Although I do not swim in the black hat pond I have dipped my toe in the water and found it a little too cold for my liking. I call this stuff as black hat in the sense the data can be used for personal gain whilst breaking the rules. By rules I mean common sense rules that we apply as a community.

And as we all know trust is crucial in this game.

Hawaii SEO, checked out your blog and love the shirt.

>I see several recognizable faces on your display. I trust these people. If they read your blog, then you must be a winner.

That is interesting dontcha think? The sighting of a familiar face, effectively conveys trust, or in the very least a curiosity to go and find out a little more about who they are and what they have to say!

Sorry don’t think I addressed this in the prior comment.

Yes, you could set a cookie yourself that referenced a tracking script you wrote. The script would basically log the visit and follow them through the site.

You could store the info in a db and do whatever you wanted with it. In order to identify them they’d need to have commented or registered in some way and you’d need to write up a little privacy policy too of course. But this is the kicker, if I *knew* a site owner was tracking me, I’d kind of want to know why. Some standard BS about improving my user experience wouldn’t wash!

Well, I know enough to be dangerous!

AFAIK, no.

A cookie can only be accessed from the domain that sets it.

Perl Services have a nice little faq on the topic of cookies.

Who can see my Cookies?
When a Cookie is transferred to your browser, part of it’s content is the domain name of the server that placed it there. Another part of the Cookie data is the path to the program that placed the Cookie.
When you visit a site that checks for Cookies, the browser looks at the request and determines the name of the server and the path to the program. If a Cookie exists that has the same domain name and the same path then obviously that program is allowed to access that Cookie because it placed it there in the first place!

If the domain name and path do not match exactly, then the browser WILL NOT TRANSMIT THE COOKIE!!!. This means that, mechanically and logically, the Cookie will only be made available to an authorized program on the host server.

No one except an authorized person can see the Cookie therefore no one can look at or take information from another websites Cookie!

So, your cookie from mybloglog,com can only be accessed from the domain that sets it, i.e mybloglog.com. I couldn’t place a piece of code in my domain yackyack.co.uk and grab your details and watch where you go subsequently, only mybloglog could do that, and then only from domains and pages that had installed their code.

The code that mybloglog sets referenced from the javascript that people like you and me insert into our blog installs does a number of things like; fetch the info from mybloglog.com and outputs the latest visitors to our blog and puts their photos on our blogs via a little document.write.

The real engine, I guess is the tracking url.

http://track3.mybloglog.com/js/jsserv.php?mblID=***********

This will grab things, like referer strings, page names, clicks and other user behaviours and basically store and record anything that mybloglog chooses to do.

We’d have no clue on this, as we have no way of accessing it or what its doing. Its essentially a private script for them to do as they see fit with.

This is where the whole issue of trust and privacy comes into it all. We just don’t know, its all on trust. Is what we do, worth it in terms of the trade off between, what we get from them versus what they get from us – its our call, if we are happy with the arrangement, we keep the cookie. If we aren’t we drop it. This at least protects us from any personalised tracking. If we don’t want them knowing about our visitors, then we drop their code too I guess.

Lyndoman said: Of course this raises more privacy issues, the website wouldn’t have to announce it was in the mybloglog network so you would have no idea you were being tracked.

Yes too, there wouldn’t be much to stop them using it in say a hidden div set to off the page somewhere, so know you wouldnt know. Safest way would be to browse the net with JS disabled, but then what a pile of poo that would be!

Happy mediums is the order of the day.

I see several recognizable faces on your display. I trust these people. If they read your blog, then you must be a winner.

Particulary could it tell if I looked at particular pages. The code may have to be located on the browsed server. I see people popping up in my widget and thought it would be fun to see what they actually read.

Of course Mybloglog has this data already.

Matching up the IP with an entrance of a mybloglog peep, then creating a session over all the website, logging as it goes.

Could a website detect if they are a mybloglog user, sniff the cookie I guess.

Hmmm, I’m no coder so maybe it’s not possible.

Of course this raises more privacy issues, the website wouldn’t have to announce it was in the mybloglog network so you would have no idea you were being tracked.

AND

What if you hook it up with the crazyegg.com system and actually saw what their eyeballs tracked.

Yes, these are the things I think about. Sad really.

It is a good little thing; bright, crisp and funky. We like new!