Tuesday, July 17, 2012

KISSMetrics Wants To Surveil You:
Illegal Alien Invasion Of Your Computer

[Updated 2012-07-20. I was able to trace the source of my KISSmetrics permanent cookie infection to the application 'Boom' from Global Delight in India. This discovery was made via both Little Snitch and the fact that Boom would not work properly if the KISSMetrics.identity file was edited and locked.

I wrote Global Delight to ask about the purpose of the KISSMetrics permanent cookie. In response, Global Delight has provided a new build of Boom v1.4 that has had KISSmetrics technology removed. This new build is now the standard downloadable version at their website HERE. (Click on the 'Try Boom' button to begin downloading). Future versions of Boom will no longer use KISSMetrics technology. Thank you Global Delight!

In order to upgrade to the KISSmetrics-free version of Boom, you must first uninstall the current version via its Preferences window. After the uninstall, install the new build of version 1.4 or later. After the update installation, be sure to DELETE the KISSmetrics.indentity file that has infected your user account Library folder as it was NOT removed by the uninstallation process.

The uninstall and update install process kept my registration number intact. If yours is somehow deleted, simply re-register the software using your registration number.]

As we discovered in my previous personal privacy article, Marketing-Moron infested companies (those that don't respect their customers) insist upon ignoring 'Do Not Track' requests from Internet users in order to surveil them and make money from the resulting data they collect. Therefore, user tactics are required to thwart their abusive schemes. This involves blocking Tracking Cookies of various kinds as well as databases they load into your browsers. But what if there was already a scheme to thwart the limitations of these methods of user surveillance? What if a company went rogue and snuck a secret permanent cookie equivalent onto your computer?
There is a company that competes with Google Analytics called KISSMetrics. In 2011 there was a class action lawsuit against KISSMetrics (and others) for installing 'permanent cookies' onto Internet user's computers. They supposedly relented and stopped that practice. Oops, no they didn't! I found one on my computer dated today. So here is how to remove the KISSMetrics permanent cookie ourselves!

DO THIS RIGHT NOW (and get revenge):

A) Open the Library folder inside your user account.
(This step is required because Apple hobbled Spotlight such that it won't search inside your Library folders unless you actually go there first or use other trickery)

The easiest method for getting there on recent versions of Mac OS X (which hide your user account Library folder by default) is to:
  1. Open a Finder window.
  2. Hold down the Option key while going to the 'Go' menu and select 'Library'. You're there.
B) Hit Command-F to make Spotlight find stuff in the Library folder.

C) Type into the Find box "KISSMetrics".

I am betting that you are going to at least find a file called 'KISSMetrics.identity' at the root level of the user Library folder. If so, you've been invaded! And KISSMetrics never asked for your permission! Aren't they swell people? Does this remind you of how computers are infected with spyware? Of course it does! It's not supposed to happen! The Internet is supposed to be safe. But it's not.

Before you trash that nasty 'KISSMetrics.identity' file you probably found, here's a really fun trick you can play on KISSMetrics! (Shhh! Don't tell them!) They'll laugh and laugh...

[IMPORTANT: Editing and locking the KISSMetrics.identity file may cause certain applications, such as Boom from Global Delight, to no longer work properly. If this is the case, unlock the file then contact the maker of that application and ask them to please remove KISSMetrics technology from their application. In the case of Global Delight, they were swiftly responsive in providing a KISSMetrics-free updated version of their application.]

D) Open the KISSMetrics.identity file with TextEdit. You'll notice that the file contains some gibberish cookie code meaningful to KISSMetrics.

E) Highlight all that code and delete it.

F) Now type in a very special message you'd like to send KISSMetrics to thank them for invading your computer without your permission. I would suggest some 4 letter epithets, choice comments about their mother, or instructions regarding the anatomical placement of their surveillance data. ASCII pictures of suggestive behavior are also a nice idea. Keep in mind that this data will be sent straight to KISSMetrics on your behalf the next time they attempt to surveil you on the Internet. Be creative!

G) Save the KISSMetrics.identity file in TextEdit.

H) Do a 'Get Info' on the KISSMetrics.identity file.

I) In the Get Info box, look under the 'General' heading and check the box marked "Locked".

J) Close the Get Info box and you're done! Think of all the giggles they'll get over at the KISSMetrics offices. :-D


In my case, I found the installation of the KISSMetrics permanent cookie to have been installed by the Boom application by Global Delight whenever the application was booted. Infections of this kind can also use a variety of methods for overcoming basic computer security via a drive-by infection. The 2011 lawsuit against KISSMetrics accused them of using HTTP ETags for this purpose. Alternatively, this can be done with malicious 'JavaScript', or via a security hole riddled version of Java, or a nasty Trojan horse application you installed, or some application you use on the Internet may have been coerced to sneak it onto your computer. It can be difficult to know exactly how.


Behavior such as that of KISSMetrics indicates that marketing-moron infected companies are becoming just as devious and deceitful as politicians and our Corporate Oligarchy. The key word is 'disrespect'. Therefore, I fully expect these scum to take advantage of any means available to track our behavior and take away our right to personal privacy.

There is no reason to expect they will be as obvious with their trickery in the future. For all we know, the future version of the KISSMetrics cookie will be called "Finder" or "824t980havs", any name at all buried on our computer. I think of it as a fight between us and disrespectful people out there on the Internet. There is no question from my point of view that this behavior, when performed without your permission, is entirely illegal and unconstitutional in the USA. With luck and sanity, governments will respond and kill off this disrespectful behavior. Well of course, only if the governments aren't themselves intent upon illegally surveilling us! In the meantime, anti-tracking tools are going to have to keep up with the convolutions and coils of marketing-moron behavior in order to maintain our right to personal privacy.

Should we just give up? No way! There are organizations such as EFF.org (Electronic Frontier Foundation) that keep track of the nefarious trackers and help us fight for our right to personal privacy. We have a wide variety of anti-malware and Internet browsing tools to help keep this CRAP off our computers. With time this issue is only going to come more to the fore, causing the SurveillanceRats to scurry away into ever darker corners in order to avoid the light of reason, sanity and justice. This is a fight we can and shall win. I'll do my best to track the trackers here, as will many others across the Internet.

We shall never surrender!

Q: What do you call a marketing professional who holds respect for the customer foremost in their mind during their endeavors?

A: A Marketing-Maven. When you come across a marketing-maven, treat them as gold. Without them, all our business decays to mere biznizz.


No comments:

Post a Comment