Slashdot Mirror

An anonymous reader writes In a legislative first, the U.S. Supreme Court ruled on Monday that for-profit companies can, in essence, hold religious views. Given the Supreme Court's earlier decisions granting corporations the right to express political support through monetary donations, this ruling is not all that surprising. Its scope does not extend beyond family-owned companies where "there's no real difference between the business and its owners." It also only applies to the contraception mandate of the health care law. The justices indicated that contraceptive coverage can still be obtained through exceptions to the mandate that have already been introduced to accommodate religious nonprofits. Those exceptions, which authorize insurance companies to provide the coverage instead of the employers, are currently being challenged in lower courts. The "closely held" test is pretty meaningless, since the majority of U.S. corporations are closely held.

crimeandpunishment writes "The American Heart Association and Nintendo are teaming up to promote Wii. The popular games can be branded with the AHA's logo, to indicate that they're considered a healthy choice. As part of the deal, Nintendo will donate $1.5 million to the AHA. The Heart Association is concerned about childhood obesity, and now concedes that its campaign for traditional forms of exercise just isn't getting through."

Tiger4 writes "CNN reports on a simple test to determine the presence of genes linked to Prostate Cancer. These five genes, if present, can increase the risk of prostate cancer up to nine times. 'More than 25,000 American men will die from prostate cancer this year. But prostate cancer can be treated successfully if the disease is caught early. A blood test that can detect whether a man is at high risk for developing prostate cancer is on the horizon. The study was published in the February 28, 2008, issue of the New England Journal of Medicine.' It turns out the company actually wants to test saliva, making the test significantly easier and more convenient. Compare this to the tests available for BRCA, the so called Breast Cancer genes. Finding you have the gene can be devastating, but knowing well in advance of developing cancer allows many more options to be considered."

docinthemachine is one of several readers to send word of a new poll published in Nature showing unprecedented levels of cognitive performance-enhancing drug abuse by top academic scientists. The poll, conducted among subscribers to Nature, surveyed 1,400 scientists from 60 nations (70% from the US). 20% reported using performance-enhancing drugs. Among the drug-using population, 62% used Ritalin, 44% used Provigil, and 15% used beta-blockers like Inderal. Frequency of use was evenly divided among those who used drugs daily, weekly, monthly, and once a year. All such use without a prescription is illegal.

imaginaryelf writes, "WebMD reports that researchers have found a link between hours of cell phone use and sperm quality. 'In a study led by researchers from The Cleveland Clinic, men who used their cell phones the most had poorer sperm quality than those who used them the least.' We Slashdotters know that correlation does not equal causation, so further research is needed to understand the link, but just in case, maybe men should cut back on the hours of cell phone use?"

The Sexecutioner writes "WebMD is reporting on a new vaccine which has had an incredible effect in clinical trials. The vaccine, composed of human dendrites holding dead HIV viruses, has dropped test patients' viral load by up to 90% in one year. Could this be it?"

jlowery writes "Seems that asbestos deaths have skyrocketed recently, which isn't suprising one you learn that it takes 40-45 years after exposure for peak deaths to occur. Reminds me of the time 25 years ago me and Dad were replacing the brakes on my old Datsun 510 and blew out the brake residue with compressed air. Dusty."

MrByte420 writes "WebMD has story about every computer geek's favorite beverage enhancer. Seems like there's more to the kick than just the caffeine that makes coffee a favorite amongst the sleep deprived programmers of the world. Some more information can be found here with some interesting details why decaf can keep ya up and wired too. In related news, scientists report no progress in determining why the best computer code is written at 4:27 AM on a tuesday morning surrounded by a box of Mountain Dew."

Because you're reading Slashdot, you probably know that client-side cookies are perfectly safe. They don't contain any code that gets executed by your computer, and there are limits to keep them from filling up your hard drive. Just as importantly, no server can read another server's data, each site reads only its own cookies, and you don't have to worry about privacy. If you don't want a site to know anything about you, you don't tell that site anything. Simple. Or is it?

When Netscape embraced-and-extended the HTTP spec in 1995, it was really just trying to digitize the shopping cart. Allowing a server to store just a few bits on the client added almost no overhead and it made many applications, such as shopping carts, very convenient.

Maybe it was deliberate; maybe nobody really cared; or maybe it was an engineer's simple distaste for tweaking a spec too much: but they allowed cookies to hang off GIFs as well as HTML, and that changed everything. There were probably ten people in the: world at that point who could have foreseen the explosion in banner ad traffic, yielding a multi-billion-dollar industry in less than five years.

Yes, billion -- the large banner-ad company DoubleClick merged with database firm Abacus Direct last year in a billion-dollar stock swap. How much is a billion dollars worth of advertising revenue on the net? At DoubleClick's current rate, it's about 750 billion banner ads. Think of it as four petabytes of GIFs.

And the vast majority of those GIFs just get ignored. When's the last time you clicked a banner? There aren't any precise figures, but the consensus is that the average click-through rate is dropping. Three percent click-through used to be good. Now a well-targeted ad will be happy to get one or two percent. It's hard work to make money from banners, and getting harder every day.

That's why DoubleClick, and firms like it, need to maximize their efficiency. Their income ends up depending on that click-through rate. The higher they can raise that number, the more they can justify charging their clients. Sending targeted ads becomes critical. And the only way to target you is to learn more about you.

The GIF cookie loophole makes this pretty easy. The first banner ad that your browser requested from a banner-ad company got a user ID cookie sent back with it. And - here's the key - since so many banner GIFs all come from the same company's domain name, your browser sends back the same user ID no matter which website you're viewing the banner on. Your user ID is being tracked all over the web.

In the case of DoubleClick, that's a fair number of sites. They won't talk to you unless you serve a million impressions a month - and their network includes 651 publishers which translates to who-knows how many websites. All told, they deliver a billion ads every two days.

Though the Internet Movie Database can't tell where else you've been on the web today, the company delivering its banners knows. That same company knows if you read National Review, TeenMag, or Dilbert. It knows if you're into professional wrestling or what cruises you were looking at on Travelocity. It even has some of your click history through WebMD.com.

The comforting thing has always been that, while the corporation may be able to follow your footprints around the web, at least they haven't known it's you who's making them. The disconcerting thing is, that's about to change.

Remember that billion-dollar merger between DoubleClick and the database company? This database company doesn't sell software. Abacus Direct uses databases to store names, addresses, and other information about people. In offices across the country, their computers have information on two billion purchases made from 1,100 separate consumer catalogs over the years, "representing virtually all U.S. consumer catalog buying households." Their CEO brags,

"Through the sophisticated use of state-of-the-art technologies and modeling techniques, Abacus' outstanding ability to synthesize vast amounts of data into valuable insights about individual consumer buying behaviors has proven itself to be an important marketing tool for our age."

That's why it's very interesting that DoubleClick's privacy policy changed earlier this month. Its text used to read:

"DoubleClick does not know the name, email address, phone number, or home address of anybody who visits a site in the DoubleClick Network. All users who receive an ad targeted by DoubleClick's technology remain completely anonymous."

That promise is gone without a trace from the new policy. The new policy reads:

"In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address."

Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database.

A little further down is the portent of things to come. There is "one particular Web publisher" in their network which collects a "log-in name and demographic data about users." Which publisher is that? They don't say.

Whoever it is, you may already have given it your name and address, perhaps to register for a contest, or maybe in exchange for reading its free content. Everyone does it; it's a small price to pay. DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website.

And if their programmers do their jobs right, it'll end up being a simple SQL query to join up your user ID, the name you gave the mysterious web publisher, your Abacus demographic data and catalog purchases, and the footprints you've left all over the net for the past two years, into a single big lump of your online/offline data.

To be fair, their privacy policy promises they won't start doing this without, er, changing their privacy policy:

"...should DoubleClick ever match the non-personally-identifiable information collected by DoubleClick with Abacus database information, DoubleClick will revise this Privacy Statement to accurately reflect its modified data collection and data use policies and ensure that you have adequate notice of any changes and a choice to participate."

Aren't you glad that, when DoubleClick revised its privacy statement on October13,1999, you were given adequate notice of how you were being tracked across the internet? (They've sent out 46 press releases so far this year. Informing you about weakening your privacy wasn't one of them.)

Things aren't as bad as they could be. One fortunate thing is that the banner-ad market isn't a monopoly yet. Not even close. Adbility lists over fifty ad networks, of which DoubleClick is just one of the larger ones (probably the largest).

But, when any rapidly expanding market starts to level off, the smaller and less-efficient companies get eaten. Nobody knows when the internet's growth curve will hit that point, but exponential expansion can't continue forever. At some point, the companies that can't send banner ads targeted to your community will get left behind. We'll end up with two, maybe three, meganetworks that deliver a large majority of the world's banner ads.

What can you do about it? To protect your own personal privacy, opt out of DoubleClick's cookies. Of course, this doesn't affect other banner-ad companies, who may or may not even offer this solution once they get as big as DoubleClick. It also doesn't help novice websurfers like your grandmother, who doesn't understand why she should refuse free cookies. More importantly, it can't ever be a real answer - if more than a tiny percentage of their audience ever opted out, DoubleClick would see the competitive advantage of their billion-dollar merger start to erode, and that'd be the end of that option.

What makes more sense is to close the cookie loophole. DoubleClick isn't the real problem; the HTTP spec is the problem. The browsers should change their implementation of cookies so that, by default, foreign sites can't send me cookies along with their GIFs. Why should cookies be allowed onto my hard drive if they aren't attached to the page I'm viewing?

Since DoubleClick's privacy policy claims that cookies "are not essential for us to continue our leadership," they should have no problem supporting this as the default behavior of every major web browser.