Slashdot Mirror
DoubleClick Taken to Court
- Friday, January 28, 2 p.m. US EST
Tuesday USA Today reporter Will Rodger wrote about DoubleClick. We linked to his story here. Wednesday afternoon a DoubleClick Corporate Communications person* called Andover.net Corporate Communications VP Janet Holian and asked her to remove our story and the link to USA Today.
Janet passed the problem to me, since Andover has a very strict policy prohibiting Andover corporate people from interfering in editorial decisions.
I listened politely to the DoubleClick person, who told me USA Today's story was innacurate and we were wrong to link to it, and how she was calling journalists all over the country to tell them that the information in it was false and should not be relied upon. Then she requested that we pull the Slashdot story that linked to the USA Today story. No direct threats were made, but the words "refer this to our legal department" were said.
I said no, we couldn't and wouldn't pull the story.
Next move: I called USA Today. These guys are good fact-checkers. They pointed me at some of DoubleClick's own press releases and privacy policy pages, most of which had already been referenced by Slashdot in this story back in October, 1999.
An Open Offer
I offered DoubleClick's Corporate Communications person a chance to state their side of the story here, on Slashdot. I promised to run whatever they sent verbatim. I have received nothing from them so far. I called DoubleClick and reiterated the offer before writing this. Still nothing, not even an e-mail saying what information they feel is incorrect in any of the stories written about them here, in USA Today or in other media.
At this point, it's DoubleClick's move. Perhaps, eventually, they'll post something on their Press Release page. We'll keep an eye on it in case they do.
* I left out the name of the DoubleClick Corporate Communications person purely as a personal courtesy. She is a very nice woman in a bad position, trying to do a very tough job - which, right now, could probably best be described as "frantic damage control."
I know and have worked for several companies, who when they set an "opt-out" cookie, actually still track you by IP and the "opt-out". Even on a dial up, you're still pretty vulnerable and with DSL or Cable, you're still tracked with extreme accuracy. Honestly Kids, while Layers are a big problem, Marketing screws are so evil they make Layers look like priests.
As you state, if you have a cookie set for domain.com, then the cookie will be accessable by www.domain.com, ftp.domain.com, and anything with that ending. Basically, a domain-level cookie is valid for all machines within that domain.
However, thanks to the Americanization of the web, Netscape didn't check the domain: they checked the last two fields for the match. So a cookie registered for demon.co.uk would work for all those machines, but a cookie set on co.uk would also be valid for *all* *.*.co.uk sites. This hole was used by a few malicious web masters, but I think it was quickly patched by Netscape.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
I can't go to the "opt out" page because I've told my browser to never load any URL that comes from doubleclick. 8-} It's easy and works on UNIX, Windows, and Macs with IE5 or NS2-5.
http://www.schooner.com/~loverso/no-ads/
(I also blackhole a slew of other "ad banner" servers; mostly those that serve cookies or animated images)
If you're using Netscape, you don't have to worry so much. First, edit the .netscape/bookmarks file. It's a text file. Delete all the lines that include doubleclick, or any other server that you don't know what it does.
Then set the bookmarks file to read-only.
This allows doubleclick and its ilk to set a cookie. But every time you re-start, it starts all over. So they get a little bit of data, but they can only trail you through one session.
Or would you rather trust those bastard's opt-out, we wouldn't do anything nasty, we're good guys farce?
We should setup a network of DNS resolvers (DNS nameservers that just resolve addresses) that have alternate entries for the hosts of ad servers. Thus those individuals who wish to not see banner ads and not have their consumer activities profiled, could simply avoid ever connecting to the offending servers. Anyone willing to help out?
This is one step in the right direction towards good Privacy standards.
Remember, when it comes to these 'marketing companies'....
How is it companies that you do business with are free to give any information you give them to a marketing company, but the marketing company will not give you information about *their* customers?
When I went to click on that opt-out link, I got a message saying the Internet JunkBuster had blocked that URL.
;-)
Aw, darn.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
... what I really want to do is remove any and all info about me from their database. I'm sure they've used other methods to collect info on me, and I want it removed. What are my options?
Unfortunately, that information was likely collected using perfectly legal means, and is thus their property. You can control how they use it (e.g., stopping them from calling you to sell you things), but not the fact that they have it. You can usually tell them not to rent or sell your name, but I believe the law isn't clear on your rights in such cases.
Check out the Data About You page at JunkBusters.com for more information about this sort of thing.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Actually, the fact that a society needs specialists to interpret for its members just about every one of its rules indicates to me, as an engineer, that the system has grown too unwieldy & complex (too many special cases, too many "conflicting" rules, etc). If I were in charge of the design of this system, I would be working to consolidate & simplify the system until it were more maintainable - this would mean that more people would be able to understand "the rules" by themselves, and wouldn't need lawyers except for the most complex cases.
Of course, I know that anybody who is benefiting strongly from the current state of the system (lawyers are a good example :) is going to strongly resist any attempt to change the system, even if changing the system would result in an overall improvement in the "happiness level" of the society. It's only when the forces of change are stronger than the forces of the status quo that a change will occur - and if the forces are severely polarized when a massive change occurs, then the fallout can cause major societal damage.
Well, the OPT-OUT thing is nice, but if you don't trust anyone (like me :P) you can use the following networks as masks in your ip filter (i'm just snipping out my rules from openbsd, but the ip networks are in there).
:P These seem to be all of them though.
block in quick on ne0 from 199.95.208.0/24 to any
block out quick on ne0 from any to 199.95.208.0/24
block in quick on ne0 from 199.95.207.0/24 to any
block out quick on ne0 from any to 199.95.207.0/24
block in quick on ne0 from 209.249.231.0/24 to any
block out quick on ne0 from any to 209.249.231.0/24
block in quick on ne0 from 204.253.104.0/24 to any
block out quick on ne0 from any to 204.253.104.0/24
block in quick on ne0 from 208.184.29.0/24 to any
block out quick on ne0 from any to 208.184.29.0/24
This seemed to be more reliable than using the doublclick.net network. But everytime i blocked on out they got back in through another spot
os.system("perl -e 'print \"My first Python Script.\"'")
Various Peoples, It seems taht everyone seems to take a real lax view of internet tracking because the average user can't even tell its happening. I bet if you ask 100 people in the mall if you could put a traking bug on thier shoe so you could tell where the went and what stores they bought stuff at and then catalog thier names and addresses in a huge database (with nothing in return)you would most likely recieve 100 no's. Now if people found out some place in the mall had secretly placed a tracking device on them and cataloged all of thier daily travels into a database I bet the place would be shutdown simply by the angry mob tearing the place apart.
Its about time those guys got taken down a peg or two. I've been filtering doubleclick out at my proxy server since I first noticed they were dropping cookies on each of their click-through ads. If you're after an easy way of blocking Doubleclick and others like them, check out Junkbusters They have filters for win95/98/nt and unix, as well as a generic faq on blocking cookies and banner ads.
--
"When I grow up, I want to be a weirdo"
Fuck this. I'm a lawyer, and it chafes my ass to see this godman stupid point made over and over again. Let me ask you this question: How many lawsuits do you think you saw in the Soviet Union?
I mean it. Lawsuits are a sign of freedom. They're a sign that the government has decided to leave as much as possible to the free market and the law of contract and tort, and not to come in with a big wet fucking nanny agency. Which of course still generates work for lawyers through a regulatory practice, but less open and less honest work.
Would you rather Big Fucking Brother came in and spent fifty fucking years drawing up a piece of legislation precisely specifiyng what information could and couldn't be collected? All stuffed with pork, and with a big-ass federal agency to enforce it? Or would you rather this was decided in terms of general principles of tort and property, in an open court?
Well, I've got news for you, dickhead, the second method involves lawsuits. And those lawsuits have to be argued by lawyers. And that means that lawyers get rich. Check out the alternative any time you grudge us our big fucken' payoff. We don't get stock options, you know.
If the woman has a case, she will win. If she's whining like a bitch, she won't. End of. It's like a free market, only it's better than a free market because the smartest lawyer with the best argument always wins. How many other industries are there where the best product always wins? Not software.
Lawsuits are freedom. That's why we have so many in America, and they have so many government agencies in Europe.
AC posting allows an educated professional like me to swear like a thug in public. I say fucken keep it.
For me, it's more than not wanting them tracking me. I don't want to support a company that tracks people. That's why I installed the Internet Junkbuster, and I have it set to block anything from doubelick.net.
The Internet Junkbuster is a non-caching proxy that you run on your local computer. You tell it URL's to block and sites that you want to allow cookies from. It's really great. I can deny ads from doubleclick and any other company, as well as anything else I feel like blocking. It supports regexes for those that want them. I can allow cookies from Slashdot and deny them from everyone else.
As with the US crypto export laws,
:) The
as with the EU privacy regulations
(where companies are not allowed to maintain
databases of customers or use such information for
focused marketing) and Texas's on again, off again
status as far as selling DMV information to
outside parties (Public Data)
and E-Banking (ebanking.com (luxembourg)),
and countless internet casinos and porn sites,
these regulations will have an unintended
consequence -- drive these businesses offshore.
No longer does the US and EU have a monopoly
on high-speed internet connectivity; it's possible
for any business selling valuable data illegal
in the US/EU to colocate a machine in a
less-regulated country, such as Anguilla, or
Costa Rica, or many others, employ a few locals
to maintain it, and pay admittedly higher rates
for satellite or undersea cable connectivity.
In exchange, pay lower or no taxes, have no
government interference in your business, etc.
Sure, this only makes sense for certain kinds of
data, data for which people are willing to pay
money, but that's the only interesting data,
anyway. When a T1 costs $100k/month, running
an online gambling site making $3m/month is a
lot better business than letting people
leech mp3s.
In the end, it's futile to try to restrict
businesses like this; all doubleclick would need
to do is contract with an offshore tracking
company, connected to the net over a 128kbps
satellite link, something they could set up
for $20k/month, and put that machine anywhere
in the world -- even on the back of a boat.
If they need help, they should email me -- I've
lived in Anguilla, the erstwhile datahaven, and
know a thing or two about such things
situation is only getting better, as far as
offshore colocation goes, as the major governments
get more and more restrictive and bandwidth
becomes more widely distributed -- in a few years,
every country in Africa will have fiber-optic
connectivity via redundant SONET, and that
gives the prospective colocator a lot of
potentially friendly and cash-starved countries
to negotiate with who wouldn't care about
the difference between online advertising and
online pornography.
The net views regulation as damage and routes
around it -- cypherpunks.
You know where to get the source. Do anything you want when Doubleclick comes sniffing around looking for its cookie. Have fun, play tricks on Doubleclick, whatever you want.
Maybe there should be a contest to come up with the best anti-tracking hack for Mozilla.
Life's a bitch but somebody's gotta do it.
I say revoke their corporate charter, liquidate all corporate assests, fine the corporate officers and anyone else the law allows, and distribute the proceeds to everyone who was tracked or had their privacy compromised. But then, that's my opinion of what should happen to a lot of corporations.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
- In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address. DoubleClick does, however, collect non-personally identifiable information about you, such as the server your computer is logged onto, your browser type...
But they go on to say- However, as described in "Abacus Alliance" and "Information Collected by DoubleClick's Web Sites" below, non-personally identifiable information collected by DoubleClick in the course of ad delivery can be associated with a user's personally identifiable information if that user has agreed to receive personally-tailored ads.
Does anyone know which sites are a part of the "Abacus Alliance" and whether those sites explicitely ask your permission first? (eg. big flashing letters that say WE ARE WATCHING YOU! ?)Someone else posted this a while back, but here's what I did.. very simple.
/etc/hosts (or in windows, find the "hosts" file under your windows directory):
Add this to
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com
That removes quite a lot of ads, and all of doubleclick.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
This is all well and good, but don't the Pentium IIIs have a "thumbprint" that allows for them to see what we're doing?
You got a network card in your system? That has a "thumbprint" too. The MAC address.
You got any commercial software (e.g., Windows) on your system that you had to enter a software key to use? There's another "thumbprint" for you.
How about a static IP address? Ever time you send a network request, you're identifying yourself.
You think you're safe because you have a dynamic address? Do you at least always call the same ISP at the same phone number? You'll always be getting the same range of IP numbers, then. You and maybe a few dozen or hundred more people. That is almost as good as a unique personal ID, as far as demographics go.
Fact of the matter is, tracking a computer is not that hard to do. If you ever give out any personal information at all (name, email, phone number, ZIP code), that can be combined with any of the above to nail down exactly who you are.
I think Scott McNeally's right on this one. Privacy on the Internet is dead.
The only way to improve things would be for the government to step in and make such unauthorized tracking illegal, with hefty fines for violators. You could even do some good by donating said fines to the EFF.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Hers my cookie. Dialup with dynamic i/p, so I don't mind.
.doubleclick.net TRUE / FALSE 1920499140 id a486b3cd
I can throw myself at the ground, and miss.