Slashdot Mirror

← Back to Stories (view on slashdot.org)

Would Exchanging Cookies Defeat DoubleClick?

Posted by Cliff on from the throwing-a-spanner-into-the-works dept.

An Anonymous Coward asks: "After reading all the articles on cookies, DoubleClick, etc., an idea occurred to me and i thought i'd throw it out to the community to comment/flame and/or hopefully implement: since privacy is compromised because cookies *correlate* you with where you've been and other info, would it be feasible to host a "cookie exchange" server and application? e.g. you'd run this app before you surf, and it would reach into your browser cookie jar and *exchange* your DoubleClick cookie with somebody else's who is also running Cookie Exchange. Repeat for each site you wish to remain anonymous for. It seems that this would be more effective than disabling cookies, as it would mess up DoubleClick's correlations and tracking - you'd never have the same profile from day-to-day!" While an interesting thought. It doesn't exactly address the problem. I can imagine this making even more SPAM because one user's tracking profile now contains useless information from someone else's cookies. Would this be a good idea or even a fun way to protest DoubleClick?

13 of 28 comments (clear)

  1. Pointless by cperciva · · Score: 3

    Doubleclick keeps track of IP addresses. If their computers see someone connecting from random IP addresses all over IPv4-space (ie, not from within a pool of modems belonging to a single ISP), they will mark that "user" as bogus.

    There is absolutely no difference between playing cookie-exchange and simply disabling doubleclick cookies.

    --
    Tarsnap: Online backups for the truly paranoid
  2. Well, it would make cookies more useful... by satch89450 · · Score: 2

    The proposal would poison DoubleClick's database. This would force DoubleClick to separate its banner-ad operation from its tracking operation...and then guess how long it will take for HTTP proxy packages to start filtering the 1x1 (or smaller than 8x8) GIFs.

    Count me out, though. I block all the DoubleClick domains I can in my DNS server, and I see no reason to unblock those domains.

  3. Slashdot occasionally has doubleclick ads by Anonymous Coward · · Score: 2

    Watch the skies, or, alternatively, the top of your page in slashdot and check the URL. Doubleclick occasionally appears. Cheers, slashdot.

  4. A Cookie Corruptor.... by scotpurl · · Score: 3

    What we really need is two things:

    1. The cookie equivalent of RBL or ORBS. Some list of bad-guys. (Yeah, I know about JunkBusters. Tried it, but it was clunky.) It should work over the 19.2 and 28.8 connections I'm plagued with at hotels.
    2. A little program or plug-in, that when evil attempts to store 1k of information on my computer, it crushes the cookie, and returns completely random information. But nicely formatted random information.

    I'll settle for #2. I guess I know what program I'm going to be starting on. :-)

    It would be nice for the cookie alert pop-ups most browsers had two more buttons: "Always Accept from This Domain", and "Ban EVERYTHING from This Domain".

    I don't want the cookie, the traffic, the graphic.

    1. Re:A Cookie Corruptor.... by Rob+Kaper · · Score: 2
      It would be nice for the cookie alert pop-ups most browsers had two more buttons: "Always Accept from This Domain", and "Ban EVERYTHING from This Domain".

      You'll like the new KDE Konqueror browser. The two actions "reject" and "accept" have three options "all cookies", "all cookies from this domain" and "this cookie only". Works real nice.

      Whenever I see anything ad related, it's reject for the entire domain. And sites I _do_ trust get a permanent clearance.

  5. Funny, but worth it? by sonnerbob · · Score: 3
    Pretty funny idea...similar to the game of swapping grocery store discount cards. (see this USAToday column)

    But beyond amusement, this wouldn't serve much purpose IF you could pull it off. On a large enough scale, it might amount to a form of protest, but why? Okay...Doubleclick has become the poster child of the profiling evil empire. And now Coremetrics has received the brunt of the privacy policy ignorance of its clients, putting the spotlight on third party data-mining. In either case, cookies represent an essential tool to get their jobs done. If you don't like it...your options are simple:

    • Configure your browser.
    • Use a local proxy or filter. Adsubtract is a good one. I like Proxomitron.
    • Use a browser "companion". IDcide works well. It's free.
    • Use a proxy service that manages cookies like Privada or Freedom (yep, sneaking my affiliate ID in that URL). Zapada is a clever Java applet approach to keeping Doubleclick et.al. out.
    • Periodically clean out your cookie files, either manually or using any number of file tools like Webroot's WindowWasher.
    • Just install Doubleclick's opt-out cookie. I've assembled the URLs in one convenient location at http://webveil.com/optout.html.
    • Or physically edit your cookie file/directory to be read only...after installing the cookies you want in order to get personalized service...like here at Slashdot.
    Cookie angst is so overwrought, but if they bother you...whip 'em into shape. You certainly have options. An exchange system would be interesting and entertaining, but enough to be worth the effort? I'll participate if someone does the work, but I think there are better uses of your programming time.
    --

    Get Veiled
  6. Re:Why go through the trouble.. by Royster · · Score: 2

    Preferences.com now has an opt-out (the cookie name is "PreferencesID" and the value is "OPT-OUT" in the root path, if you want to set it manually).

    I don't get it. People know not to reply to "opt-out" spam. Why would I want to put an opt-out cookie in my browser? I just don't trust Doubleclick.com or Preferences.com that much.

    I browse with cookies set to ask (and reject if from different domain if that's available) and I use the Esc key (or the N key in IE) to reject cookies. Sites with too many cookies are ones I don't visit much. I'll sometimes accept a cookie valid only for the session, but I'm very unlikely to accept a persistant cookie especially one with an expiration date out in 2047.

    --
    I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
  7. The best way to block ads (no extra software requi by Echo|Fox · · Score: 2

    http://209.204.196.48/hosts.zip Grab that file. On a Windows box, find the directory that your HOSTS.SAM file is, and extract the HOSTS file in this ZIP into that directory. With modification, you could use it on a *BSD or Linux box. It's a BIIIGGG list of most of the known ad servers in the world, and from my experience, it gets almost all of them. A friend of mine from IRC found a small list, and added his own additions to it and passed it around, and as a result, I haven't had to look at a banner ad in a long time. Basically what it does is override the IP->host mapping with 127.0.0.1 (i.e. localhost) for all known adservers ... so you get almost the same effect as junkbuster or whatever, but without needing to use proxy software, and its instaneous, no lag.

  8. Re:Why go through the trouble.. by toh · · Score: 2

    Preferences.com now has an opt-out (the cookie name is "PreferencesID" and the value is "OPT-OUT" in the root path, if you want to set it manually).

    There's no secret Javascript method required to change a cookie - the ad server could change the opt-out one into something else on any connection. If you do want to prevent these cookies from being changed without your consent, just edit your cookie file to contain those few cookies you actually want (probably the opt-outs, plus a few auto-login cookies like your slashdot one), then make the file read-only. Session cookies will still work fine, since they're only ever set in memory anyway. When you want to set a new persistent cookie just make the file temporarily writeable. Note that you can also do this without ever setting any opt-out cookies and get more-or-less the same result that the Ask Slashdot question is looking for, since you'll then get a new "persistent" cookie for each new browser session, and Doubleclick et al will get a very inflated database full of distinctively uninformative microusers. I prefer the opt-out since it should prevent them from ever tying those microusers to any real-world identifying info, in case I ever let some leak.

    This works on any version of Netscape (Unix, Mac, Windows) and with some Resedit shenanigans ("Lock" & "Protect" the cookies resource in the Internet Preferences file) on the Mac version of MSIE. Dunno if there's a registry hack to do it under Windows IE, probably not.

    --
    -- Life is short. Forgive quickly. Kiss slowly. ~ Robert Doisneau
  9. Re:read-only cookie file by toh · · Score: 2

    You shouldn't actually need to shut down Netscape. Just make the file writeable, cause the cookie (or any cookie) to be set, and make it read-only again. Opening and closing the preferences dialog may also cause the persistent cookie store to be rewritten, though I haven't tested that.

    I've been advising concerned people to lock their cookie files/resources for at least three years; glad to see it's finally catching on. ;)

    --
    -- Life is short. Forgive quickly. Kiss slowly. ~ Robert Doisneau
  10. Re:Why go through the trouble.. by toh · · Score: 2

    I don't get it. People know not to reply to "opt-out" spam. Why would I want to put an opt-out cookie in my browser? I just don't trust Doubleclick.com or Preferences.com that much.
    Uh, because it's a completely different issue? I don't trust them any more than you, but you don't need to because you can see the contents of the only cookie you'll get from the domain in question (a literal "opt-out" or something similar), see that it's not capable of identifying anyone uniquely, and see that once it's set you receive no other cookies from that site (not even session cookies). At least you can with a browser that allows you to easily see the current in-core cookie set, like Mac IE or iCab (and perhaps Opera). Cookies are a darn useful tool if they're not abused, and this at least allows you to prevent that abuse from these sites. The only real criticism is that the default should be no tracking at all, and those who want "personalised" ads should have to opt in, but that's a pipe dream for the foreseeable future and this will have to do. In fact I manually lengthen the expiry date of some opt-out cookies, since they're sometimes designed to require periodic reopt-out and that sucks - the whole point is to not have to deal with cookie dialogs and other wasted time.
    --
    -- Life is short. Forgive quickly. Kiss slowly. ~ Robert Doisneau
  11. Mozilla style with cookies by blakestah · · Score: 2

    This is one area where mozilla has it done properly. Mozilla allows you to accept or reject cookies on a domain name by domain name basis, and remember the decisions.

    I use a very simple criteria. If the cookie will do me substantial good, I will accept it. Thus I accept cookies for sites with passwords and logins, and customizable content. I never accept cookies for advertisements like doubleclick.

    The beauty of it shows up in the remembering sites part. I only need to refuse a doubleclick ad once. Then it is bit-bucketed forever.

    Your browser should do things that are in your best interest, such as the way mozilla handles cookies.

    Does yours ?!

  12. Re:The best way to block ads (no extra software re by chowda · · Score: 2

    does anyone know what the performance ramifications of a 200 line hosts file is under linux?

    --

    YouTube & Google Video -> podcast http://castcluster.blogspot.com/