Warning: YAHOO using spyware!

I apologize for putting this in the flashlight discussion area ... but I'm so upset, I wanted it to be up front where most would see it.

I know this is our favorite website ... and there is no reason for any of us to ever go to any other website ... but just in case you've ever registered on any YAHOO website ... I thought this should be brought to your attention.

Apparently YAHOO is now using spyware to track internet useage of it's registered users. You can (and I have) opt out of this intrusion by clicking on the link below.

It's bad enough YAHOO is choked with ads ... but to now start spying on it's users ... and tracking web useage both INSIDE AND OUTSIDE of Yahoo sites. What a crock!

It's the "outside" part that bothers me!

Here's the message:

---------------

Yahoo groups has instituted another policy without informing its
users. They are using web beacons ('pixels') to track users OUTSIDE of Yahoo's sites ("to conduct research on behalf of certain partners on their web sites and also for auditing purposes." This week.) You can opt out of this program by going here:

http://privacy.yahoo.com/privacy/us/pixels/details.html

After you click on the "opt out" link, pay attention to the next
page.

The gray button that comes up CANCELS the opt out, so DON'T click it; just close the browser tab or the browser window instead.

Either way, I'll have to move it...

Moved to The Café. Follow it with the link up by your name.

i do repairs for a group of lawyers and got a call that they had upgraded internet service software from sbc/yahoo.
crashed 8 machines with the spyware/crapware it loaded.
boy were they pi$$ed when i dicovered the new software loaded hotbar and several other trash apps.
btw they now have a local,real isp.

I was originally on Flashnet internet service. They got bought out by Prodigy, so I then started paying Prodigy for my internet service for a while. Now, they have changed my internet service once again......this time to SBC Yahoo! Dial.

They told me my email, billing and stuff would remain the same, but they emailed me a disk to upgrade my software. They keep sending me reminders (for several months now) to load the disk onto my computer. I still haven't done it yet and my internet service seems to still work fine.

Should I just NOT load this disk onto my computer??? It sounds like all it may be is this crap software for their own benefit and very little for my benefit.

Unverified, but my observation: If you are a customer of one of their "stores" and have provided them with info for that, that info is then a part of their tracking (I noticed that some of my information in my membership in Yahoo! groups changed after ordering from a Yahoo! store.)

My suspicion is that this would allow tracking of not just "User X" but the tracking of "Tomas ____."

I suspect that many sites have a Yahoo! "pixel" on them, and if Yahoo! has personal info on you it can be attached to the browse of that page.

If Yahoo! does NOT have any personal info on you, you are just "User XXXX." Thing is, if they ever DO get personal info on you from their sites/services there is no reason why your actual ID could not be attached to that previous browsing.

This is not at all to say that Yahoo! would ever do such a thing, but even if they don't it is a bit frightening, eh? BTW: Read their TOS . . .

Have a good day!


http://home.earthlink.net/~zip98498/look.html

Thanks for the heads up! I've recently heard about some sites using this tracking technology, and I'm not surprised Yahoo! is one of them.

If you haven't already, I'd also recommend anyone with a Yahoo! account (if you haven't done so already) to check your marketing prefs. Earlier this year, they changed their policies which included automatically opting-in all members marketing prefs. to accept spam, ads and possibly even telemarketing calls! Go to "Account Info", log-in, click "Edit your marketing prefences" and select or deselect as you see fit.

I realize Yahoo! just trying to generate or maximize revenues but IMHO, that's crap.

I have a hotmail account. Do they use spyware too?

Originally posted by Mugsy:
I was originally on Flashnet internet service. They got bought out by Prodigy, so I then started paying Prodigy for my internet service for a while. Now, they have changed my internet service once again......this time to SBC Yahoo! Dial.

They told me my email, billing and stuff would remain the same, but they emailed me a disk to upgrade my software. They keep sending me reminders (for several months now) to load the disk onto my computer. I still haven't done it yet and my internet service seems to still work fine.

Should I just NOT load this disk onto my computer??? It sounds like all it may be is this crap software for their own benefit and very little for my benefit.

Click to expand...

<font size="2" face="Verdana, Arial">put the disk in the nuker for about 5 seconds on high.then toss it.same with aol disks.they sparkle real nice and no worry about them being readable if someone puts it in your computer.

is this about yahoo's internet service, or you're in this whole thing if you just use their email service?

Go to Lavasoftusa.com and download the freeware Ad-Aware. This is a great little FREE program that will thoroughly scan your system and destroy any spyware. Updated database files are also available free. I just updated mine and it discovered 4 spyware programs that went undetected since my last upgrade, (6/2001). You can also download a free automatic updating program for this, which I did, that will check for and install the latest ad database updates in a process that takes all of 30 seconds.
For $15 reg. fee, you can also download a "premium" version that will continually monitor your system for spyware and destroy them before they're even installed.
This is a great, compact little program. Who says nothings free anymore?

Hey guys-

Please correct me if I don't get this just right.

Let me quickly attempt to answer webley445's question.

Empath, true to form, is right (thanks Empath). True spyware is as he, snakebite, Mugsy, Tomas, sotyakr and I_rv_too (note the underscores) described. However, some people refer to the cookies that web bugs throw at you as spyware because those cookies are used for stats and can be used to profile your activity. This is why I believe AdAware (thanks for the update PeterM) refers to those types of cookies it finds as spyware. Not all cookies are bad. I'll humbly refer to that opinion in a moment.

The nice thing about hotmail is that you can rapidly access your account from any machine in the world. If you go to MSN to fire up hotmail then you will definately experience web bugs. It is my understanding that most of them don't work unless you use tab or click to focus cursor control on a function they are hovering over. If you would like to see the bugs then a program called "bugnosis" will identify them by placing a visable configurable graphic of a bug on top of the web bug. I've heard the newer versions of ZoneAlarm come with bugnosis. I used to run bugnosis but it got on my nerves. It is very interesting to see though. Bottom line is that I don't know if Hotmail has true spyware. I don't trust it but I use it. I'll tell you why in another moment. The type of thing I_rv_too is referring to is very agressive and I don't think hotmail has anything like that in it.

Here is how to insure that a personal system is immediately FUBARed. Buy a Compac, use AOL ISP and use Yahoo as your mail handler.

There is a hacker protection program known as BlackIce. It is very highly tauted but when you go to their site, they offensively defense their site by using methods to interogate your machine. This is because folks that offer hacker protection are considered fair game by hackers. My machine name is Icebreak to give hackers a warning. I'm not speaking for snakebite but I would imagine that anyone hacking him might experience similar difficulties they would have if they hack me three times. Some of my friends refer to me as Icebreak because I'm a very social critter. I will say or do almost anything to get a group of people to interact in an engaging, positive way. So, now you know. Glad to meet you. I am Icebreak. Also, once you keystroke the "cap I" the rest of the name can be typed with one hand behind your back.

Here are some of the basic things I do to protect my system: Before I go on line I fire up CookieCrusher. Disabling cookies is not good because some sites (like CPF) use a couple of good cookies to help you. Going to contol panel/internet options and deleting cookies is too time consuming and inefficient. I want to know about the cookies someone is throwing at me and CookieCrusher tells you everything and allows you to make informed decisions. If you have a slow machine it will sometimes hose you up. I like Intellicast.com but they are a cookie king and I thoroughly enjoy watching CookieCrusher beat the c**p out of them. I have AdAware but since I started using CookieCrusher AdAware rarely finds a thing.

I would not go online without ZoneAlarm installed. It not only blocks hacks and tells you allot about attempted hacks but it keeps your own machine's software from accessing the internet without asking you if it is OK. Realtime is on my machine and wants to access the internet when it feels like it and ZoneAlarm allows me to tell it to stay put. Same as if you are reading a Word document with a link in it. If you click on the link, ZoneAlarm asks if you would like for Word to access the internet.

Anytime I register or buy from a website I use my hotmail account. It is so trashed out that it is a part time job blocking senders. My real e-mail account is not perfect but basically clean. I didn't change my profile here at CPF to show my real e-mail address until a few weeks ago when one of "the smartest people in the world" was trying to help me buy some blue foreverbrights.

I'm sure some of this sounded authoritative but I really don't consider myself at all a computer wizard. I've worked with people half my age that make my computer work look like a drunken monkey doing calculations with a box of rocks.

Speaking of people half my age. What say you Saaby?

This isn't really spyware. Spyware is software that is installed on your system to monitor your actions. It's usually an undisclosed feature of an installation package that has these trojan built into the installation. Sometimes they are disclosed, usually embedded deep into a EULA statement.

What's being discussed here are webbugs. They are like banner ads and hit counters on webpages, only they are not given a discernable size on the pages, and are effectively invisible. In addition they cross-reference cookies to come up with positive identification of the user. Other than a cookie, nothing is installed on your computer. The cookie can be removed between sessions. Unless the cookie is replaced on each session through a login process, the identity of the user is concealed. Otherwise, a package like AdSubtract can be used to block the "invisible" webbug html codes. Unfortunately webbug use is becoming commonplace. It's unfortunate that the unscrupulous, which includes some "highly respected" operations, watched people like DoubleClick get away with deception and the exploitation of the unwary, and decided that was they way for them.

Yahoo is in the midst of it's death throes. What they imagine of themselves now is that they are busy making money through their ads, distribution of personal information to the highest bidders, market research of their users, and overly-inflated prices of such features as additional email features. Google has stolen the thunder of their search engines, and even now a newer portal site at MyWay is offering a non-clutered, non-intrusive portal service complete with email and personal start pages.

Good points, Icebreak. I'm no Saaby so I'm not sure of the finer distinctions between cookies and "spyware" but the 3-way defense works for me. And pretty cheaply. AdSubtract/Zonealarm/AdAware. AdAware doesn't really handle cookies that I can tell, unless the others are getting them first. I dont use Adaware daily. For $29 AdSubtract will selectively or globally block cookies, popups, banner ads, etc. and make it easy to kill cookies anytime. Zone-Alarm will block cookies optionally by type, ie: third party & persistent. Adaware finds and kills "spyware" like the Bonzai buddy and that Gator your kids let in.
To be virtually invulnerable if you have a faster connection, go through a proxy server like IDZap ($49/year). Then, use it to set up a hotmail address and always use that email add. through your proxy.
Sorry to sound like a commercial, but I've tried a lot of crap over the years, (Blackice defender comes to mind) and for $29 this combo can't be beat. So I can't help being evangelistic about this sometimes. For the last word from the Guru of "non-geekspeak" computer protection/privacy, look up Steve Gibson Research's site.
[Edit:] Icebreak, I just reread your post and saw your reference to Blackice defender. I guess you like it? Sorry, I didn't mean to trash your product recommendation!
I do want to suggest Steve Gibsons site though. Awhile back he was involved with a shootout/feud between Zonealarm & Blackice. Long story short, he basically hacked into Blackice at will. I'm sure his reviews are still up and probably still valid. It's a very interesting read.

Chances are, you have a bug on your computer that monitors what you are doing anyway. More people are infected than not so run Adaware (see below) and see how many are on your computer! Most are just information gathering spyware like Yahoo's.

Adaware will sniff out these spyware missed by your virus scanner: http://www.lavasoftusa.com

"Spyware is any program that is installed on your
computer, without your knowledge, that then gathers
information about what you look at as you browse
the Internet. Spyware can even capture your every
key stroke and moue click and broadcast all of that
information to other computers.

Spyware gets into your computer by hiding behind other
software as you download it. Some spyware files can
masquerade as cookies, the text files left by Web sites
so you don't always have to enter your user name and
password.

Once in your system, sypware can burry itself deep in
obscure registry settings, making it difficult for anti-
virus programs to detect because it looks like something
you chose to install.

The good news is there is a program that can locate and
remove spyware. It's called Ad-Aware and it's available
as a free download at www.lavasoftusa.com.

Download and install the software. The process places an
Ad-Aware shortcut on your Desktop. Run the program and
Ad-Aware will locate any spyware on your computer and give
you the option to delete it. I suggest your run Ad-Aware
once every week or two."

Just a little caveat regarding the removal of spyware components and Ad-Aware:

Some of the software that is infested with spyware will not run without their spyware components functioning. Since it's part of their financial support system, the software is designed to check the integrity of the spyware components and not run without them. The EULA of the package will often times (usually embedded deep in a lengthy user's agreement) stipulate your acceptance to be monitored by their partners. Removal or blocking of the components is constituted as a violation of their EULA, and the host software quits functioning or begins producing errors. Sometimes the errors occur on the system level and can create serious problems.

When you find spyware on your system it's best to determine which package placed it there. It may be that the use of the host software is worth this extra "cost" to you, though I'd refuse on general principles. If you uninstall the offending software package first, and then the spyware components, you're more likely to avoid the consequential effects of it's removal. Removing the host software alone isn't enough to remove spyware. Spyware is often designed to protect itself, and is best done through something like Ad-Aware.

As a matter of interest, a spyware component recently began searching computers in which it was installed for the Ad-Aware software. When it found it, it uninstalled Ad-Aware.

I do miss the DOS days when you installed everything yourself instead of granting exclusive rights to an installation package to do as it wants.

Ah ha!

Now I think I get it. Adaware hasn't found anything on my machine in so long but now I'm remembering it would find things that looked like cookies but were spyware.

On BlackIce I know that it is popular so I didn't want to trash it. Their site just put me off so I won't use it. I like ZoneAlarm allot. Thanks for the info on Steve Gibson's research. I have a friend that needs that information. I think I'll checkout AdSubtract.

Thanks PeterM and Surefire M6.

*edit*
Empath-
Yours came up while I was typing. So get rid of the software then its' spyware. OK. Spyware that uninstalls AdAware? Thats just nuts.

Thanks Empath,

Good advice, Happened to me with Kazaa (before I discovered Kazaa Lite)

Originally posted by Icebreak:
Spyware that uninstalls AdAware? Thats just nuts.

Click to expand...

<font size="2" face="Verdana, Arial">The package was Radlight. The defense offered was that Ad-Aware attacked his package, so he was only defending himself.

The Lavasoft account explains it.

Good grief, Ad Aware found and removed 24 items. Glad I downloaded it now, damn - this old thing must have been shining like a beacon to all the scumbags who placed them there

This sort of thing disturbs me so much. That my computer - a little over 6 months old (from the last format/install) was infested with all this, without my knownedge or consent. OK so most were cookies but there was some stuff in the registry too!

I think Spyware, at least in its present form, should be banned. Along with popups, web bugs, unsolicited mail and Times New Roman.

Not that it`ll ever happen, not when so much money is made from such disgusting practices....

Good of PeterM and the rest to bring it up.

If it works the same way it did last year the free download of ZoneAlarm is functional. You will be surprised at how many hits you get at first. The longer you have it and the more blocks you confirm the fewer hits you'll get. I think the first evening I used it I got seven hits. This month I don't think I got seven for the whole month. Many of the hits you get are just programs checking to see if an address works. Some are gathering stats for marketing. However, some are real hacking attempts to do harm.

Looks like I might need to upgrade to the Pro Version. After just now looking at the web site it appears to have been improved greatly. Anyway, I wouldn't go online without it.

http://www.zonelabs.com/store/content/home.jsp