KQED and RedSheriff

[Richard Steinfeld]

KQED is the largest public broadcaster in northern
California. It operates TV Channel 9, an FM station, various
repeaters for both in different areas, and now, having
purchased one of those ubiquitous Christian FM stations,
radio to Sacramento despite the fact that there was already
a public station there.

I discovered degraded system performance when I was on their
web site, and with effort, traced the problem to
transmissions from my machine to imrworldwide. When i
emailed them, KQED acknowledged their use of this tool. They
said that they had selected RedSheriff because it was the
least likely to cause consternation among their site users.
I logged a separate transmission to imrworldwide with every
mouse click while I was on the KQED web site.

I noticed that on their site, imrworldwide proclaims the
superiority of their product at evading firewalls; sure
enough, that's where I found it logged as it merrily
subverted my protection. I believe that the way that this
operation works is to comandeer some of our computer memory
to efferctively establish a server in our machines:
effectively creating a "computer within the computer." Quite
a theft of processing power.

Our 900-pound Public Broadcaster is blindly devoted to
obtaining stats regardless of how odious the practice or
method is (and how questionable it is to devote scarce
resources to this techno-fluff). I registered an objection.
Instead of stopping this odious (and costly!) practice,
KQED's response to my objection was to post a statement
about their use of RedSheriff on their policy page.

Perhaps if we all refuse to contribute to any public
broadcaster invading our systems and privacy this way, and
let them know how we feel and the impact on their bottom
lines, they'll get the message loud and clear.

Richard

[artnpeg@claymania.com]

On Wed, 09 Jul 2003 13:54:17 GMT, "Richard Steinfeld"
<rgsteinBUTREMOVETHIS@sonic.net> wrote:

>KQED is the largest public broadcaster in northern
>California. It operates TV Channel 9, an FM station, various
>repeaters for both in different areas, and now, having
>purchased one of those ubiquitous Christian FM stations,
>radio to Sacramento despite the fact that there was already
>a public station there.
>
>I discovered degraded system performance when I was on their
>web site, and with effort, traced the problem to
>transmissions from my machine to imrworldwide.

If you view the web page source you'll see why.

>When i
>emailed them, KQED acknowledged their use of this tool. They
>said that they had selected RedSheriff because it was the
>least likely to cause consternation among their site users.
>I logged a separate transmission to imrworldwide with every
>mouse click while I was on the KQED web site.

IE with scripting enabled?

>I noticed that on their site, imrworldwide proclaims the
>superiority of their product at evading firewalls; sure
>enough, that's where I found it logged as it merrily
>subverted my protection.

If you use IE with active content enabled you have no protection

>I believe that the way that this
>operation works is to comandeer some of our computer memory
>to efferctively establish a server in our machines:
>effectively creating a "computer within the computer." Quite
>a theft of processing power.

Nah. Looks to me like you were simply being referred to a imrworldwide
server which tried to obtain what info it could on you.

>Our 900-pound Public Broadcaster is blindly devoted to
>obtaining stats regardless of how odious the practice or
>method is (and how questionable it is to devote scarce
>resources to this techno-fluff). I registered an objection.
>Instead of stopping this odious (and costly!) practice,
>KQED's response to my objection was to post a statement
>about their use of RedSheriff on their policy page.
>
>Perhaps if we all refuse to contribute to any public
>broadcaster invading our systems and privacy this way, and
>let them know how we feel and the impact on their bottom
>lines, they'll get the message loud and clear.

I think it's far better to simply use the latest Moz based browser
with Proxomitron and not be concerned about what web sites try to do.

I had no problems whatseover at the site.

Art
http://www.epix.net/~artnpeg

[Richard Steinfeld]

<artnpeg@claymania.com> wrote in message
news:rirqgv0nh7cgn8m26dqlk6aevlqo246a4p@4ax.com...
> On Wed, 09 Jul 2003 13:54:17 GMT, "Richard Steinfeld"
> <rgsteinBUTREMOVETHIS@sonic.net> wrote:
>
> >KQED is the largest public broadcaster in northern
> >California. It operates TV Channel 9, an FM station,
various
> >repeaters for both in different areas, and now, having
> >purchased one of those ubiquitous Christian FM stations,
> >radio to Sacramento despite the fact that there was
already
> >a public station there.
> >
> >I discovered degraded system performance when I was on
their
> >web site, and with effort, traced the problem to
> >transmissions from my machine to imrworldwide.
>
> If you view the web page source you'll see why.
>

I'm not sure what you mean. Please explain. I went to
imrworldwide's site and read their material before I zeroed
in on the culprit a few weeks ago.


> >When i
> >emailed them, KQED acknowledged their use of this tool.
They
> >said that they had selected RedSheriff because it was the
> >least likely to cause consternation among their site
users.
> >I logged a separate transmission to imrworldwide with
every
> >mouse click while I was on the KQED web site.
>
> IE with scripting enabled?
>
No. I'd disabled scripting. This did not disable RedSheriff.

> >I noticed that on their site, imrworldwide proclaims the
> >superiority of their product at evading firewalls; sure
> >enough, that's where I found it logged as it merrily
> >subverted my protection.
>
> If you use IE with active content enabled you have no
protection
>
I'm pretty well battened-down in this regard.

> >I believe that the way that this
> >operation works is to comandeer some of our computer
memory
> >to efferctively establish a server in our machines:
> >effectively creating a "computer within the computer."
Quite
> >a theft of processing power.
>
> Nah. Looks to me like you were simply being referred to a
imrworldwide
> server which tried to obtain what info it could on you.
>
I'm talking about the behavior of my system, timing of
connections, etc. The claim by KQED is that no
personally-identifiable information is collected. But how do
I know that this is true. I mean, the software's action is
clandestine to most users.

> >Our 900-pound Public Broadcaster is blindly devoted to
> >obtaining stats regardless of how odious the practice or
> >method is (and how questionable it is to devote scarce
> >resources to this techno-fluff). I registered an
objection.
> >Instead of stopping this odious (and costly!) practice,
> >KQED's response to my objection was to post a statement
> >about their use of RedSheriff on their policy page.
> >
> >Perhaps if we all refuse to contribute to any public
> >broadcaster invading our systems and privacy this way,
and
> >let them know how we feel and the impact on their bottom
> >lines, they'll get the message loud and clear.
>
> I think it's far better to simply use the latest Moz based
browser
> with Proxomitron and not be concerned about what web sites
try to do.
>

Moz = Mozilla?
As in "Dubbya" = Geo. Dubbya Bush?

> I had no problems whatseover at the site.
>
> Art

But, Art, are you using IE?
By the way, Spybot's "Innoculate" function blocks this
nasty.

Richard

> http://www.epix.net/~artnpeg

[null@zilch.com]

On Fri, 11 Jul 2003 07:17:59 GMT, "Richard Steinfeld"
<rgsteinBUTREMOVETHIS@sonic.net> wrote:

>
><artnpeg@claymania.com> wrote in message
>news:rirqgv0nh7cgn8m26dqlk6aevlqo246a4p@4ax.com.. .
>> On Wed, 09 Jul 2003 13:54:17 GMT, "Richard Steinfeld"
>> <rgsteinBUTREMOVETHIS@sonic.net> wrote:
>>
>> >KQED is the largest public broadcaster in northern
>> >California. It operates TV Channel 9, an FM station,
>various
>> >repeaters for both in different areas, and now, having
>> >purchased one of those ubiquitous Christian FM stations,
>> >radio to Sacramento despite the fact that there was
>already
>> >a public station there.
>> >
>> >I discovered degraded system performance when I was on
>their
>> >web site, and with effort, traced the problem to
>> >transmissions from my machine to imrworldwide.
>>
>> If you view the web page source you'll see why.
>>
>
>I'm not sure what you mean. Please explain. I went to
>imrworldwide's site and read their material before I zeroed
>in on the culprit a few weeks ago.

With Mozilla based browsers (I use Netscape 7.10) it's under the View
menu as Page Source. Here's a cut and paste of the RedSheriff portion:

************************************************** ****************
<!-- BEGIN RedSheriff code from router JSP -->

<!-- START RedSheriff Customer Intelligence V4 - Java v1.1
Revision: 1.8 -->
<!-- COPYRIGHT 2002 Red Sheriff Limited -->

<script language="JavaScript"><!--
var pCid="us_us-kqed_0";
var w0=1;
var refR=escape("Not Your Business!");
if (refR.length>=252) refR=refR.substring(0,252)+"...";
//--></script>
<script language="JavaScript1.1"><!--
var w0=0;
//--></script>
<script language="JavaScript1.1" src="index.jsp_files/a1.js">
</script>
<script language="JavaScript"><!--
if(w0){
var imgN='';
if(navigator.userAgent.indexOf('Mac')!=-1){document.write(imgN);
}else{
document.write('<applet code="Measure.class" '+
'codebase="http://server-us.imrworldwide.com/"'+'width=1
height=2>'+
'<param name="ref" value="'+refR+'">'+'<param name="cid"
value="'+pCid+
'"><textflow>'+imgN+'</textflow></applet>');
}
}
document.write("<COMMENT>");
//-->
</script><comment>
<noscript>

</noscript>
</comment>

<!-- END RedSheriff Customer Intelligence V4 -->


<!-- END RedSheriff code from router JSP -->
************************************************** ***************
You can see that it requires Java Script, as does much of the KQED web
site.

>> >When i
>> >emailed them, KQED acknowledged their use of this tool.
>They
>> >said that they had selected RedSheriff because it was the
>> >least likely to cause consternation among their site
>users.
>> >I logged a separate transmission to imrworldwide with
>every
>> >mouse click while I was on the KQED web site.
>>
>> IE with scripting enabled?
>>
>No. I'd disabled scripting. This did not disable RedSheriff.

Java Script? If that was disabled, the RedSheriff insert would have no
effect.

>> >I noticed that on their site, imrworldwide proclaims the
>> >superiority of their product at evading firewalls; sure
>> >enough, that's where I found it logged as it merrily
>> >subverted my protection.
>>
>> If you use IE with active content enabled you have no
>protection
>>
>I'm pretty well battened-down in this regard.

You would have to disable _all_ active content in IE to be "battened
down". That renders IE useless, so I don't use it. I've used
IEradicator which works well.

>> >I believe that the way that this
>> >operation works is to comandeer some of our computer
>memory
>> >to efferctively establish a server in our machines:
>> >effectively creating a "computer within the computer."
>Quite
>> >a theft of processing power.
>>
>> Nah. Looks to me like you were simply being referred to a
>imrworldwide
>> server which tried to obtain what info it could on you.
>>
>I'm talking about the behavior of my system, timing of
>connections, etc. The claim by KQED is that no
>personally-identifiable information is collected. But how do
>I know that this is true. I mean, the software's action is
>clandestine to most users.

They can't obtain much on a reasonably secured PC. Maybe they can
identify which version of Windows I use, and the browser I use. I
don't bother to hide that info since it doesn't do them any good
Any site can get your IP address. So what?

>> >Our 900-pound Public Broadcaster is blindly devoted to
>> >obtaining stats regardless of how odious the practice or
>> >method is (and how questionable it is to devote scarce
>> >resources to this techno-fluff). I registered an
>objection.
>> >Instead of stopping this odious (and costly!) practice,
>> >KQED's response to my objection was to post a statement
>> >about their use of RedSheriff on their policy page.
>> >
>> >Perhaps if we all refuse to contribute to any public
>> >broadcaster invading our systems and privacy this way,
>and
>> >let them know how we feel and the impact on their bottom
>> >lines, they'll get the message loud and clear.
>>
>> I think it's far better to simply use the latest Moz based
>browser
>> with Proxomitron and not be concerned about what web sites
>try to do.
>>
>
>Moz = Mozilla?
>As in "Dubbya" = Geo. Dubbya Bush?

Yes. There are Mozilla, K-Meleon, Firebird, and Netscape (at least).
If these are kept up to date, you have very little concern with
leaving both Script and Java Script on all the time, as I do. I keep
Opera on hand for those rare sites that Moz browsers can't render well
because of crummy "break all the rules" HTML.

>> I had no problems whatseover at the site.
>>
>> Art
>
>But, Art, are you using IE?

Haven't used IE for many years. Wouldn't touch OE with a ten foot pole
either





Art
http://www.epix.net/~artnpeg