# Echostar spyware?



## raj2001 (Nov 2, 2002)

I just finished scanning my PC with ad-aware. I was looking through the logfile and saw this entry:

obj[12]=File : c:\documents and settings\[username]\cookies\[username]@ehg-echostar.hitbox[2].txt

This was a tracking cookie that it found. I've been to E*'s site a few times, but I've never registered for anything. Humm... I wonder what's up with that?


----------



## gcutler (Mar 23, 2002)

Have you selected "Current" of "Potential" customer? Because that used to be the basic web site start. It would ask you which one are you and then the next time you go back it assumes you are either "Current" or "Potential" customer.

Now when I start the web site it says "Welcome Dish Network Customer".


----------



## Steve Mehs (Mar 21, 2002)

I agree with gcutler, most likely it's detecting the cookie that contains your proflie (current or potential sub). I just ran AAW, here's what I don't get, Last Activity, today at 5AM. At 5AM I was sound asleep


----------



## Scott Greczkowski (Mar 21, 2002)

Just like visiting here at DSBTalk you get cookies, the cookie at the Dish Network site remembers your WANT TO SUBSCRIBE or AM A SUBSCRIBER setting. 

I dont think its anything more then that.


----------



## DishDude1 (Apr 13, 2002)

Thats why I don't have my receiver plugged into a phone line, I know they are spying on me.


----------



## raj2001 (Nov 2, 2002)

> _Originally posted by Scott Greczkowski _
> *Just like visiting here at DSBTalk you get cookies, the cookie at the Dish Network site remembers your WANT TO SUBSCRIBE or AM A SUBSCRIBER setting.
> 
> I dont think its anything more then that.  *


I didn't think it was more than that. It may have remembered me from when I was playing around with the form for local channels availability.

And yeah, I know about cookies and stuff on DBSTalk, and I don't think you'd be spying on me Scott 

I was curious though, as to why ad-aware flagged the Echostar cookie as potential spyware.


----------



## raj2001 (Nov 2, 2002)

> _Originally posted by DishDude1 _
> *Thats why I don't have my receiver plugged into a phone line, I know they are spying on me. *


I know that if you have a TiVo, they are collecting info about the shows you watch and record. But this information is anonymous, and they allow you to opt out. I don't think other D* receivers report anything other than PPV, mirroring status and premium sports subs. I think DISH receivers are the same.


----------



## Scott Greczkowski (Mar 21, 2002)

Here at DBSTalk the cookies are used as follows.

1) Are you logged in or not. If you are logged in the system remembers your username information so you don't have to log in on each visit.

2) Your message read indicators (so when you come back and your logged in you can see the new posts since your last visit)

And thats about it, we do not track you, spy on you, sell your information or anything else. 

We hate junk mail as much as you do.


----------



## James_F (Apr 23, 2002)

So I don't need my tin foil hat anymore? :eek2:


----------



## firephoto (Sep 12, 2002)

hitbox is a tracking cookie.
http://www.safersite.com/PestInfo/h/Hitbox.asp

spy spy spy


----------



## JStanton (Dec 5, 2002)

The Hitbox service allows webmasters to collect information like Browser Type, OS, JavaScript version, etc. My company subscribes to it. We use the information to better plan future versions of our web sites (like how many people are still using Netscape 4.0? Can we stop supporting it finally?) It has nothing at all to do with advertising.

Cookies in general are IMO a way overblown (threat? risk?) ... I'm not even sure what the issue people have with them is. They aren't active code, they cannot read files on your hard drive, they are a piece of information that the site uses to recognize you the next time.

You don't get more or less ads if you have cookies enabled or not. If anything the ads will be more targeted to something that might interest you.

As a web developer, I'm really curious why people have this aversion to cookies. Please enlighten me!

- Jim


----------



## James_F (Apr 23, 2002)

People don't like being tracked even though they use those dumb Supermarket cards with no problem. :bang

Though I agree with you. Its a pain explaining to people why they need to have cookies enabled on sites I create.


----------



## JBKing (Mar 23, 2002)

> _Originally posted by Scott Greczkowski _
> *And thats about it, we do not track you, spy on you, sell your information or anything else. *


* Unless your username begins with an R and ends with an r 
R - - - r


----------



## rbonzer (May 13, 2002)

Wait a minute? I resemble that remark!


----------



## firephoto (Sep 12, 2002)

What about all the ads.doubleclick cookies and the like???
If I go to xyz.com I expect cookies from xyz.com not from blowmyjoe.com.
When I allow cookies for dbstalk.com I get the full benefit of it. Try turning off your automatic cookie handling in IE6 and go surf around awhile. When you see some ad related cookies pop up for you to accept or reject, reject them then see how many more times the cookie pops up. There are sites that hit you with a dozen or more cookies per page but unless you handle your cookies manually you'll never know it.

Why is a cookie needed to track brower, java, or OS?? A cookie gets stored on MY hard drive. The web browser identifies what it is, and the OS and java version. A cookie isn't needed for that and if it were it would only be a session cookie and be deleted as soon as I closed that page. This hitbox cookie stays until it is manually deleted.


----------



## JStanton (Dec 5, 2002)

> Why is a cookie needed to track brower, java, or OS?? 

It's to ensure uniqueness. So the stats don't get skewed in favor of people who go there more often. Make it more statistically valid.

> A cookie gets stored on MY hard drive.

Yes, but it's only a couple of bytes! 

I still don't understand what the problem is with blowmyjoe.com sponsoring the content of xyz.com and using a cookie to track those people. They're not getting any personal information about you. 

- Jim


----------



## Karl Foster (Mar 23, 2002)

Actually, I like having cookies on my computer. It allows me as a parent to look at the sites my kid visits on the Internet. Kind of a poor-man's NetNanny. I caught my daughter visiting a site she wasn't supposed to and she was freaked out that I knew. She knows better now after a good stern talking to.


----------



## firephoto (Sep 12, 2002)

The contents of the cookie in question. Although it is plain text, it isn't exactly readable. This is from the cookie after clicking around the dishnetwork site for a minute or so and not closing the page.

Expires (GMT): 03/18/04 16:37:34
Used (GMT): 
Status: 
Site: ehg-echostar.hitbox.com/
Cookie: DM5108145LDBV6=V1^@(#Xz%[email protected]%[email protected]^[email protected]%[email protected]%B"%rCir^%iQC"%rCir^%[email protected]^XBr%CX"[email protected]}z(xB$kkkxB[[2FOTafk:hdxB[c:mxB[xB[xB[xB[':maxB[xB[xB[xB[(K2Ff2TWzA6kkk"[2FOTafk:hd"c:m""""':ma""""(K2Ff2TWA6c:TfaTf6Gh:WhImm2TW6O_fq6kkk"[2FOTafk:hd"c:m""""Yh:WhImm2TW""""'[8]A6c:TfaTf6facOT:~:W36haca2qahF6errr6fk:hd"c:m""""8acOT:~:W3""""yaca2qahF""""l:_a~"errrA6FaIhcO6hafI2~ah6kkk"[)}'Tafk:hd"c:m""""}aIhcO""""yafI2~ahFA6c:TfaTf6kOIfF#ak6kkk"[2FOTafk:hd"c:m""""POIf"F"#akA6c:TfaTf6Gh:WhImm2TW6'[8]6kkk"[2FOTafk:hd"c:m""""Yh:WhImm2TW""""'[8]A6c:TfaTf6Gh:WhImm2TW6m:q2aF6FO:kf2ma6mm2TW""""YIcdIWaF""""Yham2Dm""""}O:kf2ma"=T~2m2fa_A6kkk"[2FOTafk:hd"c:m""""':ma""""(K2Ff2TWz
Comment: 
Comment URL: 
Rx Domain: 
Rx Path: 
Cookie Port:

The second one. (There were two cookies)

Expires (GMT): 03/18/04 16:37:34
Used (GMT): 
Status: 
Site: ehg-echostar.hitbox.com/
Cookie: E108145LDB=V1A6c:TfaTf6IufDF6GhaFFd2f6Gh2Tfz%[email protected]%BA6c:TfaTf6Gh:WhImm2TW6O_fqz%rCir^%CXiA6c:TfaTf6facOT:~:W36haca2qahF6errrz%rCir^%CQrA6FaIhcO6hafI2~ahz%rCir^%[email protected]:TfaTf6kOIfF#akz%rCir^%[email protected]:TfaTf6Gh:WhImm2TW6'[8]z%rCir^%[email protected]^A6c:TfaTf6Gh:WhImm2TW6m:q2aF6FO:kf2maz%rCir^%C^iA6z%rCir^%iQC
Comment: 
Comment URL: 
Rx Domain: 
Rx Path: 
Cookie Port:

If cookies are so harmless then why are they coded into something that is unreadable to most people?

The www.dbstalk.com cookies seem to pretty straight forward.

Expires (GMT): 02/14/04 01:32:48
Used (GMT): 03/19/03 16:24:14
Status: o
Site: www.dbstalk.com/
Cookie: bblastvisit=1045186367
Comment: 
Comment URL: 
Rx Domain: 
Rx Path: 
Cookie Port:

Expires (GMT): 02/14/04 01:33:51
Used (GMT): 03/19/03 16:24:14
Status: o
Site: www.dbstalk.com/
Cookie: bbuserid=1124
Comment: 
Comment URL: 
Rx Domain: 
Rx Path: 
Cookie Port:

Expires (GMT): 02/14/04 01:33:51
Used (GMT): 03/19/03 16:24:14
Status: o
Site: www.dbstalk.com/
Cookie: bbpassword=(password code deleted  )
Comment: 
Comment URL: 
Rx Domain: 
Rx Path: 
Cookie Port:

Opera File Explorer used to get cookie info.


----------



## JStanton (Dec 5, 2002)

They're not encrypted, they're just binary. It's a lot more efficient and faster for software to read binary data then parse human-readable text.

I asked WebSideStory (parent company of HitBox) what they do when people complain about cookies. They sent me this link:

http://www.websidestory.com/privacy/

The sections relevant to www.dishnetwork.com's usage of it are marked 'Hitbox Service'. There is an opt out screen that will add a cookie to your browser that will prevent hitbox from using your browsing in their aggregate statistics gathering.

- Jim


----------



## firephoto (Sep 12, 2002)

That's worse than a MS EULA!!!!


----------



## Jerry 42 (Feb 25, 2003)

Cookies are like people.
I don't trust people except you and me, and I'm not so sure of you.


----------

