ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
Browser Tracking.... (Community)
Browser Tracking.... // Communitystrike rapierMay 26, 2002, 9:30am
I dont know if this has been discuessed, but Id like someone who knows to
fully explain how our hardware is going to be tracked using this Hexadecimal Hash # that is going to be forming part of the new ejection systems in version 3.3. I personally feel that if this system is introduced then the eject feature will effectivly become spyware that anyone with their citnum in a bot (or PPW) can acess and see. I believe that the actual display of this unique ID that I presume stays contstant in each world is a invasion of privacy, sure, its Hex but as anyone with windows calculator or a programming tool can do, just type it in and press translate. And you have yourself the origional number. If this number absolutly *has* to be included why cant it be made invisible so that ejections automatically add the hash, but it is not visible to either people with eject, CT or anyone else for that matter. I understand that it is meant to keep us safe by keeping out some of the crackers and such at universe level etc, but the people who its meant to keep out are the people who can create programs to mask their hash number anyway. If anyone from AWC reads things (roland, Young Shamus, HamFon etc) then could you please explain what exactly is being tracked, and if you would give any consideration to this compromise. - Mark lysimachusMay 26, 2002, 9:36am
I don't believe it actually shows the number. Ima's post from the beta
form asks about ho you do the three ejection types, then he later corrects himself by saying, it does all three at the same time: ip, citnum, and the #. It says it in the docs somewhere. I don't think it shows the number at all, but still just shows the IP. [View Quote] strike rapierMay 26, 2002, 9:46am
http://www.activeworlds.com/help/aw33/world_ejections.html
shows a box to display the value w/ 3 radio buttons to display what is in the box also "For computer ID ejections, the value shows the computer ID in hexadecimal" so it shows it kahMay 26, 2002, 9:56am
"strike rapier" <strike at rapiercom.freeserve.co.uk> wrote in news:3cf0cb1c$1
at server1.Activeworlds.com: > http://www.activeworlds.com/help/aw33/world_ejections.html > > shows a box to display the value w/ 3 radio buttons to display what is in > the box > > also "For computer ID ejections, the value shows the computer ID in > hexadecimal" so it shows it Big deal, it's a serial number, who cares if anyone sees it? KAH strike rapierMay 26, 2002, 10:14am
anyone who doesnt want anyone to be able to see part of their hardware info?
ananasMay 26, 2002, 10:37am
I doubt that it is something nasty like the key
that XP uses to validate the licences. I guess it is more something like the BIOS serial number, the CPU serial or the unique network card number that, or a combination of two or three of those. It would be nice though if we knew exactly where it is taken from. [View Quote] jermeMay 26, 2002, 10:53am
Thing is.. no one (except a few people at AWC) know where that number is. As
far as I know, there's no way of telling what exactly that hex number really represents. I think you're over reacting a little strike... From Ima's posts, it sounds like those radio buttons aren't there. If they were there, his question (how do you do each kind of ejection) would have been totally stupid. Ima replied to his post saying that the browser does all three when you eject someone. It also sounds as if this hex # is never displayed anywhere. I'm pretty sure you can't get it though the SDK either.. The eject function takes a session #, and a mode of ejection. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jeremy Booker JTech Web Systems (www.JTechWebSystems.com -- Coming Soon) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [View Quote] strike rapierMay 26, 2002, 10:54am
Did you read the help files? it has a box to display the value deendant on
what button is pressed and you can lookup but has # 83058May 26, 2002, 11:16am
He is absolutely not overreacting. 3.3 will become, as Strike accurately
put it, spyware. All of this information will be available to the volunteers in AW, as well as AW employees and world owners. I'm more concerned about this information being accessible by the PK's and GK's for reasons that I don't care to go into right now. [View Quote] agent1May 26, 2002, 11:51am
The hash that AW uses won't be able to tell someone what type of video card
you have, how much memory is installed on your computer, or any other specific information about your hardware. Don't overreact. -Agent1 [View Quote] agent1May 26, 2002, 11:57am
That dialog box either hasn't been implemented yet, or is only available to
caretakers. Attached is a screenshot of the eject dialog in the current beta version of 3.3. -Agent1 [View Quote] begin 666 ejectdialog.gif M1TE&.#=AX `"`?<``````( ```" `(" ```` at ( ` at " at ,# P(" at /\```#_ M`/__````__\`_P#______P``$ `````````````````````````````````` M```````````````````````````````````````````````````````````` M`````````````(B(%XB(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B( MB(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B(B( MB(B(B'?W%W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=WAW=W?W M%W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=WAW=W?W%W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=WAW=W?W%W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=WAW=W?W%W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=WAW=W?W!W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=WAW=W?W!W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W=W M=W=W=W=W=W=W=W=W=W=W=R'Y! ``````+ ````# at ``(!``C_``4`$$AP( `$ M`!(*1" ` at <.'$"-*=-CP8<*+&#-JW B at $..($->]!A I,F3'"=.1+G1(TN1 M%1\^$'" at ILV;.'/JW,FSI\^?0(,*'4JTJ-&C/ at $\`'# at at =.G4*-*G4JUJM6K M6+-JW<JUJ]>O8*LB7-H4J=FS:-.J7<O6[%BF#PX0F$NWKMV[>//JW<NWK]^_ M at ,+'DRX\-T#;\L:7LRXL>/'D",71JP4KES)F#-KWLPY[]:.!"B3C=NYM.G3 MJ/W&_8EPKFC+=*G.=0J9=EW;J7/K7KS:9^O0B4G/?B 9=VSBMY'O7LY<M<V$ M-Z%3=AW\, at 'CCK%?5SZ\N??O=WL?_Y N?3KPRHJ[X\4=-?G3[=CC*X?JGOU[ M\/ at ;BQ]_\>;OU^G!1Y]Z]JFWW8%VR4< at < at 7"E]^#O.547DW_57><9PS.EV%X MW!FX((<7( at CAB(+MAY%_H $HG( at )9M at >BQ[&:-^,`VI'XHUZB4<>4Q2F:&&, M(=JHW9 =$ at DDC# at F&=YS/-8D787HK6 at C at at T6**2&06[XH9)<+LF:CU%:)YN( M+PYW'Y("%GEFFB%VZ>9U0$$YFG5[3?GFG=\]H))$8,ZI6H=X!NK=2]2%V9>= M at B::I(IT*NKHHX7.V=:DE%9JZ:5L58?IIIQVZFFEFGXJZJBDEII3J*:FJNJJ M;:'*ZJNPQO_ZI:2RUFIKK:[>JNNNH^;*ZZ_ at AIFL,06F^FPQB:K;%&^+NOL MLRC2"NVTTS:K[)[89JOMMMQVZ^VWV^ZGD[7)(O32N>BFJ^ZZ+Y7E&[+5-DEM MK.*>"B^T"/''[KX8(3"ONSV1&]W N#+%[\$)^3MOO3 at )S.1SMN:KE%, at +57Q M4Q<M9?%)3BE,+</16 at 94>?+"*K'&%8>TL<4;LZ3GOR#;Y+"3X]'LY(X&-]E? MS92>G-#*&8L$=&7GOKSPK"+_9+#-`_/H-,]0]VPPRT'_G#'%$Q---,H88PU5 MQAY/&W./TO;TM,[]/5US1I?ZK/70&*$\,=:5R4WUT$9_C#3 23V0#/72/ .^ MJ=MU%WXUQ51;77CB<F\=-K1C,SJRWSH'3G/EEA+.]=M!)[ZUX7=7G;?8>T?. M]-]IV^PT><*.US+<G'L>.N.<*_7XLY'/'"SAM1]N-\96VQT\\+;#7/K(&Q7L M.L(N:S0ZY,?/>W++S*<<]_.X1T]MOO_2JWV\W7O_;MG/WAY^JKG?BWM8[+?O M_OM;_WU__ORZZD[__:3:C__^G>K/*[ at `#* `!TC B:2/?,XR'_\Z=<"D56N! MI6H at W_"EK^I9T"2WDJ#I=E?!"WHP>;;28%!6MS.<E QB!,M4!S_(P at F)+V#J MVXG:3D=#%-IP+?YJH0Y+*"L13BYJ)1-<"FN(EASN4(<9E!]/9ABUM45G9R?" MF=_X0T0*K?"(%DSB^!QHMIOQ\&],$QS at *G>V*LKLBEADGA9AB$"=,-&$*"0C MQ$C(NAORQ(AI]. :[QA#-YJ1;6"48Q-/=\)3H3&/_-KC3G3W1CN*,9!AM%PC M&W9(1+)+D>/JHX2J&$0OTA%U:*/<'2MI275ATEYMO!8$2?_EP^VM<E2M?. K M/Q5+R,'OEKC,)5B4.,M>9DZ3O at RF6OPGS&(&A9C&3"8?4ZG,9AX3F,Z,YC*Y M*,UJLI&:ULQFPZ"IS6HBLYO"_"8X?2G.<<ZRG-V#B#DSR<PGDNR'N_K(11RR MSI!-<(EQA.>MS/7$>K&MD/ at D&$"-Q<A\*NU_A?2G63HIE(&^JJ"J\R*3U,;0 MP*%M=5*;XCT=JK10-A2A[9RH()UXN4$*\I$<10KW3E03<742<U\D61GKN#82 M:K14$)7D'$U82)B*5(C'\J1-7 I%2!+2B6<K8TF-FE),Y52I)-TI'"/9Q*8: MA7M4'.HF!6I1'BYMC$8E*2"MZE2 at ;E(5I5)E*'2 at "M2 at YD2A7)VDY72Z5+'Z M456,+*%-)0K&)UITHF8LXD[ at :D/,`3&B41TC6)=*5F&%E'].N4ED[UI8=TXU MGS!=K%X;ZUAL^A(J]=SF8T.[1([\:RP!N"=IG8E:U<IPM:]L[08Y"UM\*26U MLZWM*F4[PKVN5;?2NZUKMSI2?#VDMKS]87&7)<^$*;";R3UH6)D[H9_)\(OZ MI/\M2'$[PDAJ-U98E2QE!]DW.\;K`=R%9U')^ZOPXL2E0\QN^*)+SH'"%[,7 MO2PHO?M=4=&WE^X5KWXQFEAWKK? _?6O<#=(OP!K=<#\]2I7Z]K6?2[8F XF M[%RC"N&P5CAB%RZF`C4\PT?>L,1_3?"G_OM9\4S6C7J-HPOEE=^;<3B>(4XF M:&'+8N":#83!1>]P?0S at '!,9PT8^<CB3K.3Z"IG!36XPDX.I3AY/^9SF<NYJ M>QS;ZBKENBY$7IBW=^7=)G2\G#7L:<N\0 >W=*N!1?-\V<P_-V\TKC4^,6 W MO#LZ[\_.]U4=6X=XPL42B\L0!#2<-YPS"1<V=>RMGY___WSF1:,8H#3V;IP+ M]F0,#U;.'DZA80E<+$2O\L5-`1E+^QK35M.TU)->X(Y3I6*<QIK(IN4I=3L= MY27SNM=.3B^PB_SK87>YV,9.]*W_?%PK(YN<63[(<[5IZC9[F6&K[NYKI2OI M9Y^STAW6]G at #VFUAUY<G at 8[TMOO*;0M[V\SHMO3E\DS5_?)5KJNJ-J7CW6'6 MJ7G4FBYIK7_Y;F7SF] 1GC%2?]K!K+K;W.=^*ZB7V[0"Q_?#K-+WGS\M[U!? M-M,4YC-XETT_5*.:I^\4=$\=*5,4<QKBPIPU:35^9)&0N>#)EO)H<QYDS_)\ M?C3_^7EA+G2 at D[SHUSHZT at FJ`_2E'_^ZZ4X'5M"CSG2<4SV!4+]ZN8=,H0)Z M_>M at #[O8QRZ361&=DEI_U0'/[I^TJ]WL7$>,VUFU]KA/>^X,A'ON\*ZJNN^= M[Z;R.VL`'WA>HIWPL-3[X!&?^/&Q_8R,%Y7 at ?1-YR2N>\I7WU.0#EGG-7Y[S MG>?4YD<9^DV-?I&E-_WG29]Z2YU^7*V_U.L-&?M*S?[PM6_+[=N>^TGM'O*] M9\OOK1A\X:\>]<5?R_#EGGRU+/_NS1?*\Z.?ENE3_RS6OSY2LJ]]H]02]MT_ MRO=I'_ZBC!_WY9?^\<&?_J%PO_U >3_\?2+_^1]\F8\GOOU_4O_]2]SQ<:=+ M`CB !%B !; at H?O[G6/F7 at ,.4=0SX3%;W at $7D at !(( at %!6 at 40Q=1 at X%!JX at 1"X M at ![(+/\4&(*B!8(D*!0=>(+X%W<J^($LV(((^%.E9'.#98#L`U VV#Y-12YS MDX-<,69O!F(<)X2&YR07R"G\-(2RXF9'Z"EV9D\Q\V5+"(0OV"LX*&EQ`DQ2 M.'+V96%*.(59B'-;:#)4V(1(>(5>&(-&.!1C-2E)J!,F0A3?14?RPH2]185R M^"5A^'ACV&YLR(%EJ%_Z](>'U2-?N&[J]E'OLH=#UH?E512-]8;_9UZ/F(>% M2!F'.&YID5)/*#-LYHA=-%6;16I?TH7QI2][1E%S%%-'98AP.(CWYG"CN&F= M2#9\"&6KAE9UE86FZ$A2M7 !5XB Y(J3&(JOY6^_B'&>R(C_48B+F_1/ at O at N MO4A#(Y4SHL9N(K>,K^B'0K5<T+B(:N at ZA%AQ%P>(TUA5R6AQZIB-Q/A>L%B- MZ'B*]L*,9N.,< 2/D1B(Y1ARJDA%_U9%=MANNHA at O\A']+A$N,A2>X6*F^:) MYSA6+7=67\6*[!60'=5R)C:+B8B)X0B*XXA#^F at IWV61RM.1#)8\`[=-YS at I M(XF&1&B!]5 at P*_E0+EF2,(F0,GE_(Y>)-'F0,F2&;1.28+B-+WE-C: at G9$= M0KF31&F31AF%,X at 2Z):47H>#5%F58>ASI!25V"6#7 ED*/>5(9&550B#TU26 M9LE.6IF61<B6;>F63PF75V56<EF")FA9ERD(EWGIEGO)EGV9EJUUE8(YF(19 1F(:)6F*9F(JYF/SR``$!`#L` ` end strike rapierMay 26, 2002, 12:03pm
I Dont want anyone to be able to uniquly ID my computer nomatter what.. its
things like that, that end up as computer specific viruses etc. silencedMay 26, 2002, 12:42pm
Yes, it's only a CT feature, under that world options ejection, which only
CT's can modify. --Bowen-- Have $3... want a website? http://www.smartpenguin.com/affiliate.php?id=12 [View Quote] joemanMay 26, 2002, 2:09pm
Oh come on! Its a serial number from an area on your computer hashed.
Hashes cannot be reversed, so there are no worries. I doubt anyone could create some sort of virus that would make your computer melt, or take over the world from a serial number on your computer. I think your over reacting a lot. What about the people with static IP addresses? That's a static with their computer like serials are. So, the line of thinking that your on suggests that AW is already spyware. I think you need to find something else to bitch about, this is nothing big. -Joe [View Quote] chickengurlMay 26, 2002, 3:26pm
zeo toxionMay 26, 2002, 3:54pm
Hes saying hashes are harmless and static ip adresses are much worse of a
problem and we arent sitting around complaining about ejection by ip so why should it matter. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A message from Zeo Toxion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [View Quote] chickengurlMay 26, 2002, 4:57pm
Really? Is that what he was saying?
What's an IP, btw? I just sort of commented not knowing what it was... can you please explain? [View Quote] zeo toxionMay 26, 2002, 5:03pm
Actually you sort of didn't ask a question so i didn't take it as one. I
don't feel like explaining it right now. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A message from Zeo Toxion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [View Quote] strike rapierMay 26, 2002, 5:07pm
How about.. who thinks the browser would be better if JP and Rick kept their
noses out and let the programmer do the work their payed for? zeo toxionMay 26, 2002, 5:08pm
Well I wonder how much they really know about programming... If I was
running a company id take the programmers, people that actually know what they're doing, advice seriously. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A message from Zeo Toxion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [View Quote] zeo toxionMay 26, 2002, 5:12pm
This is all it says inthe help:
"An ejection by computer ID makes use of a unique hardware ID number that is available on many, although not all, PCs. If a user is ejected from the world and a computer ID is available for their PC, an ejection of this type will be added automatically. A computer ID block will prevent that user from entering the world even if their IP address changes, and regardless of whether they are a citizen or a tourist." so i dont know what they mean by "computer ID" -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- A message from Zeo Toxion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [View Quote] strike rapierMay 26, 2002, 5:18pm
Ah, but u know JP's logic, in his book Gravity is what makes you fly.
ananasMay 26, 2002, 7:13pm
Actually all numbers in our PC are somehow binary, but that
just means they are built with bits. The way it is shown on your screen can differ, it is still the same binary number. Hexadecimal can be "reversed" to decimal, octal and to binary (the native format of our current CPUs), but this is just the way you show the number and does not say anything about the contents. It is nothing than just a conversion, absolutely lossless and not crypted in any way. [View Quote] ananasMay 26, 2002, 7:32pm
The IP number can be compared to a travel description for the
informations. All internet informations are cut into pieces (packages) and each piece you send has this "travel guide", so the package that your PC expects in response knows where it has to go. It is similar (but not equivalent) to Country.Town.Street.House, an information that can locate and identify your PC in the web. Your internet provider does not know where your PC can be found in the web, but it knows one who knows one who knows one that can find your PC - and this is what IP numbers are needed for. You can get an idea how that works by opening a DOS box in your windows, and then typing this : c:\> tracert www.activeworlds.com for example (any other existing hostname will work too). Or - if you have eject rights in a world, het the IP number of a visitor and type (with his 4 numbers) : c:\> tracert nnn.nnn.nnn.nnn and you will see which path the informations take from server to server, until they reached him. Having a static IP number makes it easier to run server programs, but it makes it easy to recognize your computer everytime it goes online. Of course this description isn't complete, much more happens when two computers exchange informations or even start to talk to eachother (handshake ...) - but maybe it gives you an idea. [View Quote] echomencerMay 26, 2002, 8:40pm
Who really gives a crap, the way I see it its just a very powerfull way to
keep people out who think they are clever by using there exsistence to upset or offend others. Personaly I don't care if someone can work out what Graphics card, ram etc.... I have in my PC what they gona do spend there life decoding hex code so they can post who has the most out of date system lol. If anyone who runs a static ip does not have a virus scanner and a firewall in this day and age well words cant descibe how niave that setup is. From a world owners point if view its a new feature about 7 years to late but well appreciated now, any genuine member of the comminity would not see it as a problem, if your going to come back about how power crazed GK's etc..... will use it to pick on people well don't heard it all before and usualy from people who try to cause trouble more than anyone else. I think its about time someone started to build some real security into this enviroment then , just maybe businesses will see it as a viable option for 3D internet before it goes bust and noone has a universe to use. [View Quote] jermeMay 27, 2002, 12:43am
Read carefully.... :o)
> I think you're over reacting a little strike... -J -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jeremy Booker JTech Web Systems (www.JTechWebSystems.com -- Coming Soon) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [View Quote] jermeMay 27, 2002, 1:06am
Ok.. so what's the big deal?
Even if they can lookup your system ID, it's just a hex number... So, you use your neato 'scientific' calculator to convert it. You end up with a decimal number... BIG DEAL!! Do you know what it means? Do you know where to break it apart and how to decyper the fields? No? .... I didn't think so, it's impossible. (1. Get the real definition of "Spyware" - Spyware is ANY SOFTWARE which employs a user's Internet connection in the backgroud (the so-called "backchannel") without their knowledge or explicit permission. - Steve Gibson (www.grc.com) AW is obviously NOT doing this... The hex number is comunicated to world server upon entry to make sure you have not been ejcted. The hex number is not being used for any sort of tracking, and is not (i'm relativly sure) available to bots. (2. What are they going to do with it? Ok, so they've got some weird decimal (since you converted it) number that identifes your system... what good is it? (3. The number is a hash. For those of us who are not cryptographers (someone who studies cryptography, the art of encoding/encryping information), a hash is a string of letters and numbers derrived from a some "key". For example, on linux/unix systems.. your password is stored in a 'hash'. When you set your password for the first time it is encrypted using a 'crypt()' system call and the result is stored on the hard drive. This should tell you something. If the linux community uses it, it's most likely *really* good. There are a few neat things you should know about a hash. A hash only goes one way.. Meaning once you encrypt something into a hash there is no way to decrypt it. Also, encoding the same key will always result in the same hash. So, each time you log on (to a linux/unix system) the password you enter is 'crypted()'. The resulting hash is compared to the stored version of the hash. A good match means your password was correct, and you can log in. This is why linux/unix passwords are so strong. There is no way to discover the password without trying every possible combination (guesing a password, encrypting it into a hash, and comparing it to the stored hash). http://grc.com/optout.htm -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jeremy Booker JTech Web Systems (www.JTechWebSystems.com -- Coming Soon) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [View Quote] |