Why Spyware?

[cliff_lesergent]

I tried to look at some of the reviews on 35mm equipment here on

photo.net, but I can't, unless I agree to download "Avenue A."

spyware onto my computer. Why is photo.net trying to harvest

personal information from users - and why are they trying to hide the

fact that they are doing it?

[chris_hawkins]

Pretty serious accusation. Photo.net hasn't done this sort of thing in the past and I don't think they are doing it now.

[mottershead]

I think Cliff is talking about cookies. It is stupid to label cookies as "spyware". A lot of dubious "anti-spyware" programs do so, however, probably in order to convince their owners that they are doing something. I assume Cliff has one of these programs, and is reacting to one of its "intrusion alerts" (or whatever) and that he doesn't actually know what he is talking about.

 

We have ads on this site, and the ad networks which serve the ads put cookies on your browser, which you can refuse. These cookies are used for such purposes as ensuring that you don't see more than one exposure of an ad every 24 hours. They are also used to create statistics about how many unique people have seen an ad across many sites associated with the ad network. This is one of the few advantages of web advertising.

 

We don't hide this fact. What basis do you have for the claim that we do?

 

Cookies have sometimes also been used by some ad networks to keep track of which sites associated with the ad network a particular browser has visited -- so as to select ads in which the person is likely to be interested. These are called tracking cookies, and this practice is controversial. Most famously, DoubleClick used to do this, but was obliged to stop because of legal action. The ad network with which we are associated (Tribal Fusion) does not use cookies in this manner, according to their privacy policies.

 

Spyware, on the other hand, is software which a user is duped into downloading and which transmits information about the user's computer and browsing history back to the originator. Cookies are data, not software, and it is grossly misleading to characterize cookies as "spyware".

 

Finally, if you don't want to accept the cookies, you don't have to. And where did you get the idea that you must accept the cookies in order to read the reviews?

[cliff_lesergent]

"<i>where did you get the idea that you must accept the cookies in order to read the reviews?</i><p>

 

Because I get a pop-up message that "Avenue A." is trying to load onto my computer, and it won't let me access the reviews page unless I disable my cookie-blocking software and accept it.<p>

 

And I mean these actions are hidden because of the fact that nowhere is it disclosed on photo.net that you are required to load these intrusive "cookies" in order to view pages.<p>

 

Brian, I know what cookies are, without your patronizing explanation. Some "cookies" are much more invasive than others, and gather and transmit personal information from users's computers. They are called "spyware", because they do this without the user's knowledge or consent.<P>

 

I'm disappointed that photo.net chooses to conduct these practices, but I'm even more disappointed in your insulting, evasive and misleading attempt to sweep this under the rug. But I suppose you need to justify your existence to your advertisers somehow, don't you?<p>

[cliff_lesergent]

I see the Avenue A. "cookie" has now been disabled on the 35mm reviews page... probably just a coincidence - right, Brian? ;-)

[phule]

<em> it won't let me access the reviews page unless I disable my cookie-blocking software and accept it.</em>

<p>

That's a load, Cliff. I block all 3rd party cookies and have never had a problem accessing any pages on photo.net.

[andrew_buzzell]

You appear less curious about this issue than you do hostile.

 

As has been mentioned, it is possible that detection software on your system is objecting to an otherwise harmless cookie.

 

Another possibility is that you have a browser hijack. I've had a few, and among other things, they can rewrite URLS from other sites, making, for instance, links in photo.net turn into blind links to porn sites. Turned out, it was latching onto the word photo to activitate itself, hence, it only did this on photo.net. I sure would have looked foolish if I had accused photo.net of being hacked, or doing this with intent.

 

That said, you can find out more about Avenue A here:

 

http://www.atlasdmt.com/privacy/opting.asp?cookieStatus=noCookie

 

Browser exploits here:

 

http://security.kolla.de/

[mottershead]

As I said, the cookies come from the servers that serve the ads. photo.net does not serve most of the ads directly; we are a member of the Tribal Fusion ad network, and while we have the ability to block ads from certain domains, and have done so in the past, we don't have a fine level control over the ads that are served. I have not changed the ad blocking settings in several weeks, never mind in the past few hours to somehow conduct a cover-up of "Avenue A" cookies.

 

As for your comment about me being condescending. You made an allegation against photo.net that the cookies it was causing to be sent to your browsers are "spyware". This was no more than an unsubstantiated claim on your part. I assumed that you are not a moron, only misinformed, and that an explanation would suffice. Apparently, I should have gone with the moron theory.

 

And as far as not being able to access reviews without accepting cookies, the only way that I can think of where that could happen is that without the cookie the ad server doesn't know that you have already seen the ad, and may be displaying it to you again. If this is right, the ad servers don't send us very many ads anyway, and it is fairly unlikely that even a person blocking cookies would get the same ad more than a couple of times. Of course, if you weren't so paranoid, you could just accept the damn cookie, so that the ad server can do what it is supposed to do. Certainly, there is no code on photo.net that is saying "only show the reviews to people who have accepted such-and-such cookie".

 

Finally, if you think we are dishonest, you are very welcome not to visit this site. Nothing compels you to do so, and we don't particularly feel like welcoming people to our site who post wild accusations against us.

[melissa_eiselein]

Brian: I respect your work on this site. I understand that you are under a lot of pressure and sometimes on the defensive. But I must say that I'm growing tired of your pointed replies to people, such as the one in this thread.

<i>"and that he doesn't actually know what he is talking about."</i>

<p>While it very well may be true, you are a person people see you as "Photo.net." I would have hoped that you would use a little more professionalism in your replies. Professionals do not attack. Flamers attack. We have enough of them on these board without having them on staff.

[mottershead]

Melissa, my entire posting history on photo.net is available for anyone to read (and for me to use to refresh my memory as to what I have written in threads.) I am surprised that you find enough "pointed replies" by me to people to have "grown tired" of them.

[WJT]

Brian, it's not my intention to gang-up on anyone in this thread. My own deeply entrenched paranoid goblin forces me to run some spyware detectors and firewalls on my systems. None, repeat none, have ever detected an instance of spyware originating from PhotoNet. However, to be fair to Cliff, one must enable cookies inorder to sign-in to PhotoNet. There is nothing hidden about this, it's mentioned in the "Trouble Sigining In?" link. I have no problem with the cookies. As I said, my paranoid goblin forces me to remove them after the session. Big deal. I also feel that Andrew may be correct in his theory that Cliff's browser has been hacked. This has happened to me, too, in the past. One last thought concerns Melissa's comment. I know for me, it is sometimes best to step away from a thorny situation for a little while to cool-off and get a fresh look. Answers appear out of nowhere after that. Regards.

[briany]

Wow.. soon this is going to become a place to discuss sightings of black CIA helicopters. Cliff provided Zero useful information (such as the url he was accessing, url of the add, cookie data trying to be sent, etc) and made a sweeping accusation. Spyware is a combination of spy and software, in case you were wondering, Cliff. Cookies aren't software. They can't see Anything on your computer. And if you've blocked all third party cookies, Cliff and Walter, there's no possible way they can be construed as spy-anything. Brian's post was spot-on, and if the reality is too harsh for someone, Melissa shouldn't read it. If you block all thrid party cookies, you will be fine.

 

Walter, and Cliff, and anyone interested in cookie security, I've included an explanation of how DoubleClick collected information. This is the ONLY way that cookies can contribute to building information on a user, and if you disable third party cookies, this is prevented.

 

A cookie can be sent with any web request, whether for a web page or an image on a page. I go to ebay, and ebay has an ad from DoubleClick. My browser requests the ad from DoubleClick, and the picture has the URL doubleclick.com/sendpicture.cgi?sitefrom=ebay. DoubleClick sees where this is from and sends the ad. Along with the picture they send a "set-cookie" request for "userid=1234567 expires=never" My browser stores: "site=doubleclick userid=1234567 expires=never." And doubleclick stores: "userid=1234567 site1=ebay" Note the my browser will ONLY send that cookie data back to doubleclick. In these instances, doubleclick is the Third Party because it's Not the website I'm viewing (ebay) but only where I'm getting an ad picture from. Now say I go to Amazon.com, and they also use doubleclick for ads. My broswer requests the webpage from amazon.com, and sees that the picture is located at "doubleclick.com/sendpicture.cgi?sitefrom=amazon" then requests the ad from doubleclick. Because of the nature of cookies, my browser sends the cookie data when it asks doubleclick for the ad: "cookie-data userid=1234567 GET sendpicture.cgi?sitefrom=amazon.com" DoubleClick says, ah-ha, I've seen this guy before. It looks up user 1234567 in its database, and sees that the last site I went to was Ebay. It now ads amazon to its list of sites I've visited, and decides that since I'm interested in auctions, I'm a good person to see an ad for the book "How to Start an Auction Business," and it sends me that picture.

 

Note that even in this scenario its just a list of sites associated with a random ID. Any real breach of your security could Only be initiated by some sleazy site that had your personal data, such as by including in the ad's URL your name, home address, etc rather than just what site you're visiting. Until some site You give your data to is disreputable enough to link it to a user-id for doubleclick, it's totally anonymous.

 

It can all be a bit confusing, but just realize that anti-"spyware" vendors have a profit motive too which is furthered by their scaring you perhaps a bit more than is necessary. Wrt cookies, just turn off third party cookies and don't worry about it. But for godsakes, claiming that photo.net is trying to harvest personal information and hide it is a load of crap.

[WJT]

Well Brian Y, my only complaint about what Brian M said was that he called someone a moron in this thread. This is also what Melissa was objecting to. Essentially, Brian M, whether he likes it or not, is now a public figure, much in the same way that a politican is. It will not do PhotoNet any good for it's leadership to insult potential subscribers. And, as I tried to say in my previous post, I could care less about the cookies from this site. Now, on the other hand, about those CIA helicopters...hmmmm.

[briany]

Walter, perhaps:<br>

Dear Mr. LeSergent,<br>

Thank you for bringing your concern to our attention. While we make every effort that both our site and our advertisers' safegaurd our users' privacy, our team will immediately investigate this matter. If possible, we suggest that you disable all third party cookies to prevent any misuse of your personal information as you browse the internet. Neither photo.net nor its advertisers engage in any information harvesting and we find the practice objectionable. Our users' satisfaction is our number one concern, and if there is any way that I could be of additional service, please contact me.<BR>

Sincerely,<BR>

Brian M<BR>

Photo.net customer service team member<br>

<br>

Barf. I much prefer the original response. Even if one day it's directed at me.<br>

Now if you're interested in the helicopters, you wouldn't Believe what they do to our drinking water...

[WJT]

I won't respond to this thread any more. You are correct in everything that you have said above. You are wise beyond all others. I apologize to Brian Mottershead for what I thought was a polite rebuke to his comments and for having supported the viewpoint Melissa had shared. I will now smash my lenses into smithereens and cut my eyes out with the broken shardes. Have a nice day.

[briany]

Walter, don't get in a huff.. I didn't mean to offend you. It was said in jest.. perhaps I didn't convey the tone very well in writing, and I'm sorry about that. I'm sure that there's some happy middle ground between my satirical post and Brian M's post, but it's hard for me to muster much sympathy for someone who posts to the forum ignorantly casting aspersions about the site and gets eviscerated in turn. If Cliff had said, "I am having difficulty accessing xyz and am concerned about privacy. Is photo.net harvesting personal information?" and Brian M wrote a rude response, then perhaps I too would object.

[melissa_eiselein]

Because my time is limited and because, compared to what my research shows, I do have a life...really I do! OK, maybe not a life, but an existence at least. LOL Anyway, Brian, I didn't have time to go back a full month, but I still found some interesting comments. Here are a few of the more recent "unprofessional" replies I was alluding to:

<p><i>I can see many people looking at these photos and thinking that you tripped the shutter by mistake while you were walking down the street.</i> July 12, 2003; 07:41 A.M. Eastern

<br>Nice way to encourage newbie photographers. Why didn't you just tell him to trash his camera and take up basketweaving?

 

<P><i>..that is not on the table for discussion �.</i>June 28, 2003

<br>We can only discuss what's approved by staff? Do we need to ask in advance before we make a suggestion? (just kidding, of course)

 

<P><i>MY letter is MY letter, not YOUR letter. Get it?</i> June 30, 2003

<br>This one was downright funny as I almost imagined you stomping your feet while typing. While I don't know Anna or her friends and while I mostly agreed with PN's changes in the light of the mate-rate problems, I can't believe that you publicly discussed the supposed lawsuit on an Internet board that Google archives for eternity. That really should have been kept behind PN's private doors. What really cracks me up is that she's threatening a defamation suit and you have the "professionalism" (or perhaps a really great lawyer) to reply to other threads on the Internet with defamatory comments such as:

<br><i>he doesn't actually know what he is talking about.</i> July 23, 2003

<br>and

<br><i>I assumed that you are not a moron, only misinformed, and that an explanation would suffice. Apparently, I should have gone with the moron theory. </i>July 23, 2003

<P>Brian Y... as an FYI, I'm a newspaper reporter. I regularly come across harsh people with harsh attitudes--we have a special term for them in the news biz: F%$king A$$holes. I've learned to hold my own pretty damn well when necessary, but I'd rather it not be necessary. If I wanted to attend a photo site ruled by flamers, I'd go back to Usenet's photo boards. I come here to learn about photography and enjoy the friendship and camaraderie of other photographers on a, hopefully, professionally run site that doesn't promote antagonism...such as that which I'm exhibiting right now. :-)

<P>Well, bedtime for me. Night all... perhaps things will look brighter in the morning. Keep shooting and don't hold grudges...hold a photo newbies hand instead.

[melissa_eiselein]

Oh my gosh, did I just join the cast of Peyton Place? And to think, I'm the one who hates soap operas. Then again, maybe this is just mud wrestling. ;-)

[andrew_buzzell]

7/23/2003 8:17:41 AM, "Cliff LeSergent" <clphotos@telus.net> wrote:

 

>Yes, I'm hostile about this, and you obviously didn't read (or didn't

>understand) my posting.

>

>I was prevented from accessing a page on the photo.net site unless I agreed

>to load a cookie. That's pretty straightforward - and I don't think

>photo.net or their advertisers should be blocking members' access in this

>manner.

 

I am extremely concerned, in my work as an IT consultant, with spyware abdd browser hijacks, and deal with it on a daily basis with my clients. So, I consider myself to have at least a working knowledge of it.

 

It was my feeling that you were incorrect to call this spyware, particularly the implication the 'loading a cookie' = spyware.

 

Moreover, I have great appreciation for the services provided by the *volunteers* at photo.net, and feel your accusations against them to be misguided, misinformed, and thus innapropriate.

 

Finally, photo.net isn't 'blocking' anyone. It is software on YOUR system that is blocking it.

 

Andrew

[wind.dk]

Brian (Mottershead), I love your answers!

 

And as there is more misinformation on cookies around than about virtually anything else on the internet (and that's impressive), somewhat harsh replies seems to be the best action anyway, as cookies are one of the most essential and harmless ingredients in internet protocols to enable people to do more on the world wide web than unproductively surfing static content.

 

Indeed anti-spyware that warns against cookies by calling them spyware is simply fraudulent.

 

And Cliff, sorry to correct you, but your reply shows very clearly you do not know what cookies are. You may join the ranks of most journalists writing about such topics and politicians making laws about it, they don't either.