Spyware/Tracking Bugs on Runescape

Runescape installs spyware/tracking bugs when you play - does anyone know how to block this.

I discovered that every time you play Runescape there are 1 to 3 tracking bugs installed on our computer. I contacted Jagex about this and the reply I got was basically that I should trust them - they will never sell or release the data gathered to a third party and that they use the spyware as part of their effort to crack down on BOTS and gold farmers.... I told them that I was offended by their lack of respect for my privacy. While I support their efforts to crack down on the illegal Runescape players I feel like it is bad enough that my own government is trying to spy on us much less the developers of what is otherwise a really cool game.... sigh

Any thoughts on this from anybody?

I canceled my membership in protest - but I really don't think they care lol

In the past I played and jus made it a regular part of the play period to run ad-aware after I was done to clean out the spyware - such a hassle and a drag....

What browser are you using?

If your using IE try using Firefox and locking it down using NoScript and ad blocker (according to the RS rules you shouldn't block any adds on the site...).

I've not had more then 5 pieces of ad/spyware on my pc since changing to FireFox. Note I scan once a week.

Thanks man - good idea - I have been using the Windows game client that Jagex offers on their downloads page. I use Firefox for web browsing so I'll give the game a try using Firefox instead (I love adblock)

Those 'tracking bugs' are nothing more than cookies set by the website and are harmless. Getting bent out of shape and canceling your $5 membership is a waste of time when there's companies that do far, FAR more tracking than just a couple simple cookies for bettering the game.

Have you blocked cookies from Google, DoubleClick, BurstNet and just about every other modern website out there? :? If not, you complaining about Jagex using cookies to track a bit of data is worthless.

Cruiser is right, they are only cookies, without cookies sites like this forum wouldn't work.

You're being wayyy too paranoid.

I just use Spybot - S&D to remove cookies..

And I set Firefox to ask me every time a site tries to set a cookie, so I can specifically block any tracking cookies.

hey if it doesn't bother you to have someone watching over yer shoulder and recording every website that you go to and then storing that info on someone else's server.... well then cool.

I personally don't like it and it doesn't have anything to do with banner ads or the ability of Jagex to make money off of me. It has to do with the lack of respect for my personal life and their lack of trust in me choosing to play the game honestly - If you don't trust me and you don't respect me - why should I give you my money?

Besides the whole thing is stupid - if I were really cheating - odds are I'd debug every time I did it and Jagex would still know nothing about me. So if it is so fallible why bother with offending some of us - why invest money and time in something that is offensive when the money could be better spent on improving the game or heck going out to dinner more often lol.

I think Runescape is a great game and I will probably play it again without using the buggy Windows client.

I think Jagex could represent themselves better if they either dropped the bugs or were right up front about the fact that they place tracking cookies on you when you play. As it is now I think they are being deceptive and disrespectful.

hey if it doesn't bother you to have someone watching over yer shoulder and recording every website that you go to and then storing that info on someone else's server.... well then cool.

They aren't watching over your shoulder. It's a static piece of data that is only accessible by runescape.com and is only used to enhance usability. The site can just as easily serve you ads and store other data about you without the cookie.

You're severely paranoid if you think a simple web cookie is 'looking over your shoulder' when certain sites out there use javascript and other methods to collect your mouse movements and much more personally identifiable data than a simple static data element.

I personally don't like it and it doesn't have anything to do with banner ads or the ability of Jagex to make money off of me. It has to do with the lack of respect for my personal life and their lack of trust in me choosing to play the game honestly - If you don't trust me and you don't respect me - why should I give you my money?

You need to get yourself off the internet then because any website worth the bandwidth it's using will be using cookies in some form or another to store data related to a user account or session ID related to you. Have fun breaking functionality with your cookie paranoia.

Besides the whole thing is stupid - if I were really cheating - odds are I'd debug every time I did it and Jagex would still know nothing about me. So if it is so fallible why bother with offending some of us - why invest money and time in something that is offensive when the money could be better spent on improving the game or heck going out to dinner more often lol.

Cookies are offensive? Do you even know wth you're talking about?

Web cookies have NOTHING to do with preventing cheating. Their anti-cheating systems collect data ingame via the game servers while you're logged in and playing, not via cookies stored in your browser. Once again, it's a static data element, not spyware...

You need to go look up the definition of a web cookie and research how they actually work before you continue to spew this junk. You also need to log yourself out of Tip.It and nuke your hard drive because these forums use the EXACT same methods to track your user account and various settings. Hell the Windows install you're most likely replying to this on knows more about you than Jagex ever will. You paranoid Microsoft is 'looking over your shoulder' too?

Get a grip. Please.

Okay we need to clear things up, I will try and explain in simple terms how a web server works and the relationship between it and your web browser.

The web server itself is running what is called a service that is constantly listening on a TCP/IP port for web page requests, this port is usually port 80. When it receives a request it sends the relevant page. So when you go to a website, your browser has sent a page request on port 80 to the server, the server then sends the requested page to your browser, quite simple really and then the server totally forgets about you. But that doesn't make sense does it? how can it forget about you when sites like this forum clearly prove that it remembers you.

I'm trying not to go into depth here but the server has a mechanism for carrying variables from one page request to another, it's called sessions. When you log onto a site such as this forum, the server sends you a cookie with a unique identifier, your browser remembers this and from then on it sends that cookie with all subsequent page requests to the server. The server has variables associated with your session, and picks them up each time you request a page.

Without cookies you would not be able to use this forum, and the same goes for any other website such as ebay, amazon, online banking etc.... Cookies are a way to keep things secure as the only other way to move variables from page to page would be to use forms or include them in the URL, and that would be terribly insecure.

By the way, cookies can only be accessed by the server that generated them, so if you visit another website, that site cannot pick up a cookie from this forum for instance. People think "Tracking Cookies" allow different websites to track your movement through the web, this is not possible. Tracking cookies will be used to log things such as how often you visit somebodies site, and only that site will be able to access that data as it is their own cookie, and theirs alone.

Do you ever click the "Remember me" option at the password screen on a website, i.e. to auto log you in each time you visit? Cookies are used for this too, the cookie will store your password and user ID on your PC, nobody else's, only yours. And the next time you visit that site, the cookie is referenced and you get logged in automatically. Like I said before, nobody else can access this cookie, only that website. And that is no more of a threat than you sending the userID and password via a log in form.

He makes it sound like these are traking cookies to see if we go to any gold farming sites. If thats true, then im glad i've never gone to one out of curiosity. I can see why they would do this, and sincce I dont mind all teh other cookies I guess this one dosent bother me either.

Clare, I think you have sessions and cookies confused. From my understanding, session data is stored in a temporary folder of the server, and then deleted when the session is closed, reset, or destroyed. Basically, when you 'log out', or when you close your browser page. Cookies are like session variables, but are stored on your machine with a set expiry date.

But that's how I've always seen it, and I've never used cookies for more than things like "Remember Me" on login pages, or on polls to see if you already voted. (Because of overly overly pranoird people/spware programs like the OP) And in most cases, I just use an if(isset($_COOKIE..., and then set my session variables off of the cookie.

Oh, and, randox, as clare said, that's not possible. Cookies are relative to your domain.

I run PeerGuardian 2 on my system. It catches Jagex every time I connect to the update server.

Clare, I think you have sessions and cookies confused. From my understanding, session data is stored in a temporary folder of the server, and then deleted when the session is closed, reset, or destroyed. Basically, when you 'log out', or when you close your browser page. Cookies are like session variables, but are stored on your machine with a set expiry date.

 

But that's how I've always seen it, and I've never used cookies for more than things like "Remember Me" on login pages, or on polls to see if you already voted. (Because of overly overly pranoird people/spware programs like the OP) And in most cases, I just use an if(isset($_COOKIE..., and then set my session variables off of the cookie.

 

 

 

Oh, and, randox, as clare said, that's not possible. Cookies are relative to your domain.

Actually I don't have it mucked up at all. The session is stored on the server you got that right, but the browser places is a cookie on your pc linked the the server session. This cookie is what is sent to the server during every page of that session, this is how the server knows you're still using that session and what session variables to pick up. I could have gone into this in depth but I was trying to simplify it all.

I kinda know this stuff as I run my own server and am quite adept at coding, especially PHP, PHP is my fave web scripting language. If you need any proof about the relationship between sessions and cookies, turn cookies off and see if you can use sessions, nope ya can't!

Have a fun weekend all!

You know it's really not paranoia to acknowledge that tracking cookies are an invasion of our privacy. Just because there are so many entities out there that are tracking our purchases, habits, web activity, etc. doesn't mean that we should roll over and acquiesce to them. When I corresponded with Jagex they admitted that they used the tracking cookie in relation to rule breakers only - but good intention is not enough when it comes to our civil liberties.

If you think this is a trivial matter you have only to look at the current US Government's activities and their unwarranted surveillance of the US population (and since most of the Worlds internet traffic is routed through the US this applies to everybody). So at what point do you want to draw the line and start living and working towards a world based on respect and trust? Why not start small and start here....

I think it is reasonable and fair to expect that we should be able to play the game honestly and with honor. By not being up front about the use of tracking cookies Jagex is not being honest. By their presumption of the need to spy on us they bring dishonor to the game.

well we should respect them but them adding stuff to our comps is not cool considering i hate autoes and would kill 1 if i found 1 (in a pvp area that is)

Are you really that bothered if a website keeps a record of how many times you have visited their site?

If so then your paranoia should extend to much more than that. Every time you log into Runescape a record is made of that. Everything you type in Runescape goes into a database before it is displayed on screen. How long the records are kept for I'm not sure, but I bet your bottom dollar it's quite a while.

More than that though, everything you do is tracked by something or another. Every website you request has been tracked by at least 3 servers because they routed your IP packets, all that is logged.

And it's no good in saying "That is an outrage" because it's how the Internet works, the net is really based on trust that your packet will get to it's destination via some route around the world, and you trust the reply to get back to you. Hopping from server to server that automatically send it via the shortest route they possibly can, and all in milliseconds! To be honest I am amazed the internet works as good as it does!

He makes it sound like these are traking cookies to see if we go to any gold farming sites. If thats true, then im glad i've never gone to one out of curiosity. I can see why they would do this, and sincce I dont mind all teh other cookies I guess this one dosent bother me either.

Jagex can't track whether you've visit any kind of shady websites based on web cookies. They're tied to the domain name that set them and Jagex can only retrieve cookies that they set, not cookies set by other website. Any flaw that does let you retrieve cookies your site didn't set is a major security hole and gets put rather high on the fix it list.

--------------------------

As for zzarr:

Sadly, this whole thing is being blown way out of proportion because you obviously have no clue what web cookies are actually used for, even after the explanations. Runescape.com sets a whole 3 cookies when you visit it. RSORGIN, which records where you came to the game from. In my case, runescape.com. Standard web metric. #2 is RSCOUNTRY. Set to 0 in my case, since I'm in the US. Again, standard web metric you can look up using any GeoIP utility. #3 is serverlist_order, which simply stores what order you keep the server list sorted in so you don't have to reset it each time you load the page. Which of these 3 again is a privacy violation? Are you complaining about the advertising cookies that Jagex doesn't control? Are you complaining about the single hash DoubleClick sets (that Jagex doesn't control!) when an ad loads that for all you know simple makes sure you don't see the same ad again?

Do you go complaining to the grocery store management for their use of security cameras that track you through the store and eye tracking cameras for product placement? Have you disabled javascript on every browser you use to do away with Google's (and other search engines) mouse movement and click tracking? Have you had yourself removed from the major credit reporting systems to prevent tracking of your payment history?

Unless you can answer that you already do the above and do something about anything else that goes about tracking you in such small ways as a web cookie, you need to rethink what you're fighting for. There will ALWAYS be something trying to track you and there are much more important elements to worry about taking care of.

If you think this is a trivial matter you have only to look at the current US Government's activities and their unwarranted surveillance of the US population (and since most of the Worlds internet traffic is routed through the US this applies to everybody). So at what point do you want to draw the line and start living and working towards a world based on respect and trust? Why not start small and start here....

Which has nothing to do with your complaining about a web cookies set by a British company. Deleting a web cookie from any website does zero to stop the US government from tracking what you're doing. You must have missed all those stories about the NSA working with AT&T and other major ISPs to track activity at the backbone level. They couldn't care less that you deleted that cookie, they can log it before you ever know it's being set.

Your good intentions are focusing on worthless elements that have little to no privacy implications.

Honestly, I would suggest you just don't use the internet anymore. If you're going to be this paranoid and uptight about it who knows what you'd think about the rest of the internet.

And really, dishonor? Its a java based game, and thats it. To think that it wouldn't track something is just crazy talk.

Also the fact that you think they should be honest about everything. Its like telling a robber where every escape route, security camera and details about a bank -- its not smart. Likewise most botters are not terribly intelligent, and any kind of system is better than none.

The largest thing is that currently this does not hurt you at all. Chances are no one is even LOOKING at what you are doing, and instead are only looking for suspicious hits. Face it, you're one in millions and any company just simply doesn't have the time to look through that.

If you really want to go down the "I want to secure my machine" route, I would not be looking at cookies. I would be looking at blocking all active content such as:

Flash (Actionscript)

Java (Which you need for Runescape)

javascript (mainly because of URL redirect or popups)

vbscript (very nasty, if allowed and you are logged on as admin, this can do ANYTHING to your pc, better re-enable that User Account Control on Vista afterall :lol: )

Thanks for all the discussion about this ... For me it comes down to this; when I surf the net and run Ad-Aware - the only site that places multiple critical (according to ad-aware) tracking bugs on my computer is Jagex (using their Windows Client). It is really your choice whether or not you feel this is a problem. For me - I'll probably play the game again using my Firefox browser and I'll still run a spyware removal program on a regular basis.

In general I think we should model our actions on the way we want the world to be. When I play the game I play honestly and I look for ways to better the game for those that are playing when I do. I don't think Jagex really needs to "Spy" on us to make the game better. It really all comes down to living and playing it the way you think the world should be.

Cya :-)

Zzarr out

Thanks for all the discussion about this ... For me it comes down to this; when I surf the net and run Ad-Aware - the only site that places multiple critical (according to ad-aware) tracking bugs on my computer is Jagex (using their Windows Client). It is really your choice whether or not you feel this is a problem. For me - I'll probably play the game again using my Firefox browser and I'll still run a spyware removal program on a regular basis.

 

 

 

In general I think we should model our actions on the way we want the world to be. When I play the game I play honestly and I look for ways to better the game for those that are playing when I do. I don't think Jagex really needs to "Spy" on us to make the game better. It really all comes down to living and playing it the way you think the world should be.

 

 

 

Cya :-)

 

 

 

Zzarr out

Yeah, I can totally tell you value the opinions of those who know wth they are talking about.

I have a solution:

Required tool:

Step one: Look at the back of your computer. Find the blue eternet cable that looks like this:

Step two: Use the wire cutters to snip the aforementioned wire.

Congratulations, you are now completely secure!

(or are you??? :uhh: )

Thanks for all the discussion about this ... For me it comes down to this; when I surf the net and run Ad-Aware - the only site that places multiple critical (according to ad-aware) tracking bugs on my computer is Jagex (using their Windows Client). It is really your choice whether or not you feel this is a problem. For me - I'll probably play the game again using my Firefox browser and I'll still run a spyware removal program on a regular basis.

 

 

 

In general I think we should model our actions on the way we want the world to be. When I play the game I play honestly and I look for ways to better the game for those that are playing when I do. I don't think Jagex really needs to "Spy" on us to make the game better. It really all comes down to living and playing it the way you think the world should be.

 

 

 

Cya :-)

 

 

 

Zzarr out

So in other words you didn't read anything we all wrote, correct?

Thanks for all the discussion about this ... For me it comes down to this; when I surf the net and run Ad-Aware - the only site that places multiple critical (according to ad-aware) tracking bugs on my computer is Jagex (using their Windows Client). It is really your choice whether or not you feel this is a problem. For me - I'll probably play the game again using my Firefox browser and I'll still run a spyware removal program on a regular basis.

 

 

 

In general I think we should model our actions on the way we want the world to be. When I play the game I play honestly and I look for ways to better the game for those that are playing when I do. I don't think Jagex really needs to "Spy" on us to make the game better. It really all comes down to living and playing it the way you think the world should be.

 

 

 

Cya :-)

 

 

 

Zzarr out

I think I am going to ignore this thread from now on. Nadril is correct, you either completely ignored everything we said, or plain and simply didn't understand a word of it.

Have fun chasing ghosts, and cookie monsters.

Clare.

Have fun chasing ghosts, and cookie monsters.

I read that and couldn't help but laugh thinking about this image from Family Guy. :lol:

Adding to Errodoth's instructions. Better cut up and unwire the power running to the machine and drill some holes through the hard drive. The only truly secure computer is one that nobody can access, ever. :mrgreen:

Since this has gone off-topic, excuse me while I do this...

<*Runs Cruiser and Errdoth through a cheese-grater for telling a person to destroy their PC parts*>

...and now pardon me while I exit. (LOL :lol: ... Sorry, can't resist this joke!)

~Mr. Devnull