Slashdot Mirror
DoubleClick Workaround: IDcide
No cookies with offsite GIFs: that's the privacy solution implemented by
IDcide
(take a moment to register the pun, OK, there ya go). Here's
technical background on offsite cookies;
here's the
CNNstory;
here's the software
FAQ
(it's only available for Windows/MSIE). If you're not sure why offsite cookies matter,
you must read this.
And, not to rain on IDcide's revenue model -- their product does other stuff too -- but why isn't offsite cookie rejection built into all browsers? Anyone from Mozilla want to talk about this?
Somebody should build a graphical interface for Junkbuster, and I'm sure a lot more people would use it. Editing config files by hand is a job most non-geeks won't ever like -- or even know how -- to do.
Cookies are broken. They've outlived their usefulness, and are hopelessly open for abuse.
I have two suggestions:
The first suggestion would allow cookies to be used to track navigation and state through a single session at a site. The functionality is already available in a browser such as Netscape Navigator if you link your cookie file to /dev/null (Linux/Unix) or to a directory (Windows). Cookies are accepted but not permanently stored on your system. The upside is that cookie-dependant features of sites work. The downside is that state such as user ID and passwords have to be re-entered for each browser session.
PKE/CRA would work based on public/private key pairs, as with PGP. A user could generate as many or few of these key pairs, and optionally share them (both public and private) with other users, as desired. On entering a site requiring registration, the user could choose the key (the session identity) to send the site. If a private, secret identity is chosen, the session is personal. If a generally known key (say, cypherpunks) is sent, the session is authenticated, but not private. The remainder of the session is transacted over secure links (SSL), and cookie or other state-tracking could be used to register and/or log activity.
The strength of this scheme is allowing a user to specify both the degree of authentication, and identity authenticated used when browsing sites. If desired, keys could be generated and destroyed on a regular basis, reducing the utility of any tracking of keys. Control over whether to authenticate, who to authenticate to, and who to authenticate as, is left to the user.
Existing browser technology has been driven very strongly by server-side interestes -- user tracking, profiling, and e-commerce vendor desires. The interests of the user have not been represented, and are only partially filled by such patches as IDcide and Junkbuster (I'm another satisfied JB user). We've got the source, and with it the ability to reclaim the power.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
If anyone wants to see an intelligent way of handling cookies, take a look at iCab on the Mac. Very extensive rules and it is not too over-bearing. I can set it up to accept all cookies from slashdot.org, and reject all from doubleclick.com without any problems. You can view, edit, and delete individual cookies.
http://www.icab.de/
- (c) 2018 Hank Zimmerman
--
Andrew Oakley - www.aoakley.com
As long as these programs return valid data, they will be a danger to themselves and others.
Why not just feed their database with bogus data?
Just write a perl script to change the ID number for doubleclick and all the other ad sites to some random value. Change it early and often. Soon, the data will be worth little to nothing.
Screwing with the data is the only way to be sure!
"Trademarks are the heraldry of the new feudalism."
It's good you bring this up. The language:
is misleading and wrong. That's why it was changed to "accept only cookies that get sent back to the originating server" in the latest Netscape. More techically accurate. Doesn't solve the problem.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
Now, whether that runs into problems with HTTP header restrictions (section 4.2 of either HTTP spec), that's another question. Multiple Set-Cookie: headers *may* be collapsed into one header with comma-separated cookies, which is a problem if any cookie field has a comma in it (expires, path). But such an event is unlikely, so you're probably safe to send multiple Set-Cookie: headers.
That doesn't work for the long term; companies will just learn to make an DNS alias like myads.mysite.com CNAME ads.doubleclick.net. What we need is selective cookie settings, as in "these domains get to set cookies, any others don't, or the other way round), and for embedded content (not only images, but java, html in ilayers, and anything else that a browser will pull automatically when loading a page). Mozilla has something like this for cookies and images, but it doesn't seem to be working yet; at least I couldn't get the user interface for it to work on a daily snapshot a few days ago.
After reading the Windows 2001 thread, I realized you missed one...
127.0.0.1 goatse.cx
Jay (=
~> cat .junkbuster/block.ini .junkbuster/cookie.ini :-)
www.ctc.123hostme.com
ads.1for1.com
www.adbucks.com
www.adclub.net
ads.admonitor.net
a8.g.akamaitech.net
ads.web.aol.com
[ many hosts and domains snipped, including *.doubleclick.com]
bannervip.webjump.com
ads.ztnet.com
# LA Times and others
*.*/RealMedia
# CNN, C|Net.. etc
*.*/adclick.html
*.*/adclick
*.*/ads
*.*/Ads
*.*/*/banners
*.*/BannerAds
*.*/banner1.gif
*.*/groupbanners.phtml
# the nation
*.thenation.com/images/aj
# slashdot.org
209.207.224.220
# salon.com
208.178.101.41
208.178.101.42
208.178.101.43
208.178.101.44
208.178.101.45
~> cat
slashdot.org
slashcode.com
www.fcmail.com
>yahoo.com
>baiting.org
# note that putting a > means no new cookies will be accepted, but old ones will be reported back (useful to be able to play yahoo games, but avoid yahoo ad tracking
This sometimes happens on Slashdot because Slashdot sometimes sends Doubleclick ads. I think it's just the ones for various IBM services. However, I have to say that I'm a bit bothered by it. As a rule, I have Netscape ask whenever someone sends me a cookie, so it is very visible to me when a site uses them. Usually, Slashdot is an easy site to read, since I almost never get sent a cookie (which forces me to click the "Cancel" button) except when logging in (which I don't mind at all.) In the past month, I've gotten several cookies from Doubleclick when loading Slashdot, though. Like I said, it seems to be ads for IBM when I do get them. I don't think I've gotten one in the last couple of weeks though, so maybe it's been stopped.
This feature is very nice, and I'm glad to see it implemented. Something else that would be nice would be the ability to set user-defined timeouts on cookies from certain domains. Some web sites pretty much require you to accept the cookies for them to work properly. It would be cool if you could set the expiration time for these sites to some short, reasonable length of time like two or three hours. This would allow you to browse around the site, but when you came back to that site the next day, you would be a new "ID". Result: no long term tracking of who you are. It really bugs me the expiration dates that most sites put on their cookies. Here's an example from news.com:
.news.com d xqik1qehn5zVyp56a4Ln5crU5M7Rxq2pm5yWp6eppW 0=
The server www.news.com
wishes to set a cookie that will be sent
to any server in the domain
The name and value of the cookie are:
s_cur_1_0=0101sisi09537483561aecd3Jx4+POyJakrM2
This cookie will persist until Wed Dec 30 17:00:03 2037
Do you wish to allow the cookie to be set?
What the fuck? 2037? There is no rational reason to expect that this cookie would be useful in any way whatsoever in 2037. If more sites (any sites??) used rational expiration dates I might have more respect for cookies. As it is, I only accept them when there is a direct benefit to me personally.
Or vice versa depending on your particular cares and concerns. :)
The little "Do you want to accept a cookie from x" window in Mozilla has a "Remember this decision" checkbox, which will make it accept or deny all cookies from server x in the future. There is also a very nice cookie management screen which lets you see your saved cookies, delete them, and specify perma-banned hosts.
Yet another reason to go "off-the-grid".... that is, decentralizing in yet another way.
:)
Some time ago, reading one of those alternative-energy magazines, I read speculations that not only was the time coming when people could live "off-the-grid", but that it'd be quite an industry. I wasn't sure at the time, but when I think about this in the context of going off the grid being a decentralization, I can suddenly see a parallel between that idea and the Personal Computer revolution. And PCs have spawned quite an industry...
Just a thought. So, does anyone know anything about getting off the grid?
And keeping an internet connection at the same time?
Tweet, tweet.
I did exactly that a while ago, after seeing it suggested here. In the case of Linux, it would of course involve the /etc/hosts file.
:-(
For some reason, however, whenever I hit a site with a DoubleClick banner (ad.doubleclick.net is included in the kill list) the browser immediately forwards to a 404 Not Found page, served up by the webserver on my machine. I hit Back, and immediately it returns to the 404.
And this sometimes happens with Slashdot, of all places! Anyone know why? Ideas for a fix? (Junkbuster is out, only 64MB RAM here
iSKUNK!
Netscape 4.x has an option which will let you allow cookies only from the domain which they originated from. Images, while they may be grabbed from another domain are considered to be within the "domain" of the whole page.
So if I'm at foo.com, and foo.com/index.html has an IMG tag linking to doubleclick.net, doubleclick.net's cookie will not be sent back to doubleclick.net.
I don't recall if it will just be sent back to foo.com, or if it goes into the bit bucket...
MrJoy.com -- Because coding is FUN!
Actually, the specified option does precisely that. The "originating server" is considered as the server that the page came from, not the server that the image came from.
MrJoy.com -- Because coding is FUN!
There's a good website that details this very method for several different operating systems. The nice part is that it already has a nice long list of various advertisement domains that you can cut and paste and not have to deal with again.
Web Ad Blocking Under Linux/Unix, BeOS, MacOS, and Windows
I need to open an HTTP connection to get an image from doubleclick.net. At that time, any cookies I have for doubleclick.net are sent to them, and new cookies can be set for doubleclick.net because I have an HTTP connection to doubleclick.net. The browser doesn't care where it's chasing the IMG tag from, it just knows that on this HTTP connection, it's talking to doubleclick.net. The fact that foo.com pointed me there is irrelevant.
What we really need is a list of domains and subnets to which we may silently refuse cookies. Banning cookies on IMG requests isn't enough, as many of these sites use mini-javascript bits or other embedded crap in addition to images.
Also, if you manually edit the site list, you can enter a domain name and it will include all the sites in that domain. For example, if you want to block www1.company.com and www2.company.com, you can just enter *.company.com and it will block everything in that domain.
Unfortunately, it only works for domains with one period. You can't block *.ads.company.com.
Mike
I tested this as follows(in M14 on win95):
- I opened up the cookie manager in M14 and deleted all my cookies.
- I clicked the box that says "only accept cookies from the originating server".
- I went to www.washingtonpost.com.
- I opened up the cookie manager again, and there was a fresh new cookie baked up by doubleclick.net
I hope that Mozilla offers some new solutions to the cookie problem. Currently, I use IE 5 on windows, specifically because it has better support for denying cookies. I use the "Security Zones" to deny most sites from offering me any cookies. I have the sites set up as follows:- Internet This is the default. No persistent cookies, allow temporary cookies.
- Trusted sites This is where I stick sites that I want to allow cookies from, such as slashdot.org. I reset the "trusted" settings so they are more like the standard ones. I allow any cookies from these sites.
- Restricted This is where doubleclick et al go. I don't allow anything from these sites; no cookies, no javascript, no java, nothing.
I know that this is not a perfect system, but for me it has worked better than usingOn Linux I have to use netscape, so I have some cron jobs that clean out my cookies.txt file. This is far from safe, but at least they can't track me for days.
mike
Junkbuster is pretty cool, however for some reason it likes to hose the TCP stack on my NAT Linux box causing a reboot to be had, but it plays nice on my desktop Linux box :P
:P
Wanted to use it for proxying the whole LAN, but I guess one machine is better then none
-- iCEBaLM
As a happy user of CookiePal I recommend it as a cookie filter for windows users. Pops up a window when first seeing a cookie from a new site - you select to allow, deny, forever deny, or forever allow. Also lets you edit your view/delete your existing cookies.
You make the settings once, it applies them regardless of the browser you are using.
Here's a review of version 1.0 (version 1.5 current). Its not free, but its cheap. $15 USD.
% diff cookies cookies.old
5d4
< www.msnbc.com FALSE
8a8,9
<
<
V=2&GUID=8A1A06F7A9C54784B38990B4DC73444D
<
Note the second to last cookie from msn.com, which is not in the msnbc.com domain. I have also noticed this phenomenon with doubleckick cookies (before I started blocking them). Maybe netscape intended the "only from originating domain" to work as you describe, but clearly it only checks to see if the cookie is being set for the domain to which the HTTP request is being sent, which is useless for blocking cookies attatched to images.
-rpl
That post did not exist when I wrote my post - there was only 1 post when I started, and I thought mine was relevant, and it included more information than the aforementioned post anyway. And my post has generated more conversation so it must be worth something :-)
Here is my hosts file:
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.uk.doubleclick.com
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 *.doubleclick.net
127.0.0.1 *.doubleclick.com
Helps sometimes, but not all the time, and I have to hit ESC when loading The Register... :-(
Cookie managment would be a great plus for any next gen browser. Having filtering built *into* the browser is great for non-savy users who know enough to want to protect their privacy but don't know how to set up abox w/ junkbuster. The only browser that I've seen that does this well is iCAB for the mac (others?). By well I mean: ;) ). Net effect, site by site cookie managment for those who want it. It also lets you read the value of the cookie in the browser.
1. It allows deny, accept, or allow for session on all cookies
2. you can set it to deny cookies from certain domains, or _only accept_ cookies from certain domains (slashdot anyone
As an added bonus, iCab also allows you to filter images.
Cookie and image filtering are at the top of my pretty please list for mozilla. Any browser that supports these is the one I'll use. Is it easier for my mother to set up junkbuster , or set it up in her already existing browser program?
Well, guess what, that was the intent of that option. Only trouble: it only worked with image tags. However, there are other ways than img tags that can be used to include ads in pages. One way, which has become very popular lately is to use <script src="http://ad.doubleclick.net/..."> tags. These have unfortunately been forgotten by netscape, and can still be used for those pesky offsite cookies. Hopefully, a fix will be included in one of the next versions.
Microsoft is blackmailing DoubleClick. :-)
There's a thread on the www-talk list about this at the moment. Though it's easy to remove cookies from <img>-derived HTTP requests, other features such as frames are not as easy. For example, a banner ad frame at the top of the page is likely, and could easily be passed URI information from the frameset. Disallowing cookies on subframes, however, would break sites running under the likes of AskJeeves, where the 'real' site is viewed as part of a frameset.
I don't know if IDcide prevents cookies being passed to sites in subframes, or just images. Probably the latter since it's the most common case at the moment. But frame, layer, object, embed and applet have the same problems.
Given that we were discussing embedded-object-cookie-rejection on www-talk as an obvious way to circumvent cookie abuse, it's somewhat worrying that IDcide Inc. might have a patent on it:
(From the FAQ.)
Alternative answer: because IDcide have patented it?
I can't see anything on www.patents.ibm.com yet, so it's unclear whether IDcide have indeed applied for a patent on cookie rejection, or whether it's some technical implementation detail.
--
This comment was brought to you by And Clover.
I'm personally using Junkbuster on my side and while Netscape crashes less frequently with it (a nice by-product) and I see less banner (there's a modification that replaces banners with 1x1 gif), there is no way that it can do something really important: Javascript filtering
e.g. those pops up a window when you leave a site, those obfuscate the status bar with junk messages, those who does not allow right-clicking to reveal source, etc.
There is Proxomitron on Windows. How about us? Is there anything as powerful as that? I've heard that Webfilter (formerly known as NoShit) does it but people says it takes an aweful amount of CPU. Anyone with the experience?
Don't want to admit, but Junkbuster is child's play compared to Proxomitron. Only if they release the source....
Actually you can, well since Version 1.2 according to the docs (and it works for me on version 2.0.2). Just add the URL of the server you want to accept to the "cookiefile". You can use masks there, too, and if you don't care about privacy just an asterisk (*) on a line by itself will allow all cookies. If there is no cookiefile specified, all cookies will be denied (this could be how you're setup). If you go to http://www.junkbuster.com/cgi-bin /show-proxy-args and have Junk Buster running, it will list the arguments that server is running with. Check out their site, they have pretty good docs there.
I promise you this - if no one else codes this by the time Mozilla is beyond beta, I WILL get this done.
You know what to do with the HELLO. ...
Help create an open-source world
You know what to do with the HELLO. ...
Help create an open-source world
All this would guarantee is that the advertiser's profiles on you would be senseless, and would probably result in you getting your Aunt Susie's mass emails about crocheting and little puppy sweaters. Eeeeww. *grin*
You know what to do with the HELLO. ...
Help create an open-source world
chmod 400 .netscape/cookies
It works under AIX, anyway... after doing that, I went to www.userfriendly.org and clicked on the doubleclick banner ad. After I came back here, I double-checked: no doubleclick cookies (I edited my cookies file to get rid of all the doubleclick cookies first!).
If I want to accept a cookie, I'll have to undo that temporarily, I suppose.
Nels
See what I've been reading.
That e-mail address again is support@idcide.com so you can remind them that they need to do better about cross-platform and cross-browser support.
Offsite cookies do have a legit use. You'll see sites that are from the same company but under different domains (this happens often after an aquisition, like geocities and yahoo) use them so you can log in once for all the related sites. You may want to block the REF-BY field. This field is rarely used to provide any benefit to the user, but is used to track a user's path through the site. Of course, DoubleClick encodes site information in the URL of the image, too, so they'll know which site you're on separate from REF-BY info. I browse the web through a proxy that blocks ref-by always. Why should people know what terms I searched on, for example, when I find their page?
--- Speaking only for myself,
I use a similar hosts file, and I setup apache using a rewrite rule to send back a 1x1 transparent gif file for any requests. I have it send a tiny html file for any requests for asp/htm/html files to avoid problems with frames and such.
It'd be possible to have it not rewrite if it was pointing to one of your real pages.
I just havn't gotten around to setting up junkbuster, because this works so well. (And most of the time from home I browse with images off, which helps alot)
I've done that, and I've taken it one step further. I installed a web server, and set it to respond with a 1x1 transparent gif to all requests. So most pages with ads show up with a blank space.
Of course, I did this on Linux, but it should work the same under Windows. I just set my 404 error document to be the transparent gif.
I suppose I should set the error document to be a redirect to http://localhost/null.gif, which would keep my web cache from getting so cluttered.
Now we just need a good comprehensive list of advertising sites that we can all use.
> 127.0.0.1 [adserver] # fsck 'em all
Better yet, try:
The Ultimate HOSTS file
I dunno about the IP address the original USENET poster put in there. I replaced it with 127.0.0.1 and run a "web server" on my own box that responds only to requests from localhost and returns a 1x1 transparent .GIF instead.
One addendum: I was surprised to see an ad one day, and also had to add ad-adex[0-9].flycast.com instead of just ad-adex3.flycast.com to the list.
Seriously, when was the last time you ever wanted to see "content" from any of these sites? Blackhole 'em all.
That is not the perfect solution though. Don't forget to include you cannot be running httpd on port 80 if you do that. I use to have those in my hosts file, and I also run a web server, and there were many pages that wouldn't properly load because of it. What would happen is that the page would start loading, and (This didn't happen on all sites) then it would go full screen into my webserver stating that I didn't have permission to access so and so resource or that the file didn't exist (I setup very restrictive permissions since it is private).
On the other hand, if someone has a solution to this, I would be highly interested in hearing it.
in retrospect I think that if other ways of storing information had been used we would be better off. Have any of you tried to run a browser with cookies turned completely off. Their are *many* sites that will not even let you look around. I could live with haveing to log in to slashdot everyday and maybe haveing to log in to a couple of other sites that I have an account on, what I can't stand is the idea that people and corporations are able to some extent track what I do or where go while on the internet.
Privacy should be by default not something that you have to beg for or opt out of programs to get. "Opt out", people should have to Opt in. Ad companies say that consumers want targeted adds. I don't, if I want to buy something I don't mind searching a little or doing some research. If your a company that uses banner advertising I choose not to buy from you more then I might otherwise.
When I want to buy a product I want to buy it for the right reasons. It should be the best quality and value around. I don't want to buy something because company foo has better phsychologists then company bar. If you don't think advertising works your wrong. Companies that will downsize to save a few bucks will continue with costly advertizing campaigns because they know that they work.
There are things in life and yes even things on the internet that are worse then cookies. Losing my privacy is one of the things that I hate the most about this new "information age" we live in. I have emails that I don't want, phone calls that I don't want, mail that I don't want, and tv commercials that I don't want. All of them trying to sell me services or things that I really don't want.
Environmentalists are their own worst enemy. ~tricklenews.com
but why isn't offsite cookie rejection built into all browsers?
.com, .net and .org and into national domains, how do you define what is offsite?
.au and .uk, but it is sufficient in, say, .ca. Even three is insufficient in *.us. *.nyc.ny.us are machines run by lots of different people. Should browsers contain policy for every TLD?
Once you get out of
This issue came up on bugtraq when someone found an "evil" cookie on their machine that was sent to all sites in *.com.au. (or *.co.au -- whatever). Two top level domains is insufficient to distinguish different sites in
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
I noticed that after I installed IDcide, all of the new cookies I receive are for the ".qbots.com" domain.
For example, I previously had a cookie for "moviefone.com" which contained my zip code. Now I have one for "moviefone.com.role1.jar.qbots.com" which seems to have some additional information it it.
qbots.com is owned by IDcide (just go to www.qbots.com).
Maybe I'm just being paranoid...
Mozilla has a lot of really nice features as far as cookies are concerned. First of all YES Mozilla has a checkbox to only "Accept cookies that get sent back to the originating server only". (Get this: There is an image checkbox that does the same thing! Which blocks images (read ads) from servers that aren't the originating server)
Not only does it slice and dice, Mozilla allows you to view your stored cookies - and delete them wholesale or individually.
You can also ad whole domains that you would like to block images from. And, although the interface isn't quite complete, you can ad domains that you will <b>always</B> block cookies from too. One post I saw wanted the ability to view cookies and delete them real time in the sidebar. It would be trivially easy to skin a new Mozilla that has the Cookie Manager window in the sidebar so that you could actively watch cookies and delete them in real time.
Joseph Elwell.
<A HREF="http://www.mozilla.org">Make it better.</A>
It also notifies you of invalid cookies being set and why they're invalid. I tried using Hotmail and Opera reported 4 or 5 invalid cookies.
And if that's not enough, you can always turn to the Internet Junkbuster for the ultimate filtering solution.
--
Hmm. Well. Nope, it doesn't.
Okay. I didn't know what to believe, so I tried a little test. I don't normally use netscape anyway, but I do have it installed.
I killed the cookie text file. Just deleted it. Start up Netscape (blank home page), so no cookies yet. Change the setting in the preferences. This is Communicator 4.6 for Windows, BTW. Go to a page I know had a doubleclick banner: http://www.userfriendly.org/static/
Look again, voila, a cookie file. Open it up: There's the doubleclick cookie all right.
They may have changed the behavior in later versions, I dunno. But the behavior I see is exactly what the option says. Allow cookies that get sent back only to originating server. The cookie originated at doubleclick.net, NOT at userfriendly.org.
A cookie is not set in HTML, it's set in the HTTP headers. You get those headers with every single web request, be it GIF or HTML.
The option they NEED, and the one I described, is simple: Only accept cookies originating from the same server as the page being viewed. Or perhaps, disallow cookies with non-HTML files. I can't think of any good reason, other than ads, to send a cookie with a graphic image.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
First, edit your cookies file and take out all the cookies you don't want.
Second, copy the cookies file somewhere else.
Third, write a script, batch file, etc. to copy the copied cookies.txt into your browser's directory before you run your browser.
Fourth, if you find a site thta gives you a cookie you want, copy that line to the cookies.txt file that gets copied over.
That way, while you *do* get cookies, and they *do* get set and sent back to whatever site, every time you open up your browser, you effectively become a new person since there's no cookie to track you between sessions anymore.
High-speed Road Trip (18.000KPH)
I post this every time there's a cookie article, and it's probably redundant, but it might help some people...
I set my "Internet Zone" security settings to prompt before accepting cookies. Whenever somebody tries to send me a cookie, the cookie dialog comes up. If it's coming from the site that I'm actually visiting, I accept it (and I never have to see it again.) If it's coming from doubleclick.net or the like, I refuse it, and then I add that domain to the "Restricted Zone". From then on, IE automatically refuses cookies from that domain (and also disables Javascript, ActiveX, etc.)
My only complaint is that adding the domain to my "restricted" list is a separate step; it would be nice if I could just click "No, and block all future cookies," and be done with it. But if you're using IE anyway, and you don't want to mess with third party programs, this method works pretty well.
MSK
Have a small text sidebar or window that displays changes to cookies AS THEY HAPPEN, and allow us to delete these cookies from this interface. This could be a small, simple text window built in to, say, the button bar. A small floating independant text box would work well too. The key here is, it's small and out of the way so that we can have it on WHILE we browse, and it gives us dynamic information on our cookies which we can intelligently control.
Of course this would NOT be on by default, since the average user would just mess up their web-based email cookies and complain. But give us advanced users something to work with here.
You know what to do with the HELLO. ...
Help create an open-source world
From HOSTS...
127.0.0.1 ad.doubleclick.net #spamfilter
127.0.0.1 m.doubleclick.net #spamfilter
127.0.0.1 ad.webprovider.com #spamfilter
127.0.0.1 image.linkexchange.com #spamfilter
127.0.0.1 jeeves.flycast.com #spamfilter
127.0.0.1 www.flycast.com #spamfilter
127.0.0.1 www.burstmedia.com #spamfilter
127.0.0.1 www.247media.com #spamfilter
127.0.0.1 www.ad-venture.com #spamfilter
127.0.0.1 www.adauction.com #spamfilter
127.0.0.1 www.adsdaq.com #spamfilter
127.0.0.1 a32.g.a.yimg.com #spamfilter YahooAds
127.0.0.1 www.pagecount.com #spamfilter
127.0.0.1 www1.pagecount.com #spamfilter
127.0.0.1 www2.pagecount.com #spamfilter
127.0.0.1 www3.pagecount.com #spamfilter
127.0.0.1 www4.pagecount.com #spamfilter
127.0.0.1 ad.linkexchange.com.com #spamfilter
127.0.0.1 www.smartclicks.com #spamfilter
127.0.0.1 mojofarm.mediaplex.com #spamfilter
127.0.0.1 www.etour.com #spamfilter ads in GetRight
____________
TomV
In Australia there are pilot projects where utility companies (Electricty, water, gas) have the capacity to backchannel data via their metering devices. This back channel could also be used for TV ratings, satellite downlinks (for Internet Access), security system monitoring and much more. Add FlyBuys to this. So, not only would your favourite TV shows, Internet sites would be known, the times you are home, when you are most likely to be sitting on the toilet, etc. can also be inferred by compiling the information fed back thorugh such a back channel. It will not be long before many databases are amalgamated - FlyBuys, Debt Collection, TV Ratings, Personal Information ,etc. Think of the possibilities then.
C.Burgess - email:colvinb@airnet.com.au
---
Why not go one step further? If companies like DoubleClick want to collect information on you through cookies, let them.
One thing I imagine you could is actively contaminate the personal information that they are managing to collect on you. How would you do that? You could set up a shared cookie repository somewhere on the web. Everytime a banner network plants a cookie on your machine, you could submit it to the repository. Everytime you are about to send a cookie back to the same banner network, you would get grab someone else's cookie from the repository and send it to the unsuspecting banner ad server.
To reiterate, if you were to send your Aunt Susie's cookie to DoubleClick everytime their banner ad displays on your page, you would contaminate Aunt Susie's personal profile in the DoubleClick database.
If a lot of people were to cooperate in this way, they could render their personal profiles totally useless to advertisers, because the signal to noise ratio would be very low.