Feeds

back to article ISPs scramble to explain mouse-sniffing tool

Sky Broadband has been caught using JavaScript to track every click and shuffle on its support pages, but it's not alone: other ISPs have also admitted recording every frustrated wobble of the mouse on their support pages. Readers at ISP Review spotted Sky using a JavaScript tool called SessionCam to record rodent tracks on its …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Lets all go to the Sky website and move our mices to make the shape of a large penis. :p

35
0
Unhappy

won't work..

They'll just assume we're all big Rupert Murdoch fans..

5
0
Bronze badge
Pint

Large phallus? No, just spend 10 minutes whizzing the mouse around the page, before hitting submit and fill their server up with crud. :-D

2
0
Silver badge

surely a real techie

would write a script to do that ?

9
0
Anonymous Coward

Re: surely a real techie

Open source probably has that covered already

1
0
Silver badge
Joke

Finally a productive use for touchscreen tablets!

As the great espouser of personal privacy Mark Zuckerberg might say;

"Where's my mouse now, b*tch!?"

0
0
Bronze badge

Hehe, I tend to do that anyway whist reading out of boredom.

Read in one spot, the mouse is free to "play" all over the rest of the page.

I'm sure that any data collected from me tips their research data into a cocked hat.

0
0
Meh

..how much we are prepared to share before...

Of course, there is the dependency we all have on the browsing platform you're using and its ability to provide you with the necessary controls to exercise the level of information sharing you're prepared to tolerate, even when, as in this case, that data is quite oblique...

0
0
Bronze badge

eye-tracking?

That's going to be a challenge since the only camera equipped kit I have is my phone and it will be a cold day in Hell before I use a 4" screen for general browsing.

2
0

Re: eye-tracking?

Get rid of your eye-phone then and get something usable.

1
3
Silver badge
Holmes

Re: eye-tracking?

Reading between the lines I gather that by "eye tracking" they mean "mouse tracking" and leap from there to the assumption that your eyes are probably following the mouse cursor around to some degree or another.

0
0
Bronze badge
FAIL

Lies, damned lies and metrics

I love, if companies optimise their strategies on random data gathered secretly.

That way Microsoft found out that no one really wants the start button and everyone just loves to memorise and type in the program name, instead.

How about asking your users about their opinion instead? What you can't trust these lying bastards? Well then...

18
0

Re: Lies, damned lies and metrics

You can't explain Microsoft away that easily.

Only MS could take research showing that people don't use the command bar in explorer and conclude that means they should put more stuff on it and make it bigger.

http://blogs.msdn.com/b/b8/archive/2011/08/29/improvements-in-windows-explorer.aspx

Nothing wrong with the data. The management interpretation on the other hand...

2
0
Anonymous Coward

Baffling

How is knowing where we park our cursors while we read a page of any interest to anyone? How are they supposed to be differentiating between "ohh this is SOOOoooooo.... tempting... shall I click... shall I click..." from "I'll just dump the cursor over the random useless crap/ad while I read the interesting stuff"?

Do some people follow the text with their cursors as they read, as children do with their fingers? Or is someone somewhere making a few quid conning the admen? Hope it's the latter! All seems terribly trivial either way... unlike this:

>Companies such as Path Intelligence track every mobile phone in a shopping centre (anonymously, as they have no access to, or – so they say – interest in customers' details) to see how long a window display grabs one's attention or the order in which shops are visited.

So how, exactly, do they do this ANONYMOUSLY. I bet the fuckers are tracking either our SIMs, MACs or IMEIs - if not all three - any of which would be as "anonymous" as our bank account numbers.

5
0

Re: Baffling

Fairly sure that SIMs, MACs and IMEIs are not exposed to JavaScript on any device... but IP address is. And if you happen to be using 3G, the relevant ISP will be able to tie it to a device and thus an owner. But if you're using Wifi, the only thing that should be exposed to the ISP in the browser should be your IP address.

0
3
Anonymous Coward

Re: Baffling

The only reason the "anonymous" bit gets to stick is that our spineless/clueless regulators and representatives either say nothing or don't get it. Everyone else knows its crap.

4
0
Anonymous Coward

Re: Baffling

Pete, why would these things need to be exposed to JS? Wouldn't "Path Intelligence" be tracking *every* mobile device by sniffing & tracking radio signals?

0
0
(Written by Reg staff)

Re: Baffling

Path Intelligence is a very interesting company. They track phones by their TMSI, a random number temporarily allocated by the network operator to avoid using the (identifiable) IMEI.

The operator can match TMSI to IMEI, and IMEI to MSISDN, and MSISDN to customer, but Path Intelligence has none of that information:

http://www.theregister.co.uk/2008/05/20/tracking_phones/

2
0

Re: Baffling

Because we're talking about visiting websites and tracking where people are moving their mice on said websites... which means JavaScript...

0
1

Re: Baffling

within the UK "anonymous" usually means that the organisation can't identify you as a specific individual from the information it collected plus other information it may hold (or may reasonably expect to acquire) - this is the DPA definition of personal data. I think this may also have now been broadened to allow the concept of reasonable effort (i.e. if you could identify someone but it would require 10,000 hours to go though boxed files then they are still considered anonymous)

This doenst mean that the information will continue to be anonymous if accessed by someone else with better access to more information.

An example would be an IP address - to most organisations this would probably be considered anonymous data, but clearly can be narrowed down quite a lot by law enforcement (I wont go quite as far as to say it identifies an individual due to NAT, etc...)

It gets more interesting with large scale "anonymous" tracking, as the start and end points of an individuals subjects movements can become a signature in their own right. So for example in a shopping center, if someone wanted to stalk a member of staff they could potentially isolate the "anonymous" trace that always entered from a particular car park, at a particular time of day and ended up in a particular shop.

1
1
Anonymous Coward

Re: Baffling

The little "Path Intelligence" aside isn't about websites.

Thanks for the info & link Bill... What a refreshingly scrupulous data mining outfit. I'd imagine secretly harvesting persistent/identity data would deliver them an absolute goldmine of commercial opportunity. Glad they're *only* secretly harvesting our temporary numbers. :-|

0
0
Anonymous Coward

Re: Baffling

>It gets more interesting with large scale "anonymous" tracking, as the start and end points of an individuals subjects movements can become a signature in their own right. So for example in a shopping center, if someone wanted to stalk a member of staff they could potentially isolate the "anonymous" trace that always entered from a particular car park, at a particular time of day and ended up in a particular shop.

Quite. As we're talking about shopping centres, I wouldn't imagine it'd take a great deal of effort or sophistication for a computer system to cross reference the points at which our traces pass through checkouts against till transactions. A few separate purchases in different shops and your "path", CC number and hence identity should all be neatly sewn together.

Time to go and read that 2008 article methinks.

0
0
Anonymous Coward

Re: Baffling

How is knowing where we park our cursors while we read a page of any interest to anyone? How are they supposed to be differentiating between "ohh this is SOOOoooooo.... tempting... shall I click... shall I click..." from "I'll just dump the cursor over the random useless crap/ad while I read the interesting stuff"?

We use ClickTale extensively at $JOB.

First things first, the company I work for sells information services B2B, meaning all our users are commercial users who are paying us to use the site and agree to us doing things like this.

We really don't care about specific people. What we are interested in is how our users interact with our designs. We use ClickTale to assess how effective our website designs are at engaging users, by doing 80/20 A/B testing with different designs - meaning 80% get design A, 20% get design B. We can then compare heatmaps of where the users positioned their mice, the theory being that people move their mouse over bits of the page they are interested in, and conversely, which bits of the page are wasted space or unused features.

Your example of dumping the cursor over the ad is interesting - we do look for that, and it is not useless data, as if you put the cursor over the ad, you are definitely looking at it! Score 1 hit.

We use click maps to see where people are leaving pages from. Are most people interested in the insight, or the statistics.

All of this is designed for us to be able to better anticipate the needs of our users. If we can do that, we can enhance their ability to get at our data. If they are using more of our data, then as a data service we become more essential, and it gets harder to cancel our contracts, which makes renewals easier. Easier renewals equates to a more stable and successful business.

I'd imagine Sky are doing the same, they want to improve the usability and success rate of their online help, so that more users require no human intervention (and hence $$$).

ClickTale is a pain to implement btw, it duplicates requests that clients make to your servers so they can draw the page on their end (in order to determine what a particular x,y location reported from a client actually corresponds to), so effectively you double your requests and confuse your existing logging.

2
2
Silver badge
Facepalm

Re: Baffling

Have you never used the internet?

I actually move the cursor AWAY from what I am reading, because it blocks what I am reading!

The only time my cursor is where I am looking is if I am selecting something otherwise I move it away....

I get that this data might be useful, and why you want to track users flow etc... I dabble in a bit of website design myself.. But in reality, the decision is never made by a techie, or the designer, its always the client with no clue as to what works and what doesn't.....

3
0
Anonymous Coward

Re: Baffling

I actually move the cursor AWAY from what I am reading, because it blocks what I am reading!

The only time my cursor is where I am looking is if I am selecting something otherwise I move it away

Who said anything about reading? People look at the cursor, it moves according to their movement and the eye is drawn to it, and therefore it is an accurate representation of how most users browse a site and what they are looking at as they do so.

But in reality, the decision is never made by a techie, or the designer, its always the client with no clue as to what works and what doesn't

Maybe where you work.

Using this sort of tracking whilst redesigning our websites has empirically made our data more accessible to our clients, users spend more time looking at more data on our sites and renewal rates increase. WFM

0
0

Re: Baffling

"So how, exactly, do they do this ANONYMOUSLY. I bet the fuckers are tracking either our SIMs, MACs or IMEIs - if not all three - any of which would be as "anonymous" as our bank account numbers."

One or more of the above I'd imagine. And yes. They are as anonymous as our bank account numbers..... if not actually looked up.

Because they are just non descriptive randomly assigned numbers. Totally anonymous until looked up. If they don't look them up, you are just this number that came into the shop at this time, and took this route around the aisles. You are a time stamped squiggle on a screen. Not a person. And for their purpose, that is plenty of information.

If instead, they approached you , and asked you to carry a radio beacon around while you shop, and hand it to a member of staff before going through the checkout, would that make you happy?

How about if they offered you a quid off your shop voucher. Given to you when you hand in the transmitter?

Being able to identify someone with a specific number the next time they come in is not breaking anonymity either. Because they do not have your name and address tied to it. Or even what you bought. Only a nondescript number. . And as the shop has more than one customer, watching a specific one is not much use to them. They actually want anonymous yet individually tracked while in store mass data.

Your data is useless to them.

Everybody's data in aggregate, while in store is incredibly useful.

This is good data capture. And it is for your benefit too.

AC 12:29 hung out a questionably long time alone by the feminine hygiene department, is not the same as (your name) hung out a long time by the feminine hygiene department, and as you are a single man, perhaps someone might be well advised to call security.

You were talking on your phone.. Right? Perfectly innocent.That is not what they are after.

For sales analysis, your data alone is not much use. Nobody cares what you buy, what order you buy things, or how many times you lap the store.

47% of customers on a Tuesday spent 10 seconds longer at the fruit and veg section in front of that day's promotion means that this kind of promotion might be better targeted at Tuesday customers than Saturday customers.

32% of all customers spent 20 seconds more time at the meat pie promotion than at the low fat yoghurt promotion..

This is useful data.

This helps to indicate what promotions move most product. They care about that.

They do not care about tracking you personally, and handing your information over to the police or NSA to profile you. That is what loyalty cards are for.

This shows which products need to be ordered in larger amounts on certain days, and which ones can be cut down.

This shows which products need more prominent display space, and which ones can be carried, but can be on the bottom shelf at the corner

This means you are less likely to go to Tesco on Friday evening and find them out of that hand lotion you like. They really don't care that a single guy buys so much of it.

0
4

Re: Baffling

TMSI is part of the SIM, not the I Mobile Equipment Id. It's only ever supposed to be sent when your device connects to a network it's never seen before. this would imply this company are operating picocells in shopping centres.

1
0
Anonymous Coward

Re: Baffling

"...And it is for your benefit too."

Perhaps it is, perhaps not. But whether something that affects or involves us is a "benefit" is usually a decision we take ourselves. As with much of the tracking that goes on now, we are often being deliberately kept in the dark and given no choice as to participation. With loyalty cards for example there is a more clear cut transaction that we have to actively choose that may have some benefits that are worthwhile for us. Being tracked round a shop gives no direct palpable benefit and not active choice, and with a shopping centre as a whole the benefit to the individual is completely obscure. It's easy to "it's private property and blah blah blah...", but that is just a convenient, soft cop out.

If businesses keep on staying on the creepy side of the line and pulling the wool over the publics eyes, while avoiding public debate, there will certainly be a backlash in which arguments about hand cream availability will carry little weight.

1
0
Anonymous Coward

Re: Baffling

"This shows which products need to be ordered in larger amounts on certain days, and which ones can be cut down."

No it doesn't.

2
0
Bronze badge
WTF?

Re: Baffling

I find it amusing someone would think that just because I'm aware a certain area of a page is an ad (and _possibly_ I may or may not have _looked_ at it for a fraction of a second) I must have actually _seen_ it. Not even close, sorry. As I'd assume most people who browsed the net for more than a week, by now I've developed quite astonishingly effective mental filters against anything I perceive as an ad. I just have no idea what's there, my mind is actively avoiding looking at any of that stuff. If you find that hard to believe, do please tell me you actually _see_ everything going on before your eyes every day, 24/7 (please don't even try going the subliminal route...)

1
0
Anonymous Coward

They would say that

"...it doesn't think it's doing anything wrong"

Given the Murdoch estate's usual line in atrocities, I suppose casually invading customers privacy seems like small beer scarcely worthy of note if there's a shekel or two to be made.

What worries me is the danger is that we all become so inured to this endless pisstaking that the problem just ceases to be seen as a problem, or far worse, is seen as a reasonable exchange. More anger, less resignation would be good.

5
0

If only they asked first

For validating (and improving) decent page layout, following user mouse positions (or even just button presses) to determine what paths users actually use and trying to minimise the required mouse-movement for most users is an old technique. But please ask first!

0
0
Anonymous Coward

Re: If only they asked first

keyboard input to a form / text entered though? what if you're entering personal information? even though as a customer they would store those details already, surely?

0
0
Silver badge

Usefulness of the results?

I have a hunch that the resultant data is pretty useless all in all. However some marketing agency has convinced their client that this is extremely useful information and will now generate a bunch of bullshit reports to justify exactly that.

Then they will make reccommndations based on those reports based on that meaningless data.

Then they will charge for those changes based on those reccommndations based on those reports based on that meaningless data.

It's possible to have data at too low a level to be useful. A city map of London with actual tube routes, sewerage tunnels, gas mains, etc doesn't add much for the pilot wanting to land at Heathrow. I think in this case it is CEO's being told they need 'big data' crystal balls. And being sold a load of balls.

8
0

Re: Usefulness of the results?

There are times it might work.

For example, there's a site I visit from time to time, called theregister, where I have to click multiple times in identical locations in order to up-vote or down-vote a comment.

I'm sure a very brief analysis of site usage patterns would reveal the flaw in that design, and help them to get it sorted into a more user-friendly design.

5
0
Bronze badge
Devil

Re: Usefulness of the results?

I agree; for example they could assess the data, block your account and save me the trouble of having to click the downvote button at all!

0
3

Re: Usefulness of the results?

Agree the current voting system could be better. Even the daily fail can manage a system that doesn't involve leaving the page.

1
0
Thumb Up

Re: Usefulness of the results?

Do you know why El Reg's system is better than The Fail?

I can use the vote system without enabling JavaScript.

4
0
Anonymous Coward

Re: Vote system

I appreciate your preference for being able to use the site without enabling script.

How about there is a script on top of the current system, so that it continues to work as at present for the more cautious, but can be more convenient for those comfortable with / not bothered by script?

2
0
Silver badge

Could be beneficial or harmful

I expect most sites would use this information to optimize their site so people find the information they want, or the service they want to subscribe to instead of bothering them with telephone support calls.

Though on the flip side, I suppose they could use it for evil purposes too. Quite a few websites bury telephone numbers and privacy options they DON'T want people to touch in places that they wouldn't expect to find them. So they use mouse travel and clicks to put these things in the most inconvenient places and measure the time for people to find them.

1
0

Seriously, what's the problem

Ok, you can dispute how useful this information is but why would it possibly be news? Website owners like to know how their sites are being used. Of course they'd also like to know what you ate for breakfast as well but they don't have access to that, all they know is how their own sites are being used. This is (should be) standard practice in GUI development, web or otherwise.

2
1
Silver badge

Re: Seriously, what's the problem

What's wrong is that vendors and website operators think its ok to do unexpected things: it appears they are just offering a shop-window but it turns out they are using (or rather being used by) 3rd parties who snarffle far more information about you than you thought you were giving.

Its a bit like free phone ereader apps which pick up all your address book contacts and ask for global internet access and access to your phone state. One too-fast click-through and its all over.

Go-go noscript!

I think if I were Nokia/MS, I'd forgo all those free apps and google apps in my store and offer a resource restricter were resources (including URLs and files) are blocked by default and user-allowed.

Tracking gui usage is fine for gui development - but it should stick to being used in development, not in prod.

3
0

Re: Seriously, what's the problem

It was called Symbian.

0
0
Anonymous Coward

Re: "being used in development, not in prod"

Everything's in eternal-beta now, haven't you heard?

0
0
Bronze badge

There's a reason

why NoScript is so popular. It turns out that there's too many sites which just can't be trusted.

Just personally, I don't give a rats if they want to track my every mouse wiggle. I do however resent these tosspots using my bandwidth to do it. If they want to pay my ISP's bill, they're welcome to it. Id even go so far as to write some JS to send them realistic looking mouse movements 24/7 in as many Firefox tabs as my machine's memory will support.

12
0
Anonymous Coward

Re: There's a reason

I do however resent these tosspots using my bandwidth to do it

How does that work then? You're minding your own business, consuming someone else's website, and then those fuckers try and track you. I'd demand your money back pal.

0
2
WTF?

"the ability to track one's eyes (to see which advert is being viewed) is already available and slipping into mainstream products"

Would someone in the know explain how this works, seeing as I only ever enable my webcam when using Skype to call family? What mainstream products? How do they track my eye movements without access to my webcam? This sounds very much like a non-researched sweeping statement...

0
0

Smartphones

Smartphones - they are actually already pretty mainstream, you probably know several people with one of them. I've got one on my desk.

Anyway, the newest ones already have this technology, as discussed, for example on theregister:

http://www.theregister.co.uk/2013/03/15/lg_eye_tracking/

0
0
Silver badge
Flame

"Perhaps we should be working out how much we're prepared to share before we start sharing it"

That boat has sailed, my good sir, and the answer is that, for the general, non-technical population, we don't give a rat's ass about it.

That's why the general unwashed post their private life (or their excuse for it) on their "walls" and can think of nothing more important on holidays than the next time they can connect to post some more drivel on Twitter.

Meanwhile, the more intelligent, privacy-conscious people will be banning ad servers, locking down scripts where they see no interest, and generally throwing all sorts of spanners in the intricate surveillance clockwork of the admen.

Because let us not forget one thing : the NSA would be a pipe dream today if Google and Co hadn't done the groundwork for it.

2
0
Anonymous Coward

Re: "Perhaps we should be working out how much we're prepared to share before we start sharing it"

"That boat has sailed..."

Perhaps not. When politicians see a problem of this sort (turning the masses against tracking), they do what comes naturally and fire up the spin machine to turn lies and heresay into cast iron facts to repeat on Newsnight ad nauseum. I still wake up in a cold sweat from time to time seeing Hazel Blears rodent like visage saying either "hard working families" or "five a day" so it must have some (horrific really) effect. I digress; those opposed to tracking merely need to do the same, and use the existing tools of mass hysteria to their advantage; if you can persuade the Daily Mail, Daily Star, Telegraph etc that mouse tracking or exposure to behavioural targeted ads turns female tennis coaches into predatory paedophile lesbians or people with facial hair into card carrying funders of the Surbiton chapter of Boko Haram, your jobs almost done and you can sit back an watch the backlash. Plenty of University research departments seem to pimp themselves out doing dodgy drug evaluations if the fundings right, so a few scathing reports from sociology departments should be a cut price pushover for the price of a few beers and a brick lane curry. And if you can get Chris Morris on board, even a wide range of celebrity endorsements isn't out of the question.

The image of Rupert Murdoch and a group of terrified admen being pursued by an armed, baying mob screaming "death to pedoterrortrackers" would be far more pleasant to wake up to than Hazel the Horror.

1
0

Page:

This topic is closed for new posts.