Hacker News new | ask | show | jobs
by uggedal 5173 days ago
You can get user-based statistics without cookies with:

    (new Image()).src="http://your.tld/track.png?ua=" + encodeURIComponent(navigator.userAgent);
and then parse your logs.

Update: this is just an example, as ars notes the user agent is sent as a HTTP header. But screen resolution etc is not.
3 comments
dhx 5173 days ago
§66 on page 20 of Directive 2009/136/EC at [1] uses the word "information", not "cookies".

  Third parties may wish to store information on the
  equip­ment of a user, or gain access to information
  already stored, for a number of purposes, ranging
  from the legiti­mate (such as certain types of
  cookies) to those involving unwarranted intrusion
  into the private sphere (such as spy­ware or
  viruses). It is therefore of paramount importance
  that users be provided with clear and comprehensive
  infor­mation when engaging in any activity which
  could result in such storage or gaining of access.
The purpose of the directive is to be as broad as possible to cover collection of any type of information without express permission or "strictly necessary and legitimate purpose".

[1] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2...

link
ars 5173 days ago
???

How does this help? The UserAgent is already sent in the headers - what's the point in sending it in a query string?

link
mwexler 5173 days ago
Look, there are tons of data available in the browser, see http://panopticlick.eff.org/ for a good example. But they are non-stable for reasons outside of the user's control. So, if a user wants to kill her cookies every day, cool, they can. They can't randomly change their useragent+screen-resolution on a daily basis with the same ease. In addition, UA changes outside of user's control (a browser update pushed on them, for example) and that breaks tracking they may want.

So, no, these workarounds are not the right answer; we need mechanisms that let users control their data and let them choose to share it. It's up to us as product makers to give them a good reason.

link
jasomill 5172 days ago
Well, having made no special effort, the site claims my User-Agent is as unique as my set of 5,150 installed fonts. To be fair, I suppose WebKit nightly version numbers don't satisfy most definitions of "random".

As for mechanisms, to what end, if nobody bothers to use them? Especially things like "randomize User-Agent string" that'd break a great many "non-evil" sites?

link
mwexler 5169 days ago
Looks like someone made a "randomize user-agent" for Chrome: http://news.ycombinator.com/item?id=3880536
link