Slashdot Mirror
DoubleClick DoubleCross
Slav writes "We've known for a while that tracking of Web users was possible and a few companies have been experimenting with it on a small scale. Now DoubleClick, Inc. has confirmed that it's tracking Web surfers [by name and address] with the help of the databases of its newly acquired Abacus Direct." Every site that you visit which has a DoubleClick ad - all 11,500 of them - can be notified of your name, address, phone number, etc., as soon as you visit the site. Or to look at it another way, your consumer profile in the gigantic Abacus database (hundreds of fields of data for essentially every person in the United States) will now include information about what Web sites you visit.
Consider commercials versus tele-marketers. I'd prefer that the companies calling about all their crap would do commercials/banner-ads instead of calling me. That way I won't feel so violated when they pitch their products. When you call me day and night about some crap, even something I might want to buy, I can't just say "I don't wanna hear it, so I won't answer the phone." I pay for my phone, and I do expect that friends and family wanting to talk to me will call me from time to time. With commercials/banner-ads, I can choose to watch the ad, switch the channel, scroll the page, etc if I dont't want to hear your pitch. What I find happens often with both commercials and banner ads, is that since I only see them on the channels/sites where I have an interest,(as opposed to just being displayed on my screen from time to time the aol or geocities way) they are far more likely to be an ad for something I'm interested in. So I'm more likely to listen, read, inquire + buy.
In essence what I'm saying is that yes, we do get something back from advertising in the form of:
- information about new products and services
- financial support for sites/channels/shows that otherwise would not exist, or would have to charge for access
- increased competition from content providers to attract and hold our attention (to help bring in the ad revenue of course)
- sometimes entertaining ads
so you see, banner ads, or even cookies, are not the problem. The problem with the double-click thing is that the web surfer is being covertly tracked and logged in their travels around the web. Filtering out _all_ ads/cookies wil not simply subvert doubleclicks attempts at tracking you, but it could stifle the means by which many a web site makes the $$$ to keep serving up that porn^H^H^H^Hcontent, yeah content, that's the ticket.Of course, you are free to chose whether you, or the network you manage, will participate in the whole banner ad/cookies thing. I would be cautious however in choosing to replace banner-ads with banners of your own making. You could be opening a can of worms in regards to redistributing or modifying the copyrighted content of a particular web site. Several web sites have won lawsuits claiming that by altering their content, or putting it in a frame, you are violating their copyright on the content. It's the notion that ISPs have "common carrier" status that grants them some immunity from this kind of suit. However, if you start selectively modifying the ads that come through, you may be crossing that line from ISP for your students, to being a content provider. I would simply allow or deny all ads to keep that line clear. Otherwise, you could simply sell the (cached) banner ad space to advertisers who want to reach your students. Again, an extremely risky proposition.
-earl
If a company says it's going to do one thing, then does another, then they're open for a whole mess of legal problems -- misrepresentation, fraud, etc. A legal friend of mine is interested in pursuing this idea on the spam front -- include a header which says "this message is not spam", allowing people to filter on it. Including this header (a non-default, BTW) in mail which is spam then becomes legally actionable.
Similar logic applies to Doubleclick. Do I give them the chance. No.
Yes, the law can be your friend.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
As a former employee of DoubleClick I can help you with some info here. Doubleclick maintains a network of sites that they don't host, but merely provide all advertising for. The network is pretty large and I'll guarantee you've hit thier sites before.
Doubleclick when I was there wasn't matching cookies to names and addresses because they knew people would holler like mad if they thought they could be tracked down like that.
I don't think you really have to worry about getting junk mail or anything as a result of the info they have. Then again that may have changed in the year since I worked for them, who knows.
From RFC2109:
To prevent possible security or privacy iolations, a user agent rejects a cookie (shall not store its information) if any of the following is true:
- The value for the Domain attribute contains no embedded dots or does not start with a dot.
- The value for the request-host does not domain-match the Domain attribute.
- The request-host is a FQDN (not IP address) and has the form HD, where D is the value of the Domain attribute, and H is a string that contains one or more dots.
Basically, 1 means you can't set a cookie forHowever, I've seen the last one uses more and more by sites, hotmail being one example. One of Hotmail's servers lc2.law5.hotmail.passport.com sets a cookie for
This may not seem a problem if you usually browse sites with
--
Exigo spamos et dona ferentes
Actually, I've thought a little bit about this, and I think I 've got an idea that might be a little more fun.
Of course, you should be able to specify the domains that you always accept cookies from, and the domains that you never accept cookies from. But, what could be an entertaining third option would be to send a fake cookie to the domain. I'm thinking of some simple configuration where you could set a fixed prefix, and have it add the right number of numbers and/or letters onto the end of it. Lot's of sites just use something simple like:
"ID=nnnnnnnnnn". So, you just make up a random number each time you send them a cookie. End result? Their database starts filling up with random junk, and/or their error logs start growing with strange errors. If enough people were doing this, it could become a real headache for the cookie monsters.
Another interesting possibility, which is more involved, is some sort of anonymous cookie exchange. When your browser got a new cookie, it could automatically upload it to the cookie exchange server. The server would then send you a whole list of other matching cookies to use randomly. This would prevent the cookie sites from using large cookies with CRC's or MAC's to detect spoofed cookies. Since they would all be real, legit cookies, they would all be accepted by the tracking site. End result? Lots of random records with little to no marketing value.
I doubt that Netscape or IE would ever decide to pick up such a feature, but that's the great thing about Mozilla. They don't have to.
You may want to take a look at setting up a Junkbuster proxy server on your web browsing machine. There are proxies for *nix and Win32. I've set 'em up on my FreeBSD box, my NT box, and my Win98 box, then configured my web browsers to use the appropriate proxy. It's sweet!
Oh, go on, check out my job.
My blocklist is available here, and via anonymous rsync at rsync://cloudmaster.com/redir/redir
Assuming you already have squid up and running, you can just
- mkdir
/var/squid/blocker - echo "redirect_program
/var/squid/blocker/squid.redir" >> /etc/squid.conf - rsync -v rsync://cloudmaster.com/redir/*
/var/squid/blocker - cd
/var/squid/blocker - make
At least, I think that will likely work. You get the point...The tracking works regardless of IP address because the information is stored as a cookie. The cookie remains consistent on your browser even if you change IP addresses.
---
This sig has been temporarily disconnected or is no longer in service
However, in the end you miss the point. There is a difference between DeCSS and DoubleClick.
The difference: DeCSS was made under a non-profit situation. DoubleClick's tracking reeks of commercialism.
Information wants to be free. But DoubleClick wants to sell the information. Information it didn't even let the people know it was gathering. There is your difference for you.
The greatest gift that the open source movement can give to consumers will be privacy! A web browser that can protect your privacy. We need a solution that any newbie can use. Just download the browser and you are now anonymous when you want. I noticed many savy posters tell us to set up firewalls and allow/disallow packets from certain IP addresses etc. but we NEED a solution that works for the newbie.
Is it possible to do IP spoofing via a browser? Never mind the cookies, they will track us with IP addresses. What I want is a button on mozilla that toggles whether I reject cookies, adds and spoofs my IP address or recieves cookies, ads and sends my real IP for any given site I am looking at, in real time. Is this possible?
This may become the biggest issue on the net. Most slashdotters can probably figure out how to avoid tracking but we need a solution for idiots.
I would love to hear suggestions.
no sig.
ipchains -A output -d 199.95.206.0/24 -j REJECT
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 199.95.208.0/24 -j REJECT
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 63.160.54.0/24 -j REJECT
ipchains -A output -d 208.211.225.0/24 -j REJECT
ipchains -A output -d 208.10.202.0/24 -j REJECT
ipchains -A output -d 216.94.59.0/24 -j REJECT
ipchains -A output -d 208.228.78.0/24 -j REJECT
ipchains -A output -d 208.228.86.0/24 -j REJECT
ipchains -A output -d 209.167.73.0/24 -j REJECT
ipchains -A output -d 208.229.75.0/24 -j REJECT
ipchains -A output -d 208.203.243.0/24 -j REJECT
ipchains -A output -d 204.178.112.160/24 -j REJECT
ipchains -A output -d 204.253.104.0/24 -j REJECT
ipchains -A output -d 216.230.65.0/24 -j REJECT
ipchains -A output -d 63.77.79.0/24 -j REJECT
ipchains -A output -d 128.11.60.0/24 -j REJECT
ipchains -A output -d 128.11.92.0/24 -j REJECT
ipchains -A output -d 199.95.210.0/24 -j REJECT
ipchains -A output -d 199.95.206.0/24 -j REJECT
---
This sig has been temporarily disconnected or is no longer in service
...many of us are willing to pay a few bucks for a good commercial tool when there's no open source alternative.
I don't have any problem with your endorsement (it is useful information, after all), but For Your Information, there is an Open Source product available that blocks banner ads, cookies, and such. Source available, no cost, and protected by the GPL, it is called "The Internet Junkbuster" and is available for free download from www.junkbusters.com. It functions as a proxy server, and guards your privacy.
Just FYI.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Blocking all ads from all ad companies won't do much good, the market will shrink a bit bit the percentages will be about the same. The answer is to specifically block doubleclick (and any others that start tracking name/address etc.). That way, a specific practice is punished, and not doing that is rewarded. It also sends a message to DoubleClick's clients "your ad isn't being seen, but it WILL be if you get rid of DoubleClick and choose another ad company". To advertising supported websites it says "You'll get more clickthrough pay if you switch away from DoubleClick".
That DOUBLES the impact of the boycott.
Now for some notes on blocking DoubleDlick. First, they use round robin DNS and several different address blocks. If you don't firewall every last one of them, you will get their ads. They have some sort of odd DNS system that assigns addresses to ad.doubleclick.net based on network latencies which they measure by sending packets to port 7 (TCP echo service). I know this because they triggered portsentry on a network I am responsable for and they explained that when I emailed root about it.
The easiest option if you are on a Unix system is to use a local DNS server and set up doubleclick.com and doubleclick.net as master zones. That will cause name lookups for doubleclick to fail.
I would like to firewall their address blocks as well for good measure. Does anyone have a list of all of the addresses assigned to them? I did do dns lookup and check the returned address with rs.arin.net, but the IP is a non-portable address owned by above.net.
Why doesn't the US do somthing like this? Its not about interfereing with your rights, its to stop business from abusing your information.
try to make ends meet, you're a slave to money, then you die
Its not enough for geeks to opt out. We need to get the whole 'net to opt out. Attached is the email I sent to about 20 people. May I suggest that all of you go and do likewise?
--
Distribution of this memo is unlimited.
Since I am probably the biggest spam-hater alive, you can imagine for me to originate one of these chain things is pretty unusual. (In fact, its more than unusual, its unprecidented). Nevertheless, I think that the danger to our society (and the internet as a whole) represented by the situation I am about to describe is great enough that I will take the flames and pass this on.
There is a company called "doubleclick.com". They provide the little banner ads that you see on most web-sites nowadays. That is, when you pull up a web page with advertising, the company making that web page points your web-browser towards DoubleClick's web servers to get an appropriate ad. DoubleClick then pays the company if you click on the ad (anywhere from 1 to 10 cents for a click-through -- if you just look at it, they often get some small fraction of a penny for showing it to you).
In order to target the ads, DoubleClick sets what is called a "cookie" in your browser. This cookie uniquely identifies your computer on the internet. DoubleClick uses this information to target advertisements towards you based on your previous viewing patterns: if you typically click on ads for computer hardware, DoubleClick will show you lots of ads for computer hardware. However, all of this is still anonymous.
That is, it was thought to be until the following story came out:
To summarize, the above story relates how DoubleClick bought a direct marketing company called Abacus Direct. Abacus Direct maintains a database covering over 90% of all American households. And DoubleClick acknowledges that they have begun linking Abacus Direct's database with theirs.The net effect of this is that, for a price, a vendor can get your name, address, phone number, /and/ your reading habits. They can find out what newspapers you read (over the web), what web sites you visit, etc. They can find out what products you buy -- it is simple to link information from amazon.com to doubleclick as well. They can then use this information to target advertisements at you.
Many people don't see the problem with this. May I suggest that you consider this: the express purpose of advertising is to get you to buy things which you would not ordinarily buy. That is, the perfect person in their eyes is a profligate spend-thrift. Happiness through possesions is the mantra they push.
The advertising industry has already demonstrated that they will stop at nothing to sell products. For example, consider that the "June Cleaver" perfect housewife of the 1950's is acknowledged to have been created by and for the advertising industry! Or consider some of the tactics used by the baby formula companies to get mothers to not breastfeed, despite the acknowledged medical fact that breast-feeding is far better for the child. (Some of the tactics used in developing countries were exceptionally gruesome.) What about the toilet-training "experts" who are employed by the diaper companies? Ever wonder why we suddenly need Size 5 Pampers?
We have already seen what advertising can do with statistical sampling alone: what will they be able to do with specific data about you? That is, what will happen when, instead of marketing to a mythical (but frighteningly accurate) average household, they are marketing to you personally?
Fortunately, there is a way out. You can visit:
And decline to have your information tracked. I highly recommend it. I could go on for pages about why this is important -- the point is that once we have given Madison Avenue this power, we will never be able to take it back. The time to opt out is now.-- Slashdot sucks.
Information gathering is nothing new, everytime you go grocery shopping and use your "Club Card" your grocery purchases are put into a huge databse. Say you buy some pampers... instantly a red light goes off some where and next week you'll be getting mail about baby products.. Building huge data bases on people is extrmley scary, and at present laws don't really exist to protect peoples privacy, or information.
Should you be allowed to know i have a history of cancer in my family before i buy insurance from you?
Sorry 'bout the heavy MS content.
How to do it
Here's an alternate idea that's more appealing from a Discordian sort of perspective....
With a little Perl/Python/whatever hackery, you could easily create a script to randomize you cookie files. It's easy, you just open the file, read the cookie values, change a few random digits here and there, and write it back out. Ideally the new cookie should have the same format as the old one, so that it looks like valid data even though it's random junk.
Then set up a cron job to run this script at regular intervals. And set your browser prefs to just accept all cookies, because you know they're going to get scrambled anyway. Voila, every day you are a different person to the likes of doubleclick. But they can't tell that they're getting bogus data, and so they aggressively attempt to target market these random non-persons.
The only thing to keep in mind is to periodically quit/restart your browser, so as to wipe out any memory-resident cookies.
I did this at my last job, but I lost the script in transition and haven't gotten around to re-creating it. But it's easy for anyone with even a little bit of Perl skill.
And you may ask yourself, well, how did I get here?
I really like this idea. This should definitely be added to Mozilla. The way to combat these sort of practices isn't just to block them, but to make them impractical/unprofitable.
New XFMail home page
I really don't have a problem with the *ads* themselves. Advertisements are what pays for sites like Slashdot. Blocking them out decreases revenue for Slashdot, so I'm quite happy to leave them in place, so long as they're benign (which seems to not be the case with DoubleClick).
Hell, I occasionally (like once every few months) even click on one.
Their privacy statement says:
In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address.
This, as we now know, is untrue. Granted, they collect it from another server, and not from you, but they still collect it when they send you an ad.
Liars.
-Waldo
This is the opt-out link. It will place a cookie on your computer that'll let you opt out of doubleclick's tracking.
I am the administrator of a few web caches (I use squid) and I've started blocking web ads a while ago, replacing them by one-pixel blank gifs. It probably fixes the problem...
Actually, I believe they are not law at all. I was describing how it should be, not how it is.
;)
EU e-commerce laws, apparently, are similar to this though, mainly dealing with credit card info and other stuff. Sorry, I have no link, but I recall that the EU has some policies that to do e-commerce with the EU, you must follow their strict privacy rules.
ie: contact/name info can be provided for payment, but it is *forbidden* for the company receiving it to use it for anything else.
And you are right.. it is completely screwed up that these companies can tell DoubleClick who *I* am, as their customer, but DoubleClick cannot tell *me* about their customers
I haven't downloaded Stefan's junkbuster, but reviewing his page:
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
Alias their site to 127.0.0.1. If you're running Windows, edit the 'hosts' file.
/etc/hosts file. It's very nice to surf with a lot less ads.
And for all you Linux guys, do the same thing, except to the
The simplest method would be to either block all traffic from doubleclick.net, or frequently go on search-and-destroy missions through your cookie files, looking for doubleclick.net cookies and systematically removing them all from your system. Profiling cannot work if the ID code is no longer valid.
Another method that would take more effort to set up but can potentially cause irreparable damage to the usefulness of the cookie as a profiling tool follows. Set up a central web site for doubleclick.net cookies. Users of the site would download special software that swaps cookies. Then the software would upload your doubleclick.net cookie, and you would receive another random cookie back. Swapping cookies like this destroys them as a tracking resource.
This isn't illegal, but doubleclick.net may decide to sue the site to force them to stop trading cookies in this way anyway. If this happens, all the users on the site can then launch a class action countersuit against doubleclick.net with the goal of forcing them to stop profiling. For example, does it constitute illegal wiretapping? And does doubleclick.net have a valid end-user licence for the use of the personal information in this way?
Everyone, please remember the horrendous Orwellian scenario that already exists when profiling is combined with Web Bugs (also more euphemistically known as clear gifs). Web Bugs are small (typically 1x1 pixel) clear gifs that are found on the bottom of web pages that inform the owners that the page has been loaded. Doubleclick.net already know what pages you visit, a lot more than you think. And it's happening now.
Doubleclick.net are not the only net terrorists that are acting this way. They are merely the most prominent, and the first that have actually admitted to the practice. Where I refer to doubleclick.net here, substitute many other ad banner companies freely.
If you want to boycott companies, the following need to be boycotted, in order of importance:
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
You can use a junkbuster proxy to filter out ads. Alternatively, I believe that internet explorer allows you to set the 'doubleclick' domain to be in its own security zone, and then set that zone to not accept cookies.
Note also that you will only be associated w/ the database if they have some way to associate you w/ your entry in their database. Once your cookie is there, though, they will know.
--
DoubleClick's Privacy Policy.
Information Collected in the Process of Delivering an ad by DoubleClick
Doub leClick "Opt-Out" Option (how-to)
info@doubleclick.net email address
Salocin.com
End of story.
Libby, Alycia
c y.htm.
Wednesday, January 26, 2000 3:22 PM
"Waldo L. Jaquith"
RE: Privacy Statement
Thank you for contacting DoubleClick with your concerns. Protecting the
privacy of consumers is of paramount importance to DoubleClick. We are
founding members of several organizations (NetCoalition.com and Network
Advertising Initiative) that are currently creating standards that protect
online consumer privacy, and belong to the Online Privacy Alliance. First
and foremost, we want to make sure that you understand exactly what we do,
and to clear up any misperceptions that exist in the media or marketplace.
First, it is important to understand that Web advertising is critical to
ensuring that consumers like yourself can continue to access Web sites at no
cost. . Effective Web advertising assures that the Web's information,
content, and resources remain free for everyone.
Second, we would like to clear up a huge misconception in the marketplace
that companies such as DoubleClick have the ability to "track" what an
Internet user is doing throughout the Web without their knowledge or
consent. The fact is that the only time DoubleClick knows when a user
visits a Web site is if DoubleClick is serving an ad to that particular Web
site. Even then, the information that is collected by DoubleClick is used
only for advertising and reporting purposes, so that our customers can gauge
the effectiveness of their advertising campaigns.
DoubleClick does not know the identity of any user to whom DoubleClick
delivers an ad until and unless that user has been provided notice about and
consented to having his or her identity used in connection with serving
advertising and other online marketing services.
You should also know that DoubleClick does not sell any information
collected from cookies to third parties. DoubleClick has an explanation of
what a "cookie" is and how it is used on its Web site that we invite you to
read at http://www.doubleclick.net/privacy_policy/.
Simply put, cookies are small text files that are sent to a user's hard
drive in order to facilitate surfing on the Internet. They are commonly
used by Web sites to maintain a customized environment for each user and to
make it easier for customers to purchase goods and services. DoubleClick
also uses cookies to limit the number of times a customer sees an ad, which
our customers have told us is important to them. We also use them to
measure ad effectiveness on behalf of advertisers and Web sites with which
DoubleClick does business.
However, please be assured that until, and unless, a person chooses to
provide personally identifiable information to a Web site, DoubleClick has
no way to know their identity. All DoubleClick knows is that a computer's
browser is visiting the site.
Finally, we want you to know that DoubleClick does create profiles about
consumers solely in an attempt to deliver ads that the user may be
interested in viewing. Again, DoubleClick does not create a profile about
any user unless that consumer has received notice and the opportunity to opt
out from such profiling. Moreover, DoubleClick does not create profiles that
contain sensitive information such as a consumer's medical information.
Consumers can absolutely choose not to accept DoubleClick cookies or to
receive ads tailored to their personal information by opting out at
DoubleClick's Web site at
http://www.doubleclick.net/privacy_policy/priva
We hope that you will take a minute to read the complete discussion of what
information DoubleClick does collect and how it's used. Please visit our
privacy policy on our Web site at
http://www.doubleclick.net/privacy_policy/. The page also provides you
with the opportunity to opt out from DoubleClick's cookies.
If you need more information about DoubleClick please feel free to contact
us at 212-683-0001.
Again, thank you for contacting us with your concerns. We hope that this
letter has helped to clear them up and that you will contact us if you need
more information.
Sincerely,
DoubleClick, Inc. (NASDAQ: DCLK)
http://www.doubleclick.net
in general, cookies are OK, and quite useful, for short-lived browser/server interaction state keeping. There is no real need for long-term cookies; at worst you'll have to enter a password a few times more. And clearing your cookie file very effectively dissociates any further browsing from any profile doubleclick may have of you.
Well, yes, on some extremely ad-heavy and poorly-designed sites that assumed the ads were there. Small price to pay...
--
Well, I'm sure that going a little far, she probably will only be getting free samples of KY jelly in the mail and a free issue of Jonny Leatherpants and his Magic Nipple Clamps.
But in all seriousness, I thought the FTC was tring to cut down or make on this kind of thing illegal, *and* with the whole Pentium 3 serial code fiasco, it is painfully clear that people value their privacy on the web.
Anyone know of a site or utility to clear out certain cookies like these, but leave the nice ones in like Slashdot?
George W. Bush-- Not a crackhead since 1974!
To stop this stuff, and also save on bandwidth, I use AtGuard. It filters cookies on a per-site basis, and also blocks access to URLs containing certain sub-strings (which can also be configured on a per-site basis). Overall a really cool and useful program which deserves to be far better known.
Unfortunately I've just discovered that WRQ (the creators of AtGuard) have sold the rights to Symantec, and its now part of Norton Internet Security 2000 for almost twice the price of just AtGuard. But you get a virus scanner as well. Ho hum.
Paul.
You are lost in a twisty maze of little standards, all different.
If there truely is a law against this kind of tracking in the EU, then the authorities should be the ones pressing charges.
#!/local/bin/perl5
#
# usage: domain.sort.pl < listofdomainnames > sortedlistofdomainnames
#
# Sorts by each domain, so all *.com's are sorted together, and
# all *.abc.com's are sorted together near the top of all *.coms, etc.
# Doesn't sort dotted IP4 addresses well, but doesn't mangle them either.
sub reversehost
{
my @terms = split(/\./, shift);
@terms = reverse @terms;
join('.', @terms);
}
sub main
{
my @lines = <>;
foreach my $line (@lines)
{ chomp $line; $line = reversehost($line); }
@lines = sort { $a cmp $b } @lines;
foreach my $line (@lines)
{ print reversehost($line) . "\n"; }
}
main();
1;
[
> ...include a header which says "this message is not spam", allowing people to filter on it.
I already filter on messages that say "This is NOT SPAM". They go straight to my spam folder. Haven't had a false positive yet.
I wish that in netscapes prefs, you could list all the sites you go to and specify whether or not to accept cookies from them, so you could always accept cookies from Slash or Amazon but never from AdFu or Doubleclick...
Maybe it could happen in Mozilla?
I'm doing this under IE4.0 at work. The HOSTS file is useless since all HTTP traffic goes through a proxy, but going into the advanced-proxy configuration allows one to specify sites which should not be accessed through the proxy. Routing these to the local network gets them blocked at the firewall, and they time out. This is better than blocking cookies, because the ad site never gets to see an IP address, let alone the http:referrer field.
Something to be aware of: Even if you use the write-protected cookie file trick under Netscape, if you accept a cookie it will still be active until the end of your session. This means you will be letting Doubleclick/Abacus connect your hits to your name and home address, at least for the rest of your surfing that day. Blocking all access to Doubleclick costs them a lot more.
Slashdot serves a lot of its own ads, which I still see (of course). I will happily patronize Slashdot, because I doubt it is going to sell my private information to anyone or track me between sites. Doubleclick, flycast, bfast, hitbox and the rest are not so friendly, and I think that sites which use their services should not be given the benefit of the doubt (or the revenue).
Here's my current blocklist (pardon the formatting): ;ads16.focalink.com;redherring.ngadcenter.net; ads.guardianunlimited.co.uk; media.preferences.com;excite.com; stats.superstats.com;mojofarm.mediaplex.com
a32.g.a.yimg.com;valueclick.com; mojofarm.sjc.mediaplex.com;www.burstnet.com ad-adex3.flycast.com;ads17.focalink.com; ad.doubleclick.net;ad.uk.doubleclick.net; a1.g.a.yimg.com;ad.preferences.com; barnesandnoble.bfast.com;ads.enliven.com; ads09.focalink.com; view.avenuea.com;ads.i33.com;ads.bfast.com; adserver.track-star.com;ads.admaximize.com; ads24.focalink.com;banners.orbitcycle.com; adforce.imgis.com;service.bfast.com; ph-ad04.focalink.com;leader.linkexchange.com; adex3.flycast.com;Ogilvy.ngadcenter.net; ads18.focalink.com;ads06.focalink.com; van.ads.link4ads.com;view.accendo.com; ads19.focalink.com;ads21.focalink.com; thinknyc.eu-adcenter.net;ph-ad05.focalink.com; ad.doubleclick.net;barnesandnoble.bfast.com; gm.preferences.com;newads.cmpnet.com; ads25.focalink.com;ads22.focalink.com; app-05.www.ibm.com;cookies.cmpnet.com; ads20.focalink.com;idealab-ad.flycast.com; ph-ad07.focalink.com;ads15.focalink.com; ads10.focalink.com;ad.ca.doubleclick.net; static.admaximize.com;ads.dallasnews.com; realmedia.com;www.rbiproduction.co.uk; w131.hitbox.com;ln.doubleclick.net; c1.thecounter.com;ads23.focalink.com; maximumpcads.imaginemedia.com; maximumpcads.snv.futurenet.com; www56.valueclick.com;ads05.focalink.com; kansas.valueclick.com;oz.valueclick.com; ads07.focalink.com;ads12.focalink.com
--
Time is Nature's way of keeping everything from happening at once... the bitch.
If you're a windows user like I'm forced to be, I strongly recommend AtGuard. It was recently bought out by Symantec, but I think you can still get trial versions and stuff.
The way this thing works is that it scans TCP/IP requests and never transmits the ones matching a certain pattern. I end up seeing less than 0.1% of the banner ads on the 'net, and when I do see one, I just add the relevant pattern to my block list and never see ads from that site again.
AtGuard also does one more amazing thing -- it stops animated GIFs from looping. About time!!
Along with AtGuard I use Cookie Pal. It basically intercepts the Netscape or IE cookie request dialog, and handles it. What makes it better than Netscape or IE is:
Eventually (once it's more stable and I have more time) I plan to get Mozilla and, if someone hasn't done it first, add all these features to the source. At one point I had read enough of the Mozilla source to know how to stop the animated GIFs but I never got around to adding the changes. Until then these tools are amazing and I can't recommend them enough.
Moderators: I know this is endorsement of commercial Windows products by a Windows user. I know it's not accompanied by the requisite amount of Slashdot Windows trashing or anti-commercial ranting, but let's face it, many of us have to use Windows, and many of us are willing to pay a few bucks for a good commercial tool when there's no open source alternative. Please help me get the word out and help people regain their privacy and freedom from advertising by bumping this up a couple of points. (And no, I'm not associated with either product, just a happy user).
No change here.... .doubleclick line, and all the other ad ones.
So I just deleted the
well, getting their banners and tracking cookies, but removing the cookie every day or more often, is a way of poisoning the db with lots of useless entries; however, these entries will eventually expire (no more hits in a long time => cookie must be lost; not associated to a real name profile => useless, expire it). a stronger way to poison the db would be to have a proxy that randomizes the content of the doubleclick cookie, within its usual syntax. depending on how their system is setup, you could either get ignored in most cases, or manage to assign your hits to other random people's profiles. but you'd need a lot of people doing that to have a significant impact, and most people just don't care enough. hell, *I* don't care enough either; I'm just happy to block them at /etc/hosts.
Exchanging cookies (like wearing and swapping masks) is a great twist on this concept. I like it.
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Now, what I thought I just read was "Government is ineffectual" followed by "Call your congresscritter." Ummmm, huh?
Government is not the answer to individual privacy, just as government is not the answer to individual security. Government can make it easier or more difficult to do these things, but ultimately it comes down to individual responsibility. Frankly, the best way for government to make anything easier is to get the hell out the way and let us do our thing. (Actually, the Europeans' various privacy legislation isn't such a bad attempt, but if you think the American Congress is going to pass any such thing, I have a steak dinner that says you're sadly mistaken.)
Folks, our privacy is being taken away with technology. We can use technology (or the lack of it) to fight this. Junkbuster is an excellent example. Refusing supermarket club cards, and choosing who you shop with by how they respect your privacy, is another. Joining EFF, and contributing to other worthy organizations like EPIC, is yet another.
We might be able, over time, to bludgeon the rotters in the District O'Crime into respecting us... which is why EPIC and such are worthy causes. But for the nonce, we are far more effective at protecting our privacy as individuals than as subjects of the Imperial Federal Government. IF your congresscritter will listen, talk to him. My last one would not (in fact, she was a Communist... but I digress). But in the short term, protecting privacy is simply a matter of using your head and the word "no"... and voting with your feet.
Oh, one way to keep track of issues that I haven't seen posted here before: The Privacy mailing list, which IIRC is a digest of comp.society.privacy (not posting to Usenet is a good way to keep one's email private!), which is available from privacy-request@vortex.com. Simply being aware of what's out there is one of the best ways to run a clean operation.
In The Art of War Sun Tsu says that if you know your enemy, and you know yourself, you have already won half the battle. You can use the Net, one of the very things being used to take your privacy, to learn about the enemy. You can learn what it knows about you. And once you do that, you can then figure out how to control it, make it work *for* you. I leave the rest to the reader.
--
There is no spoon.
[ryan@leia: serial]$ nslookup www.doubleclick.net
:)
Server: line.ryans.dhs.org
Address: 199.201.131.225
*** line.ryans.dhs.org can't find www.doubleclick.net: Non-existent host/domain
Golly, my dns server must be misconfigured
Ryan
For Macs there's WebFree, which can block ads in IE and Communicator, or the rather nice but also rather beta iCab browser, which has ad filtering abilities built in.
--
This space unintentionally left unblank.
Sorry to shout, but I fear many people share the same misapprehension. Cookies can be attached to images as well as to web pages. By attaching cookies to banner ads or invisible GIFs served from a common source, servers can pass information about you between themselves. Since the cookie comes from the same source as the image, the "Only accept cookies originating from the same server" option will gladly accept them. You must block or delete cookies if you wish to prevent this tracking. (Also note that even the mighty, mighty Junkbuster won't protect you fully - cookies can still get thru in Javascript and SSL.)
For a detailed explanation see Chapter 9 of Phillip and Alex's Guide to Web Publishing (scroll down about halfway for the relevant section).
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Comment removed based on user account deletion
Like it or not, advertising revenue pays for a substantial part of "The Internet" as we know it today. Yes, it probably would be nice if the whole thing was funded by magic, but it isn't, and banner advertising does provide a relatively straightforward way of funding lots of useful sites. There's nothing intrinsically wrong with provision of advertising space, and DoubleClick does do a pretty good job of selecting and targeting ad banners based on your cookie trail - no worse than anyone else, anyway.
However, the business of associating this cookie trail with your "real-life" name and address takes us into serious privacy issues - I'm not totally clear what the legal situation in the USA is, but in the EU they must provide an opt-out from such a system, and they must abide by it. Any evidence that they are failing to abide by the opt-out will be taken very seriously indeed by the data protection people. I'm sure a similar régime must prevail in the USA and elsewhere.
Let's not get carried away, folks. Don't confuse the "necessary evil" (web ads) with the serious privacy issue. Ads aren't necessarily bad, but DC and others have to abide by the rules of privacy, and these are legally enforceable.
Slight disclaimer : My fiancée works for DoubleClick, but the views expressed above are mine alone.
New XFMail home page
Wow.
I mean sure, this was something that was sorta expected when I first heard about this (some old slashdot story). But after realizine the implications of this I just have to say...Wow. Welcome to a new era of junk mail people. Ultimately that is what this will result in. Okay it might be a little more severe than that, but what I really think will come of this is that a few more of us might be getting doubles of the edmund scientific cataloge.
Okay, bad joke. This is serious. And I really wonder how the opt out link that they provide is used. Do you have to opt out for every IP address that you have? I opted out from my work IP but now I'm at home. Does that mean that evey thing I do from here they can track? What about people with dial-up connections? They don't have a static IP. Does this mean that they can't opt out at all? I'm kinda scared of the implications of this. For me I hope that it just means that I'll get more spam on my hotmail account. But still......
Pete
The sole purpose of the Internet is to get porn and bomb making plans into the hands of children.
"Stealing" is a harsh way to put it. What about people who browse the web with auto-load images turned off? I see nothing wrong with processing downloaded code and data as the user or administrator sees fit. People should in no way be obligated to endure ads or any other objectionable content.
The Internet is a public network. By putting up websites and serving requested information to users, site owners are freely offering and releasing information. Users may then store, process, act upon, or discard that information as they see fit. The fact that many sites are sustained by revenue from ads should not deprive users of those basic, reasonable rights.
In any case, I think that it is less ethical to covertly track and profile people than for people to set up their software to not request ads or accept cookies. People don't exist for the sole purpose of generating revenue.
It should be a domain/IP-address based module to remember never to send requests to domains like doubleclick.
.22 pea shooter available to those who don't want to pack a shotgun.
It should make its way to the preferences section, preferably together with a cookie filter. By making it a standard part of Mozilla, it will pressure Netscape and M$ to copy the feature.
This way the user has some control of how much info he gives away by browsing. Anonimizing proxies are also a solution, but it's best to make a
I was awarded the patent today on open source petrified telemarketers and advertising executives. My IPO is April 1st. :)
--- Grow a pair, liberals... stop letting the Republicans bully you!
The software package that I prefer using is junkbuster. It is an easy to set up web proxy server that runs on port 8000 ... it is extremely effective at blocking out banner ads, and it also has options for blocking out suspicious cookies, and preventing $HTTP_USER-type variables from being initialized.
It is unfortunate that we have to go to the trouble of installing these things, but the only cost of running it is the time it takes you to install the software. on the other hand, you'll be protecting your privacy as well as your bandwidth.
- Most sites that I am personally interested in use very few or no cookies at all
- Many sites out there use an obscene number of cookies. 10-15 for 1 page is not uncommon. Regardless of whether you object to the privacy issues, this is bad design. I suspect that there are Web Authoring systems out there that enable cookies for every single page, image, and sound clip by default, and many of those cookies are not used for anything useful.
- Some sites have what I believe is a legitimate purpose for cookies. If I am not mistaken,
/. sets only 1 cookie on my machine and from this 1 cookie is able to do all kinds of user specific configuration - Other than for legitimate uses (user customation, on-line ordering, etc.,) (in which case I support accepting cookies) rejecting all other cookies on the web will not affect you web-surfing experience 99.44 percent of the time
- Fortunately, I usually find that sites that use lots of cookies are really not that interesting too me, anyway. Strange coincidence?
Of course, regarding the last point, there are some exceptions. I find Netscapes's cookie-handling policy, while better than giving no choice at all, does not offer enough flexibility for my tastes. I would prefer to be able to accept/reject cookies based on a set of filters and rules for domains, transaction types, etc. I believe lynx has some better capabilites than Netscape in this department.Further, I think it would be useful to have a set of switches that are easily accessible on the toolbar that would allow you to toggle cookie policy on the fly. This would be much more useful than the latest Netscape feature, the "Shop" button. What a waste of real-estate. It would be nice to get something like that into Mozilla. I'll start tinkering with the Mozilla source just as soon as it takes less than two hours to download via cable modem ;) Ramble, ramble, ramble.
XML causes global warming.
If you're familiar with IT operations, Fred Flintstone (etc.), Test User, Test Account, Admin Account, and similar interesting first/last name combinations can be fun to try.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
The thing is, do we want to trust Doubleclick not to track us personally, even after we opt out? I think it's less than prudent to put that kind of faith in a company that's been decieving us since last year.
A simpler (and more thorough) solution: block cookies from doubleclick.net. Hell, if you've got a firewall, block all packets to and from doubleclick.net. I, personally, can't see any reason to connect to a doubleclick server. Who wants the ads anyway? Same thing goes for preferences.com, flycast.com, and any other advertising company. I've been dropping all packets to and from the domains mentioned above, with no significant problems. Of course, I don't get to see those specially targeted banner ads, but I don't really think I'm missing out :)
--
Is there any alternative to these two options? You bet there is. The alternative is to empower individuals to police their own privacy. People shouldn't have to rely on the Federal Trade Commission or any bureaucratic agency to make sure their privacy is safe. This means making sure that every man, woman, and child has an ENFORCEABLE right to make sure their personal information is not used in a way they have not authorized. It also means making sure that all individuals have swift and certain REMEDIES against any business that (by negligence or deliberately) misuses personal data or fails to protect it.
This proposal would not be bad for business. To the contrary, it s essential to the viability of the new economy. Protection for individual privacy just provides a better incentive for business to be truly responsive to customer wants and needs.
Pipe dream? Not if enough people demand the rights they should already be able to enjoy. But the deal is ALREADY being cut in Washington next month to prevent YOU from exercisng the rights you should have.
Look at the list of panelists on what the Federal Trade Commission calls a "balanced" committee to examine how to protect consumer information. See http://www.ftc.gov/opa/2000/01/asrev.htm -- aside from one or two "token" privacy advocates, the whole panel is dominated by comercial internests -- such as representatives of the Direct Marketing Association AND the law firm that represented it (Piper & Marbury) AND several of its member companies.
So what can you do? Call your Member of Congress and both of your Senators. If you're really ambitious, call your state government representatives, too. For each office, get the name of the staffer who handles "Internet Privacy and Medical Privacy" issues. Tell that person that you are a constitutent, that you vote, and that it is important to you for Congress to empower individuals to protect their own privacy on the Internet. Ask if your Congressperson or Senator has a position on this issue, and if so, what that position is.
Then point out how you are upset by how the FTC has composed its Advisory Panel principally of industry representatives. Tell your elected officials that you do not feel safe when government agencies puts representatives of the Wolves in charge of writing the rules for protection of the Sheep.
If you learn anything particularly interesting on the subject, post it here on /.
Other contacts (who may have good ideas on how to get involved in making sure lawmakers make good rules) are Diedre Mulligan at the Center for Democracy and Technology, and Mark Rotenberg at the Electronic Privacy Information Center.
Since I run an IPMASQ/Firewall, at home, I just use ipchains rules to block out all traffic TO their servers:
/sbin/ipchains -A output -j REJECT -d 199.95.207.0/24
/sbin/ipchains -A output -j REJECT -d 204.253.104.0/24
/sbin/ipchains -A output -j REJECT -d 199.95.208.0/24
/sbin/ipchains -A output -j REJECT -d 208.211.225.0/24
;-( ) since i block traffic to their sites, their servers don't even get my IP address ;->. If your machine isn't behind a firewall you control you can still run firewall rules locally to keep out unwanted crap and/or visitors ;->
I only started doing this a few days ago (kinda profetic eh?) so I know i'm missing a few of the subnets their servers use (my rough guess is about 1 in 8 gets through
"Listen: We are here on Earth to fart around. Don't let anybody tell you any different!" - Kurt Vonnegut
Note that there's a period at the end - that tells notepad not to try to add a
Windows allows you to include comments in the hosts file by beginning the line with a # symbol.
(For the clueless, when you connect to a web server, it's usually a two-step process: first, look up the IP address for a hostname like "www.slashdot.org" and get an IP address like 209.207.224.42; then, connect to the computer with the IP address 209.207.224.42 and request the webpage. Adding entries to the windows hosts file short-circuits the IP address lookup, so your browser and other programs on your computer think that the IP address for "ads.doubleclick.net" is 127.0.0.1. But 127.0.0.1 is a special address called the loopback address, meaning that it always refers to the computer you're using. Since you probably don't have a web server on your computer, your browser fails in connecting to "ads.doubleclick.net" and displays an empty banner. This attempted connection to your own computer happens without wasting any of your bandwidth, by the way.)
--
The shareholder is always right.
When you accept a cookie from a site it is analogous to someone coming up to you and writing on your forehead 19876523. Does 19876523 mean anything in itself? No. But now lets say that the you go to the store and they see 19876523 on your forehead and write it down. Now you go to another store, and they write it down. These stores also write down everything you buy.
Now let's say you go to another store and order something they are going to ship to you. They write down 19876523 as well as what you bought as well as your home address and name. Now a company knows what you ate at tacobell, bought at the supermarket, and what you bought at wal mart.
Cookies in theory are limited in scope moreso than my example was, because only the company that wrote on your forehead could read the number. Only slashdot can read the cookies it sends to your browser. But, what ends up happening is that web pages use a 3rd party to serve up the banner ads. This 3rd party is the one that sends you the cookie. When you go to another site that this 3rd party is also serving up ads to, they instantly identify you from the old web site. If one of the websites you go to gets your shipping information and they have an agreement with the banner ad company, it's all over.
I got a full list of their subnets through ARIN, conveniently listed below. Some of these guys may not actually be Double Click, but since they all have "Double Click" somewhere in their names, they all get blocked at my router level:
[root@foo
[arin.net]
Double Click (NETBLK-UU-208-211-225) UU-208-211-225
208.211.225.0 - 208.211.225.255
Double Click (NETBLK-UU-208-203-243) UU-208-203-243
208.203.243.0 - 208.203.243.255
Double Click (NETBLK-UU-204-178-112-160) UU-204-178-112-160
204.178.112.160 - 204.178.112.191
Double Click (NETBLK-UU-204-253-104) UU-204-253-104
204.253.104.0 - 204.253.105.255
Double Click (NETBLK-CYPC-2162306564) CYPC-2162306564
216.230.65.64 - 216.230.65.79
Double Click (NETBLK-UU-63-77-79-192) UU-63-77-79-192
63.77.79.192 - 63.77.79.255
Double Click Computers (NETBLK-DCLICK-T1-BLK) DCLICK-T1-BLK
204.186.74.0 - 204.186.74.255
Double Click Imaging, Inc. (ICO-HST) NS1.ICONETWORKS.NET 204.94.129.65
Double Click Imaging, Inc. (NET-DOUBLECLICK2) DOUBLECLICK2 192.65.80.0
Double Click, Inc. (NETBLK-DOUBLECLICK31-60-18) DOUBLECLICK31-60-18
128.11.60.64 - 128.11.60.127
Double Click, Inc. (NETBLK-DOUBLECLICK-92-19) DOUBLECLICK-92-19
128.11.92.0 - 128.11.92.255
Double Click, Inc. (NETBLK-DOUBLECLICK-210-08) DOUBLECLICK-210-08
199.95.210.0 - 199.95.210.255
Double Click, Inc. (NETBLK-DOUBLECLICK3) DOUBLECLICK3
199.95.206.0 - 199.95.209.255
they provide the ads for many many many sites. do a view-image on an Altavista ad, for example.
I did.
No change.
So I deleted the cookies I didn't like
and then made the file read-only.
...that's full agreement with all points above. For Linux users, deploying Junkbuster is as easy as downloading the RPM or DEB file and installing it. For Windows users, either NT or Win9x, you can also use the proxy.
Both the banner and cookie action are way cool. The following blockfile eliminates pretty darned near all the banner ads (and the sites associated with them if a full site or domain is listed). Note that I've allowed banners at a number of Linux-friendly sites, on principle, though you could change this if you wanted.
/*.*/ad/
/*.*/ads/
/*.*/advert/
/*.*/adverts/
a32.g.a.yimg.com/
ad.*.*
adforce.imgis.com/
adremote.*.*
ads*.*.*
doubleclick.net
image.pathfinder.com/sponsors*
preferences.com
sfgate.com/place-ads
Those few lines block virtually all the ad traffic I see.
For cookies, I block all, then selectively allow a limited number of sites with which I do business. Mostly message boards.
There was a really good program Online Profiling on NPR's Talk of the Nation a couple of months back. Other useful resources are Center for Democracy and Technology, and for a look at the other side, NetworkAdvertising.Org and Direct Marketing Association
If setting up a proxy is too much for you, the following tricks will prevent a permanent cookie file from being generated:
I'm not sure what the corresponding IE trix are. For Linux, lynx and other browsers can use the link to /dev/null trick.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
- Use a program that replaces the contents of cookies to sites not specifically allowed with random data. This screws with their tracking and is fun, fun, fun! I am writing such a program for the Macintosh platform first, since that's what I primarily use; Linux support will follow RSN.
- set up a firewall that drops all packets to and from *.doubleclick.net (firewalls are nice to have anyway, and there's firewall software for every OS on the market) This, BTW, is what I currently do.
- Use Junkbusters or a similar proxy service. (Win, *nix only) There is also proxy software available for the Macintosh; basically, it sits between your Internet connection and your web browser and filters all the content you don't want (like ads). You can also use proxy software to block Javascript and anything else you don't want.
- Get all the cookies from the sites you need cookies for (like your Slashdot login), then set the permissions on your cookies file to read-only.
- Block all cookies. This will stop the tracking, but it will also break some sites.
- Don't autoload images. Just load the images you want to see manually. Since the cookie is attached to the banner, you don't get the cookie unless you look at the banner.
I hope that gave you some nice ideas...--
If installing a CGI script somewhere is easier than installing the Junkbuster, then see my CGIProxy. Along with proxying pages, it can filter ads with either your own blocklist or a default one.
I would accept promises from companies. I think most are trustworthy enough. But, promising alone is not enough, I want recourse and/or punishment. IRS employees keep getting caught sneaking peeks: the death penalty is what I'd like to see (don't like it? don't peek and even if you are the President (hi Echelon) something they've been known to do) But assuming others aren't that etreme, how about firing, pension loss... something serious. At least tell me what the punishment is. A simpler case to illustrate: I haven't forgiven Real Networks for its spying transgressions, but they could have repaired a lot of trust if they said, "we screwed up, and we are going to delete all the info we grabbed, plus one month worth of all our server logs, and we fired that guy."
A more global pet proposal of mine is this: as a compromise between the privacy nuts and data gulpers: if information about me is stored in a database and includes any sort of address/contact information, then the database owner must tell me once a year what they have on me. It would cost only a small amount per person, and if it does not have that much economic value, don't keep it. Then at least the average person would develop an awareness of what's out there.
So what? A bad action is still a bad action whether or not you're making money on it or not.
Point for your side. But there's one thing: consider motives again.
Let's look at DeCSS. Why was it made? It was made so Linux (and other alternative OS users) could play legitimately-purchased DVD's. Yes, you can copy disks, but that was not the intent of the project, nor its primary use. In short, the intent of the act is benign.
DoubleClick's info-harvesting exists for one purpose only: to sell the information. Furthermore, to sell it to people who will use it in ways that DoubleClick knows will use it for the sole purpose of doing a primitive psychoanalysis on people and pushing ads based on the results. This is something that no one wants. So the intent is, albeit mildly, malicious.
Information wants to be free, yes. But it does not want to be misused. That is the difference between DeCSS and DoubleClick's data-harvesting.
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
you might want to add in these for when they grow...
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
There ;-)
Aaron "PooF" Matthews
E-mail: aaron@fish.pathcom.com
To mail me remove "fish."
ICQ: 11391152
Quote: "Success is the greatest revenge"
Have you noticed that "Shop" and "Stop" are very similar in appearance, and placed right next to each other on the toolbar? I guess it's only because I turn the images on that bar off, but I think it's kind of funny that they're trying to trick me into clicking "Shop" by mistake when I meant to click "Stop".
Do most people turn the images off, or do you like wasting all that space too?
I've always been the one to say people are too paranoid about cookies.. but I suppose that's mainly because of the way the media misrepresents them.
All legalities aside.. HTTP cookies were designed the way they were for several reasons, one being anonymity; granted, this wasn't a huge focus, and it's by no means a true security model.. but the spirit was there. IF used appropriately, cookies were very useful.
Now.. by tying sites together in this manner.. doubleclick has basically violated that spirit. So.. screw 'em.
You know... it would be nice if we had appropriate privacy laws in north america.
Something along the lines of:
1) A business may only require information from you that is directly necessary in order to complete the business in a fair manner.
2) This information can *ONLY* be used for the plain and obvious reasons it was given. It cannot be sold or transferred to another party, unless for continuing business reasons (ie: Collection agency so they can collect, lawyers, so they can file suits, but even then, it must remain the business at hand) The video store has your name & number *ONLY* so they know who has their property, so they can come get it when you don't bring it back.
3) The penalties for this information leaking must be *HARSH*
4) You cannot take information from someone to track their behavior/actions unless you state *explicitly and clearly* that this is what you will be doing with said information. (ie: 'points' cards, 'Air Miles', 'Club cards' at grocery store.)
5) Generation of demographics from customer information is fine, so long as those demographics are anonymous. (so it's fair to say that 300 college-age white kids from a 2 mile radius rented horror movies this week, or ate kraft dinner, or whatever.)
Folks.. it's not about cramping the freedom of people to keep records.. but those records have to have *some* kind of purpose. Your name and phone number should never be just a *commodity*, to be bought, sold, and traded.
In other words.. forming a business to 'track' things in this manner (consumer profiles) is basically like spying! Were you aware this company has a file on you, Mrs. Smith, a foot thick? they know everything about your shopping habits? This is spying, and the citizen deserves to be protected from it.
In the end.. don't give your name to people who don't need it. Don't give it just because some clerk *asked*. Don't feel awkward.. make *them* feel awkward.
Those grocery store 'discount' or 'club' cards? Do they ID you? no.. *lie* on them. They aren't credit, they aren't monetary.. they just want to track you.
web sites..
Guess it's time to remove the cookies permanently.
Someone pull the doubleclick cookie out of your cookie file and post it. Then we can all paste it into our cookie file and re-chmod the cookie file to be read only. Then it'll end up just being one person hitting every web page on the planet thousands of times a day (It would actually be interesting to see what kind of junk mail that guy gets after a year.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Folks.. this is where the need for good privacy protection laws need to be. And it's not hard to do, either.
These laws are fairly straightforward, and simply say that, if you give personal information (name, phone number, address, etc) in the due course of business to a business, they are obliged to *ONLY* use that information in the due course of business. It does not become *their* information to give/sell to someone else. They can keep it on file, but only for themselves, only for the obvious purpose you knew of when you gave it to them.
For instance.. radio shack. I buy something.. and the dude asks 'Can I have your name?' I say 'Why do you want it?' he says 'In order to cover the 3 year on-site guarantee on the laptop you just bought, we must record your name and date of purchase and contact info'. Okay.. fine. so I give it to him.
Now.. does this not sound like an agreement? A verbal contract? He said what he was going to use this information for. If he uses it for *anything* else, I should be able to sue his ass.
Hey... if we make it a high crime to leak this customer information... perhaps they won't even keep it around, as it increases their liability!
Sorry about that; not intended to be posted to this thread. Please moderate it and this reply to -1, Offtopic.