http://www.danasoft.com/sig/Mausau2000.jpg
This is a random sig i found and wonder does anyone have a Firewall (other than Norton) that stops the exacution???

Also is this Illegal???

it's legal - it's run by a php script that looks at your ip, browser, and os. proxies could probably mess it up a bit.

Ok....

Works fine for me, but I don't have a firewall of any description. It wouldn't have worked back when I used Windows though.

woks fine for me.. I have bumped into people who uses that as their sig!

It kinda scares me... I don't like people--even other computers looking into mine.

It kinda scares me... I don't like people--even other computers looking into mine.

Heh, no one's looking into any computer. Think of the sig as a mirror; it's showing you what you're broadcasting. Here's an example of a typical HTTP request by a browser to a server:


GET /forum/ HTTP/1.1
Host: webdeveloper.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive


Probably sends the cookie header, too. Also, the IP address is needed for the transfer, so there you go. If you're really concerned, then you can control it. For instance, with Firefox, you can control the User Agent string, so you could wipe it clean, and then use an anonymous proxy. But why even go to the trouble?

I have no problems with people looking at Ip address :rolleyes:

kinky.

lol

Heh, no one's looking into any computer. Think of the sig as a mirror; it's showing you what you're broadcasting. Here's an example of a typical HTTP request by a browser to a server:


GET /forum/ HTTP/1.1
Host: webdeveloper.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive


My PC would get a slap if it ever sent that. lol

i carry that sig on the other forums...:P

kinda cool actually...

Still, it scares me.

ur ghostness scares me :0

I can post and stay on the forum 24 hours a day 7 days a week and nobody will see me! I'm the invisible registered user ghost! Boo!

waaa u r scaring me :(
I think jumping out this window will help

No, don't jump out the window!
I just set my account invisible so nobody will know when I'm online!
I'm not trying to scare nobody.

Ow...
Now u tell me...
Limp Limp.... :)

It doesn't get my details completely correct - I'm at work, behind a firewall that does NAT from my 10.*.*.* address to the firewall's 194.x.y.z address.

If you are using Opera it is (apparently) really easy get it to report any browser you like, so in that case the sig would say what you had set, not what you had.

Legal:yes
Firewall: not needed (read below)
Sneaky: possibly

I believe that simply works by GET'ing an image ('<img src=...' or the appropriate BBcode in their sig) from another server (usually). The image location is actually a php script which reads the info from the http request, then generates the image with that info drawn into it.

In Firefox, you can right click on the image, then select the option to "Block images from danasoft.com." If I'm understanding it right, the http request will not be made and the image will not appear. Note that since it's your computer making the request, you are the only one who sees the message. Anyone else only sees their own IP address and browser...except danasoft.com.

From this I see a potential problem. Anybody who uses that image on a forum or website creates a referral to danasoft.com. Everytime somebody's computer requests the image, danasoft can, should the webmaster choose, record your IP, the page you are visiting (http_referrer), your browser, and the time of your visit. This would over time give them a huge database that can be mined to correlate IP's to internet traffic. The danasoft version seems completely harmless, but given the number of mischevious people out there, I'd bet some unappetizing purpose could be devised for the data.

Now that I think about it, I also remember FireFox having a setting that will refuse to load images that come from a third-party site, which is great for blocking adverts, and would also help here.

I'm not sitting in front of FireFox right now, so I can't remember the settings, but that wouldn't entirely remove the privacy threat, since this technique could just as easily be used with some other page item, such as a hidden iFrame, or an unnecessary stylesheet.

I want that sig!!! Whats the code??? :)

Everytime somebody's computer requests the image, danasoft can, should the webmaster choose, record your IP, the page you are visiting (http_referrer), your browser, and the time of your visit. This would over time give them a huge database that can be mined to correlate IP's to internet traffic. The danasoft version seems completely harmless, but given the number of mischevious people out there, I'd bet some unappetizing purpose could be devised for the data.

I hate to be the one to break this to you, but a hell of a lot of websites keep this sort of information. In fact, the vast majority do. It's called a traffic tracker, or analyzer. They record your IP, browser, OS, page that brought you to the website, and which pages on the website you accessed. In addition, many use your IP address to determine the country you are orginating from, and even the search string you may have used in a search engine to find the website. This happens almost all the time, constantly, it provides developers with valuable information. If I know that I have a largely American audience, then I can taylor my content to them. If I've got a large amount of visitors using the Konqueror browser, I'll want to make sure my website functional in that browser. Search strings tell me what is bringing visitors to my site, and what I rank highly on. Plus, I can determine the most popular pages on my website.

All the picture is is a mirror. It is showing you all what you freely broadcast, and what is readily collected almost each time you access a website. Like I said, if you're uber paranoid about it, you can stop this information from being sent, but there really isn't any need.

I understand all that MstrBob. I'm not really worried about it, but my point was that this particular form gives one person a potentially huge sample population. Normally that information is collected first party - by the server hosting the site you are visiting. When you make a third party request, like for the danasoft image, that information is also collected by the third party. Typically, if you're visiting a reputable site, that's not a problem because at least the authors should know what all the images on their site are. This image, in the same way as some malware programs do...although I don't intend to suggest a similarity of intent...gets around that by enticing the user with a gimmick, in this case an IP "mirror," as you called it.

I'll propose an analogy that I think fits reasonably well. Say I drove into into a Walmart parking lot and they note my license plate number, model of car I was driving, what I shopped for, and what time I went into the store. Walmart might not care, or they might look for money-making or even malicious (let's hope not) ways to use the data. It doesn't really matter because part of going onto their private property means I expose this information. To extend the analogy to the danasoft case, consider a third person (Walmart "user" - analogous to someone posting the third-party image) who discretely follows me around during my visit to collect this information, and then tells it to somebody I don't know. If they do this at all the Walmarts (or online message boards) across the country, they're getting a lot of data.

So what does this mysterious data-monger do with all this data? Who knows. I can't really think of any spectacular uses off the top of my head. I guess if the same person (IP) visits two different Walmarts with big gardening departments (or two web-development forums), then he might guess that the user likes gardening and try to find a way to send unsolocited garden products ads to the user...perhaps he carelessly dropped a business card (foolishly posted an email) during one visit.

I agree that it's nothing to get worked up over. Since people were curious about it, I just thought I'd comment on what can be done with it.

I see alot of pages with a reference to this domain:

http://www.w3.org/TR/html4/strict.dtd

Imagine all the data they could build!

Wow!!! :)

I see alot of pages with a reference to this domain:

http://www.w3.org/TR/html4/strict.dtd

Imagine all the data they could build!

Except that most browsers ship with the HTML 4 DTD's already internally installed, so very few actually request that document. Sorry to ruin a funny...