Photobucket Shenanigans

[dr1819]

While perusing a thread here on HighHeel Meeting Place, I noticed some unusual offsite activity (rare, as I only had a HHMP window up).

The source: PhotoBucket. Here's what the report looked like:

It appears that every time you access a website (HHMP or another) that references photos on PhotoBucket, the latter deposits cookies on your computer (one for each photo you're viewing), AND it logs the URL of the website (HHMP) which referenced PhotoBucket.

I looked at the cookie and it contains encrypted information. Because of this, I strongly suspect it's a unique number. Thus, the next time you visit PhotoBucket, PhotoBucket reads it's cookies, and knows exactly what websites you've been to that have referenced PhotoBucket.

If you log in to PhotoBucket, now PhotoBucket knows that you, User X, have been to all those other websites.

Moral of the story - before logging in to PhotoBucket, erase your cookies! And don't access any more content anywhere else until you've logged out of PhotoBucket.

Spoil Big Brother's Master Plan!

Or something like that...

By the way, if you want to see my privacy settings, if you're using Internet Explorer, go to Tools, Internet Options, Privacy tab, and set it to Medium High. There you can read the kinds of cookies PhotoBucket is using, none of them very nice ones. By the way, I recommend Medium High, as it allows you to do 99% of the stuff you would normally do (without others being able to intrude on your privacy), but blocks activity from badly behaved sites (which you don't want to be visiting anyway!). As for security, I use medium, but I'm also using both Windows Firewall and a hardware-based firewall, in addition to the latest version of Norton Antivirus.

[sendra45]

Okay, so to add to this, you are using Windoze XP with IE? not that it makes any difference, just interested.

[Shafted]

I just have my browser set up so that permission is required for all script and activeX stuff that is not listed in my safe sites. Sure I have to click yes or no alot, but with a little bit of knowledge and control of my browser nothing I don't want gets through.

[dr1819]

Good for you, Shafted! And yes, Nigel. I've been a member of MS beta teams for a decade. I'm always exploring holes and fixes. One myth that's been circulating recently is that Firefox and Opera have less holes than IE. Not true. IE simply has about 1,000 times the people trying to find it's holes. Neither Windows nor IE will ever provide the security you need. They're not designed to. Only an external, hardware (firmware) based firewall will do that, in combination with appropriate settings for Windows IE, Outlook, Windows Firewall, and your AntiVirus program. When you do all of those things correctly, you shut out 99.9999999% of all hackers. As a network security specialist, I've a separate machine that does nothing but monitor the traffic, and to date (since 1998), there's been only two intrusions into this setup that bypassed my protocols. Again, this machine just monitors, and is not visible to outsiders. When compared with my machine logs, it found two files that didn't belong. In short, I watched and waited, and both were fixed by Norton Antivirus in less than a month, long before they were due to deploy their package. Sure, anti-IE and anti-Microsoft folks would have you believe that your security is wide open. However, my investments beyond my PC and Windows XP / IE total a whopping $168, and it's been long proven, overseas, to boot, to be darn neigh bulletproof. As a networking security specialist, I'll stick with Microsoft. No, they didn't do the best job of security in the beginning, but they've learned a lot along the way and their current implementations complete with security updates, when combined with a strong antivirus and strong anti-spyware and firewall solutions render pretty much anyone, anywhere, as strong as any corporate solution.

[sendra45]

yeh, If you dont know what you are doing and where you are going, the internet can be a nasty place. perhaps we should set up a thread on how to help other members stay out of trouble? I have tried to navigate around help forums for computers before, the trouble is they are full of folk who assume you know what you are doing. Perhaps a non jargon, pointers in the right direction thread might help?

[FreeMannWorld]

Well 1 way on anotter Format/Install/Format/Install/New Windows :argue: /Format/Install/Format/Install Best way out off trobbles :rofl: :rofl: :rofl: Sorry i neede to do this!

[jmc]

Fdisk/Format/Setup. I call that the MUVET -- Microsoft Universal Virus Elimination Tool.

[Shafted]

Just remember that those methods might not work for some boot sector viruses, boot sector viruses can render a harddrive infected permanantly without low level formating.

[sendra45]

Now Now everybody, How is that going to help a computer novice? I mean real help. but I cant help but think that you do need to know what you are doing and you do need to spend extra money to make XP work as it should. that is the shame for me. It is also no good suggesting that it is okay when so many folk have problems with their computer. I have stopped telling folk that I can help as without fail I end up spending hours trying to save or rebuild some poor sods PC, like I said, I pretend I cant help as I dont use Microsoft products. It is a shame that I dont want to help others suffering from their connection to the internet. The last chap I helped was seeking help again and again, and I dont have that much time. I installed Suse9.2 linux about a year and a half ago and recently bought myself a 64bit pc, the first thing I did was stuck a Suse10.1 dvd in its drive and loaded that. Things run smooth and with a software bill of one blank dvd I cant complain. I just have one PC for using here in the office and a Mac in the kitchen, that too is running linux. Dr1819, this is a me wanting to start a major rant about what is best. You and I will more than likely never agree, I think we a big enough to see that too. I just think that here on the Hhplace there are loads of us that dont conform to the norm by wearing heels and for some, more. I would just like to see more folk tring something different.

[balacau]

Dr1918 I thank you for your post, this is just as interesting to me as when it was found Sony was putting some nasty malicious software onto the music cd's it produces which copied itself onto peoples computers without their conscent. Very enlightening indeed! I actually have a photobucket account, but dont use it often, nor do I use photobucket if at all. In fact the last time I spent any time on it was when i was looking for costume ideas for a scifi convention me and some friends were hoping to try and organise in Ohio; which didnt make it off the drawing board sadly. I still use Windows but am wanting a second low-tech cheap PC to try out Linux (and possibly even older Unix for one of my own projects) for myself so I can reliably compare the two in my own way. Getting back on topic, I wouldnt be at all surpised if all the free upload sites like photobucket, myspace, MSNspace and youtube and Webshots didnt have similar nasties which read your computer history on them. Thanks for the warning though!

[balacau]

Sorry I missed a bit: As for a thread about computer problems, how about its own sub-message board? The Net is so finicky these days, some sites will work with this browser but not with another one etc. I can imagine the thread being over a dozen pages long in no time at all. Perhaps its own dedicated message board would work better? Easier to find out about certain topics that way.

[dr1819]

I actually run four machines at home, Nigel - one Windows XP Pro, one Linux, one Unix, and one Mac. For various purposes and network security testing/monitoring. It's my job. As far as your comment, "you do need to spend extra money to make XP work as it should..." Not a thin dime! And it works exceptionally well when combined with a NAT firewall and Norton Antivirus. If you think that's spending extra, think again. I can hack into any Linux system on the planet. I do it for a living (but only under governmental direction). Appropriately configured systems as mentioned above are exceptinally more difficult to hack than Linux systems out of the box. Cheers!