NamePros Privacy Concerns

[RJ]

Dear NamePros Members,

There is a story circulating on Domain Name News that tries to link us to YouPorn.com's current scandal.

http://www.domainnamenews.com/news/nameproscom-outed-browser-history-sniffing-fiasco/8482

I just wanted to post and let you know we do not track our user's browsing history. We do make use of a stats service called Feedjit Pro and have a Facebook Connect feature that can connect your NamePros account to your Facebook account. Both service have their own privacy protections as well.

If there are any legitimate concerns of privacy on NamePros including our use of Feedjit, that I will promptly address there here with you in this thread or privately by email. My email address is [namepros email redacted].

Our privacy policy is linked from every page of our site. It is located at
http://www.namepros.com/privacypolicy.php

Sincerely,

Ron James
NamePros.com

 

[hollywood]

Just curious.

Just checking.

 

[barefoottech]

I don't see the problem.
The real problem sites are the ones that insert Keyloggers, hidden redirects and malware.

All of which has happened to me, from using links listed on the same self-righteous news sites that now complain loudly about a bit of history tracking.

Don't want people to know what sites you visit, than don't visit dodgy sites.

True privacy after all is a non-existent concept.

 

[Erdy]

Did you actually read the paper or did I miss the part where it explained how a site got complete access to my browsing history.. I'd love a page # / paragraph # so I can re-evaluate.
Do you track the links that people click on Namecatch? Just curious.

From what I understand here, feedjit is not recording what links you click on the namepros. They find out the links in your browsers history.

http://news.techworld.com/security/3251994/websites-steal-browser-histories/

Java scripts on these sites invade the browsers' history cache and finds out what sites the browser has visited. If, for example, the history reveals that the browser routinely visits a particular online banking site, attackers would know what phony banking page to serve up in order to steal login information, according to scientists at the University of California, San Diego.

On my website I only use Google analytics which I think is good enough as a statistics tool.

 

[theSun]

Just get this thing sorted out.

 

[DU]

From what I understand here, feedjit is not recording what links you click on the namepros. They find out the links in your browsers history. .

Not exactly. They can match the base url by checking the DOM tree value for "visited".

It's a Javascript hack; however, Archangel recently posted that they have done it with CSS.

It doesn't access your history per se. It's a subtle but very important distinction.

Good to know about Namecatch - it's an awesome tool.. I recommend it to all

 

[vc]

Actually, I think the simple fact is: What's the big deal for tracking where you come from? Now if namepros is being flamed, help defend it from harms.

I support you NamePros.

No one is flaming/harming Namepros. People use the "wrong tools" all the time and users are voicing legitimate concerns. :wave:

 

[Jeff]

Personally, with all that's going on in the world today, I have no such worries or concerns! :talk: :imho:

Happy Holidays,
Jeff

 

[Tippy]

Ah that explains why I started seeing Doll House ads at NP in the footer, I was looking/searching online the other day into buying/building one for my Daughter... I did say to myself " how did NP know I was interested in buying a Doll House " question answered.

Not sure if I'm cool with that but then again no major harm I guess was done.

 

[theSun]

Just get this thing sorted out.

 

[Erdy]

I found this news item which was published a few days ago:

Class Action Lawsuit Filed Over YouPorn History Sniffing:
http://blogs.forbes.com/kashmirhill...-lawsuit-filed-over-youporn-history-sniffing/

Youporn was on the top of the list along with feedjit on number 3 and namepros on number 6 of a research about history sniffing.
http://img573.imageshack.us/img573/7905/namepros.gif

In took that screenshot from this power point file:
computer science professor Sorin Lerner from University of California.
http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pptx

It was shown at a conference about Internet Security. I'm not happy that a room full of Industry experts were talking about history sniffing and the example they were given was namepros.

After reading some more it appears feedjit.com, the tool namepros is using, does not directly download your browsing history from your browser cache as I assumed before. Instead it records the visited links on the pages you open. Let's say you make a search on another website outside namepros and you click a few search results. The visited links change colour. By using javascript they find out the links that you clicked.

---------- Post added at 10:26 AM ---------- Previous post was at 10:21 AM ----------


You are missing the point. The javascript of feedjit.com that is injected to your browser because you visit namepros does not only record links on namepros. It records links on other websites you visit.

This is not about namepros. Namepros is helping feedjit to collect browsing history from you outside namepros.

Considering that the first guy on top of the list is hit with a class action lawsuit right now, and namepros is on the same list at number 6, it is not the best thing to ignore the issue and to hope it will go away on its own.

I don't care if namepros was recording every click I make on this website. However I don't want code injected to my browser that records other sites I visit. If you are happy with thats your choice.

 

[Jawed]

It seems to me that now the issue is with Feedjit. If (and this is a big if) they do anything illegal (regardless of the fact that NP itself is not involved in anything like that) I wouldn't put the reputation of NP at risk by associating with Feedjit.

 

[vc]

It seems to me that now the issue is with Feedjit. If (and this is a big if) they do anything illegal (regardless of the fact that NP itself is not involved in anything like that) I wouldn't put the reputation of NP at risk by associating with Feedjit.

I think NP's reputation is at stake if we continue to use (and facilitate) such rogue tracking services. (it wasn't before given the benefit of doubt, but now since cards are on the table, action must be taken :imho

 

[DU]

After reading some more it appears feedjit.com, the tool namepros is using, does not directly download your browsing history from your browser cache as I assumed before. Instead it records the visited links on the pages you open. Let's say you make a search on another website outside namepros and you click a few search results. The visited links change colour. By using javascript they find out the links that you clicked.

But only by comparing it to a list that they are looking for. The paper shows that it found matches only on SIX of the sites that the study was mentioning.

It cannot track arbitrary history - only history it's looking for. That is it can tell you have been to BOA.com if you have been there AND it is looking for that match. It won't know you went to Namecatch.com because they won't be tracking that (necessarily).

It's not a huge risk. I imagine that most people give up far more on Google.. and their ISP tracks everything.

The new versions of CHROME, FIREFOX and SAFARI prevent this behaviour.

I think we let RJ do his due diligence and make the appropriate decision.

The words Mountain and Molehill seem very appropriate. I think people should worry more about the code injected in their purchased Wordpress Templates frankly. And the word "injection" is not really accurate - injection is,imho, taking advantage of a security flaw in a particular way... this is NOT that.

 

[RJ]

While I don't believe there was any malicious activity by Feedjit, they have been completely unresponsive to my inquiries during this situation.

I removed their code from NamePros this past Saturday and canceled our account with them today. We will take our business elsewhere for stats.

Thanks for the input, everyone.

RJ

 

[DU]

While I don't believe there was any malicious activity by Feedjit, they have been completely unresponsive to my inquiries during this situation.

I removed their code from NamePros this past Saturday and canceled our account with them today. We will take our business elsewhere for stats.

Thanks for the input, everyone.

RJ

I wonder if that decision will get FRONT PAGE BILLING at DomainNameNews ?

JC.

 

[dna]

I would like to thank DomainNameNews for bringing this issue to
everybodys attention. The attacks on DomainNameNews are clearly
unwarrented.

 

[Jawed]

While I don't believe there was any malicious activity by Feedjit, they have been completely unresponsive to my inquiries during this situation.

I removed their code from NamePros this past Saturday and canceled our account with them today. We will take our business elsewhere for stats.

Thanks for the input, everyone.

RJ

That was the right thing to do in my opinion.

 

[Jeff]

I would prefer that Namepros respected the privacy rights of its members.

I would like to thank DomainNameNews for bringing this issue to
everybodys attention. The attacks on DomainNameNews are clearly
unwarrented.

Huh?
I feel that we may be following a different thread / sequence of events here ... thank you for the clarification. :blink: :imho:

Regards,
Jeff

 

[DU]

Interesting twist to all this is that :

1) The CEO of Feedjit responds to the original blog saying that they DO NOT do this.

2) The CEO of Feedjit says that the original paper in no way contacted them.

So what is the net result?

RJ has dropped Feedjit for no reason other than some stupid story on another forum based on a paper that I don't think followed ethical procedures and practices if the CEO of Feedjit is to be believed. A perfectly normal (I guess) business relationship ruined by:

1) DNN Posts a story to get attention. Research done: ZERO.

2) Namepros looks bad for a day or two and everyone jumps on the "privacy" bandwagon without any real attempts to understand or evaluate the gravity (or lack thereof) of the issue. Research done: ZERO

And they say journalism will be replaced by blogs?

 

[Erdy]

Feedjit responds to the original blog saying that they DO NOT do this.

What did you expect them to say? Do you really believe Feedjit would just admit doing something illegal especially when somebody else was just sued a week ago?

A computer science professors says they have developed special software to spot this kind history tracking activity which was not possible to see before. I would rather believe him then the other guy.

The namepros gang is on a mission to silence people. It is funny to watch you guys.