[C.M. Burns]

You may have noticed a sig like this:



It's advertised as a fun little widget but in fact it is a script that loads an image from a server at danasoft.com. The server notes all your information and creates a special image containing your IP, your browser, your ISP, your operating system AND the page you are looking at here on CKA.

This is spying. I PM'd Trevor and he replied:

Quote:

http://www.danasoft.com/ doens't store any of the info, its actually something to remind people that they do leave a trail and to take care.

This claim about danasoft is absolutely false. If you read the privacy policy from danasoft they make it very clear that they collect web server log information. This is exactly the information used to generate the sig image.

danasoft, in their privacy policy says that they will not disclose to any 3rd party "individually identifiable information about its users". Well, I am not a user and my IP address is not 'individually identifiable information' so the information you send when a CKA user puts this sig on a page is not covered by their policy and they would be crazy not to sell this information.

So, what is the problem? Speaking as an internet applications developer and a bit of an expert in data mining, the following:

When you read a page with the danasoft sig graphic the above stated information is recorded in their web server logs - inlcuding the topic page address.

By viewing the pages you have viewed and coordinating their information with the post time it would be a trivial matter to figure out which user belongs to which IP.

Because, as Trevor says, these 'bugs' are all over the internet - in forums and blogs, everything you do can be tracked and associated. It would be easy to figure out that you are C.M. Burns on CKA and Programmer17 at microsoft.com and RadicalCommie212 at redsrus.org, etc. Danasoft, in effect, becomes a tracking service, watching what you view, without your permission.

I'd like to ask any user who has such a sig to remove it now and that everyone refrain from using such sigs in the future.

Thanks

[dino_bobba_renno]

Well, I never thought I'd say this but I have to agree with Burns on this one. Yes I know this one may be or less harmless but what about the next one or the one after that? I all ready know people can see my IP so forth and I also all ready know what web browser I'm using so I really don't need to be reminded by some silly sig.

Even if the sig is harmless I feel the potential for abuse is there.

[Toro]

I also agree with Burns on this one. Frankly, there's enough shit on the Internet. Don't need anymore here.

[Chumley]

I am sure there must be versions of this thing around that don't give any indication at all that it has collected that information.
Any page any where could have that thing without telling you at all could it not?

[ridenrain]

I agree.
Good post Burns.

[Streaker]

I wonder if the Sloganiser might present the same problem?

[Blue_Nose]

Not particularly worries about it, but for the sake of curiosity, does anyone know if blocking images from danasoft (via adblock plus) is enough to block the script?

[RUEZ]

Your I.P is everywhere, this sig doesn't do anything that surfing the web doesn't do.

[C.M. Burns]

Chumley wrote:

I am sure there must be versions of this thing around that don't give any indication at all that it has collected that information.
Any page any where could have that thing without telling you at all could it not?

Anytime a CKA user posts any kind of URL - a link, an image, etc., the information I mentioned above is sent to the server named in the URL.

The difference with the danasoft sig is that it appears on every page to which the user has ever made a post, unlike an URL that someone may post.

Since danasoft has these things on sites all over the world, a really good profile can easily be built of your activities/political beliefs, sexual proclivities and so on.

[Canadaka]

I would like to remind people they can disable the display of sigs in the forum from your profile control panel. There used to be an option in the old forums to just disable images in sigs, it doesn't seem to be there in phpbb3, its something I might be able to add.

[Canadaka]

Blue_Nose wrote:

Not particularly worries about it, but for the sake of curiosity, does anyone know if blocking images from danasoft (via adblock plus) is enough to block the script?

if you have a browser addone like IE7pro or various Firefox ones, you can certainly block danasoft.com

[C.M. Burns]

RUEZ wrote:

Your I.P is everywhere, this sig doesn't do anything that surfing the web doesn't do.

You are 100% wrong.

Your IP is scattered across the world on many servers. There is no reasonable way to collect your IP/activities from web server logs from all these servers (short of your ISP providing the info).

The danasoft sig acts as a big collector.

[C.M. Burns]

ridenrain wrote:

I agree.
Good post Burns.

[Mr_Canada]

Very good post.

I'll be blocking danasoft.

[C.M. Burns]

Streaker wrote:

I wonder if the Sloganiser might present the same problem?

Yes.
Here's the code for your sig:

h t t p ://www.sloganizer.net/ en/ image, Streaker, white, red.png

I scrambled it a bit... It watches everything you do as well as everytime we view a page with it.