In spite of all of these disadvantages, there was no real alternative for me, since Google Analytics is even worse when it comes to data collection, and since I did not have access to the webserver logs. All of this changed a few months ago when zedat, FU’s IT unit made it possible to access the weblogs for the userpage that they host. Since that change, I have now and then experimented with this feature, and with the help of the nice staff at zedat, I was able to set up a working solution using cron jobs and Visitors. Although Visitors is somewhat dated and not as feature-rich as I would like, it is good enough to finally get rid of Sitemeter. (And installing/using it does not require a lot of technical skills.)
Sitemeter’s final count for this site was: 128,247 Visits and 193,571 Page Views.
Posts Tagged ‘privacy’
Eigentlich habe ich mich ja schon auf das Einkaufen im Tiefpreisparadis Berlin gefreut. Aber bei Meldungen wie dieser:
Puha. Endlich habe ich mich durchgerungen, mein E-Mail Konto mit dem Benutzernamen frers bei web.de aufzulösen. Nachdem ich schon seit einigen Monaten nur noch eine Weiterleitung auf mein gmail / googlemail Konto laufen hatte, habe ich nun das Konto ganz gelöscht. Eine Bürde ist von mir genommen. Ungefähr 80% der Spammails, die ich über meine privaten E-Mail Adressen bekomme, gingen an die web.de Adresse. Dazu kommen dann noch die ständigen, nervigen
InformationsWerbe-Mails von web.de – alles in allem: kaum zu ertragen. Das Webinterface ist auch penetrant.
Nun wünsche ich Google viel Vernügen beim indizieren meiner E-Mails… Wer das vermeiden will, kann die E-Mails ja verschlüsseln – entweder mit PGP/GPG (mein Schlüssel ist unten in der Seitenleiste verlinkt) oder mit meinem Thawte E-Mail Zertifikat (findet sich in meinen signierten Mails).
Motivated by an article in the most recent issue of c’t called Absender-Authentifizierung schützt vor Spam I decided to give it a shot and install certificates into Mail.app, the default E-Mail programm for OS X. This was not exactly a trivial issue, but the goal was worth it: being able to digitally sign my e-mail and also use encryption. (I am an avid user of PGP/GPG encryption technology since the late nineties, but I also wanted to check out this alternative, since, sadly, very few people actually use PGP.) First I wanted to use the certificate provided by the German mail provider web.de. Since that did initially not work as intended, I checked an enormously helpful site called macosxhints. There I found quite a few tips that helped me tackle certification, signing, and encrypting issues in Mac OS X. Since I had problems with the web.de certificates I decided to follow the advices on that macosxhints and got myself free personal e-mail certificates from thawte. After a few experiments I finally got the certificates installed: I had to use either Firefox or Mozilla to install the certificates into these browsers and then was able to ex- and import these certificates into the Mac OS X keychain, which is used by Mail, Safari and other Mac OS X native apps. After importing these certificates everything went as expected. For good measure I later installed the root certificates of web.de , the DFN, and several relevant German universities.
Regarding the problems I had with the web.de certificate: I did not install the web.de root certificates when I first tried to use their certificate for signing purposes, which might be the reason why it did not work. Problem is, I was looking for a link to the root certificates in my personal options pages at web.de but did not find anything. They weren’t even mentioned, even though I explicitly looked for them. One more thing regarding web.de: the c’t article gives a link to the web.de TrustCenter, saying that under this link free certificates can be acquired. This is not true anymore. One has to have a web.de account to get a certificate. (The account is free though – but I think the author thought registration for an account wasn’t necessary, otherwise it would probably have been mentioned.)
Fingerprints for all of my keys/certificates can be found at the bottom of the sidebar on this page.
On my way to Darmstadt this Wednesday I had the luck to sit in an ICE2 wagon, which provides power for my PowerBook – usually you only have ‘powerless’ ICE1 wagons going from Berlin via Franfurt to Basel or Zürich. So I had my PowerBook up and running including digital paraphernalia such as my USB bluetooth dongle to connect to my mobile. Well, I was pretty surprised when suddenly a message popped up that a file called “vorsicht.pwi” was sent to my computer via bluetooth! A look into the directory which I have designated to be the receiving directory for bluetooth files revealed that indeed, there was a new file bearing that name. This was the content of the file (there were a lot of non-readable characters in the file too, you can download this and the other file as a zipped archive if you want to check out the exact contents):
Vorsicht, sie wurden gehackt! Sit auch im Zug!! B ” # O
A minute or two later I got another message with the same name. This time the content read:
d d P / =
S S @
F E * ! A * E L +
Vorsicht, sie wurden gehackt! Sitze auch im Zug!! Bitte aufstehen!!! B + $
A ! B ”
Well, I did not stand up, as the ‘hacker’ requested, instead unplugging the bluetooth dongle and then checking my bluetooth settings. So far I had both not changed the default settings which turn on visibility for my bluetooth port and which disable encryption for bluetooth connections. I then used my mobile (a SonyEricsson T68i) to look for other visible bluetooth devices in the train compartment, and subsequently discovered a device with the name “Nokia6610” (not sure if the model number was this or something else). I didn’t do anything related to the Nokia though and later decided to turn on my bluetooth connection again, this time with visibility turned off and encryption turned on. No more detectable hassles for the rest of the trip. Strange nonetheless. I guess this person did at maximum have access to the directory which I have designated as being accessible for bluetooth devices. Seemed to be more a joke to scare people off (and correctly point to the weaknesses of unprotected bluetooth connections). However, Heise has posted an article on bluetooth device security problems on the same day that I was ‘hacked’ – nice coincidence.