Hitbox on LiveJournal
I want to address the questions and concerns we have heard from users about Hitbox code on LiveJournal. There are several points that have been raised and I'll try to touch on each one.
( Read more... )
( Read more... )
"The Hitbox javascript would still execute on pages you visit but there would be nothing for Hitbox to report except a page request by an unknown person" is not accurate because HitBox would still receive the IP address of the page viewer and in these days of long-duration IP addresses and mandatory IP to subscriber record keeping by ISPs, that is often both a useful unique identifier and a way to locate an individual (via court process; or aggregation with data from other sites, something HitBox says it doesn't do) or individual account.
http://www.websidestory.com/privacy/cookie-opt-out.html is more substantially wrong, since it contains the essentially false claim that "Since the opt-out cookie does not contain a unique user ID number, it does not allow us to identify your computer individually", ignoring the significant identification value of an IP address and what can be derived via it.
In tests with partial hit data for a top 100 site I found that it was necessary to remove about half of the IP address before it effectively ceased being a reliable indicator of an account holder in some parts of the IP space. I didn't use route tracing to further enhance the ability to identify an account holder from an IP address in those general tests. Because of its identification value, it's in routine use as an anti-abuse tool there.
Does HitBox use Java or ActiveX in addition to Javascript? Either provides opportunities to circumvent various IP concealing approaches, like the AOL proxy pools.
Is the ID assigned for an account uniquely associated with an account in a reversible way which could allow an ID to be traced back to an account? Does it allow the deducing of inormation like age of an account?
Questions aside, you seem to have tried and been caught out only unintentionally. Good start. IMO.
Reply
Reply
Leave a comment