Loading Profile...
Twitter,
Facebook, or email.
kissmetrics
I read a story about kissmetrics being able to evade being blocked. Does this apply to ghostery too? Here is a link to the article: http://www.wired.com/epicenter/2011/0... What do you suggest I do?
-
Previous discussion: http://getsatisfaction.com/ghostery/t...
For what it's worth, there are sites using KissMetrics in an entirely different way than what we're used to, including:
- www.8tracks.com
- www.foodspotting.com
- sites linked from www.asmira.com
This might help explain what's going on here: http://support.kissmetrics.com/apis
As for the Wired article, my advice is to install the Flashblock extension.
Comment -
-
Hi joe, thanks for using Ghostery.
Ghostery will protect you from KISSmetrics scripts if you happen to have blocking on and have selected KISSmetrics for blocking.
As Eric pointed out, there are some other vectors that are available for tracking, and we're looking at them as well. -
-
I’m
happy
Thanks folks! And thanks for the great service you provide at ghostery. All the Best, Joe -
-
I think what Joe wanted to know and what I want to know is in regards to Etags. I can see that Ghostery is blocking Kissmetrics scripts but I don't see it blocking Etags and that is the concern here.
I can see in Proxomitron's log that Kissmetrics server sends me an etag with a unique id. Plus, Kissmetrics Privacy page thanks me for helping them! Meaning I have not enabled their third party Opt Out cookie (and would never do that as it requires third party cookies to be perpetually enabled everywhere). So, according to Kissmetrics site they are tracking me even though Ghostery is blocking the scripts.
So, I am confused as to what exactly is happening here. I have Fx4 (I am on Fx3 on a virtual machine currently because I cannot login here on Fx4) set to zero for all types of cache so I don't see how an etag can be set (plus, no Flash installed) so it must be tracking in some other way or maybe that comment I see on Kissmetrics Privacy page thanking me for allowing tracking is not really true?
I guess this is moot now as I see that Kissmetrics has revamped their tracking over the weekend and is now just using standard cookies. I no longer see etags in the headers from their server in Proxo's log. I'm not sure though why their user privacy policy continues to insist that I am being tracked when I never allowed any cookies at their site.-
Hi Mele, thanks for asking.
Ghostery will protect you from any communication KISSMetrics sends when blocking is on. When its off, or you point your browser to their site directly, Ghostery will allow the requests to occur wholesale (as in with whatever payload their servers will be sending down, including etags).
Its hard to come up with protection from etags -- its just one more technology used in the WWW stack and its very hard to determine malicious content from normal. -
-
-
-
-
Maybe someone will find a way to separate the abusive ETags from the legitimate ones. :-)
Here's the thing: this isn't new; you can find proof-of-concept code going back over ten years. And KissMetrics isn't acting alone, they just got caught with their hands in the proverbial cookie jar. Plenty of others claim bragging rights.
- http://www.patentstorm.us/application...
- http://www.patentstorm.us/application...
- http://www.patentstorm.us/application...
- http://www.patentstorm.us/application...
- http://www.patentstorm.us/application...
I worry that scammers may try to use the hysteria surrounding the Wired article as an opportunity to trick people into installing malware. :-(
-
I second that, the legitimate players, even KissMetrics, are not as bad as some of the shadier "ad networks" I've seen...
-
-
-
CHAMP
CHAMP
