Tech Broiler
Jason Perlow, Scott Raymond & Violet BlueYouPorn Sued for Browser History Sniffing, Wired Named in Tracking Scandal
By Violet Blue | December 7, 2010, 6:47am PST
Summary
The Federal Trade Commission wants users to be able to Opt-Out for visit tracking and a new lawsuit over browser history privacy could change how content providers monitor user behavior in the future,
Topics
Blogger Info
Jason Perlow
Biography
Jason Perlow
Jason Perlow is a technologist with over two decades of experience with integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. A long-time computer enthusiast starting the age of 13 with his first Apple ][ personal computer, he began his freelance writing career starting at ZD Sm@rt Reseller in 1996 and has since authored numerous guest columns for ZDNet Enterprise and Ziff-Davis Internet. Jason was previously Senior Technology Editor for Linux Magazine, where he wrote about Open Source issues from 1999 to 2008.In his spare time, Jason is an avid amateur chef and food writer, where his work reviewing New Jersey restaurants has appeared in The New York Times. He is also the founder of the popular food web site eGullet and blogs about restaurants and cooking at OffTheBroiler.com.
Scott Raymond
Biography
Scott Raymond
Scott Raymond has been a technologist and system administrator for over 20 years. Starting as a hobbyist in his teens, Scott quickly learned that he could translate his passion and knowledge into a full-time career. He currently works as the lead systems administrator for a neuroscience marketing company. He has written technology articles for various publications in the past and began contributing to ZDnet as a guest blogger on Jason Perlow’s Tech Broiler. Scott and Jason met in New York in the 1990s where they co-managed the New York City Palm Pilot Users’ Group with Scott’s wife Rachel.In his spare time, Scott is a trained chef and avid bicycling enthusiast, as well as a voracious reader of historical, science and horror fiction. He is a huge fan of pop culture, with a wide range of interest in TV shows, movies and games.
Violet Blue
Biography
Violet Blue
Violet Blue (tinynibbles.com, @violetblue) is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation. She is regarded as the foremost expert in the field of sex and technology, a sex-positive pundit in mainstream media (MacLife, Forbes.com, The Oprah Winfrey Show, others) and is regularly interviewed, quoted and featured prominently by major media outlets (from ABC News to the Wall Street Journal). A published feature writer and columnist, Violet also has many award-winning, best-selling books; her books are featured on Oprah's website. She was the notorious sex columnist for the San Francisco Chronicle. She headlines at conferences ranging from ETech, LeWeb and SXSW: Interactive, to Google Tech Talks at Google, Inc. The London Times named Blue one of the 40 bloggers who really count.With YouPorn in the #61 spot for global Internet visits, you no longer need to pretend you’ve never checked it out. But do you know who’s been checking you out when you come to visit?
YouPorn now faces a lawsuit over browser sniffing. The FTC is asking lawmakers for tracking opt-out tools for surfers, and a whole bunch of big sites have been caught peeping their users’ private history. So you’d think that people would be practicing a lot more “safer surfing” precautions these days.
Back in October, an insanely sexy report was filed by UCSD researchers called An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications (.PDF). Their paper confirmed that 46 websites used browser (history) sniffing to see which sites users visited before they arrived, and noted 326 sites they deemed “suspicious” in history tracking practices.
“Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows,” the researchers wrote.
The top 46 in the browser history sniffing expose were using a browser exploit that relied on the browser telling the site which color to use for visited links, based on visitors’ history. Visit one of the 46 meant activating a script that ran to get your browser to tell them were you’d been, and visitors are none the wiser. Not surprisingly, the trail led mostly to ad networks: 22 used sniffing code from Interclick and 14 used scripts from Meaningtool.
Among the 46 noted in the study included StraightDope, OSDir.com, Newsmax, investor site Morningstar, NamePros, ESPN car racing site ESPNF1, Charter.net (a cable-television provider Charter Communications portal), and YouPorn, among others. The report especially noted that other sites, such as YouTube and Microsoft, were found to be performing covert behavior sniffing; Wired.com, PerezHilton, Technorati and TheSun.co.UK were also found to do so with TYNT.
Of all those caught spying on surfers’ histories and doing behavior tracking, none got as much attention as YouPorn – not for the adult content, but for the way they executed the exploit. The 61st most popular web site in the world (according to Alexa) ranked top in the researchers’ findings; they were really good at what they were doing… differently than the others.
Last week, the Forbes.com blog noted the report’s highlight of YouPorn who had created their own version of the Java exploit that they have since removed from the site. YouPorn’s version cloaked the data slightly by using next letter code (instead of “me.com” it would read “nf.dpn”).
Far be it for those in glass houses to hurl rocks at pornographers; it does seem a bit odd to see a porn privacy suit that is not filed by two John Does. Yet while some of us think that looking at porn is nothing to be ashamed of, some also think that tracking users without their consent isn’t hot or sexy.
YouPorn is now facing a lawsuit filed Friday: David Pitner and Jared Regan have filed a class-action lawsuit in the Central District of California against Netherlands-based Midstream Media (YouPorn) for “the use of “history sniffing” or “history hijacking” techniques to intentionally and knowingly capture personal information from unsuspecting users of its websites without their knowledge or consent.”
The Plaintiffs accuse YouPorn (and its sites) of violating the U.S. Computer Fraud and Abuse Act as well as California’s computer crime law, and that they engaged in deceptive and unfair business practices; and accuse YouPorn of unlawful and unfair competition.
Perhaps what is most interesting is that there was only one porn site among the top offenders; YouPorn. The question is, could this extend to the other top 46?
Interclick is not named in the lawsuit – nor is anyone else – and Interclick claims that the exploit was a test code that they have since stopped using. After the Wall Street Journal contacted Charter Communications about their place in the browser sniffing scandal, Charter ended their relationship with Interclick.
Could the practice of browser sniffing and behavior tracking be illegal?
Perhaps if the US had privacy laws as watchful as other countries. Sites are frothy-obsessed with gathering data in visitors; that Interclick is an ad company behind a number of sniffers in the report is no surprise. We expect this sort of thing from ad companies, who make the porn guys look like they’re late to the game.
The Federal Trade Commission is worried about privacy: they want to propose rules that would limit advertisers’ ability to track Internet users for the purpose of ad-targeting. They proposed a “Do Not Track” tool to lawmakers last week which would take the form of a browser setting that allows surfers to “opt out” of tracking, similar to the “do not call” registry. However, this may not actually block history all forms of sniffing. The nanny state is just as late to the game, it seems.
Why not just build a better browser? Browsers are generally well aware of their own privacy holes and the link color exploit has been known about for some time. The newest versions of Chrome and Safari have sniffing protection onboard, and Firefox announced they’d be taking sniffing countermeasures back in March, with full implementation set for Firefox 4.
YouPorn was not the only site in the top 46 to be running their own version of the exploit so it remains to be seen how the lawsuit will shake out.
What do you think: should sniffing and covert tracking be illegal? Does the FTC know what it’s doing? Talk back in the comments and tell me what you think.
Update: Ars Technica reports that in light of the YouPorn and FTC news, Internet Explorer 9 Gets A New Anti-Tracking Privacy Feature.
Image via Chicago Tribune.
Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.
Violet Blue is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation.
Disclosure
Violet Blue
I am currently freelancing part-time (only) for ReadWriteWeb for their general news blog and their Start (startup tools) channel; this was made in agreement that I would not write about anything that might conflict subjects in my blog (no sex content). I'm under contract to publisher Cleis Press for editing three more books (only) with the topics of women's/couples' erotica. I have been writing and editing books for Cleis Press for ten years on the subjects of erotica and human sexuality (guidebooks). I'm not under exclusive contract anywhere/to anyone/to anything, I have no investments.Biography
Violet Blue
Violet Blue (tinynibbles.com, @violetblue) is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation. She is regarded as the foremost expert in the field of sex and technology, a sex-positive pundit in mainstream media (MacLife, Forbes.com, The Oprah Winfrey Show, others) and is regularly interviewed, quoted and featured prominently by major media outlets (from ABC News to the Wall Street Journal). A published feature writer and columnist, Violet also has many award-winning, best-selling books; her books are featured on Oprah's website. She was the notorious sex columnist for the San Francisco Chronicle. She headlines at conferences ranging from ETech, LeWeb and SXSW: Interactive, to Google Tech Talks at Google, Inc. The London Times named Blue one of the 40 bloggers who really count.More from “Tech Broiler”
Talkback Most Recent of 3 Talkback(s)
- Follow via:
- RSS
- Email Alert
RE: YouPorn Sued for Browser History Sniffing, Wired Named in Tracking Scandal
It's amazing that modern browsers could have such a huge privacy hole. As a software developer, I'm very aware that they can easily prevent this type of issue.The US needs to start cracking down on illegal internet activity like this.
Brett Miller
www.customsoftwarebypreston.com
Criminal Justice
Study Criminal Justice to solve crimes like these search the web for "United Forensic College"sveinyael12/07/2010 10:28 PM
- Reply to
- Flagged
Good Luck
With the corporate loving Republicans controlling half of Congress, good luck getting the "do not track" legislation passed. The business community is already crying the blues over why they should be able to track every move you make on the Internet. They will lobby hard against this and Republicans will be be right by their side (hand held out for the cash).
Talkback - Tell Us What You Think
2010-12-08
YouPorn Sued for Browser History Sniffing, Wired Named in Tracking Scandal | ZDNet
via zdnet.com