Quote:
Originally Posted by D_Advocate
It's good to see all the troops rallying around the flag over the last 24 hours. Quite heartwarming.
D_A
|
Please do your homework before commenting on the abilities of others and their decision about which flag to support. Providing a daily 'blog' of your new discoveries would be very informative to old and new readers alike. What I report below is my blog of what I have learned today about some tracking cookies (I suspected it, but did not KNOW it).
While you are looking for flags .... have you been able to discover the difference between the tracking scripts used by [generically] search engines, AOL, Research Science, omniture, 2o7 (are they still into adult content?), ad networks, plus many others that are hosted by sites and seen by the webmaster as a benefit to the site, and Phorm/OIX and other profilers?
Have you analysed them and decided which ones you will ensure are permitted and which are permanently blocked from your system, which cookies you regularly delete before closing a browser session, which sites you will never open in the same window as the window/browser which was used to visit a site hosting one of these scripts?
Just one site - bt.com - hosts tracking scripts from 5 (could be more) different domains - and that is before they start to use any DPI to track their customers around the internet.
In general, do you allow tracking cookies?
I personally will never enable javascript, accept cookies nor fill in a form on any site which hosts 3rd party tracking cookies. There are plenty of sites out there that are internet savvy about security and do respect the privacy of their visitors and I would rather support them.
Who are the worst sites on the internet? - banking.
I have just looked at one bank's home page - I won't mention the name. They have tried to set cookies (without javascript) in the following domains.
domain=.mediaplex.com (Mediaplex - Intelligent Technology for Digital Marketing, Provides online advertising, direct marketing and interactive marketing technologies.)
domain=.apmebf.com - blocked by spybot, quantcast says of it 'Apmebf.com is a top 10,000 site that reaches over 324K U.S. monthly uniques. The site is popular among a youthful, very slightly female biased crowd.The typical visitor visits ...' (neither me nor the bank I visited is USA based but quantcast knows how many calls there are to the site and the demographics of those 'visitors' - try visiting the site - "
Network Error
An error occurred while accessing "apmebf.com".
Maybe the domain name is not valid or there's a typo in the internet address."), also used by some affiliate networks during redirects
Generally, both domains appear on lists of domains which are blocked as adware.
I tried another bank and no cookies were set with javascript disabled. However, allowing javascript tries to give me cookies that originate from
touchclarity (omniture) where the CNAME for the bank's subdomain resolves to
tcliveeu.com - IP range belongs to omniture
and a HitBox Gateway cookies where the CNAME for the bank's subdomain resolves to a
hitbox.com domain
Now, why would banks want to give visitor tracking history to 3rd parties AND expect people to use internet banking? In case you are wondering - I actually bank with both banks used in this little exercise and never use any service other than their counter service, nor am I ever likely to use any internet service they offer. I just have to trust that the intranet used to record bank transactions is more secure.
Before you say, see, Phorm is not so bad, it gives you privacy. What? - where? - how? Will Phorm report the leakage of PII that these bank sites stream? I don't usually visit these sites. My browser blocks these tracking cookies - I could only find them in the browser logs with none saved to my computer's disk. What I don't know is how much the javascripts sent to the 3rd party sites. Frightening.
How does the Phorm tracking get blocked? - by changing to a non Phorming ISP - this is the only way.