Interesting People mailing list archives
Re: PRIVACY ISSUE WITH the new White House web site? CORRECTION
From: David Farber <dave () farber net>
Date: Thu, 22 Jan 2009 10:17:07 -0500
Begin forwarded message: From: Steven Champeon <schampeo () hesketh com> Date: January 21, 2009 1:49:42 PM EST To: David Farber <dave () farber net> Cc: Karl Auerbach <karl () cavebear com>Subject: Re: [IP] PRIVACY ISSUE WITH the new White House web site? CORRECTION
For IP, if you wish. on Wed, Jan 21, 2009 at 11:38:23AM -0500, David Farber forwarded:
From: Karl Auerbach <karl () cavebear com> Date: January 21, 2009 11:09:30 AM EST
<snip>
That's a lot of stuff, much of it. Some of it obvious - such as my screen resolution, whether I've got Microsoft Silverlight. But a lot of it is opaque to me. Webtrends gets to see this, to keep it, to aggregate and cross-link it with other data, and to sell it to others, with no visible constraint from the whitehouse.gov privacy policy.
I'm not arguing with the question of whether or not it's a privacy violation or worthy of documentation for Web Trends to know your browser window size at the time of a visit to whitehouse.gov, but if you're curious about the gory details being leaked, it's all in the Javascript file used to create the string: http://www.whitehouse.gov/includes/webtrends.js dcssip: the window.location.hostname (whitehouse.gov) dcsuri: window.location.pathname (the bit after the / in the URL) dcsref: the referring URL (the URL that linked to this page) dcscfg: always set to '1', apparently WT.co_f: if you have a WebTrends cookie, this contains its id WT.vtid: also the id WT.vtvs: time since last visit WT.tz: your time zone WT.bh: the current hour WT.ul: "user language", or what your browser is set to accept WT.cd: color depth in bits WT.sr: screen resolution WT.jo: is Java enabled? WT.ti: the title of the current page WT.js: is Javascript enabled (kind of a stupid data point, really) WT.jv: javascript version supported by the browser WT.ct: connection type, if known (wireless?) WT.bs: browser viewport size WT.fv: Adobe Flash version WT.slv: Microsoft SilverLight version WT.tv: always "8.6.0", probably Web Trends script version WT.dl: always 0, not sure what this is WT.ssl: whether the site was accessed using SSL / https WT.es: full hostname and path (dcssip + dcsuri) WT.vt_f_tlh: the current time Also, if you have a query box, the script will include whatever string was in the box (presumably to correlate search terms and the sites that you navigate to subsequently). That's pretty much the *only* privacy-cringe-inducing thing I see aside from the pure aggregate information you can presumably derive from this (being able to track your visits online via advertising network cookies being a much more serious issue, IMHO). And frankly, that Javascript can access the text in the query box is more a serious security flaw in Javascript; that the White House Web developers might want to know when it's safe to use Flash or whether they should bother to use the 216-color Web-safe palette when designing their images, or what search terms are being used to find what content on the site is part of how any sane and effective Web developer operates. Yes, it should be acknowledged in the privacy policy. But I don't see, query box issue aside, what the big deal is. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/ ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- PRIVACY ISSUE WITH the new White House web site? CORRECTION David Farber (Jan 21)
- <Possible follow-ups>
- Re: PRIVACY ISSUE WITH the new White House web site? CORRECTION David Farber (Jan 21)
- Re: PRIVACY ISSUE WITH the new White House web site? CORRECTION David Farber (Jan 22)