• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

B.scorecardresearch.com

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    B.scorecardresearch.com

    Hoping the more webby techies <cough> NickFitz </cough> can help my understanding.

    For the last day or so, I have been receiving the below server certificate warning when logging into Facebook.

    I've rejected the certificate each time and not really given it much thought until now.

    A quick Google search of the term b.scorecardresearch.com reveals that the company in question is a webtracking firm and that you can opt out of having your web browsing tracked by downloading a cookie from their website.

    If I understand this correctly, they track your web browsing habits by running a script but not from your PC but from any websites you visit that may have signed up to their service.

    Is my understanding of this correct? If so, does that mean that I do not have their script on my PC as, if I do, I'd like it removed pronto.

    In which case, the only way to opt-out of this 'service' is via a cookie from them. Correct?


    #2
    You can also opt-out by running NoScript on FireFox.
    "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
    - Voltaire/Benjamin Franklin/Anne Frank...

    Comment


      #3
      Originally posted by cojak View Post
      You can also opt-out by running NoScript on FireFox.
      I use Opera as my primary browser.

      Comment


        #4
        Originally posted by Clippy View Post
        I use Opera as my primary browser.
        Add the following line to your host file c:\windows\system32\drivers\etc\hosts
        Code:
        B.scorecardresearch.com 127.0.0.1
        the article you posted also listed two other domains so do the same for them.
        merely at clientco for the entertainment

        Comment


          #5
          It looks like scorecardresearch.com (SCR) are a web tracking outfit, but a "legitimate" one. They embed an image link in Facebook, which gets a 1x1 pixel transparent GIF, and sets a bunch of cookies as a side effect, which then allows them to track your activity, not just on Facebook but on other sites you visit that use their service.

          The certificate fail comes about because they are using Akamai. This is a CDN (Content Delivery Network) which helps to speed up the web by keeping caches of stuff on servers around the world; so, for example, when your browser tries to load images on a website based in Australia, Akamai can return a copy of them from a server in London, which is a lot faster what with the speed of light being what it is.

          In the case of Facebook, all traffic is encrypted using SSL (hence your browser location bar will show the location https://www.facebook.com/ rather than http://). However, SCR have apparently screwed up their use of Akamai with SSL, so your browser sees Akamai's SSL certificate rather than SCR's, and warns you that this stuff isn't coming from where it's supposed to.

          FWIW, Mr. Obama's homepage was showing the same problem using Akamai last year

          SCR's Privacy Policy (which looks tulip because the stylesheet that should make it look pretty, and the banner graphic with their logo, are both 404 Not Found, indicating that they don't put much effort into this aspect of their operations) offers a link to an opt-out page which sets a do-not-track-me-you-bunch-of-bastards cookie. The contents of this cookie are:

          Code:
          NO_COOKIE=1; domain=.scorecardresearch.com; expires=Fri, 27-Sep-2041 19:55:51 GMT; path=/
          which means "No cookies from any directory or document at any SCR domain before the year 2041" and it works, in the sense of being sent to them with all future requests. It also seemed to stop the certificate warnings for me - I tested with Opera just to be sure. So try the opt-out link, and see if that cures your woes.

          Comment


            #6
            @NickFitz

            Comment


              #7
              Originally posted by cojak View Post
              You can also opt-out by running NoScript on FireFox.
              Sure, if you want to disable half the web. JS is so ubiquitous now, I don't consider it a real option to work without it - like it or loathe it the web is not about static pages but dynamic online applications now.
              Originally posted by MaryPoppins
              I'd still not breastfeed a nazi
              Originally posted by vetran
              Urine is quite nourishing

              Comment


                #8
                Originally posted by d000hg View Post
                Sure, if you want to disable half the web. JS is so ubiquitous now, I don't consider it a real option to work without it - like it or loathe it the web is not about static pages but dynamic online applications now.
                Well noscript won't work because as Nick pointed out they use a 1x1 invisible gif to track the information (its old, not exactly efficient, but does work) rather than the more detailed but less efficient javascript based tracking. The only real option is probably to edit the host file.

                I'm working on a plan b that does user tracking (plus about two million other similar odds and sods regarding customer experience improvements). From the last set of figures I looked at its remarkable how few people don't have javascript enabled nowadays but then again gmail, google and many other sites simply don't work without it.
                merely at clientco for the entertainment

                Comment


                  #9
                  Getting a pre-populated hosts file that is regularly updated to block these types of trackers/linkers is a good idea.

                  Also speeds up browsing as it removes the need for your browser to do a DNS lookup and try to contact the domain host server, as the change tells your browser that the links are local and therefore unobtainable.

                  There can be some downsides as things like Google ads may no longer work if they too use a tracking system listed in the hosts file. Can always remove individual entries if you find it too restrictive.

                  Is the MVPS one still the best and kept as up to date as any others?
                  Feist - 1234. One camera, one take, no editing. Superb. How they did it
                  Feist - I Feel It All
                  Feist - The Bad In Each Other (Later With Jools Holland)

                  Comment

                  Working...
                  X