... one of the many "Start Private Browsing" websites out there in internet-land :)
espn's forumla 1 website is on that list. pretty major network there.
In the name of science
Browsing youporn in the name of science. Got to love it.
* 27 "where do I sign up" posts
* 10 "Lousy Pinko Liberals wasting my tax dollars" posts
* 8 "Think of the Children" posts
* 15 "Think of the Children" (sarcastic or ironic) posts
where do I sign up? =)
NoScript is your friend
Add on components
Indeed, that and Adblock plus, BetterPrivacy (for preventing super cookie tracking), Ad blocker, Cookie Culler, Phish Tank Site Checker, Privacy Choice Tracker Watcher, and SSL Blacklist. Care is needed when using add on components. They've been known to bring problems of their own, accidental as well as intended.
Can't they just work that out anyway?
Mostly, but they can learn a little extra this way. For example, if you point at a link or an ad, that might imply you were tempted and nearly decided to click it. Potentially interesting information.
erratically pointing all over the place
I have my mouse speed and acceleration settings cranked to the max so that you only need to move the mouse about 2 millimetres to move the pointer from one side of the screen to the other (Because i use the mouse on my lap and I find it works for me!) so I'd love to see what their mouse snooping utility thinks of me if I were to visit their site and they see that I'm erratically pointing all over the place!
People who point where they look
Is there a name for that?
at the very least
It allows them to know how long you were looking at the page.
Without it all the know is that you loaded a page at X and loaded another at Y. With this they can see you loaded a page at X and spent 5 minutes actively looking at it then stopped and finally loaded another page at Y
I wouldn't demonize the porn sites.
It's easy to kick a porn site but what about what youtube, google, facebook, myspace, and all the like do?
I've never visited youporn or other sites like that because I wouldn't consider them to be safe to begin with but if you want to talk about sniffing.
What is sniffed when you watch a youtube video when google owns it and it's all tied together.
I have some porn site interests and while I don't condone any illegal sniffing or browsing of your data finding out what type of niche your into helps the industry because unlike youtube that suggests videos half the time completely unrelated to what your into (for marketing purposes and other agendas) porn sites that do this type of thing will suggest porn content that you are probably into.
And unlike the garbage software industry most of the porn we have is made in the usa keeping the jobs here.
I really think you are missing the point.
I really think you are missing the point.
There's A Fix
Make sure you select "ALL HISTORY".
I suspect that won't work.
The intrusion collects addresses of the purple links.
My Firefox History is just one day, but in Preferences the default Save Visited Sites came as 9 days. Naturally I have now set it to zero.
I used to imagine that it was enough to stop the history list interrogators by exiting all sites by clicking down through te list to the home page, or the search page, or the Register. I am so niaive.
It will work..
The "History" bit clears which links display as purple, hence fixing the problem. It's really not all that serious though. You can't even tell if you've visited a specific domain, it has to be an exact link match - for example you could only tell if someone had visited Facebook if they had gone to the mian homepage first - if you followed a link in to your profile, you're safe. It really is fairly limited. Still all privacy holes are bad, and should be fixed.
It is a slightly awkward problem, in that custom CSS means it's not a matter of "blue or purple" it's ":link or :visited", and those psuedoselectors are not exposed to the DOM. This is compunded by the problem that an individual link might have extra styles applied. Personally I would be quite happy with them simply removing currentStyle access to hyperlinks, or even harcoding any check to the default blue. How many legitimate reasons are there really for checking what colour a link currently is? All of the ones I can think of are more easily and cleanly expressed with CSS anyway.
Good thing I use NetSurf then
You are clearly a masochist
Amongst all those porn / pirate sites we see Newsmax and Answers in Genesis. Two right wing fundamentalist web sites. I guess they share many of the same ethics as the people they decry, especially when it comes to privacy.
Answers in Genesis
No they are not right wing, they are Christian fundamentalist, and that is two different things. Jesus could hardly be called right wing. Clearly you are left wing and flying around in circles as a consequence.
Yes they are right wing
I didn't call Jesus right wing fundamentalist sites, I said these sites were. A fact which is plain just be reading them.
As for Jesus, I have no idea what political leanings some mythologised figure had 2000 years ago. And neither do you. Hasn't stopped everyone and their uncle coopting his name to justify the most ugly and hateful views though.
Check yourself or friends...
http://www.didyouwatchporn.com/ uses the same exploit...
Re: Check yourself or friends...
> http://www.didyouwatchporn.com/ uses the same exploit...
I suppose it makes a very good test of how well private browsing works. Nice.
As one site wrote regarding the other image, "a little bunny! It's funny because it's the same motif Playboy uses" (http://roget.biz/sites-pour-savoir-si-vos-potes-visitent-des-sites-pornos)
I can confirm
That that site does NOT work.
Oh yes I did.
All I can say is
I used the Francis character from L4D as my avatar on StackOverflow when I made an account there.
Now, when I post elsewhere having used the same email to make my account, guess what my avatar often defaults to?
Techeye.net particularly bothered me in this regard.
Strangely enough Facebook has not managed to mine this connection.
Maybe StackOverflow uploaded your avatar to the Gravatar service and linked it to your email?
Same avatar across multiple sites?
They probably use "gravatar" or something similar to set it... have a google and you will be able to change it.
Somewhat alarmingly, charter.net is my ISP. But I see they're the number two offender after youporn, that's mighty reassuring.
explains why Charter tries to get everyone to set their site as their homepage.
I have seen their techs, when out here on service calls (and at others homes) try to set the home page to charter.net.
I'm glad I don't let them touch my comps usually. If they need to use a comp for something, I have a laptop with a separate account they can use.
Ah, now that's a thought......
"And unlike the garbage software industry most of the porn we have is made in the usa keeping the jobs here."
.............that would surely imply that the desire to watch someone else having sex with your wife could be classified as outsourcing.
It's a valid point James Woods makes above regarding the techincal aspects of sniffing, and our trust of more mainstream sites...
...but I just can't help thinking if you go to a site called YouPorn, you kinda deserve everything you get...
Get what's coming to you
"...but I just can't help thinking if you go to a site called YouPorn, you kinda deserve everything you get..."
Hmmm, nice . . . .
"...but I just can't help thinking if you go to a site called YouPorn, you kinda deserve everything you get..."
Why do you think that? Is it because you are some sort of modern day Mary Whitehouse?
You may or may not like porn, but there are much, much worse things on the internet. The trouble is the average Daily Mail reader likes to bury their head in the sand and pretend there is nothing worse in the world than porn, except possibly swearing on TV.
Why? Because it's porn?
Porn has been around since cave paintings. Don't generalize all porn as being something seedy or bad. Porn has a healthy place in modern society. Besides, porn is pretty much mainstream now thanks to our Z list celeb culture.
Wow. 7 down votes. :-) For what it is worth, I'm not a Mary Whitehouse wannabe Daily Fail reader...
Perhaps before clicking "down" and saying "oh, what a prude", you might stop to consider that while no site is 100% secure, there are some sectors which are a magnet for dubious activity in the "exploit" sense. I mean, if you complained about getting rootkitted while cruising russian download sites, people would laugh at you and ask "what did you expect?". But on the other hand YouPorn is acceptable? Or maybe some of you don't want to face up to the fact that visitors to such a site may be more lead by their pecker than their brains, so might be a little more permissive with what they let run on their computer.
Tell me - how well do you trust a porn site, its operators, and its security measures? Think carefully before answering, because this article is about just such a behaviour...
"the average Daily Mail reader likes to bury their head in the sand and pretend there is nothing worse in the world than porn"
Not true. They hate immigrants more. Not to mention the errosion of family values.
Of course that doesn't stop them paying Mistress Sveltana the Ukranian dominatrix £100 every Thursday night while the wife is at bridge club to punish them for being a very naughty boy.
@heyrick -- the same way I check any other site.
As someone who has been the victim of a drive-by infection at work by allowing scripts while checking out a completely legitimate site* I know that no site is safe.
The way I tend to keep safe is by keeping my eyes and ears open about problems with sites by reading El reg and similar. I also tend to block all adverts and block third-party scripts on all sites (because adverts are annoying and the sites that run them have a history of being exploited).
I also run Linux at home, and have an XP VM which I can use as a sacrificial lamb if I really want to try out a new site that could be dodgy.
There's also a not-so-reliable but up until now fairly good rule of thumb that dodgy sites tend to "look dodgy" either badly designed, or cluttered, or full of adverts or scripts for other sites (often with names like xxccddff.co.ru). Like I said, it's not completely effective but so far aside from the history reading (which doesn't bother me as I don't have it turned on) YouPorn has shown itself to be as safe as it looks.
*It was deliberate, I was testing NoScript and the AV installation after a colleague tipped me off.
Mistress Sveltana the Ukranian dominatrix only charges £80 on Tuesday afternoons....but that is for old age pensioners only.
Re: Tell me - how well do you trust a porn site
Why would a (legal) porn site be any more or less trustworthy than any other (legal) site? Because porn is 'icky' in the view of some? Because only 'bad' people would run a site dealing with such content? (Maybe this is true - my experience of such things isn't exactly pervasive).
Does not parse
"As someone who has been the victim of a drive-by infection . . . It was deliberate"
If it was deliberate, how exactly were you a victim?
Paris, because I would be her victim any day . . .
Cambridge Dictionary Online definition of victim: "someone or something which has been hurt, damaged or killed or has suffered, either because of the actions of someone or something else, or because of illness or chance"
I still had to clean the damn infection up, so I suffered. If I have unprotected sex with someone who is HIV positive I could still describe myself as "an AIDS victim" if I suffered from the disease.
"I still had to clean the damn infection up, so I suffered."
Then you're a complete amateur. Don't you test this sort of thing on a dedicated machine that is completely reimaged every time it boots, a virtual machine perhaps?
As a dev, I know that flash LSO were/are still tracked - sites like youporn and any other pr0n site uses flash and they store flash cookies(LSO), which can be read with the right script. Even browser pr0n mode does not always clean flash cookies.
Somebody mentioned that NoScript was a deterrent - This is hardly true. Most video sites require js enabled browser for playback.
a pedantically required title
BetterPrivacy for Firefox addresses the Flash LSO problem. Setting it aggressively to clear everything it can whenever it can has not yet caused me any problems using Firefox.
One of the advantages of NoScript is that you can be selective in the scripts that you allow. Be restrictive. I never allow anything that does not seem directly related to the task I want to achieve on that page. ElReg works quite nicely without JS, for instance.
The only time that policy has come unstuck for me is when buying and the "Verified by Visa" system jumps up from the bank site to call a script from yet another site. One only finds out the name of the site, to consider permitting it, after the bank has already declined the transaction. Even that has an advantage; it keeps the overdraft down!
NoScript is more fine grained than turning js on or off
But sites are getting smart.
The sites booby-trap the sites to make sure you bite. NoScript filters by domain, and guess where the history-sniffer code's going to reside? In the same domain as the video player, which you MUST allow in order to get anything productive out of the site. So no videos without a history sniff.
From wikipedia(I know that wiki is not always a veritable source of information, but....)
"The current version of Flash does not allow 3rd party LSOs to be shared across domains. For example, an LSO from "www.example.com" cannot be read by the domain "www.example2.com".
However, any domain can read the master LSO, which contains a listing of all LSO placing websites visited."
The last sentence simply means that if you visit a pr0n site that uses flash and sets flash cookies in your browser, another site can collect this information. This was used by panoptclick project and this technique is comparable to history checks performed using css vlink.
If you still do not trust this info, visit
macromedia.com is able to pull info about all sites that set a flash cookie on your computer.
I am not entirely sure how/where LSO are stored, but if this is a central repository(for all browsers), you can probably find details about sites that you visit via BrowserA when you are using BrowserB. This last bit is prolly paranoia, but I'd rather be paranoid rather than trust flash...
mouse tracking is awesome when your marketing director won't listen - we were able to use it to boost conversions on our insurance site by 30% - you could re-play their interactions with the page and it helped us detect a lot more fraudulent policies - you could watch them weighing up the risks to get the best quote - one guy must have run through his entire family trying to find the cheapest postcode to live in.
Not a good predicator of fraud ...
maybe you should design a device which detects stress patterns in speech. You could use it on the phone ...
There are many legitimate reasons why people would change parameters when shopping for an insurance *quote*. None of which would result in fraud.
I've just finished a research study into the possibility of detecting fraud at the point of sale of an insurance policy (motor) ... the view from on high was that we already have dedicated teams in place who analyse policies for fraud anyway. Besides, there's no way you could catch someone who did all their quote "adjusting" on one site, but purchased through another (or in person, or on the phone) having got their "perfect" profile.
Still, kept me busy for a few days !
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA
- 166 days later: Space Station astronauts return to Earth
- What did you see, Elder Galaxies? What made you age so quickly?