Copied from Internet....
Bookies are spying on you...
Online bookmakers are installing software on your computer to spy on you. This is not some melodramatic statement designed to get readers to click through, but rather a statement of unequivocal fact based on my own experience, and that of hundreds of others. The extent of this behaviour is likely to be widespread, and there is a very good chance it includes you.
Here's how I learned about this...
The first thing I knew about it was when listening to an enlightening podcast on the bookmaking industry - which can be heard here. In it, Neil Channing, a pro gambler, made reference to a bit of software called IE Snare, which bookmakers have been using to track user behaviour. At the time - a couple of weeks ago - my ears pricked up, but by the end of that excellent audio it had drifted somewhere into the cobwebbed recesses of my increasingly recall-challenged cranium...
...until today. While writing an innocent piece about Gleneagles' racecourse absences, I went to check on a 'special' price that I recalled Coral's head of racing had mentioned on twitter. Clicking across to that site to see if the horse was indeed still 11/10 not to race again in 2015, the bolt from the blue (branded site) happened.
I use Google Chrome and Windows 10, and this combination of browser and operating system alerted me, upon landing at coral.co.uk, that something had been downloaded to my machine. I was not even logged into their site. Rather, I'd simply landed on its home page as a casual website visitor. Thus, I had no contract with them, and had not agreed to any terms, conditions or privacy policies.
The file was simply called 'download'. Right clicking on it, and navigating to the folder into which it had deposited itself, I saw it was called mpsnare.iesnare.com
A bit of googling revealed some very interesting and, in my opinion, disturbing insights. I'd like to share them with you.
-
What is iesnare?
iesnare is spyware provided by a firm called iovation.com, big players in the world of online fraud management. Here's what the company says about itself:
iovation protects online businesses and their end users against fraud and abuse through a combination of advanced device identification, shared device reputation and real-time risk evaluation.
iovation actively target the online gaming industry and have a stand at the biggest trade show, ICE.
iesnare, when installed on a computer, monitors that machine's behaviour, including:
- pages visited
- your computer's installation data
- information from your registry
- browser and operating system information
and a lot more besides.
Once it is on your machine, it feeds back data - lots of data, about lots of things - to iovation's central hub, and continues to monitor your machine's - and therefore your - activity in real time for the duration of its existence on the device.
=
Why should I be worried about iesnare?
OK, so there's this bit of code running on my (and probably your) machine, and it's gathering information. Why should I (and probably you) be worried?
This 'cookieless fingerprinting' as it's known, is storing your data to a central repository housed at iovation. The data they store can be bought by just about anyone.
The chart below taken from this paper by students at the University of California reveals that the vast majority of those buying such information are doing so for the purposes of malware or spam.
This is how fingerprinting information is used
This is how fingerprinting information is used
So, in a nutshell, if you have this code on your machine, bookmakers can see what you're up to. Whether you're using oddschecker. Whether you're arb'ing. Which other bookmakers you use.
But that's a mere triviality compared to the wider world that can potentially access your data, and use it for nefarious ends.
The research paper concludes,
The purpose of our research was to demonstrate that when considering device identification through fingerprinting, user-privacy is currently on the losing side.
In plain English, this type of software considers a user's privacy to be of secondary/no importance when compared against the interests of the company deploying it.
-
What permission do bookies have to deploy iesnare?
This is where it gets tricky. My first thought was that this must be illegal. After all, I've not given my permission to be pried on in this way, have I?
Well, not explicitly, no. But when I checked the bookmaker's privacy policy, I was alarmed at what I read.
Here are the clauses, click to view full size, that I found most vague:
Redefining 'vague' terms...
Redefining 'vague' terms...
Coral reserve the right to "collect certain data" which will be used "to meet certain business requirements". What in the name of anything specific or palpable does that actually mean?
It seems to me that it is essentially carte blanche for bookmakers to plunder and pillage any information they can beg, steal or borrow about their site visitors.
And it is not just Coral. All four of the bookmakers I checked have a similarly vague 'all encompassing' clause or clauses which, ostensibly at least, gives them a mandate to behave in this fashion.
Obviously, when this code is deployed outside of a login, the strong likelihood is that it is illegal, regardless of the possibility of an existing cookie on my machine triggering that behaviour. But I'm not a lawyer...
-
How can I tell if iesnare is on my machine?
If you want to know if this code is on your device, here's how. It's pretty simple:
Go to the file search function on your computer/device
Type in 'mpsnare' in the search box, and hit 'search'
If iesnare has been used on your machine you'll find one or more of the following folders:
#mpsnare.iesnare.com
#ci-mpsnare.iovation.com
mpsnare.iesnare.com
ci-mpsnare.iovation.com
-
How do I get rid of iesnare?
Getting rid of iesnare may be as simple as deleting the folders you find. However, staying rid of it is a slightly more complicated operation. But, if you value your privacy and still want to bet with the best priced firm, it is worth the effort.
These instructions were originally published here, and I make no claim to be a tech whizz or otherwise able to troubleshoot the implementation of them, or anything awry which might crop up as a consequence of following them. They have worked fine for me, with no adverse consequences so far. Caveat emptor!
[NB The process is not nearly as complicated as it is long, so don't be put off by the block quoted text below]
To check if iesnare is on your computer...You can find it by opening up a command prompt
(start -> all programs->accessories->command prompt) then typing..... dir mp*.com /s
If it's there you will see the date it was installed on your computer!
If it's there and you want to block it this is how...
Click the Start button, click notepad or enter notepad in the bar at the bottom
Right-click on the Notepad item which appears at the top of the list
Choose "Run as administrator"
In "untitled - notepad" go to file and click open, then under "files of type" click all files
Enter "C:\WINDOWS\system32\drivers\etc" in file name and click open
Right click on "hosts" file (make sure it only says hosts, not hosts.bak or hosts.txt), select properties and uncheck read-only box at bottom beside attributes, then click "Apply" then OK.
Now double-click "hosts" again
Add the following lines in the next line below where it says "127.0.0.1 localhost"
Topic Author
