iesnare - make sure you're not being snooped on.

[munk]

What is iesnare?
Iesnare is a ‘reputation management’ system by a company called Iovation that stores a digital fingerprint of your current system in a database on their website. That fingerprint can then be accessed by all of their customers - ie online gaming websites - to track your online activity.

The main purpose of the system is to block criminal activity where fraudsters use multiple stolen identities / credit cards to sign up for multiple accounts on the same gaming sites.

Whilst this sounds like a good thing and any lawful user shouldn’t have anything to worry about, what is worrying is the fact that your computer’s identity is being monitored as you use it across many different gaming websites. So for example if you use the same machine to sign up to two or more different sites that use the iesnare system, each site will know that you’ve recently signed up somewhere else and potentially earmark you as a criminal or abuser.

In the UK (no idea of the equivalent in the US) the Data Protection Act makes the sharing of personal information between different organizations is unlawful and it’s arguable that iesnare is in contravention of that law. Iovation would probably argue that they’re not storing or sharing any personal information, it’s only your PC’s identity that they’re storing and sharing. Whether your PC’s identity is a part of your personal identity is up for question.

Also, you don't get the option to opt in or out of this, the iesnare cookie is installed secretly without your knowledge or explicit permission (as opposed to the permission you give when you agree to the T&C of most gaming sites which probably includes a clause that allows them to use companies like Iovation to track users).

Who is affected?
You might be affected if:

• You use a PC with Macromedia Flash installed
• You access online gaming sites regularly

The name ‘iesnare’ seems to have been used because ‘iesnare’ is the name of the website that installs the dodgy files. However because it has ‘ie’ in it, it doesn’t mean you’re only affected if you use Internet Explorer (IE) or if you only use a Windows based PC. You could use Mozilla Firefox on a Mac or on Linux and still be affected.


How to check if iesnare is installed on your machine

1. In Windows XP etc, hit 'Windows-key - F' to open the Search window. (press the windows key and the 'f' key at the same time). In Windows Vista, do same as for xp but note you will probably have to goto 'advanced search' and then tick the 'include non-indexed ...' checkbox.
2. Type in 'mpsnare' in the Search window.

If iesnare has been used on your machine you'll find one or more of the following folders:

• #mpsnare.iesnare.com
• #ci-mpsnare.iovation.com
• mpsnare.iesnare.com
• ci-mpsnare.iovation.com

[munk]

How to disable iesnare
There are a number of ways of disabling iesnare, each method is listed below in order of simplicity (though the first method isn't much use if you use Flash regularly which most people do nowadays, still by definition it probably is the simplest method of disabling iesnare). You only need to use one method and you should be OK, but if you want to use more than one method then belt+braces isn't such a bad thing.

(Method 1) Uninstall Flash
One very simple way of blocking flash cookies (ie iesnare) is to just uninstall Flash player completely. In this way the iesnare cannot work because you don't have Flash installed - a little (ok, very little) bit analogous to a stopping a car from working by removing the car and just leaving the battery on the pavement(!). But of course if you need to use the car much then you ain't getting far riding on a battery - in the same way if you use Flash regularly - and who doesn't nowadays when the web is based largely around Flash for many many things - then you won't want to uninstall flash and you should pick a different method from below.

(Method 2) Disable iesnare by modifying your 'hosts' file
This method works by fooling your PC (and the iesnare software) into believing that the iesnare website is actually hosted on your local machine / PC. This way, any time a connection is attempted to one of the iesnare related sites, the connection is actually made with your own PC (which will fail because you are (probably) not hosting a web server on your machine - and even if you were you will not be running the scripts required to understand what's going on / it will be harmless).

This doesn't affect connections to any other sites, just to any of the iesnare related sites. It should also not affect your online activity noticably either (unless of course you visit an iesnare site, in which case the web page will not load!).

To achieve this (note originally written on WinXP though methodology is same on Win7):

1. Log into Windows as Administrator.
2. Open the 'Run' dialog box (press 'Windows+R' or click 'Start', 'Run').
3. Type in (or copy): 'notepad.exe C:\WINDOWS\system32\drivers\etc\hosts' (note replace 'C:' with whatever drive your windows folder is on, most machines it should be just c: ). Hit 'enter' to open up the file in notepad.
4. At the end of the file, add the following line:
   Code:

   127.0.0.1 iesnare.com www.iesnare.com mpsnare.iesnare.com ci-mpsnare.iovation.com

5. Save the file (press 'ctrl-s' or go 'File > Save').

To test whether your changes worked:

1. Open the 'Run' dialog box (press 'Windows+R' or click 'Start', 'Run').
2. Type in 'cmd' and hit enter, this brings up the commandline.
3. Type in: 'ping iesnare.com' - this will try to send a ping packet to the address that your machine thinks is 'iesnare.com'.
4. Type 'exit' to close the command line window.

If your modifications were successful, you should see 'Pinging iesnare.com [127.0.0.1]' when you run the ping command above. Don't worry if it says 'ping failed' or similar, just the fact that iesnare.com resolves to 127.0.0.1 is enough to know your modifications were successful - this means the iesnare software will think your machine is the iesnare.com website

(Method 3) Disabling iesnare by changing the Flash settings
Another alternative to the methods above is to limit the amount of space that iesnare can use by changing the Flash settings. In this way by setting the available space to zero for iesnare you can effectively stop it from working (because it has nowhere to place it's cookies). See this post below for more details:

If you visit this site , Adobe - Flash Player : Settings Manager - Website Storage Settings panel

select mpsnare.iesnare from the list ( thats if its on your pc ) then drag the slider down to 0Kb ,or delete it from the list it wont be able to store a flash cookie on your pc .

A little bit of a disclaimer < I'm not a pc expert by any means , but after much googling i found this and did this myself , i believe this to work , others clever souls may be able to enlighten everyone else weather this is correct or not >

(Method 4) Disable iesnare by blocking read/write access to iesnare cookies on your HDD
This step is slightly more complicated and involves blocking the iesnare flash application from writing the cookies to your HDD in the first place - if it can't read/write the cookies, it cannot function properly.

There are 3 steps to this method, each listed below. The article was originally written for Windows XP, however the methodology is the same on Windows 7:

Step 1 - enable access to the file/folder security properties so you can change the permissions on the folders:
Note: you must have administrative privileges on the machine. The following steps are for Windows XP Service Pack 2/3.

1. Open Windows Explorer.
2. Go 'Tools > Folder Options'.
3. Select the 'View' tab.
4. In 'Advanced Settings', scroll down to the bottom and make sure 'Use simple file sharing' is NOT ticked.
5. Click 'OK'.

This allows you access to the security settings for each file/folder which isn't usually displayed by default (presumably to stop people effing up their system beyond recognition).

Step 2 - deny write access to the iesnare folders:

1. In Windows XP etc, hit 'Windows-key - F' to open the Search window. (press the windows key and the 'f' key at the same time).
2. Type in 'mpsnare' in the Search window.
3. When the search is completed, if iesnare has been used on your machine you'll usually find two or more folders with names like: #mpsnare.iesnare.com, #ci-mpsnare.iovation.com, mpsnare.iesnare.com and ci-mpsnare.iovation.com.
4. Select all of these folders, right click and select 'Properties'.
5. Select the 'Security' tab and then in the section where it says 'Permissions for ', click the 'deny' checkbox for each of the permission types (full control, modify, etc) - you can probably get away with just denying write perms though.

Be very careful not to change any other permissions on any other files/folders because this could make your machine unusable.

Step 3 - re-enable 'simple file sharing'

1. Follow the details in Step 1 above, but make sure the 'use simple file sharing' option IS ticked this time.

(Method 5) Disabling Flash Objects / iesnare in Firefox using 'Objection'
Objection is an addon for the Firefox web browser which allows you to block local shared objects (LSO) - iesnare being an example of a Flash based LSO.

It works in the same way as the built-in cookie blocker does in Firefox, allowing you to enter fully qualified domain names for which you don't want LSOs to be installed.

Step by step guide not really needed although will add it if someone requests it!

(Optional) Disable iesnare cookies in your web browser
NOTE - this is really an optional extra and shouldn't be needed if you've followed one of the methods above but doesn't hurt to do if you feel like it.

If all that above weren't enough, you should also block any regular HTTP cookies from the domain iesnare.com. These are the cookies that you can control from within your web browser (you can't control Flash cookies by default in your web browser):

Firefox:

1. Goto the Tools > Options menu.
2. Click on the Privacy tab.
3. Click on 'Exceptions'.
4. Enter 'iesnare.com' and click 'Block'

Internet Explorer

1. Goto the Tools > Internet Options menu item.
2. Click on the Privacy tab.
3. Click on 'Sites'.
4. Enter 'iesnare.com' and click 'Block'.

Chrome
See here for instructions on disabling cookies in Chrome:

Cookies - Google Chrome Help


Further Reading
For a whitepaper by Iovation on the ieSnare technology:

http://www.apwg.com/sponsors_technic...whitepaper.pdf

[munk]

Which gaming sites use iesnare?
To date the following gaming sites have been flagged as POTENTIAL (ie some are unconfirmed) users of iesnare:

• Bodog
• Sportingbet
• Bet365
• Jaxx
• Noxwin
• Miapuesta
• Bluesquare
• Intertops
• BetUK
• Ladbrokes (added 27/08/08)
• Bwin (added 27/08/08)
• Unibet (added 12/01/09) thanks moneyjon
• Betcris (added 13/01/09) thanks GlobalSquare
• Virgin Casino (added 05/02/09) thanks pfpf
• i4poker (added 20/03/09, thanks GlobalSquare)
• doylesroomcasino (added 15/07/09, thanks AdvancedGambler via PM)
• Mansion88 (added 06/12/09, thanks GlobalSquare)
• BetUS.com (added 10/12/09, thanks Rollops)
• Chilibet/poker/etc (added 23/01/10, thanks Rollops)
• Skybet (added 29/01/10, thanks Morlock55)
• Diamond (added 20/03/10, thanks King_Suckerman)
• Paddy Power (added 20/03/10, thanks DavidX)
• Foxy Casino (added 21/04/10, someone reported on MSE)
• William Hill (added 11/06/10, thanks Digi)
• Paf (added 02/08/10, thanks kamoon)
• Coral (added 07/03/11, thanks Fella)

This list is taken from experiences of users on the MSE forum and not all are confirmed. It’s still worth checking to see if you have iesnare on your machine even if you don’t have an account at any of the sites above. It's likely there are hundreds of sites using the Reputation Management system.

[Julie]

Ooh thank you, that was a very helpful post. I don't have it, it's all good

[andrewmrose]

I did, so I followed munk's instructions. Thanks!

[smk77]

I didn't. I must be a good boy!

[fudge]

random!! where the hell did you find that....for some reason i doubt you wrote that all yourself!!

[Adam]

Thanks. I have this IESnare stuff on my computer. Just a few questions:

Step 1:
4. "Use simple file sharing"

-Is there any other possible expression for this as I can't seem to find it?


Step 2:
4.

-When I go to Properties the only choices I have are General, Sharing or Customize, no Securty. On the sharing tab I can tick "make this folder private." Is that the same thing?

Sorry I'm not great with with computers.

[munk]

Glad it's of use, not sure whether to keep it quiet or try and advertise it more, no doubt Iovation will probably update their methodology once enough people figure out what they're doing. Apparently it's not that new at all, the first result for 'iesnare' in google is this article:

Bodog.Com Selects Iovation ieSnare and Stops Fraud Ring One Week After Implementation; Leading Online Betting Community Strengthens Security and Increases Operational Value Within Weeks - Technology - redOrbit

dated 2006! Scary. Also very curious that there's not a lot of hits for 'iesnare' on google. (For any geeks out there, an interesting result is a compiled .swf file that is publicly visible on iesnare.com. If I had the time/inclination I'd try decompiling it to see what it does and if there's anything interesting there.)


What concerns me about all this is that this probably isn't the only distributed reputation management system out there. So if anyone knows of any other systems like this please shout.

I have no problem whatsoever with individual companies running their own fraud detection systems to check I'm not opening multiple accounts on their sites, but I think this kind of data sharing across many unrelated gaming sites is very close to being unlawful. As I said above I'm fairly sure it would be a test case for the Data Protection Act in the UK - they disallow sharing of personal information between different companies, but like I say in hte OP, the question is whether sharing your computer's identity is against the Data Protection Act.

I can foresee (and may even have been a victim of) a case where an individual opens an account on one site that uses the distributed reputation management system. Now, for whatever reason that individual gets earmarked as an abuser (or rather the PC that that individual was using is given a negative reputation).

Now imagine that individual goes to sign up to another gaming site that uses the same shared reputation management system as the first site uses. From the off, because this individual is using the same PC on this second site, they're automatically labelled as a potential abuser - the second site will be a lot quicker to limit and refuse entitlements.

This is potentially dangerous because the second site is using a judgement call made by the first site which may be totally baseless - it may have been a simple mistake or it may be that the first site are simply over-zealous with their trading stop loss system. What it boils down to is that you're being labelled guilty before being given the chance to prove you're innocent.

random!! where the hell did you find that....for some reason i doubt you wrote that all yourself!!

wtf, I'm insulted!

Try googling for it and if you find it online anywhere else but here I'll give you my cat on loan as a stressball - just don't touch him, he doesn't like it

I would say I'll upload the Word document I wrote about it to my website, but I think I ended up posting all of it here anyway. I think the only bits I left out where some links to the Iovation site - I didn't want anyone 'tipping them off' to the existence of this article by clicking on a link in this thread.

If you want to find out more, goto Iovation's website and browse through their reputation management pages - there's some interesting high level PDF documents on how the technology works for gaming sites.

Also, to be fair I should really cite the MSE forum thread which alerted me to iesnare in the first place:

Which bookies install iesnare on your machine? - MoneySavingExpert.com Forums

That's where most of the information came from. I just bundled it all together into one single (hopefully) cohesive article. I used to write a lot of technical articles for my website and I kind of enjoy it, helps me understand stuff better if I write in detail about it - if it helps others too then that's a bonus

[fudge]

That's where most of the information came from. I just bundled it all together into one single (hopefully) cohesive article. I used to write a lot of technical articles for my website and I kind of enjoy it, helps me understand stuff better if I write in detail about it - if it helps others too then that's a bonus

ahha, good effort. you just want posts of the week really dont you!