?

Log in

No account? Create an account
Yet Another Reason NOT To Use Social Networking Sites Like Facebook and MySpace.
timebuilder

This post is Part 2 of a series on user tracking on the web today. You can read Part 1 here.

3rd party advertising and tracking firms are ubiquitous on the modern web. When you visit a webpage, there's a good chance that it contains tiny images or invisible JavaScript that exists for the sole purpose of tracking and recording your browsing habits. This sort of tracking is performed by many dozens of different firms. In this post, we're going to look at how this tracking occurs, and how it is being combined with data from accounts on social networking sites to build extensive, identified profiles of your online activity.

How 3rd parties get to see what you do on the web.

Let's start with an example of 3rd party tracking: when we went to CareerBuilder.com, which is the largest online jobs site in the United States, and searched for a job, CareerBuilder included JavaScript code from 10 (!) different tracking domains: Rubicon Project, AdSonar, Advertising.com, Tacoda.net (all three are divisions of AOL advertising), Quantcast, Pulse 360, Undertone, AdBureau (part of Microsoft Advertising), Traffic Marketplace, and DoubleClick (which is owned by Google). On other visits we've also seen CareerBuilder include tracking scripts and non-JavaScript web bugs from several other domains. There are pretty sound reasons to hope that when you search for a job online, that fact isn't broadcast to dozens of companies you've never heard of — but that's precisely what's happening here.

Ten 3rd party tracking sites' content is included in CareerBuilder search results
(in this screenshot, NoScript is being used to identify the third parties whose code is embedded in the page)

Each of these tracking companies can track you over multiple different websites, effectively following you as you browse the web. They use either cookies, or hard-to-delete "super cookies", or other means, to link their records of each new page they see you visit to their records of all the pages you've visited in the previous minutes, months and years. The widespread presence of 3rd party web bugs and tracking scripts on a large proportion of the sites on the Web means that these companies can build up a long term profile of most of the things we do with our web browsers.

 

They can track us, but do they know who we are?

Given how much tracking firms know about our browsing history, it's worth asking whether these companies also know who we are. The answer, unfortunately, appears to be "yes", at least for those of us who use social networking sites.

A recent research paper by Balachander Krishnamurthy and Craig Wills shows that social networking sites like Facebook, LinkedIn and MySpace are giving the hungry cloud of tracking companies an easy way to add your name, lists of friends, and other profile information to the records they already keep on you.

The main theme of the paper is that when you log in to a social networking site, the social network includes advertising and tracking code in such a way that the 3rd party can see which account on the social network is yours. They can then just go to your profile page, record its contents, and add them to their file. Of the 12 social networks surveyed in the paper, only one (Orkut) didn't leak any personally identifying information to 3rd parties.

There are some interesting technical details in how the social networking sites leak this data. In some cases, the leakage may be unintentional, but in others, there is clever and surreptitious anti-privacy engineering at work.

Paths for Data Leakage from Social Networks to 3rd party Tracking Firms

The most obvious way that a 3rd party tracker might learn which account on a social networking site is yours is via the HTTP Referrer header. A typical URL on a social networking site includes a username or user ID number, and any 3rd party will be able to see that.1

A second and slightly more revealing method that some social networks use to leak personal information is through URL/URI parameters for the 3rd party content. Here's a typical example:

GET /track/?...&fb_sig_time=1236041837.3573&
     fb_sig_user=123456789&...
Host: adtracker.socialmedia.com
Referer: http://apps.facebook.com/kick_ass/...
(In this request, a Facebook app is sending the user's facebook user ID and signin time to to adtracker.socialmedia.com)

The third and most surprising method for leaking personal information is to alias 3rd party tracking servers into the host site's domain name in such a way that the 3rd party can see the host site's cookies, in violation of the same origin policy. Here's an examples:

GET /st?ad_type=iframe&age=29&gender=M&e=&zip=11301&...
Host: ad.hi5.com
Referer: http://www.hi5.com/friend/profile/displaySameProfile.do?userid=123456789
Cookie: LoginInfo=M_AD_MI_MS|US_0_11301; Userid=123456789;Email=jdoe@email.com;
(ad.hi5.com is actually ad.yieldmanager.com, and it's receiving different bits of personal information via referrer, URI parameters, and the hi5.com cookie which the same origin policy wouldn't have allowed it to have — so it's an example of all three leakage methods methods)

What can I do to protect myself?

Unfortunately, there is no easy way to use modern, cookie- and JavaScript-dependent websites and social networking sites and avoid tracking at the same time. In order to be substantially protected against these tracking mechanisms, you'd need to do the following:

 

  1. Pick a good cookie policy for your browser, like "only keep cookies until I close my browser", or manual approval of all cookies.
  2. Disable Flash Cookies and all the other kinds of "super cookies". You can test for these here.
  3. Use the Firefox extensions RequestPolicy and NoScript to control when 3rd party sites can include content in your pages or run code in your browser, respectively. These tools are very effective, but be aware that they're hard to use: lots of sites that depend on JavaScript will need to be whitelisted before they work correctly.
  4. Use the Targeted Advertising Cookie Opt-Out plugin. This will automatically opt you out of any 3rd party trackers who have an opt out somewhere that requires you to accept a cookie. Be aware that not all 3rd parties will offer opt outs, or that some of them may interpret "opt out" to mean "do not show me targeted ads", rather than "do not track my behavior online".
  5. As always, it doesn't hurt to use Tor via TorButton to hide your IP address and other browser characteristics when you want maximal browser privacy.

Unfortunately, many of the steps above are quite difficult to follow, and we're fearful that the vast majority of Internet users will continue to be tracked by dozens of companies — companies they've never heard of, companies they have no relationship with, companies they would never choose to trust with their most private thoughts and reading habits.

It isn't going to be easy to fix this mess. On the technical side, all of this tracking follows from the design of the Web as an interactive hypertext system, combined with the fact that so many websites are willing to assist advertisers in tracking their visitors. Browsers could be altered to make them harder to track, but great care and clever design will be required to achieve that without undermining the virtues of interactive hypertext in the first place. It's not clear that anyone has found the right way to do that yet.

On the legal side, it's clear that the current U.S. privacy regime isn't working: behavioral tracking companies can put whatever they want in the fine print of their privacy policies, and few of the visitors to CareerBuilder or any other website will ever realize that the trackers are there, let alone read their policies. It's time we found legal rules to ensure that people actually know when their privacy is part of the price they pay to visit a site.

  1. 1. One subtlety here is that sometimes the 3rd party won't be able to tell whether a profile is yours or belongs to someone else. But there are several ways around that: they can look for URLs associated with profile editing or other activites that your friends can't do with to your profile; they can see which profile you visit first when you log in to the site, and they can see which profile you visit most often over time.

Another Reason NOT To Use Social Networking Sites.
timebuilder

Social networks make it easy for 3rd parties to identify you

It's no secret that most websites share some amount of usage data with their advertising partners, but that data is usually anonymized. Not so in the case of most social networks, though, according to a recent study. An ad partner could easily grab your unique profile identifier and find out nearly everything about you.

By Jacqui Cheng | Last updated September 24, 2009 9:31 PM CT
Social networks make it easy for 3rd parties to identify you

By now, it's no secret that social networks (or really any websites) are sharing some of your usage data with advertising partners in order to provide more targeted ads. Most of the time, this data gets anonymized when it gets passed on so that there's no personally identifiable information attached to your browsing history. Or does it? I turns out that some social networks—including the majors that we all know and love—have an interesting definition of "anonymous," essentially making it possible for lots of personally identifiable information to be exposed in connection to browsing habits.

Facebook, MySpace, LinkedIn, Digg, and LiveJournal (among others) are all guilty of "leaking" personally identifiable information (PII) to partners, according to a recent study by Worcester Polytechnic Institute researcher Craig E. Wills and AT&T Labs' Balachander Krishnamurthy. A "leakage," by the study's definition, is the opportunity for a third party to link the information they get from the social networks (either in the form of logs or browser cookies) to someone's PII—your name, phone number, and dog's favorite treat aren't passed on directly, but can easily be pieced together.

How is that possible? Not through your name, but through your profile's unique identifier, which is apparently included in the data given advertisers from most social networks. "We found that when social networking sites pass information to tracking sites about your activities, they often include this unique identifier. So now a tracking site not only has a profile of your Web browsing activities, it can link that profile to the personal information you post on the social networking site," Wills said. "Now your browsing profile is not just of somebody, it is of you."

Through an examination of the 12 social networks they included in the study, Wills and Krishnamurthy found that a personal photo, location, gender, and name were almost always available to those who have a unique profile identifier on hand. Further, a list of friends, activities, other photo sets, age, schools, employers, and location are available by default from most networks. (Just imagine if you had clicked on a number of Cialis and Viagra ads from MySpace, only to have those ad people go back and find out what you look like, where you work, who your friends are, and what you like to do for fun?) Only things like a zip code, phone number, and e-mail address were usually unavailable by default.

The researchers note that there are reasons why this should be a concern—aside from mere embarrassment. Not only can this information, when linked directly to you, constitute an invasion of privacy, it can also affect very real parts of your life. "Tracking sites don't have the ability to know if, for example, a site about cancer was visited out of curiosity, or because the user actually has cancer," Willis warned. "Profiling is worrisome on its own, but inaccurate profiling could potentially lead to issues with employment, health care coverage, or other areas of our personal lives."

This is not to say that third parties are actually doing anything with the unique identifiers they are receiving, but the door is wide open for abuse. We attempted to contact several social networks for comment, but did not hear back by publication time—it seems the only thing users can do to protect themselves right now is lock down as much information as possible. Still, the researchers noted that the easiest way to prevent this kind of data leakage is for the social networks themselves to stop passing on unique identifiers, whether accidental or not.

Update: Facebook spokesperson Simon Axten responded to the paper by reiterating that Facebook has granular privacy controls that allow people to decide how much information is public. "This means that anyone who doesn’t match those criteria can’t access it, regardless of whether he or she knows the person’s identifier. Given this, even if a site could link a URI, referrer, or cookie to a specific user, it would only be able to access information that the person had made public. While we don’t believe there’s any danger here, we take all reported privacy issues seriously and are investigating further to determine what, if any changes, we can make," Axten told Ars.

Further reading:


Rolex Hairspring Guards Used In Movement Reference 1570.
timebuilder

Rolex Hairspring Guards Used In Movement Reference 1570.

 
Hairspring guards are designed to prevent the coils of the hairspring from jumping over another coil in the hairspring.  When this happens the movement will start to run at a much faster rate often gaining several hours per day.  Hairspring guards are most often found in early Submariner or GMT Master Rolex watches.
 

 
These early Rolex movements used a blue colored hairspring rather than the white alloy hairspring found in the later models.  The movements with the blue hairspring have a slower beat per hour vs the white alloy hairsprings.
 

 
Below are some pictures of the hairspring guard found in a Rolex movement 1570.  The movement serial number is D905606.
 

 

 

 
This shows the hairspring guard which is the brass wire that is over the balance at the left.
 

 

 

 

 
Here is another view showing the hairspring guard extending over the hairspring to the center of the balance wheel.
 

 

 

 

 
This view shows the hairspring guard over the balance.  Most of these movements have a hole for installing the guard.  The base of the guard has a notch so that it can be rotated away from the hairspring in order to remove the balance for service.
 

 

 

 

 
A side view of the Rolex 1570 movement showing the hairspring guard over the balance wheel and hairspring.
 

 

 

 

 
This is the dial side of the Rolex 1570 movement showing the date wheel and dial washer.
 

 
These Rolex movements are some of the best designed movements that Rolex manufactured.  They are very durable and rugged and will last many years and provide good timekeeping abilities if properly maintained.  If the watch is to be used in a rough environment where it might be subjected to shocks and extreme bumps it may be necessary to have the hairspring guard installed to prevent the coils from jumping over one another.
 

 
 
Posted by Timebuilder American Horologist at 11:10 AM
 


Terms and Definitions For Antiques and Collectibles.
timebuilder
Antique An object 100 or more years old.

 

Collectible An object that is less than 100 years old, usually mass produced.

 

Fine Art Describes any piece that was created for a visual appeal rather than a utilitarian use. This includes paintings, sculpture, architecture, photography and printmaking to name a few.

 

Vintage The word "Vintage" was usually used with wines but in the past years Vintage has been used to describe a certain look, usually used with fashion. This word is commonly used without much thought but should be used with a certain date Ex: "Vintage 1965 Ford Mustang".

 

Authentic Being "Original" not a remake, reproduction, or copy. (see Original)

 

Original An item that is original should mean that it is the only one made, but it can also mean by some that the item is not a copy or reproduction (authentic).

 

Art Deco Styles from the period of 1925-1940, geometric designs & streamlined patterns were used with bright colors. Many items were chrome metal, glass and plastic.

 

Art Nouveau Developed from the 1880s through the early 20th century, flowing designs used with a natural appearance of trees and flowers.

 

Arts & Crafts Also known as Mission, this style was popular from the 1890's through the 1920's. The Arts and Crafts movement was a movement from ornate Victorian design to simple craftsmanship (see Mission).

 

Mission This style grew out of the English Arts and Crafts movement and was a movement away from Victorian design (LIKE ARTS & CRAFTS). Mission was made from around 1890 to 1920's. Mission is usually used with furniture, usually oak that has a straight line design (see Arts & Crafts).

 

Victorian A style named after England's Queen Victoria, which was very popular through the mid 1800's. Victorian furniture was usually mahogany, walnut and rosewood which were often highlighted with carved floral designs sometimes Gothic looking.

 

Modern Is used when talking about a certain design from the 20th century, usually linear, horizontal or streamlined designed. Modern pieces have been said to have a clean or simple look, usually it is ahead of its time.

 

Contemporary Usually this refers to the "present time" but originated from the 1960's. Usually designs include soft round lines, and can be used with the word "Modern".

 

Primitive Is any given item that was used by early civilization. It can also be thought of as anything that has a very crude design and usually was utilitarian.

 

Folk Art Is any hand made Americana piece that is made by someone that has been self taught that usually has no formal art training. Ex: Tina Box
 


Social Networking Sites In The Business Environment.
timebuilder

 
Yes this sort of does smell like old people but I believe that in today's business environment social networking sites have no place.  This might be "old people" thinking but it is true.

A few years ago I thought it would be really neat and kind of fun to join MySpace even though I am not a typical "joiner" of anything let alone any social networking site.  Friends told me it was a dumb move on my part and after about two years I know what they were talking about.

To make matters worse I joined Facebook which opened the floodgates of disaster.  The problem with both sites is all the so called "friend" requests that you have to muddle through.  The other problem is that people simply just can't leave you alone.  So I decided to close my MySpace account.  MySpace is all or none.  If you close it everything your friends posted for you and all of your cute little comments will vanish into the black hole of cyberspace.

Facebook is a little better.  If you close your Facebook account they save it for you just in case you decide that you were really drunk or something and made the wrong choice about ending it all.

But my point is this.  You are better off directing your efforts to your own company web site where you have total control over your content and you don't have to worry about the so-called privacy settings of MySpace and Facebook.  The other benefit is the fact that YOU and only YOU control the ads that appear on your own web site.  With MySpace and Facebook if you enter any information about your business and what your business does, then the next day you see nothing but advertisements from your competitors.  Really nice huh?  In effect you may be cutting your own business' throat.

So my humble suggestion to you is that you eliminate any connection with MySpace and Facebook.  There are much better places to post quick content and information.  For example Twitter is very good for this.  Instant updates that customers can view.  The downside of Twitter are all the spammers and all the girls with their porn sites.  You really have to police your Twitter accounts and promptly block these offenders.  If you don't, some people might think you are "following" some porn site.

The other thing with Twitter is that many people think it is the new age Pog and all they do is "collect" "followers."  I avoid following many people.  To me I pick the ones that have like interests such as antique collectors or watch collectors.  I also avoid the users that post worthless information every 30 minutes.  Afterall it is a proven fact that about 50 percent of all Twitter posting are worthless pieces of junk and useless information.

So for me it is Good Bye to MySpace and Facebook.  Let the kids play on them so that some unknown person can guide and direct your child.  In my opinion both sites should be shut down as both places represent the best of human error.

eBay Motors & Dealer Fees. Don't Get Ripped Off!
timebuilder
Dealer Fees. Don't Get Ripped Off!

Many sellers on eBay Motors use hidden seller fees.  Avoid these sellers who add Dealer Service Fees, Vehicle Preparation Fees, Document Fees, Administrative Fees, and Vehicle Inventory Tax Fees.

Please read this and PLEASE VOTE for this guide.  This is intended to save YOU, the potential buyer from paying more than you should for a vehicle on eBay Motors.

In addition to your winning bid or when you use Buy It Now to purchase a vehicle on eBay Motors you may run into many sellers who add many extra fees to the purchase price of your vehicle.  Most of these sellers are dealers who either own or work for a dealership.  You seldom encounter these extra fees when buying from private sellers of vehicles on eBay Motors.

It should be noted that eBay Motors permits dealers to charge these hidden fees and they make no attempt to regulate excessive fees that are charged by sellers on eBay Motors!

These "hidden" fees can add hundreds of dollars to the purchase price of your new vehicle.  These sellers often admit that they do not have any legal requirement to charge these fees but do it anyway.  Don't buy a vehicle from them!

It is very important to READ all the FINE PRINT in each eBay Motors Auction before you bid or buy.  These fees can be avoided.  Here are some of the fees you may encounter and you should avoid.

Vehicle Preparation Fee:  One seller charges $49.00 to check the tires, check fluid levels and vehicle interior and the brakes.  Avoid these types of fees.  It is only prudent that the seller check these items before selling the vehicle in the first place.  Remember that it is illegal to sell or offer for sale an unsafe motor vehicle.

Dealer Service Fee:  These fees will run as high as $150.00.  Sellers never seem to say what these fees cover but these dealers should be avoided.

Document Fee:  I have seen these fees run on the low end at $50.00 to $500.00 on the high end.  Most sellers have document fees that range between $199.00 to $399.00.  I would suspect that most of these fees are used to cover the cost of listing the vehicle on eBay Motors.  Don't buy from these sellers.

Administrative Fee:  Many of the sellers on eBay Motors seem to charge this fee.  The typical cost is $52.00.  Again most of these dealers fail to explain what this fee actually covers.  Avoid these sellers.

Vehicle Inventory Tax Fee:  This fee or tax is usually charged by dealers in the Texas area.  This tax or fee is .002679 per cent of the sale price of the vehicle being sold.  So on a $10,000.00 vehicle the tax would be about $26.79.  Are these dealers so cheap that they can't pay this tax?  Avoid these sellers!  If they are so cheap that they can't pay this they are not worth buying a car from.

I have only found one dealer who admits in his auction that he has NO LEGAL basis to charge the extra fees that are listed in his dealer auctions for vehicles, but does it anyway.

Again, if you are looking to buy a good vehicle on eBay Motors, there are many sellers to purchase from that don't charge these extra fees.

Look before you buy and READ all the details of the auction first.  If you don't like what you see, move on as there are many other cars available on eBay Motors where these fees don't exist.

You can also call most of these dealers and negotiate these fees with them.  Remember, they want to make a sale and most of the time will remove these EXTRA charges.  Don't get E-Screwed by these dealers.

Here are some typical examples:

There is a nominal Processing Fee of $299.00, this applies to EVERYONE so please don't ask for an exception, none will be made. Out-of-State Residents; Processing Fee of $299.00 is due at the time of sale.

Don't buy from these sellers.  Your money looks better in your pocket NOT theirs!

The only fee associated with the sale is a $150.00 transaction fee which covers processing of all paperwork, vehicle pre-delivery costs, cleanup, FedEx of paperwork, and In-Transit plates so the vehicle can be driven prior to transfer of title in your area.

It is obvious that this seller is covering the cost of selling the vehicle on eBay Motors.  Charging the buyer for "cleanup" and "pre-delivery costs."  Pre-delivery cost is just another term for "eBay listing fees and first bid fees" that eBay Motors charges sellers.

Don't fall victim to these extra seller fees.  Don't pay them and don't buy from sellers that charge them!

Here is another example from a dealer in Ohio.  This one makes no sense at all.

Fee and Tax Information:  A documentary fee will be applied.  Its 10% of sale price from $1 to $2499.99, and $250.00 from $2499.99 and up. Title fee of $25.50 will be applied at the time of sale.

Like I have stated many times before, avoid these sellers and save yourself hundreds of dollars.

Below is an example of how one eBay Motors dealer hides the extra costs of their auctions by making the fonts sizes small and also makes the text very light and hard to read in the auction.  The original text was very small and very light colored and blended into the auction background.  It was not possible to duplicate it here due to eBay restrictions on using HTML tags.

Please note: Texas residents are responsible for state sales tax (6.25%), vehicle inventory tax, license fees, documentary fee ($50.00) and a miscellaneous fee ($250.00). Out of state buyers are responsible for vehicle inventory tax, documentary fee ($50.00) and miscellaneous fee ($250.00). Inventory tax is calculated at 0.21% (that is 21 per $10,000).

These sellers appear to be trying to hide their fees which amount to $300.00 extra in addition to the purchase price of the vehicle.  If they try to hide the "fine print" what else are they trying to hide?

The award for the eBay Motors dealer with the HIGHEST FEES goes to a dealer in Knoxville, TN.  Their fee is well hidden in their auctions.  It simply states, "all bids plus $597.80 dealer fee."

all bids plus $597.80 dealer fee?  What are these sellers giving you for almost $600.00?  The answer is this.  NOTHING but ripping you, the BUYER off.

Save YOUR money and only buy from private parties or eBay Motors sellers that DON'T charge these fees.

Its about time that eBay Motors puts a stop to the rip off of auto buyers on eBay Motors.  Why does eBay protect these sellers anyway?

</div></div></div>

Ball Commercial Standard 18 Size Pocket Watch SN 90916.
timebuilder
This is a Ball Commercial Standard 18 size pocket watch.  The serial number is 90916.  For many years this watch was in my collection of a few Ball watches.  Several years ago while attending a show and sale at the Medford Armory it was removed from a display and was taken.

I don't like the word stolen but at any rate years later it ended up on eBay.  The seller was back in New York.  I got hold of him and he wanted to sell it outright to us.  We declined and yet we have all the original inspection certificates for this watch.

It is amazing how this watch could go from one end of the country to the other and end up on eBay.  If only this watch could talk.


  








 

 

 

Ball Brotherhood of Locomotive Firemen Pocket Watches.
timebuilder

Ball Brotherhood of Locomotive Firemen Pocket Watch.

 
 
To me one of the best and most interesting of all American pocket watches are the 18 size Ball watches.  Out of these are the Brotherhood watches that related directly to the many jobs associated with railroads.
 
These Brotherhood watches have become very expensive over the last several years.  The one shown above sold for about $2500.00.
 
More Ball information to come later.
 


Mulford & Biddle Threadless Insulators. UPRR Railroad.
timebuilder

Mulford & Biddle UPRR Threadless Insulators

 

If you are collecting railroad pocket watches then you may as well collect the wonderful threadless insulators that were used on the telegraph lines that followed the railroads.

This insulator is a threadless type and was made by Mulford & Biddle.  The ones used on the original UPRR railroad were marked with the UPRR embossing.

These wonderful insulators came in many different colors.  Values on these are now at about $400.00.
 

Do YOU love ANIMALS? Please Support The ASPCA and Help Rescue Abused Animals.
timebuilder

Do YOU love ANIMALS? Please Support The ASPCA and Help Rescue Abused Animals.

 
Do YOU love ANIMALS? Please Support The ASPCA and Help Rescue Abused Animals.

There are animals that need your help. These pets, many of which have been abused by their owners need your help now. Both cats and dogs. These wonderful pets love their owners even when they have been abused by them which is sad and shows the innocense of these pets.

Please help them by joining the ASPCA by calling               1-888-460-9998        or you can visit the ASPCA web site at http://www.supportaspca.org.

Please give something back to animals that have given so much to us.