Intel, Online Gambling, and Your (Lack Of) Privacy: ieSnare

Friday, October 03, 2008

People, for better or worse, have always been a little touchy about unique identifiers. Social security numbers. Barcodes. RFID. GUIDs. In this day and age of massive registration databases, of drive-by identity theft, a number can be a very powerful thing.

You may remember the sound and fury over the Pentium III processor's embedded serial number, a feature which could have been used (potentially) to track a user's computer without the user's knowledge or consent. This was back in 1999—ancient history—but it was taken quite seriously at the time. In the United States, the Federal Trade Commission was asked, repeatedly, to investigate the technology as an unfair and deceptive trade practice. Meanwhile, across the Atlantic, an advisory group to the European Parliament came very close to recommending a complete European ban of the chip.

The Pentium III processor

Intel was and is one of the premiere technology companies in the world. And yet the message was clear, on both sides of the Atlantic: stay the f--k out of our lives. Intel was forced to first disable, and then discontinue entirely, the tracking feature. And you know what? In hindsight, the privacy concerns were probably exaggerated. Computer hardware is and has always been full of unique or semi-unique markers. That's how most licensing and registration software works, after all: by taking a look at a couple pieces of hardware and cobbling together a unique key.

Fast forward, ten years later.

Today I'd like to talk to you about an electronic privacy issue which is a hundred times more serious than the Pentium III, and a hundred times less publicized. This technology, which exists today, and which quite possibly is working its deceptive magic on your computer even as you read this, is exactly what the world was worried about when the Pentium III was introduced. Back then, the privacy concerns were unfounded.

Today, not so much. Read on.

Imagine, if you will, that your computer has been branded with a unique identifier, very similar to the one introduced with the Pentium III. Only this unique identifier isn't associated with a particular piece of hardware; it's associated with your entire machine—the one you're using to read this, and who knows, maybe the one your kid uses. You can change your CPU; doesn't matter. Reformat your hard drive; doesn't matter. The identifier persists.

And this is where it gets scary.

Let's imagine that this "computer barcode" was distributed across the Internet without your knowledge or consent, linked into a massive online database containing some 60,000,000 unique device identifiers, each one representing a personal computer somewhere in the world: yours, mine, your next door neighbor's, your cousin's in Tuscaloosa, your uncle's in Paris. And let's assume that this database was billed as "fraud prevention" technology, but that it was maintained by a private company selling their services—access to this database—for cold, hard cash. With zero oversight. Zero regulation. Zero anything.

Would it bother you?

Because, ladies and gentlemen, this technology already exists.

Exactly as described above.

And it's far more common than you think.

And if you're reading this article, there's a better than average chance that you've already been infected with it (and "infected," believe me, is the word).

Welcome to the wonderful world of ieSnare.

Sporting a name that smacks of destructive Internet script kiddie hubris, and backed by the resources of a dedicated company by the name of iovation, ieSnare is quietly one of the nastiest, most underhanded pieces of spyware/malware this author has encountered, in a long history of spyware-induced pain and anguish. It is quite simply a worldwide, online, profit-driven computer blacklist capable of uniquely identifying your machine (once submitted to the database) whenever you visit any site, or use any product, protected by the ieSnare system. In iovation's own words:

iovation ReputationManager utilizes proprietary methods to uniquely identify devices connected to the Internet, creating unique identification for them that remain constant across all subscribing online businesses. For example, a PC device connecting to one online gaming or e-commerce site protected by iovation ReputationManager is assigned a device identifier by the same method used to identify PCs connecting to other e-commerce sites/networks protected by the system. 

Hello, Big Brother.

Tellingly, there is no publically available listing of companies who employ ieSnare technology although you can find various mentions and references on Google. I found out about ieSnare because I noticed that the Full Tilt, Ultimate Bet, and Bodog online poker clients were opening a curious file on my local hard drive:

Caught red handed?

STM.SOL is what's known as a Flash local shared object—which is basically a Flash "cookie". And unless you're a web developer, I'll bet you had no idea that there was even such a thing as a Flash cookie, or that Flash cookies are immune to typical "delete cookie" commands in your web browser. What's more, ieSnare sneaks under the radar of most antispy software because Flash cookies are either ignored, or viewed as low-risk items.

Like most successful spyware, ieSnare capitalizes on user ignorance. Whether or not ieSnare is an acceptable way to prevent fraud and/or increase operational efficiency is a discussion we can have once companies stop trying to slip this technology in through the electronic back door.

And by the way: guess who provides at least some of the funding for iovation?


The selfsame company which brought you the Pentium III and the unique identifier that caused such a stir ten years ago: Intel.

What a coincidence. No matter how things change, it would seem, the more they stay the same.

Tags: privacy, ieSnare, iovation, poker bot, online poker, poker

65 comment(s)

i have it. did a search for "iesnare.mpsnare" on my machine and found it in my flash folder. this really, really, REALLY PISSES ME OFF.

make that "mpsnare.iesnare"...

Well, when it comes to online poker, you get what you pay for... still. The online gambling sites will get theirs, courtesy of the world financial collapse... wait and see

James, I really enjoy your articles.

Thank you ;-)

Well, I don't have it - mind you I did turn off the IE plugin that Carbon Poker installed on me - even though I always use Firefox - thanks to your mentioning it.

I'd heard of ieSnare before but I didn't know it was being used by the poker companies. Seems like an awfully risky ploy for them; bad risk to reward ratio. If the technology were any damn good it would've prevented the UB/AP super-user scandals which it didn't. So it's basically a way for people to get pissed off at the sites which are in hot enough water as it is.


you may or may not know the role that ieSnare and iovation have played in the AbsolutePoker/UltimateBet scandals. there has been a ton of "research" done on the company, it's founders (particularly Greg Pierson), and the product.

of course, Two Plus Two forums has a few threads on it, but signal/noise ratio is pretty high. still a lot of useful info in those threads.

interestingly, when researching iovation for the AP/UB scandal, we came across .sol files. i haven't checked on the effectiveness of this tool vs say Full Tilt's use of ieSnare, but here was a suggested tool to use on .sol files: my guess is that this brower-based .sol tool might not be effective against thick-client apps such as poker software.

feel free to contact me if you have any questions; there are some significant theories on Pierson/iovation and their role in the scandals.


This article does not provide enough detail, and sounds very FUDsy to me. How does this software survive a harddrive reformat? I guess it could re-infect you, recognize your hardware and identify you that way, but only if you don't have an OEM machine. There are a lot of spyware companies out there building databases. How is this one any different?

That doesn't give this software any excuse to exsist since it's breaking a law in my book. Unauthorized software installation should be against the US law, but it's not for obvious reasons. (money) Still this article is a bit overblown IMO.

Sean, the patent application describing the technology is here:

Looks like it gathers your hardware/software configuration (called a "fingerprint"), stores that in their central database server and in a flash cookie on your machine, and associates it with a screen name (like a poker login). If you reformat your hard drive, the central server just re-stores the cookie the next time you log in to the poker site with that screen name. The method also allows for some minor changes in your system configuration, like swapping out a network card, and simply associates your screen name with your latest information the next time you log in.

Unless they've figured out otherwise, the only way to create a new fingerprint and perhaps become anonymous again would be to drastically swap out your software and hardware and reformat your drive, or maybe at least swap out some undetermined critical component(s) (the patent suggests that getting a new CPU serial number would be a critical change). I'm sure the ACTUAL method you would use to avoid simply being re-associated with your new system configuration is tightly held at iovation. Even then, your fresh system would be flagged because its fingerprint doesn't match what was previously associated with your login.

The non-anonymity privacy concerns aside, I think an even bigger issue is that iovation's goal is to share your digital fingerprint among all its clients. That way if one website flags your account for fraud (rightly or wrongly), iovation alerts other client sites with whom you have accounts. Even assuming nothing insidious comes of that (not a fair assumption), the potential for unregulated abuse is huge. Think of iovation like a credit agency that collects your digital credit score information. We already know what happens if bad information gets in there (like when your credit card or identity is stolen) and how difficult it is to fix it. See

Sean I def understand your frustration here and there is an element of FUD but the fact is NOBODY has talked about this. It's been in a few forum posts and that's it. I had no idea about this and I just checked (i play at full tilt) and i've got it so, thanks to the author for that. I'm kind of pissed.

Second, David thanks for the extremely informative comment...James you should roll that info into an addendum.

Fear, Uncertainity, Doubt? you must be kidding me, or rather yourself.

A computer/you can be identified by its network cards MAC address, harddrive serialnumbers, bluetooth MAC address, serialnumber on the BIOS chip, VGA card, and a shitload of other components with a unique identifier stored in a ROM chip. All of which is readable by software. And even if you replaced every piece of uniquely identifying hardware, your windows license, or any other unique software license could still potentially identify you.

  • There is no paranoid, it is true.

Seems to me that your best/easiest solution would be go to another site for your gambling. I'm sure there are more trustworthy sites out there. Apparently there are scanners that will catch this bug.

In the future it is only going to become more and more difficult to maintain anonymity. Data mining is only going to become more pervasive and ultimately cheap or free. Even passing laws against building these types of databases will only push it deeper into the black market.

But another solution for your individual problem if you want to continue using this site is to run your client on a virtual system. If everyone is running the same virtual hardware then their identification tactic becomes useless. Adobe Flash is a virtual environment. I think playing flash poker would be more secure.

Anonymity and Internet security in general could be improved greatly with more virtualization technology and having it adapted to the user level, but this has its own positives and negatives, and does not prevent datamining and the data-market on the server side.

Thanks for the information. I will certainly be running Full Tilt inside a virtual machine from now on. Not that it will probably help much, but I know the VM masks things like MAC address and so forth, which from what I gather is what ieSnare uses to establish the unique ID for the machine.

By the way, interesting that PokerStars does NOT use ieSnare. I'll probably switch based on this alone.

You keep on publishing this crap, trying to make online poker look bad.....the sites are well within their goddamned rights to put the spyware on your machine and every other player who reads your shitty site... they should add Coding the Wheel to the list of forbiden software on poker stars then i doubt you'd be laughing mr. programmer man who never played a hand of real poker in his life.. only if they did that you'd probably be happy because you obviously are just a disengruntled player who probably lost your mommy's $100 and got pissed about it and started a blog good for you. if i ever see you at the tables we're gonna step outside and see how brave you are then... no wonder links tothis blog are delted on 2+2 on site


I'm sure you don't realize that you're the one who sounds like an idiot. Online poker sites have a right to install spyware? Are you freaking nuts? And by the way, Coding the Wheel is a blog, not a piece of software, so it's kinda hard to add it to the "forbiden list on poker stars". You sound like the one who's disgruntled, been losing at the tables and figured you were playing James' bot? :P

Reading about this almost makes me hope the current crop of poker sites fail, so we can replace them with people and companies who actually have a clue about how to run an international gaming enterprise. It doesn't stop with this ieSnare crap. I have played online poker for almost ten years and they've always engaged in this kind of invasive bullshit. And they think they can get away with it.

Anybody know of a good list of programs/sites which use ieSnare?

i don't have a list, but I just went to download Skype. Guess what? Skype requires it to use their service

I thought I kept my PC pretty clean. I did a search for mpsnare.iesnare and found nothing.

I was reading the blogs when I clicked on the link that “bcd" (on 10/3/2008 9:29:11 AM (1 day ago) gave us -

I followed the link and was amazed to find mpsnare.iesnare and three others including one from a professional organization to which I belong.

Thanks guys – I knew there was some reason I keep reading this blog.


Adobe has provided a mechanism by which one can prevent their machine from being tracked in this fashion: the Flash Player Settings Manager.

The Flash app on this page controls the global and per-site permissions for the storage of Shared Objects (i.e. the tracking cookies described above), access to your Microphone and Webcam, and more. The instructions provided for each "tab" are fairly straightforward and comprehensive but, to solve this particular issue:

  1. Go to
  2. Drag the slider on this panel down to "None".
  3. You will now be prompted whenever a site wants to store Flash data. You can allow or deny that site, and optionally choose to never be asked again.
  4. Go to
  5. If you want to eliminate ieSnare tracking only, select "" in the list and click "Delete website".
  6. If you want to delete ALL Shared Objects from your system, click "Delete all sites". Note that plenty of Flash games and LEGITIMATE APPS store their save game progress or settings here, so you may be wiping out more than you intended.

As far as I'm aware, these settings govern both Flash content accessed in your browser AND Flash content embedded in desktop apps like the poker clients. It's fantastic to have this degree of granular control over the data stored on your machine by Flash Player. Unfortunately, Adobe has done a piss-poor job of exposing its existence to the end user.

Whatefer is awesome! He's either a cunningly hilarious troll, or a hilariously unsocialized douche. I feel like deconstructing this!

I mean, honestly, he calls the site author a coward and threatens to fight him...on the Internet...without using his real name. Just threatening to fight somebody would be enough, but the irony is platinum.

He actually typed "mr. programmer man".

Poker websites have special [i]goddamned[/i] [b]rights[/b] to spy on people.

And the site author is supposed to stop laughing and become morose at the thought of this [b]website[/b] joining the list of forbiden [sic] [b]software[/b], which is especially great because whatefer certainly doesn't have the power to carry out this threat.

Man, there's so much more, but it all comes back to that last line where he basically says "I'm gonna' beat you up ifn' I ever sees ya'!" That's fantastic! Good show.

For the record, if I ever see you, whatefer, I'm not going to punch you in the face. Not because you don't deserve it, but because I'm just not that criminally assholish.

Agree with Ens. Also agree that the post should contain more actual information about the inner workings of ieSnare. And I'd really like to see a list of applications which use it, does anybody know of such a list?

Awesome article. I keep myself really pretty protected these days.

While I can understand your concern about "Big Brother" tracking, don't most of these systems exist to prevent ID theft and fraud? I'm not a proponent of implanting a tracking chip in newborns or anything, but it's pretty easy for perpetrators of fraud to cheat online gaming sites and the like.

It seems like there are bigger issues concerning our privacy these days than pointing the finger at companies that volunarily choose to use such anti-fraud services. Do you bitch about the security cameras when you go into 7-Eleven?

I don't much like that companies are doing hidden monitoring like this and storing hidden info on our personal PCs to accomplish it. And I don't like that the default "apparently" is that any company can store practically anything... practically anywhere on our PCs... without our knowledge.

BUT... I do understand that at least some of it is for "fairly" legitimate reasons. Poker sites like Full Tilt enforce a policy that individuals are only allowed to have one screen-name account. This is primarily enforced as an attempt to prevent collusion... or at least minimize it. I can imagine what some underhanded players might attempt to get away with, in the way of collusion... if they could play several different accounts at the same time. Botting collusion rings wouldn't exist... because every individual could be his own collusion ring.

So poker sites have to enforce policies like that. And they do that by identifying individuals through their account information... and through the computer they use. I expect that FullTilt pays iesnare for the service of being able to detect individual PCs in this way. I may not like that it can be (and is being) done... but I at least understand some of the reasons of "why" it is done.

In fact... every company that offers a trial version of there software needs to be able to tell when you originally downloaded their software app. And they need to be able to do this even if you delete the software app and then re-download it. So I expect that many companies either use the type of service that iesnare provides... or they emulate it in some way. I myself sell something on the internet and require something like this for my business (not here to advertise).

All that said... I will still attempt to minimize this type of monitoring on my PCs. And I thank James Devlin for bringing this specific one to my/our attention.

I recently had my account frozen by PokerStars. They said in the email they knew I was using code from CodingTheWheel and although they know you have not posted a working bot with poker logic, use of your code was against their policy. They unlocked my account when I wrote back an email stating something like, 'I acknowledge that the use of bots is against your rules'. I compiled some of your code and used it a very short period of time, just to see if it worked. I used it on a real money table. One thing, I forgot to disable the Pokerstars IE add-in. Any idea how they found out?

Intel provided 10 million in funding to iovation another 5 million from SAP Ventures. The background of the company is very shady, with their connections to online gambling and the fact that top poker players were early stage investors and are seen around their offices. Their customers include gambling sites, dating sites, financial sites including banks. But, if you research it, you will find that it is quite easy to work around. So someone who commits fraud etc will be able to work around this quite easily, whereas the average user will be tracked without their consent. iovation claims they do not log any "personal informaion" however their customers can tie that information to personal information. There have also been recent cases where an IP address is considered personal information, it will be interesting to see the first lawsuit regarding iovation. I have a feeling that all of the money they received from Intel will go to legal bills.

Hi, I find it amazing that 2+2 dont allow links to this site.Frankly sites like 2+2 piss me off.They give the impression that they are there to inform whilst in reality are supporting fully the questionable activities of the casinos. As for Watever's comments(!!),well in the immortal words of some cynical twat from history"There IS one born every minute". Watever,not only likes being ripped off/conditioned/controlled/usurped/brainwashed(the list is endless) by big brother, he is also willing to defend is own humiliation by fighting those who attempt to liberate him from his insignificence and deference.

I completely reverse engineered the thing some months ago. It's not that hard to do, even though they claim to have "anti-reverse engineering" measures.

I'd have to look it all up and write something meaningful with proof, etc. When I feel like it, I'll right up everything it does. Probably on:

It's easy to circumvent, you could for instance make your own "stmocx.dll" that spoofs all the reads, etc.

RE: It might not even be a real "flash" file. Seems like the DevicePrint device writes it it's self. It's just named "flash" to hide it's self.

It's a common practice in licensing schemes, etc., to have a "secret cookie" file. For instance IdleMinder hand grabber products store a secret file: "C:\windows\lf_dns.dat" as a back up (to it's registry entry) to store trial usage count.

Some of the things DevicePrint reads: 1) Several registry locations that considered at least partially unique ID codes. See: 2) 1st hard drive model and serial number strings. 3) MAC address (though a unusual way). 4) And reads/tests a few things such as: A) If it's running under VMWare, or "Virtual PC" VM's. B) If a debugger is attached. C) If you have Softice, or Regmon(Regmon old, why not "ProMon") installed.

It combines all the reads and flags and returns them back to the (usually poker) client in a single encrypted string. If you are trying to reverse engineer it your self, I probably just saved you many hours of work already..

Anyhow it should come as no shocker really IMHO. See, the poker sites want to tie a user/acount (including credit card, etc.) to a machine. So they can catch collusions, detect multiple accounts on the same machine, track policy violators, etc.

Realize even if poker site is using DevicePrint/ieSnare, a lot of them are doing redundant ID reads them self too. And they apparently track IP addresses now. Back in the early days 2003'ish the sites appeared to mostly neglect them. In addition to a lot of online MORPG games to track for a lot of the same reasons.

Luckily all of these are "real mode" methods so most of these things are easy to spoof (if you are systems engineer anyhow). Now, one could probably use a VM to hide at least some of the IDs, but then it depends on how big they look at the VM detection flag. Which too can be spoofed as well if you know how. Some sort of sandbox(like a VM really) program could be constructed to hide all this stuff in a generic way.

In the mean time, a low tech way if you want to "wash" a machine of ID's is to:

1 Replace your HD, and reinstall everything, including your Windows with a different license key.

HD's are cheap these days.

2 Replace your NIC. If it's an on board one, disable it in the BIOS and use an add on card.

Also very cheap (typically less then $10).

Or F'it just replace the whole machine (and reinstall everything).

And P.S. "Thanks for the information. I will certainly be running Full Tilt inside a virtual machine from now on."

Full Tilt has their own VM check now. Although a lot of people use VM's, Wine, etc., so they can hardly call this "illegal". It might just flag/elevate you in their security systems.

And for that matter, just because you are using a VM doesn't mean it will be hiding things like hard drive serial numbers. You have to verify first it has some sort of hardware emulation for these.

Actually, everyone should play it in a VM, Wine (or some other emulator). The more the better. That way something that might be flagged now will be common place, and they will be forced as looking at it as a common statistic. And as I understand it, the new Windows will be using VM technology.

I lurk often and dont post, but I have to say this blog is very informative and quite helpful thank you very much.

As a member of the Society for the Study of Gambling and a PhD student at Swansea Metropolitan University, my research is seeking to investigate and understand effective responsible gambling features in cyberspace. The emergence of Internet gambling has been one of the most significant and controversial developments in gambling over the past two decades, however little is known about this sector and its social and economic impacts. This study seeks to investigate the system of checks and balances to prevent problems from arising and to explore the responsible gambling environment which should promote integrity, ethical values and competence. The survey is live between 1 February to 1 July 2009. The research forms the basis for a PhD study and will be published by the University of Wales. I am self-funding and independent of operators, support services and charitable contributions.

My survey has gone live today and I would be very grateful if you would become involved.

Or alternatively at

and to take part in the survey 'Click Here.'

Ideally, I would like as many respondents as possible which I believe it would be very useful data for my PhD work. If you feel it is appropriate perhaps you could forward on the survey to anyone you feel may be interested.

If you have any queries, please do not hesitate to contact me.

Regards Caroline Jawad

I must be lucky? I searched my computer and find nothing containing "iesnare". You do have a certain way of making me scared for my individuality though. Keep up the good work.

It's not "what they know", it's "what you think they know."

If it keeps you paranoid enough, you will behave.

Also - they don't really mind bots - more rake, more players, etc.

What they do object to is the blatant rubbing on their noses in it - because it frightens the general populace.

To us, this is a fun exercise in creativity and we know we will never make some super-poker-bot. But to the everyday poker idiot, ... they think that playing against a computer opponent means they're going to lose.

It's what ever video game very made has taught them. We're trained from near-infancy to believe that computers will always win.

(One more reason to conclude that computers run the world).

j/k - unless Echelon is reading.

... their real issue is collusion.

Remember the scene in Rounders, where all the sharks are gathered at one table in Vegas, and the suckers just keep sitting down and going bust?

I hate to call anything a "necessary evil"... especially in this post 9/11 privacy nightmare... but the articles posted already on this forum are more than enough to create a collusion system.

You don't need to be able to bet or have any intelligence (artificial or otherwise) when you have 8 bots on 1 table, and one sucker.

Please delete this post.

Is it really that easy to mask your IP and run many bots out of the same location? I would think that detecting players (human or bot) using the same IP is the first thing the websites check for.

This is not about how to GAMBLE or cheat and get away with it, be aware I have a machine that was -=infected=- that had never had anything to do with gambling sites whatsoever. Yes, I consider it an infection. Its about time we as a community define any malware as a virus so the antivirus companies start really doing thier jobs. Complain to ADOBE, SYMANTEC, MCAFEE, AVG, and so on. Request adding this to DATS, and signatures. The bottom line is, if this sort of thing is left alone, it will grow. Yet again we need to stand up and become the squeaky wheel, and in the words of Barney Fife, "Nip it in the bud!" Or do nothing and allow Orwells 1984 to be come reality. Its not about what you are doing right or wrong. Its about your RIGHT to privacy, period.

Hello Webmaster

We are from SubmitShop Chandigarh. Our main SEO site is

I've visited your website and it appears that the content on your site is exceptional and I believe your visitors and our visitors have similar demographics and interests. As you know back links helps to achieve high search engine rankings & generating more traffic to our Sites as well.We have a good quality network of sites and wanted to reach out to you to see if we can connect and discuss three way link partnership possibilities.We are looking for some related web sites like your website for exchange links with us. We are now looking for potential partners to exchange links with, the goal is to improve rankings on Google and other search engines for both sides.

I will add your link at:

You've received this email simply because you have been found while searching for related sites in Google, MSN and Yahoo If you do not wish to receive future emails, simply reply with this email and let me know.

I look forward to hearing from you a positive response for link exchange!

Sincerely, Ricky Simon

Nice article!

The big question on my mind ATM, is this technology web-deployable. We talk of Macromedia/Adobe, Flash/Shockwave... this rather implies that it is.

I was just made aware that eBay will ask you when logging on from a "brand new" machine, something like

"'we dont recognise your computer, for security reasons we need to call you to ensure you are the valid user of this account'"

even if you delete cookies and start a new browser, it doesnt do that "check" ... only when its a completely new computer that has NEVER been on ebay before.

I really would draw the line at web sites tagging my computer...

I forgot to delineate somewhat...

Websites can (and do) store LSO (aforementioned cookies). That's technically acceptable.

I (for a paranoid moment) jumped a step too far, and equated this with the ability to "iesnare" or analyze hardware.

That iesnare uses a LSO to store it's results, does not of course equate to a web page being able to determine your hardware platform. Although, I assume if the LSO created were marked as such, a website could access data created by a complicit application.

BTW, noticed that (on my new Mac here) the only site to store LSO information was the free Zynga Poker client.

I say "only", however this social networking based poker network boasts more online players than PokerStars, and unlike PokerStars, they aren't fudging the numbers (PokerStars "Online Players" is a count of filled seats, not unique players.)

And although it's UI and the average player IQ leave a lot to be desired, there is a reasonable game to be had once you get up to or above 5k/10k tables. It also has a very usable iPhone client, a feature I'd like to see come out of some of the big commercial players (Party doesn't even have a Mac client).

James, I just saw this article over on Wired:

Same technology. Your article was published almost a year in front of that one. You sir are ahead of the curve.

For all you Facebook users out there,,,,if you play any the games run by Zynga you have this tracking cookie in your system also. Zynga loaded it into there last update,,,about a week ago and has been tracking all players ever since. I was able to simply go in and delete as it is just a cookie,,not a flash cookie, although that may be next as more and more players delete this. I am sure it will reappear the next time i log in, and at that point i will attempt to block it from further intrusion. Thanks for the article,,very informative. Keep up the good work.

Thanks for the heads-up!

[b]@Shef:[/b] I just found my system 'snared'. I don't use online gambling sites as I don't gamble or play poker. The only online browser based gaming I have anything to do with is Mafia Wars on Facebook and this is the only route I can see for ieSnare to have been installed on my PC. I suggest you check the following folder on your PC (assuming you're using XP)

c:\documents and settings{your profile name}\Application Data\Macromedia\Flash Player#SharedObjects{random string} ...for an ieSnare folder.

[b]@General populace:[/b] I'm now seriously considering doing without Macromedia or Flash for my online browsing - for the most part all it does is annoy me with pop-over adverts for crap I'll never buy or 'surveys' which I'll never complete. If a website asks me my opinion of the website with one of those 'fly-over and cover up the information I'm trying to read' surveys, I almost invariably go elsewhere for the same information and refuse point blank to have anything further to do with that website.

Likewise with directed advertising - I'm a guy, we don't 'shop' we 'buy stuff' and we always know in advance what 'stuff' it is we want to buy and, usually, where we want to buy it from. Being presented with a list of things which I might find interesting and wish to purchase (typically at some hugely overinflated price because whatever it is is 'fashionable' at the moment) without fail [b]will[/b] prevent me from buying it. Why? Because '[b]you[/b] do not tell me what I want to buy... [b][i]I[/b][/i] tell you!' It's hand in hand with 'the customer is always right, even when they are factually misguided.'

Yes, I am aware how grumpy old man I sound and I'm only 38... might as well be 58 (insert animated rolling eyes smiley gif here if required)

I'm going to really rock everybody's world now.......FACEBOOK AND ZYNGA GAMES USE THIS TOO.

I have found instructions to delete the iesnare cookie, but not how to block it using Chrome. Does anyone know how to do this?

Is there a list of domains that iesnare can infect you from? If so, add something like this to your /etc/hosts (or on windows, C:\windows\system32\drivers\etc\hosts): *

That should prevent your computer from contacting theirs.

Not sure how effective this will be. More than likely you won't be able to play poker if they can't confirm you have their 3rd party pseudo-cookie-from-hell.

Ok I have found iesnare on my computer installed some time ago and now I have a few questions for anyone willing and/or able to answer.

How do I remove it from my computer without causing some kind of damage? Do school sites use iesnare to prevent fraud? How do I block the function from working?

i have it too but i do not go on gambling sites i play mafia wars on facebook they say its to do with that as it is a flash based game so it must be this game there is uproar about this and people want to boycott it on 16 december

Here are the steps for blocking iesnare from sending your info to the website attempting to track you thru use of this cookie:

  • Click the Start button, enter notepad in the bar at the bottom
  • Right-click on the Notepad item which appears at the top of the list
  • Choose "Run as administrator"
  • Allow Notepad to run as Administrator
  • Open C:\Windows\System32\drivers\etc\hosts
  • Add the lines to the end of the file:

Basically, this re-routes iesnare to send mesages YOUR computer instead of their intended website (which means they will be thrown away). You can test that you did it correctly by trying to go to after doing these steps and you should get a page not found.

Hope this helps out other Facebook/Zynga game players =)

If your accts were frozen on pokerstars and you install the isnare. Set up a fresh account, will you be ok?

I meant to say uninstall the isnare alove

I dont go on the poker sites, however; I did accept the casino game thing on facebook. I do have the file on my pc (C:/doc &settings/my name etc,/ then#SharedObjects/Y8KJS728/ This is in- my personal file under new folder where I put suspicious files! Ive been getting knocked offline, tech support wants to sell me tech support, they say its trojans, then I check my computer and its clean... Ive done online scanners gone to forums but my pc checks out clean. As I said my isp wants me to purchase a tech support package to fix my computer! Also I have seen a lot of the intel come up on the scans which I wondered about. I find a lot of my isp programs here now plus a program that has to do with my speedstream modem for dsl. I have a 2004 pc, hp pavilion amd athlon and I believe it is a pentium III. I went to the hosts file to put the iesnare etc., it doesnt let me save the notepad and it makes it hosts.txt instead. How can I fix that?

Thanks for the info!

Does anyone know how to unbann a computer from poker sites. I have been able to get a new IP address, but the computer is still banned. Im not sure even how they are doing this Mac Address or what. If anyone has any advice i would appreciate it.

our company supply more than 100 thousand high-quality merchandise and famous brand name products all at wholesale prices. Start your wholesale sourcing here today and experience first class service and free fast shipping. Wholesale in very low minimum quantity, You can try our first class services by initially purchasing in small quantities. Most of our merchandise can be initially purchased in single units as a sample product and also at sample prices. Its so easy to place a wholesale order,Air Yeezy Shoes, You can order goods directly through our wholesale website without having to register. Use the most advanced fast and secure payment. You can also pay for your goods by wire transfer.

You can order goods directly through our wholesale website without having to register. Use the most advanced fast and secure payment. You can also pay for your goods by wire transfer.

You can order goods directly testkings through our wholesale website without having to register. Use the most advanced fast and secure payment. You can also pay for your goods by wire transfer.

You know the NAZIs used an ID (Bar) Code inked on Jew's, Pol's, Salv's and Anyone they didn't like... thank God for the many Freedom fighters as it took a world of them to defeat this evil... yet IMO here it is again...just not in the open... and we're all getting tagged!

Thank not... then you're missing the big picture why this is happening. This is an invasion based on more than just greed of $$$, its POWER, & Control... makes me wonder what other nasty hidden spy-ware, report-ware, data-miners, and the like are mugging me over and over and I don't even know it...

THANKS FOR THE LIGHT, I found 4 folders and 6 files and I have never Gambled on-line or Gamed on line... so who put it on my PC?????

IMO we all must do our part to fight this kind of crap!

PS Check out the book "The Last Independence day, July 4th 2016" It was wrote in the 90's and a lot has come to pass... The Author is on to something...

I am starting to believe they (the very rich) want us all to be Dumb, constantly fired up to miss the real agenda and all of us with absolutely no freedom of anything!

I have played a lot of poker online and learned a ton about the game. I also use google a lot. I know both of these sites can track you. It doesn't really matter to me though as long as I am doing nothing wrong. As a matter of fact, it keeps me in check to make me sure that I am not doing anything wrong. I will continue to play online poker and play sites where you can bid on items and win them. I am not doing anything wrong.

It is pretty scary to think how much these computer companies know about us. Even based on just waht we search and what we send in our emails (gmail specifically). After seeing what Watson could do on Joepardy, it is scary to think if all of this data was compiled, what they could know about us.

On the other hand, I enjoy the internet and I enjoy playing poker online. I also like winning things for cheap prices and bids on sites like those. I think the positives outweigh the negatives and I will continue to live my life free of this fear.

Thanks for the insight! Just a regular, non-Facebooking, non-poker playing, non-gaming computer user here.
Became concerned because I saw iesnare when logging into a credit card account!

Chrome had "iesnare.mpsnare...." in the bottom corner while it was working, and I assumed I had some sort of virus. Anyway, thanks again for the info.

I love my ghd outlet Glattetang! It heats up very quickly and works well. My glamour hair is annoyingly thick and poofy, but ghdstraighteneroutletaustralia works wonders! I have never been so fully satisfied with just ghd straightener outlet supplier! What a pleasure shopping at this ghd outlet australia! Thank you very much for this wonderful shopping experience. I will be shopping ghd outlet very very often.

I love my ghd outlet Glattetang! It heats up very quickly and works well. My glamour hair is annoyingly thick and poofy, but ghdstraighteneroutletaustralia works wonders! I have never been so fully satisfied with just ghd straightener outlet supplier! What a pleasure shopping at this ghd outlet australia! Thank you very much for this wonderful shopping experience. I will be shopping ghd outlet very very often.

I don't gamble. I only heard of iesnare because my outbound firewall detected a connection to their site when I visited CITIBANK.COM to check my credit card statement. Evil. Sure enough, it loaded a SWF and wrote an LSO.



Use the form below to leave a comment.

Coding the Wheel has appeared on the New York Time's Freakonomics blog, Jeff Atwood's Coding Horror, and the front page of Reddit, Slashdot, Digg.

On Twitter

Thanks for reading!

If you enjoyed this post, consider subscribing to Coding the Wheel by RSS or email. You can also follow us on Twitter and Facebook. And even if you didn't enjoy this post, better subscribe anyway. Keep an eye on us.

Question? Ask us.



Coding the Wheel =
Code, poker, technology, games, design, geekery.


You've read our technical articles, you've tolerated our rants and raves. Now you can hire us anytime, day or night, for any project large or small.

Learn more

We Like

Speculation, by Edmund Jorgensen.