Re: Traffic Log-Legitimate Traffic or Data Mining???

From: Jeff (jeff_at_nospam.net)
Date: 08/08/04 

Date: Sun, 08 Aug 2004 20:29:22 GMT

I already use Avant browser. I disable Active X and Flash animations, but I
still typically allow scripts to run and applets. Ad Blocker and Popup
Stopper are also running. But if the packets being sent from my computer
are the result of browser redirects, why doesn't my traffic log show an
incoming packet from either the original IP I wanted, or from the IP of the
redirect? Maybe I don't understand the exact nature of the traffic log.
When I tried to work with the Packet Log, it usually hung up and I would
have to use the Task Manager to terminate it. The packet log just
accumulated too much data too quickly, and the Sygate app wasn't very good
at resorting the log so that you could investigate it by reorganizing the
list by remote host or some other parameter you wanted to sort by. I reset
the Packet Log size liit to a much smaller value of perhaps 512 kB, but
haven't tried opening it since. Maybe I should watch it at the same time as
the Traffic Log.

How would an Anonymizer protect the information they are capturing? I can
always go through an anonymous proxy - I have a list and a utility for
switching between my direct connection and any of the anonymous public
proxies I pick up IPs for. But that doesn't change the fact that the
packets are coming from my computer, even if they don't have my IP. There
may still be personal information in the data packet, even though its not
coming from my IP anymore. I'd feel better if I could intercept this
information and see what was contained there. But that is beyond my realm of
knowledge at this time.

And I don't understand exactly how a HOSTS file will protect me from this.
I can sift through my HOSTS file, but I doubt it contains any of the URLs
I'm trying to avoid sending packets to. The Avant browser already has a
rather comprehensive Ad and popup blacklist, which is updated with each
revision of the browser. The last build just came out about two weeks ago.

So as I say, without knowing whats in those packets trying to be sent from
my computer, I'm going to keep blocking them from leaving. My question
remains the same - is this legitimate traffic going from my computer, or are
they data mining my computer without telling me? The traffic log gives the
domain names as well as the IPs of the remote hosts, and some of them have
been pretty wacky.

Thanks for your time.

"Dirk Claessens" <will.bounce@invalid> wrote in message
news:Xns953FD80977885FlyingCircus@195.130.132.70...
> "Jeff" <jeff@nospam.net> wrote in
> news:QwtRc.250317$JR4.100228@attbi_s54:
>
> > So the key question I have is this: is there a legitimate reason why
> > my computer should be sending a data packet to adsremote.scripps.com
> > (204.78.38.15) when I try to read the daily Dilbert comic
> > (65.114.4.69)? Other than the initial request from my browser to
> > download the .html file(s) from a website, why should my browser be
> > sending anything to anywhere else?
> >
>
> Most freely accessible websites run some form of advertisement/banner
> service. I guess you will have to live with it. This ad service may is
> either run by themselves, or by specialised 3d party companies.
>
> ( you'd be amazed where CNN,FoxNews,CBS & al take you to stuff you with
> ads!)
>
> This is part of the sourcecode of www.dilbert.com:
>
>
> <script language="JavaScript1.1"
> src="http://adsremote.scripps.com/js.ng/site=DLBT&adtype=SUPERSTITIAL&Pag
> ePos=1">
> </script>
>
>
> A simple dig reveals that www.dilbert.com is actually located at
> umns1.unitedmedia.com, and that the DNS-servers are ...
> ns1/2.scripps.com, belonging to the same domain as adsremote.
>
>
> C:\dig>dig www.dilbert.com
> ;; QUESTION SECTION:
> ;www.dilbert.com. IN A
>
> ;; ANSWER SECTION:
> www.dilbert.com. 3263 IN A 65.114.4.69
>
> ;; AUTHORITY SECTION:
> dilbert.com. 3263 IN NS umns1.unitedmedia.com.
> dilbert.com. 3263 IN NS ns1.scripps.com.
> dilbert.com. 3263 IN NS ns2.scripps.com.
>
> ;; ADDITIONAL SECTION:
> umns1.unitedmedia.com. 45917 IN A 65.114.4.10
> ns1.scripps.com. 45917 IN A 204.78.32.10
> ns2.scripps.com. 45917 IN A 209.215.174.32
>
>
> Frankly, what you are trying to achieve is a waist of time.
> It is perfectly normal/legal that a web page contains links to other
> domains, after all that's what the World Wide Web is all about!
>
> It is unfeasable to sift through each and every URL any given webpage may
> contain. If you're concerned about your privacy, then use some anonymizer
> service.
>
> Finally, if you're really concerned about security, then ditch IE & OE
> *now*. Even if you installed the latest patches, it will only be a matter
> of time before the next security hole will surface.
>
>
> --
> Dirk.
> No trees were killed in the creation of this message;
> however, many electrons were terribly inconvenienced.
> http://users.pandora.be/dirk.claessens2

Quantcast