What information is being gathered

[ryewriter]

My employer wants to add the following javascript to each page of our
site:

<!-- start nielsen netratings sitecensus V5.1 -->
<!-- copyright 2005 nielsen netratings -->
<script language="JavaScript" type="text/javascript">
<!--
var _rsCI="us-w1441";
var _rsCG="site";
var _rsDT=0;
var _rsDU=0;
var _rsDO=0;
var _rsX6=0;
var _rsSI=escape(window.location);
var _rsLP=location.protocol.indexOf('https')>-1?'https:':'http:';
var _rsRP=escape(document.referrer);
var _rsND=_rsLP+'//secure-us.imrworldwide.com/';

if (parseInt(navigator.appVersion)>=4)
{
var _rsRD=(new Date()).getTime();
var _rsSE=0;
var _rsSV="";
var _rsSM=0;
_rsCL='<scr'+'ipt language="JavaScript" type="text/javascript"
src="'+_rsND+'v51.js"><\/scr'+'ipt>';
}
else
{
_rsCL='<img
src="'+_rsND+'cgi-bin/m?ci='+_rsCI+'&cg='+_rsCG+'&si='+_rsSI+'&rp='+_rsRP+'">';
}
document.write(_rsCL);
//-->
</script>
<noscript>
<img
src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-w1441&amp;cg=site"
alt="">
</noscript>
<!-- end nielsen netRatings sitecensus V5.1 -->

What informaton about the users is it gathering.
Does it require and ssl connection to send the information?

 

[Joakim Braun]

My employer wants to add the following javascript to each page of our
site:

<!-- start nielsen netratings sitecensus V5.1 -->
<!-- copyright 2005 nielsen netratings -->
<script language="JavaScript" type="text/javascript">
<!--
var _rsCI="us-w1441";
var _rsCG="site";
var _rsDT=0;
var _rsDU=0;
var _rsDO=0;
var _rsX6=0;
var _rsSI=escape(window.location);

The location is saved.

var _rsLP=location.protocol.indexOf('https')>-1?'https:':'http:';

The protocol is saved ("https" or "http").

var _rsRP=escape(document.referrer);

The referrer is saved (where the user came from - this information may or
may not be accessible).

var _rsND=_rsLP+'//secure-us.imrworldwide.com/';

if (parseInt(navigator.appVersion)>=4)
{
var _rsRD=(new Date()).getTime();
var _rsSE=0;
var _rsSV="";
var _rsSM=0;

Note the four unused variables. Perhaps they're used by the script
subsequently loaded.

_rsCL='<scr'+'ipt language="JavaScript" type="text/javascript"
src="'+_rsND+'v51.js"><\/scr'+'ipt>';
}
else
{
_rsCL='<img
src="'+_rsND+'cgi-bin/m?ci='+_rsCI+'&cg='+_rsCG+'&si='+_rsSI+'&rp='+_rsRP+'"
';
}
document.write(_rsCL);

Depending on the version number of the browser, this document.writes either
a <script> tag with src set to something like
http://secure-us.imrworldwide.com/v51.js or an <img> tag with the src set to
something like
"http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-w1441&cg=site&si=[the
location of the window]&rp=[the referrer of the window]".

The v51.js script tries a lot more, like finding out the user's operating
system and browser and writing an applet into the page. The <img> would
trigger a server-side script that probably harvests the query string with
the location and referrer information.

//-->
</script>
<noscript>
<img
src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-w1441&amp;cg=site"
alt="">
</noscript>
<!-- end nielsen netRatings sitecensus V5.1 -->

What informaton about the users is it gathering.
Does it require and ssl connection to send the information?

I don't think so.

This all looks like a fairly above-board attempt to find out some basic
things like platform, browser, user language, screen height/width/depth etc.

 

[ryewriter]

Thanks!