MySpace hack reveals profile visitors

Ignoring the ad hominem

Ignoring the ad hominem attacks that drown out anything approaching common sense in your post:

"For you to report on his two week old blog post about an item that has been WIDELY known about for over a YEAR"

They wrote about it because two weeks on, the issue is still there and one of the most prolific crapflooders around happened to have a screenshot in his photo gallery that revealed this has been in use since at least October 07.

Now you say its been in use for a year? That's actually a lot worse than having "just" been around for a month or even six months, which would have been bad enough.

Also, you say its "widely known" - on pay-to-view forums and hacking sites with sections devoted to myspace, perhaps. To everyone else - where would we have come across warnings about this? Can you point to some?

As the original blog said, the issue here isn't that it appears to be "widely known" in the wrong places - the issue, is that the people most affected by it (researchers, pedophile hunters that work with law enforcement, and law enforcement itself) - most certainly didn't. Weeks or even months of work can go down the drain because of something like this, and the people abusing the system realise they're being watched and go underground - or potentially take retaliatory action.

Finally, I guess you yourself have then also known about this for a year or perhaps more? Can I assume you also reported this to Myspace when you found out about it? If yes, what happened and why has it taken a year or more to rectify? If not, why not?

"If anyone on myspays wants to see who visits their page, they can do so with ANY free stat service like sitemeter."

Someone already pointed this out, but sitemeter (for example) will only show you an IP at best. It won't tie anything to a profile, and most of the prolific trolls using this aren't particularly clever when it comes to technology (witness Punisher and DP, for example). Most everything is point and click. Expecting them to start wading through IP addresses and work out what belongs to who based on that alone is stretching things. Present them with a handy list of actual myspace profiles, however, and they can quite happily roll with that. Which is exactly what they're doing.

Oh also, the whole point is that using third party tracking tools is against the Myspace ToS. So they shouldn't BE using sitemeter, or anything else for that matter.

"THIS would tip people off that there's tracking."

How would a visitor to a myspace page with a third party tracking system on it be "tipped off" to the fact that there was tracking there? By opening up the source of every page they visit and seeing what lurks beneath the surface? Or seeing the great big "hi, you just got tracked" banner on the page for whatever third party app the page owner happened to be using? And how would that help? The second they hit the page, the damage is done and their details have been logged.

That helps nothing, and being "tipped off" by a button or banner on a page saying "powered by x meter" is closing the stable door long after the horse has bolted. The issue here isn't ultimately about IP addresses, its about having a specific list of Myspace profiles that have visited your page.

"So you see it's a non issue,"

I think people would disagree with you there, though I'm sure the people using it would be happy to see it continue to exist. To their credit, Myspace are working to fix it and I'm sure they will, eventually. However, that doesn't mean that many, many people hunting nefarious characters on Myspace aren't potentially at risk, right now as a result of this still being operational.

"just not for attention hungry Chris 'no skills' Boyd."

We informed someone with a large userbase that there was an issue, and gave people using that service a simple and straightforward temporary fix in the meantime so this wouldn't affect them - a temporary fix that doesn't seem to have been mentioned in the wide - sorry, WIDE - coverage you mention.

Last time I checked, helping people to not get caught out by individuals abusing the system was a good thing to be encouraged and promoted. But please, continue with the ad hominem attacks because it seems that's all you ultimately have to fall back on.

ps hahaha