Sometime within the last few weeks, I was trolling the web and one of the websites I went to had an ad for some online dating garbage. Of course I did not click on it, but the graphics stuck in my mind and memory.
Since then, I have recieved at least one spam email from a dating service that (if memory serves) was the ad I saw. I suspect that somehow, they were able to query my computer to see my identity and email address. I thought I had things pretty secure, but am now slightly concerned that I may have some openings I do not want (if a website can get my email address, what else can they get?). I did not click on anything that should have given permission and I never autofill fields on forms/sites that I do not frequent.
Since then (I am running 9.2.2 BTW), I have changed my settings in Location Manager to use Internet Settings that have no real name and valid email address when I am generic surfing (changing my location and internet settings back to my ISP stuff to login to my email when I want to check that. Whenever I go online, I always turn off file sharing anyways, so I doubt that was the problem.
So, how could they have gotten my email address?
Am I now safer having altered my Internet settings?
What else could I do to protect myself from spammers seeking my identity?
I have also started being more diligent on my cookies.
TIA
There are a couple of possibilities here:
1) The two are not at all related. Meaning you would have received that spam email whether you had visited the site or not. i.e. Your email address is already floating around in a spam database somewhere.
2) If you have a static or sticky IP address, it is possible that your email address is in a database that links your IP address to your email address. If this is the case, you're only real recourse is to use proxies that conceal your ip address. i.e. anonymous proxy servers.
3) Somewhere on your system, that information is stored and retrievable by the websites you visit. i.e. cookies, spyware, etc.
If the first item is your problem, your only real recourse is to bear and grin it. You could setup a spam email account for tossing around recklessly and maintain an uber-top-secret email account that is only shared with speciafic people, for all of your "real" email.
If the second is your problem, start using an anonymous proxy for all of your internet use. They're extremely easy to use and there are literally thousands of them. And the vast majority of them are free.
However, if you do elect to use a proxy, you may have to dig around a bit for one that won't bring your websurfing to an intolerable crawl.
And finally, for number three, there's really not much that you can do other than to be ever vigilant.
Oh yeah, setup some decent spam filtering. You'd be amazed at how effective spam filters can be when properly configured.
EDIT: I'm curious as to why this particular spam mail would cause you great concern. If dating service spams were the most obnoxious spam mails that I ever received, I'd be grateful. Personally, I find the scam mail much more offensive. That and the stuff that I get almost daily, like penis pills, etc.
It has caused me concern as the dating service is the same as the ad I saw on the site and not one I had seen before. It may well be coincidence, but I doubt it, being more suspicious of "coincidences" involving the internet. I just wanted to be diligent to any holes. By closing doors, I minimize the chances of getting spam and offensive emails for products/services I do not care for. While, yes, I will set up filtering to block this from coming, I like to review what comes in and gets blocked as it gives me an idea of what is targeting me. There are only two places on the web where I have displayed my email address, one is Monster, the other is a specific thread here on AF. So yes, someone could have scrapped it, but if you saw a add on a website for the new investment oppourtunity in Arizona real estate and two days later recieved an email about real estate oppourtunities in Arizona, you would be suspicious; in this case it was the who, not the what that made me suspicious because there are really no true coincidences in my world.
So I must close the doors to any holes in my system.
You mention that you were using 9.2.2, but not which browser, so I'm assuming Internet Exploder. I'd be quicker to blame the browser than the OS.
While I've not heard of many exploits involving IE on OS 9, I'd feel more comfortable/confident using something else. Mozilla comes to mind. Opera is another good one that is now a freebie.
I'd think that since you saw the banner and thats what you remember... There are many ad places that have ad templates that many places can use, so this could be a differnt place, with the same bought ad template, or I suppose (IE) could be to blame on this too. Its odd non the less.
I was thinking something entirely different. You know, you're working out of town, away from the wife and kids... I'll bet those nights get lonely...
Just kidding!
Seriously, I thought that maybe it was a problem with your wife being suspicious about "dating" spam while you're working out of town. But if you've openly posted your email address in a public forum, you can pretty much be certain that your email address is making the rounds in the spam databases.
Oh, and I wouldn't be so quick to dismiss the coincidence idea. Usually when some joker decides that he wants to really push a product or service on the Internet, they'll use both spam and site ads. You may have just been a double victim to an advertising blitz. I'd really tend to think of it as coincidence.
However, if you suspect a certain website of doing this, check it out. The only way to really dismiss the coincidence theory, is to attempt a repeat of the suspicious activity. If conditions are reasonably similar, and outcomes are too similar, you can reasonably dismiss the coincidence notion. Basically, I'd be looking for more damning tell-tale signs... One minor and isolated coincidence is hardly evidence of anything.
Companies share cookies now... it's been going on for quite a while. I think Yahoo! is the worst offender, but they may have changed the way they do things and I might be wrong. But here's what happened:
- You went to a site at some point and entered your email address.
- That company set a cookie called "jknau9iernfiauhsfvah.asdf.com"
- That company has a deal with... say... Match.com. Any time you come across a Match.com ad, there is an associated javascript that checks to see if you have a cookie named "jknau9iernfiauhsfvah.asdf.com"
- If so, it reads that cookie, gets your email address, and the spamming begins. If not, it will set the cookie and come back to it from another ad somewhere down the line.
This is one of the most dispicable ways of data farming, IMHO.
Anyway, check those cookies. I always do.
Otherwise I end up with a chunk of coconut in my teeth.. blech...
Mozilla 1.3.1 or 1.4.1
(I think it is 1.3.1)
It is set to block all popups from all sites.
hmmm..., plausibile...
it makes sense. but i am left wondering which site I may have done this on as I am usually pretty tight about passing it out. the fact thyat it is posted on a site means someone has to (by hand or engine) scrape the address from that vey site and the timing of that happening and the ad is too close for chance.
no, my wife is not suspicious of spam like that as she gets all sorts of stuff too (and unfortunately particpates in those chain emails where you send it to ten people you love - but I think she only does that to say 'i love you' as she does not buy the whole bad luck thing).
to counter this, i have now taken on a more diligent managemnt approach to my cookies. in this, i am also adjusting my cookies acceptance settings to be more restrictive.
...if only there was some way to get the browser to tell me when a site wants to read a cookie - i can get it to ask when a site wants to leave a cookie, but not when one wants to read...
I don't know what your web surfing habits are like, but why don't you just completely disable your cookies? That way, you'll get an idea of which sites are loading your machine with the rather bland baked goods. If you find that you're not regularly frequenting cookie-pusher sites, you can leave them permanently disabled.
Also, if the site you're accusing, isn't tossing cookies into your pajamas, you can eliminate that possibility. And you can resume your regular sleeping patterns without "Dating" sites keeping you up all hours, worried about the dating service invasion.
I guess you'll really just have to decide which level of intrusion you're comfortable with, and secure your computer in that vein. If you're not comfortable with receiving any form of spam, than I'm afraid you're going to have to seriously curtail your web use.
You'll find it extremely hard to login to Applefritter should you disable your cookies.
-BDub
Is Applefritter one of those sites that the Reverend described?
Uh... no.
Usually you can find hints of such behaviour in the Privacy Policies of any given site.
But... uh... Tom? Bdub? Does the 'fritter have an official privacy policy? I'm not finding one...
Yeah, I ran into this some time back when I set my browser to never accept, but if I set it to ask before accepting, I at least can filter what comes in.
Several things to consider;
your OS System
your browser,your ISP, your method of connection, your method of handeling cookies, your filtering scheme...etc.
If this is a major concern,.
Best bet is change your Email address and ISP temporarily so everything gets bounced back .
I used to get tons of spam now I get none.
A real pain to deal with but worth the hassel .
I don't think we have anything written down, other than this in the AUP:
The only ads on Applefritter are Google ads, which set a cookie if I recall correctly, but rejecting that cookie would not affect your ability to login.
The reason why you'd have trouble logging in is that we use cookies for authentication purposes. It's a pretty standard thing, and not at all evil. Basically when you authenticate, your password is encrypted and the encrypted version is checked against what we have on file. (We only keep the encrypted version on file). If the passwords match for your username, we generate a sessionID, which is stored in our database and in a cookie on your system. Then, to check if you're logged in or not, we simply compare the session ID to what we have on file. The cookie is required, because otherwise we'd have to keep the sessionID in the URL, which in addition to being ugly makes it difficult login-wise, since you tend to log in a lot more.
Of course, the usual yada, yada, yada applies to the following:
Truth is an absolute defense to allegations of slander, libel, defamation, etc. The law allows for comments to be made that are deemed to be in the public interest, and represent the greater good. The law also allows for what is called "fair comment". Fair comment allows for some supposition based on known facts. i.e. you're allowed to connect the dots and share your conclusions.
Of course, this is not Applefritter law, it's actual free world law. However, there is the warning that you "publish at your own peril," because nothing is really set in stone, and the laws are open to interpretation.
Canadians, for example, might enjoy certain rights under the Charter that permit what is allegedly purported to be "free speech." The label is a misnomer of epic proportion; there is absolutely nothing free about speech!
Basically, if you're not a politician, newspaper, radio station, television station, or terrorist, you're not permitted to exercise free speech. Big brother is watching... and if you're reading this, brother, you're out of time.
Apparently prompted by this thread, vantage point threatened litigation and has been banned.
Getting back to the original topic for just a moment...
Most cookies that I have seen have the format username@domainname.txt Go in and delete the cookies from places you don't recognize (atdmt, for example) on a regular basis.
What's the format of the cookies that come from AppleFritter?
Cheers,
The Czar
Cookies from Applefritter come from the ".applefritter.com" domain. The name is PHPSESSID, expiry date is one year from your last visit to AF, and the contents will look like a random string. That's your sessionID.