NamePros Privacy Concerns

[RJ]

Dear NamePros Members,

There is a story circulating on Domain Name News that tries to link us to YouPorn.com's current scandal.

http://www.domainnamenews.com/news/nameproscom-outed-browser-history-sniffing-fiasco/8482

I just wanted to post and let you know we do not track our user's browsing history. We do make use of a stats service called Feedjit Pro and have a Facebook Connect feature that can connect your NamePros account to your Facebook account. Both service have their own privacy protections as well.

If there are any legitimate concerns of privacy on NamePros including our use of Feedjit, that I will promptly address there here with you in this thread or privately by email. My email address is [namepros email redacted].

Our privacy policy is linked from every page of our site. It is located at
http://www.namepros.com/privacypolicy.php

Sincerely,

Ron James
NamePros.com

 

[Michelle]

:tu:

No problems here RJ

 

[Erdy]

I would feel more comfortable if you didn't use Feedjit.

According this study Feedjit is a history sniffing javascript tool and it is used by namepros.
http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pdf

I don't care if half a million other sites use the same tool. At the end this is a respectable research done by a university and they checked 50.000 websites and found only 46 sites that do history sniffing and namepros was one of the top sites in the 46 site list.

 

[RJ]

If our use of Feedjit concerns you, please post it.

Considering options at this point. We have used Feedjit for our stats since July 2009 and they've been an excellent provider in that time. Are they being unfairly thrown under the bus?

Thank you Erdinc for your input.

 

[Deathstarr]

Dear Erdinc,

I do not represent any of the stated parties. But I have my own say in all of this. I have read the stories and read what was said and found that. If you do not like the tools that NamePros chooses to use to insure accurate stats to advertisers that are looking to purchase ad space, You do not have to use the forum.
Feddjit is just as reliable as google in stats, I trust NamePros and I have been here 5 years and privacy is not my concern on this forum. If privacy is your concern your in the wrong business. Nothing about Domaining is Private due to everyone on this forum know how to use Whois. I see that Your NameCatch.com is whois protected while some end users look at that as bad for business because if your website is down then how are they suppose to contact you(if your service was paid).

If you Read over the NamePros Privacy Policy you will see that there is a section for cookies and web beacons, also NamePros clearly states what kinda information is with-held and how you can disable the information from being used. If you are at major concern for your privacy I think you should be reading over Feedjit Privacy Policy and seeing there terms.

Kind Regards,
Randall Brown

 

[Acroplex]

Ron, I was looking for your response at the NamePros Announcement section and found it here from your tweet.

A related article also at this link.

 

[Erdy]

If you do not like the tools that NamePros chooses to use to insure accurate stats to advertisers that are looking to purchase ad space, You do not have to use the forum.

Why do you post that kind of useless message? I didn't ask you if I should use namepros or not. Your comment is rubbish.

Nothing about Domaining is Private due to everyone on this forum know how to use Whois.

You don't know what you are talking about. The issue is history sniffing. This means checking out what other URL's a person has visited. Would you be happy if I install something to your browser that tells me all the pages you visit through the day?

 

[Deathstarr]

Why do you post that kind of useless message? I didn't ask you if I should use namepros or not. Your comment is rubbish.

>> ok So I don't know anything? What is Feedjit?

You don't know what you are talking about. The issue is history sniffing. This means checking out what other URL's a person has visited. Would you be happy if I install something to your browser that tells me all the pages you visit through the day?

Your ISP does it, Companies do it all day. IF and thats a big IF, Feedjit does do it does not mean that namepros.com is able to see that info at will.

RJ outlined on another blog that the only information that he is able to view is the information for stats like Google Analytics.

 

[dna]

I would prefer that Namepros respected the privacy rights of its members.

 

[RJ]

Ron, I was looking for your response at the NamePros Announcement section and found it here from your tweet.

A related article also at this link.

I moved this to the Break Room so non-registered members can view it. The announcements forum is for registered members only and we don't have anything to hide here.

It seems like the main issue is whether or not to continue using Feedjit or not. I haven't heard anything from them yet about the sniffing concerns.

Thanks for commenting. Great link btw!

RJ

 

[Deathstarr]

I moved this to the Break Room so non-registered members can view it. The announcements forum is for registered members only and we don't have anything to hide here.

It seems like the main issue is whether or not to continue using Feedjit or not. I haven't heard anything from them yet about the sniffing concerns.

Thanks for commenting. Great link btw!

RJ

Although I am not much concerned with my privacy as others. I do however agree that the service should not be used and it is a vulnerability to NamePros.com.

 

[Erdy]

There is an article here about this issue:
http://news.techworld.com/security/3251994/websites-steal-browser-histories/

When reading this you understand that they are using javascript to read your entire browsing history recorded in your browser cache. This is illegal.

The research was done by computer science professor Sorin Lerner from University of California. The findings were presented at a conference. I found the power point presentation of Sorin Lerner:
http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pptx
Inside that file namepros is mentioned.

What other sites are doing is they simply record from what site you clicked the link to arrive on the current page. This is simply a feature of HTML and any website can have this information. This is not what feedjit.com is doing. Let's not confuse things. Feedjit is pulling your entire browsing history.

 

[RJ]

The UCSD study said Feedjit sniffed for Twitter, Facebook and "+6" other sites (presumably other social networking sites), not your entire browsing history.

It would seem there really is no need for Feedjit to collect this on NamePros if we are not using their social networking widget. The information does not appear in any of the reports, so it seems pointless to gather it for their Feedjit Pro customers.

Thanks for the additional links, Erdinc.

RJ

 

[Brujah]

Edit your HOSTS file and block feedjit.com there. That would work?

*nix and Mac users: /etc/hosts
Windows users: windows\system32\drivers\etc\hosts

add this line
127.0.0.1 feedjit.com

 

[glaxxon]

Even i'd prefer not using such widgets, if possible. What's wrong with using google analytics?

 

[snoopinc]

Edit your HOSTS file and block feedjit.com there. That would work?

*nix and Mac users: /etc/hosts
Windows users: windows\system32\drivers\etc\hosts

add this line
127.0.0.1 feedjit.com

You could also use adblock plus.

 

[Blake]

Well RJ,

I think your doing the right thing..talk to feedjit and figure out just exactly what they are collecting "if anything" and then base that on your decision to find an alternative place if need be. I honestly use mvp's host file and all is blocked on my end. I don't think the other "news" sites should have glorified the story as they did either. Perhaps some professional tact in contacting you and speaking with you personally would have went a long way.

Anyway Ron you are a true professional with as you said nothing to hide so do your investigation and keep us updated on your findings.

Cheers

Blake A. Worthington

 

[DU]

The latest versions of Firefox, Chrome and Safari block this history sniffing, but earlier versions and all versions of Internet Explorer don't, they say.

Is this wrong? Update your software people...

I also believe that the JS doesn't actually browse through your history but rather compares it to a list of url utilizing the visited property. While this could be a privacy issue - it's not quite as grave as direct history access (which would potentially contain much more information in the URL encodings - such as user name)

Generally I use "Private Mode" for surfing anyway - so they may catch me if I go to Twitter/NP in the same session... big whoop. 100 million people go to Twitter.

I think it's positive that RJ is willing to discuss all this in an open and transparent way. I'm sure the appropriate decision will be made based on the feedback from Feedjit.

 

[liquidcherry]

I have no problem that someone knows that i surf over to youp0rn after being finished with namepros....LOL!

On a more serious note, i am sure RJ will take the right measures

Cheers

Liquid

 

[DU]

When reading this you understand that they are using javascript to read your entire browsing history recorded in your browser cache. This is illegal.
...
Let's not confuse things. Feedjit is pulling your entire browsing history.

Did you actually read the paper or did I miss the part where it explained how a site got complete access to my browsing history.. I'd love a page # / paragraph # so I can re-evaluate.

Do you track the links that people click on Namecatch? Just curious.

 

[hollywood]

Just curious.

Just checking.

 

[barefoottech]

I don't see the problem.
The real problem sites are the ones that insert Keyloggers, hidden redirects and malware.

All of which has happened to me, from using links listed on the same self-righteous news sites that now complain loudly about a bit of history tracking.

Don't want people to know what sites you visit, than don't visit dodgy sites.

True privacy after all is a non-existent concept.

 

[Erdy]

Did you actually read the paper or did I miss the part where it explained how a site got complete access to my browsing history.. I'd love a page # / paragraph # so I can re-evaluate.
Do you track the links that people click on Namecatch? Just curious.

From what I understand here, feedjit is not recording what links you click on the namepros. They find out the links in your browsers history.

http://news.techworld.com/security/3251994/websites-steal-browser-histories/

Java scripts on these sites invade the browsers' history cache and finds out what sites the browser has visited. If, for example, the history reveals that the browser routinely visits a particular online banking site, attackers would know what phony banking page to serve up in order to steal login information, according to scientists at the University of California, San Diego.

On my website I only use Google analytics which I think is good enough as a statistics tool.

 

[theSun]

Just get this thing sorted out.

 

[DU]

From what I understand here, feedjit is not recording what links you click on the namepros. They find out the links in your browsers history. .

Not exactly. They can match the base url by checking the DOM tree value for "visited".

It's a Javascript hack; however, Archangel recently posted that they have done it with CSS.

It doesn't access your history per se. It's a subtle but very important distinction.

Good to know about Namecatch - it's an awesome tool.. I recommend it to all