Thursday, April 26, 2007

Watch that Code!!! Stats that Spy & other spyware.

Alright, this might be old news to some. But still it's always good to take some precautions. And be sure to junk that stats provider which surreptitiously plants tracking cookies aka spyware into your blog/site via the code. Recently, Stat Counter made news when it announced that it had rejected big bucks from advertisers who wanted to implant a spyware cookie into the Stat Counter tracking code. The shocking news was that another well known stats service provider had agreed and allows spyware cookies to be implanted into its tracking code which affects all its members' websites.

This popular stats provider, SiteMeter, has an implanted spyware cookie in its code called specificclick that 'tracks browsing activity.' Which as Laura Scott's very informative post on the same subject matter puts aptly: Such activity seems harmless enough until you realise that 'it's tracking all browsing activity, not just clicks on that site where the cookie is set. Meaning they know where you bank, what discussion forums you visit, what, ahem, other websites you might be viewing on the sly.'

Not to mention the fact that such irritating spyware cookies bog down the loading time of affected pages (with the code) and are responsible for all those irritating pop up ads that sometimes even supplant the main tabbed web page you happen to be viewing at the moment.

As Laura's testing showed, the SiteMeter code implants the specificclick cookie while thankfully StatCounter remains clean and true to its claim: one single cookie, which they use to track behaviour on your site and nowhere else. And naturally, I just had to confirm the findings for myself. It's easy, just clear your browser of all cookies and go to a site first with StatCounter, (ie this Blog) and check the cookie left behind. Sure enough, there was only one cookie left by statcounter.

A soujourn to another site with SiteMeter as the stat counter tracker (ie: jon's blog) left both the SiteMeter cookie as well as the specificclick spyware cookie behind; real life confirmation of the insidiuous nature of hidden spyware implanted into innocuous looking stat tracking code. ClustrMaps, that popular tracker that provides free code which reflects hits on a thumbnail sized global map has also publicly announced that it is free of all spyware and cookies which it guarantees. A quick self-check with the above mentioned method proved good their claim.

Which means for now, SiteMeter needs to fix its shit or it'll continue losing its members. No one likes having spyware supplied in code which they upload onto their site without knowing. Spyware cookies that are an invasion of privacy (collecting info on all your surfing habits, annoying pop up ads and slowing down page loads afflicted by such cookies,etc). Like Laura, I'm just glad I stuck with StatCounter and ClustrMaps, good clean stats without hidden shit.

SiteMeter though isn't the only site one should worry about (though as a stats service 'provider', anyone not interested in spyware would do well to stay clear of them), download/file sharing websites that allow you to download and upload files to share with friends can be just as nasty and virulent. Some like Gigasize add other spyware cookies like adbrite in addition to their own cookie which results in EXTREMELY annoying pop up ads- the kind Norton Internet Security will NOT protect you against. Trust me.

Others like TurboUpload don't implant the spyware cookies directly, it's when you click on the download link (and you're not fast enough- it's about a 3 second time frame), the resultant pop-up pages are the ones that implant the spyware cookies. Once in a while you get a particularly nasty pop-up that even tries to implant a trojan virus, usually Trojan.Anicmoo (Which Norton Internet Security DOES protect against and block/remove). And if you don't have a decent, updated Antivirus program, well you'll never really know what hit you.

Certain free host domains also pose a threat and implant spyware cookies the moment you enter the site. There are a number but a common one and the one I've personally encountered are those with websites ending with the '' domain. Example: Again the adbrite spyware cookie is implanted by the domain host and we all know what happens from there onwards. Slow page loads, irritating pop up ads and that terrible invasion of privacy.

Unfortunately, short of not using the code (ie: SiteMeter) and not visiting suspect websites, there is not much one can really do to prevent such spyware cookies as once you visit a page with the implanted spyware cookie, you'll be hit. And in SiteMeter's case, it's often hard/impossible to know if a website has the said stat tracker embedded especially if it's invisible. One solution which only works for blogs is to subscribe to the rss feed which is then free from cookies but it also means you lose out on the miscellaneous stuff like tagboards and music playlists.

Cultivating the habit of clearing ones internet cache of cookies and Temporary Internet files is still the best defense. (At least once a week, I'd recommend every other day but that's just me.) For IE users, it's found under Options in your Tools drag down bar. And soon you'll realise how much more enjoyable surfing the net is; minus irritating pop up ads, slow page loads and with that peace of mind that what you're surfing remains private.
Hope this helps, happy surfing!


Anonymous said...

Interesting info. Though I usually refer to Norton as malware too.
Nice job on your blog btw.


Aelgtoer said...

Yeah Norton can be pretty intrusive sometimes but it does its job so that's enough for me. Thanks for stopping by. :)