Leakage of private information from popular websites is common, new study finds

Leakage of private information from popular websites is common, new study finds

www.physorg.com

A study of more than 100 popular websites used by tens of millions of people has found that three quarters directly leak either private information or users' unique identifiers to third-party tracking sites. The study, co-authored by Craig Wills, professor of computer science at Worcester Polytechnic Institute (WPI), also demonstrated how the leakage of private information by many sites, including email addresses, physical addresses, and even the configuration of a user's web browser -- so-called browser fingerprints -- could permit tracking sites to link many disparate pieces of information

(visit the link for the full news article)

so how do we know which sites are leeking info
and can ats ASURE our anominity when we are moving from ATS to other sites?
to be clear,
i am not suggesting ats is leeking user data, but can going from ats to other sites leave cookies that are used by the sites that do leek and comprimise our privacy?
it has been set up on ats a "scubbing" of user data prior to access of face book from ats links,
do we need a link to srubber as well
is this even possable
hoping some techies can answer some of the questions as cookies are not my knowledge area

xploder

www.physorg.com
(visit the link for the full news article)

ok as i understand the issue (mot well at all)
when people "use internet browsers" to go from site to site
there is an exchange of information in the form of a "cookie"
the good sites would not abuse the "cookies" but third party sites can if "the cookies" are left in the browser cash memory (or something to that effect)
so that while your settings information for your brower and previous site browsing history are avaliable to abuse
now i have read the thread about why cookies are nesacery
but for the protection of members is it time to "clean the cookies on exit"
with a stripping link exit path to prevent outside sites targeting members by posting links that are to sites that exploit the members going to those sites

is this technically feasable?
am i getting this incorrect in any way?

how does this effect ATS and their stance on avertising?

A cookie, also known as a HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site.[1] The state information can be used for authentication, identification of a user session, user's preferences, shopping cart contents, or anything else that can be accomplished through storing text data.

Cookies are not software. They can't be programmed, can't carry viruses, and can't unleash malware to go wilding through your hard drive.[2] However, they can be used by spyware to track user's browsing activities – a major privacy concern that prompted Europe and US law makers to take actions.[3] [4] Cookies could also be stolen by hackers to gain access to a victim's web account.[5]

source

xploder

could it be that this story "comes out now"
to heard us all into hurting legit sites?
and their advertising?

xploder?

Originally posted by XPLodER
do we need a link to srubber as well
is this even possable
hoping some techies can answer some of the questions as cookies are not my knowledge area

I don't consider myself an expert in the area of cookies, but I do know something so I'll share what I know and would be glad to learn from any true experts on the topic.

First the ATS T&C:
"20b) Ad Blockers: As the Websites are provided as a free service, in part through the income of our advertising, you agree not to use "ad-blocking" software or similar built-in web browser options designed to obfuscate or block online advertising while using the Websites." Now this doesn't say anything about cookies specifically.

In my browser there are separate checkboxes for "allow cookies", and "allow third-party cookies". The former would allow ATS to store a cookie on the PC so it knows you are a logged in member, and which one, so we ATSers need those cookies. The third party cookies, I'm not sure we need, and I guess I should try disabling them. If you were really concerned I suppose you could try unchecking that and see what happens, I don't think that violates the ATS T&C but hopefully someone can confirm that. That's what the software program "Spybot S&D" recommends:

Why do other anti-spyware applications detect so many more tracking cookies?

instead of bloating our detection database with thousands of cookies out there, we prefer recommending to change your browser settings a bit to block out all these third party cookies before they even come into your system:

For my Firefox browser, it means unchecking the "allow third-party cookies" box, so that's easy. But there are at least 2 other ways they can track you besides cookies that I know about. One of them is mentioned in this report:

Guide to Malware Incident Prevention and Handling - Recommendations of the National Institute of Standards and Technology page 2-6:

Unfortunately, persistent cookies also can be misused as spyware to track a user's Web browsing activities for questionable reasons without the user's knowledge or consent. For example, a marketing firm could place advertisements on many Web sites and use a single cookie on a user's machine to track the user's activity on all of those Web sites, creating a detailed profile of the user's behavior. Cookies used in this way are known as tracking cookies. Information collected by tracking cookies is often sold to other parties and used to target advertisements and other directed content at the user. Most spyware detection and removal utilities specifically look for tracking cookies on systems.

Another way to capture and deliver a user's private information is through the use of Web bugs. A Web bug is a tiny graphic on a Web site that is referenced within the Hypertext Markup Language (HTML) content of a Web page or e-mail. The graphic has no purpose other than to collect information about the user viewing the HTML content. Web bugs are usually invisible to users because they typically consist of only 1 pixel. Like tracking cookies, Web bugs are often used by marketing firms. They can collect information such as the user's Internet Protocol (IP) address and Web browser type and can also access a tracking cookie. These actions enable Web bugs to be used as spyware to create personal profiles of individual users.

So in addition to tracking cookies, there are also "web bugs". If ATS is using "web bugs" I have nothing to block them because I allow everything on ATS in my security software, for example I mark ATS as a "trusted site" in the "noscript add-on" for Firefox. But when I go to other sites, if they aren't trusted, noscript prevents "web bugs" from spying because I don't have the untrusted sites whitelisted like ATS.

noscript.net...

Untrusted
-Forbid "Web Bugs" blocks Web Bugs (tracking images) found inside noscript tags, used as a (less effective) fall-back to spy on user's behavior when scripts are not available.

The other tracking method I know about involves flash, and apparently to prevent this, you go to Flash Player Help, click on Global Storage Settings Player uncheck the box : "Allow third-party Flash content to store data on your computer."

You can run ad-aware to search for and remove third party tracking cookies, but that does nothing to prevent the web bugs or the flash third party tracking, as far as I know.

reply to post by Arbitrageur


ok so the problem goes like this
ATS requires we allow cookies for advertising reasons log on ect
why cant ATS set the standard for privacy for all other sires to follow

by offering a link to "strip" cookie info
when exiting the site or going to a link outside of ats

in this way one site could protect the members from leeks of info on the third party sites
ATS
a point of difference like this would promote more trust with members

xp

I think it should be common knowledge that anything we do online is monitored, tracked and used for whatever ends, by anyone who so chooses to do so.

That's why I do not bank online anymore, or enter any information I can stand to divulge. I only pay bills online with pre-paid cards or I drive to the office and deliver cash.

So to me this is nothing we didn't already know. Good find though, OP!

Originally posted by XPLodER
reply to post by Arbitrageur

 

ok so the problem goes like this
ATS requires we allow cookies for advertising reasons log on ect
why cant ATS set the standard for privacy for all other sires to follow

by offering a link to "strip" cookie info
when exiting the site or going to a link outside of ats

If there are ad-supported sites with better privacy policies and information than ATS, I don't know of any. They sort of do what you ask. First they have a pretty decent privacy policy for an advertising supported site, they only share our information in aggregate.

Then, they do "sort of" tell you how to address the cookie issues in that policy:

ATS privacy policy

Data Cookies:

From time to time data cookies will be set by various portions of the application code that runs the forums, features, games, and other specialty items running on our web servers. At no time is any personally identifying information (other than site username) ever stored in these cookies. The cookies are used to provide our application with page-to-page awareness of your user status and/or access privileges. Most of these cookies expire within days, but some may expire in moths or years.

I'm pretty sure they meant to say "expire in months" instead of "expire in moths" Anyway I don't see any privacy issue there.

Here's where you get into privacy issues:

Third Party Data Cookies:

Advertising networks that serve advertising on the Websites may write their own cookies for the purposes of determining advertising frequency and relevance, and to match ads against your interests based on aggregate non-personally identifiable information learned about your Internet browsing. We have performed reasonable diligence on all advertising networks authorized to serve ads on our websites to ensure that their data cookies are for this purpose and nothing more. Many of the providers serving display ads on the Websites provide users with the ability to opt-out of these third-party cookies. Below is a non-exhaustive list of the networks which may, from time to time, deliver ads to our users (many may only occasionally deliver ads). For more information about these and other companies, and your options for restricting the use of your data, visit ...

Then they list google, doubleclick, and a few more third party cookie providers' links on how to manage or even opt-out of the third party cookies.

So they are sort of on the right track by pointing you to this information, however I'm not sure why they don't just mention the browser option to prevent 3rd party cookies? They list over a dozen sites and they admit there may be many more not listed, so you can't possibly go to every "doubleclick" type 3rd party cookie provider on the internet, and individually deal with every 3rd party cookie source. Even if somehow you were able to do that, as soon as you finished, new ones would pop up. The browser setting takes care of all of them plus any new ones that pop up, so I don't know why they don't mention that (but I can guess), that's the only room for improvement I see; other than that, the ATS privacy policy is about as good as you can expect for an advertising supported site.

My guess for why they don't mention browser blocking of 3rd party cookies is, as they say the third party tracking cookies actually help advertisers serve ads that you'd be more interested in. For example, let's say that a person spends a lot of time browsing topics in the "aliens and UFO" forum. Then when the latest book or video on UFO or aliens comes out, the advertisers know that person might be interested in that so they can serve that type of ad. If you block all of the cookies, you may get ads on things you're not even interested in, so there can be advantages to not blocking them if you want to see ads that are relevant to your interests.