Home

upFRONT

Issue 76

From Issue #76
August 2000

Aug 01, 2000  By Various
 in
Stop the Presses, LJ Index and more.
SMILE, YOU'RE ON A 1-PIXEL CAMERA!

Web pages use a publishing metaphor. They are pages, after all. We write, open, read and bookmark them. That's one reason why we assume that when a page downloads from a server, it's a one-way deal. The HTML describes the page, lays out the print, loads the graphics onto the page and into the cache.

There is at least the presumption of privacy. After all, reading is a personal (even an intimate) act. At times when interaction is required, such as when we fill out a form, there's a “submit” button that sends information back to the other end of the line. We're still in control.

And okay, we know about cookies and what they do. If we especially vigilant, we either refuse to accept them or go through the whole pile and weed out the suspicious ones.

But watch out. Big Brander is watching you. And not just with cookies.

It turns out that some companies are spying on you and your Web travels by using invisible 1x1 pixel transparent GIFs. These are in-line images downloaded from elsewhere, so the server-browser dialog can initiate covert reconnaissance on you and your subsequent surfage. You see no ad and suspect nothing. The cookie alert doesn't go off. But the bug—as in bugging device-has been planted.

Who's doing the planting? Usually a company that wants to learn something about you. Most of the time it's an advertising service that wants to “target” you with banners, e-mail spam or whatever. But they can serve all kinds of purposes, known and unknown. Don Marti found one on a Fed Ex page. (Presumably they want to track customers the way customers want to track a package.) Richard Smith, the leading source of information on Web Bugs, found two on Quicken's home page, both to provide “hit” information to advertising companies.

According to Smith's Web Bug FAQ www.tiac.net/users/smiths/privacy/wbfaq.htm, here is the information a Web Bug sends back to its server:

  1. The IP address of the computer that fetched the Web Bug

  2. The URL of the page that the Web Bug is located on

  3. The URL of the Web Bug image

  4. The time the Web Bug was viewed

  5. The type of browser that fetched the Web Bug image

  6. A previously set cookie value

Of course any graphic can serve the same purpose. That's why the only way you can see a Web bug is to view a page's HTML source. But Smith also provides another way to at least discover what sites are playing slight-of-pixel games: The Web Bug Search Page www.tiac.net/users/smiths/privacy/wbfind.htm. It shows where each of ten bugging companies are sneaking in their little spies. Makes for interesting (and creepy) reading.

On the matter of security, Don Marti gets the last word: “When a site tries to violate users' common-sense expectation of privacy, it should be the system administrator's responsibility to protect the user unless the user requests otherwise. Web ad banners are a security hole.”

—Doc Searls

LJ INDEX—August 2000

  1. Percentage of public relations professionals who admit to lying on the job: 25

  2. Percentage of public relations professionals who say they are not always able to confirm the validity of information conveyed to reporters on behalf of clients: 62

  3. Percentage of web sites with personal server headers: 5.7

  4. Number of Linux servers that self-disclose their distribution brand: 0

  5. Number of Linux servers found by Netcraft to disclose their distribution through Apache's personal server header: 850,000

  6. Percentage of those servers that identify their distribution as Red Hat: 72

  7. Percentage of those servers that identify their distribution as SuSE: 10

  8. Percentage of those servers that identify their distribution as Debian: 9

  9. Number of other distributions with more than 3%: 0

  10. Market cap of the entire Linux category in July 1999: $0

  11. Market cap of Red Hat at its peak in November 1999: $22.5 billion

  12. Red Hat revenues in the quarter ending November 1999: $5.7 million

  13. Market cap of Red Hat on June 1, 2000: $2.8 billion

  14. Red Hat revenues in the quarter ending February 2000: $13.1 million

  15. Market cap of thirteen “Tier 1” Linux companies on June 1, 2000: $8 billion

  16. Percentage of girls at popular teen web site who say they have had sex by the age of fifteen: 35

  17. Percentage of girls at popular teen web site who say virginity is in: 34

  18. Percentage of visits to popular teen web site that use Linux: .22

______________________

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState