DoubleClick 'Web Bugs' On Porn, Medical Sites

The ever-vigilant Brill's Content sent a freebie to the ever-vigilant Politech that makes us long for vigilante justice. It seems the odds-on favorite for this century's Big Brother, DoubleClick, has contracted to put 1x1 pixel graphic Web bugs on porn and medical sites. Read all about it. But don't worry, we're assured by the porn sites that although "DoubleClick [secretly] collects the information [that you, John Q. Doe, personally spent 12.2 minutes at a girl-on-girl fetish page and then spent 19.7 minutes reading up on your prostate problems], it does not have the technical skill to understand it."

Re:Hmm..

[QuMa]

For the articles, obviously.

Re:My 127.0.0.1 list

[Money__]

127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 adforce.imgis.com
127.0.0.1 ads.enliven.com
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 adcount.hollywood.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 www.ad-up.com
127.0.0.1 bannerswap.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrack.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com/
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 127.0.0.1 ads.i33.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 customad.cnn.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 globaltrak.net
___

Need something MORE than Junkbuster.

I don't just want to lock out the net trackers, I want to screw them up and make their life as difficult as they make mine. How about cookie MANGLERS that send back 100K cookies with lots of funky characters (maybe crash their server)? Or cookie swappers that send back cookies to make you look like you surf random sites. Puting in the spammers administrative and zone contact email addresses into other spam sites that ask for an email address (Get their ISP to TOS 'em for burdening their staff unduly). Turn the tables people. Turn the tables. The best defense is a good offense.

Once again...junkbuster to the rescue!

[gfxguy]

It's been said a million times, here on slashdot, but it bears repeating:

Junkbuster will not only allow cookies from specific sites you want, but can disable downloading anything from any site you don't want.

When we all use something like junkbuster, maybe someone will get a clue. Now it's only punishment for the uninformed.
----------

sick!

[nocent]

what kind of sicko goes to a pr0n site to read the html source? that's some fetish.

"errr... yes, i was doing research and stumbled across the site and noticed a web bug in the code."

Re:How I fight the great satan

[Tony+Shepps]

The /. 1-pixel image is a weird one. It's right at the top of the page, in a 2-pixel wide table to the left of the banner ad (from doubleclick.net BTW). There are two single-pixel images in that table; one's the off-site "bug" and the other is images.slashdot.org/pagecount which you'd think would have a valid purpose. There's another 2-pixel wide table to the right of the banner ad, with a single pixel image referencing images.slashdot.org.

I'll be generous and suggest that these images are there to count doubleclick banner impressions, and that the third-party off-site bug is a third-party offsite counter of banner impressions. But who knows? It doesn't resolve any reverse DNS. Traceroute has it going through Verio. It could be anything.

Andover has a privacy policy linked from every page which reads in part: "If you choose to give us personal information via the Internet that we or our business partners may need -- to correspond with you, process an order or provide you with a subscription, for example -- it is our intent to let you know how we will use such information. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will respect your wishes."

I'll give them the benefit of doubt and not block it, but it is curious.
--

Re:Slashdot uses "Web Bugs" as well.

[jamiemccarthy]

But what are they used for? I'm not sure. But look at the source code of almost any page here, and you'll see them:
<IMG SRC='http://209.207.224.245/Slashdot/pc.gif?/comme nts.pl,962468080410' WIDTH=1 HEIGHT=1>
<IMG SRC='http://images.slashdot.org/pagecount.gif?/com ments.pl,962468080410' WIDTH=1 HEIGHT=1>
<IMG SRC='http://images.slashdot.org/banner/gate5002en. gif?962468081680' WIDTH=1 HEIGHT=1 BORDER=0>

Maybe one of the slashdot staffers could answer this.

The first one is a page-counter graphic that's apparently on a machine at Slashdot's old hosting location, Digital Nation (since the traceroute to it goes through dn.net). I'm not that familiar with the technical end of Slashdot and so I can't speculate why it's loaded from dn.net instead of from our main servers.

The second one is a page-counter graphic (obviously) on our main servers.

The third one I'm not sure about. Like I say, I know little about the tech end of Slashdot and even less about the ad system.

In short, these guys are harmless. "Web bugs" allow a site other than the one you're currently reading to check up on your behavior. Obviously you're leaving footprints all over slashdot.org's logs every time you load our homepage!

Jamie McCarthy

Re:Hmm..

[clearcache]

either by the solution first, or use lynx ;)

why would I want to visit a porn site using lynx??? ;)

How I fight the great satan

I have been maintaining a junkbuster proxy for long enough that I haven't noticed how commercialized the web has become, because I never see it. Maybe once a week, usually when visiting a new web site, a blinking banner ad gets through, and my innocence has made me very sensitive to them, so I immediately block it.

Lately, I've gone to reading the HTML source, because often the image's URL comes from a redirector which does the actual logging, and I want to block it before access to the redirector.

(By the way, do you know that slashdot has a web bug on its pages? I have it blocked. You should, too.)

Anyway, a while ago I noticed that doubleclick.net was getting some ads past my filters, despite the fact that their domain (and various IP addresses) are at the top of my blockfile.

The sneaky bastards were using https. Proxies generally ignore than and pass it straight through. With 128-bit encryption, too; better than most of the e-commerce sites. (I would have noticed; I have everything 56 bits and below turned off.) I had to admire their ingenuity.

However, I still had to put an end to this. I told my DNS server that it was now authoritative for doubleclick.net, and that the zone was empty, so any address lookup attempt will fail. And I fetched the zone from their servers and added it to the firewall rules. Each was tested as adequate independently. Both is backup.

As I've been reading over that last year what a bunch of nosy bastards they are at doubleclick, I'm more and more glad that my computer hasn't deigned to send a packet to them for a very long time.

Although it'll probably make them change tactics again, I thought I'd share the DNS trick. It works pretty well. (And it gives you reason to learn about DNS zone files - I carefully haven't given an example, even though it is trivial.)