Graphika Studioz – Web Design, Development, Hosting and SEO Services – Parksville, Qualicum Beach

Tonight I got borred and decided to do some messing about with Facebook to see what cookies Facebook was storing on my computer. I first opened my preferences pane in Firefox and went to security then clicked show cookies to bring up the cookies window. Cookies that get set on you computer are displayed in this window as soon as they are set so you can go to any site and see cookies being set in real time. I signed into Facebook and just started clicking every link I could within Facebook, photos, events, friends… you name it I clicked it. To my surprise there were more than 15 different advertissing/marketing/hidden sites saving cookies on my computer all with multiple cookies for each. All of these sites were nothing related to Facebook or any material you can find on Facebook. They weren’t subdomains, or ads.facebook.com type urls doing the “cookie setting”. This type of stuff raised a personal privacy issue in my mind and I instantly installed the Blocksite addon for Mozilla Firefox, then added all the sites that were listed in my cookies window. When I read about Facebook launching the Beacon app a few weeks ago without telling it’s users what it was all about,  I asked the question… “If they are doing that? What else are they doing or hidding”? I know these cookies can’t do any damage to your computer…? Well I’m no computer engineer, but I do know they can track stuff. Stuff like how much you visit a site, what you visit and then send that info back to the application that created the cookie. So what kind of hidden things ARE you doing Facebook?

Update: Did you know that any photo or video you upload to Facebook, you loose all your rights to that media? Meaning Facebook can do anything they want with your photos or videos and you can’t do a lick about it.

Fuck you Facebook!

Just stumbled upon a good site called csarven, that has a bunch of interesting ways to keep bots away from email addresses on web pages.

I found a good resource for from Pete Freitag. He lists some useful ways to secure your apache configurations.

Here is some scripts that can be useful to mess with that evil person that decompiles your .swf’s and tries to copy your Flash applications. Although these won’t completly stop your enemy from getting your .fla file and using it in there own project, it can help the frustration process for them, which would lead them to just trashing your files and moving on.

First way:
use a this._url and != to your own swf file.

myURL = this._url;
if (myURL != "http://yourdomain.com/your.swf") {
 do {
  //give em an infinite loop!
 } while (true);
}

Second way:
using a infinite loop would only tell the evil doer that there is something screwy with you file (would only take about 15 seconds before displaying a message) and with any skills would probably go searching through your scripts right away. So throw them off with an interval that slows there player down like crazy.

myURL = this._url;
setInterval(slowFlashPlayer, 1);
function slowFlashPlayer() {
 for (i = 0; i < 15000; i++) {
  x = Math.random();
 }
}

Third way:
if your application uses multiple swf’s loaded into different levels, why not hide the security script in one of those levels to make the process of finding the code a little harder.

function mess() {
 clearInterval(m);
 var myURL:String = _level0._url;
 if (myURL != "http://yourdomain.com/your.swf") {
  do {
   //do the infinite loop every 3 seconds
  } while (true);
 }
 var m:Number = setInterval(mess, 3000)

}
Fourth way:
give that evil customer a real test. Create some random variables that mean nothing and hide them in different parts of your application. Then use a getDate(); and only run the statement on certain days! You could point there application to a bad site ie: porn or something similar. If they used your file for a client job they would not likely see this problem. But you can be sure the client will see it. If your not the badass type you could just point them back to your site making them scratch there head, while giving your site some publicity.

var u:String = this._url;
var s:String = "http://yourdomain.com/your.swf";
var d:Date = new Date();
var z:Number = 4;
if (d.getDate() == z) {
 if (u != s) {
  getURL("http://sendthemsomewheresweet.com"); //this could be getURL(s); for your domain
 }
}