Slashdot Mirror
DoubleClick DoublesBack
rjamestaylor was the first to write to us about the news that DoubleClick is reversing its decision to cross-reference individuals' information with their online habits. There's a great quote from Kevin O'Connor, DoubleClick's chief executive, who said in a statement, "I made a mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards." Privacy Advocates have won this battle, but we need to remain vigilant against future scenarios like what DoubleClick wanted to do. Moreover, look for what you can do to help establish legal consumer privacy laws where you live.
No. A law can found unconstitutional by the Supreme court, which means it is illegal. When that happens, the law in question is immediately invalidated. Any convictions under that law are instantly voided, retroactive back to when the law was inacted.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
However, I do believe that we as citizens concerned about privacy need to get a few well placed TV ads to make the message strong or stronger.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
It seems a rare event these days when a company can actually publicly admit, in no uncertain terms, that they made a mistake.
They have proved that they can do, even said so.
I wonder how long it will take until they try to get away with it again. I fear that the temptation of huge piles of money can make people forget promises fast.
I'm happy to see that doubleclick is reversing their policy of openly disregarding every online privacy guideline in existance, but how would we know if they really stop cross-referencing or not? Doubleclick rates somewhere between microsoft's marketing department and the (U.S.) federal government on my list of people not to trust.
As long as doubleclick owns abacus' database, I'll have a very hard time believing that they are keeping the databases seperate. For now, I think doubleclick will stay aliased to 127.0.0.1 on my box.
0 1 - just my two bits
Too late for me. Their actions convinced me to take the time to install junkbuster. Now most web ads are things of the past for me, and I'm not going back.
They pissed in the well.
All the more reason to keep using text-based mailreaders
The best examples of this tracking are like this:
<IMG SRC="http://www.doubleclick.net/images/hidden-cgi/ pixel.gif?you@your-mail.com">
Where they send a 1x1 transparent image-- you'll never even see it unless you 'view source', and of course by then it's too late.
Gotta love fetchmail + pine! You get to see the source every time, before it can hurt you.
At the risk of getting pounced on I'm going to make a few mitigating (not exculpatory, note the difference) remarks about DoubleClick. The simple fact is that these guys publicized their plans and got nailed, which is good. At least they announced what they were doing and didn't try to deny it.
The real question is how many other companies are sneaking around doing the same kind of thing under the radar of the media, etc. For instance, credit card companies track every purchase that you make and where and when you made it. Credit reporting agencies track all of your financial transactions except for pure cash. Obviously, your ISP can tell every site that you visit simply by correlating network traffic to your login or IP address and can read your email (what do you think those spam filtering "services" are doing?).
Generally the point I'm trying to make is that everyone knew that DoubleClick was using cookies to do some sort of tracing to begin with, they just previously weren't correlating it directly to your name, etc. I've been blocking their cookies for a while now because I KNEW they were there. The ones I'm worried about are the ones I can't see. The Internet is much more like a public street then any one wants to admit, and what you do on a public street can be seen by a lot of people. Be careful out there.....
What he's basically saying is "after the anti-privacy industry finishes lobbying congress the get laws passed, shit like this won't make our stock price plummet."
You didn't think these were nice people, did you? They're an ad-banner company, for gods' sake.
It's not companies like doubleclick that worry me, it's the non internet based marketing companies that worry me. Like with storecards we don't actually *know* what they use the data they collect is used for, nor do we know who uses it.
:o)
I'm sure there are other companies that are not necessarily web based that are doing very similar things, and the only way we could really find out is through a leak from a member of staff somewhere.
I do wonder if it makes any difference at all, perhaps Big Brother is always watching?
Nice to see them admit defeat though.
yeah, you know that, and I know that, and Hemos probably knows that too, but the average Net user -- and let's face it, slashdot readers tend not to be average Net users -- would have no idea how to even use, never mind setup and configure, something like IJB (which is a wonderful product, you're absolutely right).
Until ISPs start using things like IJB as a regular part of their services, companies like DoubleClick will continue to do shitty things like this, and the majority of the Internet using public will continue to be tracked and have their information sold to demographers and spammers.
So here's a question -- why don't OS manufacturers and distributors bundle IJB or something similar with their product? I mean, RedHat, for example, has tons of services turned on (who really uses or needs identd running? Home users need ntalk? Huh?); it would be trivial for them to implement IJB, get ti running, and configure their customized version of Communicator to use localhost:9999 (or whatever) as a proxy. Similarly, with the huge amount of Internet-related services that come configured on Windows 2000, why isn't a filter one of them? Can't you see AOL's configuration screens with an entry for Cookie filters?
My mind is a mind that I have come to know,
(darren)
Yeah, right.
/. will be:
:-) )
Sure.
Uh-huh.
We believe you!
I'm sorry, but how can we *really* tell if these people are telling us the truth?
Pretty soon I predict the title of one of these articles here on
DoubleClick DoubleBack DoubleCross.
Until then, I still fill out form with incorrectly spelled information so I know where companies get my name.
(I even got a chain letter a-la MAKE MONEY FAST style in the US-Mail. I sent it off to the Postmaster who I could only assume would be interested.
Thanks for reading.
-m
"Doesn't work on me, I make up my own mind!" you shout. My friend, everyone says that advertising doesn't effect their decisions, but yet advertising does effect sales. Subtle indeed are the ways of manipulation; you can bet there's even a target demographic for "people who think they're too smart for advertising to affect them."
Do you want to empower those who wish to influence and manipulate you, or do you want to maintain your privacy and independence?
If I want you to sell me something, I'll tell you what I want, thank you very much, I don't need you snooping on me.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
IE 5 already does most of this. You can add sites to your "Restricted Zone" or "Trusted Zone", and give them different privleges (e.g. no javascript, no ActiveX, no cookies).
It's not perfect, though. You can only have the four fixed security zones, no more. And it could really use an easier way to block sites, such as a "this site is evil" button on the toolbar.
Personally, what I do is set my default cookie setting to "prompt", and then whenever I see a cookie that's suspicious, I add the domain to my restricted list.
I'm not saying that IE is the perfect browser when it comes to privacy, but if you're using it anyway, it's not too hard to set it up pretty tightly.
MSK
Conclusion: DC will start this up again, as soon as the public furor has died down, and the gov't can be convinced to make it legal.
Second conclusion: I will continue to filter DC out at my proxy.
www.eFax.com are spammers
That's why we need to build the IJB functionality directly into the browser, and make cookies, banners & java/javascript an "opt-in" feature, and on a site-by-site basis instead of either all-on or all-off.
Hey, don't stop there, the hypocracy continues!
Publishers expect legal enforcement of copyright, yet expect the government not to censor their content!
Businesses want laws against embezzelment and theft but the whiners think they should be able to produce what they want, not what the government says.
And the gall of those feminists who ask the government not to regulate their reproduction and then turn right around and ask for rape to be taken seriously as a crime!
When will these people learn? I hope you continue to ferret out these hypocrits who want to have their cake and eat it too, where ever you imagine them.
-Kahuna Burger
...will work for Chick tracts...
However, the Berkeley folks might have a problem with the "GPL Virus" on their distros; what's more, I'll bet you a jelly donut Bill Gates (that's Mister Big Brother to you :) would never, ever include a piece of amateur-written, untested, probably virus-laden software on his professionally-built, expensive release CD.... oh, come on, what do you have to hide? [remove tongue from cheek]
No, I think it's a damn fine idea and we ought to drop it in the ears of folks like Bob Young, Bruce Perens, Larry Augustin (he's no distromeister but he does build boxen that could be preconfigured...) post-haste.
Come to think of it, I think I installed IJB from RPM anyway, so it would be dead simple for the Red Hat and SuSE folks to simply sweep it onto the CD.... and the Debian and Slack folks could just run alien... boom, problem solved.
If we can get'em to do it...
-- ;-)"
"See, you not only have to be a good coder to create a system like Linux, you have to be a sneaky bastard too
-- Linus Torvalds
So, what are they going to do with the data they already collected? That's what I'm wondering. They may have already collected the amount of data that they want.
Also, who's to say that this wasn't their plan all along? Collect tons of data, cross-reference it with the Abacus databases, get profiles of tons of Net users, and then admit to "making a mistake" and try to get public sympathy through the admission. By now they must have enough data to make any demographer wet with desire. It sounds devious, but maybe it's not so far from the truth.
My mind is a mind that I have come to know,
(darren)
If double-click sends an HTML formatted email (which many email clients now read) with HTML something like this:
? jamie@jamies_email.com">
<IMG SRC="http://www.doubleclick.com/images/banner.gif
then my email client will
1) Automatically send a "return receipt" to double-click
2) Send any double-click cookies I have
3) Associate my cookie (which shows all my past surfing to doubleclick sites) with my email address.
Email programs should not allow this.
Mozilla will easily let us block individual cookies.
[rant]
This just absolutely pisses me off. People want the internet to be free, but at the same time they want to have their privacy on the net too. I'm sorry, but you can't have it both ways.
If you want the government not to regulate the content of the internet, then its simple. Keep them off of it. Once you allow the government to start passing privacy laws regarding the net, what is to stop them from passing laws regarding the content of the 'net itself? What next, will they start prosecuting based on posts in newsgroups?
These are perfect oppurtunities for we, the internet community, to show the government that we are able to regulate the net ourselves. The course of action is simple.
1) Sites that violate users' privacy are listed at a privacy site, or a forum is maintained in a high visibility area. This allows net consumers to have a common area where they can check to see if the vendor they're purchasing from will attempt to screw their privacy.
2) E-mail is sent to the offending site, indicating what was wrong, and that we as net consumers will cease to visit their site if the situation is not resolved.
This will, in effect, set a net boycott on sites who violate users' privacy, which will either cause the company to rectify their error, or will cause them to take their business off the net. (No revenue is typically a 'Bad Thing'.)
But I for one am sick and tired of hearing all these privacy advocates whine for legislation about privacy on the net, and then hear the same advocates turn around and cry when bills are passed to censor content. You can't have your cake and eat it too.
--
"A mind is a horrible thing to waste. But a mime...
It feels wonderful wasting those fsckers."
I currently have no clever signature witicism to add here.
This is far from over, folks. It took massive media attention and a few lawsuits to register that, hey, perhaps folks don't really like this, and it wasn't DoubleClick that responded, but their partners/clients. (I'm also puzzled why there's no case against DoubleClick pending at the European Union court level, since privacy laws here are much better - not perfect, mind you.)
Anyway, I wonder. For weeks we've seen the public awareness and outrage growing, and not much happening. Suddenly a few companies cancel their contract, and Double-Click wakes up. The lesson we can learn from this is simple, and seen many times before: hit a company where it hurts, in the wallet or at the shareholders, and only then they'll listen.
(firmly implanting tongue in cheek) Double-Click has done more for consumer awareness on privacy issues than most companies, and we should applaud them for that effort!
-John
I want the IJB _BUILT_IN_ to my browser! Filters for cookies, URLS & javascript/java (and all the other stuff that your browser does "automatically") - all set up so you have to OPT IN, to prevent other sites from using your own browser against you "under the covers".
It's really annoying to have to keep turning on & off features of the browser for particular sites & URLs.
NPR carried this story yesterday afternoon. From what I gleaned, it seemed that Double Click had decided not to release (for sale of course) the existing cross-referenced database "at this time." The information they have there is worth millions of dollars to marketing companies worldwide, and I can't see them sitting on it for long. What I would do if I were CEO of DC at this point is to backtrack, make a big dieal about how I value people's privacy, then put a disclaimer on every site I can, and continue to collect information (they never said they wouldn't) while I lobby to create the legal and industry standard which conforms to my ends. Maybe I'm just an Evil Suit at heart, but this path seems quite obvious. Give it six months; with a disclaimer in place, DC can claim all the info in the database has been collected with the web participant's consent (for a larger price tag and to a bigger market thanks to all the publicity and a good PR spin). The participant's consent is where the potential privacy act case comes in; companies have been collecting and selling your information legally (for big big dollars) for decades, and we not only allow it, but we help them. How many times have you heard that an AOL'er likes the packaged bookmarks, chat rooms, ads and "helpful pointers" on her screen? Existing "government and industry privacy standards" allow for the information to be collected, collated, bought and sold. DC's database (which exists and makes marketing companies' CEO's salivate in their sleep) is the natural outgrowth of an organization that started as junk mailings (thank you Lillian Vernon and Carole Wright) and progressed to telemarketing. If you want to stop the travesty of being viewed as a wallet to pick, this is the industry you will be taking on, and IMO it's one which should never have gotten off the ground. Take Hemos' advice and get involved, locally and nationally to reclaim the right to have an unpolluted bio-bandwidth.
love&peace
It's not companies like doubleclick that we need to worry about. Regardless of doubleclick's intentions, it is still quite easy to track web user's habits. We need a way to insure privacy that does not depend on companies _not_ gathering our information.
Desperation is a stinky cologne
According to this Wired article, they plan to wait until there are more govenment and industry privacy standards. This means that once someone develops some self-serving standard, DoubleClick will consider it a-ok to follow that, and track everything you do again. Unfortunatley, the Yahoo article doesn't mention this.
I feel that we should be careful of DC's promises not to abuse our privacy, as they have not shown themseleves to be the most trustworthy business in that regard. We also should not blindly assume than any 'industry standard' for privacy will agree with the beliefs of people here on slashdot.
Sam TH
Sam TH
AbiWord Developer
This is great news, but the fact is, that it can be stopped already. The Internet Junkbuster does a fantastic job of filtering out banner ads, and can be used to filter cookies as well. DoubleClick (and others) can try to track me as much as they like, but since I have the IJB set up to reject all cookies that I haven't explicitly allowed, they're going to have a hard time doing so.
---
"Go Metallica. Die RIAA." -- Linus Torvalds
Actually, I saw some of what happened as a result of this.
I decided I didn't want anything to do with DoubleClick. I got a list of all of their 'associates' - the people who run their ads, give them info, etc. It's a disappointing list, just about _everyone_ uses DoubleClick. I almost stopped shopping online completely. However, I also sent letters to the people I would have otherwise shopped at. One example:
I was looking for a particular skirt, to replace one which had been damaged beyond repair. I couldn't find it until I went to a site called catalogcity. But they used doubleclick. I sent them a letter, telling them how happy I was to have found the skirt, but that I would not buy it until either DoubleClick backed out of their current invasive policy or this site stopped using DoubleClick. I told them that, while I use cookies on a regular basis, and am perfectly fine with targeted ads, I don't approve of anyone tying that in with what my income is, or my real address, or other such personal info.
I received a very polite, well-written response, saying that they were unhappy with it too, and that, for now, they were removing the doubleclick integration from their site - not to be reinstated until Doubleclick backed away from that policy.
This was a pleasant surprise, as I had expected no reply at all - the usual response to letters indicating a single lost sale is 'oh well, we've got plenty of happy customers, this one must be a fluke'.
It appears that catalogcity wasn't the only one, however. UserFriendly, Advance Internet (who run a number of the 'state' sites, like nj.com, oregonlive.com, and (I think) alabama.com), and a few others I spoke with were all looking for new adservers, or simply disabling doubleclick entirely for the duration of this mess.
Somehow, I don't think this is some sort of sneaky move. Doubleclick was feeling the heat, from consumers and from its affiliates, in a major way. I know for a fact that Advance, for example, generated a _lot_ of advertising for them (we're talking millions of pageviews a day, and that's just in ONE of the physical sites). When your major customers start complaining about something, you listen or you go under. The thing that makes me happy is that the major customers of DoubleClick were on the ball and listening well enough to put the heat on in the first place.
-Elthia