PPrune is implanting some rather nasty cookies onto your computer. I’ve seen this only recently and believe they come from some advertising banners.

What’s a cookie? A cookie is a small text file stored on your computer that contains some commands encoded in this text file. Most cookies are quite useful. For example the cookies from pprune.com keep track of articles you’ve read for you, remember your password and lots more. Such cookies don’t transfer data.

However, there are some very dangerous cookies around as well. Some cookies can contain command code to transfer or even delete files to/from your computer, search for your personal details on your machine and transfer such data via the Internet to the cookie owner. The info ‘stolen’ most often is your name and e-mail but also postal address and phone number! The processes controlled by cookies function in the background without your knowledge and control!!!

I found that access to pprune implants cookies from “doubleclick.net”, “valueclick.com”, “www.addfreestats.com”, etc. These are Internet behaviour tracking companies. This means they get your personal details, at least your name and e-mail, and watch all your steps on the Internet. Every time you click on a link this information is stored in a central computer. Over some time such database serves to figure out your main areas of interest and this information is sold to advertising companies. Thus you will suddenly be targeted with advertising via e-mail, post or by phone calls according to your internet activities. So don’t be surprised if after playing a little with adult pages you start getting e-mail advertising naked girls or Viagra pills!

I post this to make all user and the pprune administrators aware of this problem. It is a favourite trick of banner advertisers to set unsolicited and unwanted cookies.

Remedies: The best would be if the advertisers on pprune would be kindly asked to stop this nonsense. But what can the average user do? Your browser security settings allow, depending on platform and browser, to mange cookie security settings. All browsers allow by default all cookies. Some browsers allow you to allow cookies from the actual page but to deny any other cookie. This is obviously the best setting. Most browser allow a setting whereas the user has to confirm each cookie. Try it and you will be surprised how many cookies there are. Not a satisfactory solution.

For my part I very regularly delete all cookies and go on with life. ‘Very regularly’ means at least each time I terminate my Internet connection. You can find little programs on the Internet that do that job for you and even automatically. Check for your browser and platform at places such as www.shareware.com or www.tucows.com.

Happy browsing
BeePee


------------------
Diesel 8 forever!

Interesting.

This week, for the first time, I've had two unsolicited e-mails offering a very dodgy sounding deal (send cash in plain envelope) and an invitation to subscribe to 2 porno sites (and I've never knowingly accessed any "adult" sites in the past).

Well perhaps this explains the crap I've been getting on my personal Hotmail site from various sources, but the majority are either get-rich-quick schemes, dubious XXX offers and other rubbish which often comes with a yahoo, msn or excite address - usually from the land of the terminally stupid crimplene-clad lardar$es.

I often delete 'cookies', but perhaps something has slipped through. Danny, if this is true, it's OUTRAGEOUS!! Another thing, why when I've disconnected from the Internet, does the computer suddenly start dialling again if I've left a PPRuNe item on the taskbar? Is this something to do with the adverts? If so, $hitcan them and go for a subscription service!! I am MIGHTILY PI$$ED OFF with getting the crap which I do through Hotmail!! However, I have been able to phone up one or two of them and tell them to get stuffed!! That is VERY satisfying!!

No wonder that when I go through my computer every night, because mine is running marginally low on memory, when I look at the temporary Internet files, there is a whole lot of junk located there. I erase it and get my 2-3 megabytes back for the day. But this goes one day after day.

Isn't there somewhere on the Microsoft program that you can click to say that once you've read it and then deleted it, not only will your incoming/outgoing message be deleted, but also your attachment or incoming attachment?

It didn't used to be this way.

This is a growing trend - you should see what some sites throw at your machine.

Take a look at FREEDOM

http://www.freedom.net

The full system is not free but the basic protection is. Particularly useful, apart from Cookie management, is the AD Manager. I have blocked 17 Meg (count them) of ad downloads in the past 4 weeks. The increase in speed to NOT download all these ads is very noticeable on a slow line + it stops all those little embedded counters (as used on PPRUNE) doing a number on your computer.

Most of the popular ads are pre-loaded for blocking and you can identify and add ones of your choice.

Specifically there is a new one on on PPRUNE :
adfreestats

Currently FREEDOM is blocking 2396 add sites from my machine.

Lastly it is also a very comprehensive firewall and with a full system you can totally protect your identity on the WW and email by aliasing through the FREEDOM home site and a couple of random jumps. This makes life alower - but I have been unable to fault it from a security standpoint. Great system - take a look.




[This message has been edited by MasterGreen (edited 28 March 2001).]

I posted on this subject a few weeks ago:

Spyware and PPrune?

I dont think that cookies can modify any files on your computer, but they can transfer personal data to third parties.

Personally I would like to see all cookies go, except those specifically left by pprune to remember password and such.

Other possible remedies:

For Netscape (I don't use MSIE so can't say), delete everything in cookies.txt (usually in CProgram Files\Netscape\Users\default) below the line reading "# This is a generated file! Do not edit", then make the file read-only (right mouse click: Properties, then tick 'Read-only' under Attributes). This is a bit OTT and I don't recommend it, as you would lose all your stored passwords and other potentially useful facilities.

A better solution is to use advert/cookie-blocking software eg Naviscope (www.naviscope.com) - very effect and FREE. Or the Windows version of Junkbuster (available from www.waldherr.org/junkbuster/) - also effective and free, but needs some user input to configure. These programs allow configurable blocking of ads and selective blocking of cookies.

But be warned, the sites' sponsors are likely to take a dim view of this type of software. But as far as I am concerned, it is my computer and I will determine what is downloaded to it, what information is disseminated from it, and to who.

There is a very serious privacy issue here but BeePee's scare mongering distracts attention from the real problem…

BeePee writes - "However, there are some very dangerous cookies around as well. Some cookies can contain command code to transfer or even delete files to/from your computer, search for your personal details on your machine and transfer such data via the Internet to the cookie owner. The info 'stolen' most often is your name and e-mail but also postal address and phone number! The processes controlled by cookies function in the background without your knowledge and control!!"

This is essentially nonsense but here's the real problem…

An organisation like DoubleClick dumps a cookie on your machine when you visit PPRuNe. This functions as a unique identifier within the DoubleClick database and when you visit other sites associated with the company, any information you provide them can be associated with this ID. For example, the products you buy at the online grocery store, the postal address you provide when ordering tickets online, the email address you provide when you ask for an online insurance quote - all these can become associated with your unique DoubleClick ID. So it's possible for direct marketers to build up a pretty detailed picture of your interests, preferences, etc. This is the problem.

DoubleClick claim that you can opt out of their system here…

http://www.privacychoices.org/

But how many other similar systems are there?


[This message has been edited by stagger (edited 28 March 2001).]

I don't care to what extent the cookies are removed, but I don't want to log every time to the NY Times, and all those other places, including PPPrune, that I have placed the cookies in for a purpose.

So, how do you get rid of the unwanted cookies and retain the wanted ones?

If you use explorer, disable cookies. Then add the websites where you want to allow cookies to webpages that you thrust.

Stagger,

I’m not scare mongering here. But Internet users should be aware about harmful possibilities and cookies fall in the same category as e-mail viruses – fortunately a lot less harmful.

Some small technical details:
Cookies can only influence the browser. They can transmit (or to be correct cause the browser to transmit) the data contained in the user profile (or within windows with MSIE the windows user profile). But they, via the browser, can theoretically do a lot more: they can instruct the browser to up- or download files. Thus, technically, a cookie can cause the browser down download and activate a small program, which allows a malicious intruder to do a lot more. The German ‘Chaos Computer Club’ has demonstrated this security risk by remotely controlling a test PC and newer browser version are quite well protected.

The majority of all cookies are useful and necessary. Further, the majority of abusive cookies are not directly harmful but gather information and spy on the Internet user. DoubleClick does more than they claim. At first DoubleClick sets a cookie to harvest personal information. Subsequently, that cookie is replaced with a serialised cookie transmitting that serial number each time the user hits an associated site (of which there are very many). I haven’t come across any directly harmful cookies yet but information gathering and junk mail are a clear violation of privacy rights. And you perfectly correct – this is the main problem. As administrator of our own site and relatively small LAN (50 –60 users) I can wildness daily large scale spamming despite strict spam control and blocking.

I definitely don’t want to sound ‘paranoia’ or scare anybody but all Internet users should be aware of this, as remedy is quite easy: Keep upgrading your windows and your browser and delete your cookies. Plus as lot as people are aware chances are very remote that somebody would try something really nasty.

Pprune needs sponsoring but all pruners might help Capt Pprune to keep the spies out by making donations to keep the site alive, free and cookie clean.

BeePee

------------------
Diesel 8 forever!

If you want to block cookies, and use IE5 try www.idicide.com, the software is a bolt on to the browser, and lets you decide a level of access. I have the latest IE5.5 Beta, and it works fine!!
most cookies are OK, but some aaarrggh!

BeePee,

I'm sorry but I think you're confusing Java/ActiveX security risks with some of the problems associated with cookies. Please read the section on cookies that can be found here...

http://sunsite.compapp.dcu.ie/pub/pe...wwsf7.html#Q66

BeePee, you ARE scaremongering! I have stated in other threads about this that the cookies that PPRuNe sets are for the control of the bulletin board and the way it interacts with your computer. Have any of the ‘screamers’ figured out how every time you log on to the PPRuNe forums it knows when wa you were logged on and how to let you know which forums should show a light to let you know there are new threads since you were last logged on or which folders to show as red?

Just about every website now uses cookies to provide the interactivity with your browsers. I have yet to see any cookie that gets your email address and personal details or uploads any software to your computer. What utter rubbish! Yes anyone can find out what browser, what operating system and which version you are using as well as which ISP you are logged on through. You don’t need a cookie to do that but they do help in getting that information.

I know that the advertisers use cookies. Yes, they can find out sometimes if the same person is receiving the same advert IF the modem they are connected through in the exchange is the same one they connected through last time. Yes, advertisers can possibly create a profile of what you like if you click on some adverts and in future the systems may be able to recognise you when an advert is being delivered to your computer and so send an advert that is more likely to be of interest to you. SO WHAT? I would rather see adverts that were of interest to me than adverts for something that isn’t! Big deal!

Do you ever stop to think what newspapers or magazines would look like if there was no advertising in them or what they would actually cost to buy? I need advertising to pay for the running of this site. Without it there wouldn’t be a PPRuNe. It would have bogged down and died years ago if I wasn’t generating revenue from advertisers to pay for upgrading the server and the software. Next week the whole site is having to move to a new dedicated server with dual processors, barely six months after upgrading to the first dedicated server because the loads are getting unmanageable.

Thanks to the adfreestats I know how many readers and from what part of the world and what time they log on and I can use that information to attract new advertisers so I can pay for the next upgrade which will be due soon. PPRuNe currently has nearly 30,000 registered users but I know through the stats that I get more than that number of readers every day! Unique readers! You only have to see the ‘InLive’ window at the top of every page to see how many people are one at any one instant. The system uses cookies for that information. That information is needed to help manage the site and plan for the future!

As for the utter ‘bovine excrement’ that any cookies are digging out your email addresses and sending them to spammers, you have got to be kidding! One of the main reasons that I have banned hotmail is because of plonkers who use it solely to register for PPRuNe but start to receive spam thinking I have given their address out but they fail to realise that hotmail is just about the most heavily hacked mail server in the world and anyone with a hotmail address is most likely to have their email address doing the rounds of spammers. Hell, some spammers have programs that just generate names and append them to ‘@hotmail.com’ and blast out their crap. Nothing to do with PPRuNe. BEagle, you can take your ‘shock horror’ attitude because as I have mentioned in the announcement about banning hotmail that yahoo and possibly excite are about to be blocked too for exactly the same reasons.

As for your computer auto logging on... well... read the manual! If you set your dial-up software to autodial in every time an application that looks for the internet wakes up then that is what will happen! Your computer will dial up! If you leave a PPRuNe page up and your dial in software is set to automatiacally log in then that’s what will happen. The banner adverts at the top of pprune pages are set to refresh every three minutes and so your computer dials in. Either set your dial in software to only dial in when you tell it or close the PPRuNe pages after you log off. Nothing sinister. No conspiracy.

Save your ‘OUTRAGE’ for something else! I am getting fed up with all the panic, screaming, conspiracy theorists who post the kind of crap that is in this thread every few weeks. PPRuNe is a huge website now, generating over 10 million page views a month. Thats over 140Gb of bandwidth a month! I spend almost all my spare time together with a few friends to run this website. It is not a big business or company with offices and loads of staff. I and my friends do this for no financial gain, from our homes in our spare time and every few weeks or so I get someone screaming about conspiracy and cookies and all sorts of other crap.

Well, I have had enough. If you don’t like it you have a few choices. Don’t visit at all, turn cookies off and lose some of the functionality of the forums, set your browser to warn you before a cookie is set and you choose which ones to accept (the option I use) or just get on with it and stop worrying! I have repeated since I first set PPRuNe up in 1995 that I wouldn’t charge users for access. It wouldn’t work. I know that raising the money to pay for the chat program has been difficult and that was a pittance compared to what it costs to run the site. It is the number and variety of readers and contributors that makes PPRuNe what it is and I am not about to dilute that because in my experience as soon as money is asked for only about 1% of people actually fork out in the end.

If any of the panickers out there think that I sell their details to spammers I would have nearly 30,000 angry people on my back. Don’t be so stupid! PPRuNe has established its integrity over the last 6 years and anyone whith an inckling of common sense who has been using PPRuNe for any length of time knows this.

Angry? You bet I am.

------------------
Capt PPRuNe
aka Danny Fyne
The Professional Pilots RUmour NEtwork

[This message has been edited by Capt PPRuNe (edited 29 March 2001).]

Oh boy - at last a question that I feel I am technically qualified to answer on Pprune!

Bee Pee and folks;

>>Some cookies can contain command code to transfer or even delete files to/from your computer... - NO!

>>....search for your personal details on your machine and transfer such data via the Internet to the cookie owner - NO!

>>...The info ‘stolen’ most often is your name and e-mail but also postal address and phone number! - and thrice NO!

I'm sorry, but this information is TOTALLY incorrect.

Cookies are small text files that can be issued by web site. The most popular use for cookies is in tracking user preferences during your time in that site, but it is important to note that cookies CANNOT access any information that you have not supplied voluntaraly to the site.
Cookies CANNOT access personal information on your computer, they can't download your credit card number, they can't crash a 747 or even get access to your email address (unless you have given the site that information off your own back).

The warning you have placed here is a common misconception as to what cookies are.

Danny is doing absolutely nothing wrong here on this site, all he is doing is storing a cookie on your machine that contains a unique number when you register. This number will also be stored in a database at his end along with the logon details that YOU HAVE SUPPLIED and is used to remember your username and password each time you post a message so you don't have to type that information in each time. That's it - period!
The important thing to remember is that cookies are essentially dumb things - they can only store data you have supplied and cannot access information stored elsewhere on your computer. They can't even access other websites cookies.

Now your comment about the doubleclick cookies tracking your activity is sort of correct - but not nearly as worrying as you think;
- The cookie that double click (and other advestising sites) issue is created by the adverts that appear at the top of the page. If you click an advert, then that request is stored at the doubleclick's sites (ie this user has clicked an advert for books on 747's). This enables the advertising sites to personalise the adverts that appear on PPrune and the other sites that use them to sell advertising space. Remember however that doubleclick do not know who you are, because you have not told them - you are just a.n.other user to them! Even though you have registered at Pprune, the double click cookie CANNOT examine the pprune cookie. So, the worst that can happen is that you get adverts which are more tailored to your own interests. The advertising cookies cannot track click you make elsewhere on Pprune or other sites - ONLY the times you click the adverts. If you are worried about this, then don't click the adverts!

Amazon.com uses a similar thing mechanism to track my purchases and show the types of books I am interested in on their homepage, such as Aviation, Computing & photography.

As a director of a very successful e-commerce company with over 10 years of experience in this field, I feel I am qualified to say that cookies are NOT evil, they CANNOT crash your machine, they CANNOT 'download' any personal information that you do not give yourself.

There are serious other security issues related to the internet, such as email viruses and potentially unsafe Active X controls, but cookies are nothing to worry about.

Hope this clears a few things up for you all.

Danny - thank you for clearing this up. My apologies for suggesting that the cause of my wretched spam might have originated from the method suggested here by others. However, someone has been passing addresses on - I haven't had any rubbish except to Hotmail (usually from @msn.com, @hotmail.com, @yahoo.com or @excite.com) and for that I reason I'm giving them until the end of the week to stop the level of spam or I shall just quit and rely on my personal and PPRuNe addresses. Both of which are just fine!!
Regarding the 'auto-dialling' caused by your adverts, I would dearly love to disable it; unfortunately Dell's rather pathetic so-called manual for the computer gives no clues as to how and the 'dial up network settings' or whatever it's called, is far from intuitive on this score!

[This message has been edited by BEagle (edited 29 March 2001).]

Am still both confused and concerned...it appears to me the Pprune or its' ads are placing 'valueclick'&'doubleclick' cookies on my system?!

I am not computer technically minded but am aware of the cookie problem and as such am always cleaning out cookies after coming off the internet. They are there again apparently co-inciding with a visit to Pprune when this is the only site I have been on...AOL are my ISP and they deny that any of the ads that appear on their AOL5/6 browser and Welcome page carry cookies especially those of the 'valueclick' type.

Danny,

As this topic seems to be causing some (unnecessary) concern, why not put a help-page up laying out PPRuNe policy on privacy issues, including information on exactly what cookie files can and cannot do. This is standard practice at some company/business web-sites. I could help if necessary as I have some experience of writing Perl scripts for my web-sites which create and interact with cookie files.

For those of you with a sense of humour I can only say that I have a mental picture of those people who are panicky about ‘cookies’ and think of them as being like the woman who has seen a mouse and has climbed up a pile of tables and chairs and is balanced precariously on top, holding her skirt around her knees and is trying to stand on one toe and is screaming hysterically. I think it may have been a Tom & Jerry cartoon that conjured up the thought!

Going completetly off the subject,as this topic was started by BeePee...I saw the Documentary about Cargolion on Discovery the other night.Are the crew featured still working for you BeePee.(Not to do with cookies I know.)

------------------
GET THE BLOODY NOSE DOWN!