iesnare: How Bookmakers are Spying on You from Your Own Computer

Bookies are spying on you...

Bookies are spying on you...

Online bookmakers are installing software on your computer to spy on you. This is not some melodramatic statement designed to get readers to click through, but rather a statement of unequivocal fact based on my own experience, and that of hundreds of others. The extent of this behaviour is likely to be widespread, and there is a very good chance it includes you.

Here's how I learned about this...

The first thing I knew about it was when listening to an enlightening podcast on the bookmaking industry - which can be heard here. In it, Neil Channing, a pro gambler, made reference to a bit of software called IE Snare, which bookmakers have been using to track user behaviour. At the time - a couple of weeks ago - my ears pricked up, but by the end of that excellent audio it had drifted somewhere into the cobwebbed recesses of my increasingly recall-challenged cranium...

...until today. While writing an innocent piece about Gleneagles' racecourse absences, I went to check on a 'special' price that I recalled Coral's head of racing had mentioned on twitter. Clicking across to that site to see if the horse was indeed still 11/10 not to race again in 2015, the bolt from the blue (branded site) happened.

I use Google Chrome and Windows 10, and this combination of browser and operating system alerted me, upon landing at coral.co.uk, that something had been downloaded to my machine. I was not even logged into their site. Rather, I'd simply landed on its home page as a casual website visitor. Thus, I had no contract with them, and had not agreed to any terms, conditions or privacy policies.

The file was simply called 'download'. Right clicking on it, and navigating to the folder into which it had deposited itself, I saw it was called mpsnare.iesnare.com

A bit of googling revealed some very interesting and, in my opinion, disturbing insights. I'd like to share them with you.

-

What is iesnare?

iesnare is spyware provided by a firm called iovation.com, big players in the world of online fraud management. Here's what the company says about itself:

iovation protects online businesses and their end users against fraud and abuse through a combination of advanced device identification, shared device reputation and real-time risk evaluation.

iovation actively target the online gaming industry and have a stand at the biggest trade show, ICE.

iesnare, when installed on a computer, monitors that machine's behaviour, including:

- pages visited
- your computer's installation data
- information from your registry
- browser and operating system information

and a lot more besides.

Once it is on your machine, it feeds back data - lots of data, about lots of things - to iovation's central hub, and continues to monitor your machine's - and therefore your - activity in real time for the duration of its existence on the device.

=

Why should I be worried about iesnare?

OK, so there's this bit of code running on my (and probably your) machine, and it's gathering information. Why should I (and probably you) be worried?

This 'cookieless fingerprinting' as it's known, is storing your data to a central repository housed at iovation. The data they store can be bought by just about anyone.

The chart below taken from this paper by students at the University of California reveals that the vast majority of those buying such information are doing so for the purposes of malware or spam.

This is how fingerprinting information is used

This is how fingerprinting information is used

So, in a nutshell, if you have this code on your machine, bookmakers can see what you're up to. Whether you're using oddschecker. Whether you're arb'ing. Which other bookmakers you use.

But that's a mere triviality compared to the wider world that can potentially access your data, and use it for nefarious ends.

The research paper concludes,

The purpose of our research was to demonstrate that when considering device identification through fingerprinting, user-privacy is currently on the losing side.

In plain English, this type of software considers a user's privacy to be of secondary/no importance when compared against the interests of the company deploying it.

-

What permission do bookies have to deploy iesnare?

This is where it gets tricky. My first thought was that this must be illegal. After all, I've not given my permission to be pried on in this way, have I?

Well, not explicitly, no. But when I checked the bookmaker's privacy policy, I was alarmed at what I read.

Here are the clauses, click to view full size, that I found most vague:

Redefining 'vague' terms...

Redefining 'vague' terms...

Coral reserve the right to "collect certain data" which will be used "to meet certain business requirements". What in the name of anything specific or palpable does that actually mean?

It seems to me that it is essentially carte blanche for bookmakers to plunder and pillage any information they can beg, steal or borrow about their site visitors.

And it is not just Coral. All four of the bookmakers I checked have a similarly vague 'all encompassing' clause or clauses which, ostensibly at least, gives them a mandate to behave in this fashion.

Obviously, when this code is deployed outside of a login, the strong likelihood is that it is illegal, regardless of the possibility of an existing cookie on my machine triggering that behaviour. But I'm not a lawyer...

-

How can I tell if iesnare is on my machine?

If you want to know if this code is on your device, here's how. It's pretty simple:

Go to the file search function on your computer/device

Type in 'mpsnare' in the search box, and hit 'search'

If iesnare has been used on your machine you'll find one or more of the following folders:

  • #mpsnare.iesnare.com
  • #ci-mpsnare.iovation.com
  • mpsnare.iesnare.com
  • ci-mpsnare.iovation.com

-

How do I get rid of iesnare?

Getting rid of iesnare may be as simple as deleting the folders you find. However, staying rid of it is a slightly more complicated operation. But, if you value your privacy and still want to bet with the best priced firm, it is worth the effort.

These instructions were originally published here, and I make no claim to be a tech whizz or otherwise able to troubleshoot the implementation of them, or anything awry which might crop up as a consequence of following them. They have worked fine for me, with no adverse consequences so far. Caveat emptor!

[NB The process is not nearly as complicated as it is long, so don't be put off by the block quoted text below]

To check if iesnare is on your computer...You can find it by opening up a command prompt
(start -> all programs->accessories->command prompt) then typing..... dir mp*.com /s
If it's there you will see the date it was installed on your computer!

If it's there and you want to block it this is how...

Click the Start button, click notepad or enter notepad in the bar at the bottom
Right-click on the Notepad item which appears at the top of the list
Choose "Run as administrator"
In "untitled - notepad" go to file and click open, then under "files of type" click all files
Enter "C:\WINDOWS\system32\drivers\etc" in file name and click open
Right click on "hosts" file (make sure it only says hosts, not hosts.bak or hosts.txt), select properties and uncheck read-only box at bottom beside attributes, then click "Apply" then OK.
Now double-click "hosts" again
Add the following lines in the next line below where it says "127.0.0.1 localhost"

127.0.0.1 iesnare.com
127.0.0.1 iesnare.co.uk
127.0.0.1 www.iesnare.co.uk
127.0.0.1 mpsnare.iesnare.com
127.0.0.1 mpsnare.iesnare.co.uk
127.0.0.1 www.mpsnare.iesnare.com
127.0.0.1 www.mpsnare.iesnare.co.uk
127.0.0.1 ci-mpsnare.iesnare.com
127.0.0.1 ci-mpsnare.iesnare.co.uk
127.0.0.1 www.ci-mpsnare.iesnare.com
127.0.0.1 www.ci-mpsnare.iesnare.co.uk
127.0.0.1 admin.iesnare.co.uk
127.0.0.1 www.admin.iesnare.com
127.0.0.1 www.admin.iesnare.co.uk
127.0.0.1 iovation.com
127.0.0.1 iovation.co.uk
127.0.0.1 www.iovation.com
127.0.0.1 www.iovation.co.uk
127.0.0.1 www.iesnare.com
127.0.0.1 admin.iesnare.com
127.0.0.1 dra.iesnare.com
127.0.0.1 impsnare.iesnare.com
127.0.0.1 mpsnare.iesnare.com
127.0.0.1 mx.iesnare.com
127.0.0.1 snare.iesnare.com
127.0.0.1 iovation.com
127.0.0.1 accountlock-demo.iovation.com
127.0.0.1 admin.iovation.com
127.0.0.1 bam-pilot.iovation.com
127.0.0.1 batch.iovation.com
127.0.0.1 ci-accountlock.iovation.com
127.0.0.1 ci-admin.iovation.com
127.0.0.1 ci-mpsnare.iovation.com
127.0.0.1 ci-snare.iovation.com
127.0.0.1 dv-fw-a-nat.iovation.com
127.0.0.1 ioit.iovation.com
127.0.0.1 mx.iovation.com
127.0.0.1 p.iovation.com
127.0.0.1 rm-admin-demo.iovation.com
127.0.0.1 soap.iovation.com
127.0.0.1 test.iovation.com
127.0.0.1 testgw.iovation.com

Save the text file back to its existing location, then close notepad

Now, open the command prompt (start -> all programs->accessories->command prompt)
and check that it is working by...

Type in the word "ping" followed by any of the entries
(without the numbers)..e.g ping mpsnare.iesnare.com

Press enter

You're looking to see similar to this:

Pinging mpsnare.iesnare.com [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Note all zeros at bottom and 127.0.0.1 addresses at top
anything different to this is wrong!

I've done this on both vista and xp, both work.

Now, whenever IESnare attempts to phone home, your networking system will give it the wrong address (127.0.0.1 is always the address of your own computer), and its messages won't get through. You can check this has worked by trying to go to www.iesnare.com, or any of the above addresses, in your web browser: you shouldn't be able to get there and it should say it is unable to connect!

I followed these instructions, and can say they worked fine on Windows 10 as well. I'd imagine they'll work on any Windows device. Sadly, I can't vouch for a similar process on Apple kit. If any techies reading are able to share the equivalent, please do leave a comment below to that effect. And thanks in advance.

[UPDATE: Details of the process for checking on a Mac have been added in the comments below - thanks to Michael for those]

****

Some closing thoughts on iesnare, and a request for help from you

Given the nature of the bookmaking industry, and its need to operate within the laws of the land, it is likely that this spyware is just on the right side of legal.

That said, EU Privacy laws have been tightened, and I am unconvinced that this is in line with the stringent diktats set out more recently there, especially given that I wasn't logged into the site at the point the code was downloaded to my machine.

Either way, it is far adrift of what might be considered ethical practice, in my humble opinion at least. I have nothing to hide from bookmakers, but that doesn't mean I'm happy for my computer and its contents to be strip searched by them. That they are so vague about how this happens is not only unethical but, in my opinion again, immoral.

Large aggressive corporates bleating about fraud and arbers, and implicating a (presumed) majority of their small-time retail customers in their paranoia, when they won't stand a bet to anyone who looks even remotely like winning a couple of quid in the long term, is pretty hard to take.

I'm actually getting a bit bored unearthing the sharp practices of an industry that could be so much better simply by resorting to first principles - going back to laying a fair bet based on the skill and judgement of both parties.

But activity like this needs to be more front and centre in the betting public's collective consciousness, and I have no truck with supporting that end in some small way.

A plea for help:

If you decide to have a look at your own machine, I'd be grateful if you could feed back into a small straw poll by commenting below this post as to whether such a file exists/existed on your device when you searched. Thanks in advance.

Matt

p.s. PLEASE NOTE: A number of comments below are from readers who say they've deleted the files. This is only a temporary solution as the code will get re-installed on your machine. If you want to prevent it permanently, you need to follow the instructions above.

p.p.s. I am trying to find instructions to check on different configurations - Android, Chromebook, etc. Will update here if/when I find these. If you have any suggestions, please do post a reply below. Many thanks. Together, we'll tighten security around our personal data just that little bit. (It really is a new frontier right now, sadly).

Mac details are in this comment below.

180 replies
  1. Goodcomm says:

    Found it, unfortunately! It was buried in flash player, which some sites insist you use to view their gizmos (so mr Jobs was right to fear this little monkey!). Because of this it had sneaked right past my Norton software, probably because in allowing flash player, I had give permission to mpsnare!!!….I’ve also had spam coming out of my ears recently and hadn’t until now suspected a source.

    The internet was such a beautiful idea, but as it becomes evermore integral to modern life, it also becomes ever more sinister!!

  2. alpha2 says:

    Hi Matt,
    All clear here and my IT savvy son said a good thing is also to try searching under *mpsnare which is apparently a wildcard search. He is going to do a more thorough investigation later.
    Hugh

    • Bill says:

      Just found it using this way, i have looked multiple times in the past but this is 1st way which has shown anything 🙂 tell your son thanks from me

  3. Blueeyes says:

    Many thanks for this important information.
    I have checked and appear to be all clear at the moment.
    I will continue to check.
    Whether this is legal or not I find it disgusting and dishonest.
    Thanks again Matt.

  4. Gordie says:

    Checked mine its ok but I went back to Manufactures setting two months ago as I was having a lot of freezes. Hard work but it solves my problems.
    Though in the last two weeks both Corals and Ladbrokes have Restricted my accounts.I will continue to check in the future.

    definat

  5. neilmck says:

    I mentioned it on the other post, but I wonder if section 5.1 of their T+Cs might be worth exploring.

    – obtain a copy of Your Personal Information held by us following completion of the appropriate forms. We are entitled by law to make an administrative charge (payable by cheque or bank transfer) for providing such information. Your Personal Information will be provided within 40 days of the appropriate request and payment.

    It would certaily be interesting to see exactly what information these companies have collected about us, and what else is happening to it.

    It doesn’t really feel like a good time for punters does it? Personal information being collected and perhaps shared, punters being limited or restricted when they win a few bets and maybe this will become an even bigger issue with the mergers between some of the big players in the industry.

  6. David Templeton says:

    Have been checking a few of my regular bookie sites and to my surprise I have found that of the very few I have checked so far it is betfair that has installed this on my computer.

  7. DJC614 says:

    Hi Matt, thanks for the heads up. I found 2 files, both linked to Flash Player, both were installed back in 2013. I have deleted them and will keep monitoring.

    Thanks

    Duncan

  8. pat d says:

    Hi Matt, many thanks for sharing your experience. Found 4 files which were installed June 14. Immoral, unethical, shameless, cowardly behaviour from a fraternity that is becoming more despicable by the day.

  9. bolpx003 says:

    Yes it is on mine. Please note doing a search using start button and search programs and files will not find it as it is a zero byte file. The best way to search is open a command prompt window (type cmd into the ‘search programs and files’ option on the start menu. When the command box opens type the following assuming your operation system is on the C: drive if it is not change C to the appropriate letter:
    C:
    cd\
    dir mp*.com /s
    For what is worth I have changed my hosts file and can still access PaddyPower, Bet365 and Betfair. I strongly suspect it was put there by Bet365. – Paul

  10. Carlito says:

    Matt, another excellent article and background info thanks very much – thankfully not on my laptop – unsure how to check nexus tablet though – this is what could have been dragging my laptop performance down – i thought it was related to flashplayer and installed “mawarebytes – anti malware” which identified a host of items which i put into quaratine and deleted with easy step by step three icon process – will keep regular check for iesnare : – )

  11. Blokeshead says:

    Not on my PC or my laptop (both using Windows 7 and Firefox).

    I often bet via my iPad (and I use Coral on all of these devices). Could it be tucked away on there somewhere? Or on my iPhone? Searching on one of those devices isn’t quite as simple as it is on a computer.

    I spent a lot of time this year trying (and failing) to ascertain why Bet365 suddenly restricted me to 50p a bet when, over the previous 12 months, I’d actually lost a tiny amount with them. Could the b%”#/&%s have seen that I’d made money from a handful of other bookies and simply preempted the same perhaps happening to them?

  12. Chris Jones says:

    The search took a while and I was beginning to think nothing was happening but there it was, hiding in a Flashplayer folder as other posters have mentioned.

    I cleared my cache a few days ago and the mpsnare folder was dated 5th of September so it must have been re-created as soon as I logged back into the betting site.

    Question is, one which did it? I’ve only used 3 sites since the 5th of September and they are Bet365, Betfair (Exchange and Sportsbook)and PaddyPower.

  13. Tuckers Luck says:

    cheers Matt,

    yup me too, hidden in chrome shockwave flash, no wonder spoilsport restricted me last month when i dont use them too often!!
    cheers
    steve

  14. ron says:

    hi Matt
    I checked my pc and found nothing, but then I would hardly consider myself a tech wizz, so will have a friend look at it 🙂 What I did find strange is that I followed your podcast link and that particular broadcast isnt currently available?So I clicked on others at that site and they all played, something else sinister:-) or just my imagination?

    great piece of work

    ron

  15. Scott says:

    Hi

    Just ran this on mine and found two downloads, one was linked to a flash player. Thanks for posting how to get rid of it. Should be more widely known.

  16. MONTHEHOOPS54 says:

    Luckily, I’m safe. Found a quick way to check on a forum in gambling Times. Simply press windows key and F, at same time, then type in iesnare, or mpsnare in search box in top right hand side of screen, will tell you if it is on your machine.

  17. Eddie says:

    i found nothing typing mpsnare in the search box but using the command prompt i found 2 files, one in shockwave flash and one in flashplayer

  18. Andrew says:

    I hope this might help…

    By the way…I am NOT receiving any payment from this company!!!!!!!

    (It concerns encryption and malware detection software….)

    (It might also help you if you’re in a country which attempts to prevent you from reaching certain websites, bookmakers, etc.)

    Because I travel to countries where access to Betfair, etc., is barred, I installed the ‘Elite’ version of Hotspot Shield.
    http://www.hotspotshield.com/
    (You can find a discount voucher on-line and the total annual cost, to cover up to 7 devices, is approximately $20.)

    This software is an ‘IP Changer’.
    (i.e. it changes the IP address (Internet Protocol address) of your computer to a country of your choosing.)

    So, if I’m in Greece, for example, which attempts to protect its bookmaking industry from foreign competition by barring access to Betfair, I select ‘United Kingdom’ from the Hotspot Shield menu and the Betfair API thinks I’m in the UK and doesn’t block my entry to the site.

    And there are other benefits to Hotspot shield:
    1. It encrypts my Internet connection
    2. It alerts me if a site I’m trying to access has a known spam or malware history.
    3. It helps protect me from ‘phishing’ attempts, etc.
    4. By selecting the ‘United Kingdom’ IP address I can access BBC i-Player, (and other UK sites designed to only be accessed from within the UK) for example, whilst abroad…

    As I wrote, earlier, I have no connection with Hotspot Shield but, having used it extensively, I heartily recommend it.

    PS: There is a free version…but (a) you’ll be plagued with advertising and (b) the support is limited and (c) for approximately $20 the paid-for version is exceptional value-for-money.

    Cheers.

    • Matt Bisogno says:

      Thanks Andrew. One of the problems with iesnare is that it actually tracks the device identity. So regardless of using a different IP each time, they will hook back to the same device unless steps are taken to prevent that as well.

      The pair in combination will likely prevent bookmakers from tracking a device.

      Thanks again for sharing.

      Matt

      • Andrew says:

        Hi Matt,

        Yes, I think you’re correct.

        The combination of the Hotspot Shield firewall, encryption, etc., should be something of a deterrent.

        Thank you for a very thought-provoking and interesting site, by the way.

        Andrew

  19. willcad says:

    Found it on my desktop was installed on the 17th and 18th of the 8/2015 followed your instructions and it worked cheers mate

  20. Alzzz says:

    I used to use various chrome privacy extensions to stop this (its very satisfying to see requests going to iovation being blocked 🙂 )

    I did find that the extension i used impacted my ability to log into William Hill at times so removed it, but browser privacy is not a new thing so i assume there are some very good extensions available if you are so inclined.

    As an fyi – laddies have (or at least used to) their own flash component that they use to track you (cant remember its name or location atm)

  21. Roy Agnew says:

    An ordinary search didn’t show anything but, when I extended it to cover all hidden files and folders as well, two folders showed up. Cheers Matt.
    Roy

  22. Funkydunk says:

    Cheers Matt
    Found four files and deleted them and installed the file as per instructions.Probably why Ladbrokes and Boylesports have refused to take bets over a few pence the last couple of months forcing me to stop using them

  23. Paul.TT says:

    Thanks for the heads up,
    I’ve found it on my laptop,
    installed
    Dec/2011
    May/2014
    Jan/2015

    definitely getting rid of this

    Thanks Matt

  24. MikeA says:

    Nothing on my laptop, but thanks for the heads up will definitely keep an eye out for it in the future. Rules governing the bookies definitely need an overhaul, it’s a disgrace that people are restricted when they are able to win a few quid but welcomed with open arms if they appear to be “mug punters”. In the long run the bookies will win anyway because they operate a margin, this kind of behaviour is just down to pure greed and *hopefully* not sustainable.

  25. gabrijel says:

    Nice discovery and article Matt , and many thanks for this notice.
    Fortunately I do not have this on my PC , but almost all ? BIG BOOKIES ? closed or limit my account in last 6-9 months ( William Hill,Betfred,Ladbrokes,Coral, Boylesport,Sportingbet,Stanjames,Betfair,10 Bet,Betway,Racebets) and many years ago ( B365+PaddyPower+BetVictor). One somewhat strange thing happened to me is that 888Sport after limiting my account to few penny for about 6 months, suddenly allows to few tens of Euro. I am little off topic, but just to know my experience….

    Thanks again Matt !

  26. ajmax57 says:

    Hi Matt

    Great work

    I use 13 different accounts and Stan James closed my account after 5 bets ( 1 win) and Racebets restrict me to sp after only 1 bet (loser). I cannot believe this software is not on my computer, and more of a concern is are there other codes running like this.

    Recently I have been using these accounts and oddschecker in cognito ( not sure how much of a difference this makes)

    Just purchased an ipad and would like to know how to check it.

    Thank goodness for exchanges as most bookmakers today in my opinion are just glorified manipulative accountants.

    Keep up the good work
    Alan

  27. Chris Arnfield says:

    I did not find anything on my PC, but it is brand new with W10 and I have only had it for a few days. However, I have added the code as suggested and run the check and all is fine, thanks.

  28. Kev says:

    Thanks for this Matt – hidden in Flash on my older XP machine but not on my Win7 one as I reformatted the HDD last month, but I will keep an eye open. K

  29. maverick99 says:

    Just found 5 folders. Deleted all OK although I’ve yet to permanently solve the problem as suggested above. This activity may well explain accounts being closed without significant losses as any one with a normal bookmaker account who is also using Betfair could be erroneously considered to be potentially a arbitrager?

  30. Clayton Risk says:

    Many thanks for this Matt, I am not tech savvy but followed your removal advice and it looks as though I have done it. And it does make you wonder what else lurks hidden on the PC especially when banking and shopping online – is there anything watching what we are doing then?????

  31. Ifonly says:

    Excellent article. I have found 2 files on my machine.I will now try to block them in future.
    Apart from that how can anyone not give the article 10/10?

  32. slammer81 says:

    Just checked and discovered it on my laptop, recently as July of this year.

    I’m trying to follow the process of blocking it but I can’t seem to do it as when I check using the command prompt I do not have all the zero’s.

    I’m running Windows 10 can anybody suggest where I may be going wrong?

    Thanks

  33. neil davidson says:

    HI Ive just run the scan on my computer and found 4 downloads 2 were downloaded the day after i had bought my new computer in 2013 and the other 2 were updated downloads in 2014 but none since then but have now deleted all.

    Many thanks for the info Matt

  34. Doshtosh says:

    Brilliant article, thanks, Matt. It looks like I’m safe, atm. Maybe they just bar me and are happy to get rid of me!!!!

    If this isn’t illegal it definitely isn’t ethical, but who said bookmaking firms were ethical, or who would believe that they are?

    Another feather in the cap of Geegeez.

    J.

  35. acranea says:

    I’ve been battling this gangsterware for a while.Hopefully it’s permanently disabled now.

    If you use Firefox it’s worth installing an add-on called Better Privacy which keeps you updated when sites install mpsnare flash cookies.I delete them every time out of habit.

    It’s laughable that a firm that calls itself a security company makes most of its money selling data to people that spam you for a living.Hardly surprising though.

    When you search older forums about mpsnare you often find it mentioned in relation to poker sites & such.Most of the posters tend to be American & fully paid up members of the “if you’ve got nothing to hide you’ve nothing to worry about” club.

    I swear if I live to be 1000 I’ll never get over my amazement at the childlike world view of most Americans.

    Anyway,simple fact is before the 1960s bookies were exclusively gangsters & in my book they haven’t changed they just “went legit” like in old mafia films.That’s why it’s so much more fun to spend their money than any other.

    Especially Paddy Power.

  36. Michael says:

    Instructions for Mac:

    Step 1: Launch Terminal, found in /Applications/Utilities/ or launched through Spotlight

    Step 2: Type the following command at the prompt to backup hosts file to documents folder:

    sudo cp /private/etc/hosts ~/Documents/hosts-backup

    Step 3: Type the following command at the prompt to open hosts file:

    sudo nano /private/etc/hosts

    Step 4: Enter the administrator password when requested – you will not see it typed on screen – then press enter/return

    Step 5: Once the hosts file is loaded within nano, use the arrow keys to navigate to the bottom of the hosts file to make your modifications. We can then add the same lines as in Matt’s instructions above:

    127.0.0.1 iesnare.com
    127.0.0.1 iesnare.co.uk
    127.0.0.1 http://www.iesnare.co.uk
    127.0.0.1 mpsnare.iesnare.com
    127.0.0.1 mpsnare.iesnare.co.uk
    127.0.0.1 http://www.mpsnare.iesnare.com
    127.0.0.1 http://www.mpsnare.iesnare.co.uk
    127.0.0.1 ci-mpsnare.iesnare.com
    127.0.0.1 ci-mpsnare.iesnare.co.uk
    127.0.0.1 http://www.ci-mpsnare.iesnare.com
    127.0.0.1 http://www.ci-mpsnare.iesnare.co.uk
    127.0.0.1 admin.iesnare.co.uk
    127.0.0.1 http://www.admin.iesnare.com
    127.0.0.1 http://www.admin.iesnare.co.uk
    127.0.0.1 iovation.com
    127.0.0.1 iovation.co.uk
    127.0.0.1 http://www.iovation.com
    127.0.0.1 http://www.iovation.co.uk
    127.0.0.1 http://www.iesnare.com
    127.0.0.1 admin.iesnare.com
    127.0.0.1 dra.iesnare.com
    127.0.0.1 impsnare.iesnare.com
    127.0.0.1 mpsnare.iesnare.com
    127.0.0.1 mx.iesnare.com
    127.0.0.1 snare.iesnare.com
    127.0.0.1 iovation.com
    127.0.0.1 accountlock-demo.iovation.com
    127.0.0.1 admin.iovation.com
    127.0.0.1 bam-pilot.iovation.com
    127.0.0.1 batch.iovation.com
    127.0.0.1 ci-accountlock.iovation.com
    127.0.0.1 ci-admin.iovation.com
    127.0.0.1 ci-mpsnare.iovation.com
    127.0.0.1 ci-snare.iovation.com
    127.0.0.1 dv-fw-a-nat.iovation.com
    127.0.0.1 ioit.iovation.com
    127.0.0.1 mx.iovation.com
    127.0.0.1 p.iovation.com
    127.0.0.1 rm-admin-demo.iovation.com
    127.0.0.1 soap.iovation.com
    127.0.0.1 test.iovation.com
    127.0.0.1 testgw.iovation.com

    Step 6: When finished, hit Control+O followed by ENTER/RETURN to save changes to /private/etc/hosts, then hit Control+X to exit out of nano

    Hope this Helps!

    • Barrie Homes says:

      Hi,
      I have modified the hosts file as per instructions but when I ping to test i get no reply?

      I presume that I should get the same response as per the windows version in the article by Matt.

      Can you suggest any reason for this ? I am on OSX Yosemite

      Thank you

    • Rod Whiting says:

      Hi Barrie, just trying your instructions to remove mpsnare on my Imac – I entered the list as instructed it’s responded command not found to each entry. I may have missed something. Can you advise?

    • Rod Whiting says:

      Hi Barrie,

      Ignore my last comment. I’ve found a way of disabling iesnare in adobe flash. Thanks anyway and well done for highlighting what the bastards are up to!

      Rod

  37. Graham says:

    The Gambling Times was warning about this piece of crud-ware way back in 2008. Thanks for bringing it back to the surface, Matt.

  38. nickmra1 says:

    W7 and both Chrome and IE11.
    Was present and installed on 6th and must have been by Betfair as that was the only site I visited.
    Instructions worked fine.
    1. Hopefully we’ll get the Android answer soon.
    2. Is there a way to let one know when a site is installing the code? As I’ve shown above, that way we would know whether there are any “clean” bookmakers.
    N

  39. Jean says:

    Great stuff Matt.

    I found only one file – in Flash player updated in March 2015, but as I often watch races online after placing a bet, Flash is a perfect way for these guys to target me.

    I have several different online accounts so it could have come from any of these sites.

    2 months ago I had my BetVictor account limited after a couple of small wins on the same day (less than £100 each) which I found strange. They also removed my ‘price guarantee’. I contacted them and asked why this happened only to be told that my account was ‘re-assessed’ by their traders and restricted as a result of that re-assessment. I will not be using them for a while.

    I am in the process of blocking all the files you have listed now.

    Thanks once again.

  40. Jo says:

    Yes – found it on mine. Been there since April 2014, apparently! So thanks very much for talking us through how to deal with it. Don’t know if it’s a coincidence, but last week, I received an email from William Hill stating that I am “no longer eligible for any William Hill Online Sports and Racing offers. This means you will no longer receive football promotions such as Acca Insurance, Scorer 2nd Chance and Bore Draw, as well as Best Odds Guaranteed and Money Back 2nd for Horse and Greyhound racing.” Can’t think why they’d suddenly do that – unless they’ve been monitoring my account with this ‘spy software’ and made a decision based on what they’ve seen. George Orwell has a lot to answer for … 🙂

  41. Ifonly says:

    Update on my previous comment.
    Not only was it an excellent article but the instructions were easy to follow and very effective.

  42. Michael says:

    Great article Matt,

    lot of things get done that are “legal” but immoral.

    On a Mac OS 10.7 but probably be on all OS’s found here:
    /Users/location1/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/#mpsnare.iesnare.com

    /Users/location1/Library/Preferences/Macromedia/Flash Player/#SharedObjects/J2JLMF6J/mpsnare.iesnare.com

    Cheers

    Michael

  43. danny83 says:

    I’ve found 4 of these files(all of them in Flash Player folder)….i’ve shift delete them and will be more careful from now on.
    Thanks Matt for what you’re doing!
    Keep it up!

  44. Sam says:

    I do most of my betting on my phone these days including arbing, plenty of closed or restricted accounts, Coral, BetVictor, PaddyPower & Ladbrokes being the worst, though I did just find this software on my computer & laptop (which I used to use).

    Do they have to ability to get this software onto phones? Is there a way of checking?

  45. Peter says:

    Thank you Matt

    It is on my machine, I’m running Windows 10, followed your instructions to the letter. Many thanks. P 🙂

  46. Leaper says:

    Found iesnare and removed it, have mpsnare and cannot acces the file. No others present on my PC (Windows XP Pro). When opening Notepad, I had a blank page. Nothing listed at all in Notebook. I have gone to all of the www. sites listed, e.g. iesnare, and have been told that they could not be found, so I assume they cannot, as you say, ‘Phone Home’ Will keep checking and will get back here to update any new stuff. Thanks for the ‘Heads Up’, by the way geegeez.

  47. psnich says:

    Having been barred/restricted by at least 20 online bookmakers, imagine my surprise that there was no trace of this problem on either of my pcs. I have flash player but I have never (to my knowledge) used it and despite numerous requests, I have never updated the latest version. Maybe this is an answer.

  48. Brian says:

    Found 4 files, all in flash player, updated 23/4/15 and 25/8/15. Thanks for highlighting this disgraceful practice. If it isn’t illegal it should be!

  49. roquefort44 says:

    Found it in Flash Player and deleted. Now I know why I’ve had two bookie accounts restricted recently for paltry amounts of winnings. Also had two of my accounts hacked into in the last 6 months – I guess that explains why! Thanks Matt.

  50. metroseal says:

    Found this info several years ago and I would suggest the people that say it’s not there need to do a more in depth exam of their files as this spyware WILL be on their machine if they use online accounts for betting. Knowing people who arb and have several accounts at the same bookies has taught me that all the bookies use iesnare, you just have to be extra vigilant to stay ahead to keep your accounts unrestricted and also that once restricted it’s virtually impossible to get it reversed so move on etc

    • Matt Bisogno says:

      I absolutely agree with this. A quick search – probably not looking through ‘hidden files’ – is unlikely to unearth this.

      Using the C Prompt method will find anything which is there.

      I suspect 90+% of readers have this issue on their machine.

      Matt

  51. Ed Fuller says:

    Found 4 folders on my computer from late 2014. I have been limited by almost all bookmakers that offer BOG (only Bet365 left). I have deleted the folders and followed the instructions above which was actually quite easy. Thanks for this! The sooner we have rules for bookies like they do in NSW, Australia the better!

  52. sondrio2 says:

    not found anything on mine, there are a couple of files from bet365 in flashplayer but nothing like whats been mentioned. all very confusing for an old codger like me.

  53. Tony Grant says:

    Nothing for me but I suspect this is mostly because I had once installed malware bytes. Even though I removed that more than a year ago, it still has after effects like not allowing you to change filenames in the downloads folder and making it read only, deleting cookies and history on every browser closure and basically turning my computer into a frustrating mute, albeit clean and healthy. I suppose I should thank malware for this one blessing, although it is the first blessing I have known from using the damned tool lol.

  54. Ziz says:

    I think the process below does work too(sorry it might not be up to date):
    Firefox 3.0+

    Goto the Tools > Options menu.
    Click on the Privacy tab.
    Click on ‘Exceptions’.
    Enter ‘iesnare.com’ and click ‘Block’
    Firefox 3.5.x

    Goto the Tools > Options menu.
    Click on the Privacy tab.
    Select “Use custom settings for history” in the “Firefox will” menu
    Click on ‘Exceptions’ across from “Accept cookies from sites”
    Enter ‘iesnare.com’ and click ‘Block’
    Internet Explorer

    Goto the Tools > Internet Options menu item.
    Click on the Privacy tab.
    Click on ‘Sites’.
    Enter ‘iesnare.com’ and click ‘Block’.

  55. DOug says:

    No sign of it on my MacBook, Apple stuff usually very difficult to manipulate. It is worth blocking third party stuff and ads in your Browser Preference Files. Just deleted a lot of stuff that I never use.

  56. otterman says:

    Found it on my PC (in flash player). It seems to have appeared on 9th April this year, but then I only installed the PC at the end of March. That day was a busy betting day (Aintree festival) so I would was on lots of bookie sites so no idea which b****** gave it to me.

    I am inclined to exterminate it (although I have read one opinion that the act of deleting it thus stopping the flow of data back to the bookies can in itself mark you as a shrewd punter!) It seems you can’t win.

  57. Rachel says:

    I have a lot of Bookmaker account and found mpsnare listed 5 times on my PC. Followed the advice above and all looks ok now. I have very limited PC techy skills and when I saw the instructions thought there is no chance I will make it through that lot but I did it 🙂 and on Windows 8 as well where I struggle to find anything

  58. dolphin68 says:

    A very insightful article….cheers Matt. Checked my machine and found two files that seem to have sneaked in through my flash player. Both deleted and worked through steps to prevent future breaches. I’m amazed that they would want to monitor me…I’m a modest punter on the stakes front.

    Martin

  59. Kevin says:

    Yup found the files hidden away in flashplayer last october. Was a bit worried about following the instructions to block it but was dead simple and the ping test now works exactly as it says it should after the process.
    Thank you so much for this.

  60. David Varnam says:

    Hi Matt,

    I found 4 mpshare folders on my C drive (I use a PC running Google Chrome). Not confident enough to use the directions you posted so have merely deleted them.
    However, I’ll keep my eye out for their re-appearance in the future. Thanks for the warning. 🙂

    David

  61. shuggy54 says:

    hi matt,fantastic post i found it on my laptop followed your instructions to the letter then checked it,
    it works perfectly on windows 8.1 it is now blocked thank you very much i will now pass it on.

    regards

    shuggy54

  62. Kevin says:

    Bit dissappointed that neither AVG or Malaware bytes didn’t block the installation of this spyware – maybe I’m expecting too much from them ?

  63. Paul Ruffy says:

    Anyone know is Spyware search and destroy or malwarebytes anti malware will detect and get rid of this?

  64. ShockedofSurrey says:

    Hi Matt,

    Completed the 127.0.0.1 change and checked and it is working/blocking now thanks.

    The date of iesnare modified was 07/09/2015 (can’t see install date).

    Hope that helps.

  65. CJ says:

    Yep. Was there on both laptop and desktop. Also on the desktop of a friend of mine who doesn’t use geegeez (Shocking I know). Have carried out the deletion and adding of code in notepad as above so fingers crossed.

    Thanks Matt!

  66. stod180 says:

    Found 1 in flash play folder and deleted it. Followed your instructions to keep them at bay. I am amazed that this “spyware” is legal. Thanks for the heads up.

  67. spreadform says:

    Thanks for the info, Matt! Spyware found in 3 Flash directories on my computer (as others have commented).

    The fix worked like a charm on Windows 8.1.

    P.S.:

    1. Your “originally published here” external link could be updated to read:

    http://www.thegamblingtimes.com/board/day-day-life/10018-iesnare-make-sure-youre-not-being-snooped-30.html#post480983

    so that it points to the relevant post on that page.

    2. For those not familiar with the Command Prompt (cmd.exe), you might want to point out that first one needs to get to the root (usually c:\). Simply type “cd..” + Enter (without the quotes) as many times as needed to get to the “c:\>” prompt. The up arrow recalls the last command to make this process very quick and simple.

    3. Are there any other snoops we should be aware of? This is a great solution and should work for all of this type of spyware (one only needs to know the web addresses).

  68. Martin says:

    Thanks for the info, found 4 files in Flash on my main PC dated July 2015 and two on my daughters laptop dated August. I only started to use her laptop because my PC had suddenly (around the same time as the files were created) started to run very slowly when doing in-play bets on Betfair. Outrageous behaviour by the Bookies, there must be some means of getting information from them on how widespread this is and making it public, Freedom of Information Act?

  69. Bob Nally says:

    Hi Matt
    I found 4 files, 2 installed in April this year and, surprisingly, 2 installed in February last year. I have not deleted them yet – I will print outyour instructions first.
    Thanks
    bob

  70. Andrewson says:

    Anyone else using a Chromebook? I have searched the interweb but so far been unable to locate any instructions regards these systems.

    Thanks for the heads up Matt. Very insightful.

    Stephen

  71. grinder says:

    Not at all any good with computers but found 4 instances of mpsnare associated with flashplayer.Deleted them to recycle bin.Can anyone tell me if this will suffice please and also how to prevent it in future.Thanks and thanks to Matt for the heads up.

  72. Lynne says:

    Yesterday I found the mpsnare file listed on the Flash settings – I deleted it and blocked it on the browser privacy settings.
    I was fairly sure it worked ok as I couldn’t get the mpsnare site up – but tonight I’ve copied Matts code into the Hosts file to be double sure.
    Just gone over to Flash settings and lo! the damn thing is listed again. It is still set to 0kb and I have done the ping test which all works fine so I think I’m safe but I’m just saying that it looks like a persistent problem and following Matt’s code/pinging test is probably the way to go.

    Lynne

  73. barry says:

    Unbelievable Matt (Well almost), I found them, downloaded June ’14. Bloody parasites those bookies.

    Thanks,
    Baz.

  74. Strummerville says:

    Yep found on my laptop. Removed files and applied code as per above instructions.

    Thanks for the heads up – just shows what a bunch of evil b@$!@rds the bookies really are.

    Now to check my PC.

    Thanks again and keep up the brilliant work.

  75. casvegas41 says:

    I have been testing this on my Chromebook since last night. I have a definite esnare log every time I log in and out of Betfair. I can delete it by going to the following tabs

    Control tab at top right of browser
    Settings
    Show Advanced settings
    Under Privacy Click Content settings tab
    Under Cookies setting click All Cookies and site data
    When you click here you can search for the iesnare cookie
    If present Click on it and a tab with token appears. Click this and you can delete the cookie

    After deleting got through the same process but when you get to the Contents settings as before click on the Tab that Blocks third party cookies and site data..

    This has worked so far for me but only on Betfair where I know it was appearing after clearing it at every log in.

    I will check back every so often to see if it is present.

    There are also settings within the same menu subset that let you manage the adobe flash cookies. Again the iesnare cookie was present in the flash player but could be deleted. Haven’t researched how to get rid of that completely yet but will do so.

    One other thing to note is that as previously suggested If you browse in the Chromebook as a guest no cookies are left. Again I have tested this and with the number of bookies I visit Im sure it would have been there if browsing in the normal browser.

  76. Andy says:

    Found the programs on my machine – 3 different places and seems to be flashplayer that is the vulnerability. Files deleted and hosts file modifed. Thanks Matt great work.

  77. vanesy says:

    Hi Matt, Great article!! found 2 files, although a little more complicated on Vista I got there in the end, cannot get through to isnare.com so looks like it’s worked fine, however I currently have no problems with most bookmakers and fear doing this will now result in my accounts getting restricted, And I bet on horses daily quite often beating SP, well we shall wait and see. Cheers

  78. Peter Shaw says:

    No files found on mine Matt which is surprising as Ive been restricted by many, closed down by some, and been betting on internet for years.
    I do use C Cleaner (a free system clean up) after each bet session, and I use Clamwin free antivirus. Not sure if that has any effect tho’.
    Peter.

  79. LabMaster says:

    Yes, found it on my machine and modified the host file. Strangely I got a redirect when I went to the Daily Mail website and clicked on an article!

  80. Jim Keating says:

    Thanks for the info Matt, I found the buggers and modified the Hosts file to prevent them reporting back. They were found in the flash player area, flash p[layer has been crashing a lot lately, I wonder if this is related.
    Thanks again, keep up the good work.

    Best regards

    Jim

  81. Dave McAuley says:

    I’m afraid it’s not just bookmakers employing these kind of tactics Matt but all manner of sites that install nasty stuff on your PC. So the instructions will get rid of this particular beast but people need to really take more all-round preventative measures to be safer online.

    There are two pieces of FREE, lightweight software that I have found essential over the years not only to find Spyware on your PC but also to prevent it getting there in the first place. The FREE versions are sufficient to find and prevent this kind of spambot/malware being installed in the first place -:

    Spybot Search & Destroy – https://www.safer-networking.org/

    Spyblaster – http://www.brightfort.com/

  82. George says:

    when I change the hosts file as detailed I’m not getting 0ms reported as recommended but values like 7ms. Something is wrong is it?

    I am getting evidence that am am infected with this spyware when I did the test to find iesnare.

    Help please!

  83. dartguru says:

    Excellent article Matt. I consider myself to be reasonably techy, but had never heard of this spyware and it beggars belief how unscrupulous bookies can be, although I guess I shouldn’t be surprised. I doubt we can be certain there isn’t something else lurking doing the same job – you eradicate one and think you’ve solved the problem.

    Anyway, nothing found.
    I have Spybot S&D and ran it a while back which may have removed it if it were there. I also don’t use Betfair anymore, and that seems to be one of the main culprits.
    Still, I have altered the hosts file.
    An Android check/solution will be handy if anyone can provide one.

  84. Stuart Payne says:

    Be interesting to see what the ‘smarm’ (believe that is the collective noun) of bookies reps make of this and their defence of this practise? Even more unlikely is a Racing Post report on these activities.

    S

  85. Paul says:

    A little search of my computer reveals that hidden away in the following folder…

    C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\ShockwaveFlash\WritableRoot\#SharedObjects\V2TSXDFU\macromedia.com\support\flashplayer\sys

    is the #mpsnare.iesnare.com file (last modified 0833hrs on the 26th of August 2015).

    Right next to it is another file…

    #members.bet365.com (last modified 0941hrs on the 26th of August 2015)

    and #bet365.com (last modified 0942hrs on the 26th of August 2015)

    I was recently restricted on bet365 (well partially).

    I checked my records and my last bet prior to restriction was on the 26th of August 2015.

  86. Alex says:

    Hi Matt,
    Thanks for a great article.

    Can’t find it on my desktop, I use Firefox and windows 8.1 and use CC Cleaner regularly.

    Interestingly I was restricted by Coral on my old computer and received an e-mail saying no more free bets. Now I have a new computer the restrictions seem to have vanished and I am being offered free bets which are being honoured, bizzare!

  87. northern says:

    Hi Matt

    It had been on my computer for 5 years.
    Even a technophobe like me was able to clear and block it.

    Cheers
    Pete

  88. RomJim says:

    Found 2 files plus stuff in flash. Hopefully have deleted them and also set the options in Firefox to hopefully prevent recurrence. Thanks again Matt for great work

  89. Mandy-D Coughlan says:

    Thank you Matt for this. I was shocked to find the files lurking under Shockwave Flash, and I already run Norton and Malware-Bytes! Keep up the great work, and thanks again.

  90. haq says:

    have found this on my laptop and deleted it.

    do i now need to wait for it to be re-installed before i can enter the code provided?

    should i also delete shockwave?

    thanks in advance

  91. Rich says:

    Thanks, the mac instructions worked a treat and now I am rid of this cookie.

    I have read through and couldn’t really see an answer to my following question:

    If now having blocked iesnare, does this also mean once removed from flash cookies, the cookie will also not be able to install itself into flash?

    Big thanks for all the helpful comments and instructions

  92. Simon Bryant says:

    Just to say that I tried to get around this some years ago by deleting all traces of iesnare etc. and uninstalling flash on my betting pc so that iesnare couldn’t be reinstalled. On rejoining SportingBet using a different name and details, they first suggested I installed flash to enhance my betting experience, then they insisted, then they closed my account (the same day). It may be that not allowing iesnare to be installed will also alert the snooping system (sorry, risk management system) that bookies use.

  93. Matt Bisogno says:

    This email was received from ‘Jimmy Justice’, a twitter user known to me (and trusted by me) who wanted to retain some anonymity:

    Great article Matt, but I do feel there is confusion as to:

    1. What ‘iesnare’ collects and does?
    2. What other products gaming companies use to track personal activity?
    3. What the reality is of combining the information from 1&2?
    4. What is legal and what is not (seems impossible to work out)?

    1. What ‘iesnare’ collects and does?
    It’s more akin to a hardware tracker as opposed to an internet activity tracker. It is taking, something similar to a ‘fingerprint’ (footprint in IT terms) of your device and enables a company to identify your device when it is transmitting. Once your device is in the ‘Iovation’ database there is no hiding unless you can be bothered and know how to block the multiple and continual attempts to download it or how it transmits. Examples of what it knows about your device are:
    Device Type e.g. PC, MAC, etc.,Operating System e.g. Windows, OS X, Linux, etc., IP Address, IP Geolocation: City, IP Geolocation Country Code, IPGeolocation Proxy Flag, IP Geolocation Country Name, Internet Service Provider (ISP), Operating System Version, Component Serial Numbers, MAC Address and many more.
    There is no question that its primary use is for fraud and other crime, but some bookmakers use it continually even when they don’t suspect you of fraud or any criminal activity. They do not discriminate between customers and will continue to use it even if you have been a customer for years without any suspicious activity. This cannot be ethically sound, therefore it has to be suspected ‘iesnare’ is used for other reasons than criminality, i.e. infringing terms and conditions (T&Cs) and helping to build a better picture of you and your gambling when combined with No.2.
    Some sites and people suggest it is easy to overcome ‘iesnare’. If you are tech savvy, maybe, but don’t forget it is only the downloading and/or transmitting that is overcome. Once your device is in Iovation’s database it is there for life, which means it is always waiting to reactivate when you make changes to your device and/or forget to upgrade your defences against it.

    2. What other products bookmakers use to track personal activity?
    Bookmakers use everything they can get their hands on. This is where most people should have their main concerns about tracking and privacy, but it is virtually all legal and I suspect major bookmakers won’t step over the line legally, because they don’t have to. Unless, you are very determined and willing to lose nearly all your accounts (you won’t be allowed to access many bookmakers’ servers if you block all tracking) there is little you can do. Basically, you are tracked legally, or blocked if you stop this happening completely. Bookmaker’s T&Cs are unclear as to what personal information they collect in this area. Is the data pooled before they see it, i.e. not identifiable to you specifically? Some T&Cs hint this is the case, but I suspect some companies know exactly where else you have been on the internet (sadly not illegal, if you are upfront about it, but bookmakers to my knowledge are not – AND boringly I’ve read quite a few sets of T&Cs).

    3. What the reality is of combining the information from 1&2?
    If you want to bet online, you allow bookmakers to know a lot about you or you are not allowed to bet and there is no way round this without the UK Gambling Commission and/or government doing something.

    4. What is legal and what is not (seems impossible to work out)?
    Again, if my last assumption in No.2 is correct, it is all very, very frustrating. Bookmakers are not doing anything that is easy to prove as being illegal and finding anyone to help is virtually impossible. Bookmakers are certainly pushing the boundaries of legality, but the authorities are none too keen to get involved: There are bigger fish to fry and helping punters is way down on their list of priorities. I suspect a good lawyer would enable you to stop some of this tracking without losing accounts, but naming and shaming is cheaper. Why do I suspect this? I’m aware that some large bookmakers will reinstate accounts if you display some understanding of consumer law. I suspect they are keen to keep everything pretty quiet, as much for PR reasons as anything else, but it does hint they are pushing things legally, especially with the wording of their T&Cs.

    You are asking for people to follow-up and provide information as to whether ‘iesnare’ has been on their PC/tablet/whatever. I commend this, but if a company uses ‘iesnare’ we already know the answer; it is 100% of customers, except those with ‘convenience accounts’ (you know who you are). Nevertheless, it would be good for punters to know exactly which companies are using ‘iesnare’ at any moment in time, so a couple of recommendations:

    Recommendation A

    People could:

    Search for and delete all the ‘iesnare’ files after booting up their device (they then know their device is ‘clean’ at that moment in time)
    Open their browser, enter, as an example sport.coral.co.uk in their url bar (not picking on Coral, just an example)
    After the site loads, search for ‘iesnare’ files again (if they are not there log-in)
    Search again.

    It won’t take long to find out which companies are using ‘iesnare’ and at which point they download it. This method has one downside, i.e. if there is a company who downloads ‘iesnare’ at a later stage, e.g. on placing a first bet or another bet if you are an established customer who has deleted it.

    I think Flatstats has previously published a list, but this would provide an update of company names who treat customers like criminals when they are not.

    Recommendation B

    Make a complaint to the ‘Information Commissioner’s Office’, especially if a company is encouraging you to bet (emails, etc), but still using ‘iesnare’ on your device. This is a conflicting message and not ethical, even if it maybe proven legal.

  94. max says:

    This is primarily about multiple accounts. In the near future things will become more difficult, different IP addresses will be needed, mobiles, landlines, will have to utilised. Fight them on all fronts and we’ll never be defeated.

    • Matt Bisogno says:

      It’s primarily about privacy infringements, Max. Everything else is secondary to that, in my opinion at least.

      Matt

  95. john says:

    hi Matt,

    Many thanks for the heads up.

    I did indeed find 2 files that were installed on the 30th August this year. As I have not visited any online bookies, I can only assume that Betfair, which I use daily, placed this on my laptop themselves.Not happy considering Betfair is supposedly impartial

  96. methodman says:

    found 4 file in flash player dated last Friday
    I seem to remember replaying yes to a prompt for a flash upgrade
    Have deleted but will check other PC’s and apply the more permanent solution later.

  97. methodman says:

    After removing the files yesterday mpsnare has reappeared after going to the betfair website and I didn’t even login.
    Will have to find the time for a more permanent solution

  98. beesgeez says:

    Hi, I found a couple of these from May last year via the command prompt. Nothing from the search box. I suppose they are 0 bytes because of Flash? 1 Flash Player, 1 flash Shockwave. Changed the Host file which worked as written above. Thanks for this, very good work.

  99. John Walker says:

    I found the folders, modified the hosts file but didn’t get the expected results form the ping. 127.0.0.1. Instead it showed an external IP and there were also no zeros in the ping time.

    Not sure how I can resolve this

  100. Neil says:

    Many thanks for this article. I too have found this on my laptop – dated 22/07/2015. Probably no coincidence then that just 4 days later I get the standard email from Coral:

    Important Account Information

    We wish to advise you that your account has recently been reviewed by our sports trading team and as a consequence your sports account is no longer eligible to receive any bonuses, price enhancements, free bet refunds or Best Odds Guaranteed concessions, effective immediately.

    This restriction has been applied in accordance with our terms and conditions.

    You are welcome to continue to bet on sports and enjoy the benefits of our Casino, Poker and Bingo products.

    . . . this despite them bombarding me with emails offering loads of “Free Bets” for the previous couple of months.

    I have now taken the relevant steps to remove this unethical spyware from my machine and will be doing further research to determine which bookmakers install it and when. It may be coincidental, but this only appears to have been downloaded after I got fed up with Firefox continually crashing and switched to the Google Chrome browser?

    One thing that does spring to mind is if we remove it from our machines, the bookmakers will no longer be getting the “feedback” data they’re looking for – is there a risk that if they suddenly stop getting the feedback data, they’ll guess we’ve put the block on it and limit our accounts anyway?

    Another thought I have had is that for those who have the luxury, use one machine for bookmaker accounts and another, separate machine, for the exchanges.

    And if you’re backing with Paddy Power, don’t lay with Betfair – their recent merger proposal will obviously mean they will be sharing customer data!

    I also think that if enough people complain to the Information Commissioner’s Office about this underhand “spyware” they might be forced to do something about it!

  101. Richard Noy says:

    I’m slower than most (or busier!) and have just identified TWO folders installed on 23 April this year. If I can work out what I did that day I can tell you who sneaked it in! Thanks for the heads up. United we stand!

  102. Neil says:

    I’d be interested to hear if anyone has had problems since removing ieSnare. Until a couple of weeks ago I had a full complement of bookmaker accounts, many of these have been active for several years.

    In the past fortnight I’ve been gubbed (no BOG, no access to promo offers) by Betway, Boylesports and Stan James. As well as that, I’ve been limited to tiny stakes with Ladbrokes and relatively small stakes by Sky.

    Possibly a coincidence, but I’m not so sure.

  103. chispa says:

    Hi , i ve also been gubbed by Betway for no apparent reason , thats the only one so far ……..Dont know if this will help but this is what im doing . Im using Windoows with Firefox . As far as i understand it iesnare is mainly linked to Flash – I go into Control Panel > System and Security > Flash Player . Once Flash Player Manager opens click Local Storage Settings by site ….That shows a list . mpsnare has shown there ( while not showing with a search in search box) I now have blocked the mpsnare site that shows . It also shows in bytes how much storage they are taking up , so , as its showing zero , i hope that means its not doing much !! I have also started to to check before i log into a site and after i have logged out to see if they left me any presents , by following the steps above . Its a bit of a pain but it helps to get an idea of who is and isnt . Im not sure if this process completely keeps track but its at least something that makes me feel a bit more on a level playing field with the enemy . Hope that helps . Cheers

  104. neilmck says:

    I think Betway have got a reputation of gubbing people after a handful of bets, so I’d say that has more to do with them being a dreadful bookie and not with ieSnare.

  105. Mike1974 says:

    Hi Matt
    Just worked through your piece on mpsnare and as you said, these files were there.
    I have followed your instructions and it worked a treat.
    Great bit of information. It illustrates that Geegeez is a club/fraternity that looks after its members as opposed to a tipping service
    Thanks very much.
    Mike
    PS – with regards to the Betway comments; my views on Betway could not be repeated in a family newspaper!

  106. dan says:

    Hello, and thanks Geegeez for the info

    i followed your instructions and that of the copied post, one one computer the file search tuned up nothing, but the command prompt still found the mpsnare iesnare (so anybody looking does i think need to do both) and a pain if never before opened a command prompt.

    The command prompt also found bunches of other things on another computer, including bet365 things, with no knowledge of these command searches i was wondering just what that search is for and what if lots of other sites are listed are doing, are they all doing this same data collecting ?

  107. Neil says:

    Some very useful info on the Information Commissioner’s website – https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/ in particular the following sections:

    What else is covered, apart from cookies?

    Although this guide focuses on cookies, regulation 6 actually applies to anyone who stores information on a user’s device or gains access to information on a user’s device, in either case by any method.
    This means the same rules apply to any similar technologies – such as Local Shared Objects (sometimes called Flash cookies) – and can also cover other types of technology, including apps on smartphones, tablets, smart TVs or other devices. These rules also outlaw spyware or any similar covert surveillance software that downloads to a user’s device and tracks their activities without their knowledge.

    What information must we give users?

    PECR do not set out exactly what information you must provide or how to provide it – this is up to you. The only requirement is that it must be “clear and comprehensive” information about your purposes. You must explain the way the cookies (or other similar technologies) work and what you use them for, and the explanation must be clear and easily available. Users must be able to understand the potential consequences of allowing the cookies. You may need to make sure the language and level of detail are appropriate for your intended audience. This is similar to the transparency requirements of the first data protection principle (privacy notices).

    . . . so “These rules also outlaw spyware or any similar covert surveillance software that downloads to a user’s device and tracks their activities without their knowledge.” . . . exactly what iesnare is doing, so surely bookmakers installing/using iesnare are in breach of the rules! I think I’ll raise it with the ICO just for the hell of it and see what they say! Will report back here with their response if and when I get one!

    • Seán says:

      I tried the above but do not get the
      Minimum = 0ms, Maximum = 0ms, Average = 0ms
      Perhaps I did something wrong.

      I sent a message to my virus/firewall ESET asking them for help (a permanent block).

      Paddy Power sent me some files on 07/10/2015 by e-mail in response to my three visits to their head office in Clonskeagh asking for my past betting history and customer attribute notes (allowed under Irish Data Protection legislation). I had a little difficulty opening the five e-mail attachments – didn’t have the encryption program used, and was using MS Office 1993 so had to get readers to view .xlsx and .docx files.

      My brand new iesnare directory is dated 09/10/2015 🙂 🙂 🙂

  108. vitamin says:

    I found 9of them 🙂 on my comp ,fallowed your instructions on how to block iesnare permanently and it worked . Thank you very much ! back tested by going to http://www.iesnare.com
    and look at this magic 🙂

    Unable to connect

    Firefox can’t establish a connection to the server at http://www.iesnare.com.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer’s network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

    tnx again cheers

  109. Mel says:

    I had a cookie on mine last night, deleted but no folders on my machine. I only browsed via incognito after that but still found another one tonight. Have followed your instructions so will so how it goes from here on in.

  110. GM Lacuna says:

    Unbelievable! I have been a Sports Trader for nearly 15-years and NEVER KNEW that the industry that relies on me is also spying on me!! I’m now looking for every opportunity possible to profit from Bookmaker arrogance. Great article, great post and great advice…

  111. bat says:

    blocking with hosts file only works as long as they use client side javascript library to call their API. once they implement this on the server side, no amount of hosts redirects will help. and if they’re half competent, they already do that.

    the way I understand it, system fingerprint is a hash, calculated from all sorts of parameters, right? like resoultion, browser, fonts installed, add ons installed, plugins and many others … all of these are combined into one hash?

    so changing a few of these should output completely different hash, right? easiest way is to change the browser, then install/remove some addons, uninstall/install a few fonts and plugins and voila, completely different hash.

    if anyone has more knowledge how these algos work and how many parameters would you need to change, that’d be great 😉

  112. Kris says:

    Hey! I have followed your intructions on win7 but something seems to be wrong, I got different message in command and I do not have them “0” which You highlighted with blue color after checking ping however I cant open any of listed websites. I do not know is it work or not. I remember that once I installed Kaspersky it has found this thing and it was hard to dalete, but I got rid of it.

  113. karl says:

    Great article, I found 4 files on my laptop, probably why 365 have restricted my account. Many thanks, now i’m going to use purevpn too to hide my ip address from them.

  114. steve says:

    hi read your article and was shocked to learn how far the bookies goto ,any way i found 6 listings for mpsnare 2 dating back to 2001, 2 for 2015 ,,and 2 for the 17th of jan 2016, thanks for the heads up i will be doing a regular check from now on.

  115. almahad says:

    Didn’t sign up with my first bookie until about 2 weeks ago, but found iesnare was installed on my computer nearly 3 years ago!
    Sorted now though. Thanks a lot!

  116. Mick says:

    Great article and very much appreciated. I did a search and found 5 folders. Followed your instructions above so hopefully I’m in the clear.

  117. Philip says:

    Couldn’t find anything using search or command but found it in control panel/flash player/local storage. Thanks for the heads up. Already suspected and expected they were tracking, now I know how.

  118. Chud777 says:

    Another brilliant Geegeez article. I’ve followed the precise instructions as they were written, found iesnare on my PC, and promptly removed it as instructed. I got exactly the results when “pinging” as stated, and my browser now won’t connect to the webpage iesnare, so thanks ever so much!

Comments are closed.