Isn’t this sitemeter logging a bit too excessive?
I have just realized that sitemeter has the following data published about my visit, in a searchable and browsable format:
| Domain Name | broadband.hu ? (Hungary) | ||||||||||||||||
| IP Address | 80.98.73.# (UPC Magyarorszag Kft.) | ||||||||||||||||
| ISP | UPC Magyarorszag Kft. | ||||||||||||||||
| Location |
|
||||||||||||||||
| Language | English (U.S.) en-us |
||||||||||||||||
| Operating System | Macintosh MacOSX | ||||||||||||||||
| Browser | Firefox Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1 |
||||||||||||||||
| Javascript | version 1.5 | ||||||||||||||||
| Monitor |
|
||||||||||||||||
| Time of Visit | Feb 2 2011 12:34:19 pm | ||||||||||||||||
| Last Page View | Feb 2 2011 12:34:40 pm | ||||||||||||||||
| Visit Length | 21 seconds | ||||||||||||||||
| Page Views | 2 | ||||||||||||||||
| Referring URL | http://lesswrong.com..._meetup_is_easy%252F | ||||||||||||||||
| Search Engine | lesswrong.com | ||||||||||||||||
| Search Words | hungary | ||||||||||||||||
| Visit Entry Page | http://lesswrong.com/r/discussion/ | ||||||||||||||||
| Visit Exit Page | http://lesswrong.com...a_lw_meetup_is_easy/ | ||||||||||||||||
| Out Click | |||||||||||||||||
| Time Zone | UTC+1:00 | ||||||||||||||||
| Visitor’s Time | Feb 2 2011 9:34:19 pm | ||||||||||||||||
| Visit Number | 3,497,452 |
I am not a privacy geek, but isn’t this a bit too extensive? By the way, I am not from Etyek, Hungary, I am from Budapest, Hungary. Etyek is a very small village, so if sitemeter consistently identifies me as someone from Etyek, then it will be even easier to track my lesswrong browsing habits. It is very easy even without that.
While it doesn’t bother me personally I can certainly see why people could object to that much information being published publicly.
RequestPolicy is a Firefox addon that blocks (and whitelists with a click) all cross-site requests, such as sitemeter.com’s or google-analytics.com’s, or for that matter any funny guy who embeds terrorismandpaedophilia.com in the middle of poniesandkittens.com
If you are bothered by this sort of stuff, install it. Note, however, that it makes it quite cumbersome to visit multimedia-heavy websites for the first time, especially in conjunction with the near-mandatory NoScript.
I use Ghostery. It’s less radical than NoScript or RequestPolicy, but it knocks out most tracking scripts and ad networks, including SiteMeter, and it’s more pleasant to use.
Does this offer any functionality NoScript doesn’t? I’ve already got the latter installed, but I’d want to know if it would be a waste of time to install this as well.
https://www.requestpolicy.com/faq#faq-noscript
Just about any site you visit nowadays will be recording a substantial set of data on your visit, even if it just records the pages you visited, your IP and your browser’s id string. If it’s a problem I suggest masking your IP / changing how your browser identifies itself, rather than changing one specific site.
(Personally I find it interesting, if not demonstrably useful to know where less wrong readers are coming from. Of course you could view this using only aggregate stats.)
I think I wasn’t clear enough. I maintain several webservices. I perfectly understand that lesswrong collecting such data about me is normal. But I am not happy that sitemeter publishes the whole stuff in a non-aggregated form, for everyone to see in real time. Do you suggest that this is usual, too?
Searchable my behind! I looked into what it would take to use this to, for example, unmask Clippy, and it was less usable than the marginal next-best strategy.
I think you are more interested in avoiding the unmasking.
Anyway, you are right that sitemeter is not very convenient for this task, but the data is there. And unmasking is not the only possible application. Right now, it is publishing the fact that I looked at Quirrell’s and JoshuaZ’s user profile. And I might have just figured out Eliezer’s current IP address. (Okay, maybe it was somebody else who tried to visit Eliezer’s password-protected drafts page. Wait, is Eliezer writing a post?)
I’m curious what the marginal next best strategy is.
I’m also curious why you would be interested in promoting the unmasking of users.
Not all users, just the few I happen to be curious about. And no, I won’t say anything more about what the marginal next-best strategy is other than that I’m immune to it too, and −1 Quirrell point for asking.
This is a general problem with sitemeter. There’s no way (as I understand it) to have your sitemeter stats be openly viewable without all the details viewable also. It would be nice if it had middle setting but I’m not aware of any.
I found myself, but only by switching browser and hitting a obscure page.
Sitemeter thinks I’m in Poland. Which I suppose is on the right continent.
It took me over five minutes to identify myself on there, and I already know my own IP address.
What is this supposed to prove? It took me one minute to identify myself, without checking my IP address.
It’s not supposed to prove anything, it’s just observing that identifying individuals using this information isn’t a completely trivial task.
It is not always completely trivial to identify individual visitors? That is a very low standard.
I don’t describe it as “not completely trivial” because I think it’s some sort of laudable standard, but because you are implying that it is a completely trivial task.
Using information which in all likelihood is known to no-one else on this site but you, you’ve found a reliable method of uniquely identifying yourself. If you hadn’t published it, the amount of effort required to identify you would probably be enough of an obstacle to deter anyone with a sudden hankering to investigate your recent LW browsing history from doing so.
My original comment was observing that I’m me, I know (and probably care) more about me than anyone else in the world, including specific technical information salient for tracking myself in a web activity logging context, and it was still far from immediately apparent as to who I was. If someone else knew (or cared) enough about me to try and do the same, they’d probably have better methods available to them.
It seem like our difference is about whether to give a worst-case security analysis or a best-case security analysis. :) It is a completely trivial task for a high percentage of potential targets. Some people aren’t geolocated or are incorrectly geolocated. Some live in large cities. But a long tail of lesswrong users is almost completely identified by their geolocation.
No. The only information I used was that I am from Hungary. Nothing else. This fact about me is public here. (Obviously, nobody cares about it, but that does not make it a secret. Again, I am talking about worst-case analysis.)
I am really not monomaniac about privacy. I agree with you that it is not a big deal that somebody can be followed like that. But at least let’s realize that lesswrong is unusual in this regard, and unusual in a bad way.