WebSkulker Newsletter 12/06/1999

skulk:
To lie or keep in hiding, as for some evil reason. To move or go in a mean, stealthy manner.

Monday December 6, 1999

WebSkulker Newsletter
Skulker, we have a problem

Free subscription to WebSkulker

Read & Search archived issues

Free email you@
webskulker.com

WebSkulker's BBS

WebSkulker's Rules

WebSkulker FAQ

Invite friends to subscribe

Visit home page

Submit joke
Submit web site
Submit shareware
Submit other

Email WebSkulker

Email his cat

WebSkulker ICQ #22196753

To use the links in this newsletter, you must be connected to the Internet. PC Eudora users: to see this and other html mail properly you must check the box "Use Microsoft's Viewer" in the "Viewing Mail" options.

Maybe WebSkulker isn't going to Mars

Jr. Skulker Uncle Brucie submitted two sites that we mentioned last week about the Polar Lander mission to Mars. He wrote to us this weekend saying "Never mind." Hopefully we will get better news about the lander in the next day or two. It is possible that the ship can receive commands from NASA to tell it to reorient it's antenna, switch frequencies, or whatever magic they are sometimes able to do to get a response.

For jr. skulkers in California and Oregon, we have yet another MSN rebate offer with the same wording in the fine print as the two we mentioned in the 11/23/99 and 12/3/99 issues. Please read the MSN article in those issues first for background, then look at this page about the rebate offers in the chain of Best Buy stores:
http://www.bestbuy.com/weeklyad/fineprint

Scroll down a little more than halfway to see these offers, and note the special language in both of them about California and Oregon: (1) $400 instant in-store rebate on any complete computer (including notebook); (2) $400 mail-in rebate on computer peripherals such as the purchase of any digital camera, hard drive, memory, monitor, palm-sized PC, printer or scanner. Note: we visited a Best Buy and several of the salespeople didn't know the second offer exists. Ask them to show you their latest ad brochure; you should find this offer in the fine print at the bottom of one of the pages. You need to get a rebate package that contains the CD for subscribing to MSN and the rebate forms.

This page has the location of all Best Buy stores:
http://www.bestbuy.com/locations/cgibin

Skulker want a cookie?

http://www.tiac.net/users/smiths/privacy/cookleak.htm

http://www.tiac.net/users/smiths/privacy/wbfaq.htm

WebSkulker could never understand why people were so paranoid about the subject of browser cookies. He is starting to change his mind, thanks to a BBS message he read recently and the first site above submitted by Jr. Skulker Tristan Tom. In general, WebSkulker likes cookies because a lot of web sites use them to remember your identity and the preferences you used last time you visited the site. It is kind of fun visiting a site that you had visited months earlier and forgotten all about, but the site remembers you and calls you by name, shows you your userid, information you saved last time, etc.

WebSkulker didn't consider cookies to be much of a security threat because they are stored on your machine and can only be read back by the same site that wrote them to your machine. Yes, someone looking on your hard disk could see cookies and know some of the web sites you visited, but this is nothing compared to history logs maintained by the browsers that can be used to find every site you visited, not just ones that write cookies. See the article in our 9/28/99 issue about hiding your tracks and the program you can download from http://www.fsm.nl/ward. Note that these logs are on your computer, not on an Internet server somewhere. Speaking of servers, whether a site writes cookies or not, its server keeps logs showing the IP address of everyone who visits. If you have a static IP address -- which you will if you have a DSL line or cable modem -- then your visits to web sites can be tracked without needing cookies.

So WebSkulker didn't consider cookies to be a privacy problem because other privacy problems seemed to go in the same direction and to be far worse. But it turns out that cookies can indeed be read from a site other than the one you were visiting when the cookie was written. This is done through a trick involving pictures on web pages. When you visit a web page with pictures, the .gif or .jpg files that contain the pictures are usually on the same web server that is giving you the text of the web page, but this isn't necessarily so. There are a lot of pictures on web pages that come in from a different server. Also picture "files" can really be programs that generate a picture on the fly. You have no doubt seen counters on web pages where the digits are obviously pictures, not characters of a font. These counters are generated by a program, but if you look at the HTML source code they will be invoked as pictures. The mechanism for writing and reading cookies to your hard disk can be invoked along with this type of picture that is created by a program call.

Suppose you visit www.aaa.com and it has an ad banner picture from www.adagency.com. The ad agency could write a cookie to your hard disk with a unique serial number in their database. That cookie would show that it was written by adagency.com, not aaa.com. Then suppose you visit www.bbb.com which also has an ad banner picture from www.adagency.com. That picture could allow the adagency.com server to read the cookie that you got when you visited aaa.com. The ad agency could see the serial number in that cookie and will know that you visited aaa.com and bbb.com. They will not know who you are or anything about you except that they know that the same person visited those two sites. Remember: if you have a static IP address than they would know this anyway without needing cookies because their server logs will show which IP addresses viewed the banner ads on different sites.

The first link above is to an article about how it is possible to write and read cookies from an HTML-formatted email message, and how an ad agency could use this technique to correlate a serial number in their database with your email address. The second link above shows that similar information about your email can be gathered from server logs without needing cookies.

If this stuff bothers you, then WebSkulker suggests a shareware program called "Cookie Pal" that can be used to block cookies. Netscape and Internet Explorer already have settings to block all cookies or prompt you cookie by cookie whether to accept it. Cookie Pal can do the same prompting, but if you want it will remember your choice for a particular domain. If you get the impression that a site is using cookies only to track you, then you can have all cookies from that site rejected automatically. If a site is using cookies for your convenience to save settings, you can have those accepted automatically. You can also configure cute sounds to play when the program accepts or rejects a cookie. A description of Cookie Pal is at:
http://www.kburra.com/cpal.html

Download the program here:
http://www.kburra.com/cpdown.html

You can test Cookie Pal by generating test cookies here:
http://www.privacy.net/cookies

Remote control for your web skulking

http://www.planetportal.com/offer

Jr. Skulker Frank Telles told us about this offer for a free Internet remote control device called "eGoPad" which plugs into a USB port. When you sign up, they will tell you that it won't be available until early 2000. But the world is going to end on 1/1/2000 so you probably won't ever get the device.

Skulking Microsoft's investments

http://www.ms-monopoly.com

This site draws a Monopoly board from a database, so every time you go to the site, the items on the board will be different. The property squares are names of companies that are partly owned by Microsoft. Click on a square to get the details.

The MS Monopoly site was submitted by the skulker, not jr. skulker, who runs http://www.midnightskulker.com. Other subscribers have asked not to be called jr. skulkers, but we refused. We are making an exception in this case and will generalize the rule like this: if you want to be a skulker instead of a jr. skulker, you must register and use a domain name that has the word "skulker" somewhere in it.

This made WebSkulker laugh

Submitted by Jr. Skulker Sid Packer

The Big Bully

A little guy was sitting in a bar, drinking, minding his own business when a great big dude comes in and WHACK!! -- knocks him clean off the bar stool and onto the floor. Then he says, "That was a karate chop from Korea."

The little guy thinks "GEEZ," but he gets back up on the stool and starts drinking again when all of a sudden - WHACK!! -- the big dude knocks him down AGAIN and says, "That was a judo chop from Japan."

The little guy has had enough of this . . . he gets up, brushes himself off and quietly leaves. The little guy is gone for an hour or so.

When he returns, without saying a word, he walks up behind the big idiot and BONG!! -- knocks the big dude off his stool, knocking him out cold.

The little guy looks at the bartender and says, "When he comes to, tell him that it was a crowbar from Sears."

WebSkulker is a daily newsletter in html format. To subscribe or unsubscribe, go to our web site at http://www.webskulker.com or send email to listserv@webskulker.com with precisely the following: "subscribe-webskulker" or "unsubscribe-webskulker" as the only words in the SUBJECT. Leave off the quotes and be sure to include the hyphen. Before you even think about unsubscribing, we strongly suggest you go to our web site, click on "unsubscribe", and read the story of the two farmers. You will be shocked at the consequences!

To change your subscription to a new email address, unsubscribe from the old address and then subscribe to the new address.

This newsletter is copyrighted 1999 by The WebSkulker. You may use any material in this issue for any reason provided that you attribute it to the WebSkulker Newsletter and include the URL to our web site: http://www.webskulker.com .