Elegant expressions against webbugs! Try this Lou Cipher expression...

Hi malware fighters,

What to do against those tiny little 1 pixel devils that track ye, and embedded cannot be stopped even by NoScript, I guess. Well there is a line of code you can insert as a general filter (expression) inside your FF or Flock AdBlockPlus. Open this up and insert this line:

/\W(track|stat|count|trend|hit).+\.(gif|js|cgi|php|asp|jsp|html|lqm)\?/

It is a general rule to tackle the following three:
/track*.(gif|js|cgi|php|asp|jsp)?/
/stat*.(gif|js|cgi|php|asp|jsp)?/
/count*.(gif|js|cgi|php|asp|jsp)?/

Like to hear how it works for ye all, rule by courtesy of Lou Cipher (2005).

polonus

I thought the string looked strange as other filters in my FF adblock plus begin with an * on trying to Add a Filter, copying in the string without the * causes a pop-up, see image.

So should this have an * at the start of the string (or should it be a regular expression as indicated in the pop-up) ?

Hi DavidR,

Yep, it is to be regarded as a regular expression, because it should work as a general protection.

pol

Thanks, we will see what it can do though it is possible to block images by size (1x1) in my firewall, so that too should be able to block these tracking transparent gifs, etc.

Have anyone tried it to insert into avast web shields web blocking? :slight_smile:

Hi Ylap,

Good creative thinking, could be if the coder tried to find a general expression for these three undesirables, it might even work there (from our point of view, as you see what I mean, not from the point of the trackers and profilers).
Tried to combine the Anonymization proxy toolbar with httProxy add-on (the first comes as a toolbar), and Switch Proxy. Not bad, my friend, not bad at all.
The difficulty with these webbugs (it is a pity that Bugnosis was never brought out for Firefox or Flock as an extension, why has no-one ever try to think of porting it outside the IE 5 and upwards for the Mozilla typed browser?) is that they try some 20 ways to connect (embedded, third party cookies, etc.etc.). Then there is a javascript like urchin.js (Google for instance has it) that gets out in a way it was not intended for javascript by the developers (there is some info on the workings on the Net, but not a lot of people to explain to the full what it does combined with http, but it is very helpful in building up your personal clickstream. Yahoo at the Flock startpage also has urchin.js. and there are more of these javascripts that profile the searcher etc.
When you have script installed they can read what extensions you have in FF in what versions, geolocation, and what have ye. The only chance you have is working Torpark with NoScript and Privoxy, but then your ISP know all your ins and outs before and after firing up Torpark. It is a bit better when you surf from a USB stick with for instance PocketFlock where all your browsing data are cleared on closing up the browser or you use Stealther and Distrust while using the browser.
But I think we need some general expressions to circumvent the nasty and hidden tracking code, because the Internet is like the Sea, ever changing and evolving, when you block one ‘rotter’ a dozen others have been opened up.

polonus

click on secure browser.jpg to enlarge!

Hi Ylap,

This is what my browser gives away using httProxy analyzed through Privacy.net:
Browser Type and Version

Browser: Default
Fullversion: 0.1.18
Gecko: False
Crawler: False

Browser Security

Session Cookies Not Accepted
Persistant Cookies Not Accepted
JavaScriptEnabled: False
VBScriptEnabled: False
JavaEnabled: False
ActiveXEnabled: False
SSL: False
SSLActive: False
SSLKeySize: 0
SSLEnabled: False
Firewall: False
OpenPorts:
PopupsBlocked: False
ImagesEnabled: False
HighSecurity: False

Connection Details

Broadband: False
ConnectionType:
Firewall: False
Proxy: True
thisBrowser.ProxyString : HTTP/1.1 128.112..:88* (CoralWebPrx/0.1.18 (See http://c"r"lcdn."rg/))
CompressGZip: False
AOL: False
MSN: False

Display and Layout

Width: 0
WidthAvail: 0
Height: 0
StyleSheets: False
PNG: False
FontSmoothing: False
FontColor: False
FontSize: False
Tables: False
TableBGColor: False
TableBGImage: False
ColorDepth: -1
Frames: False
IFrames: False

Scripting Capabilities

ActiveXControls: False
ActiveXEnabled: False
JavaScript: False
JavaScriptEnabled: False
JavaScriptVer: 0
JavaScriptBuild:
VBScript: False
VBScriptEnabled: False
VBScriptBuild:
XML: False
MSXML: -1
XMLHttpRequest: False
DHTML : False
FileUpload: No

System Details

Platform: Unknown
Win16: False
WinInstallerMinVer: 0

Plug-in Information

Java Information

JavaApplets: False
JavaEnabled: False

Locale Information

Country: US
Language: English
User Language:
System Language:
Time Zone Difference: -99
Browser Date and Time :
Browser Date and Time ms: -1

TraceRoute to 128.112.1**.** [plnetlab-.cs.princeton.edu]

I am quite satisfied here,

polonus