Slashdot Mirror
DoubleClick Workaround: IDcide
No cookies with offsite GIFs: that's the privacy solution implemented by
IDcide
(take a moment to register the pun, OK, there ya go). Here's
technical background on offsite cookies;
here's the
CNNstory;
here's the software
FAQ
(it's only available for Windows/MSIE). If you're not sure why offsite cookies matter,
you must read this.
And, not to rain on IDcide's revenue model -- their product does other stuff too -- but why isn't offsite cookie rejection built into all browsers? Anyone from Mozilla want to talk about this?
I use a similar hosts file, and I setup apache using a rewrite rule to send back a 1x1 transparent gif file for any requests. I have it send a tiny html file for any requests for asp/htm/html files to avoid problems with frames and such.
It'd be possible to have it not rewrite if it was pointing to one of your real pages.
I just havn't gotten around to setting up junkbuster, because this works so well. (And most of the time from home I browse with images off, which helps alot)
I've done that, and I've taken it one step further. I installed a web server, and set it to respond with a 1x1 transparent gif to all requests. So most pages with ads show up with a blank space.
Of course, I did this on Linux, but it should work the same under Windows. I just set my 404 error document to be the transparent gif.
I suppose I should set the error document to be a redirect to http://localhost/null.gif, which would keep my web cache from getting so cluttered.
Now we just need a good comprehensive list of advertising sites that we can all use.
> 127.0.0.1 [adserver] # fsck 'em all
Better yet, try:
The Ultimate HOSTS file
I dunno about the IP address the original USENET poster put in there. I replaced it with 127.0.0.1 and run a "web server" on my own box that responds only to requests from localhost and returns a 1x1 transparent .GIF instead.
One addendum: I was surprised to see an ad one day, and also had to add ad-adex[0-9].flycast.com instead of just ad-adex3.flycast.com to the list.
Seriously, when was the last time you ever wanted to see "content" from any of these sites? Blackhole 'em all.
That is not the perfect solution though. Don't forget to include you cannot be running httpd on port 80 if you do that. I use to have those in my hosts file, and I also run a web server, and there were many pages that wouldn't properly load because of it. What would happen is that the page would start loading, and (This didn't happen on all sites) then it would go full screen into my webserver stating that I didn't have permission to access so and so resource or that the file didn't exist (I setup very restrictive permissions since it is private).
On the other hand, if someone has a solution to this, I would be highly interested in hearing it.
in retrospect I think that if other ways of storing information had been used we would be better off. Have any of you tried to run a browser with cookies turned completely off. Their are *many* sites that will not even let you look around. I could live with haveing to log in to slashdot everyday and maybe haveing to log in to a couple of other sites that I have an account on, what I can't stand is the idea that people and corporations are able to some extent track what I do or where go while on the internet.
Privacy should be by default not something that you have to beg for or opt out of programs to get. "Opt out", people should have to Opt in. Ad companies say that consumers want targeted adds. I don't, if I want to buy something I don't mind searching a little or doing some research. If your a company that uses banner advertising I choose not to buy from you more then I might otherwise.
When I want to buy a product I want to buy it for the right reasons. It should be the best quality and value around. I don't want to buy something because company foo has better phsychologists then company bar. If you don't think advertising works your wrong. Companies that will downsize to save a few bucks will continue with costly advertizing campaigns because they know that they work.
There are things in life and yes even things on the internet that are worse then cookies. Losing my privacy is one of the things that I hate the most about this new "information age" we live in. I have emails that I don't want, phone calls that I don't want, mail that I don't want, and tv commercials that I don't want. All of them trying to sell me services or things that I really don't want.
Environmentalists are their own worst enemy. ~tricklenews.com
but why isn't offsite cookie rejection built into all browsers?
.com, .net and .org and into national domains, how do you define what is offsite?
.au and .uk, but it is sufficient in, say, .ca. Even three is insufficient in *.us. *.nyc.ny.us are machines run by lots of different people. Should browsers contain policy for every TLD?
Once you get out of
This issue came up on bugtraq when someone found an "evil" cookie on their machine that was sent to all sites in *.com.au. (or *.co.au -- whatever). Two top level domains is insufficient to distinguish different sites in
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
I noticed that after I installed IDcide, all of the new cookies I receive are for the ".qbots.com" domain.
For example, I previously had a cookie for "moviefone.com" which contained my zip code. Now I have one for "moviefone.com.role1.jar.qbots.com" which seems to have some additional information it it.
qbots.com is owned by IDcide (just go to www.qbots.com).
Maybe I'm just being paranoid...
Mozilla has a lot of really nice features as far as cookies are concerned. First of all YES Mozilla has a checkbox to only "Accept cookies that get sent back to the originating server only". (Get this: There is an image checkbox that does the same thing! Which blocks images (read ads) from servers that aren't the originating server)
Not only does it slice and dice, Mozilla allows you to view your stored cookies - and delete them wholesale or individually.
You can also ad whole domains that you would like to block images from. And, although the interface isn't quite complete, you can ad domains that you will <b>always</B> block cookies from too. One post I saw wanted the ability to view cookies and delete them real time in the sidebar. It would be trivially easy to skin a new Mozilla that has the Cookie Manager window in the sidebar so that you could actively watch cookies and delete them in real time.
Joseph Elwell.
<A HREF="http://www.mozilla.org">Make it better.</A>
It also notifies you of invalid cookies being set and why they're invalid. I tried using Hotmail and Opera reported 4 or 5 invalid cookies.
And if that's not enough, you can always turn to the Internet Junkbuster for the ultimate filtering solution.
--
Hmm. Well. Nope, it doesn't.
Okay. I didn't know what to believe, so I tried a little test. I don't normally use netscape anyway, but I do have it installed.
I killed the cookie text file. Just deleted it. Start up Netscape (blank home page), so no cookies yet. Change the setting in the preferences. This is Communicator 4.6 for Windows, BTW. Go to a page I know had a doubleclick banner: http://www.userfriendly.org/static/
Look again, voila, a cookie file. Open it up: There's the doubleclick cookie all right.
They may have changed the behavior in later versions, I dunno. But the behavior I see is exactly what the option says. Allow cookies that get sent back only to originating server. The cookie originated at doubleclick.net, NOT at userfriendly.org.
A cookie is not set in HTML, it's set in the HTTP headers. You get those headers with every single web request, be it GIF or HTML.
The option they NEED, and the one I described, is simple: Only accept cookies originating from the same server as the page being viewed. Or perhaps, disallow cookies with non-HTML files. I can't think of any good reason, other than ads, to send a cookie with a graphic image.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
First, edit your cookies file and take out all the cookies you don't want.
Second, copy the cookies file somewhere else.
Third, write a script, batch file, etc. to copy the copied cookies.txt into your browser's directory before you run your browser.
Fourth, if you find a site thta gives you a cookie you want, copy that line to the cookies.txt file that gets copied over.
That way, while you *do* get cookies, and they *do* get set and sent back to whatever site, every time you open up your browser, you effectively become a new person since there's no cookie to track you between sessions anymore.
High-speed Road Trip (18.000KPH)
I post this every time there's a cookie article, and it's probably redundant, but it might help some people...
I set my "Internet Zone" security settings to prompt before accepting cookies. Whenever somebody tries to send me a cookie, the cookie dialog comes up. If it's coming from the site that I'm actually visiting, I accept it (and I never have to see it again.) If it's coming from doubleclick.net or the like, I refuse it, and then I add that domain to the "Restricted Zone". From then on, IE automatically refuses cookies from that domain (and also disables Javascript, ActiveX, etc.)
My only complaint is that adding the domain to my "restricted" list is a separate step; it would be nice if I could just click "No, and block all future cookies," and be done with it. But if you're using IE anyway, and you don't want to mess with third party programs, this method works pretty well.
MSK
Have a small text sidebar or window that displays changes to cookies AS THEY HAPPEN, and allow us to delete these cookies from this interface. This could be a small, simple text window built in to, say, the button bar. A small floating independant text box would work well too. The key here is, it's small and out of the way so that we can have it on WHILE we browse, and it gives us dynamic information on our cookies which we can intelligently control.
Of course this would NOT be on by default, since the average user would just mess up their web-based email cookies and complain. But give us advanced users something to work with here.
You know what to do with the HELLO. ...
Help create an open-source world
From HOSTS...
127.0.0.1 ad.doubleclick.net #spamfilter
127.0.0.1 m.doubleclick.net #spamfilter
127.0.0.1 ad.webprovider.com #spamfilter
127.0.0.1 image.linkexchange.com #spamfilter
127.0.0.1 jeeves.flycast.com #spamfilter
127.0.0.1 www.flycast.com #spamfilter
127.0.0.1 www.burstmedia.com #spamfilter
127.0.0.1 www.247media.com #spamfilter
127.0.0.1 www.ad-venture.com #spamfilter
127.0.0.1 www.adauction.com #spamfilter
127.0.0.1 www.adsdaq.com #spamfilter
127.0.0.1 a32.g.a.yimg.com #spamfilter YahooAds
127.0.0.1 www.pagecount.com #spamfilter
127.0.0.1 www1.pagecount.com #spamfilter
127.0.0.1 www2.pagecount.com #spamfilter
127.0.0.1 www3.pagecount.com #spamfilter
127.0.0.1 www4.pagecount.com #spamfilter
127.0.0.1 ad.linkexchange.com.com #spamfilter
127.0.0.1 www.smartclicks.com #spamfilter
127.0.0.1 mojofarm.mediaplex.com #spamfilter
127.0.0.1 www.etour.com #spamfilter ads in GetRight
____________
TomV
In Australia there are pilot projects where utility companies (Electricty, water, gas) have the capacity to backchannel data via their metering devices. This back channel could also be used for TV ratings, satellite downlinks (for Internet Access), security system monitoring and much more. Add FlyBuys to this. So, not only would your favourite TV shows, Internet sites would be known, the times you are home, when you are most likely to be sitting on the toilet, etc. can also be inferred by compiling the information fed back thorugh such a back channel. It will not be long before many databases are amalgamated - FlyBuys, Debt Collection, TV Ratings, Personal Information ,etc. Think of the possibilities then.
C.Burgess - email:colvinb@airnet.com.au
---
Why not go one step further? If companies like DoubleClick want to collect information on you through cookies, let them.
One thing I imagine you could is actively contaminate the personal information that they are managing to collect on you. How would you do that? You could set up a shared cookie repository somewhere on the web. Everytime a banner network plants a cookie on your machine, you could submit it to the repository. Everytime you are about to send a cookie back to the same banner network, you would get grab someone else's cookie from the repository and send it to the unsuspecting banner ad server.
To reiterate, if you were to send your Aunt Susie's cookie to DoubleClick everytime their banner ad displays on your page, you would contaminate Aunt Susie's personal profile in the DoubleClick database.
If a lot of people were to cooperate in this way, they could render their personal profiles totally useless to advertisers, because the signal to noise ratio would be very low.