Mr. Standard Mischief has a few tips of his own for blogging privacy; check them out here.
To build a little on what he said about HTTP referers, his method of copy/pasting works fine, but it’s inconvenient enough that you probably don’t want to do it for every site you visit. A few alternatives:
- If you’re a Firefox user, I suggest you look into the RefControl plugin; it lets you control your referer string on a per-site basis. Mischievous fellow that I am, I occasionally use it to leave a little joke on a friend’s SiteMeter.
- If you’re REALLY paranoid, the combination of Tor + Privoxy + Torbutton is powerful and convenient.
Personally, I leave my referer strings alone as a courtesy to my fellow bloggers; I like to let y’all know that I’m reading you, even if I don’t comment regularly.
And besides, it’s kinda fun to get into a game of SiteMeter-tag once in a while. Right, Tam? 
What’s the fun in sending hits someone’s way if you can’t count ‘em?
PS: Besides, I’ve been poking around that Stats package and seeing if I want to make the switch from SiteMeter. It looks geekily neat, but almost _too_ detailed…
I’ve actually only used refspoof before. There’s so many extensions that it’s really hard to keep track of them all.
Yea, while the cut and paste trick is handy, and requires no plugins, it is a pain in the ass to use all the time.
Oh I do too, except when I’m seeing where people come from in my web stats package. In my entry I linked to an example, but let me explain a bit better.
Anonymous blogger “zuzu” was checking out her stats when she noticed some traffic coming from Ann Bartow’s blog. So she directly clicked on the link and checked it out. Ann later checked her stats, and noticing the one referer link coming from another sitemeter. Ann then seems to have done a lookup on the IP address and found that it went back to a law firm, specifically zuzu’s law firm. She then probably found the law firm’s web page and made a fair guess on which was the anonymous blogger based on info publicly reviled previously in zuzu’s blog.
Having found a name, she probably then got an email address and then sent “zuzu” a “polite” little email, reminding zuzu to be a bit more careful with her secret identity.
I suppose the moral of the story is that you could use Tor, or a proxy, or a coffeehouse wi-fi access point to do all your comment posting on unfriendly blogs to keep your cover safe and yet blow everything by clicking on a link in your web stats page without protection.
There’s also the user agent string problem (I mean how many people use Ubuntu-feisty, or Iceweasel?), but your average IE or Firefox user isn’t going to have that problem.
Oh and if the URL in you web stats log looks really suspicious, you may want to use a proxy to check it out anyway. Check your stats package for my fake:
http://standardmischief.com/-fake-url-used-as-bait/
I imagine with a bit of mischief you could create a shell script that would manufacture significant spoofed traffic. “curl” is my favorite tool to use here.
Oh and I’m not posting this to try to freak anyone out, I try to use my mutant powers for good, and not evil.
Hey, your comment got sent to the moderation queue due to the embedded HTML; sorry for the delay in approving it.
You do raise an excellent point there; some IP addresses are more revealing than others.
I’m curious, you obviously know your stuff here. Are you a professional IT guy?
Oh, well from my point of view I saw all three comments yet the counter was stuck at two. I never even knew I was in moderation. Must be a new feature in the 2.x WordPress.
I’m an under-employed amateur. I’m currently in a self-directed Linux immersion program and I’m looking for a better job. There’s obviously major gaps – I still haven’t fixed that display problem I was having and you can see from my site that I’m still struggling with CSS.
Most of my knowledge about referers and user-agent strings came from setting up a server at home and screwing around with things.
Oh, and there is all kinds of good stuff on this guy’s page. Honestly, if you get hooked, it will still take months to assimilate a third of what’s on there (though some of it is a bit dated).
Oh, and thanks for the award!
If you REALLY want to play around, pick up the TamperData extension for firefox. It lets you play with the HTTP requests before they go out.