[To cut to the chase, RedSheriff snoops on you while you browse, and
it's used by multiple sites including The Register
(www.theregister.co.uk). I added the server to my HOSTS file as the
last poster suggests, right under the line which blocks Doubleclick. -
Stu]
RedSheriff in NSW Government
3 March 2005, in User Experiences
I have recently noted that several NSW Government websites are using
the RedSheriff user tracking system. Sydney Water and Visit NSW
(Tourism NSW) are two that come to mind. Telstra also use it. While
I´m not against website owners using anonymous data to understand how
people use their own websites, I am concerned about being potentially
tracked across every website that employs the RedSheriff tracking
tool.
NB: RedSheriff is now owned by NetRatings and marketed under the
brand Nielsen//NetRatings.
When you visit a website that uses the RedSheriff tool the first hint
you get is that your hard disk starts thrashing and your browser
slows down. This is because it is loading a Java applet (which runs
until you close your browser). If you use the Firefox browser you see
a message in the status bar that looks like "Applet v5.1 started".
Without going into details on how this applet gets loaded, here is a
breakdown of the information that is being sent back to NetRatings,
and some guesses as to what it means. I got this from the Java plug-
in console.
The URL that the applet uses to connect to the tracking server is:
http://secure-au.imrworldwide.com is the server the data is being
sent to. My guess as to what the query parameters mean is:
ci=[removed] : client identifier
cg=0 : [no idea]
du=42 : duration, time spent viewing the page, in seconds
si=http://www.[removed].com.au/ : web page viewed
rp= : referring page, the page you came from
ov=Windows+XP:5.1:x86 : operating system version
jv=1.4.2_06 : Java version
tl= : [no idea]
sr=1024×768 : screen resolution
lg=en-US : computer language setting
je=y : JavaScript enabled
ck=y : cookies enabled
tz=11 : time zone
ct= : connection type (LAN, dial-up, etc)
hp= : has printer?
cd=32 : CD ROM speed?
li= : web bug image content
Some of that data is useful to website owners, especially if you are
building a highly interactive web application rather than a document-
based website. However, the vast majority of websites are document-
based so knowing what version of Java someone is running is useless.
Some careful web development can also remove dependencies on
JavaScript on most sites.
The RedSheriff tracker also leaves a cookie on you PC which gives
them the ability to track you across every RedSherriff monitored site
that you visit. If you want to opt out of the RedSheriff tracking
system you need to leave that cookie on your PC and not clear your
browser cache! If you disable cookies, or accept only cookies from
the web page´s domain, the RedSheriff tool appears to attempt to use
a clear GIF image as a web bug. (The JavaScript that loads the
RedSheriff Java applets goes to significant lengths to prevent users
blocking it´s purpose.)
As mentioned above, I have no problem with website owners
understanding how people use their website provided they are using
anonymous data. However, the thought of a bunch of government
agencies being able to track users across multiple sites is not a
comfortable one. If you fill in a form they then have the ability to
tie a name to your browing history. (NB: I´m not suggesting that this
is occurring, but it is definitely technically possible).
I also have no understanding how this data is used by NetRatings,
except that they are selling the tracking data to website owners and
also selling Internet trend data. Like all centralised stores of
"consumer" information it has the potential to be abused.
Posted by: Andrew Hallam (contact via I-Name: =andrew.hallam)
This entry was posted on 3 March 2005 at 09:05 and is filed under
User Experiences. You can follow any responses to this entry through
the RSS 2.0 feed. You can leave a response, or trackback from your
own site.
3 Responses to "RedSheriff in NSW Government"
Manfred SCHWEIGER says:
18 April 2005 at 19:01
This is a violation of privacy of the severest order.
There a 2 points to make:
1) Web Application Developers (as a client of RedSheriff) point of
view:
The reported statistics are not vital but quite interesting because
they may enable the developer to shift or re-direct development
resources towards webpages with high or frequent access. It also
shows the access path used within the web application.
This in itself could be tolerated - but there is 2).
2) RedSheriff (and/or affiliates) are using Cookies to track usage
between their clients. As example, Redsheriff is fully aware that I
acess both Sydney Water and Telstra. Again, this in itself, is of no
great concern. But consider this: a) I do not know the webpages of
RedSheriff clients - but RedSheriff knows all the ones I have
visited; b) RedSheriff is not bound by any privacy laws in existence
in Australia.
The tracking cookies are
(for substitute your WIN... Logon UserId):
@ad.sensismediasmart.com.txt
@ad.serving-sys.txt
Remark:
Try www.optus.com.au - you will find it comes clean.
So does dodo (I hope you watch Channel 7 now and again).
Paul says:
27 January 2006 at 23:11
I was arppoisoning, dnsspoofing and ipspoofing between my computer
and my router just to watch the dns results when i did things. I
found that when you use msn messenger and click on the tabs it
resolves the /secure-au.imrworldwide.com/ address...
sprucas says:
22 August 2006 at 10:53
the quickest way i got rid of secure-au.imrworldwide.com is to add an
entry in my hosts file that points this fqdn to 127.0.0.1 - which
means it is going nowhere
makes my browser a little slower when i hit a site that uses this
tracking - but i don´t care