«
»

Myspace profile trackers – not only a privacy leakage!

When writing about the stalkertrack myspace tracker scam I didn’t speak about the service in itself, as users are promised access to it, but will never ever receive it from stalkertrack.com. But the whole issue of profile trackers at Myspace is indeed interesting and worth an extra post. At the Washington Post Security Fix Brian Krebs covered that a few months ago, but only gave a vague idea about the technical details and possibilities on myspace.

There are two different kind of myspace tracking services out there. Those who go with the Myspace TOS and those who don’t. The legitimate services (like profilesnitch.com) can only show the data that every homepage owner can gather from his visitors: the visitors location (via ip), time, operating system, etc. The latter ones can show you the profile nickname, picture and even the registered email address of every myspace user visiting your profile on top! This surely is a serious privacy leakage that myspace needs to fix permanently. The illegitimate services are only stopped from working, as Myspace manually deactivates them, as their hide-and-seek continues. Using custom hosted scripts (available via ebay (1, 2) and other scripts that are not publicly sold like “Project Tenyer” the script used by stalkertrack.com, you can circumvent this limitation and host the scripts yourself.
These javascripts read the email address and all Myspace IDs the user was ever logged in on the same PC and grabs the profile picture, name, and URL from home.myspace.com/index.cfm?fuseaction=user (which is where the myspace user’s main panel is) where they can edit their profile, etc. The information contained in the cookie alone is sufficient that the tracker user can get the full user privileges for for the length of the active session (that lasts 6 hours). He is only stopped from changing email address or password by myspace security routines.

As long as all authentication cookies and user-maintenanced pages are hosted on the same domain it is very hard if not impossible to fight trackers and other cross-site-scripting attacks on myspace. There’s a good reason why intelligent companies like Google keep it’s users homepages out of reach of the google.com domain, but gives them googlepages.com URLs and social networks like flickr disallow any kind of active user-content to be included into user pages. It is now Myspace’s task to restructure it’s architecture to a safe environment for all surfers. This plus the fact that Myspace saves a unneccessary high amount of data in it’s cookies make such trackers so easy to realize.

Tags: , ,

This entry was posted on Tuesday, January 30th, 2007 at 08:03 and is filed under how to NOT. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

39 Responses to “Myspace profile trackers – not only a privacy leakage!”

  1. bow Says:
    February 14th, 2007 at 19:21

    hello!
    could ihve myspace tracker?please?

  2. Webanalyticsbook Says:
    February 21st, 2007 at 00:12

    Great blog and good idea! Congrats from NYC

    Sebastian

  3. steve Says:
    March 16th, 2007 at 13:31

    the best

  4. b-franniie Says:
    March 19th, 2007 at 02:40

    please send me the profile tracker..

  5. Sherrie J Webber Says:
    March 20th, 2007 at 05:03

    none

  6. riah Says:
    March 25th, 2007 at 06:07

    this is a great idea.may i pls have a myspace tracker.

  7. Joe Says:
    March 28th, 2007 at 21:44

    good idea with the tracker

  8. amy Says:
    March 29th, 2007 at 17:31

    please send me the profile tracker.

  9. Char Says:
    April 13th, 2007 at 01:13

    PLEASE! I want it.

  10. Elizabeth Valdes Says:
    April 13th, 2007 at 08:08

    Can I please find out who has been looking at myspace.

  11. Ashley Says:
    April 17th, 2007 at 00:32

    Send me a myspace tracker please

  12. karon davis Says:
    April 17th, 2007 at 19:58

    send me a myspace tracker

  13. karon davis Says:
    April 17th, 2007 at 19:58

    send me a myspace tracker please

  14. Jay Says:
    June 3rd, 2007 at 09:16

    can u send me a myspace tracker plz

  15. ace Says:
    June 22nd, 2007 at 02:00

    i need a tracker asap

  16. Raven Says:
    June 24th, 2007 at 07:32

    How to download this stalker tracker?

    Or how to use it?

    Thank you whoever answer this question.

  17. Raven Says:
    June 24th, 2007 at 07:33

    Yeah, me too……..

    please send me a myspace tracker too……….

    Please…….

  18. bobby Says:
    June 24th, 2007 at 21:02

    gimmie gimmie
    view me

  19. dustin Says:
    July 5th, 2007 at 12:35

    please send me a tracker

  20. Christine Says:
    July 6th, 2007 at 05:03

    let me use this please

  21. Christine Says:
    July 6th, 2007 at 05:03

    i would really appreciate it
    thank you

  22. Idiots Says:
    July 6th, 2007 at 20:11

    Hey, you can’t just ask for a MySpace tracker, that’s not how it works. :P

  23. bianca Says:
    July 15th, 2007 at 20:27

    can i hav a my space tracker

  24. keyla Says:
    July 20th, 2007 at 22:44

    hey exuse me i had ask why wait until be unfair no happy and i m happy myspace tracker… please there dosent work its thanks very much

  25. cristy Says:
    July 26th, 2007 at 16:06

    Can i please have the myspace tracker

  26. Jailynn Says:
    August 15th, 2007 at 02:09

    please send me a myspace tracker

  27. Caitlin Kinard Says:
    September 27th, 2007 at 18:50

    send me a myspace tracker please!!!!!!
    CaItLiN

  28. nisha Says:
    October 26th, 2007 at 22:02

    can i have myspace tracker

  29. maria Says:
    November 7th, 2007 at 16:18

    kool

  30. ryan Says:
    November 25th, 2007 at 02:02

    please send me one to

  31. ryan Says:
    November 25th, 2007 at 02:03

    send me one too

  32. ryan Says:
    November 25th, 2007 at 02:03

    send me one too ok

  33. Jeff Says:
    November 27th, 2007 at 22:45

    PLEASE—send me a tracker ,for my space—PLEASE!!!!!

  34. Krissi Says:
    December 6th, 2007 at 18:53

    Pls send one to me too! =)

  35. Clemen Says:
    December 10th, 2007 at 00:20

    How do i go about getting this tracker

  36. nadia Says:
    December 28th, 2007 at 00:37

    how do i gett this tracker

  37. ana yanaghi Says:
    January 11th, 2008 at 05:44

    pls kindly send me my space tracker

  38. ROSY GARCIA Says:
    January 24th, 2008 at 01:11

    HOW DO I GETT A MY SPACE TRACKER???

  39. pakaimas Says:
    March 3rd, 2008 at 06:17

    can tracking people that spy my frofile can sen or do erase information in my profile