Sending member IP info off-site
-
On at least the main page and the login page, there is a javascript that makes certain words links to an advertiser's site that then causes pop-up adds to appear whenever the mouse passes over these words.
In order for this to operate, your computer passes its' IP address to the outside advertiser because of coding written into the GT-RU pages by the staff.
I hope other members like myself feel this is a betrayal of trust and will register their disappointment with the administration by removing the script.
Voluntary links that require intentional clicking are one thing. This is entirely different since members cannot even get into GT-RU without involuntarily sending the info since the script exists on the login page.
-
Being somewhat more tech-savvy than most average 'net users, I thought I would interject the following:
-
1. Be aware that, in most countries, the sharing of otherwise copywritten material, no matter the method, is still ILLEGAL.
-
2. Be aware that, unless something changed overnight, properly trained law enforcement officials can trace your IP (as well as your MAC address in most cases) to you physical whereabouts. This means they can arrest you, detain you, even take your hard drive(s) for search; all for probable cause.
-
3. Be aware that, in many cases, if information is being sent to another site or host in one instance without prior notice, it is most definitely happening on multiple instances with mixed content information being transmitted, most of the time more personal than you think. This can be any number of things ranging from what you download or click on, to how long you stay on a specific page; anything that can be measured or tracked (such as your internet browsing history).
-
4. Be aware that javascript is by NO MEANS SECURE in and of itself; this means that if information is being relayed, it can be intercepted.
These are standard items that most people, even the most ignorant, should be made aware of and agree to as terms of use. If they are not already there as terms of use, then they should not be allowed without the prior consent of those persons already subscribed and/or using the service.
So, IMHO, please either restrict the info being mined, remove it, or make it perfectly clear what is being sent, who is getting it, and make it something that must be agreed upon in order to continue use. It's really that simple.
I am NOT trying to scare anyone; just trying to open some otherwise clouded eyes.
All of this is a moot point if the javascript doesn't send IP info (I have yet to look for sure for myself but will reply here when I do). I encourage more people to be aware of the code that lies behind every page that they visit - that's where malicious stuff can take place with or without a site host's knowledge. Make sure you browse with at least an anti-virus program of known strength and stability, and that you also check to make sure it's (the page you visit) not a spoof or phishing attempt.
Just my two pennies.
-
-
And just to add my bit, too.
Using this site, reading and posting in the forum, and looking at pages that present images and descriptions of porn flicks, is perfectly legal in all or most countries. The spying code can determine which pages you view (just showing an off-site image can do that and no one is the wiser), but with the standard settings in all major browsers against Cross-site scripting, the 'same origin' policy, and other security features enforced by the browsers, there's a limit to what can be sniffed out of your privacy.
I'm not saying it's okay that it happens, but there's no reason to panic, just yet.
The sharing of copyrighted material doesn't happen in the browser, or indeed at this site at all, so no amount of page sniffing can out you for breaking the law. Sharing files happens exclusively between peers in a completely different application (the bittorrent client), granted with the aid of the site's tracker, but all that does is connect the peers and maintain statistics (unless the site admins keep records they're not supped to, and I seriously doubt that).
That said, I agree that it's unacceptable to compromise the users' privacy like we see it happen here and a lot of other places. It's a different problem than most make it up to be, but is is a problem.
The issue that needs to be addressed is this: Can we trust the site admins?
I would submit that, basically we can, even if breaches like this doesn't inpire a whole lot of confidence.Guys, fix it, please.
-
1. I don't see ads or any script on MY system that does anything remotely like the indicated behavior.
2. The only thing I've seen so far is in the forums where a script logs the IP of each poster to the server and is only visible by the poster and moderators. This is the explanation given:Your IP address is shown only to you and moderators. Remember that this information is not identifying, and that most IPs change periodically.
You cannot see other members' IP addresses, and they cannot see yours.
Try it by looking at the bottom right of every post in this thread. See that little thing that says "Logged" if its not your own post? if you click it, that (above) is what it shows.
I think that donating to the site has more benefits including not seeing this supposed script that launches adverts from text links, not that they don't exist, I just don't see them, so I'm guessing that certain users may not be afflicted, or that maybe it's select individuals' computer that has something like spyware installed that can explain that behavior if it occurs on multiple sites from multiple domains…
Just my two pennies again.
-
To tell it once more also in this thread:
We do not give away IPs! (The numbers you see in that javascrip snippet is our site's identification with our advertising partner - nothing about user data)
We do not give away any user data.
We even do not keep server log files.IP numbers do not contain personal information.
There is nothing like personal information we ask for when you sign up (you remember?) or log in - so we do not have any personal information of our users (except what you yourself write or post on the site).
On the other hand: this site could not exist without advertising. So we need advertising partners to keep this site staying alive.
-
ALL adverts from remote providers will send your ip to them. as ALL (well 99.99%) of adverts load remote files hosted by the advertiser (in this case the add bar at the top loads this file from the advertiser hxxp://ads.adbrite.com/mb/text_group.php?sid=154152&br=1&dk=706572736f6e616c735f365f335f776562&col=6 note the sid and dk may well bee different for you) on loading that adbrite have the EXACT SAME info on you as this site dose (IPA, Browser info, operating system etc) This is just the way the web works. every image you load in your browser or js file you load the originating site will have all that info. Its not nessarlly bad or good its just the way things are.
If your paraniod you can always install softwere such as noscript (for firefox) to block these outside connections. however that would provent the adds which pay for this site displaying (so if you do that imo send a small donation to the site to compensate them for there loss of add revenue)
EDIT: (MrMazda 2010-12-16) - Disabled live link
-
@beeman:
ALL adverts from remote providers will send your ip to them.
Only if you click on an ad!
Technical background for interested:
The html pages are created on our own server and the ads are included there, before the page is sent to your browser. Only some few javascript ads try to capture an IP address. If you click on an advertisement your IP must be sent to the respective server, how else can the server know where to send the content to??? (Basic knowledge about the stucture of the http protocol 1.0 or 1.1 is needed to understand this last paragraph).
A little bit more knowledge of PHP is needed for the next paragraph:
@beeman:
as ALL (well 99.99%) of adverts load remote files hosted by the advertiser (in this case the add bar at the top loads this file from the advertiser hxxp://ads.adbrite.com/mb/text_group.php?sid=154152&br=1&dk=706572736f6e616c735f365f335f776562&col=6 note the sid and dk may well bee different for you) on loading that adbrite have the EXACT SAME info on you as this site dose (IPA, Browser info, operating system etc)
The html page (as noted above) is created on out server, the only information adbrite may get is the IP address of our server but not from the user for whom this page is created. Interested people can get the PHP code snippet which is used to create the ad from me to verify what I said.
@beeman:
This is just the way the web works. every image you load in your browser or js file you load the originating site will have all that info. Its not nessarlly bad or good its just the way things are.
Our server, that is correct, has your IP. Beeman, you are of course correct that the server, who delivers (or creates) a web page must have the IP of the one who wants to get this website in his browser. It's a bit more complicated if the site creating the html page need other parts from other servers (adbrite in this case). but it is, as said above, our server which gets the parts, not the user's address (not taking in account dangerous or spy scripts) which should be blocked by security software every Internet user should have installed on his computer before using the internet.
@beeman:
If your paraniod you can always install softwere such as noscript (for firefox) to block these outside connections. however that would provent the adds which pay for this site displaying (so if you do that imo send a small donation to the site to compensate them for there loss of add revenue)
You loose a bit more (example the upscaling of picture attachments in the forum) which will soon be possible also in our torrent views and more.
I can only refer to the answer I gave prior in this thread.
EDIT: (MrMazda 2010-12-16) - Disabled live link
-
i have to correct you on some of your points (well one point thats been repeated ;))
ANYTHING that has a live scr tag such asOR
-
Let me apologize, beeman, you are of course right. I think I had no coffe yet when I posted my answer
I had an (outdated) old version of the advertising php script on my computer where ads (containing seperate links) in fact got included in the html page at our server. In the meantime adbrite only works with scripts on their own servers.
I completely agree with your last paragraph:
@beeman:
It is nothing to bee concirned about as adbrite are a well known and "respectable" advertising company, but it is a fact that just browsing this (and any site that has adds provided by adbrite (or google adds or any1 else)) has access to your ipa. this is NOT because the site is handing over the details but simply the way html works.
Just a last thought about this topic: Since the start of this site we offer the possibility to switch of advertising for donators. For those members the javascript parts (or ad images links) are not included in the html page.
