« Sandboxes, natural and artificial | Main | Adobe Updater note »
December 05, 2007
Many, many Beacons
Many, many Beacons: The Techmeme crowd is focusing on Facebook's use of web bugs, but the core problem is actually much larger than this one instance. It extends to all third-party content on a website. When a page from content.com includes a graphic from advertiser.com or affiliate.com, the latter two servers receive the IP address of the person visiting content.com, and can sometimes set a cookie. When advertiser.com or affiliate.com have their icons on enough of the Web's pages, they can build up a profile of which sites that cookie-holder or IP address visits. Facebook's situation was a little more dramatic, because they explicitly correlated with the realworld identity of the cookie-holder, and also instantly published that material on Facebook, without the surfer's explicit consent. But the problem of cross-site tracking is far wider than Facebook alone... every third-party call on a webpage has the potential to build up a hidden, proprietary database on which sites are visited. Try examining popular webpages with a cookie-blocker or ad-blocker... it's shocking how widely your visits are transmitted. If Facebook Beacon is a hot issue, then the whole issue of web bugs should have wider discussion as well.
Disclosure: Adobe's "Get Flash" and "Get Reader" icons are on many of the world's webpages. Server logs naturally record the IP addresses to which they serve these icons, but I've asked staff here about them, and those logs are not mined, or even stored for long... the logs are just a normal by-product of the webserving process. Unlike advertising networks, Adobe's business is not based on building up personalization databases about the public.
Posted by JohnDowdell at December 5, 2007 11:50 AM
Trackback Pings
TrackBack URL for this entry:
http://weblogs.macromedia.com/mtadmin/mt-tb.cgi/9172
Comments
A similar cross-site tracking problem described in New York Times (alternate link), about how Ask.com lets people explicitly remove any logging of their search terms to their IP addresses:
But underscoring how difficult it is to completely erase one's digital footprints, the information typed by users of AskEraser into Ask.com will not disappear completely. Ask.com relies on Google to deliver many of the ads that appear next to its search results. Under an agreement between the two companies, Ask.com will continue to pass query information on to Google. Mr. Leeds acknowledged that AskEraser cannot promise complete anonymity, but said it would greatly increase privacy protections for users who want them, as Google is contractually constrained in what it can do with that information. A Google spokesman said the company uses the information to place relevant ads and to fight certain online scams.
Posted by: John Dowdell at December 11, 2007 11:47 AM