A recent post elsewhere made a comment that there is no way that I can tell someone is accessing the site from a library, and even if I could, I wouldn’t know if the person was using a library desktop, or sitting outside using WiFi. Now, this post isn’t about false claims. It just occurred to me that misinformation about privacy is more rampant than I had thought. And, since APs tend to be on the paranoid side (for good reason), perhaps a bit of clarification may be useful.
Forums have elementary tracking functionality, like IP logging and lookup, to deal with SPAM and trolling. However, if you have your own full-access webserver, you also have access to the logs. In my case, IIS logs. These logs exist for legitimate purposes and I can’t remember a report of where they have been used otherwise. But, they do exist in great detail. As an example, of course a forum moderator can tell if you are in a library, or university, a mid- or large- company, or some other fair-sized organization. But, via the logs, not only can I tell if you are using a mobile device – I can tell you the color of your smartphone or tablet.
Sounds ridiculous. But, realize that app developers and larger website hosts require a great deal of information. They need to know whether their users are Mac, UNIX, or Windows users. They need to know if you are a mobile user; and if you use Android, iOS, Blackberry, Windows, whatever. They need to know how many users are on XP or older, or the version of Android or iOS. They need to know what browsers their users use, and what releases. They need to know the resolution of screens. There are several reasons:
- Where to focus development
- What hardware/software still needs to be supported
- Trends in user device screen sizes
- Code to distinguish between different browsers and browser releases because of different functionality
- Code to handle known OS and device aberrations
Webpages, desktop software, and mobile apps often contain code to distinguish between any number of details about devices and operating software to handle environments differently. So, among other things, every hit on a website can produce a log entry which includes the operating system, and it’s exact sub-release number, the browser used, and it’s exact sub-release number, the device used, and it’s full model number, and various other info about the device. Remember my silly claim made earlier? The color of a smartphone is included in the full model number. There are many other fields, some of which I use for stats. For example, there are three IP fields. I use the original-IP as it is traced through reverse proxies.
Now, most of what I’ve outlined above isn’t particularly dangerous, unless you are up to something nefarious yourself. But, while I’m at it, there is an area with mobile apps that many do not fully understand. When you build an app, you specify sensitive features that the app requires. For example, my apps ask for one such access, access to the network, which I use to check for updates and to download strategies. When you install an app, you will be informed of the requested accesses and must approve them. Now, there exist legitimate apps to organize and deal with e-mail and contacts. They will ask for e-mail and contact access. Realize that if an app asks for e-mail, contacts, and network access, it can steal your e-mail and contact list and upload them to a server. For an AP, that could include the member names and phone numbers of other APs, which could be used to link a member name to a person’s name and address. So, if you are installing a casino game, and you are warned that it wants such access, no way you should provide it.
One further note. There exist many services and applications that claim to hide some or all of this info. Some of these are legit. A growing number are not. What better way to hack someone than purport to be protecting them from hackers.
With some of this technology comes extremely annoying concepts like targeted ads based on what you looked at on some site. That’s life. When technology advances; someone finds a way to use it for purposes we don’t like. I just thought people would like a better understanding of what is tracked. And, this post is not meant to be all-inclusive. Be careful out there.
Bookmarks