Subscribe to RSS Feed

12|10|2010 01:27 pm EDT

NamePros.com Gets Outed In Browser History Sniffing Fiasco

by Adam Strong in Categories: News

In a story on ZDNet this week, adult website YouPorn.com is being sued for “browser history sniffing”.  ZDNet points to a study conducted by University of California, San Diego of the global to 50,000 sites on the internet. In the study the researchers claim to have “confirmed that 46 websites used browser (history) sniffing to see which sites users visited before they arrived, and noted 326 sites they deemed “suspicious” in history tracking practices.”  Of the 46 sites mentioned, Namepros.com was one that the researches found to be engaging in this ‘suspicious’ browser history sniffing and “actually doing history hijacking”.

Browser history sniffing typically uses javascript to allow the site operator to gain access to information about site users.  Much of the information can be used to improve user experience. Typically online aggregators, social bookmarking services and ad networks use code that sniffs browser histories.

The UCSD report also mentions other sites such as Youtube and Microsoft were also performing some covert behavioral sniffing of site visitors.  Many more sites are likely involved in browser history sniffing or some form of behavior tracking, some may not even be aware that they are doing so.   Ad networks, browser tools and other services provided by companies like Interclick and Meaningtool reportedly are the source of most of these “suspicious activities”.

The plaintiffs in the case claim YouPorn is violating the U.S. Computer Fraud and Abuse Act as well as California computer laws as well as deceptive and unfair business practices and competition. We suspect that NamePros was using scripts from an ad network Feedjit, as owner Ron James points out in our comments section, and was caught up in what looks like a privacy-witch-hunt.  We’ve emailed NamePros.com owner Ron James about this story and have not heard back from him yet.

If you want to protect yourself from browser history sniffing, there are some things you can do . According to an article on About.com , you can delete your browser history cache frequently or change the way that your browser handles visited links.  If you click on a link in most browsers it changes color. The sniffers compare your cache to see what links in your cache you have clicked, if you set your “visited link” color to the same color as a “non-clicked” link this may block the sniffer from know where you visited.  DNN provides no guarantee that this will protect you from browser history sniffing.

Tags: , , , , , , , , ,

23 Comments

Acro

December 10, 2010 @ 1:54 pm EDT

The research list mentions NamePros uses javascript produced by Interclick.com which is a data mining / research company. It is very possible that they provide stats to participants and that NamePros is truly unaware of the history tracker. In that respect, it’s unfair to list them along with YouPorn.

Acro

December 10, 2010 @ 1:56 pm EDT

My mistake – the actual javascript / tracking producer is FeedJit.com

Ron James

December 10, 2010 @ 2:38 pm EDT

Dear Adam and Domain Name News,

This is Ron James, webmaster of NamePros. I understand the need to boost ratings, but your “NamePros Gets Outted” headline smacks of overly-sensational journalism.

If you read the study that you are basing this article, it says (as Acro rightly pointed out) that NamePros is included due to our use of Feedjit.

Feedjit is a traffic stats program we have been using as an alternative to Google Analytics. I have never gotten any kind of access to a user’s browsing history through this service or any others. The stats are in real time, but are otherwise fairly usual.

According to the most recent TechCrunch story there are there are 530,000 sites using the same service. http://techcrunch.com/2010/06/07/feedjit/

The research study only included the top 50,000 ranked Alexa sites. I was unaware that NamePros would end up being the top ranked Alexa site using Feedjit (after Feedjit itself) or that our use of Feedjit would get us “outted” on Domain Name News for something we do not do.

Is our choice of stats program is really that newsworthy? If so, I look forward to being “outted” on my choice of domain registrar or what hosting company we use for our servers.

But in all seriousness, if there are legitimate privacy issues with our site or services we use, I will be happy to address them here on this blog, on NamePros, or privately by email. My email address is rj{at}namepros.com

Sincerely,

Ron James
NamePros.com
@DomainBuyer

Drew

December 10, 2010 @ 3:03 pm EDT

“Is our choice of stats program is really that newsworthy?”

It is when that stats service is invading your user’s privacy!

You either drop their service, or you condone their actions.

What’s it going to be?

Ron James

December 10, 2010 @ 3:34 pm EDT

Is that really the case Drew? Before this “news” post I have not seen any accusations of malicious actions against Feedjit. Before making some knee-jerk action, I would like to get all the facts.

Adam Strong says in the story “We suspect that NamePros was using scripts from an ad network and was caught up in what looks like a privacy-witch-hunt. We’ve emailed NamePros.com owner Ron James about this story and have not heard back from him yet.”

There is no “witch-hunt” I am aware of, beyond this blog post. Was this intended to start one? I wasn’t emailed by Domain Name News until three minutes before this story was published. Maybe a little more research would have helped.

Ron James

Adam Strong

December 10, 2010 @ 4:38 pm EDT

Ron my title may seem sensational to you but I simply reported the facts. The title is far from sensational. It is a fact that your site was outed by the UCSD study and THEIR witch-hunt to name sites that they feel are violating privacy of users. I reported the facts exactly as I read them from the study and from the ZDnet article. I have no reason to sensationalize the facts.

The article summed up these facts . The specific facts that I didn’t know were what you’re site was doing specifically and how/why it was named given that many sites/networks are engaged in this. Since I was unable to reach you I gave you the benefit of the doubt and speculated that your site got caught in the cross-fire of a witch hunt. It was much more fair for me to speculate that than to perhaps speculate that you were doing something far more nefarious.

Also, I emailed you last night through Facebook at about 4am EST. You should have received this first thing this morning. I backed up my efforts by having Frank try to reach you.

I made the decision to roll the article after hearing back from Frank as I felt there was no need to wait for a comment because the only additional info you could provide for the story was what service, network etc you were using, which you have now done and I don’t believe this alters the facts of the story , which are that UCSD outed your site.

Ron James

December 10, 2010 @ 5:56 pm EDT

Adam,

I can appreciate that you didn’t speculate on the intent, however it does seem sensational to run a front page story linking NamePros with YouPorn in a “fiasco” of this nature. Stories like this can ruin reputations and careers, even when there is little basis behind them.

We have used Feedjit’s paid service since July 2010 without incident. I have yet to see any case of a NamePros member having their privacy violated because of our use of Feedjit.

There is no personally identifiable information about our visitors in the reports provided to us by Feedjit, beyond the standard geocoding of the visitor’s location. Their service offers an advanced widget for visitors to connect with each other via popular social networking sites (twitter, facebook, etc) but we have never used this feature on our site.

The study clearly says it was Feedjit javascript on NamePros. There is no other mention of NamePros or Feedjit in the study.

The UCSD study only looked at the top 50,000 of the 25 million sites Alexa ranks. We were included because we are in that top .2% based on Alexa ranking. Feedjit claims 530,000 sites use their service. If there is a story here, look into Feedjit’s service and find out why their top users are being included in a browser history sniffing “fiasco”.

Take care,

Ron James

WQ

December 10, 2010 @ 8:06 pm EDT

This “browser history sniffing” is nothing less than virtual butt sniffing and I find it very intrusive.

Ron James

December 10, 2010 @ 8:10 pm EDT

NamePros has used Feedjit Pro since July 2009, not 2010. It’s been a good provider for us in that time, never any problems. Just wanted to correct my previous statement. Thx, RJ

adam

December 10, 2010 @ 10:50 pm EDT

“If there is a story here, look into Feedjit’s service and find out why their top users are being included in a browser history sniffing “fiasco”.

I was among dozens of sites that reported the story from various perspectives over the last week. I’m sure there is more of a story on the ad networks, social bookmarking sites and other services that are using this type of code and even more sites that are reportedly doing more malicious stuff. There’s also a story in the fact that the browsers could likely remedy these situations, but I don’t cover those topics.

I wrote about the angle as it pertained to the domain space. If I wrote a blog about the F1 circuit I’d have written about the F1 site being named, but I write about domain stuff and a domain name forum was among those mentioned. Browser history sniffing has become a bit of controversial issue (clearly) so I thought it was important. Fiasco accurately portrays an unfortunate disaster of a situation where fingers are being pointed at publishers who many not even realize their code is malicious and likely are not directly benefitting from the sniffing.

Namepros was pin-pointed/outed/called out whatever you want to say, and I covered those facts. I’m sorry if you feel that this was “sensationalism” or not newsworthy and I’m open to your criticisms and suggestions on how to better handle or change the wording.

I did miss the coding in the table on the UCSD document that identified feedjit the first time I read it and I have made adjustments to the article to reflect that.

Steve M

December 10, 2010 @ 11:00 pm EDT

Ron, so now the bottom line is this:

Now that you know what Feedjit is doing (whether you had prior knowledge or not), you’re going to do the right thing by either:

1. Making they stop as a condition of keeping your business; or
2. Drop them now.

Which is it going to be?

David Williams

December 11, 2010 @ 7:17 am EDT

I was always under the impression that Google done a similar thing which is why they can tailor adsense ads to user’s previous browsing history? Maybe I’m wrong but I definitely know that they do display ads based on sites/categories I’ve visited in the past, even if there’s nothing to do with that on the adsense site I’m currently on.

roddy

December 11, 2010 @ 7:48 pm EDT

Possibly a disclaimer should be on the frontpage of all sites using this service would be the way to go. I am not too fussed by it but i guess nice to know.

Domain Hammer

December 13, 2010 @ 11:57 am EDT

This is a game where some of the dirty players do. Whoever is caught will be the loser.

Frank Michlick

December 13, 2010 @ 12:50 pm EDT

@David: I believe Google does this based on all the sites they have data for that you visit, i.e. sites using Adsense. This is different from trying to sniff your browser history.

Frank Michlick

December 13, 2010 @ 1:16 pm EDT

@DomainHammer: It’s obvious that this was not intentionally done by NamePros, it’s more of an issue with the statistics provider.

Ron James

December 13, 2010 @ 1:25 pm EDT

Feedjit has yet to address this, therefore we will be taking our business elsewhere for traffic stats.

Mark Maunder - Feedjit CEO

December 13, 2010 @ 3:16 pm EDT

I was alerted to this blog entry by Ron James this morning. I’m the founder and CEO of Feedjit.

Feedjit does not engage in browser sniffing and we have never targeted ads or tailored content using a user’s browser history. We have also never stored personally identifiable information based on a user’s browser history. We briefly offered a beta product that would let you graph anonymous aggregated data showing how many Facebook or Twitter users (for example) are visiting your site. This data was never personally identifiable, but we felt it crossed the “creepy” line and none of our customers saw value in the product, so we cancelled it several months ago.

Feedjit is very sensitive to site visitor privacy. We were the first analytics company to offer a way for site visitors to remove their data from our analytics products. We offer comprehensive privacy controls for all site visitors and continue to work with organizations concerned with privacy including the Center for Democracy and Technology.

Regards,

Mark Maunder
Feedjit Founder & CEO

Frank Michlick

December 13, 2010 @ 5:05 pm EDT

@Mark: Thank you for responding here. Are you in touch with the creators of the study?

Mark Maunder

December 13, 2010 @ 5:26 pm EDT

Frank: No I’m not. Curiously they never contacted us for more info. We are quite open about what data we log and how we gather it.

Juanny Cinco

December 13, 2010 @ 9:56 pm EDT

Yay… Front Page Headline Splash that attempts to ruin the reputation of TWO companies (Namepros and Feedjit) without making any effort whatsoever to justify, backup or actually investigate anything.

It’s so easy to be a “blog” isn’t it.

What’s next up?

A full exposé on how Rick Schwarz fathered Oprah Winfrey’s illegitimate love child?

Adam

December 15, 2010 @ 1:29 pm EDT

Mark thanks for adding your input. I guess this is a bit of what I called a “witch hunt” then ?

“Juanny”, DNN didn’t create the study, DNN didn’t write the other 10 articles that came out the same week before this one, nor the ZDNet one we cited. We re-reported information from other credible venues/sources. We even referred to the study as a “privacy witch hunt” I’m not sure why you feel that we were attempting to ruin any reputations by reporting this, besides how would it be advantageous for us to do that ? We’ve got nothing to gain doing that and much more to lose.

While it may seem very easy to you for someone to blog, it’s even easier to be a troll.

RSS feed for comments on this post · TrackBack URI

Leave a Reply