DoubleClick DoubleCross

Slav writes "We've known for a while that tracking of Web users was possible and a few companies have been experimenting with it on a small scale. Now DoubleClick, Inc. has confirmed that it's tracking Web surfers [by name and address] with the help of the databases of its newly acquired Abacus Direct." Every site that you visit which has a DoubleClick ad - all 11,500 of them - can be notified of your name, address, phone number, etc., as soon as you visit the site. Or to look at it another way, your consumer profile in the gigantic Abacus database (hundreds of fields of data for essentially every person in the United States) will now include information about what Web sites you visit.

Re:Opt-Out

[earlytime]

well it's fairly simple to argue that banner-ad clearing houses like double click make the cost of individual banner ads cheaper for the advertiser. Hence the advertiser may buy more ad space on more web sites. Even Taco will tell you that without ad revenue, slashdot would have gone bankrupt long ago. Advertising is not an inherently bad thing. At it's most basic level, it allows producers to educate consumers about their product offerings in a relatively non-intrusive way.
Consider commercials versus tele-marketers. I'd prefer that the companies calling about all their crap would do commercials/banner-ads instead of calling me. That way I won't feel so violated when they pitch their products. When you call me day and night about some crap, even something I might want to buy, I can't just say "I don't wanna hear it, so I won't answer the phone." I pay for my phone, and I do expect that friends and family wanting to talk to me will call me from time to time. With commercials/banner-ads, I can choose to watch the ad, switch the channel, scroll the page, etc if I dont't want to hear your pitch. What I find happens often with both commercials and banner ads, is that since I only see them on the channels/sites where I have an interest,(as opposed to just being displayed on my screen from time to time the aol or geocities way) they are far more likely to be an ad for something I'm interested in. So I'm more likely to listen, read, inquire + buy.
In essence what I'm saying is that yes, we do get something back from advertising in the form of:

• information about new products and services
• financial support for sites/channels/shows that otherwise would not exist, or would have to charge for access
• increased competition from content providers to attract and hold our attention (to help bring in the ad revenue of course)
• sometimes entertaining ads

so you see, banner ads, or even cookies, are not the problem. The problem with the double-click thing is that the web surfer is being covertly tracked and logged in their travels around the web. Filtering out _all_ ads/cookies wil not simply subvert doubleclicks attempts at tracking you, but it could stifle the means by which many a web site makes the $$$ to keep serving up that porn^H^H^H^Hcontent, yeah content, that's the ticket.
Of course, you are free to chose whether you, or the network you manage, will participate in the whole banner ad/cookies thing. I would be cautious however in choosing to replace banner-ads with banners of your own making. You could be opening a can of worms in regards to redistributing or modifying the copyrighted content of a particular web site. Several web sites have won lawsuits claiming that by altering their content, or putting it in a frame, you are violating their copyright on the content. It's the notion that ISPs have "common carrier" status that grants them some immunity from this kind of suit. However, if you start selectively modifying the ads that come through, you may be crossing that line from ISP for your students, to being a content provider. I would simply allow or deny all ads to keep that line clear. Otherwise, you could simply sell the (cached) banner ad space to advertisers who want to reach your students. Again, an extremely risky proposition.
-earl

Opt-Out

[hernick]

This is the opt-out link. It will place a cookie on your computer that'll let you opt out of doubleclick's tracking.

I am the administrator of a few web caches (I use squid) and I've started blocking web ads a while ago, replacing them by one-pixel blank gifs. It probably fixes the problem...

Re:Opt-Out

[hernick]

Actually, there is a problem with ads. We pay for bandwith.

The stats for the proxies, when merged together, give exactly this:

62.46% Global Hit-Rate
29.63% Doubleclick.net Hit-Rate
03.72% Doubleclick.net KB Transferred

By making a simple calculation doubleclick alone is using 7.84% of my bandwith, therefore increasing my monthly costs by more or less that amount. The connections we use have a base cost that's pretty low plus 12$ a gigabyte. So doubleclick (and other ad sites, but mostly doubleclick) is costing us a non-insignificant amount of money !

Now, I'm sure the stats are different than they would in another environement - this is an educational establishement so the sites visited tend to be more often the same, and a normal proxy would probably devote less bandwith to doubleclick.net, and a normal site would probably not pay for bandwith by the gig like we do.

The problem is, they're making money without us getting anything in return. I don't feel it's immoral to deprive them of their revenue as long as they won't compensate us at all. I think that if more proxy administrators start doing the same, or perhaps even replacing the doubleclick banners (that's pretty easy to do, and I am considering doing it), doubleclick will have to react and do something.

What I'd consider fair is for them to offer us a share of the revenue. It wouldn't have to be big.. And perhaps offer a solution to cache their ads more efficiently rather to get such a low hit-rate.

Please reply with any constructive input, I appreciate it :)

Yes, yes, yes, yes, yes

[KMSelf]

...that's full agreement with all points above. For Linux users, deploying Junkbuster is as easy as downloading the RPM or DEB file and installing it. For Windows users, either NT or Win9x, you can also use the proxy.

Both the banner and cookie action are way cool. The following blockfile eliminates pretty darned near all the banner ads (and the sites associated with them if a full site or domain is listed). Note that I've allowed banners at a number of Linux-friendly sites, on principle, though you could change this if you wanted.

/*.*/ad/
/*.*/ads/
/*.*/advert/
/*.*/adverts/
a32.g.a.yimg.com/
ad.*.*
adforce.imgis.com/
adremote.*.*
ads*.*.*
doubleclick.net
image.pathfinder.com/sponsors*
preferences.com
sfgate.com/place-ads

Those few lines block virtually all the ad traffic I see.

For cookies, I block all, then selectively allow a limited number of sites with which I do business. Mostly message boards.

There was a really good program Online Profiling on NPR's Talk of the Nation a couple of months back. Other useful resources are Center for Democracy and Technology, and for a look at the other side, NetworkAdvertising.Org and Direct Marketing Association

If setting up a proxy is too much for you, the following tricks will prevent a permanent cookie file from being generated:

• Linux, Netscape: ln -sf /dev/null ~/.netscape/cookies
• Windows, Netscape: set read-only permissions to your cookies file, or replace it with a directory.

I'm not sure what the corresponding IE trix are. For Linux, lynx and other browsers can use the link to /dev/null trick.

What part of "Gestalt" don't you understand?

Here's the middle ground I'd like to see

[MattMann]

Now, if we could lay some ground rules for trust, I wouldn't mind having ads personalized for me and my tastes. I mean, I like drinking beer, and I don't like cola, so I'd rather see beer ads than cola ads. However, I'd want it to be "relatively" anonymous. That is (random list off the top of my head),

• I don't care if a computer knows that I have hemorroids, but I don't want a person to be able to look it up
• I don't mind if a person knows aggregate things like "a beer drinker just saw your ad on Slashdot"
• but I want to know what they'll know about me if I click on the ad, then I can decide whether to click. A promise of "aggregate" statistics is not good enough: what if the aggregate is "wine drinkers with hemorroids"
• Promising me "We won't sell your info" is not good enough. "We won't look at it with your name attached" is what I want.
• If info is shared between different domain names, I want to know.
• I'd like the "no sharing" promise enforced through merger and acquisition. What if Slashdot goes public and Microsoft acquires it, and the backup tapes? Yipes! I never agreed to that!

I would accept promises from companies. I think most are trustworthy enough. But, promising alone is not enough, I want recourse and/or punishment. IRS employees keep getting caught sneaking peeks: the death penalty is what I'd like to see (don't like it? don't peek and even if you are the President (hi Echelon) something they've been known to do) But assuming others aren't that etreme, how about firing, pension loss... something serious. At least tell me what the punishment is. A simpler case to illustrate: I haven't forgiven Real Networks for its spying transgressions, but they could have repaired a lot of trust if they said, "we screwed up, and we are going to delete all the info we grabbed, plus one month worth of all our server logs, and we fired that guy."

A more global pet proposal of mine is this: as a compromise between the privacy nuts and data gulpers: if information about me is stored in a database and includes any sort of address/contact information, then the database owner must tell me once a year what they have on me. It would cost only a small amount per person, and if it does not have that much economic value, don't keep it. Then at least the average person would develop an awareness of what's out there.

Lets all use the same cookie!

[Greyfox]

Someone pull the doubleclick cookie out of your cookie file and post it. Then we can all paste it into our cookie file and re-chmod the cookie file to be read only. Then it'll end up just being one person hitting every web page on the planet thousands of times a day (It would actually be interesting to see what kind of junk mail that guy gets after a year.)