Malicious data harvesting code in the forums

[Vishera]

What happened?

My script blocker identified a script from z-na.amazon-adsystem.com as malicious/tracker and blocked it.

 

What did you expect to happen?

Not have malicious data harvesting code that invades my privacy.

 

Link to a page where it happened, if applicable: 

Every page on the forums.

 

Screenshots of the issue, if applicable: 

 

[An0maly_76]

The worst part is, this appears to be related to Amazon ads. Just goes to show, free isn't really free, no matter how you slice it.

[colonel_mortis]

That script is part of the Amazon ads. It is (probably) a tracker, but it is not malicious (by which I mean it is only a tracker - it is totally fair to dislike trackers but that is separate from actively malicious stuff), and is the same as you would see on other sites with ads powered by Amazon, and similar to the scripts that are used by pretty much all other ad providers.

 

Ultimately the ads are a decision from the business team, so it's up to them whether this is ok.

[Vishera]

It contradicts the Privacy Policy:

Quote

We do not use information that we store to target advertisements, although advertisements may be targeted to you based on information collected by our advertisement partners on other websites.

 

41 minutes ago, colonel_mortis said:

but it is not malicious

That's up to debate

 

41 minutes ago, colonel_mortis said:

and is the same as you would see on other sites with ads powered by Amazon, and similar to the scripts that are used by pretty much all other ad providers.

The privacy aspect of it makes it rather problematic.

 

41 minutes ago, colonel_mortis said:

Ultimately the ads are a decision from the business team, so it's up to them whether this is ok.

I think that most users would object to it if they knew about it.

Is there a way to escalate it to the business team or someone else that can take care of it?

[Lurick]

How does serving ads contradict the privacy policy exactly? They are not using information stored on the forums (that we store) to target advertisements.

 

The forums do NOT collect and pass your information stored on the forums to amazon. There is no contradiction, they are snippets for serving ads based on your browsing history elsewhere. If you no history stored from cookies or anything else there isn't a targeted ad being displayed to you.

[Vishera]

36 minutes ago, Lurick said:

How does serving ads contradict the privacy policy exactly? They are not using information stored on the forums (that we store) to target advertisements.

 

The forums do NOT collect and pass your information stored on the forums to amazon. There is no contradiction, they are snippets for serving ads based on your browsing history elsewhere. If you no history stored from cookies or anything else there isn't a targeted ad being displayed to you.

  The Privacy Policy clearly states that

Quote

advertisements may be targeted to you based on information collected by our advertisement partners on other websites.

And i emphasis on the on other websites part.

 

The contradiction:

The Amazon tracker script tracks user browsing behavior on the forums.

 

And not to mention that i don't see any option in the forums to opt out of this.

[colonel_mortis]

I will check with LMG to understand exactly what that script is doing and whether that's ok.

[Ashleyyyy]

if privacy badger blocked it then all is fine no? do you have any idea how many websites use google analytics, google ads and amazon ads? if you don't want it then the solution is to block it which you've already done.

[LWM723]

So Linus is making money off this forum, too. Didn't think it would be revenue neutral. Privacy is meaningless, even to Linus. Money and greed trump members privacy.

[Vishera]

1 hour ago, Ashley MLP Fangirl said:

if privacy badger blocked it then all is fine no? do you have any idea how many websites use google analytics, google ads and amazon ads? if you don't want it then the solution is to block it which you've already done.

It's not fine, Just because other websites use privacy violating systems doesn't make it right.

30 minutes ago, LWM723 said:

So Linus is making money off this forum, too. Didn't think it would be revenue neutral. Privacy is meaningless, even to Linus. Money and greed trump members privacy.

I wouldn't be so quick to judge,

It's possible that it was not intentional.

We will see how LMG responds.

[Needfuldoer]

You're tracked online. Everywhere you go. Google, Amazon, Facebook... Even if you don't use their services, they're watching you.

[Chiyawa]

Ooo... No wonder when I browse PSU forum, then in a few moments, any website that I browse (other than LTT) display advertisement containing PSU from Amazon.

[Guest]

1 hour ago, Needfuldoer said:

You're tracked online. Everywhere you go. Google, Amazon, Facebook... Even if you don't use their services, they're watching you.

Dude you have no idea... So I'm a gamer right, so I have gaming stuff. 

 

I turned on my computer the other day and steam opened and guess what... THEY TRIED SELLING ME VIDEO GAMES! But it gets worse... I logged into the opera GX browser and it mentioned an opera GX game section... So I open my phone and check the app store to get away from the computer and THEY HAD GAMES!

Even when I tried getting away from electronics and went to the game stop by my house... THEY HAD VIDEO GAMES!!!!!!!

They're after me, and they want to turn me into a Soylent video game! 

[Ashleyyyy]

6 hours ago, LWM723 said:

So Linus is making money off this forum, too. Didn't think it would be revenue neutral. Privacy is meaningless, even to Linus. Money and greed trump members privacy.

this place costs money to run. he doesn't make anything off of it, he's said so on the WAN show.

[Ashleyyyy]

6 hours ago, Vishera said:

It's not fine, Just because other websites use privacy violating systems doesn't make it right.

he needs to at least make sure the forum doesn't cost him money to run, monetizing with ads is a way to do that. if you don't want it just block it. easy enough. 

[Vishera]

2 hours ago, Ashley MLP Fangirl said:

he needs to at least make sure the forum doesn't cost him money to run, monetizing with ads is a way to do that. if you don't want it just block it. easy enough. 

The tracker is the issue, Not the ads.

The ads from vultr.com and the others are fine, just the Amazon tracker that is embedded in their widget is the issue.

[SansVarnic]

13 hours ago, NastyFlytrap said:

I'd argue that the invasion of privacy is malicious and we should stop letting them take advantage of us....

This would be an opinion, not malicious by definition. Lets calm down a bit.

I'm not defending the presence of the code, just noting that there is no reason to get this worked up over this.

[wanderingfool2]

On 8/21/2022 at 2:26 PM, Vishera said:

The Privacy Policy clearly states that

Quote

advertisements may be targeted to you based on information collected by our advertisement partners on other websites.

And i emphasis on the on other websites part.

 

The contradiction:

The Amazon tracker script tracks user browsing behavior on the forums.

 

And not to mention that i don't see any option in the forums to opt out of this.

You have to read the statement as a whole, you can't just isolate a specific bit and ignore the context that was generated by the beginning part of the sentence.

 

i.e. It doesn't really have a contradiction when you consider the entire sentence as a whole.  They don't actively hand over information to advertisers.  That means the advertises aren't getting your username, etc.  They still might be tracking you, but it clearly is saying information isn't provided (and it's clear information can be like shopping preferences, usernames, emails etc).

 

On 8/21/2022 at 11:54 AM, Vishera said:

What happened?

My script blocker identified a script from z-na.amazon-adsystem.com as malicious/tracker and blocked it.

 

What did you expect to happen?

Not have malicious data harvesting code that invades my privacy.

Malicious is quite the powerful word.  I actually suspect it's just loading in the ads.  Ads need scripts to be able to switch between different ads you know.

 

Also, it's a free to use website, and you think it's malicious data harvesting.  Please enter the 21'st century....it happens on pretty much any free site you go to.  [Unless the site is supported by some other means]

 

The general fact is, targeted ads are more effective and thus allow for the web to remain mostly free.  I honestly think people forget how much old ads use to suck prior to targeted ads.  Without targeted ads, you wouldn't have google...remember what the web was like before Google, trying to find information.  That has greatly been done with the so called "malicious" data.  The general backbone that people have come to expect truly has been built off of information garnered by user metrics.  [e.g. the google's did you mean gets a lot from tracking people to find out what they finally chose as the correct word]

[mariushm]

Sounds to me like blowing things out of proportion. 

 

That script can have perfectly legitimate purpose, like making sure they're not fraudulent clicks, or that the page on which the ads are is not misleading people, or encouraging them in some illegal way to click on affiliate links. 

For example, someone with bad intentions could make a website where it says follow these three steps to get a free download of this game .. step 1 , click on one of the Amazon links below and post a review  ( the idea is that user is not aware that affiliate code remains active, if user later buys something from Amazon, the website may get a kickback from it)

The script could also be just for collecting statistics, like for example 30% of clicks to product come from Off topic section , and only 5% from Hobby  or 1% from Programming section.

 

Doesn't mean it tracks YOU specifically to learn what you're interested in, but I guess it could.  You could browse in incognito mode if you're paranoid.

[Vishera]

4 hours ago, wanderingfool2 said:

You have to read the statement as a whole, you can't just isolate a specific bit and ignore the context that was generated by the beginning part of the sentence.

 

i.e. It doesn't really have a contradiction when you consider the entire sentence as a whole.  They don't actively hand over information to advertisers.  That means the advertises aren't getting your username, etc.  They still might be tracking you, but it clearly is saying information isn't provided (and it's clear information can be like shopping preferences, usernames, emails etc).

 

Malicious is quite the powerful word.  I actually suspect it's just loading in the ads.  Ads need scripts to be able to switch between different ads you know.

 

Also, it's a free to use website, and you think it's malicious data harvesting.  Please enter the 21'st century....it happens on pretty much any free site you go to.  [Unless the site is supported by some other means]

 

The general fact is, targeted ads are more effective and thus allow for the web to remain mostly free.  I honestly think people forget how much old ads use to suck prior to targeted ads.  Without targeted ads, you wouldn't have google...remember what the web was like before Google, trying to find information.  That has greatly been done with the so called "malicious" data.  The general backbone that people have come to expect truly has been built off of information garnered by user metrics.  [e.g. the google's did you mean gets a lot from tracking people to find out what they finally chose as the correct word]

 

2 hours ago, mariushm said:

Sounds to me like blowing things out of proportion. 

 

That script can have perfectly legitimate purpose, like making sure they're not fraudulent clicks, or that the page on which the ads are is not misleading people, or encouraging them in some illegal way to click on affiliate links. 

For example, someone with bad intentions could make a website where it says follow these three steps to get a free download of this game .. step 1 , click on one of the Amazon links below and post a review  ( the idea is that user is not aware that affiliate code remains active, if user later buys something from Amazon, the website may get a kickback from it)

The script could also be just for collecting statistics, like for example 30% of clicks to product come from Off topic section , and only 5% from Hobby  or 1% from Programming section.

 

Doesn't mean it tracks YOU specifically to learn what you're interested in, but I guess it could.  You could browse in incognito mode if you're paranoid.

How can i seriously respond to you guys when you don't even bother to do basic research about what trackers are and how they work?!

[Akima]

I'm a bit of a privacy nut, given I work deep in cyber security, but you have to view these things from aspects that YOU are personally in control of. We're now in an age where tracking pixels and alike are commonplace and cannot be avoided. In 99% of cases, the intent is not malicious, it's just commercial.

 

We can't control what others do. But we can control what we do. You're using a script blocker to block unwanted ads and scripts. It did it's job and you live for another day.

 

The focus should be on better education for individuals and good privacy hygiene. We can't control how others operate their websites/services, but we can control what we do. There are bigger privacy issues at play here, such as the "smart phones" we willingly carry around with us each day harvesting untold amount of intimate data about our day-to-day lives.

[Guest]

I followed this discussion to see what LTT was going to say but I just see a lot of text. 

[manikyath]

On 8/22/2022 at 4:00 AM, LWM723 said:

So Linus is making money off this forum, too. Didn't think it would be revenue neutral. Privacy is meaningless, even to Linus. Money and greed trump members privacy.

i believe the last time they talked about ads on the forum they mentioned that the forum "by itself" is still a negative cash flow, even with the ads. the "fact" there's a single tracker in an amazon ad sort of "makes sense" i suppose.. the way ads work these days is that part of the value is at least that they know where you came from, so they know which ad is effective where.

 

is this a data harvesting malicious thing openly procreating with your lack of privacy? highly unlikely.

is this following at least who the ad was served to, and how successful it was? probably.

 

few notes on this though..

- from my experience (mostly in supporting people getting fearmongered into installing one of these plugins, but have no idea what they are doing) these tracker-blocking plugins are hyperactive as all hell.

- it says "POTENTIAL" tracker... there's an amazon ad on the page, no shit sherlock that it's loading in resources from amazon's ad server.

- if you're worried about this.. your plugin blocked it, case closed?

- become a forum contributor, ads help support at least a tiny bit of the costs of hosting this thing, for just $5/month you can remove those ads, and still support >LMG keeping this boat afloat for you to ramble on.

[LWM723]

I have no ads on the forum with an adblocker and script blocker.

[CPotter]

On 8/22/2022 at 4:03 AM, Vishera said:

The tracker is the issue, Not the ads.

The ads from vultr.com and the others are fine, just the Amazon tracker that is embedded in their widget is the issue.

This is definitely not intentional, we've had Amazon banner ads running on here for years and I never realized it has this tracker until reading this post. Like others have pointed out, we don't strive to "make money" from the forum, so its not worth it to us to have these ads on the site. I'm removing them now.

 

I'm sorry I'm just seeing this thread now.