PDA

View Full Version : Verisign's 'SiteFinder' finds privacy hullabaloo



mastercontrol
10-01-2003, 10:50 PM
Privacy advocates have joined the chorus of critics of Verisign's "SiteFinder," which on Monday began directing mistyped dot-com and dot-net e-mail and Web addresses to a search site operated by the company and Overture.com, a Pasadena, Calif.-based advertising company that brands itself as a search engine.

http://www.securityfocus.com/news/7009

MeSat
10-02-2003, 04:25 PM
In reading the text of the link, it shows that it is using a cookie. Almost every site uses cookies today. Some sites share cookie data and this can be confirmed in most browsers by changing the cookie settings.

In Mozilla, you can set cookies to expire after each session if you wish. This means that when you go back to a site, there is no record on your computer to show that you have been to the site before. This can cause some other inconviences but for the greater good, it is much better.

It is also interesting when looking at the cookie manager and finding out how many cookies some sites store on your computer is shocking. I have been to sites that store 10 cookies.

I also stop cookies from most ad servers so that I cannot be tracked for advertising. Before having a cookie manager, I used to run a script that deleted my cookies files each night.

If you are concerned about privacy, then watch the cookies. They have their benefit and they also have their problems.

Hidden images (1 pixel in size) can also be used for tracking purposes and data gathering.

mastercontrol
10-02-2003, 05:00 PM
The main issue doesn't have anything to do with cookies. It's the fact that Verisign is misusing it's position to make money via ad sponsored links and tracking.

Not to mention the problems this has caused some spam filters, since all bogus domain .com and .net domain names return a result, so for example, is a fake address used @hfjehfjkhfks.com, even though the domain doesn't exist, to the spam filter, it would appear to be valid, so any address using that fake domain would pass through.

Of course, Verisign isn't the most ethical business out there. I'm sure anyone who has a domain has received at least one "renewal" notice from them, which is used to fool people into switching their domain registration from the company they got it from to Verisign (a lot of people don't remember right away who they got their domain from since they usually never have to deal with them).

I know I would never do business with Verisign. I don't trust them any more than I trust M$.

MeSat
10-03-2003, 04:26 PM
The issue was privacy and tracking. Cookies track usage and thus can be a worse pricacy problem than what Verisign is doing. For Verisign to track you, you must first go to their site. The problem with cookies is that they can be used by multiple sites or cross linked to multiple sites. This cross usage can be a much larger privacy issue. The only reason that I posted it.

Verisign's actions are a major headache for alot of businesses and they are being sued for this action. I hope they lose. Of course some of the people trying to sue Verisign are doing is so they can provide the same type of service.

I thought I posted the issue with Verisign and Spam filters into a different thread but I cannot find it now.

BCTripster
10-03-2003, 07:13 PM
Verisign are evil bastages to say the least, I'm just waiting on the RH RPM for BIND with the patch so I can once again block these fools.

Complete and utter abuse of their role in the DNS system.

BCTripster
10-03-2003, 07:25 PM
ICANN gives Verisign 36 hours to disable sitefinder (http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm)

The excrement has hit the rotating air mover! /forums/images/graemlins/smile.gif

Way to go ICANN, now the next step is to take the works away from Verisign and let a not-for-profit run the .com/.net namespace.

mastercontrol
10-03-2003, 08:31 PM
That's great to hear. It'll be interesting to see if Verisign complies to that. As I write this, SiteFinder is still up (tried a bogus address).

Scary
10-03-2003, 11:17 PM
Verisign suspends its SiteFinder service (http://www.eweek.com/article2/0,4149,1307635,00.asp)

mastercontrol
10-03-2003, 11:54 PM
I think the news sites jumped the gun on that story; the SiteFind is still up and running (just tried again). I don't think Verisign will give up easily.