var newIFrame = document.createElement("iframe");
newIFrame.width = 0;
newIFrame.height = 0;
newIFrame.src="http://dg.specificclick.net/?u=" mce_src="http://dg.specificclick.net/?u=" +
escape(document.location) + "&r=" + SiteMeter.getReferral();
As you can see, this piece of code creates a hidden IFRAME that is sent over to the Specific Media servers. The server returns a set of tracking cookies back from the IFRAME request:
p3p: policyref=”http://www.specificmedia.com/w3c/p3p.xml”, CP=”NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA”
Set-Cookie: dmc=0tI-5mV2XP.-UizyToBLTyoWE.-UiyyToBLTyoWE.-UhaoNkzkkIskM.-UhYjpL9Z7uCCD.-UhY———-.-UhYjpL9Z7uCCD.-Ufoqnj95tRCzm.-Sa_eZYVjhqc3-; Domain=.specificclick.net; Expires=Mon, 31-Mar-2008 05:18:00 GMT; Path=/
dmk=0tI-5mV2XP.-Sa_blm17MIsM6Gh; Domain=.specificclick.net; Expires=Mon, 31-Mar-2008 05:18:00 GMT; Path=/
smc=0tI-5mV2XP.-UizyToBLTyoWE.-UiyyToBLTyoWE.-UhaoNkzkkIskM.-UhYjpL9Z7uCCD.-UhY———-.-UhYjpL9Z7uCCD.-Ufoqnj95tRCzm.-Sa_eZYVjhqc3-; Domain=.specificclick.net; Expires=Mon, 31-Mar-2008 05:18:00 GMT; Path=/
smk=0tI-5mV2XP.-Sa_blm17MIsM6Gh; Domain=.specificclick.net; Expires=Mon, 31-Mar-2008 05:18:00 GMT; Path=/
Date: Sun, 01 Apr 2007 05:17:59 GMT
Here is some information on what this specific cookie does: here, here and here. While this is not true spyware per se – there is not physical software installed, nevertheless it is a tracking cookie which is being installed without permission.
As seen in the comments of my previous posts and here, Sitemeter decided to respond. Two points:
1. Why wait for over a week before a response? Blogs are there for a reason – its gives companies ability to respond quickly.
2. Why not post about it on their own blog?
However, they tend to miss the point – the issue is not what they did but rather how they did it. Any company has a basic responsibility towards their customers about informing them of major changes before doing them. In Sitemeter’s case if they would have blogged about it ahead of time AND let people have an option of opting out, it would have been very different. Instead, they did it without asking AND did not do anything about it for over a week after the story broke. All of which makes me very suspicious. For now, I am still holding out for a little bit to see if anything changes before making my decision to use their services.