ethically questionable mapping link; i am sorry February 2, 2003 9:39 PM   Subscribe

I recently posted a link, and in it I happened to slip a 1x1 px graphic that is used by this site to create a map of internet users. Seemed harmless enough, but in retrospect I regret having done it. It was an action of questionable ethics, and I should have avoided it. Please nix my post and accept my apologies.
posted by oissubke to Etiquette/Policy at 9:39 PM (63 comments total)

FYI, the image was on a site that I have some association with. The owner has kindly tweaked the code such that it isn't accepting data from my post. Again, I apologize for this. It was a harebrained idea.
posted by oissubke at 9:41 PM on February 2, 2003


That's pretty messed up, to make a post simply to help out some friend's project by hiding a web bug.

I'm just curious, but if no one noticed would you be asking for removal?
posted by mathowie (staff) at 9:50 PM on February 2, 2003


I was actually on my way back to MeTa when I noticed that someone had caught it right off the bat. Of course, neither getting busted nor voluntarily confessing would change the nature of what I did.

I didn't actually create the post for that purpose, I just thought I'd slip it in there. As soon as I posted it and wandered off to get ready for bed, though, I started realizing what a dillhole I had been.
posted by oissubke at 9:55 PM on February 2, 2003


if no one noticed would you be asking for removal?

I guess we'll never know about that, since someone did notice, but I agree about the "messed up" part. I just hope Matt will not ban the use of images altogether, but this is the beginning of a slippery slope indeed.

Also, I'm amazed at how quickly it was spotted. The cookie gave it away, I guess. Still, that bug would have traveled a lot if Matt had not been here to axe it. Pretty nasty stuff.
posted by qbert72 at 10:00 PM on February 2, 2003


I just got the silly idea of including the graphic in the next MeFi post I made.

Personally, I have more of an issue with your post approaching "self link" status then there being a web "bug" on a page that mefi linked. Bugs are a fact of life on the web & if you're a paranoid surfer there are things you can do to avoid them, but in general I don't see the bug included here any differently then I would one of those silly free web stats graphics.

But the whole link to a project you're involved in enough to have it basically say "hi mefi people i just sent here" is just dirty. Next time send your buddy a link to the text ads page.
posted by 10sball at 10:05 PM on February 2, 2003


My apologies to rhyax for accusing her/him in the thread of putting the cookie monster there. For some reason I saw that name as being at the bottom of the post. And well spotted.
posted by thatwhichfalls at 10:05 PM on February 2, 2003


I would like to take this concept one step further by apologizing in advance for my next post, which will contain a redirect to a software install by the spyware company, gator, who have paid me a five dollar bounty on each new customer. Please ignore the install screen (if you click "always grant privilieges," it'll go right away), and continue on to the actual post, which will be something whimsical and in no way related.
posted by jonson at 10:06 PM on February 2, 2003


opps! on just after preview noticed that the bug was in your post and not on the site itself.... dirty dirty you... go take a shower :/
posted by 10sball at 10:07 PM on February 2, 2003


in general I don't see the bug included here any differently then I would one of those silly free web stats graphics.

Web stats tools are code you put on your own site to meter the traffic towards it. This is a marketing tool that specifically advertises its functionality by the secrecy in implementing it on other people's message boards. I'm not trying to sound harsh on oissubke or anyone else, but how is that not inappropriate?
posted by XQUZYPHYR at 10:17 PM on February 2, 2003


Curse you preview! What they all said.
posted by XQUZYPHYR at 10:21 PM on February 2, 2003


Using MeFi as guinea pigs is a bad idea. I don't have anything against ossibuke apart from this. But does this not warrant a temporary suspension or something similar?
posted by riffola at 10:25 PM on February 2, 2003


yea, it was the cookie. it's happened before with images people put in threads but they have never been 1*1 pixel and were probably unintentional. i just didn't like this, and i assumed most people wouldn't.
posted by rhyax at 10:27 PM on February 2, 2003


"...does this not warrant a temporary suspension or something similar?"

I vote for the stockade. A poke in the eye with a sharp stick. Take away his toenail clippers. Make him learn the Gettysburg Address in reverse, in Esperanto. Two weeks commuting in a Yugo. Force him to omit the letter 'E' from his next three posts.

Come on people, be creative.
posted by mr_crash_davis at 10:32 PM on February 2, 2003


Stone him! It has been ages since we had a good stoning.

Seriously though, what part of the word "community" did you not understand when you made this post, oissubke?
posted by dg at 10:39 PM on February 2, 2003


Pretty nasty stuff.

I'm a little lost. When you click the "this site" doublefelix link, and it guesses your location, isn't that the same thing as a bug?

And ryhax, how did you find the graphic? By viewing the source?

I'm just not too sure how all this works, and would be very appreciative if someone could breifly explain this to a not-so-in-the-know type.
posted by hama7 at 11:19 PM on February 2, 2003


hama7, look up.
posted by riffola at 11:28 PM on February 2, 2003


hama7, a web bug is an invisible image hosted on another server. This image allows the third party server (doublefelix) to log activity on the "real" server (metafilter). Add a cookie, and place the bug all around, and the third party server (doublefelix) can log your personal web activity across many site, and, with the help of partner sites, cross-reference data garnered about you.

Web bugs are used by Internet ad agencies (doubleclick, for exemple), and site owners dealing with these agencies are aware of what is going on.

It's not something you would secretly inflict to a community you want to be a part of, obviously. I say let mr_crash_davis have him.
posted by qbert72 at 11:58 PM on February 2, 2003


My mind is reeling. I have no idea who are these ThreeRings people, and what their motives are, but I'm wondering...

Is this the beginning of a new trend? Posters planting web bugs on popular message boards? Is there any precedent? Is anyone getting paid to do this?

[this is bad]
posted by qbert72 at 12:28 AM on February 3, 2003


pardon me while I toss my cookies.
posted by eddydamascene at 1:03 AM on February 3, 2003


qbert72: Thank you for the spiffy explanation. Much appreciated. Thanks Riffola too!
posted by hama7 at 1:59 AM on February 3, 2003


Mo-om, Eddy hurled!
posted by y2karl at 2:44 AM on February 3, 2003


Just wait until your father gets home, young man.
posted by stavrosthewonderchicken at 3:31 AM on February 3, 2003


Aside from the badness of the act, can I humbly ask how the bug knows our locations? When I go there it tells me that it is 96% sure that I am from My Town, where My Town is replaced with where I actually live. My town is far from obscure, and if I was at work it would be easy to figure out from the IP, but how does it get it from my ISP's IP?
posted by neustile at 4:19 AM on February 3, 2003


but how does it get it from my ISP's IP?

That was the creepiest for me too.
posted by hama7 at 5:02 AM on February 3, 2003


"[this is bad]"

No, it's pretty harmless. Bad form, but this sort of tracking goes on at a fair percentage of sites. Many blogs use a counter that does the exact same thing.

"but how does it get it from my ISP's IP?"

The trick is that the image is hosted on a third party server. So placing the image on the front page means any browser that loads the page will make an http request to that third party server. At that point the server has access to all the normal http headers. This includes the IP of the requesting browser.

From there it just uses a database that maps IPs to locations.
posted by y6y6y6 at 5:25 AM on February 3, 2003


From there it just uses a database that maps IPs to locations.

That's the part I don't get. I get the cookie/3rd party image part. i.e. if I just went to the site linked in this thread, obviously they can get my ip without any trickery. But how do they map IP->location with any accuracy? For example, my IP is from a large cable modem provider (AT&T Broadband) which as far as I know goes across the US. I've looked at my ip before and it does denote that I'm in the Northeast (it's like h3493923.ne.att or something like that) but how can it guess my specific city?
posted by neustile at 5:39 AM on February 3, 2003


It wouldn't be that hard to map IP addresses to locations, even in cases where the hostname doesn't include a clue to the location. All you'd need is a database where users voluntarily provide their address. By saving an IP address at the same time, you'd quickly amass enough data to say things like, "I am 99 percent sure you are in Jacksonville, Florida."
posted by rcade at 5:53 AM on February 3, 2003


It was obnoxious to put a web bug and cookie on Metafilter's front page without asking Matt. However, anyone who puts an external image in a thread could compile the same data -- this isn't a particularly private bit of information that's now out in the wild.
posted by rcade at 5:57 AM on February 3, 2003


"But how do they map IP- >location with any accuracy?"

These databases exist and are easy to come by. Here's a Google search for "IP Address Map". You could buy software to do the translation, license the database outright, or build an agent to use one of the on-line tools.
posted by y6y6y6 at 6:19 AM on February 3, 2003


Come on people, be creative.
tie him to his chair for a month in #mefi mode -v. make him read every word.

anyone who puts an external image in a thread could compile the same data
my elephant knows where you live. muhaha.
posted by quonsar at 6:48 AM on February 3, 2003


Force him to omit the letter 'E' from his next three posts.

[this is good]
posted by PrinceValium at 6:53 AM on February 3, 2003


As I said in the earlier thread, what really creeps me out is that fact that the tracking app was "brought to you" by a market consulting agency. Was mefi being "market tested?"
posted by Pinwheel at 7:21 AM on February 3, 2003


Force him to omit the letter 'E' from his next three posts.

That'd b a grat admin fatur for punishing dumbhads lik m. Matt pushs a button, and suddnly all the 'e's disappar from my posts...

Eckh...I fl lik JffK...
posted by oissubke at 7:25 AM on February 3, 2003


Was mefi being "market tested?"

No, it wasn't. Oissubke was being intelligence tested.

He failed.
posted by oissubke at 7:26 AM on February 3, 2003


Why do we even need to allow image tags on front page posts?
posted by machaus at 7:27 AM on February 3, 2003


Force him to omit the letter 'E' from his next three posts.

[this is good]


This is better.
posted by shemol at 7:32 AM on February 3, 2003


this sort of tracking goes on at a fair percentage of sites. Many blogs use a counter that does the exact same thing.

Yes, but the blog's owner is deciding what he is putting on his site. Here, oissubke decided for Matt that he needed the "Internet map" web bug on his site.

anyone who puts an external image in a thread could compile the same data -- this isn't a particularly private bit of information that's now out in the wild.

The bug isn't just an image. It's a script, so it can set and retrieve cookies. Therefore it can track your visits to all the sites it is implanted on. Basic DoubleClick technique really. Do you block third party cookies? Did you expect to find one on Metafilter?

There's nothing to like about oissubke's action, really. I'm not judging the intentions, just the act.
posted by qbert72 at 7:49 AM on February 3, 2003


That wasn't a very Christian thing to do, oissbuke. But at least you repented.
posted by Shane at 7:57 AM on February 3, 2003


"Do you block third party cookies?"

No. I happen to think third party cookies are a good thing. I don't expect anyone else to agree with me though. There has been so much knee jerk alarmism around the issue that they'll have a bad rap forever. Few people bother to look at what's really going on and explain why tracking is bad.

"Whoa. Tracking. That sounds bad. We can't have that."

Simpleminded.

(Not to confuse this with what oissubke did, which was decidedly unethical. But he's apologized at length. Which is good enough for me.)
posted by y6y6y6 at 8:14 AM on February 3, 2003


But at least you repented
as soon as you got caught. which is a very Christian thing to do.
posted by quonsar at 8:16 AM on February 3, 2003


"Whoa. Tracking. That sounds bad. We can't have that."

Simpleminded.


Fair enough, but if you're going to track me isn't the onus on you to explain to me why that's a good thing? If a thing sounds bad, I'm going to want to know why I should think of it as good and why I should participate (or not actively block my "forced participation").
posted by PinkStainlessTail at 8:24 AM on February 3, 2003


I think Matt needs to reject image tags. Nothing good ever comes from them... especially pissing elephants.
posted by crunchland at 8:25 AM on February 3, 2003


Wait - am I infected with something now? Do I need to go scrub down?
posted by gottabefunky at 8:56 AM on February 3, 2003


I think Matt needs to reject image tags.

I agree it's probably come to this, but I wish the userbase would have the self-control to act appropriately so this restriction would not have been necessary in the first place.
posted by PrinceValium at 9:07 AM on February 3, 2003


I think Matt needs to reject image tags.

On the front page at least.
posted by machaus at 9:08 AM on February 3, 2003


"isn't the onus on you to explain to me why that's a good thing?"

Yes. But I'm lazy. I was hoping no one would ask.

Premise: Provided they don't tie data to real world identities, web bugs or cookie trackers are a good thing.

Explanation:

Unlike other media such as TV or radio, web content is not "broadcast". It is served up separately for each user and it can easily be customized for that users needs or interests. If you don't see enough useful information on the net it's only because sites don't know enough about what you want. Money and information is pouring into the Internet. Companies will go to great lengths to show you only the information you want. And more importantly advertisers will show you ads for things you might actually want. But only if they know what you want.

This is the exact same thing that happens with magazines. Advertisers strive to only show you ads you might find useful.

I think we can all agree that ads on commercial websites are here to stay. Pop up ads, banner ads, embedded ads. But most of them are for crap we would never want. I go to CNN.com and I see an ad for local home rentals. Why would I want that? And more to the point, if the ad server knew what sites I'd been going to for the last few months it should be obvious I have no interest in renting a house.

I'm interested in SLR camera equipment, New Orleans tourist info, and patio gardens. And this would be obvious to anyone who looked at the sites I've been visiting in the last month. If I saw ads for this type of product (assuming I'm going to be seeing ads regardless) that would be a good thing.

Is this sort of technology possible today? Sort of. The logic that would make it work is a bit tricky (or so I've heard). But it will never work if no one accepts third party cookies, or alarmists get everyone scared about "web bugs". The concept relies on huge amounts of data to identify patterns.

Is the IP mapping thing a good idea? Sure, provided Matt had given the okay. A cool world map with a dot for every Metafilter user would be a good thing. Can I see a show of hands from people who would not want to see that map?

The "tracking" doesn't identify who you are. It's just an anonymous data set.
posted by y6y6y6 at 9:19 AM on February 3, 2003


cool world map with a dot for every Metafilter user would be a good thing

Someone else thought of it first.
posted by Yelling At Nothing at 9:54 AM on February 3, 2003


especially pissing elephants
so FINALLY you admit it's pissing!
posted by quonsar at 10:00 AM on February 3, 2003


I propose a punishment that would adequately indemnify me for the damage that's been done and all will be forgiven, at least as far as I am concerned.

oissbuke, since you know where I live, you can come wash my car - it's the black honda in the driveway. And don't forge the interior detailing.
posted by madamjujujive at 10:41 AM on February 3, 2003


The "tracking" doesn't identify who you are.

This is only a matter of merging the right data sets. This article is a little bit old, I confess. DoubleClick has actually recently discontinued its profile-based ad serving. But DoubleClick is the biggest and most closely watched ad network. Many other networks exist, and there's no way to be absolutely certain of what they're doing with their data.

I'm not saying third party cookies are inherently evil. It's just good practice to keep a close eye on them. And it's obviously wrong to smuggle them on somebody else's site.

FWIW, I also believe there are far easier and less obtrusive ways to efficiently target web advertising. The Web is a haven of special-interest communities: sponsor those that are related to your product/demographic.

I think Matt needs to reject image tags.
*cries*
posted by qbert72 at 10:53 AM on February 3, 2003


I'm interested in SLR camera equipment, New Orleans tourist info, and patio gardens. And this would be obvious to anyone who looked at the sites I've been visiting in the last month. If I saw ads for this type of product (assuming I'm going to be seeing ads regardless) that would be a good thing.

You have pretty mainstream interests.

Since my father recently received received a diagnosis, my interests have been pretty centered around Prostate Cancer. I can assure you that I have no desire whatsoever to see ads about it. Moreover, the idea of some advertiser out there keeping track of that kind of information about my life - especially stealthily, without my permission - makes me extraordinarily uncomfortable.

I have no general problem with advertisers and other corporate interests tracking consumer information about me, provided it's information I've agreed to provide. I join loyalty programs, fill out web surveys accurately and tell Amazon everything they ever wanted to know about my reading and listening habits, all voluntarily. Hidden images and unwanted cookies used to gather information I'm not willing to freely provide are a whole other story. If it is such a benefit to people to collect that information about them, why don't web advertisers make it a voluntary program with users signing up to experience the joys of targeted advertising?
posted by jacquilynne at 10:57 AM on February 3, 2003


"DoubleClick has actually recently discontinued its profile-based ad serving."

Which pretty much sends my little theory into the crapper.
posted by y6y6y6 at 11:45 AM on February 3, 2003


Coincidentally, I remember reading about the ThreeRing mapping project here on MetaFilter and thought it very cool, as I mentioned in my comment. I'm glad to be reminded of it, although this probably wasn't the best way to do it.
posted by TimeFactor at 2:28 PM on February 3, 2003


The "tracking" doesn't identify who you are. It's just an anonymous data set.
Surely it is only a short step from there, to some unknown agency having the authority to find out who was using that IP address at that time (even worse for those with fixed IPs) and tracking your movements across the web. Slippery slope and all that. I think it is great that, if I must have ads, they are ads for things I am interested in, but I do not trust ad agencies, or anyone else, to stop there.

Remember, just because you are paranoid, doesn't mean they aren't out to get you!
posted by dg at 2:32 PM on February 3, 2003


[not directed at dg - just being snarky]

"just because you are paranoid, doesn't mean they aren't out to get you!"

This turns out to not be true. No one is out to get you. You are a fruit cake. The fact is, no one cares about you. Time to get some medical attention and give up on the idea that some important agency has any interest in you. They don't.
posted by y6y6y6 at 2:44 PM on February 3, 2003


From his comments in this thread, y6^3 is clearly an employee of the mysterious tracking agencies. Watch what you say around him, avoid revealing any personally identifying data... also, remember to always wear the tinfoil hats.
posted by jonson at 2:49 PM on February 3, 2003


The difference between making an interesting map out of anonymous IP information and doing so covertly is what is reprehensible here. No amount of sincere apologies can make up for the untrustworthy intent of the action. I think Matt should ban the img tag right after he bans oissubke.
posted by crunchland at 3:47 PM on February 3, 2003


This thread is a perfect example of why true democracy could never work in a large community.

Bickering 'holier than thou' domineering attitudes rule the roost.

Yes.. that's more suited to a democractic republic.
posted by wackybrit at 4:22 PM on February 3, 2003


crunchland: The difference between making an interesting map out of anonymous IP information and doing so covertly is what is reprehensible here.

Well put. Of course, now it's a nice "Internet Map" project, but next time around it could be anything. There lies the slippery slope...

I guess images on the front page will be gone soon enough. I don't know if this warrants a ban, though. Not everyone is as familiar with these issues as some of us are. Innocence (as in "I didn't know what I did was wrong") could be invoked here. On the other hand, oissubke being so adamant in his apology makes you believe that he knew quite well the meaning of his action.

wackybrit, I just can't comprehend what you wrote. Is MetaFilter a "large community" and/or a "true democracy"? "Bickering 'holier than thou' domineering attitudes", that's us or Tony Blair? I don't mean to be mean, I'm just puzzled.
posted by qbert72 at 5:41 PM on February 3, 2003


wackybrit is a fascist, and since some people have differing opinions as to what should be done about a hidden tracking bug on a website, democracy will never work. :) get it?
posted by rhyax at 6:31 PM on February 3, 2003


Ah, privacy in America and on MetaFilter....

November 4, 2002
What is the consensus regarding posting images to the front page? I don't have issue with it, I am just wondering. I find no mention of it in the guidelines, but I never see it happen....
posted by Steve_at_Linnwood to etiquette/policy at 9:45 PM PST

it's a bad thing.
posted by mathowie at 10:12 PM PST on November 4

I'm confused. Why is it obviously wrong to post an image?
posted by oissubke at 6:39 AM PST on November 5

February 2, 2003
I recently posted a link, and in it I happened to slip a 1x1 px graphic that is used by this site to create a map of internet users. Seemed harmless enough....
posted by oissubke at 9:39 PM PST


If the poster in question knew it was against policy to post images to the front page, then went ahead and posted one anyway; if we'd already discussed in April 2002 this geographical mapping stuff from threering.net on MetaFilter and therefore wrung the novelty from it (the application has apparently been up for many months now -- for whatever reason would anyone want just to create another Internet user map now?); if the post itself had absolutely nothing to do with geographical mapping; if a covert post of a hidden image went beyond mere benign graphics and bandwidth wasting and resulted in http header information being transmitted to the self-proclaimed "good guys at ThreeRing Consulting"; if the "owner" of threering.net was somehow able to "kindly tweak the code such that it isn't accepting data" from the post within a little over an hour from the time the post was made after normal business hours at 8:22 PM PST; and if the poster in question just happened to use the email address "carlos@threering.net", some natural curiosity arises:

- what exactly is the relationship between the poster in question and threering.net?
- what information or utility exactly did the poster in question or his "associates" hope to gain from posting the bug on MetaFilter?
- did the poster in question himself obtain, view, or hope to obtain http header information via the bug? If so, for what purpose?
- what exactly happened to any data obtained, ie where is it now?
- on what other blogs or web sites is this kind of surreptitious, silly nonsense occuring?

I mean, as long as we're being all chummy, passing information around so very freely without regard to issues like privacy and without anyone's consent and such, I'm sure the poster in question won't mind putting aside his own privacy and addressing those kinds of questions. He sure hasn't so far. Maybe the act was just stupid and not malicious, but it would be nice to know which.

oissubke: It was an action of questionable ethics....
Don't use weasel words. It was unethical, and you only came forward after your silly little bug was discovered by someone else.
posted by fold_and_mutilate at 6:59 PM on February 3, 2003


what part of community dont you understand ?

The part where people screw up and quick as a flash there are 4 posters demanding the head of the miscreant.
What part of 21st century do you not understand?
quonsars right ,
let him go to #mefi as punishment .
and like me he can spend time eradicating the various trojans that have been put onto my pc via mirc.
posted by sgt.serenity at 6:19 AM on February 4, 2003


What part of 21st century do you not understand?

This constant denial of love.
posted by walrus at 6:33 AM on February 4, 2003


« Older No comment preview in Mozilla   |   Comments busted again Newer »

You are not logged in, either login or create an account to post comments