.5 seconds so you can pretty much blink once then start reading. I honestly think for how big the pages get here on ATS they are doing extremly well with the current servers, I mean what other site is there that you can go to with 'MAD' avatars and have it load that quick? Unless you can read a 'full' ats page in 1 second, therefore having some mad skills you should start a thread on, I think they are fine as is......well at least for the time being......

reply to post by Now_Then


Well, let's see. The photobucket terms of use seem to want to apply to not only members of photobucket, with accounts, but also to anyone who "uses their service", be it browsing the photobucket site or loading images from there into one's web browser (such as happens with photobucket-hosted ATS avatars):

Use of the Site is also governed by the Photobucket Privacy Policy, which is incorporated into this Agreement by this reference. By using the Photobucket Services, you agree to be bound by this Agreement, whether you are a "Visitor" (which means that you simply browse or use the Site, including through a mobile device, or otherwise use the Photobucket Services without being registered) or you are a "Member" (which means that you have registered with Photobucket). The term "User" refers to a Visitor or a Member.

photobucket.com...

In their privacy policy, they claim the right to log where images are loaded from, for both advertising and bandwidth monitoring purposes:

Direct Linking URLs or Hotlinking: In order to provide more relevant advertising and monitor user bandwidth usage (as governed by the Photobucket.com Terms of Service), Photobucket.com may gather data from the referer logs that identify where and how frequently user images being hosted by Photobucket.com are being displayed on third party sites.

photobucket.com...

So yes, I'd say it's very likely they really are bothering to do that, or at least have the capability to. However, with regard to collecting IP addresses of those viewing photobucket-hosted images, their privacy policy only claims they collect your IP if you visit their site:

Each time you visit the Site, we automatically collect your IP address and the web page from which you came. In order to administer and optimize the Site for you and to diagnose problems with our Site, we use your IP address to help identify you and to gather broad demographic information about you.

photobucket.com...

I didn't think that when you load a page all the different locations of everything was connected to your pc.
I thought the ATS server was connected to things and displaying them.
You are just seeing them on ATS server.
Because there aint any ip's for imageshack, tinypic or photobucket connected to my pc and they are very popular av hosting sites.

Originally posted by Now_Then
are they really that bothered?

Put simply - YES, YES, YES!
Even if they don't use the information themself then there is always those they can
- give it to
- sell it to
- extort with
- sew

see where I'm going. Just because it is assumed group a collects information x, y and z it doesn't mean they are. For example in their terms and conditions, that are made to confuse even the most literate lawyer, it may actually mean group j, k and l collect information x, y and z while they are just the front company who are just letting you browse photos.

The more you know the greater understanding you have of the saying
'trapped easier than a rat'
or similar.

So to solve these problems of massive illegal security risk I say put on a rubber before you sit down in front of your PC, lmfao!

All of my avatars are stored on my ATS server space. It's safer, easier, and it ensures that everyone will be able to see it, regardless of where they are accessing the site from. (As some workplaces, schools, etc. block sites like photobucket)

I simply recommend that everyone store their avatars and images on their ATS space. It avoids the whole conversation.

Originally posted by kingdogol

1) Are you on 56K? LMAO

I am. Do you have a problem with that? You might want to write to British Telecoms about the local loop unbundling problems with my local exchange as I've wanted a broadband connection for 11 years.

You might also want to write to the wireless ISPs who blanket ban accounts on a postcode basis. I can't get one of those connections either because someone in my building (not my own home) is a credit risk.

Ever considered turning on low bandwidth mode?

It's available for next to nothing in the ATS store.

That would help a lot in your situation.

Originally posted by nyk537
Ever considered turning on low bandwidth mode?

It's available for next to nothing in the ATS store.

That would help a lot in your situation.

Me or the OP?

If it's me, nah. I'm not that bothered to be honest. I'm not complaining about the speed on this board, it's not that much of an issue to be honest at my end. I know it's an issue for the ATS servers pulling external data, but the time I have to spend on here isn't so precious that I panic over an extra couple of seconds.

To be honest, the writing of style and lines of thinking of some of the posters - which causes me to read and reread chunks of text to make sure I'm understanding their views - wastes more of my time than waiting for avatars to load.

The only thing I wish wasn't an issue is that I wish I could see a lot of the audio and video material that gets linked in some of the threads. Then again, I spend to much time on here as it is and I'm sure there's plenty of posters glad I'm not rearing my ugly head in even more threads.

I appreciate all the comments folks, but would really like to hear from a mod or admin on this issue. I know a lot of times they toss stuff around up in cosmic before they comment, so maybe that's what's happening.

My biggest issue is the security issue. One of these days a new, undetectable virus could be at issue, and we are really going to be screwed. And to you that don't know Kaspersky Internet Security, I would strongly suggest you check it out. Not a free program, but there is a trial version.

Sorry to hear your 56K, don't worry in Australia there are people who don't even know what the Internet is, never loan the amounts of true information on here. Have you considered moving? I know money can be tight, what about wireless? It's taking off big in Australias small 20+million population and getting speeds of 3500 down and 512 up. That may be a cheap option as once you've got the reciever $300 you can then get prepaid and buy it as you need it. I know anywhere I go I have faster than dialup net with me. Maybe you live in the muddle of never never land and it'd be pointless.
If you've already tried all you can then sorry man, perhaps seriously consider moving....or have you already because of the coming changes.......?

reply to post by kingdogol


All of that to simply argue on the side of "external servers is better," for the sake of speed, when this could all be avoided by simply uploading your avatar to ats?

And that still doesn't address the security issue, which is my primary concern here.



Unless there is some important financial interest of this site, or unless there is some financial or even malicious interest from some users, this is just not making sense to me why anyone would opt for allowing this, when clearly it is a security risk to the users of ATS.