MyBlogLog – Y! Privacy and Widgetisation

I love the recent Y! acquisition, mybloglog. Its like a myspace with bells on. Ive encountered some really nice and interesting people too. In case you haven’t seen or used it before its a social media platform. You can join communities, add contacts, upload photos and if you install a piece of code you can get stats and display photos of visitors from their network on your site as they arrive.

On the user front I think its kinda cool. IMO I think It adds an extra dimension to ones website by way of showing an extra human dimension. You can see the latest faces of people who have visited and if you so feel inclined, go and check them out to see what they are all about; at least thats what Ive found myself doing!

Their stats page is cool too. Gives you a non fussy overview of where your readers came from, what they viewed and what they clicked. It even tells you what ads they clicked on too.

Great, for some at least, a quick and easy way to see whats what, without the need for other 3rd party metrics. Your top 10 referrers, top 10 articles showing the number of times they were read, and the top 10 external off site link clicks within your blog posts. The ad clicking feature is good too, showing you what ad was clicked on, or at least the target destination. Ok, so its lacking in a lot of things and could be a whole lot better granted. But hey, its free and besides if you want something a little more involved there’s always Google analytics or Web trends or for the ultra paranoid amongst us, there’s the traditional on server log file analysis approach. Webaliser, Analog, AW Stats all do a pretty good job at showing you the why’s and the wherewithals (ad clicks aside perhaps).

The other day here lyndoman and I had a little light hearted discussion of some of the pluses and minuses of this whole tracking thing.

I can’t see porn sites using the widget, else you would just see a lot of hairy crusty blokes, viewing the hot lesbo action websites, lol. Good way to blackmail.

But what would be cool for geeks would be mobile phone text alerts that tell you when such and such has visited your site.

It’s a brilliant service with fantastic ways for it to go wrong.

It got me thinking about some of the privacy issues on all this; my cynical antenna went on to dark orange status and got me thinking in terms of if they wanted to, they could actually track your entire history throughout their network. Who you visited, what you read, how long you read it for, what you bookmarked, did you comment, what did you say etc blah. Lyndoman’s comical reference to Scott Rafer sitting in some room with multiple screens and white cat on his lap couldn’t be so far from reality.

Anyhow, it was for reasons like this that some time back I didn’t buy into the who Google personalisation/ search history thing. I don’t want Google or any other search engine for that matter knowing my searching patterns; especially when its aligned to me personally.Why? Just coz, EOS.What is really in it for me I asked myself. After a short while I realised, not very much at all. Great for them, hell yeah. Great user demographic info, priceless in terms of pushing the right products to the right people in the right places, provided I’d want them of course. As I’m not a big fan of cold calling anyways, I decided to pass.

So we have these privacy policies whereby we see that companies promise not to share data about us and all that – the whole thing of course, is built on trust. We entrust our actions to people and companies we don’t know. We assume that we are protected by law from infringements of our personal liberties and whatnot, we assume that just because they say they won’t do this or that, that they won’t. Just made me wonder really, what is there to safeguard us? Who if anybody monitors these things, where are the policies outlining who has access to the data and who doesn’t? We all remember the AOL user search revelations , we should also remember that everything we push out there into the big wide world goes through the servers of our ISP. Thats all of our Instant messaging, emails, web browsing, video conferencing – everything. I wonder who ensures the restrictions on all that too.

Important questions no? What do you think?

Rob Watts
Kickstart your business today - Get an SEO Consultation or just talk to Rob about your online aspirations. With over 20 years experience in building traffic he's pretty much encountered most markets and scenarios
Posted on: 15th January 2007, by : Rob Watts

11 thoughts on “MyBlogLog – Y! Privacy and Widgetisation

  1. To be honest I’ve never really been bothered about the data that companies hold on me. Although I am totally against identity cards.

    But, I really don’t want a company to know all my browsing habits. I know Scott Rafer says they will never release data, but that’s what AOL said.

    I now use a seperate browser for “sensitive” browsing, deleting cookies after each session.

    I wait for the first story to hit the front page of Digg about the misuse of data.

  2. Oh indeed, I’m with you on that.

    Sometimes, and yes sure, I could well be exaggerating somewhat and maybe seeing demons that may not be there even, but that whole AOL thing showed that such demons can and do materialise.

    The phrase ‘walking blind along a wobbly old tightrope’ anyone?

  3. Aww thanks for the mention! :0)

    Must admit I have enjoyed the site since joining. The main reason I joined was to learn a bit more about the web, and there are some great sites to visit.

  4. You are welcome Sarah, you were simply germane to the topic at hand. 🙂

    It is a good little thing; bright, crisp and funky. We like new!

  5. Rob you seem to know your stuff where programming is concerned. How easy would it be for someone to track my movements using mybloglog.

    Particulary could it tell if I looked at particular pages. The code may have to be located on the browsed server. I see people popping up in my widget and thought it would be fun to see what they actually read.

    Of course Mybloglog has this data already.

    Matching up the IP with an entrance of a mybloglog peep, then creating a session over all the website, logging as it goes.

    Could a website detect if they are a mybloglog user, sniff the cookie I guess.

    Hmmm, I’m no coder so maybe it’s not possible.

    Of course this raises more privacy issues, the website wouldn’t have to announce it was in the mybloglog network so you would have no idea you were being tracked.


    What if you hook it up with the system and actually saw what their eyeballs tracked.

    Yes, these are the things I think about. Sad really. 🙂

  6. That’s how I found you and Lyndoman. I followed Lyndoman over from GreyWolf’s blog and then over here.

    I see several recognizable faces on your display. I trust these people. If they read your blog, then you must be a winner.

  7. Hi Lyndon

    Well, I know enough to be dangerous!

    AFAIK, no.

    A cookie can only be accessed from the domain that sets it.

    Perl Services have a nice little faq on the topic of cookies.

    Who can see my Cookies?
    When a Cookie is transferred to your browser, part of it’s content is the domain name of the server that placed it there. Another part of the Cookie data is the path to the program that placed the Cookie.
    When you visit a site that checks for Cookies, the browser looks at the request and determines the name of the server and the path to the program. If a Cookie exists that has the same domain name and the same path then obviously that program is allowed to access that Cookie because it placed it there in the first place!

    If the domain name and path do not match exactly, then the browser WILL NOT TRANSMIT THE COOKIE!!!. This means that, mechanically and logically, the Cookie will only be made available to an authorized program on the host server.

    No one except an authorized person can see the Cookie therefore no one can look at or take information from another websites Cookie!

    So, your cookie from mybloglog,com can only be accessed from the domain that sets it, i.e I couldn’t place a piece of code in my domain and grab your details and watch where you go subsequently, only mybloglog could do that, and then only from domains and pages that had installed their code.

    The code that mybloglog sets referenced from the javascript that people like you and me insert into our blog installs does a number of things like; fetch the info from and outputs the latest visitors to our blog and puts their photos on our blogs via a little document.write.

    The real engine, I guess is the tracking url.***********

    This will grab things, like referer strings, page names, clicks and other user behaviours and basically store and record anything that mybloglog chooses to do.

    We’d have no clue on this, as we have no way of accessing it or what its doing. Its essentially a private script for them to do as they see fit with.

    This is where the whole issue of trust and privacy comes into it all. We just don’t know, its all on trust. Is what we do, worth it in terms of the trade off between, what we get from them versus what they get from us – its our call, if we are happy with the arrangement, we keep the cookie. If we aren’t we drop it. This at least protects us from any personalised tracking. If we don’t want them knowing about our visitors, then we drop their code too I guess.

    Lyndoman said: Of course this raises more privacy issues, the website wouldn’t have to announce it was in the mybloglog network so you would have no idea you were being tracked.

    Yes too, there wouldn’t be much to stop them using it in say a hidden div set to off the page somewhere, so know you wouldnt know. Safest way would be to browse the net with JS disabled, but then what a pile of poo that would be! 😀

    Happy mediums is the order of the day.

  8. >Lyndon said:I see people popping up in my widget and thought it would be fun to see what they actually read.

    Sorry don’t think I addressed this in the prior comment.

    Yes, you could set a cookie yourself that referenced a tracking script you wrote. The script would basically log the visit and follow them through the site.

    You could store the info in a db and do whatever you wanted with it. In order to identify them they’d need to have commented or registered in some way and you’d need to write up a little privacy policy too of course. But this is the kicker, if I *knew* a site owner was tracking me, I’d kind of want to know why. Some standard BS about improving my user experience wouldn’t wash! 😀

  9. Hello Hawaii SEO

    >I see several recognizable faces on your display. I trust these people. If they read your blog, then you must be a winner.

    That is interesting dontcha think? The sighting of a familiar face, effectively conveys trust, or in the very least a curiosity to go and find out a little more about who they are and what they have to say!

  10. Yeah, i agree. If I knew someone was doing this without my knowledge trust would plummet.

    Although I do not swim in the black hat pond I have dipped my toe in the water and found it a little too cold for my liking. I call this stuff as black hat in the sense the data can be used for personal gain whilst breaking the rules. By rules I mean common sense rules that we apply as a community.

    And as we all know trust is crucial in this game.

    Hawaii SEO, checked out your blog and love the shirt.

  11. Utterly fascinating! …I am going to explore this issue in some more depth in a separate post…
    Thanks for leaving the comemnt on my blog and for putting this so well together…

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: