Search

‘iesnare’ (‘ReputationManager’): Find, delete, stop re-infection

Background

There has been lots written about ‘iesnare’ on forums and other places on the net; some of it accurate, some of it not. For brevity, we’re going to ignore this and signpost people to the best of it, so that we can concentrate on this update.

 

What is ‘iesnare’ and what it does (now called ‘ReputationManager’)

See: https://www.geegeez.co.uk/iesnare-how-bookmakers-are-spying-on-you-from-your-own-computer/

There are a couple of things in this extensive article and discussion that are possibly not true.  I say possibly, because even the UK Information Commissioner’s Office doesn’t know the exact contents of what is kept within the ‘iovation’ database linked to ‘iesnare’.  The following is certain:

Screen resolution, Device Type e.g. PC, MAC, etc.,Operating System e.g. Windows, OS X, Linux, etc., Device Time Zone, JavaScript on/off, Flash on/off, Flash installed?, Flash Version, Flash storage enabled/disabled, Browser Cookies enabled/disabled, Browser Type, Browser Version, Browser character set, Browser Menu Language, Browser Configured Language, IP Address, IP Geolocation: City, IP Geolocation Country Code, IPGeolocation Proxy Flag, IP Geolocation Country Name, IP Geolocation State/Region, IP Geolocation Time Zone, Internet Service Provider (ISP), ISP Organization; Fully-qualified domain name, CPU Count, CPU Speed, Operating System Version, System Model, Component Serial Numbers, MAC Address, DeviceName (MD5 Hash), Device Identifier, Device Locale, Device System Version, OS Build Number, Kernel Version, Kernel Build Number, Flash System Capabilities.

The best way to think about this, if you are not an ‘ITgeek’ is:

Imagine being at the police station and suspected of a crime.  The police would take your fingerprints after asking you; ‘iesnare’ does this to your tablet, laptop, PC, phone, but you have not committed or are suspected of any crime at this time.  It assumes you may, so enters your equipment into a database where subscribing companies can enter other information about your machine, e.g. machine suspected of fraud.  The massive differences between the police station and ‘iesnare’ being: It is impossible to find out; what is logged in the database, a list of exactly which companies share the database information, plus the information is stored for eternity and the information is collected 95% of the time without the knowledge of the machine owner.

Companies claim they cannot identify your specific internet activity personally outside that on their own websites within their corporate group, but they can see it through trackers like Google Analytics; however this data is pooled, i.e. not identifiable to an individual.  We have to assume this is true, because if companies did otherwise, it would be illegal.  Nevertheless, it is possible to buy software that takes Google Analytics’ pooled data and following clever programming will identify an individual’s specific internet activity.  It is not for us to guess whether this has happened or not, or to guess what the ‘iovation’ database contains exactly, that is the job of the UK’s Information Commissioner’s Office and similar regulators throughout the world.

 

So, what is new and what advice is useful in reducing the effects of ‘iesnare’?

First of all we need to be very honest.  Some of you reading this will simply be appalled by this product, some of you will just want to stop it transmitting, because of the injustice you feel and some of you will be running multiple accounts in multiple names, so that you can get a bet on.  Again, it’s not for us to comment on why, but we have to say we don’t blame you.  Any company that spies on its customers without being totally upfront about it, and we have yet to read any bookmakers’ terms and conditions where ‘iesnare’ is ever mentioned specifically, let alone explained clearly; gets what they deserve.

Secondly, we need to recognise that, if you block all cookies and trackers you won’t get a bet on and quite rightly so.  When financial transactions are taking place online there has to be a high level of security to protect the customer and this involves ‘good’ cookies.  What follows is advice on what we class as ‘bad’ or unnecessary cookies that attack personal privacy.

  • As mentioned ‘iesnare’ is now called ‘ReputationManager’ but it still generates folders on your equipment with the same names, e.g. mpsnare, etc.
  • If a bookmaker is not using ‘iesnare’ do not assume they are not spying on you. Some companies have their own differing types of spying techniques and there is other fingerprinting software like ‘iesnare’, e.g. Experian Marketing Services, ThreatMetrix and BlueCava.  Later, our advice will tell you how to block these.
  • Betfair is now using ‘iesnare’.
  • There are many browsers with many different ways of dealing with products like ‘iesnare’, so we can’t cover them all. We are not an affiliate of Mozilla, so unlike your friendly Paddy Power affiliate who receives massive commission on your gambling losses we do not gain anything financially or otherwise by featuring their browser ‘Firefox’.  It is simple; Mozilla have gone out of their way, for free, to help you discover and delete this type of privacy intrusion, so we support them.
  • Download ‘Firefox’ if you don’t have it: https://www.mozilla.org/en-GB/firefox/new/ And follow the instructions or get your ten year old (daughter, son, grandchild) to do it for you.
  • Download Mozilla ‘Better Privacy’, an add-on for ‘Firefox’: https://addons.mozilla.org/en-GB/firefox/addon/betterprivacy/ And follow the instructions or get your ten year old (daughter, son, grandchild) to do it for you.

 

Searching for and deleting ‘iesnare’ (Reputation Manager)

  • Add the ‘Better Privacy’ logo to your main ‘Firefox’ menu bar. The logo looks like this:

Better Privacy logo

  1. To do this, open ‘Firefox’ click on the four bars in the top right of your screen. Then ‘Customize’ in the box that opens. You can then drag the logo into your menu bar.
  2. Click on the ‘Better Privacy’ logo and a box will open. It will automatically search for all the local shared objects (LSOs) within the Macromedia folder of your equipment.  ‘iesnare’ is an LSO and is likely to be stored in this folder.  You may be surprised by how many LSOs you have?  You can delete them all at once using ‘Better Privacy’, but this is likely to worry you (fair enough – we can’t recommend anything, as we don’t know the websites you use), so for the purpose of this article find the LSOs called ‘mpsnare.iesnare.com’ (or similar) and delete them by clicking on the ‘Remove LSO button’. There are likely to be two or more folders.  You can use the ‘Refresh display’ button to search again.  NB: This process is not the same as searching for ‘iesnare’ using ‘File Explorer’ in Windows as it is only searching one specific area on your PC.  However, it is unlikely that you would find the ‘iesnare’ folders anywhere else, but you may still want to do the following:

a) Go to ‘File Explorer’ of ‘Explorer’ dependent on the version of Windows you are using. Make sure you select your full main hard drive, e.g. ‘This PC’, C:, or whatever, then enter ‘iesnare’ or ‘mpsnare’ into the search box (top right hand corner of your screen).  It may take quite a time to search, be patient.  If any folders are found, select them and delete.  If you are a Mac user or a tablet user that does not run Windows as the operating system you will need to find out how to search your main hard drive.  A simple ‘Google’ search will provide the answers.

 

Re-infection

‘iesnare’ is like the naughty child in the restaurant who never takes any notice of the adults they are with; it keeps coming back for more. What we’ve done so far; is find it, delete it and thus stopped it transmitting.  But, the primary damage cannot be rectified; your device is in the ‘iovation’ database and you have no rights to get it removed.  Sorry, but we can’t help with that, but we do hope at some point that all concerned with the product and using it, will be fined by regulators.  You can’t stop re-infection using ‘Better Privacy’, but you can set it to notify you when an infection has occurred and delete it in seconds to stop transmission.

Better privacy box

In the box you have already seen (above), click on ‘Options & help’ and you will see:

Better privacy box 2

For ease, just copy what is ticked in the last visual.  This means you will be told immediately when ‘iesnare’ reappears on your equipment and you can delete it straight away using the ‘LSO Manager’ tab and clicking on ‘Remove all LSOs’ or by selecting the relevant folders and clicking the ‘Remove LSO’ button.

 

Stopping re-infection

Stopping ‘iesnare’ re-infection completely used to be very complex, but there is a free product now that will do it for you: Again we are not affiliates. It is called ‘Ghostery’.  Go to: https://www.ghostery.com/try-us/download-browser-extension/ And select the Firefox option (it will work with others browsers as per the page options).  Follow the instructions or get the family IT expert to do it and away you go.  The ’Ghostery’ logo will appear in your menu bar as below.

Ghostery box

Next, click on the logo and it will show a summary of the trackers for the webpage you’re on.

Ghostery box 2

Next, click on the circle and then one of the categories, e.g. Site Analytics and it will show the trackers for the webpage you’re on.

Ghostery box 3

You have an option to leave them transmitting or block them by clicking on the little green or red circles.  They turn to red when you block something.

In the last picture in the bottom left hand corner of the ‘Ghostery’ box there is a menu called ‘Advanced settings’ click on it.  This gives you access to the complete settings for ‘Ghostery’.  Make sure you are on the ‘Blocking Options’ tab.

Ghostery box 4

You can either block everything, which we would not recommend or just block everything in ‘Advertising’ and ‘Site Analytics’ (as above), which will block ‘iesnare’ (Reputation Manager) and all the other similar types of spying software we mention here, e.g. Experian Marketing Services, ThreatMetrix and BlueCava.  This works the same as the small box mentioned before, i.e. click on a green circle and it will go red and vice versa.  The page automatically saves your settings.

If you buy a new PC/laptop/tablet/smartphone, it is vital that you download ‘Ghostery’ and complete everything outlined here before you go on any gambling websites.  This will stop your new equipment being infected with filth like ‘iesnare’ and therefore entering the dreaded ‘iovation’ database.  These instructions will also stop the other known ‘fingerprinters’.

Finally, we are keen to get ‘fingerprinting’ cookies (software) banned, so please consider doing what the following webpage covers: https://www.geegeez.co.uk/iesnare-update-victim-fights-back-urges-others-to-do-likewise/#comment-75062

Don’t take the easy option, do something and ring as outlined on the webpage: It is to your benefit.

 

Disclaimer:  All the people who have contributed to this article are not experts in online tracking and fraud.  We are simply people who take an interest and in some cases like a bet.  If anyone can improve on this article please feel free.  Whilst, to the best of our knowledge we are publishing facts, we cannot guarantee that everything we have consulted and interpreted has been done 100% correctly, but we have tried.  If there is a whizz-kid out there that knows how to rid the world of products like these, please get in touch.

 

 

Logo final

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close