Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft stops secretly tracking users' browsing habits
08-31-2011, 12:03 AM,
#1
Microsoft stops secretly tracking users' browsing habits
Quote:Microsoft stops secretly tracking users' browsing habits

by Stuart Sumner

23 Aug 2011

Microsoft has removed code from its MSN web site that tracked its users' browsing habits, even if those users intentionally deleted their cookies in order to preserve their privacy.

Mike Hintze, associate general counsel, regulatory affairs, Microsoft, announced in a blog that the firm investigated the code once it was brought to its attention by a researcher.

"According to researchers, including Jonathan Mayer at Stanford University, 'supercookies' are capable of re-creating users' cookies or other identifiers after people deleted regular cookies.

"We determined that the cookie behaviour he observed was occurring under certain circumstances as a result of older code that was used only on our own sites."

Hintze added that the company removed the code, and reassured users that the information potentially gleaned from the "older code" had not been shared with external organisations.

"We quickly disabled this code. At no time did this functionality cause Microsoft cookie identifiers or data associated with those identifiers to be shared outside of Microsoft.

"We are committed to providing choice when it comes to the collection and use of customer information, and we have no plans to develop or deploy any such 'supercookie' mechanisms."

Separately, this month researchers found that new technologies such as HTML5, a language used for presenting certain web content, are being used by sites to store cookies and track visitors' web use.

http://www.computing.co.uk/ctg/news/2103362/microsoft-stops-secretly-tracking-users-browsing-habits

Microsoft stops secretly tracking users' browsing habits? I bet they 'secretly' started again too.
Reply
08-31-2011, 03:16 AM,
#2
RE: Microsoft stops secretly tracking users' browsing habits
More on Super Cookies which are really Flash Local Shared Objects or LSOs

Private browsing modes leak data
http://concen.org/forum/showthread.php?tid=34493

It's not just Microsoft:

The LSO cookie is stored on a windows machine in C:\Users\YourNAME\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol just clear it or use a Firefox Plugin called Better Privacy to clear them. As for regular cookies you can clear those in your browser preferences/options or get a cleaning utility like CCLeaner.

Think you deleted your cookies? Think again
http://concen.org/forum/showthread.php?tid=1159
There are no others, there is only us.
http://FastTadpole.com/
Reply
08-31-2011, 07:20 PM,
#3
RE: Microsoft stops secretly tracking users' browsing habits
Cheers for the heads up on Better Privacy FT, there's one I'd not heard of!
"He that saith he abideth in him ought himself also so to walk, even as he walked." -- 1 John 2:6
"Whatever affects one directly, affects all indirectly... This is the interrelated structure of reality." -- Martin Luther King Jr.
"He that answereth a matter before he heareth it, it is folly and shame unto him." -- Proverbs 18:13
"Everyone thinks of changing the world, but no one thinks of changing himself." -- Leo Tolstoy
"To love is to be vulnerable" -- C.S Lewis

The Kingdom of God is within you! -- Luke 17:20-21

https://duckduckgo.com/
Reply
09-30-2011, 09:24 AM,
#4
RE: Microsoft stops secretly tracking users' browsing habits
In a related yet separate Microsoft covert privacy invasion. Credit goes to some good proactive stick your neck out work by Rafael Rivera. Good on him.

Quote:Developer says Microsoft lied to government about Windows Phone location tracking
By: Zach Epstein | Sep 27th, 2011 at 02:20PM

A developer has revealed evidence that Windows Phone devices collect and transmit user location data before users have given the phones permission to do so. The news follows claims Microsoft made to the United States House of Representatives stating that it does not collect or transmit any location data until a Windows Phone user opts in. Windows Phone devices clearly ask for permission regarding the collection of location data — the user must click “allow” in a pop-up dialog box seeking authorization for the camera app to collect positioning data — but it appears as though the OS doesn’t bother to wait for users to opt in before it begins transmitting location information. Read on for more.

Windows Phone developer Rafael Rivera had been skeptical about claims that Microsoft was collecting location data without permission, and he took it upon himself to investigate. Using a retail device that had been restored to factory settings, Rivera went through the setup process while monitoring data sent to and from the phone. The developer was surprised by his findings.

“According to Kamkar, launching the Camera application was enough to see the culprit behavior, so I tried it,” the developer wrote on his blog, referring to a report written by security researcher Samy Kamkar that Rivera had previously contradicted. ”After launching the app., Fiddler captured location data being sent to and from Microsoft servers, just as Kamkar’s report suggested. Uh oh!”

Rivera reports that “pin-point accurate positioning information” was collected by his Windows Phone before he gave it permission to gather such data. The culprit, it seems, is the Camera application, though the developer notes that the cause it largely irrelevant — this behavior is a direct contradiction to statements Microsoft made in a letter to the U.S. House of Representatives (emphasis added by Rivera):

[1. User Choice and Control.] Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to access to location at an application level or they can disable location collection altogether for all applications by disabling the location service feature on their phone.

[2. Observing Location Only When the User Needs It.] Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.


[1. User Choice and Control.] Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to access to location at an application level or they can disable location collection altogether for all applications by disabling the location service feature on their phone.

[2. Observing Location Only When the User Needs It.] Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.

...
http://www.bgr.com/2011/09/27/developer-says-microsoft-lied-to-government-about-windows-phone-location-tracking/

Microsoft declined to comment on Rivera’s findings but released a statement to the tune of "our objective was and is privacy" and "the data captured and stored on our location database cannot be correlated to a specific device or user" but there is a loophole in that statement could be other databases such as purchase databases or 3rd party data stores.

Dissecting Case 01438 Exhibit B, Part 2
23 Sep
2011 31 Comments

Before the BUILD conference, I dissected a thin report written by security researcher Samy Kamkar on the topic of Windows Phone and how it handles location data. With BUILD now behind us, I took a moment to test his claims on a legitimate device (Samsung Focus) acquired from my good friend Adam Maras.

Starting with Windows Phone OS 7.0.7004.0, I reset the device and tapped my way through the out-of-box experience, skipping the Live ID configuration. The states of location-sensitive features were as follows:

* Airplane mode: Off
* Wi-Fi: Off
* Bluetooth: Off
* Location: On
* Cellular: SIM error
* Find my phone: Not set up yet
* Feedback: Disabled

I then configured Wi-Fi access and immediately pointed the phone to a proxy server – in this case, my desktop running Fiddler software, which allows me to see packet details in real time. According to Kamkar, launching the Camera application was enough to see the culprit behavior, so I tried it. After launching the app., Fiddler captured location data being sent to and from Microsoft servers, just as Kamkar’s report suggested. Uh oh!

A few packets were sent, one to agps.location.live.net and several to Microsoft’s Location Inference (codenamed Orion) service hosted at inference.location.live.net. Items transmitted include (but aren’t limited to):

* OS Version (7.0.7004.WM7_7.0_Ship(mojobld).20100916-1429)
* Device Information (SAMSUNG/SGH-i917 and SAMSUNG Electronics/SAMSUNG MITs/i917UCJJ1/[digits])
* Wireless access points around me (MAC addresses, power levels)
* Various GUID-based identifiers

Quote:In response to these packets was pin-point accurate positioning information – all before I granted the Camera application access to location data. But let’s think this through – did the Camera application really receive any data? Not likely. More probable is that the Camera application woke up the Location service on the phone. A conversation like this probably occurred:

Camera app: “Hey, I need you to get ready, I’m about to request location data”.
Location service: “Sure thing, boss. While you’re busy, I’ll figure out where I am and cache the results.”
http://www.withinwindows.com/2011/09/23/dissecting-case-01438-exhibit-b-part-2/
There are no others, there is only us.
http://FastTadpole.com/
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Microsoft charges the FBI $50 for a copy of your private data, claim 'Redmond hackers 4cc 4 687 03-24-2014, 01:51 AM
Last Post: 4cc
  DHS in full scale License Plate Tracking mexika 0 347 03-07-2014, 06:09 PM
Last Post: mexika
  Obama’s DHS Activating National License Plate Tracking Database mexika 0 287 02-15-2014, 01:25 AM
Last Post: mexika
  NSA scandal delivers record numbers of internet users to DuckDuckGo bristopen 7 827 09-08-2013, 12:58 PM
Last Post: thokling
  Google, Facebook, Skype, Yahoo and AOL are all blatantly lying to their own users in mexika 0 398 06-09-2013, 12:28 AM
Last Post: mexika
  iPhone Tracks Users' Movements, Email, Photos, GPS Coordinates TriWooOx 11 5,380 04-23-2013, 05:37 PM
Last Post: FastTadpole
  Nowhere to hide: New Facebook app to track offline users – report TriWooOx 1 461 02-06-2013, 04:49 AM
Last Post: FastTadpole
  U.S. government is secretly spying on EVERYONE using civilian security cameras TriWooOx 0 515 08-13-2012, 04:20 PM
Last Post: TriWooOx
  NYPD and Microsoft launch advanced citywide surveillance system TriWooOx 2 651 08-10-2012, 12:18 AM
Last Post: h3rm35
  Laser pat-down: Invisible scanners to secretly search people TriWooOx 0 476 07-12-2012, 06:12 PM
Last Post: TriWooOx

Forum Jump:


Users browsing this thread: 1 Guest(s)