The one with the Full Disclosure

Cool techie hacks always get me excited.

A friend of mine added a widget on her Blogspot blog today that shows the list of visitors coming to her blog, and then using IP geolocation to figure out the location of the person. So when I visit her blog now, the right hand panel screams out “Philadelphia, Pennsylvania visited … ”

Somehow that seems like intruding into my privacy, I mean… I should be able to stalk women without them having to know that I am stalking them. Where’s the justice in this world? ;-)

Anyway, I really don’t mind people knowing that I visited their blog, but still it’s not nice to be told that you’re being watched, and worse still to share the information in public. What’s between you and me, should remain between you and me.

It’s surprising that WordPress.com doesn’t share IP logs with blog owners. You might call it a privacy issue, blah blah blah, but a self-hosted WordPress blog would probably give that information, so it’s not a big deal. So I decided to do this small hack in order to get an access log.

So here’s full disclosure, the End Reader Licence Agreement: BY VISITING THIS BLOG, YOU AGREE TO BE TRACKED, WATCHED, AND PERHAPS STALKED.

Too late, you don’t have a “Decline” button.

So how did I do this: WordPress has a widget called “Text”, which basically allows for HTML too. Simple, just fill the widget with <img src="<outside-url-that-you-can-track>" alt="" /> . After that, everytime you get a visitor, his browser will try to get that image, and the IP address will get logged on your external server. I’m using CMI’s server, and the image file is a PHP script that does the logging.

Also, since all my friends are distributed around the globe, IP geolocation should quite precisely tell me who visited when. :P By storing the referrer I can also figure out which post you read.

As I said, I know you don’t like to be told that you’re been watched, so I’ll also tell you how to get around my logging system. If you don’t want me to know when you’re visiting (maybe you’re a woman stalking me? omg, this is so fantastic!), you can use adblock to block “http://www.cmi.ac.in/~arnold/image.php

Advertisements

10 Responses to The one with the Full Disclosure

  1. Shreevatsa says:

    Where’s your tracking? Shouldn’t you show its results in this post for extra spooky effect? :-)
    [Same trick: one image that collects the information, then another image generated from that information…]

    BTW, have you read about Private Information Retrieval? It’s very cool (Scott Aaronson says it’s “why complexity is better than cannabis”). As I have not read much about it, I can only think of an inefficient anonymizing method that is guaranteed to work — I can set up a script that will access *all* the posts on your website randomly (every five minutes on average, say), so that my actual visits are indistinguishable from the automated ones. [This is like the idea that the only way to borrow a particular book from a library without revealing any information is to borrow all the books.]

  2. arnstein says:

    Lol, extra spooky effect: I notice that an MIT IP address searched for “scott” on my blog :)

  3. arnstein says:

    btw, do you know of any online service that does basically the same thing? (not just hit-count.. also access logs)

  4. anshul says:

    If I were you, I would just firefox/adblock the tracking elements on her blog… (and unblock them tastefully, as and when required…)

    Oh, and in the spirit of full disclosure, your image has been added to my adblock list! :P

    Since you asked, here is the big daddy of free tracking: http://www.google.com/urchin/index.html (I keep that adblocked too because google already knows way too much. In fact, the only tracking I allow through is the wordpress stuff because they are polite and well, mostly harmless… )

    http://bash.org/?577451

  5. nadeem says:

    what’s going to happen if i don’t block that image :

    u get a long list of IPs and their geolocations ,
    u think of where the person could ‘ve taken ur blog from each of those locations .
    u shortlist some possible institutions…
    u know it’s Mr.X

    u know that Mr. X read this blog post ….
    so what ? all i can say for sure is that u’ve wasted a lot of time of urs if u went to this whole procedure .

    P.S. : if u r going to do this , then it is not going to help u with ur de-addiction scheme ;)

  6. haru says:

    alternately.. you can just use an iframe to call your php script :)

  7. haru says:

    also.. just wrote one for hit count and logs :P

  8. anon says:

    @nadeem

    well… you might find out that miss Y always reads your blog at 3 am in the night… that kind of info can be potentially useful… :P

  9. […] allowing images in scraps. Now that I notice it, I realize you can do exactly the same thing as in Episode 1, but with slightly more serious […]

  10. Your post is great,that’s all what I’m able to say,I hope you’ll post more and more!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: