full disclosure

[cellio]

A discussion in another journal has caused me to realize that what seems an innocuous action to me might be objectionable to others. So, disclosure and an invitation to discuss, if you care to:

I sometimes use a sort of "web bug" in my posts so I can collect limited access data (which data LJ does not provide). I did this initially out of simple curiosity, but soon realized that I could use it to find out (without asking) which of my posts get read more (or less). While I write primarily for myself, it's worth knowing if there are certain classes of posts that my readers tend to ignore. Secondarily, this also gives me some idea of where my "secondary" (non-LJ-subscriber) readers might be coming from, which is casually interesting.

To me this seems akin to someone who hosts his own blog reviewing the server logs. To others, I'm learning, this is akin to "spying". While lj-toys does try to report which LJ users are reading what, it's far from reliable. You'll have to take my word for it that I'm not really looking at that; I've got much better things to do than to peruse logs so I can say "aha! so-and-so claims to be my friend but never reads me!".

At the bottom of this post is a one-pixel image file. (If I could use something more blatant, I would.) If you're using Firefox and the AdBlock extension, you can block that image and lj-toys will never see hits from you. If you're using some other browser, I'm afraid I don't know how you can disable it.

If you feel that what I'm doing is objectionable, I would like to understand where you're coming from (here or privately, as you like).

Comments

[metahacker.livejournal.com]

As robertdfeinman points out, AdBlock actually doesn't block the request for the image (which would tip off advertisers that we were blocking their ads); it just doesn't show it in the web browser. So my instructions are wrong, and you'll have to use some other means to avoid lj-toys.

This does explain why lj-toys was seeing my own hits. ;)

Meh

[rob-of-unspace.livejournal.com]

Of course, I host my own blog and can see the raw server files and have several trackers as well.

Question -- when I pull up my friends page, do I show as having read your entries?

the internet is scary

[brokengoose.livejournal.com]

I think that it comes down to how well the technology is understood.

Every few years, somebody discovers that webservers keep logs and web browsers leak a whole lot of information. They panic and get all of the other non-technical and semi-technical people into a panic, as well.

Meanwhile, the people who understand the technology already know how much information is being leaked. They've decided that it's a worthwhile trade-off, or they've taken steps to make it a worthwhile trade off (via NoScript, turning off images, etc.)

Tomorrow's big story: it's trivially easy to forge email. Also, that nice man in Nigeria doesn't really want to give you ten million dollars.

(http://www.danasoft.com)
(http://www.danasoft.com)

Re: Meh

[cellio]

(checks) Yup, there's a hit for you for this entry. Actually, lj-toys is confident that you read this via your friends page, but is guessing that you are the user who hit the post page a minute later (in posting that comment). I don't know what that means.

[cellio]

Thanks for pointing that out. I haven't bothered trying to ad-block it, so I hadn't noticed that it didn't actually work.

IIRC, LJ has a configuration option somewhere to not automatically load off-site images (you have to click on them). That sounds like a hassle to me, but others might feel differently.

Re: the internet is scary

[cellio]

Yup. If I were worried about things like this, I would at least send my traffic through an anonymizer. I think that's too much trouble (and not likely to work in all cases anyway); I've decided I can live with the current lack of privacy, and behave accordingly.

Thanks for posting those images; I've seen such things before but didn't know where to find one.

[giddysinger.livejournal.com]

For what it's worth, I could care less about whether you have a way of tracking whether I personally view your posts. I think it's fairly self-evident that if you are on my friends list it is because I want to read your entries, which makes it a fairly trivial datum. (Not to mention that I comment frequently enough that it's pretty obvious that I read.) If I didn't have an LJ account (or is that _a_ LJ account?) or if you had an account over on Blogspot or some such, you would see that you have a reader from Silver Spring, MD with VzDSL -- you might then put the clues together and figure out that it was either me or Teh Geek. Either way, I just can't bring myself to view any of this as some kind of invasion of privacy.

[ealdthryth.livejournal.com]

As a librarian and information junkie, I struggle daily with issues like this. Personally, what you describe is no big deal to me and doesn't bother me. When I was on Diaryland, they offered a feature that let you do something similar. I thought it was cool.

[indigodove.livejournal.com]

For what it's worth, I am unbothered :-)

Re: the internet is scary

[browngirl.livejournal.com]

That is one scarily accurate sign being held by that little troll. How freaked out should I be that his sign isn't blank, or is that a discussion for another place and time?

[grouchyoldcoot.livejournal.com]

Ooh, cool trick!

[tashabear.livejournal.com]

I knew you were doing this. I have my friends page set to block all images (except for user icons) -- even your 1 pixel image showed up with a placeholder. ;-)

Re: the internet is scary

[dglenn.livejournal.com]

How freaked out you should be is inversely proportional to how much you know about how a) the Internet in general and b) the Web in particular work. ;-) I can put my thumb on the scale for you:

I haven't checked how that gizmo wors, but if I wanted to create something like that from scratch, I'd have a URL that looks like it's for a static image file, that my web server would actually treat as a CGI-ish script to create the image on the fly (using ImageMagick for example) based mostly on information in the HTTP GET request that your browser sends in order to load any web page, image, or other web-object from any web server. The OS and browser will (IIRC) be in there unless you've instructed your browser to lie (see whether there's an "identify as some other browser" setting in the preferences section, change that, and reload this page to see whether that makes the sign change). Unless you use an anonymizer like The Onion Router, or are behind a NAT router, your IP address has to be on the IP packet that contained the HTTP GET request. And the script can make a pretty good guess who your ISP is by looking at the last few machines listed by a 'traceroute' back to your IP address (there may be an even more reliable way to do this, by looking up whom the address block containing your address is assigned to -- I've never researched that).

So the first sign is all stuff that a) has to be present for the Internet to wor, b) is expected to be present the way the Web works (but you can falsify), or c) is trivially extracted from (a) -- if you have access to a Unix/Linux shell (if you're on a Mac then you do), or have Cygwin installed on a Windows machine, type "traceroute 208.74.33.11" for an example of how that could work.

The second sign, the geolocation one, uses a technique invented (I think) by the porn industry and since adopted by ... damn near everyone trying to use the Internet for advertising or direct sales, AFAICT. I don't know the details of how it works, but the basic algorithm should be Googleable. More importantly, I do know that it's ubiquitous, just not usually waved in your face like that. If you're on a site with a nationwide or worldwide audience, and you keep seeing ads for business near you or targeted to your area or for your local television stations, the site (or the advertisers paying the site to display their ads) are using this technique. If you hit the web site of a multinational corporation headquartered overseas and what shows up is the division that serves your country / your language, that could just be luck but often it's this IP geolocation trick again.

So yeah, this information (and more) being accessible to web servers is ordinary; the only thing spooky is having it waved in your face in a way that makes it look like some sort of magic trick. (The psychology of that is rather powerful, as you've noticed. It even effects some of us who know how it works, for a second or two.)

Re: the internet is scary

[dglenn.livejournal.com]

Note there's also at least one site where, if you visit it, it can run a quick-and-dirty security test of your system by "portscanning" your computer. The one I know about is explicit and polite (there's a "yes, I do want you to do that" step); although I have no reason to believe it's common, it would be possible for some other site to do so without telling you.


If, for reasons good bad or mysterious, you wish to avoid having the web sites you visit be able to track your IP address, using something like The Onion Router, or possibly a proxy server with a huge user base (AOL still proxies, right?). TOR is a cooperative network of computers set up so that a user's packets get shuffled between a few different TOR-participating computers on a random path, with the "envelope" modified, so that to web sites or sniffers your packets look like the originated from the last TOR host they went through, thus distorting web server logs a bit.

[dsrtao]

AdBlock FAQ:

What's the difference between "hide" and "remove"?
"Hide" preserves a page's layout -- content being downloaded, but not visibly rendered.
.
"Remove" collapses the layout -- no content is downloaded.

[alaricmacconnal.livejournal.com]

I'm using Opera 9.51 and blocked content from this site:

http://cellio.icons.ljtoys.org.uk

Did you get the hit? FWIW, I don't object to this, more curious if I could choose to block using my browser.

When I chose to show no images, your 1x1 pixel showed up as 'lj-bug'. Once I blocked the site, it didn't show up at all.

[cellio]

LJ says you posted this comment at 11:23 (GMT). LJ-toys shows hits from you at 11:26 and 11:27 (presumably one when you clicked through and one when LJ refreshed with your comment posted). The difference of a few minutes could be explained by clock skew, since I assume not everyone uses a centralized time service. :-)

BTW, I just added that alt text when I realized that (1) the boilerplate the site gave me didn't have it and (2) it could be useful in helping people locate the thing to ad-block it. (AdBlock can also offer suggestions, so that's not strictly necessary.) My previous uses of it -- and presumably most other people's use of it -- won't have that.

[cellio]

Yup. Which is one reason that trying to be sneaky wouldn't work (you're not the first person to point it out to me). Fortunately, I'm not trying to be sneaky. :-)

[rectangularcat]

Heh, I probably show up as Vancouver when I am at work since I am using VPN to connect. Not always accurate. I wish I were in Vancouver.

Re: the internet is scary

[browngirl.livejournal.com]

You have educated me today. :) Thank you.

[nickjong.livejournal.com]

Interesting. That explains the icon I see at the end of your posts. I have LiveJournal set not to display most images in my friends page. Too often someone posts a big image that screws up the formatting in the style I'm using.

(I don't mind the practice in question, although doesn't it only detect whether your post is being read by my web browser, not by my eyes?)

[http://users.livejournal.com/merle_/]

I wondered, too, but I normally surf with all images off. In Opera it's just one keystroke. (I leave them on in Safari, but, well, there's no easy way to toggle)

[dvarin.livejournal.com]

Oh, hey, maybe that's why it never shows up for me. I can't seem to find the option though.

query

[chaos-wrangler.livejournal.com]

(How) can you tell the difference between my quickly scrolling past your entry and actually stopping to read it? It shows up as part of my FL, so unless I click on a cut-tag or the link to comments, I don't actually interact with your entry specifically.

Re: query

[cellio]

Yes, that's true. I don't pay attention to the hits that come via a friends page for that reason; it's the ones where people did click through cuts (or to comments) that I look at. Granted, there is still a difference between skipping an f-list entry and reading every word intently (sans comments); unless I wanted to use a cut in every entry, I can't do anything about that. The data is far from perfect, but I'm using it as a, not the, source of feedback.

[cellio]

Yeah, if you were interested enough to click through a cut (or on a comments link) but then didn't bother to read it, I can't detect that. :-) As for hits from your friends page, there's no way to tell whether you read or skipped, so I don't pay attention to those. I'm only looking at the hits on individual posts (and tags). The system is imperfect. :-)

[zare-k.livejournal.com]

Huh. It never occured to me that this would be an issue. I don't do tracking bugs on each post like you, but I do host my own images partly because it gives me some insight into where my readers come from. Of course I look at my own logs, it wouldn't occur to me not to.

[woodwindy.livejournal.com]

Wow, that's a tough one. I find myself slightly squicked at the idea of people tracking me that way, but intrigued by the notion of doing it to others, so I guess that makes me a selfish pragmatist... or maybe just hypocritical on this front? Hmmm.

At any rate, after a couple of days of flip-flopping and perusing other people's responses, I think you're perfectly within your rights to collect and examine that sort of data.

I think my qualms come from knowing that I often look at non-friended journals, and I would prefer at least the illusion of anonymity -- but I can't come up with any rational defense for that.

[gregbo.livejournal.com]

I thought about doing that, but I figured it wasn't worth the trouble, especially with people who take pains to make themselves untraceable. I have a fairly good idea of who's reading my journal among my LJ friends and some others I've picked up on other blogs, etc.

But I'm jealous because you get lots of replies for posting on topics like this, whereas I hardly get any replies. :(

Re: the internet is scary

[gregbo.livejournal.com]

Geolocation wasn't invented by the porn industry. Basically, this technology has been around as long as mappings from IP addresses to provider registration data have been publicly available.

FYI, here is a technological criticism of geolocation.