Javascript 为什么 Google +1 会记录我的鼠标移动?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6667544/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why does Google +1 record my mouse movements?
提问by Tom Gullen
This is only on pages with a Google +1 box on my website:
这仅适用于我网站上带有 Google +1 框的页面:
It seems to be firing off an event on every mouse move. Anyone know what it is doing? I searched on Google (perhaps I should try Bing for once on this one!) but no one seems to have written about it. Is it recording information about my visitors browsing habits? Is it some sort of CAPTCHA to detect human like behviour?
它似乎在每次鼠标移动时触发一个事件。有谁知道它在做什么?我在谷歌上搜索过(也许我应该在这个上尝试一次 Bing!)但似乎没有人写过它。它是否记录了有关我的访问者浏览习惯的信息?是某种验证码来检测人类的行为吗?
Example URL, press F12 in chrome, go to timeline and press record, then move your mouse around this page (it plus ones this question, don't worry):
示例 URL,在 chrome 中按 F12,转到时间线并按记录,然后在此页面上移动鼠标(它加上这个问题,别担心):
For what it's worth (I can see this is going to be a popular question), I don't think there is anything sinister behind it, it might even be a useless artifact/bug, but if it is doing some sort of tracking, well, it seems a little deceptive to me.
对于它的价值(我可以看到这将是一个受欢迎的问题),我认为它背后没有任何险恶的东西,它甚至可能是一个无用的工件/错误,但如果它正在进行某种跟踪,好吧,这对我来说似乎有点欺骗性。
Google +1 privacy policy
Google +1 隐私政策
http://www.google.com/intl/en/privacy/plusone/
http://www.google.com/intl/en/privacy/plusone/
Google +1 Button Privacy Policy
June 28, 2011
The Google Privacy Policy describes how we treat personal information when you use Google's products and services, including information provided when you use the Google +1 button. In addition, the following describes our additional privacy practices specific to your use of the +1 button.
Information we collect and how it is shared
The Google +1 button is a way for you to share information publicly with the world. The Google +1 button helps you and others receive personalized content from Google and our partners. The fact that you +1'd something will be recorded by Google, along with information about the page you were viewing when you clicked on the +1 button. Your +1's may appear to others as an annotation with your profile name and photo in Google services (such as in search results or on your Google Profile) or elsewhere on websites and ads on the Internet.
We will record information about your +1 activity in order to provide you and other users with a better experience on Google services.
In order to use the Google +1 button, you need to have a public Google Profile visible to the world, which at a minimum includes the name you chose for the profile. That name will be used across Google services and in some cases it may replace another name you've used when sharing content under your Google Account. We may display your Google Profile identity to people who have your email address or other identifying information.
Use of the collected information
In addition to the above-described uses, the information you provide to us is used subject to our main Google Privacy Policy.
We may share aggregate statistics related to users' +1 activity with the public, our users, and partners, such as publishers, advertisers, or connected sites. For example, we may tell a publisher that “10% of the people who +1'd this page are in Tacoma, Washington.”
Your choices
You may view the list of items you have +1'd on the +1 tab on your Profile. You can remove individual items from that list.
You may opt out of seeing +1 recommendations on third-party websites (including on ads on third-party sites) from people you know.
We will store data (such as your recent +1's) locally in your browser. You may be able to access and clear this information in your browser settings.
More information
Google adheres to the U.S. Safe Harbor privacy principles. For more information about the Safe Harbor framework or our registration, see the Department of Commerce's website.
Google +1 按钮隐私政策
2011 年 6 月 28 日
Google 隐私政策描述了我们在您使用 Google 的产品和服务时如何处理个人信息,包括您在使用 Google +1 按钮时提供的信息。此外,以下内容还介绍了我们针对您使用 +1 按钮的其他隐私惯例。
我们收集的信息及其共享方式
Google +1 按钮是您与全世界公开共享信息的一种方式。Google +1 按钮可帮助您和其他人从 Google 和我们的合作伙伴接收个性化内容。Google 会记录您对某些内容 +1 的事实,以及有关您点击 +1 按钮时正在查看的页面的信息。您的 +1 可能会在 Google 服务(例如在搜索结果或您的 Google 个人资料中)或网站和互联网上的广告中的其他地方显示为带有您个人资料名称和照片的注释。
我们将记录有关您的 +1 活动的信息,以便为您和其他用户提供更好的 Google 服务体验。
为了使用 Google +1 按钮,您需要有一个公开的 Google 个人资料,全世界都可以看到,其中至少包含您为个人资料选择的名称。该名称将在所有 Google 服务中使用,在某些情况下,它可能会替换您在 Google 帐户下共享内容时使用的另一个名称。我们可能会向知道您的电子邮件地址或其他身份信息的人显示您的 Google 个人资料身份。
收集到的信息的使用
除上述用途外,您提供给我们的信息的使用受我们主要的 Google 隐私政策的约束。
我们可能会与公众、我们的用户和合作伙伴(例如发布商、广告商或关联网站)共享与用户 +1 活动相关的汇总统计数据。例如,我们可能会告诉发布商“对该页面 +1 的人中有 10% 位于华盛顿州塔科马。”
您的选择
您可以在个人资料的 +1 选项卡上查看已 +1 的项目列表。您可以从该列表中删除单个项目。
您可以选择不看到您认识的人在第三方网站(包括第三方网站上的广告)上的 +1 推荐。
我们将在您的浏览器中本地存储数据(例如您最近的 +1)。您可以在浏览器设置中访问和清除此信息。
更多信息
Google 遵守美国安全港隐私原则。有关安全港框架或我们的注册的更多信息,请参阅商务部网站。
采纳答案by Anomie
It appears to be seeding a random number generator with your mouse movements.
它似乎是通过您的鼠标移动来播种一个随机数生成器。
The mouse move handler itself does something along the lines of the following:
鼠标移动处理程序本身按照以下方式执行某些操作:
var b = ((event.X << 16) + event.Y) * (new Date().getTime() % 1000000);
c = c * b % d;
if (previousMouseMoveHandler) previousMouseMoveHandler.call(arguments);
dis (screen.width * screen.width + screen.height) * 1000000, and cis a variable that starts out as 1.
dis (screen.width * screen.width + screen.height) * 1000000,并且c是一个从 1 开始的变量。
All of this is wrapped in the scope of an anonymous function, which itself is immediately evaluated to return a function that is assigned to a property named "random". That returned function looks something like this:
所有这些都包含在匿名函数的范围内,该函数本身立即被评估以返回一个分配给名为“random”的属性的函数。返回的函数看起来像这样:
var b = c;
b += parseInt(hash.substr(0,20), 16);
hash = MD5(hash);
return b / (d + Math.pow(16, 20));
hash, BTW, is a variable that starts out as the MD5 hash of the page's cookies, location, the new Date().getTime(), and Math.random().
hash顺便说一句,是一个变量,它以页面 cookie、位置new Date().getTime()、 和的 MD5 哈希值开头Math.random()。
(Note, of course, that Google may change the script returned at any time and hence invalidate this analysis)
(当然,请注意,Google 可能会随时更改返回的脚本,从而使此分析无效)
回答by Paul Lindner
The actual code that is being executed is derived from the Shindig code found here:
正在执行的实际代码源自此处的 Shindig 代码:
A secure random number is needed to ensure that the secure postMessage channel created here cannot be compromised by scripts on the page to execute arbitrary actions.
需要一个安全的随机数来确保此处创建的安全 postMessage 通道不会被页面上的脚本破坏以执行任意操作。
Here's an article that explains why using Math.random() is bad:
这是一篇解释为什么使用 Math.random() 不好的文章:
回答by jfriend00
If you can get your script loaded first, you could hook addEventListener and log everyone who is setting addEventListener and see who's doing it and then, by looking at the relevant code, see what they're doing.
如果你能得到你的脚本加载第一,你可以挂钩的addEventListener和日志大家谁是设置的addEventListener,看看谁在做,然后,通过查看相关的代码,看看他们在做什么。
Put this in place before the Google code loads:
在加载 Google 代码之前将其放置到位:
var oldListener = document.addEventListener;
document.addEventListener = function(type, listener, capture) {
if (type == "mousedown" || type == "mouseup" || type == "mousemove") {
console.log("type=" + type + " listener=" + listener.toString().slice(0, 80));
}
return (oldListener.apply(this, arguments));
}
To see what was listening to window.onmousemove, you'd have to do it afterwards because it's just a variable assignment, not a function that you can intercept. So sometimes after the initialization code of the page runs, you would do this to log what was hooked up to it:
要查看正在侦听 window.onmousemove 的内容,您必须事后进行,因为它只是一个变量赋值,而不是一个可以拦截的函数。所以有时在页面的初始化代码运行后,你会这样做来记录连接到它的内容:
if (window.onmousemove) {
console.log(window.onmousemove.toString().slice(0,80));
}
回答by NoBugs
In the uncluttered codeas of Jul 22, you'll notice the onmousemove is part of the Gb.random class:
在截至 7 月 22 日的整洁代码中,您会注意到 onmousemove 是 Gb.random 类的一部分:
Gb.random = function () {
function a(a) {
var b = Jb();
b.update(a);
return b.ib()
}
var b = la.random(),
c = 1,
d = (screen[za] * screen[za] + screen[J]) * 1E6,
e = i.onmousemove || Db();
i.onmousemove = function (a) {
if (i.event) a = i.event;
var b = a.screenX + a.clientX << 16;
b += a.screenY + a.clientY;
b *= (new Date)[Ta]() % 1E6;
c = c * b % d;
return e[G](i, ka[x][Aa][G](arguments))
};
var f = a(k.cookie + "|" + k[B] + "|" + (new Date)[Ta]() + "|" + b);
return function () {
var b = c;
b += ia(f[cb](0, 20), 16);
f = a(f);
return b / (d + la.pow(16, 20))
}
}();
It's multiplying sum of x and y by 2^16 using bitshift, then adding some other dimensions and multiplying all this by time in milliseconds mod 1000000. This definitely looks like a randomizing algorithm.
它使用位移将 x 和 y 的总和乘以 2^16,然后添加一些其他维度并将所有这些乘以以毫秒为单位的时间 mod 1000000。这绝对看起来像一个随机化算法。
I'm not sure why the page would need something like this, perhaps it's using a cookie, preventing automated +1 clicking? When you click the "+1" the login screen that pops up appears to have a random number appended as the hash, the url ends with "&hl=en-US#RANDOMNUMBER"
我不确定为什么页面需要这样的东西,也许它正在使用 cookie,阻止自动 +1 点击?当您单击“+1”时,弹出的登录屏幕似乎附加了一个随机数作为哈希,网址以“&hl=en-US#RANDOMNUMBER”结尾
回答by Fresheyeball
I bet you its "In-Page Analytics" Beta. Making a cursor and click heat-map.
我敢打赌,它是“页内分析”测试版。制作光标并单击热图。
回答by Panos Ipeirotis
I think that the paper by Guo and Agichtein from CHI 2010 http://www.mathcs.emory.edu/~qguo3/wip287-guo11.pdfcan provide further ideas on why Google is doing that.
我认为郭和 Agichtein 来自 CHI 2010 http://www.mathcs.emory.edu/~qguo3/wip287-guo11.pdf 的论文可以提供关于谷歌为什么这样做的进一步想法。
Apparently mouse movements is a rough proxy for eye movement and allows people to approximate eye tracking results.
显然,鼠标移动是眼球运动的粗略代表,并允许人们近似眼球跟踪结果。
回答by zatatatata
It's impossible to tell for certain, what Google does with this mouse movement data. As you can see yourself, it's not returning loads and loads of information back to the server, therefore, nothing to worry about.
无法确定 Google 对这些鼠标移动数据做了什么。正如您自己看到的那样,它不会将大量信息返回给服务器,因此,无需担心。
The first is probably a generic event handler. Reason why I think that is if you read the source, you can see that on the line before there is throw Error("Invalid listener argument"); and next or one after the next there's throw Error("Invalid event type"). Since the fired line is in between these two (event related) exceptions, I'm pretty sure that it's some kind of an event handler. Using debugger, it doesn't do anything really (doesn't jump to some other function) so it seems that it's there for future implementation.
第一个可能是一个通用的事件处理程序。我认为的原因是,如果您阅读源代码,您可以在 throw Error("Invalid listener argument"); 之前看到这一点。然后下一个或下一个之后抛出错误(“无效的事件类型”)。由于触发线位于这两个(事件相关)异常之间,我很确定它是某种事件处理程序。使用调试器,它实际上并没有做任何事情(不会跳转到其他一些功能),所以它似乎是为将来的实现而存在的。
The second function is identical to the first one. Since it's gTalk's I suppose it updates your status (away, online etc).
第二个功能与第一个相同。由于它是 gTalk,我想它会更新您的状态(离开、在线等)。
The third seems to be content updater or something similar, since you can see strings like cacheTimeout etc scattered around it.
第三个似乎是内容更新程序或类似的东西,因为你可以看到像 cacheTimeout 之类的字符串散落在它周围。
My 2 cents.
我的 2 美分。
回答by spraff
They probably use it to measure how quickly users move from one UI item to another, how often clicks miss etc.
他们可能用它来衡量用户从一个 UI 项目移动到另一个 UI 项目的速度,点击未命中的频率等。
I normally have a deeply cynical view of invasive features but I don't think this is a privacy risk. It's shocking because it's so unusually fine-grained, but it's not very revealing. Does your mouse movement encode bank details? Porn?
我通常对侵入性功能持愤世嫉俗的看法,但我认为这不是隐私风险。这是令人震惊的,因为它是如此异常的细粒度,但它并不是很有启发性。您的鼠标移动是否对银行详细信息进行编码?A片?
Google and the like have plenty of high-quality data to track you with. Mouse coordinates have very limited application.
谷歌等有大量高质量的数据可以跟踪你。鼠标坐标的应用非常有限。
To go off-topic a bit:
有点跑题:
To an extent, the more data you collect about people the more problems you have. I hear (from Schneier and the like) that intelligence agencies are suffering from the huge numbers of false positives triggered by their ever-accelerating data aquisition -- the signal-to-noise ratio is abysmal. I find this somewhat amusing.
在某种程度上,您收集的有关人员的数据越多,您遇到的问题就越多。我听说(从 Schneier 等人那里)情报机构正在遭受由他们不断加速的数据采集引发的大量误报的痛苦——信噪比非常糟糕。我觉得这有点有趣。
回答by utonian automatic
this is really beyond from far fetched, but here it goes anyway ...
这真的很牵强,但无论如何都在这里......
it revolves around the type of trajectory & curvature of a mousemovement from a start point towards different attractors take i.e. 2 items/links on a page.
它围绕着从起点到不同吸引子的鼠标移动轨迹类型和曲率,即页面上的 2 个项目/链接。
http://sciencestage.com/v/26698/dynamics-and-embodiment-in-language-comprehension.html
http://sciencestage.com/v/26698/dynamics-and-embodiment-in-language-comprehension.html
in short, if you put two competinglinks/buttons and analyze the trajectory towards one of those links, you can deduce a patternor howyou reached the decisionto click only 1 of those links (see vid around 13:00)
简而言之,如果您放置两个相互竞争的链接/按钮并分析其中一个链接的轨迹,您可以推断出一种模式或您如何做出仅单击其中一个链接的决定(参见 13:00 左右的视频)
