Support the Arctic Sea Ice Forum and Blog

Author Topic: Trackers in iframes  (Read 1158 times)

sidd

  • ASIF Governor
  • Posts: 3862
    • View Profile
  • Liked: 70
  • Likes Given: 0
Trackers in iframes
« on: November 16, 2017, 09:37:28 AM »
I just discovered from Mr. Budmantis comment that you can inject an transparent iframe into a comment and tracking elements like facebook, twitter and G+.

See e.g the first post on the thread "Who should be the Democratic nominee for President in 2020?"

if you do a view source you see the iframe element with src from facebook
and visible link to twitter and G+, at least the latter two don't hide. Those are straight to twitter and G+ with script executing from those sources.

Is that a good idea ? All these guys  build a shadow profile of you _even if you don't use their platforms_

Do I have to resort to drastic measure on this site as well ? Well i guess so after seeing the transparent iframe

sidd

Neven

  • Administrator
  • ASIF Royalty
  • *****
  • Posts: 6092
    • View Profile
    • Arctic Sea Ice Blog
  • Liked: 244
  • Likes Given: 174
Re: Trackers in iframes
« Reply #1 on: November 16, 2017, 09:59:58 AM »
I haven't seen something like that before, and I don't know how those buttons got in either.

I'm also not a fan of 'social' media, because of the fake news and subsequent arbitrary censoring, but maybe there's no way to get anything done without them.
Compare, compare, compare

gerontocrat

  • ASIF Governor
  • Posts: 3653
    • View Profile
  • Liked: 362
  • Likes Given: 7
Re: Trackers in iframes
« Reply #2 on: November 16, 2017, 11:26:10 AM »
I haven't seen something like that before, and I don't know how those buttons got in either.

I'm also not a fan of 'social' media, because of the fake news and subsequent arbitrary censoring, but maybe there's no way to get anything done without them.

DUNGEON-MASTER- HELP!?
"Para a Causa do Povo a Luta Continua!"
"And that's all I'm going to say about that". Forrest Gump
"Damn, I wanted to see what happened next" (Epitaph)

Neven

  • Administrator
  • ASIF Royalty
  • *****
  • Posts: 6092
    • View Profile
    • Arctic Sea Ice Blog
  • Liked: 244
  • Likes Given: 174
Re: Trackers in iframes
« Reply #3 on: November 16, 2017, 05:59:27 PM »
I found it. Sorry for not noticing and then taking care of this earlier.
Compare, compare, compare

A-Team

  • ASIF Upper Class
  • Posts: 2274
    • View Profile
  • Liked: 200
  • Likes Given: 14
Re: Trackers in iframes
« Reply #4 on: November 16, 2017, 06:26:16 PM »
Quote
budmantis  Today at 12:40:46 PM
Didn't knowingly insert that, very annoying! How do I get rid of it?

It's inserted in every opening post. I'll see if I can get rid of it as admin.
Hmmm, can you take a screenshot of what this looked like?

In every opening post? That sounds like the keepers of our "free" forum software took a dive. Disturbing if they took an unannounced payment, did not notify administrators, and did not make a spyware "feature" opt-in. Ethically unacceptable. It could affect thousands of other sites.

Here is another possible instance of someone unintentionally pasting in a tracker:
« Last Edit: November 16, 2017, 07:59:13 PM by A-Team »

ivica

  • ASIF Middle Class
  • Posts: 874
  • Kelele
    • View Profile
  • Liked: 11
  • Likes Given: 0
Re: Trackers in iframes
« Reply #5 on: November 16, 2017, 08:01:37 PM »
A-Team,

A few hours earlier checking 1st post in Arctic Café thread I saw:
Row for icons appended below signature row/line. Two icons were there, Twitter / G+.

Checking it recently for you:
Surplus row is not there anymore, Neven apparently checked off that.

However, something strange happened - noticed never before:

Dialog like on attached pic but w/o Prevent... check box popped up.
Pressing Enter with empty "edit field" dialog reappeared, now with Prevent... check box.

Pressing Enter again dialog do not reappears.

Service count (right-up corner of the browser window) says: 5.

Testing done using Tor Browser v. 7.0.10.

After preparing pic for you, attempt to recreate the issue failed:
No dialog appears, Service count is still 5, possibly something like this:
"
Force encrypted connections to these websites:
   YouTube
   Google APIs
   Google.com Subdomains (Complex)
   Google
   Google Services      
"
--ivica

Neven

  • Administrator
  • ASIF Royalty
  • *****
  • Posts: 6092
    • View Profile
    • Arctic Sea Ice Blog
  • Liked: 244
  • Likes Given: 174
Re: Trackers in iframes
« Reply #6 on: November 16, 2017, 09:20:36 PM »
Okay, this is already going over my head, I just unchecked a couple of boxes in the admin section (see below). If you guys manage to figure anything out, let me know in the simplest of terms and I'll see if anything more needs to be done by using my red phone connection to DungeonMaster.
Compare, compare, compare

ivica

  • ASIF Middle Class
  • Posts: 874
  • Kelele
    • View Profile
  • Liked: 11
  • Likes Given: 0
Re: Trackers in iframes
« Reply #7 on: November 16, 2017, 09:32:19 PM »
I like them (all 4) being unchecked ;)

Humanity desperately needs options other then corporately controlled google, youtube, social networks.  >:(

A-Team

  • ASIF Upper Class
  • Posts: 2274
    • View Profile
  • Liked: 200
  • Likes Given: 14
Re: Trackers in iframes
« Reply #8 on: November 17, 2017, 12:09:13 AM »
Quote
this is already going over my head, I just unchecked a couple of boxes
Why did i ever let go of my 1980 Honda Civic wagon, what was I thinking??? No tracking, no hacking, no engine warning lights -- that car practically drove itself.

"They" say some millennials actually want to be tracked, profiled and targeted with ads. It seems the more you shop, the more you save.

Quote
our new "smart" thermostat, the Ecobee4 ...It's way cool!

-Touch screen. wifi enabled, connects to internet to retrieve current weather and weather forecast
-can be controlled remotely with Android phone app
-comes with an extra room sensor to monitor temp in other rooms (the thermostat can be set to an average temp)
-sensor can sense occupancy so it can heat the house according to what her particular rooms are empty or occupied
-has Amazon Alexa assistant built in so we can access all that stuff with voice control, it can play music, news, and all that cool stuff
-will integrate with and allow us to voice control smart wifi dimmer switches for the lights
-it pays attention to outside temps and adjusts according to the seasons when adjust room temp (i.e., in winter it will start heating sooner to have the temp 67 by 6pm, whereas in summer time it would take less time to get up to temp by 6pm)
-and lots of other cool stuff I'm still learning about
- They claim it reduces the average home heating bill by 23%!It's usually sells for $249, but last week was on sale for 209, plus I found a $40 off $200 coupon for Lowe's .com.  Combined with a $50 Oregon Energy Trust rebate, it came in at just under $120!
« Last Edit: November 17, 2017, 11:10:34 AM by A-Team »