1361Re: Yahoo group policy annnd ...
- Jan 8, 2006Good day all -
-- I hate to be the bearer of bad news - but the use of "Web Beacons" (new in name only) on web pages has been going on for a long long
time now. A similar idea is used in eMail as well.
Web Bugs, and unusual choices - Sensors, Pings, Spotlight Tags, and one truly misleading name - 'clear gifs' (a name assigned to an innocuous
image used as a 'spacer' often for page layout purposes as well as for tracking and may be called by any one of several names not used for
tracking which might lead to being mis-recognized too).
-- There are free little software utilites that can reveal some of these things if they adhere to some arbitrarily chosen format.
-- Web Bugs - the name I've known them by - are pretty old now - and as far as I know began as a 1 pixel by 1 pixel clear gif. The software for
'detecting' them would simply replace any instance of a 1x1 gif with an image of a little bug of your choosing (lady bugs were very popular).
When the 1x1 gif was used as a spacer ... this could ruin a layout that might have that 1x1 gif in it. Then if someone used any other image or
size of image as a 'bug' the software would not work at all. Say a 2x2 gif ... or a 1x2 gif, etc.
have joined (and choose to opt-out in every instance available for regular browsing), this offers limited protection from what is an ongoing
battle over whether this is truly an invasion of privacy by recording your individual computers information (which is sometimes personal as
well) or whether they are simply compiling statistics on various aspects of 'your' internet travels and usage. The information is recorded no
matter what - it comes down to the usage of it.
-- If you would set up your browser in the fashion they suggest (to cover themselves and give the appearance of being 'on your side' - not
likely) - by requiring your browser to basically stop and notify you every single time a cookie was being placed, or attempted to be placed, on
your computer, and wait for you to respond with an OK or 'no', you would never get anything done at all. So ... a couple things you can do that
are 'permanent' and fairly invisible ...
-- Set up the browser to only permit cookies that are returned to the site you are visiting and block cookies that are delivering information
to a third party. This will at least set a cookie for the people you know and not some far off collector of information. A n y t i m e you
'restrict' what they consider to be information they want you could be barred from viewing a site at all, so you will need to decide if cookies
are 'safe' for you.
-- There are also free utilities that will allow you to view the contents of a cookie, and remove selected cookies from every location (even
those nasty hidden ones) where they are kept.
-- Of course banking, online purchases, and similar sites will require that cookie and its' information for it to function - and you are
providing that info directly and willingly.
-- Set up the browser to automatically flush your Cache (suggest you set it to be -very- small), History (set to hold -zero- days worth of your
travels on the internet) , and Cookie files everytime your browser is closed. This offers some limited protection too. Some Cookies are
persistent and you will want them that way, some are 'per-session' and are automatically disposed of when shutting down.
-- If doing anything financial - close your browser completely and open it anew to do your business and close it completely when finished at
that website. This is so you do not reveal what site you came from and what site you went to upon leaving. This is valuable information to
advertisers and marketers.
-- eMail. Yes the same risks exist here - maybe even more so because the efforts are often directed at YOU (a specific person) and not just
present on a website.
-- eMail is like a postcard to begin with - pretty much visible to anyone who wants to see it along the way. Never send anything you would not
want someone else to be able to read. Encryption is the only other way.
-- So to help protect yourself ALWAYS use an anti-virus program, keep it updated, and set it to scan EVERY message received. Of course you
would not ever open any attachment without scanning it first ...?
-- Use ONLY plain text. Do NOT permit those pretty, fancy, image laden HTML eMail messages. NEVER forward ANY eMail (a favorite way to spread
virus'), and NEVER accept or open ANY forwarded eMail messages. NEVER use an auto-responder (this confirms a valid eMail address has been
reached - again, valuable information to advertisers and marketers ... and miscreants too).
-- Download your eMail messages and then turn off / block all ability to communicate out by setting your firewall to not permit any
communication while reading your eMail. Do this BEFORE you open ANY eMail message - everytime. It soon becomes habit.
-- Okay - Why? I'll just give a little description of what happens when you open an HTML formatted message. This is where the Web Bug really
comes into its' own.
-- When you open a web page that displays images (even them clear ones) - your computer makes a request to have that text and all those images
delivered to your computer. The web server does so - and saves certain information for later review or use. One example is your 'address' - the
IP Address (Internet Protocol). Exactly where that image is being delivered. They can automatically capture that address and send an
advertisement to that address. This can be based on ads shown on the page - even ads of a certain kind - so they send you other ads based on
-- With HTML eMail - things are targeted to that one specific eMail address. They can assign a unique name to a graphic (they can name that
same graphic over and over again too - for different people / eMail addresses). So - they send -you- and eMail message using HTML so as to
require an image to be displayed within that message. When you open that eMail message, the HTML code sends a message to the web server to
deliver a specific image or graphic to your address - easy huh.
-- Well - the web server can record the time you opened that message (when that graphic was requested), the address of the computer (where you
asked that image to be delivered), the name on the computer you are using, how long it was open, etc. And this happens every time you open that
-- If you forward it (or even do the safe thing and 'copy' the text into a -new- message for another person to read) then the same information
about that other person will be recorded in the 'web statistics' on the web server. This can now reveal another person's address, computer
name, when they opened it, and quite a bit more if they choose to include certain things in the underlying code that creates the page. Of
course they surmise you sent it along to them.
-- Your IP Address is revealed every time you log into any web page - they have to know where to deliver that text and graphics. Those with a
dial-up connection will most likely have a 'dynamic' IP Address (it changes every time you log on to your internet connection). If you have a
DSL or Cable internet service you will most likely have a 'static' IP Address that remains the same all the time and is therefore less secure
in that respect than is a dial up connection.
-- To be 'safe' (can't ever be completely 'safe'), NEVER click on a link that is in an eMail message from anyone you do not know - and be
suspect of many no matter where they come from. If you are interested in visiting one of the many links we see here (and of interest to most of
us) simply highlight and copy that URL and paste it into the address bar on your browser to break that connection that it came from an eMail
message sent to YOU.
-- You can stop all of this kind of risk by simply hitting the 'Stop or Block' button on your firewall so NO outbound communication can be
completed. This is effective even if you choose to open an HTML eMail message. You will not see the graphics though.
-- A hardware router is preferable, and recommended, for even better security as you can 'break' the always on connection of a DSL or Cable
connection without really 'breaking' it - so it is still always available without the hassle of a dial-up connection and having to go through
the log-on delay.
-- By the way - this web bug thing has also been (automatically to a point, and hidden) used in Microsoft Word, Excel, Access, etc (and there
is even more valuable information hidden in these docs unless you take steps to remove it). It is a technique that can be inserted into every
kind of document that needs to reach out for a graphic when you display it on your screen.
-- Some of this is the way you can track a single individual to a specific computer - fugitives or pedophiles for instance (much more work is
generally needed - but this is a good idea of how it begins). You can even set up a web server to send a notification immediately when someone
opens that eMail message and that graphic loads on the page (so real tracing can begin immediately ... gotcha!).
-- And the info in ... say a Microsoft Word doc can be -r e a l l y- valuable to opposing counsel if left there in an electronic document.
Extracting it for use, or getting rid of it, is pretty easy though.
-- By the way - since this arose from YAHOOgroups - it is good to remember that ALL advertising is prohibited in these group messages. Since
so much of this is of interest to such a small circle of people I hope everyone appreciates the advertising that has been posted - but if there
is a problem - just stick some more info in the posting to lead us to the ads for classes, papers, and such, that we do like.
-- Okay - since I have babbled on so long - I'll shut up now.
-- If you get this far and find you have a question, feel free to post it here. If I am able to answer it, I'll be happy to do so.
Barry Kintner - a2z@... - http://www.kintner.com/portfolio
A2Z Computer Works - http://www.a2zcomputerworks.com - Phoenix, Arizona
Arizona Investigators Association - http://www.arizonainvestigatorsassociation.com
Calligraphic Society of Arizona - http://www.calligraphicsocietyofarizona.org
- << Previous post in topic