google is evil : http://news.zdnet.co.uk/internet/0,1000000097,39625962,00.htm
"These ads will associate categories of interest — say sports, gardening, cars, pets — with your browser, based on the types of sites you visit and the pages you view," ... As with any other cookie, this tracking file can be cleared by the user at any time. By visiting Google's ad-preferences page, the user can opt out of having their surfing habits tracked, or input their own preferences for the subject matter of ads they would like to see. However, as clearing the browser's cookies would effectively remove the opt-out cookie itself, Google has also released a plug-in for browsers that provides a permanent opt-out from the service. ... This is no option to general users who dont have much clue about internet privecy. And we all know where all this is heading to...... ------snip------------ old article: http://groups.google.com/group/Intelligence-Studies/browse_thread/thread/5f78afce9d9736c0# A third party JS can also be used for a targeted surveillance of an identity by a third party. Such stat counter JS can act as a passive honeypot running across lots of websites that can be used for surveillance and profiling as it could know every websites /content you visited whereever such JS are used. You may use different nick names online, use anonymous proxy servers while browsing, clear their cookies often, dont use social networking sites etc for your privacy concerns. But JS can leak information like, Windows Media Player(WMP) UniqueID[2]. Operator can use a ClientID request in browser to pull off a machine's unique default serial number generated by WMP. There are also other applications that does the similar and such information can uniquely identify a machine regardless of its IP. Impact: Say, Website_Evil1 has recorded your WMP UID and associated some of your profile to it and shared it to Website_Evil_Gang. Now whether you are accessing internet from your laptop from library or coffee shop or home or in the office any website that is associated to Website_Evil_Gang will know its you browsing about (say) "dating" in Website_Evil1, looking about (say) "contraceptives" in Website_Evil30 and looking (say) "weight loss tips" in Website_Evil50. You could be uniquely identified online even if you clear browser cache at every logoff or use different IP/ISP all the time. Advertising serving scripts, web counters, third party banners etc has the potential like above which can have big impact on users privacy. But sadly this is just one example that can breach your quest to maintain your online privacy. There are lots of other ways (that vary in reliability) using which a computer can be identified in the internet / a region, and the machine identification features can be be associated to online identities that uniquely point to a computer system. From a surveillance prospective, if you have control over a some networks/websites its easy to associate such information from multiple source for tracking machine/software specific features and associate this with user identity. This way an attacker (Website_Evil_Gang) can have a wider view of your digital identity and can track you beyond having to relie on your registration information or IP's or cookie. Information like Your browser name and it version, clock skew of your system from standard time, your screen resolution/DPI, OS/ OS specific info, fonts installed info, your internet bandwidth/delays, browser specific features, browser plugins information about which softwares versions are installed in your computer like open office, real player, JRE, flash support, quick time player, acrobat reader etc can be detected by remote website. Via css websites you last visited can also leak. All of such information when put together can act as unique machine identification information that can be associated to your identity anyways. All of such information when put together can be used to track identities online[3]. As these info don't change often regardless of your IP. All of such information leak when put together for analysis prospective it will yield lots of user details. ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
