Tracksters
There are numerous marketing companies who will track you by your Internet usage (aka click streams), web bugs, etc. Doubleclick is probably the most notorious example. (Now owned by Google... are you worried yet?)
I call them "Tracksters".
The host or domain names used by them can be easily determined by browsing your cookies after surfing the web for a while.
Shown below are some real-world domains found in my cookies file.
A condensed & clean version of this list is at http://bit.ly/18fyINq
Host/Domain Cookie name Notes data.coremetrics.com CoreID6 doubleclick.net id .ehg-etoys.hitbox.com DM541004C4EZV6 } .ehg-hasbro.hitbox.com DM550217FKDEV6 } A pattern emerges! .ehg-f5.hitbox.com DM53123059DMV6 } others are oreilly, techtarget vmware fastclick.net rt hitbox.com CTG ice.112.2o7.net s_vi } [1] kanoodle.com (multiple) kontera.com (multiple) media.adrevolver.com (multiple) mediaplex.com (multiple) msnportal.112.2o7.net s_vi } [1] m.webtrends.com ACOOKIE networksolutions.112.2o7.net s_vi optimize.indieclick.net MAXID } aka Openads overture.com (multiple) pa.penny-arcade.com phpAds_id partner2profit.com (multiple) paypal.112.2o7.net s_vi } [1] perf.overture.com SYSTEM_USER_ID } another overture.com phg.hitbox.com (multiple) } all start with WR54122... quantserve.com uid qnsr.com (multiple) } aka QuinStreet Media rad.msn.com (multiple) } Advertising Delivery System (ADS) rotator.adjuggler.com (multiple) rotator.juggler.inetinteractive.com (multiple) searchmarketing.com SM serving-sys.com (multiple) sixapart.adbureau.net (multiple) } probably *.adbureau.net specificclick.net (multiple) statcounter.com (multiple) statse.webtrendslive.com (multiple) t4.trackalyzer.com trackalyzer tacoda.net (multiple) } "behavioral targeting", yikes trafficmp.com (multiple) tribalfusion.com ANON_ID } ANON == ANONYMOUS? yea, right turn.com (multiple) web.checkm8.com (multiple) rocketprofit.com (multiple) } touts "Detailed, state of the art tracking capability"
See Also
- http://doc.bleedingthreats.net/bin/view/Main/BlackHoleDNS
- stopbadware.org
- malwaredomains.com - the DNS-BH project
Notes
Most cases, just blackhole the SLD, e.g. coremetrics.com instead of data.coremetrics.com.
[1] See http://en.wikipedia.org/wiki/Omniture & http://www.omniture.com/privacy/2o7
There are LOTS of other references and resources for this type of information.
- AdBlockPlus - a firefox browser extension and links to various tracker lists.
- Firewalling against Instant Messaging and File Sharing Services
blackhole-gen script
I run this on my FreeBSD name servers.
Step 1. Create the /var/named/etc/namedb/master/blackhole.zone file
$TTL 1d
@ IN SOA @ root (
2006051201 ; serial
1H ; refresh
15M ; retry
4W ; expiry
5M ) ; negativeTTL
1D IN NS ns1.foster.dmz.
1D IN NS ns2.foster.dmz.
1D IN A 127.0.0.2
* 1D IN A 127.0.0.2
Note: You should change the NS lines to match your OWN authoritative name servers.
Step 2. Add this line to named.conf:
include "named.conf.blackhole";
Step 3. Put this script in /var/named/etc/namedb/blackhole-regen
#!/bin/sh
# Warning, this script probably only works well on FreeBSD 5.5 or newer
# Stick it in cron to run once daily or so, as root
# Regenerate named.conf.blackhole file from updates "targets"
# file maintained by mark.foster
# also reloads named.
cd /var/named/etc/namedb/
mv -f named.conf.blackhole named.conf.blackhole.old
fetch http://mark.foster.cc/trackers
for d in `cat trackers`; do
cat <<EOF >> named.conf.blackhole
zone "$d" { type master; file "master/blackhole.zone"; };
EOF
done
/etc/rc.d/named reload
Step 4. Run the script, and restart your name servers
/var/named/etc/namedb/blackhole-regen /etc/rc.d/named restart
Step 5. Optional but recommended, add crontab entry in /etc/crontab so this runs daily
0 12 * * * root /var/named/etc/namedb/blackhole-regen