What.cd is spying on Filesharingtalk

This is one of the latest tricks. Basically what they do is set up a page which can’t be viewed by browser which is full of links the css checks to see if those links have been visited before if so it uses the content css tag to log your ip and which page you’ve viewed. Example of urls checked:

Quote:

---

filesharingtalk.com/vb3/f-bittorrent-trades-158/t-have-and-need-404169
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-have-scc-whatcd-and-hdcorea-406264
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-have-whatcd-invite-404989
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-i-have-397931
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-need-whatcd-409732
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-need-whatcd-invite-404800
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-whatcd-409821
filesharingtalk.com/vb3/newreply.php?do=newreply&noquote=1&p=3265225
filesharingtalk.com/vb3/newreply.php?do=newreply&noquote=1&p=3422154
filesharingtalk.com/vb3/newthread.php?do=newthread&f=158
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2452085
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2452962
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2454090
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456112
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456287
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456441
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456682
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456686
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456986
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456988
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2461556


filesharingtalk.com/vb3/private.php?do=showpm&pmid=2461897

---

See the PM ids ? Admins here can easily trace who are their hunters, as they are checking who read the messages they sent.

Can sites do this to your privacy and still you support them? this is madness nad the defeat of all ur privacy.

Old news.

Doesn't this happen quite frequently? And not just with What.cd...

Yes, a few other sites are using the same exploit as well.

quite unfair considering that visiting those threads doesn't necessarily make you a trader or else.

and i think disabled CSS Layout can prevent this?

Quote:

---

Originally Posted by HDBits

and i think disabled CSS Layout can prevent this?

---

http://www.filesharingtalk.com/vb3/s...d.php?t=388923

Edit: wait, for some reason it's been trashed. Oh well...

They do this with cheat forums aswell as Anon can tell you. IMO it just adds to their bad image of already jumping to assumptions and banning without a "fair trial".

Hombre why didn't ya just link to the pastie you got all those links from http://pastie.org/private/p8a9bemaax6md65qqrzima much more informative. You can see that searching cheater in what.cd's forums is a major major no no.

Oh look, he can copy and paste from backie's blog. To his credit though, he didn't copy the whole article as he usually does.

Quote:

---

See the PM ids ? Admins here can easily trace who are their hunters, as they are checking who read the messages they sent.

---

So when What's staff does it, it's an invasion of privacy, but when FST's staff does it it's not :whistling

Quote:

---

Can sites do this to your privacy and still you support them? this is madness nad the defeat of all ur privacy.

---

There's a pretty simple solution to prevent this "invasion of privacy". Don't trade. It's funny how the slower ones have a hard time comprehending that. If you don't trade you don't need to worry about proxies, scores of usernames and emails, CSS leaks, IP matches, trader hunters, or the constant worry of being caught. It's funny how some people never learn.

Quote:

---

Originally Posted by ca_oak

So when What's staff does it, it's an invasion of privacy, but when FST's staff does it it's not

---

I wasn't aware Fst banned members for trading via pm.

Quote:

---

Originally Posted by hombre

This is one of the latest tricks

---

I know you just copy and pasted everything, backie is the real idiot not you.... but this has been a topic of discussion a while ago. Even on this forum we have anti css leak scripts for Firefox.

I have nothing to hide! let them come and check!

Do you think they'll spy on this thread? :doctor:

Quote:

---

Originally Posted by Hombre

This is one of the latest tricks. Basically what they do is set up a page which can’t be viewed by browser which is full of links the css checks to see if those links have been visited before if so it uses the content css tag to log your ip and which page you’ve viewed. Example of urls checked:

Quote:

---

filesharingtalk.com/vb3/f-bittorrent-trades-158/t-have-and-need-404169
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-have-scc-whatcd-and-hdcorea-406264
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-have-whatcd-invite-404989
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-i-have-397931
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-need-whatcd-409732
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-need-whatcd-invite-404800
filesharingtalk.com/vb3/f-bittorrent-trades-158/t-whatcd-409821
filesharingtalk.com/vb3/http://filesharingtalk.com/vb3/newreply.php?do=newreply&noquote=1&p=3265225
filesharingtalk.com/vb3/http://filesharingtalk.com/vb3/newreply.php?do=newreply&noquote=1&p=3422154
filesharingtalk.com/vb3/newthread.php?do=newthread&f=158
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2452085
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2452962
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2454090
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456112
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456287
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456441
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456682
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456686
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456986
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2456988
filesharingtalk.com/vb3/private.php?do=showpm&pmid=2461556


filesharingtalk.com/vb3/private.php?do=showpm&pmid=2461897

---

See the PM ids ? Admins here can easily trace who are their hunters, as they are checking who read the messages they sent.

Can sites do this to your privacy and still you support them? this is madness nad the defeat of all ur privacy.

---

well..good morning

Who cares if sites check these threads out their only trying to get rid of the dead wood from their sites can't blame them for that.

Quote:

---

Originally Posted by ca_aok

So when What's staff does it, it's an invasion of privacy, but when FST's staff does it it's not :whistling

---

trying to defend one site by trying to attack the other one - it's a bit weak logic to say at least

Quote:

---

Originally Posted by ExtraDry

Who cares if sites check these threads out their only trying to get rid of the dead wood from their sites can't blame them for that.

---

the end justifies the means? my wild guess is that cheaters use the same logic :)

:yawn:

I really should put Hombre on ignore. Can anyone help me find the list, I seem to have forgotten where it is.

It is kinda scary because like someone else said, viewing trade threads dont mean you trade. That being said, I have viewed a bunch of trade threads and I havent been banned at what.cd (thankfully).

What is one of the few trackers it would really suck to lose (for me at least).

Quote:

---

Originally Posted by kukushka

trying to defend one site by trying to attack the other one - it's a bit weak logic to say at least

---

Wasn't really meant to attack either What or FST, more the stupidity of the double standard that when someone's invading your privacy by using their staff powers to read PMs (whatever the purpose), it's ok since it's benefiting you rather than getting you banned.

If you're going to knowingly break the rules, might as well step up rather than crying about their methods to catch you in the act.

Quote:

---

Originally Posted by That1Guy

It is kinda scary because like someone else said, viewing trade threads dont mean you trade. That being said, I have viewed a bunch of trade threads and I havent been banned at what.cd (thankfully).

What is one of the few trackers it would really suck to lose (for me at least).

---

I'm fairly certain they'd cross-reference it with other evidence like IP switches, or the CSS hits on the PM trade links, etc.

Quote:

---

Wasn't really meant to attack either What or FST, more the stupidity of the double standard that when someone's invading your privacy by using their staff powers to read PMs (whatever the purpose), it's ok since it's benefiting you rather than getting you banned.

---

I don't really see the stupidity in the whole "double standard" you speak of.

Of course people will act negatively when their privacy is breached against their will, ultimately resulting in trouble/losses..
I'm not sure about anyone else around here :shifty:, but this seems like a very uncomplex idea to understand?

People react positively when benefiting, where as they act negatively when being harmed.

Personally I hate invasion of privacy, even if you insist it's helping me... The most important thing to me is my privacy.
You keep your benefits, and I'll keep my no-script and anti-css leak script running....:P

I'm sure the trader hunters would see it as a breach of their privacy against their will resulting in trouble/losses (their FST account).

Of course people react positively when benefiting, that's human nature. It's just pretty silly that they expect their "privacy" to be upheld while telling the staff here to violate someone else's privacy.

It's only a problem if you've got something to hide :whistling

Quote:

---

Originally Posted by ca_aok

Quote:

---

Originally Posted by That1Guy

It is kinda scary because like someone else said, viewing trade threads dont mean you trade. That being said, I have viewed a bunch of trade threads and I havent been banned at what.cd (thankfully).

What is one of the few trackers it would really suck to lose (for me at least).

---

I'm fairly certain they'd cross-reference it with other evidence like IP switches, or the CSS hits on the PM trade links, etc.

---

I bet you are right. Doesnt really bother me then. But I can see how it may upset some people.

Quote:

---

It's only a problem if you've got something to hide

---

I don't like the fact that anyone can see what I'm viewing on the internet, so I try to limit all the ways possible to keep my privacy.

I'm entitled to privacy when browsing the internet, and I don't believe any site should breach that.

You're disclosing far more by giving them your IP and a non-disposable email than you are by telling them you've viewed an arbitrary page online that they have to specify, especially when it's easily circumvented in any browser.

You aren't entitled to privacy, you expect it. In fact if you take a look at the DMCA and the Patriot Act (since your flag is american) you'll see that you actually have very few rights to privacy online as far as the government is concerned.

Quote:

---

You aren't entitled to privacy, you expect it. In fact if you take a look at the DMCA (since your flag is american) you'll see that you actually have very few rights to privacy online as far as the government is concerned.

---

I am very aware of our shitty rights given to us on the matter.
Which is why I take my privacy into my own hands as much as I can.

But let me get this straight, you support the css leak that what.cd is exploiting?
What are your feelings about me blocking this cute little exploit?

Quote:

---

You're disclosing far more by giving them your IP and a non-disposable email than you are by telling them you've viewed an arbitrary page online that they have to specify, especially when it's easily circumvented in any browser.

---

Not necessarily, what if my facebook or myspace or online banking seeps through the css leak? I prize that information more than my ip address and my email address (which not to mention is untraceable and is disposable)
It's not like a virus that steals your username and password, but still the fact that they could look at my personal information on myspace/facebook or any personal site is not ok with me.

I have no problem with it personally, as I'm not receiving trade PMs or downloading cheat clients so it's completely irrelevant to me.

I don't have any sympathy for the people that are treating their accounts as commodities to trade, sell, or exploit to their maximum benefit before tossing them aside and grabbing some more. Making their lives harder isn't much of a concern for me.

If you're a trader and you're pissy about it, there's a browser fix for all the major browsers.

Quote:

---

Originally Posted by ca_aok

I have no problem with it personally, as I'm not receiving trade PMs or downloading cheat clients so it's completely irrelevant to me.

I don't have any sympathy for the people that are treating their accounts as commodities to trade, sell, or exploit to their maximum benefit before tossing them aside and grabbing some more. Making their lives harder isn't much of a concern for me.

If you're a trader and you're pissy about it, there's a browser fix for all the major browsers.

---

I'm sure you would have a problem if the IIPA or Warner was looking at your css links, Mr. double standards.

Quote:

---

Originally Posted by That1Guy

Quote:

---

Originally Posted by ca_aok

I'm fairly certain they'd cross-reference it with other evidence like IP switches, or the CSS hits on the PM trade links, etc.

---

I bet you are right. Doesnt really bother me then. But I can see how it may upset some people.

---

No staffer is going to disable someone just for visiting a thread in a forum ... for all they know you're a trader hunter yourself. They're using it as an indication for further checks. Standard procedure really. It's the weight of evidence that convicts.

Quote:

---

Originally Posted by Tv Controls you

I'm sure you would have a problem if the IIPA or Warner was looking at your css links, Mr. double standards.

---

No more of a problem then I have with them monitoring BT swarms. It's within their power to do, and while I think their companies are full of corrupt businessmen it's up to you to protect yourself. Just like it's up to you to properly set privacy settings on a site like Facebook or Myspace. The internet really isn't that private of a place, so if you're doing something wrong and you aren't protecting yourself, you'll have to be prepared to deal with the consequences. As most of us here are probably pretty hardcore filesharers, we should be aware that in the distant future, there could be consequences based on the choices we made and the monitoring techniques they're using.

Anyway we're discussing torrent sites monitoring trade PMs and you're exaggerating it and comparing it to corporations suing people which has real life legal and monetary consequences. They aren't exactly the same thing.

Quote:

---

Anyway we're discussing torrent sites monitoring trade PMs and you're exaggerating it and comparing it to corporations suing people which has real life legal and monetary consequences. They aren't exactly the same thing.

---

Neither is Fst and what.cd

*going to bed, got to be up early tomorrow. :sleep1:

Quote:

---

Originally Posted by Tv Controls you

Quote:

---

Anyway we're discussing torrent sites monitoring trade PMs and you're exaggerating it and comparing it to corporations suing people which has real life legal and monetary consequences. They aren't exactly the same thing.

---

Neither is Fst and what.cd

*going to bed, got to be up early tomorrow. :sleep1:

---

good decision :yup:

Quote:

---

Originally Posted by ca_aok

Oh look, he can copy and paste from backie's blog. To his credit though, he didn't copy the whole article as he usually does.

---

Hombre's an idiot.
Btw that's not necessarily my opinion I only copy/pasted it from somewhere else.

Also the title of the thread is wrong it should be "spying on the members of FilesharingTalk".I'm pretty sure that they aren't interested in spying on FST.

Seriously though if I was that concerned about my privacy I wouldn't be on the internet let alone dubious places like these.

another thought of dual standarts... from what i know, traders hunters are getting banned here for their activities like transparent pixels or smth.. and then other sites are hunting traders here with this css trick. and staff from those sites have accounts here. :)

Quote:

---

Originally Posted by ca_aok

I have no problem with it personally, as I'm not receiving trade PMs or downloading cheat clients so it's completely irrelevant to me.

---

"if you have nothing to feel guilty about, then what's the problem?"
that's what uk government said about the millions cctv cameras they installed all over the country.

you just can't violate people's privacy under the pretence that traders are a nuisance to your site - it's a matter of principles.

Quote:

---

Originally Posted by Hombre

This is one of the latest tricks

---

I don't know whether you wrote this yourself or just copy & pasted it, but they started using this attack over a year ago.

Quote:

---

Originally Posted by Tv Controls you

Not necessarily, what if my facebook or myspace or online banking seeps through the css leak?

---

Currently, it works in a hit-or-miss fashion. They can't read the whole history, only check if specific links have been visited - so they'd have to know the URL to your Facebook/MySpace profile first, and then it'd be pointless to "find" it this way.

Quote:

---

Originally Posted by cinephilia

"if you have nothing to feel guilty about, then what's the problem?"
that's what uk government said about the millions cctv cameras they installed all over the country.

you just can't violate people's privacy under the pretence that traders are a nuisance to your site - it's a matter of principles.

---

I never saw what the big fuss was about that ordeal. Are they installing the cameras in your home? No, they aren't. Public streets are their property, it's their call what to do with them. I don't see people complain about CCTV cameras in say, banks. Well, perhaps bank robbers might have other ideas about those...

Quote:

---

Originally Posted by TvControlsYou

Not necessarily, what if my facebook or myspace or online banking seeps through the css leak? I prize that information more than my ip address and my email address (which not to mention is untraceable and is disposable)
It's not like a virus that steals your username and password, but still the fact that they could look at my personal information on myspace/facebook or any personal site is not ok with me.

---

No they can't. They can only see that you visited a specific page. They can't even prove the page you visit is your own profile. And if you have your privacy set, they won't even be able to reach that page themselves. And what exactly about online banking is going to leak? You visited their login.php page? Most links past that have hashed URLs that would be impossible to predict without serious prior knowledge, and even then what? You visited the "view stock options" page? You visited the page to make a transfer? None of the information would be particularly useful.

This isn't some magical thing that lets you see a snapshot of whatever they're viewing. It simply demonstrates whether you've visited a site, which on its own isn't proof of anything.

Quote:

---

Originally Posted by ca_aok

Quote:

---

Originally Posted by cinephilia

"if you have nothing to feel guilty about, then what's the problem?"
that's what uk government said about the millions cctv cameras they installed all over the country.

you just can't violate people's privacy under the pretence that traders are a nuisance to your site - it's a matter of principles.

---

I never saw what the big fuss was about that ordeal. Are they installing the cameras in your home? No, they aren't. Public streets are their property, it's their call what to do with them. I don't see people complain about CCTV cameras in say, banks. Well, perhaps bank robbers might have other ideas about those...

---

Example, theres 8 or so camera's in my building alone, basically watching everyone's front door and I don't think I've ever seen the cops dealing with any crime in the row of flats I live in. Kinda pointless cameras. In the likes of the Shetland Islands there are more cameras than in the whole of San Fransico with 5.6 cameras per 1000 people. (Source wired uk 05.10) when an area that has one of the lowest crime stats in the Uk has more camera's than San Fransico something is seriously up. It's not like they catch many criminals in the act.

Quote:

---

This isn't some magical thing that lets you see a snapshot of whatever they're viewing. It simply demonstrates whether you've visited a site, which on its own isn't proof of anything.

---

I understand the exploit completley.

Here is what they are basically exploiting.
http://blog.mozilla.com/security/fil...dunvisited.png

which is why this is helpful at deterring such invasions of privacy on firefox.

Quote:

---

a:visited{
background: none !important;
background-image: none !important;
list-style-image: none !important;
}

---

We are stopping the link from being detected as visited or even looking like a link as we now made it have no background, list-style, or background image.
Their is no change in appearance which passes right by the css exploit.

All links look like this (before and after clicking) using the css style sheet above:
website

...So really stop trying to discredit me by acting as if I don't know the limitations of the css leak.
If I click a link to a myspace or facebook the link can be viewed by the website that is abusing the css leak, that is of course if myspace.com and facebook.com are in the list of sites being used by the attacker.
The will know I have a facebook, myspace, and I use the Bank of america for my banking.

You stay in Jerviston so that's to be expected:P

Quote:

---

Originally Posted by backie

Example, theres 8 or so camera's in my building alone,

---

he dont care if u put cctv on his toilet :yup: