[Previous entry: "Ham radio for SHTF times"] [Main Index] [Next entry: "Laissez Fair?"]

09/03/2005 Archived Entry: "Monkeywrenching web beacons"

THE OTHER DAY I POSTED A WARNING ABOUT YAHOO WEB BEACONS and how to opt out of them. Enemyofthestate responded:

While I certainly share your concern over the 'web beacons' Yahoo has been using for several years, I think it also offers a chance to monkey wrench the database. Before I stopped reading HTML formatted mail, I used to extract the beacon URL's and embed them in comments I'd leave on popular sites like Free Republic and Slashdot. That way every time the article was acessed, Yahoo gets a phoney hit.

I like it. "But for us non-technoids," I asked, "how do you do it?" This friendly enemy then said what to look for and what to do with the nasty little bugs. And offered further info about exactly how these nasty critters are used to invade your life:

I tried several times today to get a real honest to gosh web beacon from Yahoo but no success. Maybe they figure I'm not worth tracking. (Not sure if I am insulted or not :-)

Nevertheless I can give you some generic example of what a web beacon would look like. The simplest kind is just a small images -- usually a 1 pixel by 1 pixel gif. The source looks like:

IMG SRC="http://ad.doubleclick.com/beacons/we45ftr678ues.gif" height="1" width="1"

(When you copy such a beastie, be sure also to grab the little brackets on the ends (< >). I had to take them out for the blog software to display the text properly.)

This beacon can only tell you which computer has accessed the message or page the beacon is embedded in. It is adequate for determining if a message has been read but not for any level of detail on tracking a person's surfing habits. It also requires a separate GIF file for each message being tracked.

The gif doesn't have to be invisible either. Any image will do and I've read some place's use those animated smileys as web beacons.

The next kind is more sophisticated since it can sets a cookie as well. It look something like:

IMG SRC="http://ad.doubleclick.com/cgi-beacons/webtrack.cgi" height="1" width="1"

This retrieves the image from a server side executable which will request any previously set cookies on your system and try to set a new one. Depending on the level of information sharing the tracker has with his partners, this technique can lead to a detailed picture of your browsing habits.

For example, suppose you go to www.rescuesupplies.com which is partnered with doubleclick and has a web beacon like the above embedded in the source. Further suppose that rescuesupplies shares names, addresses and phone numbers with doubleclick. You make a purchase, enter your information and -- voila! -- you are now listed in doubleclick's database as a purchaser of rescue supplies and there is traceable cookie on your system.

Two weeks from now you visit another site and look around a page listing prices for aluminum. You don't buy anything but this page has a web beacon for doubleclick which retrieves your previous cookie and sets another. Ten minutes later, your phone rings and it is a telemarketer trying to sell you aluminum siding!

Coincidence? No. The first cookie was tied to the personal information you gave rescuesupplies and retrieving from a different page enabled doubleclick to find your name and number and pass it to the telemarketer.

Image tags are not the only way a web beacon can be set so just blocking images is not enough. The iframes tag can be also be used and there are some javascript tricks as well.

One way to monkeywrench the beacons is to locate the snippet of code and embedd it in a message posted to a high volume site. I liked to use FreeRepublic.com. This is not foolproof of course but it does give the abusers lots of false hits they need to filter out to get useful data.

Years ago a friend told me about desiging ECM for aircraft. When you cannot hide from the radar, create a whole bunch of blips that looks just like you so their computer has to drop out the decoys to isolate you. Hopefully, you will get dropped out and the missiles will target a decoy instead.

Some precautions I use:

I never read HTML email. If it cannot be read as plain text, I trash it. It's probably spam anyway.

I block 'third party' cookies on my browser.

I ditto enemyofthestate on never reading HTML mail (my e-mail program is set to text-only -- as everybody's should be). And I not only block all third-party cookies, but reject all cookies, period, unless I'm positive they're needed for some function that benefits me -- like telling me which posts on a forum are new, or enabling me to create a personal wish list.

Posted by Claire @ 08:46 AM CST

Powered By Greymatter