<<< Date Index >>>     <<< Thread Index >>>

Yahoo tracking all of your usage WAS: Re: [IP] more on <a ping> tracking what links you click on





Begin forwarded message:

From: James McMurry <jmcmurry@xxxxxxx>
Date: January 18, 2006 2:48:47 PM EST
To: dave@xxxxxxxxxx
Cc: ip@xxxxxxxxxxxxxx
Subject: Yahoo tracking all of your usage WAS: Re: [IP] more on <a ping> tracking what links you click on

 Dave

for sharing with IPers

yahoo now can track your usage PER MACHINE (not account) using Web Beacons:


The following message was sent to me by the moderator of another
group that I'm in. Everyone needs to be aware of it as Yahoo is
tracking people now, even when they are not on the Yahoo site.

If you belong to ANY Yahoo Groups - be aware that Yahoo is now using
"Web Beacons" to track every Yahoo Group user. It's similar to
cookies, but allows Yahoo to record every website and every group
you visit, even when you're not connected to Yahoo.

Look at their updated privacy statement at:
<http://privacy.yahoo.com/privacy>http://privacy.yahoo.com/privacy

About half-way down the page, in the section on cookies, you will
see a link that says WEB BEACONS.

Click on the phrase "Web Beacons." On the page that opens, find a
paragraph entitled "Outside the Yahoo Network."

In that section find a little "Click Here to Opt Out" link that will
let you "opt-out" of their snooping. Be careful! NOT to click on the
next button shown. It is an "Opt Back In" button that, if clicked,
will UNDO the opt-out.

Note that Yahoo's invasion of your privacy - and your ability to
opt-out of it - is not user-specific. It is MACHINE specific. That
means you will have to opt-out on every computer (and browser) you
use.

Please forward this to your other groups. You might complain, too,
but I'm not sure if anyone is listening..

Related article:

Yahoo Web Beacons Igniting Controversy Yahoo's current privacy
policy is causing consternation among some users who object to their
use of so-called 'web beacons'. Known in most circles as web bugs,
these invisible images are embedded in websites and email and used
to track your surfing - and even tell whether you've opened a
particular email.
http://antivirus.about.com/od/spywareandadware/a/yahoobugs.htm



On Wednesday, January 18, 2006, at 11:42AM, David Farber <dave@xxxxxxxxxx> wrote:



Begin forwarded message:

From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: January 18, 2006 1:11:23 PM EST
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxx
Subject: Re: [IP] <a ping> tracking what links you click on

Dave,

I just posted the following comment regarding this situation
on the related discussion board:

  - - -

Gang,

From a privacy policy standpoint, there is a world of difference
between exploiting "tricks" for user tracking vs. building them into
browsers as standard features.  In the current privacy-invasive
environment, while we have to deal with the former case by case,
there is really no excuse for the latter.

Given that most users stick with defaults, any policy other than
disabling such a new "ping" feature by default would be unacceptable
from a privacy standpoint.  Efficiency and "golly, there are other
ways to track people anyway" arguments are utterly specious.

As it stands now, turning off javascript and carefully noting URLs
(I usually notice oddball redirect URLs when present) are indeed of
some value in controlling certain classes of tracking abuses.  We do
not need an even more invisible mechanism built into what has been
(up to now) an excellent browser.

Limiting the "pings" to the same server does not solve the problem
-- abuses of this feature are just as possible (even more likely,
actually) using the same server.

That the development team would even consider enabling such a
feature by default suggests a tin ear when it comes to privacy
issues that will be worthy of considerable ongoing concern (an
earlier example is the page prefetch feature enabled by default
which also carries significant privacy risks).  A clue to fuzzy
thinking in these regards is talk of setting the default differently
in Firefox vs. Thunderbird -- creating a privacy policy variation
with no obvious rationale.

I urge the parties involved to reconsider their support of this "URL
ping" feature as described, a feature that I can guarantee will
bring Firefox under intense public criticism.

--Lauren--
Lauren Weinstein
lauren@xxxxxxxxxx or lauren@xxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

 - - -



Begin forwarded message:

From: Don Drake <don@xxxxxxxxxxxxxxxx>
Date: January 18, 2006 10:49:07 AM EST
To: dave@xxxxxxxxxx
Subject: <a ping> tracking what links you click on

Dave,



I found this via Slashdot, a new attribute to anchor tags that is
being implemented in the next version of Firefox (1.6a) that makes it
easier than ever to track what links you?re clicking.



-Don



http://weblogs.mozillazine.org/darin/archives/009594.html



I've been meaning to blog about a new web platform feature that we've
added to trunk builds of Firefox. It is now possible to define a ping
attribute on anchor and area tags. When a user follows a link via one
of these tags, the browser will send notification pings to the
specified URLs after following the link.



I'm sure this may raise some eye-brows among privacy conscious folks,
but please know that this change is being considered with the utmost
regard for user privacy. The point of this feature is to enable link
tracking mechanisms commonly employed on the web to get out of the
critical path and thereby reduce the time required for users to see
the page they clicked on. Many websites will employ redirects to have
all link clicks on their site first go back to them so they can know
what you are doing and then redirect your browser to the site you
thought you were going to. The net result is that you end up waiting
for the redirect to occur before your browser even begins to load the
site that you want to go to. This can have a significant impact on
page load performance.



Websites even employ "onmousedown" event handlers that change the
href attribute at the very last second before a click occurs. This
makes it so that hovering over the link displays the location that
you want to go to, but it still ends up taking you someplace else.



This change is being considered in large part because some very
popular websites have asked for a solution to this problem. The
feature itself was designed and specified by the WhatWG.



Donald Drake

President

Drake Consulting

http://www.drakeconsult.com/

312-560-1574





-------------------------------------
You are subscribed as lauren@xxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-
people/




-------------------------------------
You are subscribed as jmcmurry@xxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting- people/




James McMurry



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/