Wednesday 8 December 2010

YouPorn Sued for Browser History Sniffing, Wired Named in Tracking Scandal | ZDNet

YouPorn Sued for Browser History Sniffing, Wired Named in Tracking Scandal

By Violet Blue | December 7, 2010, 6:47am PST

Summary

The Federal Trade Commission wants users to be able to Opt-Out for visit tracking and a new lawsuit over browser history privacy could change how content providers monitor user behavior in the future,

Blogger Info

Jason Perlow

Biography

Jason Perlow

Jason Perlow
Jason Perlow is a technologist with over two decades of experience with integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. A long-time computer enthusiast starting the age of 13 with his first Apple ][ personal computer, he began his freelance writing career starting at ZD Sm@rt Reseller in 1996 and has since authored numerous guest columns for ZDNet Enterprise and Ziff-Davis Internet. Jason was previously Senior Technology Editor for Linux Magazine, where he wrote about Open Source issues from 1999 to 2008.

In his spare time, Jason is an avid amateur chef and food writer, where his work reviewing New Jersey restaurants has appeared in The New York Times. He is also the founder of the popular food web site eGullet and blogs about restaurants and cooking at OffTheBroiler.com.

Scott Raymond

Biography

Scott Raymond

Scott Raymond
Scott Raymond has been a technologist and system administrator for over 20 years. Starting as a hobbyist in his teens, Scott quickly learned that he could translate his passion and knowledge into a full-time career. He currently works as the lead systems administrator for a neuroscience marketing company. He has written technology articles for various publications in the past and began contributing to ZDnet as a guest blogger on Jason Perlow’s Tech Broiler. Scott and Jason met in New York in the 1990s where they co-managed the New York City Palm Pilot Users’ Group with Scott’s wife Rachel.

In his spare time, Scott is a trained chef and avid bicycling enthusiast, as well as a voracious reader of historical, science and horror fiction. He is a huge fan of pop culture, with a wide range of interest in TV shows, movies and games.

Violet Blue

Biography

Violet Blue

Violet Blue
Violet Blue (tinynibbles.com, @violetblue) is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation. She is regarded as the foremost expert in the field of sex and technology, a sex-positive pundit in mainstream media (MacLife, Forbes.com, The Oprah Winfrey Show, others) and is regularly interviewed, quoted and featured prominently by major media outlets (from ABC News to the Wall Street Journal). A published feature writer and columnist, Violet also has many award-winning, best-selling books; her books are featured on Oprah's website. She was the notorious sex columnist for the San Francisco Chronicle. She headlines at conferences ranging from ETech, LeWeb and SXSW: Interactive, to Google Tech Talks at Google, Inc. The London Times named Blue one of the 40 bloggers who really count.

With YouPorn in the #61 spot for global Internet visits, you no longer need to pretend you’ve never checked it out. But do you know who’s been checking you out when you come to visit?

YouPorn now faces a lawsuit over browser sniffing. The FTC is asking lawmakers for tracking opt-out tools for surfers, and a whole bunch of big sites have been caught peeping their users’ private history. So you’d think that people would be practicing a lot more “safer surfing” precautions these days.

Back in October, an insanely sexy report was filed by UCSD researchers called An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications (.PDF). Their paper confirmed that 46 websites used browser (history) sniffing to see which sites users visited before they arrived, and noted 326 sites they deemed “suspicious” in history tracking practices.

“Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows,” the researchers wrote.

The top 46 in the browser history sniffing expose were using a browser exploit that relied on the browser telling the site which color to use for visited links, based on visitors’ history. Visit one of the 46 meant activating a script that ran to get your browser to tell them were you’d been, and visitors are none the wiser. Not surprisingly, the trail led mostly to ad networks: 22 used sniffing code from Interclick and 14 used scripts from Meaningtool.

Among the 46 noted in the study included StraightDope, OSDir.com, Newsmax, investor site Morningstar, NamePros, ESPN car racing site ESPNF1, Charter.net (a cable-television provider Charter Communications portal), and YouPorn, among others. The report especially noted that other sites, such as YouTube and Microsoft, were found to be performing covert behavior sniffing; Wired.com, PerezHilton, Technorati and TheSun.co.UK were also found to do so with TYNT.

Of all those caught spying on surfers’ histories and doing behavior tracking, none got as much attention as YouPorn – not for the adult content, but for the way they executed the exploit. The 61st most popular web site in the world (according to Alexa) ranked top in the researchers’ findings; they were really good at what they were doing… differently than the others.

Last week, the Forbes.com blog noted the report’s highlight of YouPorn who had created their own version of the Java exploit that they have since removed from the site. YouPorn’s version cloaked the data slightly by using next letter code (instead of “me.com” it would read “nf.dpn”).

Far be it for those in glass houses to hurl rocks at pornographers; it does seem a bit odd to see a porn privacy suit that is not filed by two John Does. Yet while some of us think that looking at porn is nothing to be ashamed of, some also think that tracking users without their consent isn’t hot or sexy.

YouPorn is now facing a lawsuit filed Friday: David Pitner and Jared Regan have filed a class-action lawsuit in the Central District of California against Netherlands-based Midstream Media (YouPorn) for “the use of “history sniffing” or “history hijacking” techniques to intentionally and knowingly capture personal information from unsuspecting users of its websites without their knowledge or consent.”

The Plaintiffs accuse YouPorn (and its sites) of violating the U.S. Computer Fraud and Abuse Act as well as California’s computer crime law, and that they engaged in deceptive and unfair business practices; and accuse YouPorn of unlawful and unfair competition.

Perhaps what is most interesting is that there was only one porn site among the top offenders; YouPorn. The question is, could this extend to the other top 46?

Interclick is not named in the lawsuit – nor is anyone else – and Interclick claims that the exploit was a test code that they have since stopped using. After the Wall Street Journal contacted Charter Communications about their place in the browser sniffing scandal, Charter ended their relationship with Interclick.

Could the practice of browser sniffing and behavior tracking be illegal?

Perhaps if the US had privacy laws as watchful as other countries. Sites are frothy-obsessed with gathering data in visitors; that Interclick is an ad company behind a number of sniffers in the report is no surprise. We expect this sort of thing from ad companies, who make the porn guys look like they’re late to the game.

The Federal Trade Commission is worried about privacy: they want to propose rules that would limit advertisers’ ability to track Internet users for the purpose of ad-targeting. They proposed a “Do Not Track” tool to lawmakers last week which would take the form of a browser setting that allows surfers to “opt out” of tracking, similar to the “do not call” registry. However, this may not actually block history all forms of sniffing. The nanny state is just as late to the game, it seems.

Why not just build a better browser? Browsers are generally well aware of their own privacy holes and the link color exploit has been known about for some time. The newest versions of Chrome and Safari have sniffing protection onboard, and Firefox announced they’d be taking sniffing countermeasures back in March, with full implementation set for Firefox 4.

YouPorn was not the only site in the top 46 to be running their own version of the exploit so it remains to be seen how the lawsuit will shake out.

What do you think: should sniffing and covert tracking be illegal? Does the FTC know what it’s doing? Talk back in the comments and tell me what you think.

Update: Ars Technica reports that in light of the YouPorn and FTC news, Internet Explorer 9 Gets A New Anti-Tracking Privacy Feature.

Image via Chicago Tribune.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Violet Blue is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation.

Disclosure

Violet Blue

I am currently freelancing part-time (only) for ReadWriteWeb for their general news blog and their Start (startup tools) channel; this was made in agreement that I would not write about anything that might conflict subjects in my blog (no sex content). I'm under contract to publisher Cleis Press for editing three more books (only) with the topics of women's/couples' erotica. I have been writing and editing books for Cleis Press for ten years on the subjects of erotica and human sexuality (guidebooks). I'm not under exclusive contract anywhere/to anyone/to anything, I have no investments.

Biography

Violet Blue

Violet Blue (tinynibbles.com, @violetblue) is a Forbes Web Celeb, SF Appeal contributor, a high-profile tech personality and one of Wired's Faces of Innovation. She is regarded as the foremost expert in the field of sex and technology, a sex-positive pundit in mainstream media (MacLife, Forbes.com, The Oprah Winfrey Show, others) and is regularly interviewed, quoted and featured prominently by major media outlets (from ABC News to the Wall Street Journal). A published feature writer and columnist, Violet also has many award-winning, best-selling books; her books are featured on Oprah's website. She was the notorious sex columnist for the San Francisco Chronicle. She headlines at conferences ranging from ETech, LeWeb and SXSW: Interactive, to Google Tech Talks at Google, Inc. The London Times named Blue one of the 40 bloggers who really count.

Talkback Most Recent of 3 Talkback(s)

  • RE: YouPorn Sued for Browser History Sniffing, Wired Named in Tracking Scandal
    It's amazing that modern browsers could have such a huge privacy hole. As a software developer, I'm very aware that they can easily prevent this type of issue.

    The US needs to start cracking down on illegal internet activity like this.

    Brett Miller
    www.customsoftwarebypreston.com

    ZDNet Gravatar
    cspreston
    (Edited: 12/07/2010 05:39 PM)

  • Criminal Justice
    Study Criminal Justice to solve crimes like these search the web for "United Forensic College"
    ZDNet Gravatar
    sveinyael
    12/07/2010 10:28 PM

  • Good Luck
    With the corporate loving Republicans controlling half of Congress, good luck getting the "do not track" legislation passed. The business community is already crying the blues over why they should be able to track every move you make on the Internet. They will lobby hard against this and Republicans will be be right by their side (hand held out for the cash).
    ZDNet Gravatar
    jpr75_z
    12/08/2010 03:20 AM

Talkback - Tell Us What You Think

Also http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pdf