You are browsing the archive for Trivia.

It’s understood… that EU dudes… sell GDPRization…

June 28, 2018 in GDPR, Silly, Trivia

I’ve been recently thinking of GDPR, and its influence on the non-EU websites… in particular, I was curious how the legislation affects the user experience for non-EU sites for visitors from EU. We hear about many websites in US simply denying the access e.g. LA Times:

but I was curious how many other web sites really do so…

I came up with a quick & dirty (and pretty simple) idea of checking how the popular web sites respond to the regulation… by visiting them and taking a screenshot.

Of course, manual check would be too labor-intensive, so I automated it.

First, I needed a list of top world web sites so I downloaded the Cisco Umbrella list. I know it’s biased, but don’t know any better source (since the  free Alexa top 1M is long gone, and others – I really don’t know how accurate they are).

I then created a simple script in perl to extract the first 10000 top unique domains from the list (and exclude all subdomains on the way):

use strict;
use warnings;
my %h;
my $cnt=0;
while (<>)
{
  if (/,([^\.]+\.[^\.]+$)/)
  {
    if (!defined($h{$1}))
    {
      print "$1";
      $h{$1}++;
      $cnt++;
      exit if $cnt >= 10000;
    }
  }
}

Next, I wrote a simple phantomjs script to grab a screenshot of these domains (all accessed via http and then rerunning for https for these that didn’t work):

system = require('system')
var page = require('webpage').create();
     page.viewportSize = { width: 1024, height: 768 };
     page.clipRect = { top: 0, left: 0, width: 1024, height: 768 };
address = system.args[1];
output  = system.args[2];
page.open(address, function() {
  page.render(output);
  phantom.exit();
});

And then I ran the phantomjs on domains from this data set… each page visited is saved as a png.

To my surprise, the experiment didn’t work as I anticipated.

Most of web sites visited didn’t really make any comment on GDPR and it was business as usual. Some offer an option to accept new privacy policies. In the end I only came up with a bunch of examples.

Still, it was worth trying…

Lessons learned…

  • Some web sites detect phantom JS as a bot – they will block your IP, or offer a captcha challenge
  • Lots of top domains don’t even host a web site; you can see default IIS, Nginx pages, errors (404, 403s ;))
  • Privacy banners, if they exist, are handled in many different ways – from simple OK, to more advanced settings with a multi-choice questionnaire; I include some example below
  • Many non-English web sites provide information about privacy in their native language; this is an interesting conundrum to solve in general – how a non-speaker can use the web site w/o an ability to understand the Privacy Policies? I provide some examples in French, Italian and Dutch (and of course, English)
  • Way too many advertising and marketing web sites, all united to promise you the best monetization ever; and yes, AI-based advertising is already here 🙂

I am wondering if the methodology I used was incorrect? Perhaps it would be faster to just query google for all the web sites that refer to GDPR? I couldn’t come up with a good google dork though. And searching still brings many of such geo-locked web sites and include them in ‘normal’ results. You only learn about GDPR stuff when you try to visit the actual page. Google cache is still available though in some cases. So… I guess this transitional stage will last for some time. If you have any idea on how to run a research like this better, please let me know.

And finally some screenshots

diynetwork.com

goodrx.com

chicago tribune

Collect and gather

Everquote

Fubo.tv

Gannet

Orlando Sentinel

Pandora (not sure if it is GDPR related though)

Myspace

Ebates

European Union page itself

Atlas Obscura

At Hoc

Cosmopolitan

My recipes

piwikpro

Simpsons World

Le Monde

Meteo IT

NOS

And finally NSFW, all the screenshots related to porn.

Let’s stare at the Screensaver again, shall we?

April 7, 2018 in Trivia

You know you can change your screensaver, right?

You know the screensaver used to be configured inside the system.ini file, the [boot] section, the SCRNSAVE.EXE setting, right?

You know the configuration is now stored under HKCU\Control Panel\Desktop\Scrnsave.exe, right?

So…

Explain this:

vs.

When the system detects 1 minute of non-activity, it launches the… 3d Text Screen Saver:

How come then it shows the Bubbles as a Screen Saver of choice ?

When I discovered it, I thought I will be posting yet another part in the Beyond Good Ol’ Run key series; unfortunately, despite various efforts didn’t succeed to force the system to launch the .exe (or .scr really) of my choice when the screensaver kicks off (and with – as I hypothesized – an added bonus of hiding from Autoruns, which didn’t work either :().

Why then posting it?

Well… it’s good to poke around and explain the unexplained.

The reason for the Bubbles showing up, despite the 3d Text Screen Saver being the actual, “real” screensaver is *cough* simple *cough*.

Turns out there is an undocumented setting in Registry that is being used by the control panel applet responsible for Screensaver setup.

The location and the example setting in my case is as follows:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ScreenSavers
SCRNSAVE.EXE=c:\test\Bubbles.scr

It fools the applet which reads the data from this registry and assumes this is an active ScreenSaver, but this value doesn’t seem to be taken into account when the actual screensaver is launched, so we have two settings – one bogus (perhaps a feature that was not fully implemented?), and the real one, that can be at least partially masked by the bogus one (unless you use Autoruns).

Interestingly, changing the screensaver via the Screen Saver Settings panel will result in the actual screensaver being changed, yet the setting seen during the next visit to the panel will remain as set inside the HKLM\…\ScreenSavers key. A side effect of the precedence in which the applet reads the settings (HKLM key first, then the HKCU) vs. the settings that it actually uses to launch the screensaver of choice (based on the HKCU\Control Panel\Desktop\Scrnsave.exe settings and ignoring the HKLM key).