I'm off to take a serious look at NoScript (https://addons.mozilla.org/en-US/firefox/addon/722). :)-nosh (April 25, 2009, 05:36 AM)
I installed it - then got annoyed with the extra housekeeping involved - and uninstalled it.noscript? gotta admit I disabled it a short while after installing it ...-nosh (April 25, 2009, 04:40 PM)
I installed it - then got annoyed with the extra housekeeping involved - and uninstalled it. (see attachment in previous post (https://www.donationcoder.com/forum/index.php?topic=18036.msg161511#msg161511))-nosh (April 25, 2009, 04:40 PM)
well
I just had a look - it showed 113 sites I had visited - I may be wrong but I think it didnt pick up on sites I had visited via Opera(?) (Disclaimer - I swear I wasnt trying to hide those sites :o but if that is the case, then Opera could be a good bet for more privacy...*)-tomos (April 25, 2009, 04:45 PM)
Seems like this is just a trick based on people's ignorance of how this stuff is supposed to work-Jimdoria (April 25, 2009, 11:02 PM)
Reminds me of those graphic buttons people used in their sigs back in the days when a lot of people used Netscape for everything, web, mail, news.
You press the button and it tells you your email address, ip address etc..-MilesAhead (April 26, 2009, 12:14 AM)
I think if you are a real tech head you would never even let this site to tell you where you have been, they are using a trick to get you browsing history?
JavaScript runs in the browser, and has access to the same info the browser does. The program runs in YOUR browser, gets information from YOUR browser and shows it TO YOU. How exactly is this a security breach?
Reminds me of those graphic buttons people used in their sigs back in the days when a lot of people used Netscape for everything, web, mail, news.
You press the button and it tells you your email address, ip address etc..-MilesAhead (April 26, 2009, 12:14 AM)
Yes, but doesn't the server have access to that info in those cases? If a script can be run to dynamically generate info and display it for the user, can't it also relay it back to the server?
PS: The site also offers to check a friend's :) history and tell you about it. I sent it to myself & ran the script and sure enough it sent me a link to the (already generated) results.
PPS: I could be way off the mark but I _think_ it's done using this (http://www.techdirt.com/articles/20080531/1924311274.shtml) hack.-nosh (April 26, 2009, 01:19 AM)
AFAIK, the server you connect to knows your IP (from the HTTP header) whether the site has any graphics or not. :) The pixel hack would only come into play for email or if a third party wanted to monitor a site s/he didn't manage - eg: monitoring a forum's activity by inserting an image hosted on your own site into a post or sig.-nosh (April 26, 2009, 12:39 PM)
My bad. I thought you were referring to the site being discussed. Sorry about the confusion.-nosh (April 26, 2009, 01:48 PM)
@noshSee here (https://www.donationcoder.com/forum/index.php?topic=18036.msg161559#msg161559). It would not be legal for them to keep the data they obtained from your machine without some sort of agreement on your part, but rest assured they did see it regardless of your choice to "view a friends history" or not, whether or not they keep it.
The "view a friend's history" thing is some social engineering/sleight of hand. They don't offer to let you peek into other people's browsers. They offer to let you send YOUR OWN browser history to a friend. When you do this, you are giving your browser permission to send the information it has collected to startpanic.com, which seems to me further evidence that they are not collecting this info behind the scenes.
BUT - once you send your browser history off somewhere - THROUGH THEM - they then have access to the information you provided them. They can then store it and show it to your friends, should they request it. If they can trick your friends into sending them this info as well, then they can store it and show it to you.
But there's still nothing technically sneaky going on here. Your browser collected some information, then offered to let you send that information on to a third party. If you do this, the third party (startpanic.com) is collecting information with your permission, since you had to actively do something to send it to them.
Once they have your browser history, you might claim that they shouldn't store it and show it to other people, but they did kind of tell you that's what they were going to do, although not in so many words.-Jimdoria (April 26, 2009, 12:15 PM)