Idea for tracking sites

[rick752]

There are only two possibilities to avoid this: blocking cookies or not to send the request (with other word: block that thing).

Both of these which can be done in ABP .... but this makes the '$script' part of the filter string useless if the images themselves (or any other request)can create cookies simply from ANY http request from that site.

AH! Thanx man ... so, are we cool? (I've done enough as-kissing and self-embarrassment in this post to last a month)

ps: Wladimir ... don't you say a thing! I know, I know

[lavanzo]

You do not need to do as-kissing. It's OK.

But if you had read the wikipedia article closely, you would have believed me earlier, because everything is explained there.

[rick752]

I DID read it as per your request ... but parts were a little vague. When I told you that:

From what I've been reading, I don't think an image can actually SET a cookie .... but it WILL respond to one that has ALREADY been set from that server.

... that was my interpretation of that info.

You've got to remember, there is no reference to the effects of "blocking" there. I tried to interpret it as best I could taking that into consideration.

I was always under the misconception that you had to either visit the host site, or be subjected to its JS (via 3rd-party) for it to be able to set a cookie. I was wrong. This is something I have thought for years.

Believe it or not, this (totally FU-ed) topic has helped me understand something that I was totally wrong about all this time. Fortunately, it hasn't caused a filter misconception until maybe tomorrow ... but you nipped it in the bud for me.

Again ... thank you for setting me straight on this one, sir.

ps: Actually, this may turn out to be a pretty decent post. I wonder how many others didn't know this (like anyone will admit it .

[lavanzo]

I especially meant:

[...]web banners are typically stored in servers of the advertising company, which are not in the domain of the Web pages showing them. If third-party cookies are not rejected by the browser, an advertising company can track a user across the sites where it has placed a banner. In particular, whenever a user views a page containing a banner, the browser retrieves the banner from a server of the advertising company. If this server has previously set a cookie, the browser sends it back, allowing the advertising company to link this access with the previous one.

But you are right, the whole article is a bit long winded and vague. Not very clear and easy to understand.

Since you are now enlightened, it is useless to argue about the why and how.
Now we can bury the thread and hope that nobody will read our discussion.

[rick752]

That is exactly the part I was talking about:

"If this server has previously set a cookie...."

THAT ... was the "gray area"

I want people to read this post (sure I looked like an idiot ), but you provided knowledge that others may not have known if not for this topic.

[lavanzo]

And only as a addition:
There are existing also so-called "flash cookies". A cookies within the flash player, which firefox cannot disable itself. More infos on: http://www.epic.org/privacy/cookies/flash.html

[IceDogg]

I'll admit I didn't know it worked that way. But I haven't excepted cookies unless I whitelist them (exceptions) for a long time now. All cookies are blocked by me, except my exceptions. Works VERY well. Then I use permit cookies to easily add exceptions as I go.

On to another point. Lets say that you don't allow cookies as I don't. So they couldn't track me that way. However, they could still track me by the image itself correct?

Example. I visit site A that has the tracking image from stat tracking company A. So when I download this tracking image (like a hidden 1X1 gif) it sees my IP just visited that site. Then I goto site B that also has stat tracking image (again maybe hidden 1X1 gif) from the same stat tracking Company A. They will again see my IP and can start tracking what sites I visit without the need for cookies at all. If you use a 3rd party stat tracking company no matter what that company can track your users across other sites as well. Using this method. Correct?

Now I know that some IP's get reset more then others, but I'd bet after a while they know which IP's are for Dailup users and which are for Cable companys and when each reset these IPs. Not as efficient as cookies I know, but they still could get a very good idea of what sites you visit and start to form a profile of users. NO?

I feel and believe that 3rd party stat tracking is bad. If you do have a site that you can't access the stats for then it's time to move to another host. Or except that some are going to block your stats. However, I have no problem with it being a separate list. I can live with that. I just want to still be able to use said list. That's all I really care about.

[IceDogg]

lavanzo, Would you mind if I removed your link in post # 7 as Rick didn't need it? I would just turn it into a click able link but that's not a normal link.

Edit: Hope you don't mind, I went ahead and removed it.

[chewey]

On to another point. Lets say that you don't allow cookies as I don't. So they couldn't track me that way. However, they could still track me by the image itself correct?

Absolutely.

Example. I visit site A that has the tracking image from stat tracking company A. So when I download this tracking image (like a hidden 1X1 gif) it sees my IP just visited that site. Then I goto site B that also has stat tracking image (again maybe hidden 1X1 gif) from the same stat tracking Company A. They will again see my IP and can start tracking what sites I visit without the need for cookies at all.

Even better: They also recieve a referer header, so they know where you come
from, even if the originating site doesn't use that particular tracking service.

[lavanzo]

Even better: They also recieve a referer header, so they know where you come
from, even if the originating site doesn't use that particular tracking service.

Not with a simple image. Because the referer of the image contains the address of the site, where the image is included, but not the URL, from where you came to the site.

[chewey]

Not with a simple image. Because the referer of the image contains the address of the site, where the image is included, but not the URL, from where you came to the site.

Oh, true. My testcase was... well... stupid. Sorry.

[rick752]

OK, I see now.

So with the exception of not knowing that a simple image could set a cookie, everything ELSE works the way I thought it did. It was just that one point ... unfortunately, it was the main point of the second part of my OP.

But I would say that even though the image could set a cookie and can track you, I would think that blocking the parallel javascript would still reduce the tracking ability much more, simply because the js is capable of doing much more 'digging' of your surfing info than a simple image 'ping' could.

Would that be a correct statement?

[lavanzo]

The additional information a script can provide is the screen resolution, window size, user language, number of visited sites and all plugins of the visitor.

By a webbug you can acquire IP, cookies, time, OS, browser, provider, and accepted file types.

[rick752]

Thanx lavanzo for taking the time to follow through.

This has been most informative

[hello5959us]

We have established here that images can set cookies on their own, but is it possible to stop them from setting the cookie using adblock plus without blocking them?