Loading ...
Sorry, an error occurred while loading the content.

1361Re: Yahoo group policy annnd ...

Expand Messages
  • Barry A. Kintner
    Jan 8, 2006
    • 0 Attachment
      Good day all -
      -- I hate to be the bearer of bad news - but the use of "Web Beacons" (new in name only) on web pages has been going on for a long long
      time now. A similar idea is used in eMail as well.

      -- As noted in the privacy policy of one of the associated companies owned by YAHOO these go by several names ... Tracking Pixels, Web Beacons,
      Web Bugs, and unusual choices - Sensors, Pings, Spotlight Tags, and one truly misleading name - 'clear gifs' (a name assigned to an innocuous
      image used as a 'spacer' often for page layout purposes as well as for tracking and may be called by any one of several names not used for
      tracking which might lead to being mis-recognized too).

      -- There are free little software utilites that can reveal some of these things if they adhere to some arbitrarily chosen format.

      -- Web Bugs - the name I've known them by - are pretty old now - and as far as I know began as a 1 pixel by 1 pixel clear gif. The software for
      'detecting' them would simply replace any instance of a 1x1 gif with an image of a little bug of your choosing (lady bugs were very popular).
      When the 1x1 gif was used as a spacer ... this could ruin a layout that might have that 1x1 gif in it. Then if someone used any other image or
      size of image as a 'bug' the software would not work at all. Say a 2x2 gif ... or a 1x2 gif, etc.

      -- While you can (and should, in my opinion) take the time to read the various Privacy Policy statements on sites you frequent, or sites you
      have joined (and choose to opt-out in every instance available for regular browsing), this offers limited protection from what is an ongoing
      battle over whether this is truly an invasion of privacy by recording your individual computers information (which is sometimes personal as
      well) or whether they are simply compiling statistics on various aspects of 'your' internet travels and usage. The information is recorded no
      matter what - it comes down to the usage of it.

      -- If you would set up your browser in the fashion they suggest (to cover themselves and give the appearance of being 'on your side' - not
      likely) - by requiring your browser to basically stop and notify you every single time a cookie was being placed, or attempted to be placed, on
      your computer, and wait for you to respond with an OK or 'no', you would never get anything done at all. So ... a couple things you can do that
      are 'permanent' and fairly invisible ...

      -- Set up the browser to only permit cookies that are returned to the site you are visiting and block cookies that are delivering information
      to a third party. This will at least set a cookie for the people you know and not some far off collector of information. A n y t i m e you
      'restrict' what they consider to be information they want you could be barred from viewing a site at all, so you will need to decide if cookies
      are 'safe' for you.

      -- There are also free utilities that will allow you to view the contents of a cookie, and remove selected cookies from every location (even
      those nasty hidden ones) where they are kept.

      -- Of course banking, online purchases, and similar sites will require that cookie and its' information for it to function - and you are
      providing that info directly and willingly.

      -- Set up the browser to automatically flush your Cache (suggest you set it to be -very- small), History (set to hold -zero- days worth of your
      travels on the internet) , and Cookie files everytime your browser is closed. This offers some limited protection too. Some Cookies are
      persistent and you will want them that way, some are 'per-session' and are automatically disposed of when shutting down.

      -- If doing anything financial - close your browser completely and open it anew to do your business and close it completely when finished at
      that website. This is so you do not reveal what site you came from and what site you went to upon leaving. This is valuable information to
      advertisers and marketers.

      -- eMail. Yes the same risks exist here - maybe even more so because the efforts are often directed at YOU (a specific person) and not just
      present on a website.

      -- eMail is like a postcard to begin with - pretty much visible to anyone who wants to see it along the way. Never send anything you would not
      want someone else to be able to read. Encryption is the only other way.

      -- So to help protect yourself ALWAYS use an anti-virus program, keep it updated, and set it to scan EVERY message received. Of course you
      would not ever open any attachment without scanning it first ...?

      -- Use ONLY plain text. Do NOT permit those pretty, fancy, image laden HTML eMail messages. NEVER forward ANY eMail (a favorite way to spread
      virus'), and NEVER accept or open ANY forwarded eMail messages. NEVER use an auto-responder (this confirms a valid eMail address has been
      reached - again, valuable information to advertisers and marketers ... and miscreants too).

      -- Download your eMail messages and then turn off / block all ability to communicate out by setting your firewall to not permit any
      communication while reading your eMail. Do this BEFORE you open ANY eMail message - everytime. It soon becomes habit.

      -- Okay - Why? I'll just give a little description of what happens when you open an HTML formatted message. This is where the Web Bug really
      comes into its' own.

      -- When you open a web page that displays images (even them clear ones) - your computer makes a request to have that text and all those images
      delivered to your computer. The web server does so - and saves certain information for later review or use. One example is your 'address' - the
      IP Address (Internet Protocol). Exactly where that image is being delivered. They can automatically capture that address and send an
      advertisement to that address. This can be based on ads shown on the page - even ads of a certain kind - so they send you other ads based on
      that one.

      -- With HTML eMail - things are targeted to that one specific eMail address. They can assign a unique name to a graphic (they can name that
      same graphic over and over again too - for different people / eMail addresses). So - they send -you- and eMail message using HTML so as to
      require an image to be displayed within that message. When you open that eMail message, the HTML code sends a message to the web server to
      deliver a specific image or graphic to your address - easy huh.

      -- Well - the web server can record the time you opened that message (when that graphic was requested), the address of the computer (where you
      asked that image to be delivered), the name on the computer you are using, how long it was open, etc. And this happens every time you open that
      message.

      -- If you forward it (or even do the safe thing and 'copy' the text into a -new- message for another person to read) then the same information
      about that other person will be recorded in the 'web statistics' on the web server. This can now reveal another person's address, computer
      name, when they opened it, and quite a bit more if they choose to include certain things in the underlying code that creates the page. Of
      course they surmise you sent it along to them.

      -- Your IP Address is revealed every time you log into any web page - they have to know where to deliver that text and graphics. Those with a
      dial-up connection will most likely have a 'dynamic' IP Address (it changes every time you log on to your internet connection). If you have a
      DSL or Cable internet service you will most likely have a 'static' IP Address that remains the same all the time and is therefore less secure
      in that respect than is a dial up connection.

      -- To be 'safe' (can't ever be completely 'safe'), NEVER click on a link that is in an eMail message from anyone you do not know - and be
      suspect of many no matter where they come from. If you are interested in visiting one of the many links we see here (and of interest to most of
      us) simply highlight and copy that URL and paste it into the address bar on your browser to break that connection that it came from an eMail
      message sent to YOU.

      -- You can stop all of this kind of risk by simply hitting the 'Stop or Block' button on your firewall so NO outbound communication can be
      completed. This is effective even if you choose to open an HTML eMail message. You will not see the graphics though.

      -- A hardware router is preferable, and recommended, for even better security as you can 'break' the always on connection of a DSL or Cable
      connection without really 'breaking' it - so it is still always available without the hassle of a dial-up connection and having to go through
      the log-on delay.

      -- By the way - this web bug thing has also been (automatically to a point, and hidden) used in Microsoft Word, Excel, Access, etc (and there
      is even more valuable information hidden in these docs unless you take steps to remove it). It is a technique that can be inserted into every
      kind of document that needs to reach out for a graphic when you display it on your screen.

      -- Some of this is the way you can track a single individual to a specific computer - fugitives or pedophiles for instance (much more work is
      generally needed - but this is a good idea of how it begins). You can even set up a web server to send a notification immediately when someone
      opens that eMail message and that graphic loads on the page (so real tracing can begin immediately ... gotcha!).

      -- And the info in ... say a Microsoft Word doc can be -r e a l l y- valuable to opposing counsel if left there in an electronic document.
      Extracting it for use, or getting rid of it, is pretty easy though.

      -- By the way - since this arose from YAHOOgroups - it is good to remember that ALL advertising is prohibited in these group messages. Since
      so much of this is of interest to such a small circle of people I hope everyone appreciates the advertising that has been posted - but if there
      is a problem - just stick some more info in the posting to lead us to the ads for classes, papers, and such, that we do like.

      -- Okay - since I have babbled on so long - I'll shut up now.

      -- If you get this far and find you have a question, feel free to post it here. If I am able to answer it, I'll be happy to do so.

      Goodnight.


      Barry Kintner - a2z@... - http://www.kintner.com/portfolio
      A2Z Computer Works - http://www.a2zcomputerworks.com - Phoenix, Arizona
      Arizona Investigators Association - http://www.arizonainvestigatorsassociation.com
      Calligraphic Society of Arizona - http://www.calligraphicsocietyofarizona.org
    • Show all 2 messages in this topic