DoubleClick 'Web Bugs' On Porn, Medical Sites

The ever-vigilant Brill's Content sent a freebie to the ever-vigilant Politech that makes us long for vigilante justice. It seems the odds-on favorite for this century's Big Brother, DoubleClick, has contracted to put 1x1 pixel graphic Web bugs on porn and medical sites. Read all about it. But don't worry, we're assured by the porn sites that although "DoubleClick [secretly] collects the information [that you, John Q. Doe, personally spent 12.2 minutes at a girl-on-girl fetish page and then spent 19.7 minutes reading up on your prostate problems], it does not have the technical skill to understand it."

Re:Hmm..

[QuMa]

For the articles, obviously.

web bug faq

[dannym]

"Is there any method of removing Web Bugs from HTML pages?

Not really. The technical problem is that there is no method of distinguishing Web Bugs from spacer GIFs which are used on Web pages for aligment purposes." -- The Web Bug FAQ

Why not just replace the location of every 1x1 gif specified on websites with the location of a local, transparent 1x1 gif? (make some add-on that filters all the html before it goes through your browser, like what is already done to get rid of ads)

JB won't catch on

[gad_zuki!]

Junkbuster defaults to blocking no sites, blocking all cookies, and making your user_agent tell web servers that your using a Macintosh and an ancient version of NS. After 20 minutes of setting it up and probably not even using the cookie blocking feature (like i want to hunt for every site I use that wants cookies) you realize that a search for 'block ads hosts file' on google and a simple cut and paste to windows/hosts is all you ever needed.

JB is great for privacy power users but if you want site blocking to catch on with most users show them the easy way.

hitbox.com does this, too

[Skapare]

I found an animated, no-cache, zero-age, self-reloading, web bug on dice.com that has a web bug at the bottom of the page (you can see it easily at the very end of the HTML source). The fact that it is animated, with no caching, and instant expire set causes it to keep reloading, which not only tells them where you visit, but also how long you leave the page up. And it's a f---ing obnoxious annoying 5086 bytes that keeps being downloaded over and over.

Block hitbox.com (all subdomain names, too) from your web proxies!
Maybe I should make this my new sig.

Re:Web bugs on slashdot

[pirodude]

That server doesnt look like its owned by dn..just on their network. Internal traffic is common as a port scanner usually scans certian ports to be sure that your services that you signed up to have monitored are still running.

Recycled tip; use squid guard, not Junkbuster...

[Spoing]

SquidGuard is quicker, and has many features not present in Junkbuster. Take a look.

Re:My 127.0.0.1 list

[Money__]

127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 adforce.imgis.com
127.0.0.1 ads.enliven.com
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 adcount.hollywood.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 www.ad-up.com
127.0.0.1 bannerswap.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrack.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com/
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 127.0.0.1 ads.i33.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 customad.cnn.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 globaltrak.net
___

Need something MORE than Junkbuster.

I don't just want to lock out the net trackers, I want to screw them up and make their life as difficult as they make mine. How about cookie MANGLERS that send back 100K cookies with lots of funky characters (maybe crash their server)? Or cookie swappers that send back cookies to make you look like you surf random sites. Puting in the spammers administrative and zone contact email addresses into other spam sites that ask for an email address (Get their ISP to TOS 'em for burdening their staff unduly). Turn the tables people. Turn the tables. The best defense is a good offense.

Re:Need something MORE than Junkbuster.

[rjh3]

If you really feel the need, junkbuster has the option of sending wafers. These are cookies with some entertaining legalese that are designed to fit within the rules for a cookie. Or you can invent your own wafer.

But the issue with 1x1 web-bugs is not cookies. These web-bugs are already encoded with the tracking information so that the mere attempt to load the image provides the tracking information to the perpetrators.

Here it is.

[Leonel]

Now, what I'm really waiting for is for someone to write a proxy that can dynamically rewrite pages as they come through an http tunnel

What about WebWasher? That's what I have been using and it does a great job on literaly striping out of the html most banners, pop-up ads, and is quite configurable.

Slashdot uses "Web Bugs" as well.

[Kozz]

But what are they used for? I'm not sure. But look at the source code of almost any page here, and you'll see them:

<IMG SRC='http://209.207.224.245/Slashdot/pc.gif?/comme nts.pl,962468080410' WIDTH=1 HEIGHT=1>

<IMG SRC='http://images.slashdot.org/pagecount.gif?/com ments.pl,962468080410' WIDTH=1 HEIGHT=1>

<IMG SRC='http://images.slashdot.org/banner/gate5002en. gif?962468081680' WIDTH=1 HEIGHT=1 BORDER=0>

Maybe one of the slashdot staffers could answer this.


Quidquid latine dictum sit, altum viditur.

Re:Slashdot uses "Web Bugs" as well.

[jamiemccarthy]

But what are they used for? I'm not sure. But look at the source code of almost any page here, and you'll see them:
<IMG SRC='http://209.207.224.245/Slashdot/pc.gif?/comme nts.pl,962468080410' WIDTH=1 HEIGHT=1>
<IMG SRC='http://images.slashdot.org/pagecount.gif?/com ments.pl,962468080410' WIDTH=1 HEIGHT=1>
<IMG SRC='http://images.slashdot.org/banner/gate5002en. gif?962468081680' WIDTH=1 HEIGHT=1 BORDER=0>

Maybe one of the slashdot staffers could answer this.

The first one is a page-counter graphic that's apparently on a machine at Slashdot's old hosting location, Digital Nation (since the traceroute to it goes through dn.net). I'm not that familiar with the technical end of Slashdot and so I can't speculate why it's loaded from dn.net instead of from our main servers.

The second one is a page-counter graphic (obviously) on our main servers.

The third one I'm not sure about. Like I say, I know little about the tech end of Slashdot and even less about the ad system.

In short, these guys are harmless. "Web bugs" allow a site other than the one you're currently reading to check up on your behavior. Obviously you're leaving footprints all over slashdot.org's logs every time you load our homepage!

Jamie McCarthy

Re:Junkbusterize it!

[kris]

Now, what I'm really waiting for is for
someone to write a proxy that can dynamically
rewrite pages as they come through an http
tunnel.

But Siemens Webwasher already does that.

© Copyright 2000 Kristian Köhntopp

DoubleClick's Fatal Error

[Effugas]

I was waiting for that.

Most people don't understand the need for data privacy. Even social security numbers are presumed to be pretty public, since we're forced to give them out all the time.

But they started messing with medical sites. Wrong move.

People fear their medical records getting out for all sorts of reasons--not the least of which it the concept of ownership of one's own body. Medicine is probably the one of the least networked industry when it comes to end product status, simply because the end product isn't too comfortable with firewalls being trusted to keep their personal health data secure.

There's an entire host of psychological issues that come once your health status becomes a commodity to be traded; one of the scarier endgames of no health privacy is that, since what is unknown by everyone cannot be unreported to anyone, people will refuse to inform their doctors about their health nor search online for others who have been in their predicament.

DoubleClick's antics, then, will lead to more expensive and less effective medical treatment.

DoubleClick just entered the realm of Life and Death, and that was the biggest mistake they could have ever done. Death is the ultimate liability, and it's guaranteed to happen. Be found liable for a death, and as a company, you may die yourself.

Any physician who works with DoubleClick will violate Do No Harm; I fully expect the AMA to issue a statement to this effect and will be disappointed when they don't.

It truly boggles the mind as to what kind of idiot at DoubleClick came up with the idea of spreading to medicine; when you get email regarding buying a computer while going computer shopping, you might think it's a pleasant coincidence. When you start getting Viagra spam after asking Dr. Koop about Erectile Dysfunction, you feel violated, as well you should.

Have we reached the point where DoubleClick style cross-site spies need to be suppressed, by default, in the browser?

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:DoubleClick's Fatal Error

[bridgette]

I can't wait until some insurance company allies w/ double click to get at peoples medical site profiles.

Even if my medical records are safe on dead trees in my physician's filing cabinet, knowing that I've been looking up information on "chest-pains" or "HIV treatments" would be worth money to comanies looking to insure me.

It will be tons-of-fun explaing that the chemotherapy article wasn't for me but for a friend and no I won't name names.

Hey, maybe doubleclick can merge with TRW or Expirian so they can mege "browsing profiles" with credit reports. Then they can offer lists of say "sports car enthusiasts" and filter out the ones that can't affor a ferrari.

And when some lawer decides to supeona doubleclick during the discovery phase of some totally unrelated case, things will get really interesting. Oh wait! They already subpeona medical records for cases as minor as arguing a speeding ticket. nevrmind.

Re:Can't this be turned off at the browser?

[spudboy]

If Doubleclick starts hiding behind hostnames in many domains, the cookies from doubleclick.foo.com won't go to doubleclick.bar.com, and they can't track. They have to use one domain to get their cookies back. And that makes them vulnerable even if you don't have an armored backhoe to dig up their net connection.

Hmm..

[Stskeeps]

Only thing i can think of here, adding ad.doubleclick.net to /etc/hosts as 127.0.0.1 (or c:\windows\hosts for windows users), or disable image loading. I mean, I don't want some multibillionare patentfreak company to see what pr0n sites I go to, or if I go to any other site. This scares me, because what if they sold that information to other companies - wouldn't it be evasion of privacy?. We haven't agreed to let them spy on us - so let's fight it - either by the solution first, or use lynx ;)

Re:Hmm..

[Abigail]

What would be the point of going to pr0n sites in lynx, since you wouldn't be able to look at the pictures/movies?

You don't know lynx. It's missing ability to *inline* images doesn't mean it's unable to show images. All it does is using an external program, just like Netscape would do for, say, a PostScript file.

-- Abigail

Re:Hmm..

[clearcache]

either by the solution first, or use lynx ;)

why would I want to visit a porn site using lynx??? ;)

Re:Hmm..

[Danse]

Gotta agree with you on that. While the vast majority of people don't buy Playboy for the articles, they are missing out if they don't bother to read them somewhere along the way.

Too Stupid, But Not For Long

[Syn.Terra]

Here's the meat of the article, and DoubleClick's defense:

"While DoubleClick does indeed record, [it] does not know that room 5 is equivalent to girls home alone." This explanation comes down to saying that while DoubleClick collects the information, it does not have the technical skill to understand it an assertion that Smith and others nd hard to believe.

The problem is, while they don't have the knowledge to link room 5 with girl-girl fetish porn, some *other* company would have no problem doing it. As we all remember, DoublClick has no problem "allying" itself with other companies; at least until their stock price plummets.

I just have to question whether these "web bugs" are really the work of DoubleClick, or just some crafty porn site administrator trying to get paid for posting ads, but keeping them at 1x1 pixels so nobody has to be bothered by them.

---

Can't this be turned off at the browser?

[jlusk4]

Ok, dumb question #1: isn't it (theoretically) possible to turn off the retrieval of things from sites that differ from the original URL host or domain, in the browser? Like, if I request a URL from www.flibbertygibbit.com, can't the browser be smart enough not to request further resources from, say, ad.doubleclick.net (but be smart enough to request resources from pix.flibbertygibbit.com)? Wasn't this capability in Mozilla until recently? How hard is it to put back in?

John.

Re:Can't this be turned off at the browser?

[pigret]

As far as I know, the excellent iCab browser for the Mac (limited javascript support, but otherwise pretty standards compliant) can switch off the sending of "http referrer" data - which I assume limits the data that can be gleaned at the server end (a little....). icab is at http://icab.de/

Re:Can't this be turned off at the browser?

[Eric+S.+Smith]

Mozilla currently has a preference setting for loading only images that come from the same domain as the page, as well as a "Warn me before loading an image" option. This is by analogy with its cookie-handling. It should be possible to defeat "bugs" using either this feature or a more convenient adaptation of it.

Presumably, this feature will appear in Netscape 6 and the AOL client, but you never know what marketing will object to...

Re:Can't this be turned off at the browser?

[titus-g]

It's possible that junkbuster does identify itself in the HTTP_USER_AGENT field, although you'd of thunk they would have gone for identifying it as MSIE 5 or something to avoid that.

Apart from that I guess it is possible that they are using Javascript to load the info on the page, could try turning it off and looking for references to .js files in the code. makes things complicated though, as you then have to get the .js files and read through the code to find what you were looking for.

Another thing (most probable) it could be is that the links are made via an ad server e.g. http://ad.doubleclick.net?click.pl?sender=some.sit e&goingto=another.site this stops the link from working as you can't get the redirect from the ad server. http://www.x10.com (wireless web cam) is a good example of this all their images and links are via an ad server.

Re:Can't this be turned off at the browser?

[jamiemccarthy]

Like, if I request a URL from www.flibbertygibbit.com, can't the browser be smart enough not to request further resources from, say, ad.doubleclick.net (but be smart enough to request resources from pix.flibbertygibbit.com)?

Yes; the trouble is that many sites have offsite images load from a perfectly normal and harmless third-party server. Akamai is the best example; companies from Altavista to Apple to Andover store their graphics on Akamai's distributed servers for faster load times. If you prohibit all third-party graphics, you prevent these graphics from loading, thus breaking many pages.

Wasn't this capability in Mozilla until recently? How hard is it to put back in?

Yes, it was; see this older slashdot story for details. The good news is that Mozilla retains the capability to block off-site cookies, which doesn't totally eliminate the web bug problem but does take a huge bite out of it (along with the whole DoubleClick-privacy problem in general).

Personally I suspect that the offsite image problem could be 99% solved with a little special-casing and some creative DNS work. But I don't know that for certain.

The bottom line is that, because of this one incredibly simple feature, Mozilla is currently the most privacy-friendly off-the-shelf browser that I know of. Of course, if you are really concerned about privacy, you could try add-ons like Junkbusters or IDcide.

Jamie McCarthy

Re:What I want...

[gfxguy]

Agreed - I posted a wishlist last fall. I guess it also bears repeating. There were lots of good followup suggestions, too. Most of it had to do with privacy, and putting what I consider common controls within easy reach (instead of edit->preferences->advanced->cookies).

The following should be a single click away:

• Toggle Cookies
• Toggle Java/Javascript
• Toggle Images
• Load only from document's server
• Allow/Don't Allow/Ask before opening a new window!!!

With lot's of other customizations (stealth features), like: telling your browser what browser it should be tellling sites it is (no more "You need IE to view this site" when you know damn well you don't). Also let you control wether or not you actually send your username, and other information the browser happily provides that you may not even know about. You should also be able to control, from within the browser, junkbuster-like features. "Accept cookies from" list, and "block these sites" (with address lookup to prevent some aforementioned problems...keep the name and number blocked with one entry).

Mozilla may hold some of the answers, but if it's released by AOL I'm betting it won't (by default) contail anything remotely useful to protect privacy. They already ruined it's first release by including all the extra crap they do, and while they're not MS they're also not a particularly benevolent company (and I work for what will be AOL/Time Warner, so let's keep that last thought between you and me). I laughed when they offered us free AOL - it's surprising how many won't even take it for free!

----------

Anonymity to the rescue...

[krystal_blade]

What about cookies? They take information from you as well, and hand it back. Hell, sometimes you can't even go to sites if you don't allow cookies.

The concept of information grabbing (like with cookies) has been a hot debate on the internet for years, yet no one has done anything. Until something drastic happens to someone, THEN you'll see a change. DoubleClick may have gone too far, and if so, that's a problem that needs to be addressed.

DoubleClick can gain no information if you don't give them any. Web porn sites and Medical sites rely on customer traffic to finance themselves. Those who are security conscious should probably stop going there. There will always be the panting raving idiots with knuckle herpes who goes to the sites, but, the downward trend in business will cause the site owners to notice.

If you hit them where they hurt the most, (their wallet) you have their complete attention.

It is a democratic society, and you have the right to take your business elsewhere.

krystal_blade

Once again...junkbuster to the rescue!

[gfxguy]

It's been said a million times, here on slashdot, but it bears repeating:

Junkbuster will not only allow cookies from specific sites you want, but can disable downloading anything from any site you don't want.

When we all use something like junkbuster, maybe someone will get a clue. Now it's only punishment for the uninformed.
----------

Re:Once again...junkbuster to the rescue!

[Abigail]

When we all use something like junkbuster, maybe someone will get a clue.

Then a lot of websites lose their income, and that will be the end of them - including your beloved slashdot. You *do* realize that the ads on slashdot can be used for exactly the same thing doubleclick is using them for, don't you? And I hope you've spotted the 1x1 invisible gifs on the slashdot pages as well. (Like from the nameless host 209.207.224.245).

-- Abigail

Re:Once again...junkbuster to the rescue!

[Signal+11]

Of course, a link is often helpful.

Re:and here's is what is going on at Double Click

[babbage]

"Geez this guy is sick, 39 minutes on one picture"

Actually, this doesn't tell you much of anything at all. Examples:

• Browsing in two windows. Load picture in window #1. Open Slashdot in window #2. Spend half an hour wishing Katz would shut the hell up, wanting not to hear any more about grits or trousers or Portman. Close window #2, remember that window #1 has been open with that picture all this time, and close it too after following a link or two and deciding that you aren't interested in this site.
• Load page. Get invited to lunch. Turn off monitor and leave. Come back, rememmber that you left Netscape on, and reload the page, then think better of it and decide you'll take a look after work.

Those are just obvious examples. More than that, I don't think the HTTP protocol really allows you to gather the sort of information you're talking about. All these people could find out was that you loaded their image once at, say, 10:00, and then you loaded another at 10:39. What you did between those two clicks is a complete mystery to them. You could have, for example, hopped over to Google, searched for whatever for a while, then came back to what you were doing previously. This example is only different in that it doesn't mean you weren't paying attention to the browser & the tagged page -- you were.

This isn't to say that there aren't frightening Big Brother aspects of this all. Certainly, I'm sure it's possible to make some more or less accurate guesses about what people are doing. But because of the basically stateless nature of HTTP (neverminding cookies for a minute), the most these peopel can get is an imperfect view of your travels, and everything else is just statistics, probabilty, and educated guesswork.

Privacy is, of course, very important, and it's important to know what information you are giving away whenever you use the web. But it's also important to know what you aren't giving away, at least with current technology, and to use that as a starting point in trying to defend your privacy.

Can't they just track us at the server ?

[lazarus_]

Maybee this is a stupid question... if so not the first..

But is it enough that we stop the request from our compter?
So many of these sites are generating the pages on the fly - can't the server track the request? - and even if we block the actuall add, the server can log that it was going to send one.
Do we even need to see the ad for travels to be logged?

sick!

[nocent]

what kind of sicko goes to a pr0n site to read the html source? that's some fetish.

"errr... yes, i was doing research and stumbled across the site and noticed a web bug in the code."

Re:Junkbusterize it!

[Abigail]

Now, what I'm really waiting for is for someone to write a proxy that can dynamically rewrite pages as they come through an http tunnel.

I've done that years ago. Tom Christiansen has made the tarball available for that, somewhere on perl.com.

-- Abigail

Re:The unthunk gets thunked more

[Abigail]

Guess someone could add a scrubber component to the browser's which'd truncate the URL's at the ?, but chances are lots of requests would fail if that would happen...

But even then, just lose the ? and replace it with a /, or a Q or whatever you feel like. It's up to the server anyway to map a URL to an object. But beside the URL, there are more things in the HTTP protocol that can be used to track people, and that aren't immediate obvious, unless someone tells you. The last modified field, for instance, which on return visits to the URL, is reported back to the server. ETag is another example. Browsers typically allow you to disable cookies, but find a browser that lets you disable ETags....

-- Abigail

Re:How I fight the great satan

[Abigail]

the other is images.slashdot.org/pagecount which you'd think would have a valid purpose.

You mean, the slashdot maintainers aren't smart enough to grep through the accesslogs to find out the pagecount? (Which is not only far more efficient on both the server and clients ends, and the network in between, it's also more meaningful)

-- Abigail

Odd..

[mosch]

having read that I quick checked my cookies file and discovered that my id was no longer opt_out.

i'm not implying some sort of conspiracy theory, but i am curious as to how this happened (linux netscape 4.7 on freebsd 3.5)

i quick wrote a little app to check the cookies file and tossed it in a cron job so i can try to find out what causes this, but in the meantime, anybody have any ideas other than user error?
----------------------------

Two wrongs don't make a right

[FascDot+Killed+My+Pr]

No, do NOT deliberately make bad software. That's unethical. In fact, I would even argue that dragging your feet or lying about the real cost would be unethical.

A better solution is:

Step 1) Understand what you are being asked to create. Maybe your unease is caused by a misunderstanding.

2) Talk to the relevant manager (or as high as you can get access to). Explain your concerns. If there are channels, go through them. Document all conversations/memos/emails/etc.

3) If asked to implement anyway you have several choices:

a) If the action is illegal you can refuse to do it and "blow the whistle". There are laws that no action can be taken against a whistleblower so you are theoretically safe (I don't know how well this works in practice, though).

b) If the action is merely unethical the situation is murkier. If the business you are working for is part of a professional association, check their code of ethics and procedures for compliance. For instance, if a doctor wants you to write software that transmits medical data over an unsecured channel, you might be able report him to the AMA. (warning: this is only an example)

c) If your situation still hasn't been covered by the above, you may have to go it alone. Personally I would quit and maybe publish information (Internet, other media outlets, etc) regarding the proposed action. Yeah yeah, "I have mouths to feed". But a child is more than a mouth. I'd rather have my child miss a meal than seeing Daddy doing something wrong. Besides, programmer's (and engineers of all kinds) have no problem finding work. Even at McDonald's.
--

Updated junkbuster blockfiles

[fialar]

Can anyone offer URL's for constantly updating junkbuster blockfiles? I'd like to keep mine up to date.

Another nice thing I have going is I have a VPN to my home machine from work. When I browse from work, I use my home machine as my web proxy (Junkbuster). The result: completely anonymous and encrypted web browsing from work. Pretty slick, eh?

Fialar

Re:Updated junkbuster blockfiles

[Mr+Z]

Who the f**k moderated this 100% valid and relevant question as a troll?

There are some good sites out there for keeping your Junkbuster block lists up to date. Although I can't vouch personally for the following, here's what my blocklist has to say: (I actually got this file from the second link below. The comments below are from the block-list's author.)

# I got this from http://mind.learning.cs.cmu.edu/blockfile
# and changed it a little bit. Note that my junkbuster is compiled
# to understand full Posix regular expressions.
# Send suggestions to boldt (at) math.ucsb.edu.
# Home page: http://math-www.uni-paderborn.de/~axel/
# Other blockfiles are available elsewhere, try searching
# documents that mention "junkbuster" and are called "blocklist"
# altavista.digital.com/cgi-bin/query?pg=q&what=web& fmt=.&q=%2Bjunkbuster+%2Burl%3Ablocklist

Hope that helps.

--Joe
--

Web bugs on slashdot

[Alan+Shutko]

So, what's with the 1x1 pixel bug on all slashdot pages?

http://209.207.224.245/Slashdot/pc.gif?/comments .pl,962470762278

Re:Web bugs on slashdot

[amjohns]

That's exactly my question. That IP is unregistered. Tracert from my DSL shows it much closer to me than slashdot (15 hops), and going through a verio router (my info left off for obvious security reasons):
4 32 ms 31 ms 31 ms t3-customer.qwest.net [205.171.52.242]
5 31 ms 32 ms 31 ms ge1200.ca2.wdc.dn.net [209.207.190.33]
6 31 ms 31 ms 32 ms 209.207.224.245

dn.net is owned by Verio, and since I live just outside DC, we can assume wdc.dn.net is in washington. Since this mystery IP is only one hop from that router, it's most likely on Verio's backbone somewhere. So who owns it, and what's it doing tracking slashdot?

Re:Web bugs on slashdot

[pirodude]

here's a tracert from inside dn's network:
traceroute to 209.207.224.245 (209.207.224.245), 30 hops max, 40 byte packets
1 fe0410.ca2.wdc.dn.net (207.226.170.1) 1 ms 1 ms 1 ms
2 209.207.224.245 (209.207.224.245) 1 ms 1 ms 1 ms

and here's one from my server at dn:
traceroute to 209.207.224.245 (209.207.224.245), 30 hops max, 40 byte packets
1 ge0400.ed2.wdc.dn.net (216.167.2.67) 0.659 ms 0.573 ms 0.572 ms
2 fe0910.ca2.wdc.dn.net (209.207.190.25) 1.573 ms 1.775 ms 2.029 ms
3 209.207.224.245 (209.207.224.245) 2.890 ms 2.323 ms 2.350 ms

and here's ur standard nmap:
Starting nmap V. 2.3BETA9 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on (209.207.224.245):
Port State Protocol Service
9 open tcp discard
13 open tcp daytime
21 open tcp ftp
22 open tcp ssh
37 open tcp time
80 open tcp http
111 open tcp sunrpc
873 open tcp unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

Re:My 127.0.0.1 list

[psin+psycle]

I combined this list with a pervious one posted here. There are now 96 unique values.

0.0.0.0 javascript-of-unknown-origin.netscape.com
127.0.0.1 localhost
127.0.0.1 127.0.0.1 ads.i33.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferances.com
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 ad.washingtonpost.com
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 adbot.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com/
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.enliven.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 ad-up.com
127.0.0.1 advert.heise.de
127.0.0.1 banner.linkexchange.com
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 customad.cnn.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 doubleclick.net
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 oz.valueclick.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.nrsite.com

Re:How I fight the great satan

[Tony+Shepps]

The /. 1-pixel image is a weird one. It's right at the top of the page, in a 2-pixel wide table to the left of the banner ad (from doubleclick.net BTW). There are two single-pixel images in that table; one's the off-site "bug" and the other is images.slashdot.org/pagecount which you'd think would have a valid purpose. There's another 2-pixel wide table to the right of the banner ad, with a single pixel image referencing images.slashdot.org.

I'll be generous and suggest that these images are there to count doubleclick banner impressions, and that the third-party off-site bug is a third-party offsite counter of banner impressions. But who knows? It doesn't resolve any reverse DNS. Traceroute has it going through Verio. It could be anything.

Andover has a privacy policy linked from every page which reads in part: "If you choose to give us personal information via the Internet that we or our business partners may need -- to correspond with you, process an order or provide you with a subscription, for example -- it is our intent to let you know how we will use such information. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will respect your wishes."

I'll give them the benefit of doubt and not block it, but it is curious.
--

Re:Junkbuster: Too slow

[crow]

What Junkbuster does do is provide a sample list of advertising sites. This can easily be converted for use as an ad-blocking /etc/hosts file. (Then you just set up a web server that sends back a 1x1 transparent png for any request--or better yet redirects you to a 1x1 transparent png so as not to pollute your cache.)

Now what we need is a nice package that installs such a web server (possibly a stripped-down Apache) and updates the /etc/hosts for you. Then if we could get distributions to start installing it by default...

Opt-Out from Doubleclick! I have allready... :-)

[CptnHarlock]

I thought I'd mention that there is a way to Opt-Out from DoubleClick. I don't really know if they are trustworthy regarding how they've behaved before though... But it seems to be for real. If it weren't and someone would find out - they'd be sued to oblivion...

Thank you.
//Frisco
--
"At the end of the journey, all men think that their youth was Arcadia..." -Goethe

Re:Double CLick has an opt out.

[Tackhead]

> [someone mentions Doublefuck's "opt out" cookie]

Oh, sure, and Doubleclick would never continue to collect data on people who've clicked on their opt-out cookie.

'Cuz that'd be, like, not honest, and they've got a Trust-E seal on their site, which means they never lie!

(Irony: The state of being highly enriched in iron.)

Data miners can have my privacy when they pry it from my cold, dead fingers. Opt-out is a cop-out.

[OT] Annoying /. policy no. 638

[A+Big+Gnu+Thrush]

I agree. This is silly. If Signal 11 has pissed everyone off so bad that mod points a used against him and him alone, then maybe something's wrong with Signal 11.

Never mind, we're the problem.

Doubleclick is no worse than hitbox.com

[Everyman]

Try surfing a few porn sites, and then look at your cookies from hitbox.com. You will discover that hitbox.com saves the URLs and/or titles of some of the pages you surfed in plain text in your cookie.

So you can end up with plain text such as "Wild_Bondage" in your cookies.

I asked the general counsel and chief privacy officer of hitbox.com's parent company to at least start encrypting this info in the cookie, on the grounds that cross-domain cookie reading is possible for anyone (86 percent of the online population) who uses Explorer. That was a month ago. They checked out the demo I recommended, according to the logs, but never answered my e-mail. The demo is at http://www.pir.org/nocookie.html (toward the bottom of the page).

Re:Et tu, Altavista?

[pirodude]

use google..faster and has indexed over 1 billion sites
www.google.com - use it f00!

Re:Junkbusterize it!

Remember: no company can survive without people
Even people who commit acts of sabotage?

Civil disobedience is not to walk away. The civil rights movement in the US being a classic example, by your standards civil disobedience would be for black people to boycott restaurants that refused to server them. My, that would have been effective.

Sabotage is proactive. It's the one way that a person who doesn't have any power can make their convictions felt. And honestly, in this corporatized world, how much power does one programmer have?

Sabotage might not be the most dignified thing to do, it may not satisfy your ideals of honor, it may not seem like strong conviction. But unlike quitting, sabotage actually does something. Sabotage actually changes something. Quitting just means you're no longer part of the problem, but it doesn't make you part of the solution.

Someone who commits sabotage doesn't get much respect, and does not receive recognition (at least if they don't get caught). But isn't that actually more selfless? Doing something not because of what people think of it, but because you know it's right?

Create a censoware-type hack?

[jmorse]

OK, we at /. all know how to edit our HOSTS files to take care of this. But what about John Q. User, who would be hard pressed to save a file in a text editor? What we need here is a piece of software similar to, dare I say it, CyberPatrol, that maintains a list of privacy-encroaching hosts and edits the HOSTS file(s) for you. Hell, there could be a central repository of host names that routinely track peoples' habits online, and the software could run periodic updates. Of course, there would have to be some way to allow the user to disable certain hosts, but I don't think this would be too tough to write.

Re:Create a censoware-type hack?

[PigleT]

"OK, we at /. all know how to edit our HOSTS files to take care of this. "
Editing your /etc/hosts file isn't the way to do it, surprisingly enough. Far better to run either
a) a filtering proxy and/or
b) a local name server, pointing *.doubleclick.net to an unrouted IP# (eg localhost, 192.168.x.y, and so on).

"But what about John Q. User, who would be hard pressed to save a file in a text editor?"
What indeed? Let him be caught surfing for pr0n by all means ;)

What you really want is WWWoffled, which has a very nice web-based admin CGI frontend, allowing you to edit your filter list from the comfort of your own browser...
~Tim
--
.|` Clouds cross the black moonlight,

How can "webbugs" track your time?

[jonathanclark]

John Q. Doe, personally spent 12.2 minutes at a girl-on-girl fetish page

How can a webbug track your time? I've seen that 30% of people or more only look at one page on a site and then go away. So you can measure the time between clicks? Also, people might click on Page 1 then Page 2 and then use the back button to read Page 1 more.

One way I can see of tracking time is to use an IMG tag to load an image on a remote server. Instead of sending the data to the client the server "stalls" the connection feeding just enough data so that it doesn't time out. When the client goes to another page, the browser will close the connection and you can record the time.
The problem there is the borwser will never report the page has been loaded (i.e. the spinny thingy keeps going). Plus, I don't know if the browser will try to reload the image when the client comes to that page again.

An approach I've been playing with is to use a tiny Java app. The start() function records the time and the stop() sends a message to the server with the clients time. This works perfectly, but a good number of people have Java turned off (including myself). Plus if the user doesn't have a JVM loaded then your page can look like it is very slow to load.

Anyhow, I admit it's a bit on the devious side - but I'm only using it on my personal website to find out what types of information people are interested in - so I can focus my attention in a productive manner. A page hit doesn't really tell you that kind of information, and very few people take the time to provide feedback.

In the last 2 days, people have spent an average of 97 seconds per page on my web site (of those running Java). However, people who don't stick around long enough for the java app to be loaded aren't counted. If you want to see the applet in action click on my sig.

Well, What do you expect from Doubleclick?

[Tri0de]

I am of two minds about this. On one hand, if you *DON'T* take pains to anonymize your travels on the web you are only asking for trouble; much like getting money out of an ATM in a sleazy part of town alone after dark. As it appears that there is more money to be made than risk to be faced by behaving the way Doubleclick does the result is not suprising.Not that we know of any software companies that have made a similar calculation. OTOH, I would dearly love to see them get their clock cleaned in some sort of class action lawsuit. If the Feds have to deal with the Freedom of Information Act then why should any business be invunerable? Of course the really interesting questions are Who owns the information about you, and towhat nefarious purposes could it put?

Need a Data Protection Act

[Nemesys]

The UK has something called the Data Protection Act. It utterly frustrates strategems like the one described here: all subjects of electronic data have the right to see what is being stored about them, and there are penalties for holding inaccurate data and for transferring the data to separate organisations.

The DPA has many flaws too, of course (e.g., effectively banning fingerd and log files), but that is a separate issue.

I thought IE used to barf on this sort of stuff

[pridkett]

Doesn't IE dislike this sort of stuff? I remember back when IE 4 came out we used to send cookies to remote domains via 1x1 gifs and IE started to make it so a 1x1 gif couldn't set a cookie if it was loaded from another domain. Anyone else remember this? Netscape will still let you set a cookie with a 1x1 gif from another domain, but when, for the time being, IE has won the browser war you cater to them.

Re:A little confused

[/]

Only if you trust them to be running the same exact code they've released, which would be unreasonable for even innocent reasons, like the inevitable delay between making modifications and incorporating them into the public release. For example, the "bitchslap" function isn't in the latest open version of slash, IIRC, but I haven't looked very closely.

1x1 is a 'counting' gif

[Builder]

The 1x1 pixel gif is used by many adserving products. They normally deliver it with every ad, and the cookie that the adserver sets is normally attached to this gif. This gif is used to count how many ads are delivered. Clicking on the main image / flash feature will then count the click, by having an href that normally looks something like :
A Href="http://bad.evil.adserver.com/Software/ads/cl ick_an_ad.cgi/SITENAME/PAGENAME/CAMPAIGN NAME?_REDIRCT_TO="http://theadvertiserssite.com""

The sitename, pagename and campaignname are normally variables in whatever ad tag code you are putting on your page. These are then parsed by the adserver when it serves the ad and filled in with data that is meaningful to the server. This data can normally be completely meaningless to the web server that is serving it. The pagename doesn't have to match the pagename on the webserver, but merely the commonly agreed upon name. So I could lable a page as www.mysite.com/apage and schedule ads to that. But the site itself, would actually be www.mysite.co.uk/anotherpage.html and would just ask the server for an ad for www.mysite.com/apage

When you click on an ad, that data is sent back to the adserver so that it knows what ad you are trying to click through on, and what campaign to assign the click-through to.

This is all from memory and may be slightly flawed. But if you can read passed my garbled wording and see the idea, you'll have the picture.

DISCLAIMER: I used to work with web adverting but I'm just an (ab)normal sysadmin now.
/* Wayne Pascoe

Junkbuster: Too slow

[crow]

I installed junkbuster this week, and I found that it really slowed down web page loading. I turned it off after a short time--I just couldn't stand waiting twice as long for pages to load.

Perhaps people with modem connections won't notice the extra delay.

I also didn't like how pages that had load errors came up with junkbuster-generated pages instead of the same info they normally would come up with.

Re:My 127.0.0.1 list

[/]

Yes, Junkbuster is a more full-featured package, but there's a world of difference between telling someone/anyone "here's a file, name it 'blah' and put it in 'blah folder'" and "he's a site, spend a while downloading junkbuster over your dialup connection, install it, set it up correctly, and maintain it". Ideally, everyone should do the latter, but it'd be a wonderful start for more people to do at least the former.

DoubleClick's not the worst "Big Brother"

Check out Naviant - they're doing the same thing - teamed with 24/7 Media and Matchlogic to actually serve the ads. But they have a huge database of names and addresses and match these up with the cookie IDs used by the advertisers. So while DoubleClick will know that a particular computer frequently visits Asian foot fetish sites, Naviant will be able to tell that it's really Bob Shemolie at 1212 Main Street and then send him a catalog in the mail. So block those cookies, everybody!

Junkbusterize it!

[Signal+11]

Just drop *.doubleclick.net into junkbuster's blockfile, and doubleclick cannot track you any longer.

Now, what I'm really waiting for is for someone to write a proxy that can dynamically rewrite pages as they come through an http tunnel. Then, we can block ads, the associated javacrap, and other stuff - like pages containing the string "MAKE MONEY FAST!" I prefer not to get involved with the ethical side of business - business long ago proved to me they have no real ethics, hence I focus on creating technical solutions which either force them to be ethical, or force them away from me.

I think the technical community should make a stand and say we will not tolerate this, and then proceed to distribute easy-to-use software which blocks companies money-grabbing attempts. Remember: no company can survive without people. If a company is being unethical, solve the problem via technical means. If you work for the company, stall, drag your feet, and if you have to engineer the privacy-invading feature, remember these words "Yes, it's possible, but it would cost too much to do it".. and if they try anyway, make sure you're very well paid and that the product develops all kinds of bugs.. like suspicious dialog boxes in spyware that give your company's URL along with a "please report this error: Error collecting data on ${USER}, please contact sales@mycompany.com".

Civil disobedience.

The unthunk gets thunked more

[__aaanwh8370]

These "web bugs" are nothing new, and do nothing more insidious than can be done with ANY other type of HTTP request.

Any web resource can be used to track you. You could have web bug *.jar's, web bug *.js's, web bug *.htm's, web bug *.php's, or web bug *.pl's ALL DAY LONG but we wouldn't call 'em web bugs. We'd call it information accumulators being a little more aggressive we're particularly comfortable with.

The problem is not with images, but rather that you can include just about anything you like in the query search portion (the part after the ?) of the URL of any HTTP request.

I develop opt-in marketing automation software (ummm...the pay's good?;), and we've been gathering info for years. To this point, our high-ups don't know much about it, but we developers use it as an easy way for the browser to communicate back to the server without having to do full submissions. Used this way, it can save lots of unnecessary traffic. Can be a very handy, and useful feature.

Of course it's going to be capitalized on, tho.

Don't see of much way around it, since the "web bug" doesn't have to come from a different server at all. Once processed, the original request can be forwarded to any server the original recipient likes.

Guess someone could add a scrubber component to the browser's which'd truncate the URL's at the ?, but chances are lots of requests would fail if that would happen...

Lame excuse...

[Leonel]

More people should try that one :

Even though we decrypted copy-protection on your dvd, we do not have enough inteligence to watch the movie after we do it...

Yeah right.

How I fight the great satan

I have been maintaining a junkbuster proxy for long enough that I haven't noticed how commercialized the web has become, because I never see it. Maybe once a week, usually when visiting a new web site, a blinking banner ad gets through, and my innocence has made me very sensitive to them, so I immediately block it.

Lately, I've gone to reading the HTML source, because often the image's URL comes from a redirector which does the actual logging, and I want to block it before access to the redirector.

(By the way, do you know that slashdot has a web bug on its pages? I have it blocked. You should, too.)

Anyway, a while ago I noticed that doubleclick.net was getting some ads past my filters, despite the fact that their domain (and various IP addresses) are at the top of my blockfile.

The sneaky bastards were using https. Proxies generally ignore than and pass it straight through. With 128-bit encryption, too; better than most of the e-commerce sites. (I would have noticed; I have everything 56 bits and below turned off.) I had to admire their ingenuity.

However, I still had to put an end to this. I told my DNS server that it was now authoritative for doubleclick.net, and that the zone was empty, so any address lookup attempt will fail. And I fetched the zone from their servers and added it to the firewall rules. Each was tested as adequate independently. Both is backup.

As I've been reading over that last year what a bunch of nosy bastards they are at doubleclick, I'm more and more glad that my computer hasn't deigned to send a packet to them for a very long time.

Although it'll probably make them change tactics again, I thought I'd share the DNS trick. It works pretty well. (And it gives you reason to learn about DNS zone files - I carefully haven't given an example, even though it is trivial.)

We did stuff on the business end

[Fervent]

I began to notice this when I worked for Refer-it, an "ecommerce" site. A lot of Doubleclick's add banners contained code for a 1x1 clear pixel that sent code along (some kind of CGI script on Doubleclick's servers).

Problem was the stupid thing wrecked havoc with our banner code (we were using Cold Fusion and it didn't like dealing with the banner and 1x1 pixel in one shot), so I cleverly "omitted" the pixel. :) My boss never knew about it.

Re:Opt-Out from Doubleclick! I have allready... :-

[cybaea]

The opt-out option from DoubleClick is reasonable for what is does:

It does not stop tracking of visited web pages, it simply stops associating that tracking information with you.

So DoubleClick will still know that somebody visited the lesbian p0rn site (or whatever the original example was) and it will know the IP address that the request came from (I always go through a web cache that my provider supplies: this provides some degree of anonymity) but it will not know it is "you" and will not be able to associate this visit with the one you made yesterday (and the day before and the day before that, ...)

It's fairly easy to check that the opt-out is working by simply checking the cookies for DoubleClick. If you are using Netscape 4.x and are unfortunate enough to use it on Windows NT, then look for the file:

drive:\Program Files\Netscape\Users\Your User Account\cookies.txt

Search in here for .doubleclick.net. (Other systems will find a similar file somewhere.)

Re:nasties.reg - Link inside to original post

[M1000]

http://slashdot.org/comments.pl?sid=00/06/23/12402 14&cid=46