The attached Email message was sent to Scott Adams of Dilbert fame asking about the Comet Cursor which is used on the Dilbert Web site (http://www.dilbert.com). The message was done in a tongue-in-cheek style, but describes an interesting tracking system built into the Comet Cursor browser plugin.
Since my original enquiry about the Comet Cursor, its maker, Comet System has now published a privacy policy describing how their software operates:
http://www.cometsystems.com/contact/privacy.shtml
From: Richard M. Smith [mailto:smiths@tiac.net]
Sent: Friday, November 26, 1999 3:54 PM
To: scottadams@aol.com
Subject: Why is Dilbert spying on me?
Hi Scott,
Why is Dilbert spying on me over at the Dilbert Web site
(http://www.dilbert.com)? It seems that every time I
visit the Web site, my computer is reporting back
to a Web server at "host1.net". This is all very strange.
Here is what I know about this monitoring system so far.
Earlier this week, I installed an add-on to Internet
Explorer called the Comet Cursor. The add-on comes from
a company called Comet Systems (http://www.cometsystems.com).
The add-on, which is distributed as an ActiveX control,
changes the Windows cursor to interesting pictures depending
on what Web site I'm at. For example, at http://www.dilbert.com,
I get a head shot of Dilbert. Over at the Hitchcock
site, the cursor turns into a knife (Ha, ha). The folks at
Comet System believe that Web surfers are more likely to click
on a banner ad if they see a cute cursor instead of the boring
old Windows arrow cursor.
However, the real interesting stuff is happening under the covers. This
add-on is quietly sending back to Comet Systems information about
what sites that I'm visiting that have the Comet Cursor enabled.
The clever programmers at Comet Systems are using an HTTP POST
command to send this information right through my firewall. For example,
here is what the POST command looks like from www.dilbert.com:
POST /bin/a/p_l_i2 HTTP/1.1
Content-type: application/x-comet-log
Comet-key: 2834ae3baba25bae2ab2b648492e221f
Comet-url: http://www.dilbert.com/
User-Agent: Comet Cursor
Host: host1.net
Content-Length: 325
@id_c,@id_client,@id_v,@id_cust,@u_page,@e_fl,@l_fl,@up_p,@up_v,
@id_entry,@u_cc
52364320,be34724ad-a283-11d3-a67f002078900337,"1,5,0,182",177,
http://www.dilbert.com/,0,1,0,"",-39609727243380943645173,
http://umweb1.unitedmedia.com/cometcursor/cursors/dilbert.cur|
http://umweb1.unitedmedia.com/cometcursor/cursors/dilberth.cur
I got this POST information by using a packet sniffer to observe what data
is being sent in and out of my computer. The POST happens after the
Dilbert home page is completely downloaded by Internet Explorer.
You'll notice that the POST is going to host1.net, a Comet Systems
Web server. Information in the POST includes the URL for the Dilbert
Web site and my customer number at Comet Systems
("be34724ad-a283-11d3-a67f002078900337"). The customer number is a
GUID generated by my computer and contains the MAC address
("002078900337") from my Ethernet adapter. Wow!
Some other Web sites that I found that are using the Comet Cursor include:
AT&T -- http://www.worldnetnow.com/
Hitchcock -- http://www.hitchcock100.com/mainsite.html
Doonesbury -- http://www.doonesbury.com/ieindex.html
Garfield -- http://www.garfield.com/
The Garfield Web site is particularly interesting. It practically
forces people to install the Comet Cursor ActiveX control. Every time
you visit the site in Internet Explorer, it keeps asking you if
want the Comet Cursor add-on. It looks like the only way to get it to stop
asking is to give in and answer "Yes".
I was wondering if you could talk with someone at United Media, the
folks who run the Dilbert Web site, to see if they were aware of
how Comet Systems is monitoring the site? I'm also curious to know
what Comet is doing with all of the information that they are
gathering. I couldn't find any mention of this monitoring system
at their Web site.
TIA,
Richard