All Your Base are Belong to Yahoo!!

Here's a piece from a scary article:

"...Here's the deal: When you create an account with Yahoo...you're asked to click on a button signifying that you agree to its terms for use of the service. Somewhere within their agreement, it says that unless you specifically tell Yahoo not to, it'll track and record all your Internet activity, not just that associated with the service. It does this by placing a small application on your hard drive that logs all the links you visit and then sends the data back to Yahoo. What then happens to that data is much less clear..."

Emphasis mine.

Here's the rest of the article which also has instructions on turning Yahoo's 'Web Beacon' off, in case having your every movement online tracked wasn't what you had in mind when you signed up for your Yahoo account.

Thanks for pointing that out. pretty invasive technology. this web beacon, which gathers data from your PC

note opt out only aplys to a specific browser.

I prefer Google's policy of: "Do no evil."

Google is not completely free from controversy either, though they are my search engine of choice, and maps.google.com completely rocks.

There was quite a bit of controversy lately over some of the sites that come up when you use their news service. Certain obviously and violently white supremacist websites were coming up along side more traditional news sources and that had everybody pretty mad at them.


EDIT: because I can't type today...

[ QUOTE ]

Google is not completely free from controversy either, though they are my search engine of choice...

[/ QUOTE ]

Mine too. While it does seem that everyone in the business will scarf up whatever personal info they can get, I like the fact that Google shys away from Javascript and web bugs, and that all of their search services will still work with spoofed user_agent tags and without cookies or accurate referrer tags.

After reading the article and the opt-out page and thinking about it for a while, a few really disturbing questions popped into my head:

1__If I understand correctly, once you click your initial agreement to the terms of service the tracking binary will be installed on every computer you log into your account from, without again asking for agreement.

2__The opt-out procedure only opts out the browser it's executed on.

3__If that's true and a friend logged onto their Yahoo account on your computer, YOUR web use would be tracked from that time on, without your consent.

Also, what happens to the binary when you no longer have your yahoo account? Is it uninstalled? Obviously, if you hadn't opted-out and just abandoned the service the little binary would just keep phoning home forever.

I guess this is another reason for a good firewall.

Wow!! Great info. Ironic as I used the Yahoo Anti-spyware.
Once I opted out, the Anti-spyware is no longer in my tool bar!!! WTF
I copied the URL and forwarded to all the Yahoo users I know. Thanks again for the Heads-UP.
SubZ

I turned off the web beacon about a week ago and just cancelled my Yahoo account today. Bye.

Has anyone actually seen this in real life? Have you set up a network monitor and observed your web browsing history being transmitted? I think you will find it's not what it seems.

In reality, a web beacon is simply a graphic that YOUR browser requests when it accesses a page. See http://www.webopedia.com/TERM/W/Web_beacon.html for a definition. A web beacon is no different than any other graphic, except that they are tracking it.

The pyramid picture to the left of this message is a web beacon. Every time you read a message with that picture, your web browser looks for that picture, and that request goes in my web server's log. There were 221 people who read a CPF page yesterday with my pyramid on it. I know what IP they came from and what browser they used. I also know what web page mentioned it.

I'm not saying that spyware does not exist, because it does. I'm just saying that Yahoo is not using it. I use yahoo groups, and I don't recall ever seeing an indication that an applet was being installed.

Daniel

[ QUOTE ]
gadget_lover said:
...A web beacon is no different than any other graphic, except that they are tracking it...

[/ QUOTE ]

Emphasis mine.

Yes, that's right. Duh... The point is that some people, even some Yahoo users, believe it or not, don't like being tracked. A few people have used the opt-out link in spite of your assessment. The link to the article was for them. It was never intended for those who are fine with being tracked by Yahoo. As long as even a couple people who don't want to be tracked by Yahoo find it useful I'm glad I posted it. /ubbthreads/images/graemlins/grin.gif

The www is becoming more and more disgusting, just like the rest of the world.
bk

Kiessling,

Crackers and identity theives are getting more disgusting, but the good parts of the internet are improving lots of things. Also, anti-crackers and identity thieft protection programs are getting better.

Sure the bad parts are getting worse, but I think overall things are getting better.

Now what's so bad about that, Kiessling? All they know is that you accessed some web page that has their invisible gif. They still don't know who you are without compiling a lot more information. The only ones who will have their invisible gif are their affiliates. It does not seem that bad to me.

Web beacons are a very common practice.

Go to google and type "1x1.gif" into the search engine. That's basically an invisible gif commonly used for web beacons. You get 22,400 hits. The beacon can have any name, btw. Sometimes you see it as a banner, sometimes as a little icon at the bottom of the screen or even a cute graphic of a puppy.

Really, it's not like they are raiding your computer. The spyware does that. The government does that. You wife or mother may do that. Yahoo does not.


Daniel

Aaron, Daniel ... you're talking details. I am not interested in details. When looking at the big picture, the www once was something free, wild and fascinating. Now it's dangerous, a war-zone, and profit-only (or almost). You have to properly arm yourself before going in, or else ...

I know ... my bitterness doesn't belong here, and I want to say sorry for bringing it up. Carry on ...

bernhard

Ok, big picture.....

I spend a lot of time every day on the net. I'm a trained data security professional. I see:

The ease of use of the tools has allowed dummies and crooks into an area once available only to academia and the upper class.

The usability of the web is 100 times better than it was only 5 years ago.

The information available on the web is 10000 more than was available 10 years ago via usenet, gopher and such.

The crooks are finding that unsophisticated users can be scammed more rapidly online. These same people can also be scammed in person.

You used to have to work real hard (setting up network sockets, finegaling network access, downloading programs that took hours or days...) to have a usable web experience. Now you can buy a cell phone all set to cruise teh internet.

Human greed prevents microsoft and others from creating systems that are secure. Human ignorance and trust ensures that a smart crook will always be able to get you to make your secure system insecure.

The WWW is still facinating, still wild and still as free as you want it to be. If you want extras you may have to pay, but that's another story.

Daniel

Human nature twists a great idea and turns it into a war-zone and a stingink swamp. Disgusting. We have done it so often in history, and we have succeeded once again. The rotten elements make it harder and harder to see the greatness you are describing.
Not everyone is a trained computer guru.
bk

Not sure if this has anything to do with this...

A year ago I signed up for a yahoo account under a fake name and address, and now I receive snailmail for that fake name at my real physical address. /ubbthreads/images/graemlins/Christo_pull_hair.gif

Beamhead, that's a whole different kettle of fish.

Yahoo has spent a great deal of time and money trying to tie unrelated data together. When you sign up for a yahoo account, you leave some data behind. When you sign up for a newsletter on another site, you leave other data. When you buy a product from a third site, you leave still more data.

So what's happened is that some sites are affiliates who share data. It's not too far a stretch to see that if you use that yahoo mail account to buy something from a yahoo affilaited merchant, the mailing info will work it's way back into the yahoo databases.

It's really a fun process to watch.

Daniel

[ QUOTE ]
Beamhead said:
Not sure if this has anything to do with this...

A year ago I signed up for a yahoo account under a fake name and address, and now I receive snailmail for that fake name at my real physical address. /ubbthreads/images/graemlins/Christo_pull_hair.gif

[/ QUOTE ]

this is called a honey trap... I do it all the time. setup something with a unique ID. So if you recieve junk with that ID, source is known.

Correct. I sign up using a different middle initial, that way, I know who sold my info and stop using whoever it was that did it.

Another way one can be tracked is when you buy a new computer and register it online. Usually called "Setup".

If one fills out their personal info in the "AutoFill" page(name, addy, etc) many sites download the info. If you watch that button on your browser(if placed there via preferences), you can even see the button being "clicked" by that site.

If one buys their computer directly from a major comp retailer, your CPU chip had a serial number. When you buy and/or register it, your name is tied to that CPU serial number. Could be used to find it if stolen though.

All Me Best,
Fin