DoubleClick Workaround: IDcide

No cookies with offsite GIFs: that's the privacy solution implemented by IDcide (take a moment to register the pun, OK, there ya go). Here's technical background on offsite cookies; here's the CNNstory; here's the software FAQ (it's only available for Windows/MSIE). If you're not sure why offsite cookies matter, you must read this. And, not to rain on IDcide's revenue model -- their product does other stuff too -- but why isn't offsite cookie rejection built into all browsers? Anyone from Mozilla want to talk about this?

Doh

'IDcide's patent-pending technology automatically distinguishes between persistent cookies sent to the site you are visiting and persistent cookies that are sent to external sites'.

Yet Another Patent On Wheel Reinvented. OOG must be happy. Accidental anonymous, forever Coward

Re:Give us built-in cookie-management tools!

This is being worked on (in Mozilla) but there are significant technical and political problems (i.e. some people in Mozilla cannot even understand why someone would want to view the actual content of a cookie. I think one argument was: it's usually a bunch of numbers you can't understand anyway. As I said, something like you described (but integrated in the browser window, not a floating window) is being worked on. Worse case scenario, I'll release the source and you can patch it to Mozilla yourself if it does not make it into the "official" release.

Some moderate this up!

This is a brilliant idea. If random cookies are contaminated, the whole track users concept falls apart. Destroy their market and they'll run out of money and (eventually) stop running personal privacy into the ground.

Re:Mozilla From the mouth of a developer.

Hey, you posted as "Plain Old Text" when you really wanted "HTML Formatted". :)

Why should we care?

I used to be one of the guys helping Double Click track you on the web, when I told people what I did they often chastized me for being evil. My take on the issue is this, you're going to be spammed anyways (even if _you_ aren't less sophisticated users who are loose with their addresses will) market profiling techniques result in spam being sent to a target market, resulting in you recieving less emails pitching religious knicknacks and more emails pitching Star Trek collectable plates, and hey maybe you're actualy interested in the plates (ok, perhaps this is a bad example) sure, privacy is important, but do you realy care if someone knows you like The Simpsons?? If the greedy marketeers of the world are going to be hounding you for a buck wouldn't you rather they push stuff you might be interested in? don't flame me too hard

[Even] Better solution - Cookie Pal

I am surprised this hasn't already been mentioned.

Try Cookie Pal.

Very simple, intuitive cookie filtering. Blows all other solution mentioned here out of the water. Junkbuster proxy? Ugh. Browser cookie prefs? Ugh. CPal does site wildcards, end-of-session overrides, everything on the fly. Totally worth the few bucks.

Alas, Windoze MSIE/NS only. And it doesn't support Opera completely, but it will once 4.0 is released.

Re:Mozilla and offsite cookie refusal?

Yes. 3 options:

• Accept all cookies
• Only accept only [sic] cookies that get sent back to the originating server
• Disable Cookies.

Re:Rejecting offsite cookies

Cookie Central has info on this.

Give us built-in script-management tools!

Good idea! And while they're at it, they should snip out the javascript and optionally allow it or not on a per-site basis. And Java. And style sheets.

Junkbuster fails to block some cookies!

Set up a Junkbuster proxy, enable the cookie blockfile and append to it the host www.northernlight.com. Despite Junkbuster's supposed cookie blocking, whenever you access the Northern Light search engine, you'll get a cookie!

Re:Give us built-in cookie-management tools!

damn, Mozilla has to be the coolest thing in the world! I can't wait to start playing with it.

word play

ok... maybe I'm spoiling the pun, but this just
begs horribly the question:

Is that to be read "I decide" (I suspect the marketeers hope it'll be read that way) or "ID-cide" (a la sui-cide, homi-cide, etc...)?

Re:word play

[jawad]

I decide. "I Dee cide". Read the capital letters individually.

Re:word play

[B'Trey]

Yes. You decide and it kills Doubleclick and co's ID of you. That's WHY it's a pun (pun: "The use of a word having two more or lessincongrous meanings", Doubleday Dictionary).

Re:word play

[paulychamp]

hmm.. wouldn't I Decide and IDcide be pronounced the same way?

paul
"i'm the truth, across the table from corporate lies" - common

proximtron

I beleive Proximitron has had this feature for a while

Re:Anyone know a way

"but you didn't seem to pick up on what has been said above" wrong. If you'll read my message, I want my **browser** to do this. I don't like relying on an outside source. This would be a very simple thing to implement - basically set it up as deny all or allow all by default, then your list either excludes or allows based on which way you want it...

Get rid of cookies

Why cookies at all? I don't need those silly "Make your personal page by clicking here" That's probably also the reason why I'm Mr Anonymous Coward. Please don't use cookies, eat them --MoobY

Re:Get rid of cookies

"Why cookies at all"

Interactive user configurability (e.g., slashdot and a thousand++ other sites) as well as user tracking on benevolent sites who aren't going to sell your information.

Re:Get rid of cookies

Uncle Al!

Re:Get rid of cookies

I also agree. Cookies have no purpose for me. Who cares if my CC# info can be stored, or passwords to be stored. If you're that lazy, you should be shot, hung, flayed until you are out of the gene pool. Thank you.

Re:Get rid of cookies

[cDarwin]

The kind of session tracking that you get with cookies can also be achieved with URL rewriting. In fact, back in the good old pre-cookie days (before AOL opened its Internet gateway ), this was the only way to do persistence.

Smart servlet engines can detect when a user is refusing cookies, and do URL rewriting, instead. (don't know whether asp, cold fusion, &c do this).

How about a browser feature that refuses all cookies, and autosends a message to the originating site admin telling her to switch to jakarta-tomcat ;)

Re:From passive resistance to Active Disruption

...Or recruit a lot of people, 50 people or so from Slashdot to run scripts to fill up various sites with bogus personal information and pump bogus cookies into doubleclick. All this running 24/7 just to fuck things up.

I told you cookies were aevil. Stop being thick!

How many more new forms of abuse using cookies do you have to see before you realize all cookies are evil? Look at amazon.com to see how to do tasks usually done with cookies that DON'T REALLY NEED COOKIES.

- The AC Cookie Monster

Re:Free protection against *all* bad cookies

What happens if i simply set the cookie-file to write only.. Some sites insist on writing to it...but i don't have to let them read from it..? Or do I?

Re:Mozilla and offsite cookie refusal?

You can do the same in IE. What I would prefer though, is some program that blocks them based on a regularly updated list of offenders.

Re:Funny!

ya I know what you mean,
you did it again...
(look up)

Re:My method (for IE)

So I finally bit the bullet after all of the cookie-banner-pop-up talk and put junkbuster on the linux box that connects me. I disabled cookies, I disabled Java, javascript in netscape 4.7 . No more spammy crap. The unforeseen consequence is that everything hauls ass now. Pages load really quick. Im happy. I used the modified Junkbuster at: www.walderr.org/junkbuster I dont know the guy or anything, but it _does_ rock.

Turning off referring URL

That's good, but not very important for me because I don't do cookies.

However, is there a way to prevent the browser from revealing the referring page? Cookies can effectively be implemented in the URL. So even if cookies are turned off, the same information may be disseminated with the URLs.

Marko

Free tools to make surfing more enjoyable

For Linux and friends: junkbuster (Waldherr's 1x1 transparent GIF version)
For the Windows family: Webwasher.

They both can be used to block advertisements, banners and such. Junkbuster can block cookies, send roll-your-own "wafers" in response to cookies (eg. put some Echelon spookwords into it :) Webwasher can also filter out Javascript pop-ups and such.

Even slashdot looks more tranquil without animated banners.

invalid word play!

As a soi-disant word policeman, it's my duty to remind you that the phrase, begs the question does not mean what you think it does. Instead, according to Webster, it means: to pass over or ignore by assuming to be established or settled. Don't believe me? Look it up!

You're welcome!

Re:invalid word play!

Yes, there are various definitions, but none of them include the way in which the original poster used it. One might argue though that common useage dictates meaning, and therefore it now means just what I said it dosen't, but I wouldn't. :)

Re:invalid word play!

[Kythe]

In argumentation, begging the question usually refers to a statement in which "the truth of the conclusion is assumed by the premises" (Stephen's Guide to Logical Fallacies -- Begging the Question).

For example, stating "I hate school because it sucks" is begging the question.

Kythe
(Remove "x"'s from

perfect market capitalism

Bring the information out in the open, and we'll have a more even playing field.

Not only will we have a more even playing field, we'll have the playing field that economists are talking about when they advocate free markets.

Too many people espouse a laissez-faire Libertarianism as their religion. It's a set of superstitious beliefs that certain things are moral and other things are immoral. These infidels sully the name of free-market capitalism with their confused faith-based approach to markets.

Truly rational economists understand that free-market theory includes the assumption of "perfect information", i.e. both parties to any transaction share equally in full knowledge about the transaction. We will only approach "perfect information" with a heavy dose of government regulation, enforced by spying, subpoenas, and guns. And only then will we be free from the vicissitudes of rapacious monopolists and laissez-faire mystics.

Moderators, do not moderate this up as it uses bigger words than you'll ever learn.

Re:Free protection against *all* bad cookies

It's quicker to enable a read access on the odd occation i *want* to feed some site a cookie. But would the write-only approach work? I like to change the contents of cookies to see what happen also :) It's MY computer - my files. I rule. Somone should really redefine cookies and call them by their real name ...err.. trojan cookies?

"I once knew a virus named Cookie.."

My doubleclick.net solution

At first, I just had it blocked in junkbuster. But then I noticed them using https to sneak ads through. (128 bit encryption, too - impressive, given that most e-commerce sites only do 40.)

So I admired their ingenuity and brought out the Big Guns. My nameserver is now authoritative for doubleclick.net, and no hosts exist. (This is like the /etc/hosts solution some people have, only more so.) For a second layer of coverage, all of the IP addresses I could find are firewalled off.

And, of course, junkbuster is set to eat all Referrer: headers and cookies. As is the browser.

I haven't seen a web-bug that's sneaked through in a considerable while.

BTW, has everyone explored Slashdot's ad server? http://209.207.224.220/index.pl?op=runs is quite interesting, although it's pretty boring after my junkbuster config gets through with it.

Shop Button

Netscape was designed to fuck the user all the way back to the 2.0 series.

Corporate motto for the day:
Lie, lie lie.

Netscape is no better than AOL, no pun intended.

Re:Anyone know a way

yes.

see www.junkbuster.com

does exactly what you ask, and you can modify the cookie allow/disallow list.

Junkbuster

Of course there's always Junkbuster. More info available at their site, but the gist is that it's a proxy that filters banner ads and cookies. I use it both on my laptop when i'm roaming, and on the network at home. Evil places like doubleclick can be completely dropped from ever giving or reading cookies from your browser. Of course, making those pesky banner ads disappear is easy too, I haven't seen /. with banner ads since I started using it. :)

Regularly updated blocklist

Try here. Junkbuster blocklist that's updated weekly.

http://12.23.79.8/blocklist

I don't like it.

Cookies are other people meddling with my puter. I hate them. (Foorst.. poost?)

Re:Solution for unwanted cookies

A better idea (off the top of my head, haven't tried it) would be to simply (under BSD) chflags uappnd ~/.netscape/cookies. chattr whatever the linux equivilant is

Re:Would this make any difference?

Yeah, I sorta feel the same way when that giant penguin stamps on the Microsoft campus

Linux, of course. Why?

It's a sleazy desperate substandard scam?

Re:Free protection against *all* bad cookies

I'd prefer to let DoubleClick give me those cookies, and then overwrite them. This way, they track me for a few hours at most, then my ID is deleted. They will assign me a new ID next time I get an ad. So I'm basically filling their database with garbage, the same way they're filling our hard drives with garbage.

Re:Junkbuster (again)

LOL
There are people spamming for Junkbuster. Try busting yourself.
;-)

Re:Mozilla and offsite cookie refusal?

From http://www.mozilla.org/wishlist-faq.html :

3. Cookie Acceptance/Javascript Toggle Depending On Site

Mozilla currently supports cookie acceptance on a site-by-site basis, and may do so for Javscript in the near future. Enhancement requests are filed for the Javascript issue and for applying this to a range of preferences.

*****

7.Advertisement Blockers

There are various ways you can do this already, and it will probably possible to write a Mozilla plugin to do this. However, this proposal is very badly thought out as it will reduce the revenues that web sites get from advertising, which keep the majority of the web free of charge. Hence it is unlikely this will every appear in Mozilla or Communicator. This may eventually appear indirectly however, since things such as preventing popup windows and having preferences differ on a site-by-site basis can achieve this (these are above).

Simple

Simple. IDcide is taking your cookies and your data and who knows what they'll do with it. Probably sell it.

junkbusters--question...

I'm running junkbusters on my machine and I love it but after reading that I'm a little nervous. Doubleclick banners are not shown on my machine. Does that mean that doubleclick is not getting anything from me or does that just mean that banners are blocked but doubleclick is still getting my data? I'm sure there are others who have this exact question. thank you..

Re:junkbusters--question...

[PopeAlien]

From the Junkbusters FAQ -http://www.junkbusters.com/ht/en/ijbfaq.html

"The Internet Junkbuster Proxy TM is free privacy-enhancing software that can be run on your PC or by your ISP or company. It blocks requests for URLs (typically banner ads) that match its blockfile. It also deletes unauthorized cookies and other unwanted identifying header information that is exchanged between web servers and browsers."

Because Junkbuster is a proxy server it is blocking access to whichever villains you have defined.. It is not just blanking out graphics.. In this case if you can't see them, they can't see you.

-

Am I missing something?

I read the piece about why offsite cookies matter, and it seems the author is worried about the links on the ads containing personal information. These are just cgi parameters - surely they won't get passed to doubleclick unless you actually click on the ad?

Re:Am I missing something?

[Hammer]

I'm afraid that you are wrong... The HTTP pipe is there while loading the page and the cookie does get sent back. (and again if you click on the ad...)

Re:Am I missing something?

[devjoe]

Those parameters get passed to doubleclick when the page loads, because they are encoded in the URL for the ad image. Your browser gets this URL, and not knowing any better, sends it on to doubleclick in order to retrieve the image, because that is what is done with image URLs on a web page. Ad URLs don't have to be done this way -- but targeted ad vendors pay more money to web sites that provide targeting info, and the simplest way of doing this is appending the entire URL of the page you're loading to the URL that is sent to doubleclick. However, some sites (as described in the story) include possibly sensitive information in some URLs, and blindly include this in the URLS that get sent on to doubleclick.

Re:Would be nice to play hardball

I like this a lot--it doesn't just protect me, it ends up also protecting my clueless websurfing grandmother.

Re:Funny!

Perhaps because the comments did not exist when the person started to write his post. If you actually spend some time composing your post, preview it, edit it, preview it again, revise it, etc, answer the phone, etc, it might take you 15 minutes to submit it. By then other people may have made the same post.

But you knew all that, didn't you?

What we REALLY need is a SCRAMBLER

I want a program that will accept the cookies and scramble every one of them that's used by advertisers/marketing firms to FOUL their databases as well as render any attmpts to track me useless.

Re:What we REALLY need is a SCRAMBLER

[Wolfier]

Very good point - modify our cookies whenever someone asks for it - if it is doubleclick or alike, modify the cookie for it to contain useless information.

The point is, they cannot complain about their database being screwed because they are doing the screw-ups themselves.

If I had my moderator points I'd moderate this right up to the top.

Ads

I do not mind giving information about myself --BUT I want something in return for that information, at least provide some sort of service, rather than eating my bandwidth. I do not want to be bugged and followed. This is just going to get worse.

This is what MValue is for

[jeremyf]

You whine and whine and whine when me and my friends spam you all how to avoid it, and then you whine and whine about the problem...

Similar program

Here's a similar program. It doesn't deal with DoubleClick - instead it removes Aureate "spyware" from your system (win32 only). More info/download here

Anyone notice...

The banner ad at the top of CNN's website (I suppose not since you alll got them blocked already). I thought it was pretty funny though.

Also I like the quote from their president...

"We found out that this is a big issue when we started working on another personalization tool that infringed on privacy," says co-founder Ron Perry.

Am I the only one who has doubts about installing this thing? Closed source, patent-pending technology from a group that was involved in infringing-now-protecting our privacy(I'll be honest I didn't see any mention of the license on their website, but I didn't see any source offered either). Sure there are ways of finding out if this thing works, and I'm sure I'll hear about it if they don't via a Slashdot headline, but screw being an early adopter for this one...

Re:That's not what it says, nor what it does...

I can't think of any good reason, other than ads, to send a cookie with a graphic image

Sometimes you might want to set more than one cookie. The cookie spec doesn't allow for more than one per set of headers.

But the whole off-site/originating server thing is nonsense anyway; a simple workaround for sites would be to have some proxy happening on their server to a Doubleshit or whatever server, simply passing info between the two. Your browser would then accept the cookie but the data is still getting to and from Doubleclick.

Cookies suck anyway - find a web site with a real designer who can make your session last for the whole time you're at the site without using cookies. Cookies were only for per-session permanence anyway.

Ciao

Re:Give us built-in cookie-management tools!

[talon]

Amiga IBrowse has this neat feature. I hope Mozilla follows with something similar.

--

On off-site/non-image cookies (Was: That's not...)

[izzlazz]

Otto wrote:

The option they NEED, and the one I described, is simple: Only accept cookies originating from the same server as the page being viewed. Or perhaps, disallow cookies with non-HTML files. I can't think of any good reason, other than ads, to send a cookie with a graphic image.

Actually, I co-maintain a small site which uses cookies in off-site non-html files. This is used to customize the style sheet used in some otherwise static HTML documents placed on a separate server. The style sheet doesn't set any cookies, of course, but it does rely on the browser to send the cookies as part of the HTTP request. I can think of similar uses of cookies to choose between different image files based on the cookies set in the browser.

Ignoring "SetCookie" headers in off-site/image file responses, as you suggested, is probably okay, although someone could probably think of a non-advertising related case where that functionality is useful. Just make sure not to kill the (IMHO very) useful functionality described in the previous paragraph.

Patents

[Samus]

It mentions in their faq Patent pending technology. I wonder what the pending patents cover?

Re:No, not really...

[red_dragon]

Actually, it doesn't work that way either. At least not with Nutscrape. Theoretically.

The Preferences dialog box in Netscape 4.x reads "Only accept cookies originating from the same server as the page being viewed." So, let's say that the page's URL is http://foo.com/qux.html. qux.html has an IMG tag that refers to http://bar.com/cgi-bin/adcrap?blahblah, causing Netscape to open a new HTTP connection to bar.com. bar.com may send a cookie to Netscape, but if you chose the option mentioned above (not the default, BTW), this cookie won't be accepted, because the page came from foo.com, not bar.com.

This is only theory. I hope this is how Nutscrape actually works. If it doesn't, screw Nutscrape.

Mozilla and offsite cookie refusal?

[onethumb]

Unfortunately, I don't have M14 on this machine, but I installed it at work 2 days ago and could swear there's an option to refuse cookies that orginate from sites other than the current one.

Anyone else got M14 installed and can check?

Re:Mozilla and offsite cookie refusal?

[Mickey]

Hey, where is that list of servers from whom I can refuse? Is it a configuration file, or can I find it in the menus?

Re:Mozilla and offsite cookie refusal?

[WD]

Mozilla has a GREAT cookie management feature:

You can (as with Netscape), refuse cookies not sent to the original server. Plus, you can edit a list of servers you flat-out refuse to accept cookies from. You can create a similar list to refuse loading images from servers, too. Check it out!

Re:Mozilla and offsite cookie refusal?

[hypergeek]

Yeah. If you check the "Remember this decision" checkbox, then your acceptance or refusal of the current cookie applies to all cookies on the site, until you remove them from your always- accept/reject list.

Lynx also has a similar feature, where you can choose to always or never allow cookies from a given domain (and AFAIK Lynx had it first).

Now, if only there were a feature to reject all offsite cookies and images...

--

Re:Better solution - Junkbuster

[Booker]

Strange... I have it on my NAT box, with no problems.

---

Re:Give us built-in cookie-management tools!

[mykmelez]

Mozilla has cookie management, a sidebar, an open-source development model, built-in RDF for real-time updates to data in the sidebar (see f.e. the bookmarks tab), and an article on how to do it.

That means the only thing they are missing is you writing the code. Go to it!

Mozilla does this

[JungleBoy]

What we really need is a list of domains and subnets to which we may silently refuse cookies.

Mozilla does this. In the Preferences, under Advanced->Cookies I choose "Accept only cookies that get sent back to the original server" AND "Warn me before accepting cookies." This will enable the cookie manager. Now when ANYONE offers you a cookie, not only can you accept or reject the cookie, you can tell Mozilla to remember your decision.

You can then go to Tasks->Personal Managers->Cookie Manager to manager your cookies. From there you can view and delete cookies under the "Stored Cookies" tab. Under the "Website Settings" tab you can see which sites can or can't set cookies. By deleting entries from here you will be questioned about it the next time the site tries to set a cookie.

For example, The only cookie I have stored is the user cookie from /., also /. is the only site allowed to set cookies. For the first several sessions the user has to make a bunch of choices on who can and can't set cookies. But since these are remembered between sessions, eventually you don't have to bother with cookie choices to much.

I think this is a great method of managing cookies, I don't see need for anything else, nor can I think of anything else that could be added.

JungleBoy

Who decides?

[Miskatonic]

I hate to sound like a pedant around here, but it's worth pointing out that since IDcide is closed source, you are relying on your trust of their company to determine that there aren't any "hidden" features to this software. It's not too farfetched to imagine that this utility is also secretly sending out private information, just the thing the user is trying to prevent by using it.

As another poster noticed, this program modifies your cookies with something about "qbots.com", which turns out to be a parent company.

I'm sure a little packet sniffing could turn up something...

Re:Doesn't work under Linux :-(

[orabidoo]

I've found it works better when I *don't* have a local webserver getting the requests. So the thing to do if you're using a local Apache, is to tell your apache explicitly to bind to the 127.0.0.1 address, and use your /etc/hosts to redirect doubleclick and others to 127.0.0.2 (note the 2). it's still on the 'lo' interface, so it doesn't get out to the network, but apache won't get the hit.

Re:Mozilla From the mouth of a developer.

[Yenya]

There is an image checkbox that does the same thing! Which blocks images (read ads) from servers that aren't the originating server.

It is not useful (at least until it is possible to fine tune it), because many of the web sites (like /.) have a separate server for images, highly tuned for a static data (khttpd?). So with these sites it would be the same like disabling loading the images at all.

I think there should be a more fine-grained solution. And why implement any in browser, when there is a separate one (JunkBuster, available even in RPM format).
--

Re:Funny!

[um...+Lucas]

*.doubleclick is kinda harsh... but then i guess you'd never want to go to their website to read stuff like their press releases where maybe they'll announce something that retroactively rights their wrongs...

Re:Funny!

[um...+Lucas]

And I just imagined newbie following your advice, then deciding to go to DoubleClicks website to find out what all the fuss is about, only to see a big welcome to apache page.

As for my logic, I know... It can get rather twisted logic sometimes.

But a LOT of websites exist only because of monies they get from DoubleClick. You may not like it, but it's the simple truth.

Re:Funny!

[um...+Lucas]

I thought your original tip was for editing your hosts file?

Anyways, did you hear that DoubleClicks CEO stepped forward publicly and put his foot in his mouth by saying that he had grossly miscalculated the effects that his company's actions would have on people's fears about losing their privacy and vowed to discontinue all of their data merging/matching programs?

Yes, DoubleClicks site isn't the best place to find commentary about what they were doing wrong, but its' a great place to look to find out 1- their side of the story, and 2 - what they're doing about it.

Re:iCab/Mac's Cookies features

[Bongo]

...based on my own habit of locking the cookie file...

I'd never thought of that. I'll try it :)

Re:iCab/Mac's Cookies features

[Bongo]

Presumably each site is free to decide the data format of it's cookies... looking through my own cookies I see some contain plain text while others are non human readable... making passing false info to the enemy tricky...

BTW, can sites read all cookies... or are they somehow limited by the browser to the ones they themselves set?

Re:iCab/Mac's Cookies features

[Bongo]

Yep, iCab is fairly sweet. I'm looking forward to when they finish the feature set.

BTW, have you ever, ever ever seen iCab smile?

Re:Rejecting offsite cookies

[Hammer]

There is a simple solution to the banner ad problem (GIF's and cookies)
I use Internet Junkbuster witch is OSS. IJB home I can specify domains that are banned as well as regular expressions to ban anything from a site.
I do not see anything from doubleclick, blockstackers etc. That keeps my privacy as well as speed up my page loading...

Re:Not in M14

[robinjo]

M14 is ancient history. They are old pretty much already the next day after they get released. That's why you should always get a nightly build. Especially if it's a long time since the last milestone.

In my Mozilla build 2000031715 the cookie setting is: "Accept only cookies that get sent back to the originating server" while M14 had that old setting you mentioned.

/dev/null

[spreer]

I used to keep my cookies symlinked to /dev/null.
Cookies?
Sure, I'll take you're cookies. I just put them right over here...

Re:/dev/null

[Wolfier]

"used to"? So what are you doing now, is it any more effective than /dev/null?

HTTP referer vs. cookies

[Skapare]

First of all, has anyone gathered a list of site using doubleclick? This should be easy enough to get, given the fact that said sites will reference doubleclick in some IMG tag. Soon we could have a complete list of all their business relations, and potentially use that data for something, maybe. Anyway, I figure it just might be interesting to turn the tables on them, and since it would be a new compilation of information, the copyright ownership would not be theirs.

Now, if the browsers didn't pass cross-domain or cross-host HTTP referer information on requests that also had a cookie, we could could still get the benefits of cookies within a site, but the request for the ad image would have no referer data. What would DoubleClick do with no referer info? Refuse to give is the ad image? :-)

Since I just happen to be setting up a squid proxy this week, and I always compile primary services from the latest source code, I figure I'll take a peek under the hood and see how easy it would be to make it modify the request so that if the domain of the cookie and the domain of the referer do not match, discard one or the other, or both, of them before sending on the request.

IDCide may be the next Amazon, so I'll pass:

[CodeShark]

Not only is their product not available where I want it (Linux/Mozilla), I saw this on their FAQ page:

"IDcide's patent-pending technology automatically distinguishes between persistent cookies sent to the site you are visiting and persistent cookies that are sent to external sites. "

Hmmm. Seems to me if the code I am presently working on (which allows the user to set a preference on my site as to whether or not they wish to receive third party ads/cookies/etc., participate in demographic surveys, etc.), then I might be in violation of a patent. Or if I take the same logic and create a plug in for Mozilla, I'm in violation of patent law. [If I were to reverse engineer the technique (which I don't need to), who knows how many laws I'll be in violation of by the time this type of crap is over...]

So IDCide? No, I decided already -- skip it, and find some prior art to defeat their patent as well.

Re:Rejecting offsite cookies

[Otto]

Erm.. Not sure what you're using, but that option is NOT in Netscape 4.6...

There's a "Accept only cookies that get sent back to the originating server" option, but if the GIF comes from another server, then it's all good.

This should actually be real simple to implement. In your cookie routine, do something like: if (cookie.hostname != address_bar.hostname) return without_setting_the_damn_cookie..

Or something like that...

---

Junkbuster (again)

[tweek]

I think it's great that all of these companies are creating products that do all these things but I *STILL* think junkbuster is the best solution. I would prefer that I only get cookies from the sites I allow and that's it. Nothing more. junkbuster follows the best security model. Denied unless explicitly allowed. There are average users here at the office who still have dialup at home and have installed the win32 version. If they can do it, anyone can.

Re:From passive resistance to Active Disruption

[3trunk]

Even better - what about a simple Perl script that you would run a couple of times a day that would trawl through your cookies file and simply fill the data field with useless junk (or even better, carefully encoded incorrect values)

Re:Cookies were a good idea but..

[GroundBounce]

Good post, but if you are quoting JRRT, your
sig should say "Not all those who wander are lost" instead of "Not all those who wonder are lost".

Disable them without causing problems....

[TomQ]

I have a much simpler method of disabling cookies...just make your cookies file read-only.
I have stuck my Slashdot cookie and one or two more for sites I want to autologin to and then read onlyify (sic) my .netscape/cookies file - and it works. Sites that insist on sending you cookies work fine but nothing is saved....
just my two euros...

tom

Re:Disable them without causing problems....

[Wolfier]

Doesn't work all the time - there's something called "in-memory" cookie that cannot be set permissions.

Only if we can turn off memory-based cookies...

Junkbuster Proxy

[gocubs]

Doesn't exactly sound revolutionary to me. In fact, this sounds a lot like what the Junkbuster proxy can do, which runs on Linux and Windows, can also block ads, and is released under the GPL. http://www.junkbuster.com.

Re:Doesn't work under Linux :-(

[double_h]

And this sometimes happens with Slashdot, of all places! Anyone know why? Ideas for a fix? (Junkbuster is out, only 64MB RAM here :-(

64MB is *PLENTY* of RAM for Junkbuster. I run it on my work machine, a PII-266 Linux box with only 32MB. I just checked with top, and Junkbuster is only using a little over a meg of RAM (1332K). And that overhead is more than made up for by the bandwidth, memory, and disk space that was formerly being used to load and display banner ads. I can't recommend Junkbuster highly enough.

Not good enough !

[slashkitty]

These days, there are lots more ways for the AD authorities to set cookies on your machine. Just to think of a few:

IFrame Ads
Layer Ads
Javascript includes I like the idea of blocking the AD domains better.

Already in Netscape?

[mcj]

I thought a similar function was already implemented in Edit -> Preferences -> Advanced -> 'Only accept cookies originating from the same server as the page being viewed'

Better solution - proxy filter!

[Rocky+Mudbutt]

Or any of the squid filters.
I like sleezeball but the idea is generally understood and sound.
Are there any publicly available proxies that filter ads? Has anyone written a filter that specifically looks for image cookies and filters them?
What a public service this would be!

Junkbuster and cookies

[FascDot+Killed+My+Pr]

The biggest problem with Junkbuster is that you can't configure it to ACCEPT cookies. There's an option for it, but it doesn't seem to work (at least not the version I'm running--is there a newer one?)
--

Re:Junkbuster and cookies

[nothingface]

Actually you can, well since Version 1.2 according to the docs (and it works for me on version 2.0.2). Just add the URL of the server you want to accept to the "cookiefile". You can use masks there, too, and if you don't care about privacy just an asterisk (*) on a line by itself will allow all cookies. If there is no cookiefile specified, all cookies will be denied (this could be how you're setup). If you go to http://www.junkbuster.com/cgi-bin /show-proxy-args and have Junk Buster running, it will list the arguments that server is running with. Check out their site, they have pretty good docs there.

Proxomitron Rocks

[ConceptJunkie]

Proxomitron is an implementation of a very simple but effective concept. It filters the HTML (body as well as headers) coming in and going out.

It's only for Windows (which I use) as far as I know, but the idea should be easily implementable on any platform. The real brains are the configuration file (i.e., what tags to filter).

Re:Not in M14

[mikemulvaney]

Um, M14 says "Only accept cookies that get sent back to the originating server". I don't think they changed the meaning of "originating server" by swapping the location of "only" and "accept".

Can you test the version of Mozilla that you are running? I would be interested to find out if they changed this "originating server" business to mean what everyone assumes it does instead of what it actually means.

Actually, now that I think about it, I am more scared than ever. Does that radio button mean that cookies are normally allowed to be sent to a non-originating server? I fail to see why anyone would ever want to allow that.

Mike

Re:My method (for IE)

[mikemulvaney]

I do the same thing, but I don't allow cookies in the default(internet) zone. If a site ever complains "you need to enable cookies", then I put them in my trusted sites folder if I think it is worth going to that site.

Actually, I allow per-session cookies but not persistent ones. Most well-behaved web sites are ok with this, but I wish more people would follow a more polite cookie checking scheme:

if (!set_persistent_cookie)
if (!set_temp_cookie)
show_the_you_need_cookie_page

Mike

Easier solution

[jfedor]

Wouldn't it be easier just to disable downloading images that are 468x60? This fixes the problems with ads in general. :)

-jfedor

Re:iCab/Mac's Cookies features

[sjx]

I must admit, having briefly seen Alex Clauss's efforts with iCab, I was quite impressed. It's a shame that the previous web browser he coded crashes so much he abandoned development, but it looks like he learnt a few things since then. :)

Re:Doesn't work under Linux :-(

[mircea]

Junkbuster is out, only 64MB RAM here :-(
And why so? I run junkbuster on this Linux machine with 40M, and on a NT machine with 64M, and it's perfectly fine on both. Has been for the past year or so.

"IDcide" -- oh, I get it...

[RomulusNR]

ID-cide...

...Meaning they kill my identity?

Solution for unwanted cookies

[plaa]

chmod 400 ~/.netscape/cookies

Of course, when I want to get a cookie (e.g. from /.), I have to change it to writable (temporarily).

Re:Solution for unwanted cookies

[mcrandello]

chmod 400 ~/.netscape/cookies The Windows users out there can find the cookies.txt file, delete everything right below where it says "do not edit" (Ha! Warning labels my ass!) then save it, right click the file and set it to read-only. Or leave in there Yahoo and /. login cookies. The one problem this has though is that I think netscape still stores cookies in memory until you quit, whence it tries to write everything to the cookiefile. Meaning that someone is likely still able to track you somewhat if you fill out a form anywhere along the way...I've since abandoned it in favor of blocking the urls of the known offenders :-)


mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.

Hmm.. Right idea, wrong implementation.

[CDanek]

Unfortunately, this isn't going to do exactly what you want it to - what's going to happen is that (assuming they do manage to successfully link your IP/Cookie info with RealLife address info) you are just going to get more 'less-targeted' advertising info. Who's to say you aren't actually browsing those sites your friends distributing your cookies are?

In enough numbers, and with enough vocalization, sure, this might be a solution, but in enough numbers, opting out would be just as loud if not louder, because it has a definitive impact - less cookies. And that's going to be the key. And a suplex to doubleclick employees now and then.

cd

Re:Free protection against *all* bad cookies

[readams]

A much simpler solution is to make the cookie file read-only. If you find a site that is giving you cookies you want to keep, change the permissions temporarily. And remember to opt out of DoubleClick is you don't want to do this.

Re:Actually, Netscape does this...

[Kyrrin]

The feature that *I* would like to see In the next netscape/Mozilla is one that allows a regex list to specify domains to allow or ignore cookies. I realize that I could do this with Junkbuster, but Junkbuster does some things I don't particularly care for so I don't run it. Adding this ability into the browser really is trivial given the overall complexity of the project.

This function is available in iCab, which is, alas, Macintosh-only. It's still in beta, but it's the best damn web browser I've ever seen. It knocks Mozilla out of the water. It's small, fast, contains an HTML validator that can display error reports, ties in to a whole slew of Mac-native applications such as BBEdit, has intelligent cookie and graphics handling, and -- which blew me out of the water -- lets you turn off the goddamn <BLINK> tag.

It's stable and incredibly useful. Future releases plan to support Java and CSS. I haven't opened Netscape or Mozilla since I downloaded it. If you've got a Mac, try it. I doubt you'll be disappointed.

Re:Doesn't work under Linux :-(

[thrig]

Either try changing your /etc/hosts file entry to 127.0.0.2 (untested), or, in my case, I hacked the apache conf file on my machine to read:

RewriteCond %{REMOTE_ADDR} 127.0.0.1
RewriteRule ^.*$ /foo.gif

Assuming you have mod_rewrite compiled and you don't use localhost for anything else (e.g. testing the website)

foo.gif is a 1x1 GIF that should load plenty quick.

There's probably a better way to do this, but the above works well enough...

Simple anti-Doubleclick technique

[spudboy]

It's fast, it's easy, and it protects your whole network, not just your one brower. It's the Pigdog DoBBS (Denial of Big Brother Service)

Hosts file

[Jason+Pollock]

Of course this doesn't work for the slashdot ads.

Re:Funny!

[hattig]

PS: That is the C:\Windows\hosts file

Gah, I hate Windows, but I have to work with it. Luckily, Caldera OpenLinux installed without a hitch on my home laptop machine, with PCMCIA CD-ROM! No boot floppies required at all, and quite pretty.

Re:No, not really...

[TheTomcat]

You misunderstand HTTP.

Perhaps he does, but you misunderstand how much a browser knows. The browser has the ability to detect whether or not the image within a page is from the requested domain. The browser is well aware of whatever is in its location field. If the domain doesn't match up with the domain in 'location', it doesn't send the cookie.

Now whether or not this WORKS, I'm not sure, but in theory, it's very possible, and this is what the original poster was describing, not persistent HTTP connections. As you pointed out, it's impossible to persist between two domains.

This is similar to when the browser warns you when you've requested a secure document and have been forwarded to an insecure document.

The Pun!

[SmileyBen]

...that is brilliant. That is soooooo clever! I'm actually sat here gawping at the monitor. That is AMAZING!!!!

Good suggestions

[cwhicks]

There are some good suggestions in here for adds to the browsers.

However, my concern is with the unwashed masses. "We" will look through the list of cookies coming through, and make adjustments, but we are a tiny percentage of the population. My desire is not so much to protect our community from the spies, but to immasculate the spies on the web entirely.
What was the statistic that 97% of all net users have never downloaded a program? So junkbuster/webwasher whatever isn't going to cut it.
Mozilla (Netscape is now owned by "the Man" so I doubt they will do anything) needs to put in these fixes as well as a simple filter thats "on" by default. How many posted here even knew the "send cookie to requesting server only" setting existed in Netscape, and we are the knowledgable ones. Anything that doesn't come installed and turn on is not going to put a dent in the incredibly lucrative business of spying on the the unknowing internet masses.

Re:iCab/Mac's Cookies features

[toh]

>BTW, have you ever, ever ever seen iCab smile?

Sure, anywhere at w3c.org, or occasionally at a couple of other web design oriented sites. Plus icab.de itself, of course. ;)

iCab's cookie management features are great, although I sidestep the issue by using it to simply filter images from doubleclick entirely (no HTTP request is ever sent). I actually proposed the "accept only for this session" mode to the author (based on my own habit of locking the cookie file (or resource) once it has the few persistent cookies I want in it) and was pleased to see it incorporated into the very next version.
In fact the whole browser is more customisable and tightly-coded than anything else I've seen. The page rendering speed could be better, though (MSIE is still faster at the moment).

Re:iCab/Mac's Cookies features

[toh]

It works well in every browser I've tried except for Windoze IE (it's also somewhat trickier for Mac IE, but it does work there with some minor Resedit hacking). Since I have no need to use Windows and less to use IE there, that hasn't been a problem.

Just unlock the file (or leave it user-writable for a Unix version of Netscape) and visit the sites you want persistent cookies from, then edit the file and make it read-only. After that you can "accept all" cookies and know that any new persistent ones will simply be lost when the browser silently fails to update the cookie file. Sites tracking you by cookieology will still be able to get short looks at where you go, but not an extended user profile.

One idea that I haven't yet pursued is manually devising a cookie for sites like Doubleclick that would either be dropped by their tracking mechanism, mislead them for those short windows by taking the place of the cookie they'd like to send, or perhaps even poison their database (depending on how lame their software is). That might be an interesting and useful thing to leave in one's read-only persistent cookie store. ;)

Re:Actually, Netscape does this...

[pkj]

I'm pretty sure that cookie limiting feature has existed in netscape well before the 4.x releases. I'm pretty sure that it existed in the 3.x releases, and it may have even existed in the 2.x releases.

However, even setting it to "return cookies only to host that sent them" (which isn't the default even though it should be) doesn't really help in the case of doubleclick and banner ads. Because the banner image is served from doubleclick, they can easily monitor and track *all* the sites that you visit.

The feature that *I* would like to see In the next netscape/Mozilla is one that allows a regex list to specify domains to allow or ignore cookies. I realize that I could do this with Junkbuster, but Junkbuster does some things I don't particularly care for so I don't run it. Adding this ability into the browser really is trivial given the overall complexity of the project.

-p.

Re:A simple lightweight solution to dblClick

[Fjandr]

yup.

Re:Free protection against *all* bad cookies

[Paranoid+Diatribe]

Link it to /dev/null. Works for me.

Re:Give us built-in cookie-management tools!

[matman]

Well, what I'd like to see more, is a plugin that acts like the junkbuster proxy. That way, you can just filter those URLs. (automatically not get stuff from that domain)

Other products out there

[penguinicide]

RealMedia had a product caled PrivacyProxy last year, which removed the cookie issue as well as a few others (referrer, ip-address, etc...). I think it was meant for websites only though, who were delivering ads from other sites (like DoubleClick).

Re:Actually, Netscape does this...

[Eponymous,+Showered]

Whatever it is that you don't like about Junkbuster, you can turn off. I use it only for blocking cookies. Not being sufficiently anarchist nor socialist (in the strictest senses of those words), I still look at ads - we wouldn't have /. without ads. I also have it alter the referrer, but any or all of this could be turned off.

Re:Doesn't work under Linux :-(

[Eponymous,+Showered]

I'm running Junkbuster on a 486 w/ 20MB RAM. Junkbuster is currently using 1.3 MB. I suppose that's not chicken feed, but it shouldn't kill ya, either.

Would be nice to play hardball

[Tau+Zero]

This should actually be real simple to implement. In your cookie routine, do something like: if (cookie.hostname != address_bar.hostname) return without_setting_the_damn_cookie.

Better yet, something like this:
if (cookie.hostname != address_bar.hostname)
{
add_to_no_image_load_list(cookie.hostname);
return without_setting_the_damn_cookie
}

This would cause sites which hand you a cookie to be placed on a 'no reference' list, so their ads don't get loaded again. Sites which patronized those banner-ad providers would find their impression revenue dropping off immediately, and would have a strong incentive to switch. If you want a way to play hardball, that's a good one.
--

Re:Would be nice to play hardball

[gfxguy]

How about: every time I see a banner ad, I view that image to see exactly where it's from. Then I go to my sblock.ini file for junkbuster, and add the domain to the list of blocked sites.

As far as cookies are concerned, I only have cookies enabled (again, using junkbuster) to trusted sites...my bank, slashdot, etc. And never even have to bother with answering Netscape's "This site wants to send you a cookie" prompt.
----------

Re:Would be nice to play hardball

[karmatrip]

my way of playing hardball: drop the fscking server into the ipchains.deny. of course, some browsers don't quite like this, so a better workaround is used: instead of having the firewall route traffic from the internal lan to the offending banner server, send it to another server that simply sends a blank .png no matter what you ask of it. something like that. hmm.... another thing for the to-do list.

Re:From passive resistance to Active Disruption

[Big+Wob]

This is slightly off-topic, but the same strategy can also apply to more "traditional" forms of commercial information gathering.

Somehow I got sent a consumer survey application form promising "wonderful prizes" so I sent it in and for every survey they sent me I pretty much filled it out at random. So somewhere out there, some marketing database thinks that I'm a 75 year old satanic reverend with four kids named mephisto, diablo, baal, and jane; I'm unemployed and live in a trailer home but I make over $100,000(US) a year; I have no phone, no computer, no television, but I own a modem. Oh yeah, forgot to mention that my 9-year-old daughter Jane is pregnant with my baby. I'm just waiting for the day the FBI comes banging on my door... :)

Another thing that's not quite as fun to do but still effective is to tell telemarketers that they've called the wrong number when they ask for you by name. A friend of mine used to work for a telemarketing firm and he told me that the GUI front-end for their dialing system had a button marked "wrong number" that would allow them to flag your record, presumably to be cleaned or filtered out of the dialing system database so that they don't call that number again. Unless there's some way to make caller ID work in reverse, I don't think there's any really cheap way for telemarketing firms to instantly re-verify your phone number.

Re:From passive resistance to Active Disruption

[bifurcator]

That's a nice idea and has been suggested by other people in the top thread, except I am not bent on fucking up DoubleClick's database. All I care about is that my personal profile is fubar.

There are countless other banner ad companies besides DoubleClick, and you can't fight them all the way you propose. That would take too much effort. On the other hand, it would be relatively easy to add a fuck-'em-up option to the IDcide software that would do it for you automatically along the lines I speculated in the parent post without your having to lift a finger.

Sure, most people would be too lazy and/or clueless to use such an option but then again, I am not on a crusade to dismantle DoubleClick or the likes of it.

They'll force you to download HTML next.

[hautis]

Come on. If Internet Explorer ever starts to refuse all GIF cookies, the ad people will start
pushing you HTML in small frames or, even more annoying, little popup windows.

Even now there are certain sites I cannot access, because the site administrators have set their pages up so that if I don't load the DoubleClick banner, I will not see the page. Or then they redirect their pages via doubleclick or something.

I have WWWoffle in my home network and it doesn't ever fetch anything from doubleclick.net.

Re:Not in M14

[puppet10]

In case you don't know about it, you can get IE power toys(tools?) that allow you to move something from the default to the trusted or restriced zone just by clicking on a menu item, rather than going in and explicitly adding it to the zone you choose. I agreee its not perfect but it does make it pretty easy to deal with cookie and javascript (although it is a pain on the sites that use www1.company.com, www2.company.com, etc. since they are all considered individual sites).

Privacy Solutions

[voidzero]

There's an informative chapter on User Tracking at the Web Tools Review. Have a gander at Erik Rossen's advice in the Reader's Comments section at the article's end.

On a related note, Zero Knowledge Systems sell a 'total internet privacy' program called Freedom. Have a look at the FAQ. Has anyone experience of this product? What are your impressions?

raw cod annoy sumo

Boycott companies who supply this information

[FattMattP]

One thing that I haven't seen people mention is that companies like DoubleClick aren't the only perpetrators. Yes, their ads load on certain pages, that's true. But for them to be able to harvest information such as telephone number and address, they have to get to submitted to them somhow. That happens via the sites we visit that use their ads. I don't think we should be give any information to companies that participate in DoubleClick's scheme.

Re:Funny!

[nachoman]

why don't people read all of the comments before they post. This same solution (but with some different sites) is listed not 10 comments back.

Supposed to work: it's a known bug

[peterw]

The offsite cookies that are sneaked in via style sheets and other JavaScript nasties are not supposed to be accepted. This is a bit better in Mozilla, but not completely fixed, unfortunately.

See http://bugzilla.mozilla.org/show_b ug.cgi?id=9594

Yeah, that's right. These folks are marketing an add-on for IE to give it something Netscape has (tried to) offer for years.

-Peter

Re:A simple lightweight solution to dblClick

[Northern+Hunter]

My solution was to turn off Javascript.

> Don't forget to include you cannot be running httpd on port 80

Au contraire. On my Win98 box before I had a webserver on port 80, MANY webpages would take forever to finish loading and wouldn't show anything while it was loading, just as if the 'ad' was taking longer to load and delaying the page (half the reason I added all these places to my hosts file). Eventually my browser would figure out that the 127.0.0.1 was 'unreachable' and finish loading the page.

Only when I started a webserver on port 80 would pages immediately finish loading, with my webserver feeding the 'ad spaces' with 404's.

The problem you describe, of occasional pages snapping to a full page 404, only happens due to javascript tricks some advertisers use. Turning javascript off fixes the problem.

I would LOVE to do what Chris Hiner and crow have described, so then I can leave JS on (although I often have it turned off anyways for security/control concerns), and there wouldn't be all those ad-sub-boxes and ad-frames with the big 404 messages in them (hmmm, I should change my 404 page to something pretty instead!).

I tried to do what Chris and crow described, but I'm not using apache and didn't get as far as finding out whether or not I could do something similar to what he describes with my webserver (Xitami). And I couldn't get a plain 404 page to work, nor replacing it with an image. There was this one page/site that I go to regularly whose Javascript was validating what it got back... I didn't bash my head on it too long anyways, as I just decided to go with javascript turned off for such places.

I really need a convenient button that turns on and off Javascript... Or better yet a rules based evaluator that I could configure to let certain types of javascript run but not others.. (writing the rules for that would be fun :)

Solution: accidental redundant comments

[god_of_the_machine]

why don't people read all of the comments before they post.

It's happened to me before, by accident. Sometimes, I read the given posts and then start writing a long post, while someone else will have posted a similar idea in the meantime -- makes me look stupid through no fault of my own.

What we need is to set the "redundant" moderation to not affect Karma, so that we can quickly clean up redundant posts without hurting those who accidentally get caught in the time lapse.

Re:Give us built-in cookie-management tools!

[mcrandello]

I was thinking more along the lines of a little button that says "block this bastard", or maybe one that sends back expletives instead of any useable info every time that server tries to set a cookie.


mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.

Re:From passive resistance to Active Disruption

[Steeltoe]

You forget that anything you do to disrupt can be countermeasured. Why go to war this way? We should instead tell our friends and colleagues about this. Nobody likes to be targeted with ads or cynically tracked, but people must be aware before they can care.

I don't think companies care much for their databases. Of course they would like to have as much detailed information as possible. But just having a list of emails gives them enough of excuses to spew out more spam.

- Steeltoe

Junkbuster

[rlkoppenhaver]

I know it's been said already, but I'm going to take a second to plug the Internet Junkbuster. It's free, easy to set up, and lets you block cookies and banner ads on either a "accept only these" basis, or a "accept all but these" basis. I started using it a few months ago, and I love it. I very rarely see a banner ad, except those on Slashdot, which I chose to leave allowed.

Re:Cookies were a good idea but..

[|deity|]

True but the cookie still tracks you, and what you are doing for the duration of each session. So that really doesn't completely solve the problem.

Since the above does not apply to windows. In windows you can always delete the cookie file/s when you close your connection. To get the same result. Internet Explorer and netscape store them in different places but both are easy to find.

Re:Cookies were a good idea but..

[|deity|]

Thanks changed.

Re:Funny!

[BandSaw]

retroactively rights their wrongs.

LOL!

Thats great! using your logic, I've decided to let an infestation of termites back into my home, after having exterminated them last week.

'Cause, um, you know, they might be sorry, and retroactively right their wrongs..

In my view, Dblklik is indistinguishable from a parasite.. invades my private property by stealth, and attempts to steal my privacy

Oh, yes, I'm running junkbuster ... dead easy to install under Linux, and I can easily modify the block list (just a text file of URL's) to meet exactly MY needs.

Would this make any difference?

[BandSaw]

What I mean is, do you think the system in use now actually provides value to advertisers? I never clik on banner ads when shopping on line. I base my search on google, for example, go directly to the site I want. If I clik on a link from there it is to go to ups tracking, or to go from pricewatch directly to the vendors site.

Now, I know that marketoids will claim that they have full control over the brains of all humans, but when I see a banner ad, I always jump to the conclusion (possibly incorrect) that the product is either:

Sleazy

A Scam

Desperate

In some way substandard and in need of "marketing" to push it thru the "channel"

and I make a mental note to treat it with suspicion.

Re:Funny!

[BandSaw]

A few points..

When a newbie sets up Junkbuster, they have to go to preferences- advanced - proxy - and choose local proxy. The default choice is "direct connection to the internet" which I think is pretty self-explanatory. So if someone WANTS *boggle* to go to a busted page, the way of doing it is fairly clear.. set the prefs the way they were before, "direct connection to the internet"

Junkbuster does not go in and mess with the browser settings itself, on the sly.

As a side note, who (seriously) would expect to get a honest answer on what the "fuss" is about from a site which secretly spys on web users, and when caught claims it's no big deal?

I might as well go to the NetNanny site, et. al. (think encrypted block lists) to find out about peacfire. Companies who behave in sneaky ways on the web are unlikely, IMHO, to be truthfull.

It made Slashdot's ad stop working!

[The+Wing+Lover]

After I installed and enabled IDcide, it made about 1/4 of Slashdot's ads not show anything, and instead just show a broken graphic.

Re:Another obvious patent?

[mr_death]

IDcide's patent-pending technology allows cookies to be blocked according to the site you're visiting, not according to where the cookies came from!

(From the FAQ.) but why isn't offsite cookie rejection built into all browsers?

Alternative answer: because IDcide have patented it?

No -- patent pending means that they have filed an application, but the patent has not yet been allowed or issued. So, there is no legal reason (for now) for someone else to do this.

When the patent issues, things become a bit murkier ...

Re:Give us built-in cookie-management tools!

[skHalasz]

Vote for Bug 7380 in Bugzilla. "Support all prefs on a URL by URL basis" is the 4th most voted for Mozilla bug/feature request already.

NO NO NO

[ujuhh]

if we did this we would just be giving them more cookies, and therefore more revenue. i agree at fucking them up, but the best way to do it is by limitting their cookie intake. say they sold there info on us, companys would be looking for the largest data base, they dont know for sure if it is acurate, ( but the larger it is the more acurate they may assume. i am not a statistics expert). we should give them no cookies at all! that is the way to beat them.

Re:Anyone know a way

[nlvp]

If you'll read my message, I want my **browser** to do this.

Ah - So you want it built into your browser, I misunderstood, I though you just didn't want it dependent on outside influence.

JunkBuster isn't an outside source (unless you mean it's a different program). It's a local proxy, running on your computer, configured by local files and controlled entirely by you. JunkBusters have no influence over it once you've downloaded it. Unlike the Net Nannies and CyberPatrols or whatever out there, the killfiles have to be created by you (well, a killfile for URLs you don't want to see, and an accept file for Cookies you want to receive/send), it doesn't come with these, so you can selectively block or accept cookies based upon your configuration.

I don't want them to ship browsers with an added function for this or that special group that happens to understand something, or have special needs, because then there will be so many built-in functions that nobody uses that the programs will be bloated, and these programs are quite big enough as they are. I prefer the modular approach, where I can install a proxy or I can choose not to, and if I choose not to, it doesn't take up any space, hence a jazzed-up version of JunkBusters would be ideal.

As it is, what you ask for is exactly what JunkBuster does, and once it's on your computer, it's not an "outside source" any more than the browser itself. In fact, it gives away much less information than the browser does and protects your privacy and security as an added bonus, should you choose to ask it to.

Re:Anyone know a way

[nlvp]

I hate to be the 6th or 7th person to say this, but you didn't seem to pick up on what has been said above. You really want to look at the internet Junkbuster which allows you to set certain domains as cookie-providers and all others are banned.

It sets itself up as a proxy on your computer, and you have to configure netscape or IE to route through it, but it runs in the background and doesn't slow you down. It also hides the more obvious identification gizmos thrown at servers every time you request a page, and can be configured to prevent certain banners from loading (you get a broken image icon if it's just an image, and a "junkbusters" message if its in a layer).

It's free, it's small, it's simple and it seems to be making lots of people happy, although I don't use it because it disagrees with some of the proprietary software on my work computer.

Re:Cookies were a good idea but..

[espensk]

Have any of you tried to run a browser with cookies turned completely off. There are *many* sites that will not even let you look around.

Pardon me if I'm wrong here, but I suspect that most browsers keep their cookie file in memory once loaded (i.e. they don't care if the cookie is deleted from the cookie file during the browser session).

My point is this: symlink your cookies file to /dev/null. You will be able to use the cookies for you whole browser session, and next time you fire up the browser you will start off with a blank cookies file.

Re:A simple lightweight solution to dblClick

[bolthole]

Rather than fiddling with the hosts file, I use

route add ad.doubleclick.net localhost 1

in a startup script.

It makes netscape instantly come back with a
broken link. This is cause if you then tri
"telnet ad.doubleclick.net", it will instantly
come back with a routing error.

Re:Another obvious patent?

[MyopicProwls]

Yes, yes frames are a problem but most people don't use frames. Frames lasted for about a year before everyone saw how lame they were. Even the

HTML DTDs are different for frameset pages and non-frameset pages. I think the XML/XHTML standards are similar.

No one likes frames. I would just as much like image and cookie filtration built into my browser as frameset filtration.

iCab will return useless cookies and the such

[MyopicProwls]

iCab (for Macs) has all sorts of great image and cookie filtration. First of all, the feature we all want here (accept cookies only for the html page you are currently viewing) is built in, along with some other great options.

My favorite of these is "Accept cookies, but don't return them".

Cookies with images

[BigBadaboom]

If you read their FAQ, they say they are applying for a patent for this simple (and IMO obvious) technique. Geezus!

Forget all this 'originating server' bullshit. The simple way to get around most of this banner/cookie stuff is just for browsers to have a checkbox:

[X] Reject cookies sent with inline objects

Which would mean that all cookies sent with images/sounds etc would be rejected.

That'd do me.

Cookies with images

[BigBadaboom]

I see IDcide think that they've invented this technique and are trying to patent it. Geezus :/

IMO, the most useful thing a browser could have to help with this banner/privacy/cookie issue would be to have an option like the following:

[X} Reject cookies sent with inline objects

That would get rid of cookies sent with banner ads etc but would leave the useful cookies (eg for customisation) alone.

That'd do me.

Anyone know a way

[el_guapo]

to allow cookies to be set only at specific domains (i.e. /.). The hosts idea works, but keeps you from getting to the site at all, right? I have some sites I wanna go to, but I don't want them to set cookies. Netscape's "only to the originating server" is sort of heading there in a meek way. The feature I most want in a browser is to have a "cookies permitted" field, because right now I have to get prompted for every friggin one to get the same functionality....

Re:Why stop there. Compound this with "smart house

[jiml8]

Yet another reason to go "off-the-grid".... that is, decentralizing in yet another way. Some time ago, reading one of those alternative-energy magazines, I read speculations that not only was the time coming when people could live "off-the-grid", but that it'd be quite an industry. I wasn't sure at the time, but when I think about this in the context of going off the grid being a decentralization, I can suddenly see a parallel between that idea and the Personal Computer revolution. And PCs have spawned quite an industry... Just a thought. So, does anyone know anything about getting off the grid? Check out Plug Power www.plugpower.com, Nasdaq:PLUG. Concept company right now, but they have hopes (now if they can just get their product to tolerate inductive loads...) I also have to stick my oar in, in favor of Junkbuster. I use it throughout my home LAN and it seems to work great. I also have been evaluating Naviscope www.naviscope.com which is another ad/cookie blocker. It is far more elegant than Junkbuster, with a nice interface and a lot of neat features. However, I like to be able to block the referrer info (Junkbuster does and Naviscope doesn't) and I also like to be able to spoof sites WRT my OS and browser (again, Junkbuster does and Naviscope doesn't) so I give the nod to Junkbuster, in general. On another, related topic (not cookies, but security) everyone should visit GRC.COM and see if your Shields are Up. If not, visit www.zonelabs.com for their free firewall to help solve the problem. (Windows machines anyway, don't know about Mac or Linux).

Re:/etc/hosts hack

[michajoe]

Yes, but we absolutely must encrypt that list and make absolutely sure the ad-spamming-private-info-collecting companies dont get unencrypted versions of it.

Should they attempt to decrpyt the list of ad servers and other nasties, well just sue them for a couple of billion bucks ...

GIF + Cookies = Gifookies

[roman_mir]

WTF.

I want all browsers to have sidebars with packet tracers/editorin in them.

I want to have control in the browser options not to allow any GIFs to have cookies in their HTTP headers

I want a detailed control of my browser's cookie accept/refuse feature

ATTICA!!!

ATTICA!!!

ATTICA!!!

ATTICA!!!

ATTICA!!!

naviscope is a handy tool

[dkh]

If you do your browsing from a windows box naviscope is very handy. Actually, though I've not tried it I believe you can allow other machines to use it as a proxy as well as the host machine. So it can take the place of junkbusters.

It's free.

It does lots of stuff. Prefetching, add blocking, dns caching, etc etc etc. Its treatment of cookies is very nice. They allow all cookies into the browser but they don't let any out. Unless you specifically allow a given site to retrieve them. Its very effective and you don't have to restart it every time you add/remove sites.

I would rather have all this functionality built into the browsers but until that becomes a viable choice, this is, as I said, a handy tool.

Re:That's not what it says, nor what it does...

[Mortigalli]

or for netscape users try a not completely free one that's been around a bit.
Cookie Pal

Re:From passive resistance to Active Disruption

[aozilla]

Of course, both this and the OPT-OUT cookie provide DoubleClick with even more valuable information. Those who OPT-OUT can be targetted with privacy related ads, etc. Those who actively disrupt can be targetted with various "ads for nerds, stuff that matters".

Re:Don't Opt Out -- Make It Worthless

[tony+clifton]

Moderate this up!!

I was going to suggest writing a script which habitually deletes cookies from doubleclick and others (while keeping my slashdot and yahoo cookies)...

But feeding doubleclick garbage? Cool..

I wonder if this can cause a buffer overflow on their end? :-)

intermute

[sik+puppy]

I've been using this program for over a year and a half and love it (ok the $20 regsitration goes against the open source thing, but im stuck with m$)

it is very easy to use, customizable by site, and will keep logs of filtered info, such as cookies, applets, javascript, referrers etc.

try www.intermute.com or www.addsubtract.com

on a related note - is there some way to black hole doubleclick? not just prevent data from being sent to them, but to mess them up when they try to send anything out?

-

Re:Don't Opt Out -- Make It Worthless

[sik+puppy]

Take this one step further - don't just mess up the database, make certain that this becomes public knowledge - nothing will mess up the company faster than another dump of its stock value - a company that has a database full of bogus data has a product with less value = less profits/more losses = unhappy shareholders = lower stock prices = hitting the sob's in question right in their stock option lined pockets. >:P
-

Re:Give us built-in cookie-management tools!

[Salsaman]

Tasks | Personal Managers | Cookie Manager

almost does that - although admittedly you can't run it in real time.

There is also a tab to bar certain websites from ever storing cookies, which is not working yet.

Rejecting offsite cookies

[Salsaman]

Erm, you mean as in 'Edit|Preferences|Advanced|Only accept cookies from the site being viewed' in Netscape 4 and Mozilla ?

Re: Rejecting offsite cookies

[jamiemccarthy]

No. Read the article I wrote last October. The problem is that you can be viewing a page on Site X with a gif from Site DC. The gif gets its own cookie.

It's good you bring this up. The language:

"Only accept cookies from the site being viewed"

is misleading and wrong. That's why it was changed to "accept only cookies that get sent back to the originating server" in the latest Netscape. More techically accurate. Doesn't solve the problem.

Jamie McCarthy

Re:Rejecting offsite cookies

[jfrisby]

Actually, the specified option does precisely that. The "originating server" is considered as the server that the page came from, not the server that the image came from.

Re:That's not what it says, nor what it does...

[Salsaman]

Whilst there might be loopholes in Netscape, the Mozilla team seem to be very aware of the problems cookies can cause. Take a look at this bug 22994 for example. That goes to show they are paying attention to what people who _use_ their product, not spammers, want.

I am sure they would love to hear of any other suggestions for stopping cookie abuse. We have a chance to make a browser the way we want it to be, so we should take advantage of that.

Cookies ... I like Choclate Chip

[e-matt]

There is great issue about the cookie concept. I hope this app work better than luckman anonymous cookie did. Double click will find a way around this, like intel found a way to for people to access the P3 serial #'s after some coders in the public covered the hole. Sadly the cookies are a nessecary part of the web expeirence. They are ok in my book as long as there not acting as big brother.

Re:A simple lightweight solution to dblClick

[sjritt00]

A quick question. Instead of using 127.0.0.1, if I used 198.70.114.59 (mpaa.org) would all the junk mail load requests be sent to them?

a question...

[kapow]

Shouldn't a group of cooperating companies be able to effectively shield their cooperation from the public's view using some kind of VPN? It won't be long before a few larger companies put some xml to use and coordinate their data in such a way that the consumer will be blind to it.

It is a great thing to put this kind of knowledge in the hands of the average user. It doesn't bother me so much that a company wants to figure out what I like and don't like -- it bothers me that they try to hide their profiling. Bring the information out in the open, and we'll have a more even playing field.

Re:iCab/Mac's Cookies features

[abe1x]

For those who what a bit more detail. the best thing about iCab is the check box in the preferences which allows you to block all cookies that are not being served by the main document. This means your Slashdot, NYT, adn myyahoo cookies are accepted w/o problems but all cookies served with banner ads are rejected. One check box and the whole issue disappears. You can also block individual server's cookies, or even block all cookies except those from select servers. Its got great ad filtering as well. Just about the only ads I see are those served off the same page as the main page. The newest version has full plug in support as well, and preliminary javascript capabilities. Renders faster then either NN or IE and has great download abilities too. Main flaws are incomplete javascript and an inability to handle secure ecommerce transactions. I use it for about 95% of my browsing.

Junkbuster

[sgoldgaber]

Junkbuster can allow/block cookies from an arbitrary list of hosts. It also allows you to send false cookies, which they call wafers, containing whatever information you want.

http://www.junkbuster.com

Opera 4.0

[3247]

What we really need is a list of domains and subnets to which we may silently refuse cookies. Banning cookies on IMG requests isn't enough, as many of these sites use mini-javascript bits or other embedded crap in addition to images.

Just as a side note: Opera 4 Beta has such a domain- or host-based filter. And even more: Besides that, you can explicitly disable "third party cookies".
Hopefully, Mozilla will have something similar...

Good to hear..

[PopeAlien]

Despite the fact that this product doesn't do anything new, I am always glad to see new products competing in the online privacy arena. The fact that there is a percieved market for this product shows a growing interest in privacy, which will hopefully keep the bright light on the biggest offenders (i.e. doubleclick), and keep us from drifting off into 1984..

-

Re:No, not really...

[JDFViaPilot]

You misunderstand HTTP. I need to open an HTTP connection to get an image from doubleclick.net. At that time, any cookies I have for doubleclick.net are sent to them, and new cookies can be set for doubleclick.net because I have an HTTP connection to doubleclick.net. The browser doesn't care where it's chasing the IMG tag from, it just knows that on this HTTP connection, it's talking to doubleclick.net. The fact that foo.com pointed me there is irrelevant. No, I do not. I am well aware of how HTTP is designed. How Netscape works is different however. Enabling the option I mentioned causes Netscape to use the domain that the HTML page came from as the cookie domain for all embedded elements within that page. It will open an HTTP connection to doubleclick.net to get the image, and will reject the cookie because it comes from doubleclick.net's domain and not the domain of the parent page. Try it.

IDcide- information overload?

[wsabstract]

From what I understand, iDcide informs you whenever a site tries to track you, and allows you to take action accordingly. While the idea is good, I think many people who install it will end up removing the program. Let's face it, a LOT of sites use cookies to track their visitors; personally, probably every other site I visit does this. I don't want the paranoiac IDcide bombarding me with information about all of these sites. I already have one called BlackIce (a program that alarms you whenever it thinks your internet connection is being probed or hacked). Two will definitely drive me isane. LOL.

---------------

Re:Funny!

[feanaro]

Here is my windows\hosts.txt file:
I used it until I installed webwasher: http://www.webwasher.com which really blocks out all the ads and cookies from ad servers. Nearly to much for my favor.

You should be able to adapt it to your prefered format

#antispam
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 de1.doubleclick.net
127.0.0.1 doubleclick.net
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.doubleclick.com

#doubleclick overkill...
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net

127.0.0.1 adforce.imgis7.com
127.0.0.1 ads.enliven.com
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 oz.valueclick.com

127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com

Ad and cookie filters

[feanaro]

below are links to local proxys to filter out ads and cookies from ad servers. Just choose one.

http://www.webwasher.com VERY Effective but not configurable
http://members.tripod.com/Proxomitron/ VERY configurable but windows only
http://www.junkbuster.org kinda configurable and GPL
http://www.clasohm.com/leanweb/ LINUX ONLY AND VERY CONFIGURABLE (GPL ofcourse)
http://apps.freshmeat.net/homepage/934180466/ addzapper. haven't tried yet

I am currently using webwasher but want to switch to proxomitron, because webwasher filters even the slashdot ads

Re:Better solution - Junkbuster

Somebody should build a graphical interface for Junkbuster, and I'm sure a lot more people would use it. Editing config files by hand is a job most non-geeks won't ever like -- or even know how -- to do.

Cookies are broken

[KMSelf]

Cookies are broken. They've outlived their usefulness, and are hopelessly open for abuse.

I have two suggestions:

• For single-session state tracking, cookies serve a purpose -- in fact this is largely what they were designed for. To this end, allowing cookies -- for the duration of a single browser session and possibly less -- may be a legitimate use.
• For authentication and account-state tracking, stronger, more user-controlled, and less spoofable means are required. One technology already exists -- public key encryption and challenge-response based authentication.

The first suggestion would allow cookies to be used to track navigation and state through a single session at a site. The functionality is already available in a browser such as Netscape Navigator if you link your cookie file to /dev/null (Linux/Unix) or to a directory (Windows). Cookies are accepted but not permanently stored on your system. The upside is that cookie-dependant features of sites work. The downside is that state such as user ID and passwords have to be re-entered for each browser session.

PKE/CRA would work based on public/private key pairs, as with PGP. A user could generate as many or few of these key pairs, and optionally share them (both public and private) with other users, as desired. On entering a site requiring registration, the user could choose the key (the session identity) to send the site. If a private, secret identity is chosen, the session is personal. If a generally known key (say, cypherpunks) is sent, the session is authenticated, but not private. The remainder of the session is transacted over secure links (SSL), and cookie or other state-tracking could be used to register and/or log activity.

The strength of this scheme is allowing a user to specify both the degree of authentication, and identity authenticated used when browsing sites. If desired, keys could be generated and destroyed on a regular basis, reducing the utility of any tracking of keys. Control over whether to authenticate, who to authenticate to, and who to authenticate as, is left to the user.

Existing browser technology has been driven very strongly by server-side interestes -- user tracking, profiling, and e-commerce vendor desires. The interests of the user have not been represented, and are only partially filled by such patches as IDcide and Junkbuster (I'm another satisfied JB user). We've got the source, and with it the ability to reclaim the power.

What part of "Gestalt" don't you understand?

iCab/Mac's Cookies features

[singularity]

If anyone wants to see an intelligent way of handling cookies, take a look at iCab on the Mac. Very extensive rules and it is not too over-bearing. I can set it up to accept all cookies from slashdot.org, and reject all from doubleclick.com without any problems. You can view, edit, and delete individual cookies.

http://www.icab.de/

What's the big deal? It's not like it's spam.

[evilandi]

I could understand the outcry about cookie tracking if this data was being used to spam me or send me junk mail. But I've been regularly purchasing online since 1996 and it is blatantly obvious that it isn't being used for spam (some of us might even welcome some relevant spam; all I seem to get is kiddie porn ads and adverts for American cable channels- hmm my nearest US cable dealer is 5,000km away- actually, no, scratch that; all spam sucks). But this data isn't being used for spam or junk mail. It is just plain old MARKET RESEARCH. Market research is good. They find out what we like and offer us more of it. They find out what we think sucks and kill it off. This is A Good Thing, provided they don't spam/junkmail me, which they don't. Instead of adverts for irrelevent products, I get adverts for things I might be interested in. Is this evil? FFS no! Heck half the time I count those interesting adverts as NEWS not annoyances! Okay so I'm sensible and I always put in nospam email and postal addresses, unless I'm actually buying something. But it doesn't take a genius to take those kinds of steps, and you certainly don't need to download yet more taskbar lint to tie up the already unstable Win32 platform. Cookie tracking is NOT a threat. So you loose a bit of privacy. So what? You think regular high street shops don't track your visa card number? You wanna go back to a cash based society? Get real.

--

Don't Opt Out -- Make It Worthless

[Black+Art]

As long as these programs return valid data, they will be a danger to themselves and others.

Why not just feed their database with bogus data?

Just write a perl script to change the ID number for doubleclick and all the other ad sites to some random value. Change it early and often. Soon, the data will be worth little to nothing.

Screwing with the data is the only way to be sure!

FYI-- actually, you can set multiple cookies

[jsm]

Not to discount anything else you said, but it is possible to send multiple cookies with a response. According to Netscape's spec, "Multiple Set-Cookie headers can be issued in a single server response."

Now, whether that runs into problems with HTTP header restrictions (section 4.2 of either HTTP spec), that's another question. Multiple Set-Cookie: headers *may* be collapsed into one header with comma-separated cookies, which is a problem if any cookie field has a comma in it (expires, path). But such an event is unlikely, so you're probably safe to send multiple Set-Cookie: headers.

Re:No, not really...

[orabidoo]

That doesn't work for the long term; companies will just learn to make an DNS alias like myads.mysite.com CNAME ads.doubleclick.net. What we need is selective cookie settings, as in "these domains get to set cookies, any others don't, or the other way round), and for embedded content (not only images, but java, html in ilayers, and anything else that a browser will pull automatically when loading a page). Mozilla has something like this for cookies and images, but it doesn't seem to be working yet; at least I couldn't get the user interface for it to work on a daily snapshot a few days ago.

You forgot one!

[TrentC]

After reading the Windows 2001 thread, I realized you missed one...

127.0.0.1 goatse.cx

Jay (=

Junkbusters.com -- more flexible solution

[JamesKPolk]

~> cat .junkbuster/block.ini
www.ctc.123hostme.com
ads.1for1.com
www.adbucks.com
www.adclub.net
ads.admonitor.net
a8.g.akamaitech.net
ads.web.aol.com
[ many hosts and domains snipped, including *.doubleclick.com]
bannervip.webjump.com
ads.ztnet.com
# LA Times and others
*.*/RealMedia
# CNN, C|Net.. etc
*.*/adclick.html
*.*/adclick
*.*/ads
*.*/Ads
*.*/*/banners
*.*/BannerAds
*.*/banner1.gif
*.*/groupbanners.phtml
# the nation
*.thenation.com/images/aj
# slashdot.org
209.207.224.220
# salon.com
208.178.101.41
208.178.101.42
208.178.101.43
208.178.101.44
208.178.101.45
~> cat .junkbuster/cookie.ini
slashdot.org
slashcode.com
www.fcmail.com
>yahoo.com
>baiting.org
# note that putting a > means no new cookies will be accepted, but old ones will be reported back (useful to be able to play yahoo games, but avoid yahoo ad tracking :-)

Re:Doesn't work under Linux :-(

[BeBoxer]

This sometimes happens on Slashdot because Slashdot sometimes sends Doubleclick ads. I think it's just the ones for various IBM services. However, I have to say that I'm a bit bothered by it. As a rule, I have Netscape ask whenever someone sends me a cookie, so it is very visible to me when a site uses them. Usually, Slashdot is an easy site to read, since I almost never get sent a cookie (which forces me to click the "Cancel" button) except when logging in (which I don't mind at all.) In the past month, I've gotten several cookies from Doubleclick when loading Slashdot, though. Like I said, it seems to be ads for IBM when I do get them. I don't think I've gotten one in the last couple of weeks though, so maybe it's been stopped.

Re:Mozilla From the mouth of a developer.

[BeBoxer]

This feature is very nice, and I'm glad to see it implemented. Something else that would be nice would be the ability to set user-defined timeouts on cookies from certain domains. Some web sites pretty much require you to accept the cookies for them to work properly. It would be cool if you could set the expiration time for these sites to some short, reasonable length of time like two or three hours. This would allow you to browse around the site, but when you came back to that site the next day, you would be a new "ID". Result: no long term tracking of who you are. It really bugs me the expiration dates that most sites put on their cookies. Here's an example from news.com:

The server www.news.com
wishes to set a cookie that will be sent
to any server in the domain .news.com
The name and value of the cookie are:
s_cur_1_0=0101sisi09537483561aecd3Jx4+POyJakrM2d xqik1qehn5zVyp56a4Ln5crU5M7Rxq2pm5yWp6eppW 0=

This cookie will persist until Wed Dec 30 17:00:03 2037

Do you wish to allow the cookie to be set?

What the fuck? 2037? There is no rational reason to expect that this cookie would be useful in any way whatsoever in 2037. If more sites (any sites??) used rational expiration dates I might have more respect for cookies. As it is, I only accept them when there is a direct benefit to me personally.

Re:NFS Mount the Cookies

[Dredd13]

Why not just create a cookie file that is NFS mounted, and allow free read/write access to it? Even better would be a plugin for browsers that says "for these domains, use this cookie file (NFS mounted) and for all others (ones you care about), use that cookie file.

Or vice versa depending on your particular cares and concerns. :)

Mozilla lets you say whose cookies you accept

[wtpooh]

The little "Do you want to accept a cookie from x" window in Mozilla has a "Remember this decision" checkbox, which will make it accept or deny all cookies from server x in the future. There is also a very nice cookie management screen which lets you see your saved cookies, delete them, and specify perma-banned hosts.

Re:Why stop there. Compound this with "smart house

[weston]

Yet another reason to go "off-the-grid".... that is, decentralizing in yet another way.

Some time ago, reading one of those alternative-energy magazines, I read speculations that not only was the time coming when people could live "off-the-grid", but that it'd be quite an industry. I wasn't sure at the time, but when I think about this in the context of going off the grid being a decentralization, I can suddenly see a parallel between that idea and the Personal Computer revolution. And PCs have spawned quite an industry...

Just a thought. So, does anyone know anything about getting off the grid?
And keeping an internet connection at the same time? :)

Doesn't work under Linux :-(

[Straker+Skunk]

I did exactly that a while ago, after seeing it suggested here. In the case of Linux, it would of course involve the /etc/hosts file.

For some reason, however, whenever I hit a site with a DoubleClick banner (ad.doubleclick.net is included in the kill list) the browser immediately forwards to a 404 Not Found page, served up by the webserver on my machine. I hit Back, and immediately it returns to the 404.

And this sometimes happens with Slashdot, of all places! Anyone know why? Ideas for a fix? (Junkbuster is out, only 64MB RAM here :-(

Re:Doesn't work under Linux :-(

[hattig]

I find that (e.g., zdnet.co.uk cacks out, but zdnet.com is fine, but both use doubleclick) - I found out why! In the html for the cacky pages, they use the tag to embed a whole html web pages (containing the advert only) inside the current page - to bypass this you have to hit ESC after the page is loaded, but before the computer has given up on the advert and gives a 404. This probably only works on windows though, because it is so slow to respond and I don't run a webserver under it in general! What you really want is an option in browsers to ignore layer tags completely - that would get rid of 50% of adverts immediately!

Actually, Netscape does this...

[jfrisby]

Netscape 4.x has an option which will let you allow cookies only from the domain which they originated from. Images, while they may be grabbed from another domain are considered to be within the "domain" of the whole page.

So if I'm at foo.com, and foo.com/index.html has an IMG tag linking to doubleclick.net, doubleclick.net's cookie will not be sent back to doubleclick.net.

I don't recall if it will just be sent back to foo.com, or if it goes into the bit bucket...

Re:A simple lightweight solution to dblClick

[jennis]

There's a good website that details this very method for several different operating systems. The nice part is that it already has a nice long list of various advertisement domains that you can cut and paste and not have to deal with again.

Web Ad Blocking Under Linux/Unix, BeOS, MacOS, and Windows

No, not really...

[brad.hill]

You misunderstand HTTP.

I need to open an HTTP connection to get an image from doubleclick.net. At that time, any cookies I have for doubleclick.net are sent to them, and new cookies can be set for doubleclick.net because I have an HTTP connection to doubleclick.net. The browser doesn't care where it's chasing the IMG tag from, it just knows that on this HTTP connection, it's talking to doubleclick.net. The fact that foo.com pointed me there is irrelevant.

What we really need is a list of domains and subnets to which we may silently refuse cookies. Banning cookies on IMG requests isn't enough, as many of these sites use mini-javascript bits or other embedded crap in addition to images.

Re:Not in M14

[mikemulvaney]

I downloaded that power tools thing you are talking about. It looks like it will make it pretty easy to add sites to the restricted/trusted list, but it still won't add the sites that the ad GIF's are being loaded from.

Also, if you manually edit the site list, you can enter a domain name and it will include all the sites in that domain. For example, if you want to block www1.company.com and www2.company.com, you can just enter *.company.com and it will block everything in that domain.

Unfortunately, it only works for domains with one period. You can't block *.ads.company.com.

Mike

Not in M14

[mikemulvaney]

That doesn't work in M14. There is an "Only accept cookies from originating server" box, but as discussed numerous times on this thread, ads.doubleclick.com is the originating server for the image file.

I tested this as follows(in M14 on win95):

1. I opened up the cookie manager in M14 and deleted all my cookies.
2. I clicked the box that says "only accept cookies from the originating server".
3. I went to www.washingtonpost.com.
4. I opened up the cookie manager again, and there was a fresh new cookie baked up by doubleclick.net

I hope that Mozilla offers some new solutions to the cookie problem. Currently, I use IE 5 on windows, specifically because it has better support for denying cookies. I use the "Security Zones" to deny most sites from offering me any cookies. I have the sites set up as follows:

• Internet This is the default. No persistent cookies, allow temporary cookies.
• Trusted sites This is where I stick sites that I want to allow cookies from, such as slashdot.org. I reset the "trusted" settings so they are more like the standard ones. I allow any cookies from these sites.
• Restricted This is where doubleclick et al go. I don't allow anything from these sites; no cookies, no javascript, no java, nothing.

I know that this is not a perfect system, but for me it has worked better than using /etc/hosts.

On Linux I have to use netscape, so I have some cron jobs that clean out my cookies.txt file. This is far from safe, but at least they can't track me for days.

mike

Re:Better solution - Junkbuster

[iCEBaLM]

Junkbuster is pretty cool, however for some reason it likes to hose the TCP stack on my NAT Linux box causing a reboot to be had, but it plays nice on my desktop Linux box :P

Wanted to use it for proxying the whole LAN, but I guess one machine is better then none :P

-- iCEBaLM

Re:Also see CookiePal for win machines

[wherley]

As a happy user of CookiePal I recommend it as a cookie filter for windows users. Pops up a window when first seeing a cookie from a new site - you select to allow, deny, forever deny, or forever allow. Also lets you edit your view/delete your existing cookies.
You make the settings once, it applies them regardless of the browser you are using.
Here's a review of version 1.0 (version 1.5 current). Its not free, but its cheap. $15 USD.

Not in fact

[Robert+Link]

With the option you describe set I copied my cookie file to a backup, and then I bounced around msnbc.com until I had seen a few ads. Here's the diff file:
% diff cookies cookies.old

5d4

< www.msnbc.com FALSE /news FALSE 1262347200 LastPopUpDate 953750708849

8a8,9

< .msnbc.com TRUE / FALSE 1893455999 MC1 GUID=8A1A06F7A9C54784B38990B4DC73444D

< .msn.com TRUE / FALSE 1065294000 MC1
V=2&GUID=8A1A06F7A9C54784B38990B4DC73444D

< .msnbc.com TRUE / FALSE 1893455999 P1 0

Note the second to last cookie from msn.com, which is not in the msnbc.com domain. I have also noticed this phenomenon with doubleckick cookies (before I started blocking them). Maybe netscape intended the "only from originating domain" to work as you describe, but clearly it only checks to see if the cookie is being set for the domain to which the HTTP request is being sent, which is useless for blocking cookies attatched to images.

-rpl

Re:Funny!

[hattig]

That post did not exist when I wrote my post - there was only 1 post when I started, and I thought mine was relevant, and it included more information than the aforementioned post anyway. And my post has generated more conversation so it must be worth something :-)

Funny!

[hattig]

This is funny. I have killed of doubleclcik etc in Windows by aliasing ads.doubleclick.net etc to 127.0.0.1 in a hosts file. I have just submitted a comment and windows in its dumbness tried to get a doubleclick advert (inside the evil layer tag no less) and failed, and brought up the IE failed to load page message (even though the rest of the page had loaded fine - Netscape doesn't suffer from this).

Here is my hosts file:

127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.uk.doubleclick.com
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com

Helps sometimes, but not all the time, and I have to hit ESC when loading The Register... :-(

*mmmm cookies

[mojombo]

Cookie managment would be a great plus for any next gen browser. Having filtering built *into* the browser is great for non-savy users who know enough to want to protect their privacy but don't know how to set up abox w/ junkbuster. The only browser that I've seen that does this well is iCAB for the mac (others?). By well I mean:
1. It allows deny, accept, or allow for session on all cookies
2. you can set it to deny cookies from certain domains, or _only accept_ cookies from certain domains (slashdot anyone ;) ). Net effect, site by site cookie managment for those who want it. It also lets you read the value of the cookie in the browser.

As an added bonus, iCab also allows you to filter images.
Cookie and image filtering are at the top of my pretty please list for mozilla. Any browser that supports these is the one I'll use. Is it easier for my mother to set up junkbuster , or set it up in her already existing browser program?

Re:*mmmm cookies

[shakah]

FYI, lynx also provides an "Yes/No/Always/Never/Ask" kind of option for handling cookies on a domain-by-domain level.

Re:That's not what it says, nor what it does...

[EyesOfNostradamus]

> The option they NEED, and the one I described, is simple: Only accept cookies originating from the same server as the page being viewed.

Well, guess what, that was the intent of that option. Only trouble: it only worked with image tags. However, there are other ways than img tags that can be used to include ads in pages. One way, which has become very popular lately is to use <script src="http://ad.doubleclick.net/..."> tags. These have unfortunately been forgotten by netscape, and can still be used for those pesky offsite cookies. Hopefully, a fix will be included in one of the next versions.

Another obvious patent?

[Bob+Ince]

but why isn't offsite cookie rejection built into all browsers?

Microsoft is blackmailing DoubleClick. :-)

There's a thread on the www-talk list about this at the moment. Though it's easy to remove cookies from <img>-derived HTTP requests, other features such as frames are not as easy. For example, a banner ad frame at the top of the page is likely, and could easily be passed URI information from the frameset. Disallowing cookies on subframes, however, would break sites running under the likes of AskJeeves, where the 'real' site is viewed as part of a frameset.

I don't know if IDcide prevents cookies being passed to sites in subframes, or just images. Probably the latter since it's the most common case at the moment. But frame, layer, object, embed and applet have the same problems.

Given that we were discussing embedded-object-cookie-rejection on www-talk as an obvious way to circumvent cookie abuse, it's somewhat worrying that IDcide Inc. might have a patent on it:

IDcide's patent-pending technology allows cookies to be blocked according to the site you're visiting, not according to where the cookies came from!

(From the FAQ.)

but why isn't offsite cookie rejection built into all browsers?

Alternative answer: because IDcide have patented it?

I can't see anything on www.patents.ibm.com yet, so it's unclear whether IDcide have indeed applied for a patent on cookie rejection, or whether it's some technical implementation detail.

--
This comment was brought to you by And Clover.

Junkbuster? Kinda useless...

[Wolfier]

I'm personally using Junkbuster on my side and while Netscape crashes less frequently with it (a nice by-product) and I see less banner (there's a modification that replaces banners with 1x1 gif), there is no way that it can do something really important: Javascript filtering

e.g. those pops up a window when you leave a site, those obfuscate the status bar with junk messages, those who does not allow right-clicking to reveal source, etc.

There is Proxomitron on Windows. How about us? Is there anything as powerful as that? I've heard that Webfilter (formerly known as NoShit) does it but people says it takes an aweful amount of CPU. Anyone with the experience?

Don't want to admit, but Junkbuster is child's play compared to Proxomitron. Only if they release the source....

Hurrah!

[P_Simm]

I wish I had the time to simply say I'll do it ... but I already have another Open Source project I haven't put enough time into. :)

I promise you this - if no one else codes this by the time Mozilla is beyond beta, I WILL get this done.

Hurrah! Three cheers for Mozilla!

[P_Simm]

Like I said above (in responses to my own post), WHOOHOO! If no one else whips together the dynamic cookie sidebar, I'll do it (just not very soon, so maybe someone else should.) :)

Great idea, IF ...

[P_Simm]

... enough people actually picked up on it. A realistic take on the web browsing public would guess that very few people taking enough interest to use this. Sure, most /. readers probably would love it, but looking at the info they bring in overall, the signal to noise ratio would still be pretty high overall.

All this would guarantee is that the advertiser's profiles on you would be senseless, and would probably result in you getting your Aunt Susie's mass emails about crocheting and little puppy sweaters. Eeeeww. *grin*

Here's how I solved the cookie problem

[nels_tomlinson]

chmod 400 .netscape/cookies

It works under AIX, anyway... after doing that, I went to www.userfriendly.org and clicked on the doubleclick banner ad. After I came back here, I double-checked: no doubleclick cookies (I edited my cookies file to get rid of all the doubleclick cookies first!).

If I want to accept a cookie, I'll have to undo that temporarily, I suppose.

Nels

Re:Better solution - Junkbuster

[waldeaux]

Not only is JunkBuster free, it runs on (gasp) other browsers than just IE, and (BIG HUGE GASP) more platforms than just Windows!

That e-mail address again is support@idcide.com so you can remind them that they need to do better about cross-platform and cross-browser support.

A better way--offisite cookies have some legit use

[imagineer_bob]

Offsite cookies do have a legit use. You'll see sites that are from the same company but under different domains (this happens often after an aquisition, like geocities and yahoo) use them so you can log in once for all the related sites. You may want to block the REF-BY field. This field is rarely used to provide any benefit to the user, but is used to track a user's path through the site. Of course, DoubleClick encodes site information in the URL of the image, too, so they'll know which site you're on separate from REF-BY info. I browse the web through a proxy that blocks ref-by always. Why should people know what terms I searched on, for example, when I find their page?

--- Speaking only for myself,

Re:A simple lightweight solution to dblClick

[Chris+Hiner]

I use a similar hosts file, and I setup apache using a rewrite rule to send back a 1x1 transparent gif file for any requests. I have it send a tiny html file for any requests for asp/htm/html files to avoid problems with frames and such.

It'd be possible to have it not rewrite if it was pointing to one of your real pages.

I just havn't gotten around to setting up junkbuster, because this works so well. (And most of the time from home I browse with images off, which helps alot)

/etc/hosts hack

[crow]

I've done that, and I've taken it one step further. I installed a web server, and set it to respond with a 1x1 transparent gif to all requests. So most pages with ads show up with a blank space.

Of course, I did this on Linux, but it should work the same under Windows. I just set my 404 error document to be the transparent gif.

I suppose I should set the error document to be a redirect to http://localhost/null.gif, which would keep my web cache from getting so cluttered.

Now we just need a good comprehensive list of advertising sites that we can all use.

Re:A simple lightweight solution to dblClick

[Tackhead]

TomV wrote:
> 127.0.0.1 [adserver] # fsck 'em all

Better yet, try:

The Ultimate HOSTS file

I dunno about the IP address the original USENET poster put in there. I replaced it with 127.0.0.1 and run a "web server" on my own box that responds only to requests from localhost and returns a 1x1 transparent .GIF instead.

One addendum: I was surprised to see an ad one day, and also had to add ad-adex[0-9].flycast.com instead of just ad-adex3.flycast.com to the list.

Seriously, when was the last time you ever wanted to see "content" from any of these sites? Blackhole 'em all.

Re:A simple lightweight solution to dblClick

[gothic]

That is not the perfect solution though. Don't forget to include you cannot be running httpd on port 80 if you do that. I use to have those in my hosts file, and I also run a web server, and there were many pages that wouldn't properly load because of it. What would happen is that the page would start loading, and (This didn't happen on all sites) then it would go full screen into my webserver stating that I didn't have permission to access so and so resource or that the file didn't exist (I setup very restrictive permissions since it is private).

On the other hand, if someone has a solution to this, I would be highly interested in hearing it.

Cookies were a good idea but..

[|deity|]

in retrospect I think that if other ways of storing information had been used we would be better off. Have any of you tried to run a browser with cookies turned completely off. Their are *many* sites that will not even let you look around. I could live with haveing to log in to slashdot everyday and maybe haveing to log in to a couple of other sites that I have an account on, what I can't stand is the idea that people and corporations are able to some extent track what I do or where go while on the internet.

Privacy should be by default not something that you have to beg for or opt out of programs to get. "Opt out", people should have to Opt in. Ad companies say that consumers want targeted adds. I don't, if I want to buy something I don't mind searching a little or doing some research. If your a company that uses banner advertising I choose not to buy from you more then I might otherwise.

When I want to buy a product I want to buy it for the right reasons. It should be the best quality and value around. I don't want to buy something because company foo has better phsychologists then company bar. If you don't think advertising works your wrong. Companies that will downsize to save a few bucks will continue with costly advertizing campaigns because they know that they work.

There are things in life and yes even things on the internet that are worse then cookies. Losing my privacy is one of the things that I hate the most about this new "information age" we live in. I have emails that I don't want, phone calls that I don't want, mail that I don't want, and tv commercials that I don't want. All of them trying to sell me services or things that I really don't want.

What is a domain?

[Anomalous+Canard]

but why isn't offsite cookie rejection built into all browsers?

Once you get out of .com, .net and .org and into national domains, how do you define what is offsite?

This issue came up on bugtraq when someone found an "evil" cookie on their machine that was sent to all sites in *.com.au. (or *.co.au -- whatever). Two top level domains is insufficient to distinguish different sites in .au and .uk, but it is sufficient in, say, .ca. Even three is insufficient in *.us. *.nyc.ny.us are machines run by lots of different people. Should browsers contain policy for every TLD?

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

What's going on with IDcide?

I noticed that after I installed IDcide, all of the new cookies I receive are for the ".qbots.com" domain.

For example, I previously had a cookie for "moviefone.com" which contained my zip code. Now I have one for "moviefone.com.role1.jar.qbots.com" which seems to have some additional information it it.

qbots.com is owned by IDcide (just go to www.qbots.com).

Maybe I'm just being paranoid...

Mozilla From the mouth of a developer.

[jelwell]

Mozilla has a lot of really nice features as far as cookies are concerned. First of all YES Mozilla has a checkbox to only "Accept cookies that get sent back to the originating server only". (Get this: There is an image checkbox that does the same thing! Which blocks images (read ads) from servers that aren't the originating server)

Not only does it slice and dice, Mozilla allows you to view your stored cookies - and delete them wholesale or individually.

You can also ad whole domains that you would like to block images from. And, although the interface isn't quite complete, you can ad domains that you will <b>always</B> block cookies from too. One post I saw wanted the ability to view cookies and delete them real time in the sidebar. It would be trivially easy to skin a new Mozilla that has the Cookie Manager window in the sidebar so that you could actively watch cookies and delete them in real time.

Joseph Elwell.

<A HREF="http://www.mozilla.org">Make it better.</A>

Has anyone looked at the latest Opera Win32 beta?

[pen]

Opera 4.0 for Win32 has such features already. You can reject all cookies, ask it to prompt you, or reject all. You can also set it to reject all cookies from a specified server. Not only that, but you can set it to reject all "foreign" cookies - ones that are included with things other than the page, such as images.

It also notifies you of invalid cookies being set and why they're invalid. I tried using Hotmail and Opera reported 4 or 5 invalid cookies.

And if that's not enough, you can always turn to the Internet Junkbuster for the ultimate filtering solution.

--

That's not what it says, nor what it does...

[Otto]

Hmm. Well. Nope, it doesn't.

Okay. I didn't know what to believe, so I tried a little test. I don't normally use netscape anyway, but I do have it installed.

I killed the cookie text file. Just deleted it. Start up Netscape (blank home page), so no cookies yet. Change the setting in the preferences. This is Communicator 4.6 for Windows, BTW. Go to a page I know had a doubleclick banner: http://www.userfriendly.org/static/
Look again, voila, a cookie file. Open it up: There's the doubleclick cookie all right.

They may have changed the behavior in later versions, I dunno. But the behavior I see is exactly what the option says. Allow cookies that get sent back only to originating server. The cookie originated at doubleclick.net, NOT at userfriendly.org.

A cookie is not set in HTML, it's set in the HTTP headers. You get those headers with every single web request, be it GIF or HTML.

The option they NEED, and the one I described, is simple: Only accept cookies originating from the same server as the page being viewed. Or perhaps, disallow cookies with non-HTML files. I can't think of any good reason, other than ads, to send a cookie with a graphic image.

---

Free protection against *all* bad cookies

[ottffssent]

First, edit your cookies file and take out all the cookies you don't want.

Second, copy the cookies file somewhere else.

Third, write a script, batch file, etc. to copy the copied cookies.txt into your browser's directory before you run your browser.

Fourth, if you find a site thta gives you a cookie you want, copy that line to the cookies.txt file that gets copied over.


That way, while you *do* get cookies, and they *do* get set and sent back to whatever site, every time you open up your browser, you effectively become a new person since there's no cookie to track you between sessions anymore.

My method (for IE)

[kaphka]

I post this every time there's a cookie article, and it's probably redundant, but it might help some people...

I set my "Internet Zone" security settings to prompt before accepting cookies. Whenever somebody tries to send me a cookie, the cookie dialog comes up. If it's coming from the site that I'm actually visiting, I accept it (and I never have to see it again.) If it's coming from doubleclick.net or the like, I refuse it, and then I add that domain to the "Restricted Zone". From then on, IE automatically refuses cookies from that domain (and also disables Javascript, ActiveX, etc.)

My only complaint is that adding the domain to my "restricted" list is a separate step; it would be nice if I could just click "No, and block all future cookies," and be done with it. But if you're using IE anyway, and you don't want to mess with third party programs, this method works pretty well.

Give us built-in cookie-management tools!

[P_Simm]

Something I'd LOVE to see in Mozilla (and I'd even consider using IE if they were the first to do this) :

Have a small text sidebar or window that displays changes to cookies AS THEY HAPPEN, and allow us to delete these cookies from this interface. This could be a small, simple text window built in to, say, the button bar. A small floating independant text box would work well too. The key here is, it's small and out of the way so that we can have it on WHILE we browse, and it gives us dynamic information on our cookies which we can intelligently control.

Of course this would NOT be on by default, since the average user would just mess up their web-based email cookies and complain. But give us advanced users something to work with here.

A simple lightweight solution to dblClick

[TomV]

From HOSTS...

127.0.0.1 ad.doubleclick.net #spamfilter
127.0.0.1 m.doubleclick.net #spamfilter
127.0.0.1 ad.webprovider.com #spamfilter
127.0.0.1 image.linkexchange.com #spamfilter
127.0.0.1 jeeves.flycast.com #spamfilter
127.0.0.1 www.flycast.com #spamfilter
127.0.0.1 www.burstmedia.com #spamfilter
127.0.0.1 www.247media.com #spamfilter
127.0.0.1 www.ad-venture.com #spamfilter
127.0.0.1 www.adauction.com #spamfilter
127.0.0.1 www.adsdaq.com #spamfilter
127.0.0.1 a32.g.a.yimg.com #spamfilter YahooAds
127.0.0.1 www.pagecount.com #spamfilter
127.0.0.1 www1.pagecount.com #spamfilter
127.0.0.1 www2.pagecount.com #spamfilter
127.0.0.1 www3.pagecount.com #spamfilter
127.0.0.1 www4.pagecount.com #spamfilter
127.0.0.1 ad.linkexchange.com.com #spamfilter
127.0.0.1 www.smartclicks.com #spamfilter
127.0.0.1 mojofarm.mediaplex.com #spamfilter
127.0.0.1 www.etour.com #spamfilter ads in GetRight

____________
TomV

Why stop there. Compound this with "smart houses"

[Colvin+Burgess]

In Australia there are pilot projects where utility companies (Electricty, water, gas) have the capacity to backchannel data via their metering devices. This back channel could also be used for TV ratings, satellite downlinks (for Internet Access), security system monitoring and much more. Add FlyBuys to this. So, not only would your favourite TV shows, Internet sites would be known, the times you are home, when you are most likely to be sitting on the toilet, etc. can also be inferred by compiling the information fed back thorugh such a back channel. It will not be long before many databases are amalgamated - FlyBuys, Debt Collection, TV Ratings, Personal Information ,etc. Think of the possibilities then.

Better solution - Junkbuster

[Booker]

I've been using Junkbuster for quite a while now. It's awesome, and it's free.

---

From passive resistance to Active Disruption

[bifurcator]

Why not go one step further? If companies like DoubleClick want to collect information on you through cookies, let them.

One thing I imagine you could is actively contaminate the personal information that they are managing to collect on you. How would you do that? You could set up a shared cookie repository somewhere on the web. Everytime a banner network plants a cookie on your machine, you could submit it to the repository. Everytime you are about to send a cookie back to the same banner network, you would get grab someone else's cookie from the repository and send it to the unsuspecting banner ad server.

To reiterate, if you were to send your Aunt Susie's cookie to DoubleClick everytime their banner ad displays on your page, you would contaminate Aunt Susie's personal profile in the DoubleClick database.

If a lot of people were to cooperate in this way, they could render their personal profiles totally useless to advertisers, because the signal to noise ratio would be very low.