You Track Me, I Sue You

heytal writes: "Cnet has an article about lawsuits filed against advertising companies for allegedly tracking customers without their permission." We're going to see a lot more of this in the future.

Not just cookies...

[Mad+Hughagi]

Web bugs can also be used in email. For example, companies can send a bulk HTML email newsletter that has Web bugs, which will determine how many people read the letter, how often they read it, and whether they forward it to anyone. The email "would include your email address in the URL or include a coded ID or encrypted email address to track when you opened it," Smith said. - From a previous article on the site.

Now I don't know about you, but with regards to spamming and whatnot these 'web bugs' seem like a pretty blatent violation of privacy. Granted with cookies you do have the option of not using them, but this stuff takes it to the next level. Just another reason to use an email program that doesn't read HTML.

Re:Not just cookies...

[um...+Lucas]

A web bug has nothing to do with cookies... It's basically an image request set to 1 by 1 pixels. The server on the other end will 404 it, but that doesn't matter at all. Since each email has a unique "bug", it's trivial to track that emails path across IP addresses... They can tell who the sucker was that forwarded it in the first place and pound them with more and more emails.

So, html savy email programs would have to disallow retrieving images on the web, in order to deter web bugs.

Re:Not just cookies...

[KarmaChameleon]

You are correct. Sometimes they also use cookies but all that really matters is the uni-pixel image. I got confused between this and something else I'm working on involving cookies.

kc.

Re:Not just cookies...

[Firefalcon]

It doesn't even have to be a 1x1 pixel image - it can be any image that is loaded off a remote server that will be monitoring it.

The 1x1 pixel images are just when they want to be sneaky...

Re:Not just cookies...

[IgKnight]

The Cookies are not the threat here. The GUID is the main threat. Many sights can pull your Windows GUID and store it in their database. This way, anybody that wants to find out what kind of person you actually are, can find out your GUID, and buy what you have been looking at on the web. They usually use these in marketing. They talked about this issue a little at one of the conferences at H2K.

Re:Not just cookies...

[KarmaChameleon]

You don't need a browser that doesn't read HTML to stop this. Most (all?) current email programs allow you to not accept cookies (or have a box that asks you) when you are viewing HTML pages. Or better yet, get a program like CookiePal that lets you control every aspect of the cookies that are trying to reach your system.

kc.

Re:Not just cookies...

[Mad+Hughagi]

I don't believe that these so-called "web bugs" are cookies though. From what I have read on the page they are implemented simply by having the html read by your mail reader. Or that is what I got from the article anyways.

Re:Me vs. Royal Bank

[Greg+Currie]

Or even more intimidating, what if marketers could put video cameras in your house to observe your consuming habits... How close to "1984" we've come if not a little late! *chuckle* I'll make sure to post how proceedings go with the Royal Bank. If this goes to court, I'll make sure to invite the media to cover the case. So who knows, you may just see me on TV in the next few months. Regards, Greg. pwake@golden.net

Better solution

[yomahz]

IE sucks for cookie options (weird.. the only area where IE is behind NS) but NS has the option to only accept cookies from the domain you are visiting. This is a major blockade for the "cookie tracker monsters".

Mozilla, NS6 has even better cookie blocking support. You can choose to block cookies from a domain. You can delete unwanted cookies and optionally refuse cookies from the deleted cookies domain, etc.

Blocking all cookies seems a bit stupid since they have such value when used properly.


--

A mind is a terrible thing to taste.

Re:I disagree

[gawi]

I like your view. In order to do their filthy business, they are relying on the fact that the default setting is to accept cookies. It does not matter if you can change those settings. The real problem is that most of the people don't know anything about it. This is the reality.

Re:Great!

[DavidOgg]

When a process is running ON MY MACHINE without my permission to track me, its more like the motorist has a stowaway in the back seat monitoring my car from the inside of the freaking back seat.

NO software should be able to put itself into HKEYLOCALMACHINE>SOFTWARE>MICROSOFT>WINDOWS>RUN/RU N SERVICES without my permission.

Good luck..

[PopeAlien]

My heart is with them, but I don't know how much of a chance they have with this.. Wouldn't this be like signing up for a Safeway card with all your personal information, then suing them for tracking your buying habits? Why do people use factual info online? Actually, why do people give personal info to any corporation if its not absolutely required? If you are not using personal information, what do you care that they are tracking Joe_Blow_001001?

I say spend your time doing something constructive, like filling the databases with junk. - More Noise! Less Signal!

Re:Great!

[joshstaiger]

I'm not a big fan of lawsuits, or the authority that some judges assume

Granted that lawyers, and judges, and courtrooms have caused us all significant grief over the years, I think that it is important to realize that the system can work for us as long as we educate ourselves on how to use it effectively.

This has been stated over and over, but too many geeks become alienated and then are content to simply roll over and bitch about the legal system without actually DOING ANYTHING to help our cause.

In reality, we need more of those scum-sucking bastards (lawyers) on our team ;)

Re:Tracking vs Cracking?

[deefer]

Wouldn't it be possible for a user to specify his own "license agreement"
I wonder that, too - and I also wonder what happened to all those people who put "Unsolicited email sent to the my email address will be charged at £50" as their .sig or on their webpage... Have any of these people ever had any success in claiming their "fines"?

Strong data typing is for those with weak minds.

Re:Ridiculous

[bluesninja]

Well duh. Are you saying that you are entitled to recieve free products and services without disclosing any information whatsoever?

If you've got a problem with it, don't use their services. I'd only allow a company to set a cookie if i trusted them enough not to steal or cheat me. If i didn't think that was the case, i wouldn't do business with them period.

the problem with things like ad cookies is that you usually aren't getting anything out of the bargain, and don't know what their intentions are. You can't choose who delivers ads to you.

/spm

How about...

[BlueHexahedron]

Instead of all this secret data gathering and tracking, why don't they offer an online questionnaire about user's browsing habits, with the opportunity to win something, or get money off e-coupons or something. At least then, their data will be more accurate as you're targeting a person, rather than a (possibly) shared machine that may have more than one person who uses it. The other downside of cookie-tracking is when people are doing a net search, and may hit a site which appears to be relevant to what the user is searching for but actually isn't.

Re:How about...

[phillymjs]

They don't offer questionnaires with dangling-carrot prizes because Net-savvy people see right through that as a data-gathering trick, and may fill populate such forms with BS as a goof.

It's much easier for the companies to just log your activities on the QT.

~Philly

Re:How about...

[plashdoy]

Uh...have you seen nCognito?

Thanks

[ishrat]

Thanks a ton for pointing out our mistake. We are indebted to you and hope for further cooperation from you. The change will appear soon.

@home tracking

[Culex]

Well, I've heard @home allegedly tracks what web sites you visit if you are using their proxy server, and sells that information to advertising companies, ever wonder about all that e-mail spam? There's quite a few ISP's that block spam at the mail servers, but @home refuses to incorperate(sp) it...

Re:@home tracking

[phillymjs]

Why should @Home put in server-level spam blocks? Their fscking mailservers are down so much (at least the one(s) that handle my mail here in the Philadelphia area are), that I barely get ANY mail!

~Philly

Re:Ridiculous

[Crazy+Viking]

> Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives and secretly tracked their movements across the Internet," the plaintiffs charged in a filing in Denver, Colo.

That's not true. It's not placing something on a hard drive without consent. Cookies can be rejected - it's not a forced thing.

In any case, there's really nothing wrong with tracking people

First I will admit that I do not know a lot about US law since I live on the east side of the Pond. However, I do know something of how it is done over here.

Here (in Norway) any business needs a permission from a certain government agency in order to store or collect data about a customer not directly required to perform the service purchased by the customer. I presume that the laws are similar but not exactly throughout the EU and EEA, although i can not be sure about this.

What does this mean? Well, for starters this is applicable to all areas of business be they in the old or new economy. To me it seems that the question is not wether these ad agencies were allowed to place those cookies on customers computers but wether they were entitled to collect and store information about people's movements online.

I think it is important that we distinguish between what they are doing (collecting information about customers) and how they are doing it (placing cookies on customers' computers). If we make laws that prevent people to collect data in a certain way then we will be like a dog chasing its own tail. It is the collecting of data which is wrong (note: i do not say illegal), not the placing of cookies without the user being aware of it.

Finally, i would like to comment on buttfucker2000's apparent trust in corporate interests being good for the general public. You know, companies do not always have the customers' best interest at heart.

Great!

[Chacham]

I'm not a big fan of lawsuits, or the authority that some judges assume, but it is nice to see some action in this area. If only it gets reported widely enough so that even non-technical people are aware of what is going on with their privacy.

Re:Great!

[Chacham]

(It was a banner loader for some software. C:\WINDOWS\SYSTEM\CD_LOAD.EXE)

I noticed it too, when using NT, I am an ardent supporter of checking Task Manager a few timely daily, and killing *any* process that I can't figure out. Hasn't crashed the box yet, and it usually runs for two to four weeks before something crashes or freezes it, which is pretty good for NT.

Anyway, CD_LOAD.EXE, is by CyDoor (I think, I already deleted it and it's registry entries) as a snooper for banner advertisments. It my case it was installed by Babylon. Just checked, there's a list of downloads on the Cydoor website, so they probably all have it.

Re:Great!

[WGR]

What is even wose about this kind of spyware is ythe resources that it uses to keep track of you.
I manage an Internet firewall. A few months ago we wanted to find out why we were transmitting 50MB/hour to a particular IP address.
Turns out it was the Cydor tracking address with about 100 different users all sending records every few minutes. Someone had downloaded an adware game called Free Solitaire (freesol.exe) and sent it out to friends. It took a week of helpdesk time to clear out the rats nest.

Re:Great!

[mikethegeek]

I think it's about time. What Doubleclick and others are doing is breaking and entering and illegal wiretapping. Tracking where you go on the `net without your consent can be construed as both.

SPAM and such cookie tracking has to be an opt-in system, not an opt-out. Of course, there are a million evil marketing weenies screaming simultaneously when that is said too loudly. I do not at all object to reasonable advertising, banner ads, etc. But when marketers start to place files on my own PC without my permission to trace my browsing, that's crossing a thick line.

Something needs to be done to put the marketers in their place, and if it involves setting lose the dogs of war (the lawyers) so be it.

Re:Great!

[^_^x]

Normally, I'm all for liberties on the internet, even when the case is somewhat questionable. (The only case I go against this is spam. That should carry capital punishment! ;) )

But still... It's now illegal to write a virus in most countries.

It's also illegal to go into someone's house and plant a camera (or cameras) without their consent, then secretly watch them.

I count this "tracking software" that they wera mentioning in the article to be both things. Just last night I removed some spyware like this when I found it trying to connect to the internet EVEN THOUGH IT WASN'T RUNNING (not even the most thorough process list showed it), and the program that used it hadn't been opened in half a year.

(It was a banner loader for some software. C:\WINDOWS\SYSTEM\CD_LOAD.EXE)

Re:WTF *is* "Cornet Cursor"?

[Scooby71]

It installs itself as part of the latest version of Real Player - there doesn't seem to be an opportunity to not install it, nor are you told that it is being installed.

Thankfully my firewall caught it.

The Alternate ID

[bonzoesc]

If you give yourself two login names, you have several alternate IDs set up. That way, you can possibly have multiple lawsuits, or at least have two different accounts on amazon.com, one for the family, the other for, uhh, other things...

Tell me what makes you so afraid
Of all those people you say you hate

Re:The Alternate ID

[Technician]

one for the family, the other for, uhh, other things... Use a seprate box for this. Ya never know what is kept as a cookie, registry entry (WIN BOX), or registration identification.

Sign me up!

[func]

Yeah, go for it! Ever since I found Comet Cursor running on my system without my permission, I've been noticing more and more privacy violations, all so someone can make a buck. If they gave me a free PC, with the understanding they were going to track my use of it, fine. If they install tracking software surreptitiously on my pc to gather data (and thus money) without my permission, blast them to hell! Or Phobos!

Re:Sign me up!

[cookieman]

Demios ? You mean "Deimos" don't you ?

Cheers,

Re:Sign me up!

[Bill+Currie]

Isn't Phobos in hell? Oh, wait, that's Demios...

Bill - aka taniwha
--

Re:Sign me up!

[Bill+Currie]

Oh, probably :) My spelling sucks and I'm not ashamed to admit it :) (mind you, it doesn't help when I can never remember how to say it either: I rarely hear it and I'm slightly dyslexic so I sometimes mess up my reading of new words which messes up my perception of the english language). Thanks for the correction; I though I probably had it wrong, but putting (sp?) in there would have killed the joke even worse than the miss-spelling :).

Bill - aka taniwha
--

Re:Sign me up!

[cookieman]

You are weird :))

Re:Sign me up!

[cookieman]

Nice picture of you, you weirdo!
Long live Linux !!

Cheers,

Re:It's as bad as SPAM

[grahamm]

I quite like one of lynx's options for cookies. That is to accept cookies during the session but then to discard them. This allows cookies to be used for one of their useful purposes - keeping state information between pages on a site (eg a shopping cart) but prevents tracking of viewing habits.

It would be nice if the more widely used browsers offered the same option, preferably with the option of keeping some cookies (eg Slashdot login info) between sessions.

Is this possible?

[BilldaCat]

Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives and secretly tracked their movements across the Internet," the plaintiffs charged in a filing in Denver, Colo.

How can they do that? If the user has their browser set to accept cookies, and cookies get placed on their system, what is the problem with that? Seems like a case of people's ignorance, and instead of acknowledging that, they decide to sue someone instead.

Re:Is this possible?

[mightbeadog]

Many browsers offer an option like "accept only cookies that are only sent back to the originating server". The average user thinks of the content on a page or site as coming from a single server, so selecting the above option is their way of saying, "cnn.com can remember me, and unpopularviewpoint.com can remember me, but I'm not going to let the first know that I visit the second".

However, cookies from BigBrotherMarketing.com which are associated with ads placed on both sites, and fetched via URLs identifying the page they came from, can track a user across multiple seemingly unrealted sites. A reasonable person might say these opperate "without consent or authorization", since the user selected an option designed to prevent this kind of tracking.

Re:Is this possible?

[Kwantus]

Yes... and it annoyed me when /. started sending me cookies all the time, instead of only on login. I have Navigator set to ask me whether to accept a cookie, but it's too stupid to ever figure out "Hey, he doesn't want cookies from this site at all!" so its pesters and pesters and you have to be damn patient for manual cookie filtering to be effective with Navigator. That was something nice about kfm, it had practical cookie control.

So, while I had been about to argue/agree that the "setting cookies without consent" argument is legally shaky, perhaps it could be effectively counterargued that between the number of sites that demand cookies before cooperating and the difficulty of selective cookie acceptance with some major browsers (assuming Netscape is still major :p or that M$ hasn't set up some law so that only MSIE is a Major(tm) Browser), that it's an impractical option; particularly, that mistakes are too easily made, and you only have to accept one cookie by accident to let the ad tracing in the door.

Re:Ideuts

[ideut]

Poor analogy. I venture that you are an ideut.

Why isnt this against DoubleClick?

[Ashran]

I wonder why this isnt against DoubleClick, they are tracking every step a surfer takes.
We can only hope the lawsuit is a success =)

Re:Why isnt this against DoubleClick?

[Frederic54]

with doubleclick.net, you can easily OPT_OUT of their tracking stuff, just go to h ttp://w ww.doubleclick.net/us/corporate/privacy/opt-out.as p?asp_object_1=&
--

Re:Why isnt this against DoubleClick?

[Tackhead]

> with doubleclick.net, you can easily OPT_OUT of their tracking stuff

I trust DoubleCross to respect my privacy even less than I trust Carnivore. At least the feebs don't get paid based on the number of citizens whose privacy they invade.

I didn't opt out, by the way - why the fuck should I opt out of something I never opted into?

And as for the argument that "you'll see advertising anyway, wouldn't you prefer it to be relevant to you rather than random?", please stop repeating the classic false-dichotomy tactic used by marketers.

If I'm not gonna click on their banners anyways - because (I know this is hard for the marketing mind to grasp) I read for the content, not the ads. So whether the ads are about goat sex or optimizing compilers, they're irrelevant either way.

At least by firewalling Doubleclick (at the router, with the Junkbuster proxy, or with the HOSTS file in Windoze, and maybe all three :-), the ads remain irrelevant, and they can't make money by selling my surfing habits against my will.

Nothing personal with respect to DoubleCross, you understand. The same goes for 24/7 Media, Exactis, and all the rest of the DMA shitweasels.

/me goes away, muttering something about AT&T telemarketers and wire brushes...

Re:Why isnt this against DoubleClick?

[chadvavra]

I recently had to implement code for DoubleClick tracking at my companies web-site and they really don't track all that much to tell the truth. What they will tell you is 1. How many unique users a page has 2. If a user was refreshing the page 3. click-through for pages you specify Yes they do it all with cookies and a javascript implemented random number generator to defeat browser cacheing. When I had to deal with the tech at DoubleClick for some QA he actually told me I had coded a page wrong so it was registering 2 hits for the homepage rather than a hit for each page. In truth I hadn't put any code at all in the second page just to see what they would say. Quite an incompetent bunch of people over there if you ask me.

Can we say CLASS ACTION?!

[Travoltus]

Imagine if these lawsuits result in victory for the plaintiff?

Millions of users worldwide will be jumping on a class action lawsuit bandwagon.

Say byebye to unscrupulous advertisers!
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,

Re:Can we say CLASS ACTION?!

[Travoltus]

That was in reference to Microsoft :)
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,

Re:Stop the Spam! : Targetted Advertizing is Good!

[jpm242]

I read Slashdot, yet I still want to receive MS crap 'cause that's what I do for a living. The world ain't all black and white, my friend. J:P

Re:Tracking vs Cracking?

[jpm242]

I think suck a security scheme would need to be built in the HTTP protocol, and it would be really cool for some sort of non-profit org to help out the plaintiffs get their claims together, to form a class action or something like that...

I ain't no legal expert, but then again, there's no justice...

J:P

Re:Easy

[Kronovohr]

for w3m: chmod a-w ~/.w3m/cookies
I have only _one_ cookie in there (:

Re:Easy

[pod]

The problem is not just with cookies in this case. Read the damn article. Web bugs and other such tricks that cannot be blocked by a regular user (or even a 'power' user) are at issue here.

This one's nice

[itarget]

Grab a recent mozilla build, open this xpi in it to install java support, and have fun.
SSL support, should you want it, is also installable from the "Install PSM" selection under the Debug drop-down menu.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.

Re:Come on, people.

[oyving]

In Norway, tracing like this is illegal unless you get permission from the consumer. This is all privacy protection which is strictly enforced here.

I can understand that people react to tracing like this because it _is_ an invasion of the private sphere.

Advertising is NOT targetted at all

[Quietti]

Among all the spam I regularly receive via e-mail, NONE of it is targetted at all to what I might remotely be interrested in purchasing. NONE whatsoever.

Because of this, it has become rather obvious that DoubleClick and others like them are not collecting data to enable better customer profiling.

Big Brother works for MediaClick, not for the CIA.
--

Re:Advertising is NOT targetted at all

[plashdoy]

What's spam got to do with Doubleclick's ad targeting? You think the "horny teens", "find out anything about anyone", "make money fast" spam you get has anything at all to do with cookies or Doubleclick profiling? You need to go back to school, or develop a more critical form of logic.

Re:It's as bad as SPAM

[atlep]

A feature I would like is to have a local cookie-provider database, where you can choose which cookies to be allowed and which should go down the drain.

Options like:
- accept always
- accept this session
- never accept
- deny this session

Re:It's as bad as SPAM

[CorporateProgrammerD]

Try Junkbusters. It has most of this.

And it's open source, so if you don't like the way it handles things, (it doesn't have a "deny/accept this session" option for cookies) you can extend it. Scratch that itch.

Cookie Paranoia

[sonnerbob]

I find this lawsuit to be troublesome. Even though I'm as cautious (paranoid?) over online privacy "threats" as anyone, I don't know if this suit has any merit. It seems simply an attempt to capitalize on the rising sentiments against marketers and dataminers profiling Web users using cookies.

I'll leave my whole spiel on Cooki e angst for another forum (which pays 2 cents per view), but I'm really surprised to read the comments here in Slashdot equating cookies with cracking, or believing that cookies lead to spam, or confusing them for the related but not synonymous "Web bug", or digressing into the topic of "spyware" which is not what the suit is about.

Cookies are a part of the Web. They require compliance on your part. Your browser must cooperate with the server asking to set or read a cookie. The advertising networks take advantage of the fact that the default setting on most browsers is wide open and most naive users never know about it or bother to learn. The best part of this suit is that it will expose more people to the issue, leading more to seek and demand greater control over their Web browsing. Explorer, particularly v5.5 with the Privacy Enhancement, has the best set of options (though Netscape 6.0 has a pretty good built-in cookie manager). Explorer has so many other privacy worries though, not the least of which is the potential for abusing the DHTML Persistence "feature" of 5.0 and later.

Cookies aren't the issue. It's what Engage, 24/7Media, Doubleclick, Matchlogic, AvenueA, et.al. are doing with the data they gather that's the bother. But I don't know if being "bothered" or "annoyed" is worthy of a suit. If it was, I'd like to go after the telemarketers first. I despise that tactic more than Web profiling.

Good

[John+Jorsett]

We're going to see a lot more of this in the future.

I'm not a big fan of using the courts to punish every perceived wrong, but in this case, I say good. Take a look at this article in the New York Times (free registration required to view it). Those spam emails you get frequently contain HTML that allows the sender to obtain access to your browser cookies and tie your online activities to your identity. Not to mention being able to obtain your IP number and derive your location from it (Postel Services offers this feature for free in its HTML email service. Great way to stalk someone). Legislation doesn't seem to be forthcoming to curb these abuses, so at the moment the courts are the only weapon available.

Re:Is this going a bit too far?

[blackage]

Personally, I don't know why anyone would want to keep massive amounts of logs on hand for an extended period of time just because of the headache involved. Their has already been a good amount of lawsuits where sys. admins probably wished they hadn't kept the logs or those back-ups from the e-mail server three years ago. Just ask Mr. Bill Gates about that one.

Who's ready for smurfin' tomorrow?

[13013dobbs]

Biggest shopping day of the year. On-line sites should get ready for all those script kiddies with smurf.c and a linux box. There will be some big shopping sites getting DoS'd I'll bet.

Re:Don't apply legal solutions to software problem

[yibyab]

I'd mod you up, but I don't get status anymore.

boy are they dumb users

[josepha48]

Only a dumb user would make a statment "Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives and secretly tracked their movements across the Internet," the plaintiffs charged in a filing in Denver, Colo. "

If they were not truely dumb, they would realize that they could prevent cookies from being set on there machine. Both IE and Netscape have a way to shut off and turn on cookies. Although Microsofts IE is a little more illusive (IMHO). Nothing with cookies is done "covertly". If you are using a browser that accepts cookies, you can shut this functionality off, or have it prompt you before accepting cookies. In IE this may be more difficult, but is possible. Most web sites also state there stance on privacy. I don't think I have been to a web site that does not use cookies. SO are they going to include all these too? Many major web sites use cookies to track there users where abouts. If they are going to sue Matchlogic, why not include doubleclick and engage as well? Doubleclick is far worse than matchlogic. Doubleclick has mapped out IP addresses on teh web, and when you get one of their sites they know where you are on th eplanet. They 'say' that they do not use this, but the info is available. They also use cookies as well.

If they want to do something about this then they need to use konqueror, lynx,or Netscape (not sure how well IE handles this) and set there browser to prompt on recieving cookies, then reject any ones they don't want. If IE cannot do this, then they really need to go after Microsoft and make them include better cookie handling features.

I don't want a lot, I just want it all!
Flame away, I have a hose!

I'm a former Milberg Weiss contractor

[websensei]

Hi
I used to work for Milberg as a contract paralegal before I switched paths and started programming. They are indeed scoundrels. In the class-action suits brought against Prudential and John Hancock (and other insurance companies) they pocketed over $95 million USD. The average plaintiff (who had been defrauded of tens of thousands of dollars) received a few hundred to maybe $1000. Partners who did not even work on these cases pocketed obscene amounts of cash.
At first we felt like we were the good guys, taking on the big bad insurance crooks -- but in the end it was just a bunch of lawyers getting rich. Helped make my career change easier...

Telemarketing Junk Calls

[Brian+Ristuccia]

Check the laws in your local jurisdiction, as you may be entitled to more than the $150 you've billed for. Here in the US, we're entitled to at least $500 for each time a telemarketer calls after being told not to call anymore. I recently soaked Teleservices Direct for $500 and then $1000 after they wouldn't stop calling me. See http://osiris.978.org/~brianr/telem ark eting/.

Re:Telemarketing Junk Calls

[Greg+Currie]

I live in London, Ontario (Canada) and am unsure about the Canadian law regarding unsolicited telemarketing where the company has been told not to contact the individual; especially where the company presenting the contact information to the telemarketing firm has been told not to recontact the client. Does anyone here have any useful resources? Thanks in advance, Greg Currie pwake@golden.net

Re:Me vs. Royal Bank

[Pig+Hogger]

Please, keep us posted to the conclusion of this story!!!!

--
Americans are bred for stupidity.

Re:Easy

[mce]

I basically have cookie support enabled (only from the site that the originating page came from, by the way, but that doesn't make much difference in practice) because some sites that I visit regularly use them for good purposes and I want things to work transparantly when I find a new site with cookies worth keeping.

To compensate for this, I have a cookie eating script that gets run every night from my crontab. It reads in a cookie filter file, containing commands such as:

retain ^slashdot\.org
remove ads\..*

and then acts accordingly: a cookie that matches a "retain" line is, well, retained. One that matches a "remove" line is... you guessed it. Cookies that match neither are reported to me, so that I can decide what to do with them next time round. Initially I ran this script once a week, but as I kept accumulating more "remove" directives, the number of manual interventions went down quite rapidly, so I increased the frequency. I'd move on to once every 6 hours, if it weren't for the fact that it's no use editing the cookie file while Netscape is running.

A nice side effect of what I'm doing is that each time that I visit one of these tracking companies, they actually think that they've found another victim. Let them... :-)

By the way, originally, I used the possibility to opt out whenever possible. But I found that, while my DoubleClick opt out cookie would indeed be kept around, the similar one from prefences.com tends to disappear automatically after some time. So nowadays I bluntly remove anything that's not absolutely required.

--

Re:which browsers to use???

[Voline]

I have been using the iCab browser, almost exclusively, for the past nine months. It has a built-in cookie editing feature. This isnÕt exactly what you described, blocking all third-party cookies, but it works very well for me.

I have the general setting as ÒNever acceptÓ cookies, then there is the option to have exceptions to this. So I never accept cookies, except I Òalways acceptÓ them from Òslashdot.orgÓ and a couple other sites. Doubleclick.com is not among them. So any cookies not hosted by the site I am visiting will not be accepted.

iCab also has a terrific user-configureable image-filtering feature. With this feature you can filter out any image with a path, filename, or URL name that ÒisÓ or ÒcontainsÓ /ad, /advert, /doubleclick, /banner . . . you get the idea. It replaces these images with a small icon of a melita coffee filter. Cute, eh? I have found this feature to be very successful in blocking ads while rarely blocking an image that is part of the content of a page. This has the added benefit of speeding up page-rendering.

Unfortunately, iCab is a Mac-only program. If you are running Windows I recommend the Opera web-browser. It doesnÕt have these options built-in, but it may in the future. I donÕt know about Linux.

Check the resources page of EPICÕs web page. There are some freeware tools that you can add to IE or Netscape to help you manage cookies and ads. I havenÕt had to use them, so I canÕt vouch for their effectiveness, but EPIC wonÕt steer you wrong.

Web Bugs/Cookies Are the Least of your worries

[jjr]

Your information is already tracked by companies like Experian. Who in turn sell your name and profile for a mailing list(snail mail). They profile your name base off your income,age,sex,religion,buying habits ...etc. I understand why people are getting upset about the web bugs there is no way for you to get off the list. At least Experian and other list brokers you could call them up to get your name off thier list. There is no way you can do this with the other companies.

is this like..?

[timmyd]

Is this like suing clothing stores and grocery stores for having cameras that look at me and track were i go? it is on their property of course though..

Re:Easy

[mce]

Well, sometimes you can block them. For instance, there's a forum that I post to every so often that has a webbug on its entry form. So I saved the thing as HTML, edited it to my taste, and nowadays always post via that local page. Problem solved. Well, in that particular case, at least...

--

Too much information

[HERF]

There is WAY too much information on the web about me already, I'm quite sure. Everything you do, you have to 'register' for. It kills me.

While I understand some sites have to do this (obviously if you're going to buy something online they need to know where to ship it, duh) the New York Times does not need to know where I live! And while I sometimes do fill in incorrect information, sometime I don't. I'd say its pretty easy to create an accurate profile of me online. I installed IDcide here at work, and its interesting to see just how many sites may use tracking networks.

"God dosen't play dice."
"Einstein, stop telling God what to do!"

I disagree

The plain truth is, the majority of modern web users wouldn't know a cookie if they saw it. So effectively, users are being tracked without permission.

This is just plain wrong.

If I go to Safeway and fill in a form for a club membership discount card, I am specifically giving my consent for them to track my purchase habits. But they're paying me to do it and I have specifically opted in. With both Netscape and IE, cookies are on by default, and not even notified! That is not opting in.

There are grounds for a lawsuit.

Re:I disagree

[mikethegeek]

Not only are users being tracked without knowledge, they are being hacked. Something is being placed on their system to do something that the user has not agreed to allow it to do.

If it were "opt-in" (IE, the banner popped up a window that explained what the cookie was going to be used for and how it worked, and asked the user to agree or not), then it would be fine.

Cookies have many very positive uses. Exploiting them for uses other than they were intended is wrong, and possibly illegal. Marketers are not allowed to wiretap your phone or put bugs in your home. Why should it be any less illegal for them to do this to your computer?

EASILY opt out.

[3-State+Bit]

Actually, your point would be better made to say that you can "easily" opt out not from a weird URL you give, but with a single click on a page that is prominently linked from their main page. It takes a lot for a company to do that, and whatever else they may be doing, I respect their being upfront about opting out.

Read the cons, though. Fact is, I didn't opt out myself. You'll see advertising either way, wouldn't you like it NOT to be 24/7 over stuff that has nothing to do with your surfing preferences?
go to www.doubleclick.com to see what I mean.

Flamebait?? (Was Re:Lawyers versus Spammers)

[crucini]

Why on earth was this modded down as flamebait?
Advocating physical harm to spammers? Nah, happens constantly on /.
Advocating physical harm to lawyers? No, same reason.
It must be the suggestion to replace members of the public with blow-up dolls. OK, let's amend that:
All members of the public will first be replaced by inflatable replicas, except for those too intelligent and valuable to be simulated by air and latex, such as Slashdot moderators. They will have the privilege and glory of being there in the flesh. Satisfied?

Me vs. Royal Bank

[Greg+Currie]

Hi there, This is my first time on here, so please forgive any errors in posting. A friend referred me here to tell my story about fighting the Royal Bank over breech of privacy to telemarketers. If the text doesn't append properly to this message, write to me at pwake@golden.net and I'll put the entire text file on a server for anyone who wants it. If anyone has advice, feel free to email me as well... Regards, Greg Currie pwake@golden.net Hey guys, Thought you might get a chuckle out of this one... I've dealt with the Royal Bank for around 15 years now as a client and have had enough of their cutting back services and abusing their clients. Last year they closed down my branch and relocated my account to the downtown location here in London. So, now I have to drive further to deal with the Royal Bank and when I get there I have to PAY to park... Yes, I have to PAY to deal with my bank. When I get there, if I require a teller I usually end up in line for 30 to 40 minutes as they have three tellers active on average. Customer oriented? I don't think so... When I started my business account this year I was originally going to go with St. Willy's here in town for their wonderful customer-oriented philosophy. However, since I already had my personal account at the Royal Bank I decided to start my business account there. While starting my business account I also ordered company cheques through the bank. Sitting in my chair while we arranged all of this, I can remember a large proudly displayed and framed privacy and confidentiality policy regarding customer information. A few days after setting up my account I get a message on our business line from some unfamiliar company requesting that I call them back. When I finally get a hold of this company, I find out that they are a 3rd party to the Royal Bank who prints their business cheques and literature. First came the thin excuse for their call that they wished to confirm my information. Ok... I had already verified the information with the account manager at the bank and signed off that the information was correct, so why was I being called again? Fine. Then they go on to telemarket me their other products and services. "No... I saw your other services listed when I was at the Royal Bank and I chose only what I require..." Why these people were wasting my production time for unsolicited telemarketing because I had started a business account with the Royal Bank was beyond me... It just so happened that both the Royal Bank and St. Willy's were both presenting to a group of new business owners (including myself) at the London Community Small Business Centre a little later on. Before the entire group I sincerely brought up my concerns about the Royal Bank closing their branches, lacking parking for customers at their main location downtown, and allowing 3rd parties to telemarket me by providing my personal information to them. She stammered a bit and then stated that "that's just the way it is..." I was floored, she was telling me, her client, that the Royal Bank did not care about their clients' needs for service or desire for security over their personal information... After a pause, another new business owner stated that she felt the concerns were valid and deserved a better response. After the meeting, I approached the Royal Bank representative to press the matter and she promised to look into it if I called her with more information. After a lengthy period of time passed, she called me back apologizing for the delay and said that she had escalated the concern through their company's protocol for such matters. She assured me that the 3rd party was bound by a confidentiality agreement not to pass on my information and further and that they were likely just offering valuable services to myself. I informed her that that was not the point, that the Royal had given my personal information to this third party and that I had been telemarketed because of that. She agreed that it was not a very good answer from the Royal, but that it was all that they were going to do. My unfounded suspicion is that they must make money dealing with the company and don't want to lose the revenue. While closing the conversation with her, I informed her that I bill out at $250/hr for my time as a web designer and that I would, in the future, bill for my wasted time if I received unsolicited telemarketing because of the Royal Bank. This morning I received a phone call around 10:30am from a telemarketer representing the Royal Bank. I asked, "Does this have anything to do directly with my account?" "No." "Are you a telemarketing company?" "Yes." "What is your company name?" "Box Data" I then got the individual's name, the company phone number, and the fact that they were trying to sell my telephone and internet banking services (a service that I already have). Needless to say I was not very happy at wasting my time on this telemarketer. I called my Royal Bank account manager and presented my unhappiness at being telemarketed by a 3rd party company a second time due to their company. I also reminded her of my hourly billing rate and that I would be charging for my time by the whole hour. She promptly asked for my account number and had me removed from the company's telemarketing list. That very evening... In the middle of dinner... I get a phone call from a telemarketing company representing the Royal Bank wanting to sell me even more features. Again: "What is your company name?" "Box Data" I confirmed their contact information and the agent's name and informed him that I would be billing my hourly rate of $250 if he wished to continue. He decided to continue and try to sell me the services. I patiently listened, declined his offer, thanked him, and hung up. I then brought up my invoicing screen and made out two invoices for $250 and GST for each of the calls using my account manager's name as a purchase order number and dropped them into the mail. I wonder if the Royal Bank will just pay them? I doubt... I've seen how much they value profits over customer service... But I put a 30 days notice on the invoices and will send a second letter if the invoices are not paid. If my second letter does not result in payment then I will either forward the delinquent account to a collection agency or take the Royal Bank to small claims court. Both parties were informed of my billing rate and policy, and I consider that a legally binding verbal contract that I am willing to pursue in court. So, if I get paid I'll take my spouse out for a nice dinner compliments of the Royal Bank. If I don't get paid even after going to court, then I will at least have stood up for my personal right to privacy against a large profit-driven corporation. Regards, Greg.

Re:Me vs. Royal Bank

[dvNull]

I had a similar experience with an MCI reseller. Didnt matter that I had MCI service already for my business. He still droned on and on about what great service I was going to get. I told the *SAME* seles rep on 3 phone conversations not to call me back and take me off their list.

The 4th call which came about 4 hours after the 3rd finally made me extremely irritated. I told the sales rep if he called once more I was going to call his manager and file a formal complaint AND bill the company for my time wasted. I also told him I was extremely busy with my work and dont want to be disturbed. He said "But you have no idea what an important deal you are blowing by refusing"

So far I have sent a letter of complaint and a bill for an hours worth of work at $150/hour. I wont see the money, but I havent received a call since from that place.


The number of the beast ...

Re:Me vs. Royal Bank

[mikethegeek]

Marketers are evil. Their perfect world is one where you are chained into a chair with your eyes glued open so that you cannot avoid by any possible means hearing their pitch.

That's why they blast commercials at you at well above program volume, and want to bug your computer. I don't particularly want my FAMILY knowing my browsing habits, much less some corporate marketer.

If a corporation bugged my telephone for marketing reasons, to find out who I called, that would be illegal wouldn't it? Then why isn't bugging my computer to track my browser? Done WITHOUT consent?

It's as bad as SPAM

[jesterzog]

If the user has their browser set to accept cookies, and cookies get placed on their system, what is the problem with that? Seems like a case of people's ignorance, and instead of acknowledging that, they decide to sue someone instead.

Well personally I see it as a violation of trust. Cookies have other uses than just tracking just like there's more reasons to leave your door unlocked than to let strangers walk into your home.

For example, does the knowledge that I choose to read my email give anyone the right to send me lots of bulk, unsolicited email every day? Some people might argue yes, because I have the option of using filtering software or simply not reading it. I would argue no.

Can people steal my car because I left it unlocked? Can they place a hidden camera in my house because I left the window open?

If the answer is no, why should they have the right to put unsolicited cookies on my system because my browser is set up to allow it for other reasons? It goes beyond reasonable expectations of what the customer/victim is likely to want.

Reasonable expectations might be allowing someone to come onto your property so they can knock on your door. If they came onto your property to dump their garbage or knock your house over (even if you didn't have a security system to stop them), it would be far beyond reasonable expectations.

===

Has anyone ever made money?

[imagineer_bob]

Not that it matters for this case, but has anyone actually been able to make money because they can track users bettter?

I worked for a dot-com (briefly), and though we tracked everyone's viewing and clicking history, we were at a loss to do anything useful with the info.

Rates for banner ads kept dropping month by month, as advertisers learned how inneffective they were!

I doubt that this info is actually useful.

BTW: If you use Windows, Norton's "Internet Security" does a great job of blocking cookies and banner ads! It's transparent, so once you install it, you hardly know its there. Each time you visit a site that tries to cookie you, you can choose "Always allow for this site" or "Always Deny" (and also block ref-by!).

Re:Has anyone ever made money?

[Tackhead]

> Not that it matters for this case, but has anyone actually been able to make money because they can track users bettter?

An advertiser is a guy who cons you into thinking that he can con your customer.

So yeah, Doublefuck and its ilk have made money selling the line about user-profiling, but the jury's still out as to whether Doublefuck's customers can make money with it.

Judging from what's happening to DCLK and TFSM and similar stocks, the market's got an opinion. IMHO it'll be amazing if these companies are still operational when the lawsuits are over with.

sig..("hope Jesus right meek shall inherit earth")

[3-State+Bit]

Uh, that was kinda' sorta' SHAKESPEARE.
Jesus Christ, now they're taking credit for our geniuses too. Next you know, they'll say, "yeah, well who CREATED Einstein? Huh? HUH?? I thought so!"

Hey, no offense eh? =))

Other way to 'disable' cookies

[Fuzzums]

Netscape: erase all data from the cookies.txt and make it read-only.

This way netscape WILL accept coocies, but next time you run Netscape they're all gone :)

why turn of cookies, when you can just sue...

[RogueAngel7]

Make your money the old fashioned way! Sue for it.

everyone is out for the fast buck these days...

xxxxxxxxxxxxx
whine, whine, whine, I'm slighted by the fact that

did the horrible action of

against me. I fear for my privacy from the mean ol' internet monster, and that fear has left emotionaly scarred. I want 1.7 million for my trouble and, of course, therepy that i'll never go to.
xxxxxxxxxxxxxxx

bah... what a waste. I think I'll go sue the state I live in because trafic lights keep me from getting home in time to catch my favorite tv shows, and then I'll sue McBurgerslingers because they screwed up my order.

Lifes rough, get a f*cking helmet.

-

Re:why turn of cookies, when you can just sue...

[RogueAngel7]

hmm, for some reason my post is missing some lines. anyway, here is what it should have read.

Make your money the old fashioned way! Sue for it.

everyone is out for the fast buck these days...

xxxxxxxxxxxxx
whine, whine, whine, I'm slighted by the fact that

(insert person/company/organization here)

did the horrible action of

(insert normal harmless action that most people don't mind, and person suing could have easily avoided if they wern't out to make a fast buck)

against me. I fear for my privacy from the mean ol' internet monster, and that fear has left emotionaly scarred. I want 1.7 million for my trouble and, of course, therepy that i'll never go to.
xxxxxxxxxxxxxxx

bah... what a waste. I think I'll go sue the state I live in because trafic lights keep me from getting home in time to catch my favorite tv shows, and then I'll sue McBurgerslingers because they screwed up my order.

Lifes rough, get a f*cking helmet.

-

EPIC

[Voline]

Sorry, I forgot, Electronic Privacy Information Center
http://epic.org/

Need intelligent granularity.

[s390]

Netscape gives you the options to: (1) Accept all cookies, (2) Accept only cookies that get sent back to their originating server, (3) Disable all cookies. In addition, you can select: Warn me before accepting any cookies. There is no distinction between temporary (session specific) and stored (persistent) cookies.

Disabling all cookies breaks many websites, while choosing Warn mode causes continual interruptions to accept/reject dozens of cookies, so most people just give up and accept all or most cookies. If you visit subscription websites, you must either enable cookies or type username/password pairs every time you want to access each site.

I want my browser to:

(A) Allow me to enable non-persistent cookies.

(B) Let me decide which sites to accept stored cookies from, and which cookies to keep.

(C) Remember my choices for accepted/rejected sources and destinations of cookies.

(D) Use pattern matching to "learn" about sites from which I want to reject all cookies categorically.

(E) Enable me to specify a blacklist of names from which cookies are automatically rejected if the name appears anywhere in the cookie-id.

I'd also like to be able to cull my cookies - deleting them and moving their cookie-ids and source/target URLs to point to /dev/null or 127.0.0.1. One can sort of take this last step now by entering the offending URLs in the Hosts file, but it's somewhat a pain to do it by hand.

Re:If they take all the online shops down?

[Aztech]

use Pornster

But ... the FMPAA (Filthy Motion Picture Association of America) will probably 'come' after you for disseminating copyrighted filth, oh well :/

Don't apply legal solutions to software problems

[crucini]

Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives...

It's tempting to rejoice at these marketing bastards getting their comeuppance, but on balance I hope this suit fizzles. Here's the transaction they're really talking about:

1. Plaintiff requests an image from Defendant.
2. Defendant transmits the image, including in his response a 'Cookie' header, which is a valid header in HTTP, the language which Plaintiff and Defendant are speaking.
3. Plaintiff records this 'Cookie'.
4. Time goes by.
5. Plaintif requests a different image from Defendant. This time, Plaintiff includes the 'Cookie' header previously furnished by Defendant.
6. Defendant deduces that both requests came from the same "person".

I realize that most of this transaction was transparently performed by the plaintiff's web browser. But that's not the defendant's fault.
I would really like the courts/legislature to validate the following principle:

If you send a request to party X via a well known Internet protocol, and party X sends you a response conforming to that protocol, you can't sue or prosecute party X for so responding.

Re:Go ahead

[Kwantus]

Can the entrepreneurial minds of Founder's Camp find a spellchecker?

Sharks on the hunt

[sulli]

Too bad the law firms involved (notably Milberg, Weiss, Bershad, Hynes & Lerach) are well known sharks, uninterested in anything but their own bottom lines. These are the guys who mount investor class actions whenever stocks go down, and the ones who sponsored California's Prop. 211 a few years ago.

If an ethical plaintiff were involved, I'd give this story more credence.

Re:Sharks on the hunt

[mikethegeek]

True, I don't hold lawyers in any higer regard than marketers. Usually such suits only end up enriching the lawyers, who NEVER follow thru with prosecution to trial, but get bought off with a nice fat settlement that mostly benefits them.

What we need is a concluded TRIAL that sets a precedent that nonconsensual usage tracking by marketers is illegal wiretapping.

way wrong

[unformed]

They're not trying to track you so they can shop you to the FBI for visiting porn sites, they're just making things better for you - partly because products are cheaper as it means decisions can be made more accurately, and partly because it means you get what you want.

That's what they want you to think, but...

1) Suppose I buy a computer book once a week from an online merchant. They realize that they've got a devoted customer who buys certain kinds of books. So when I visit the site, they know it's me, and they raise the price. (Hmmm...sounds kind of like what Amazon.com was charged with doing) It's one thing to offer products geared towards me, it's another thing to raise prices because chances are that i'll buy it regardless....and no, this does not fall under the laws of supply and demand, because the prices are set differently for different people.

2) Suppose I download a new program which, without my knowledge, installs a tracker on my system... Is that alright? Is that so they can better serve me?

3) When I walk into a store and they request me for my information, I can refuse to give information, or I can provide false information, and they have NO WAY of knowing it's validity. On the other hands, web sites could require cookies be enabled for service, for "security" concerns, and guess what? I have no choice but to either relent or take my business elsewhere. And I also have no way of providing false information, except by constantly clearing out cookies...
--------------

Netscape 6

[bartok]

Mozilla allows you to select which cookies to block and it remembers your choices. Same thing for image. right clicking on an image gives you the choice to "block this image" so you can basically turn off banner ads on site you visit frequantly.

what's entertaining is ...

[parvati]

when I accessed the cnet story, avenuea.com tried to place a cookie.

Fed up with cookies?

[plaa]

Fed up with cookies, but can't disable them because some sites require them? Easy:

chmod 400 ~/.netscape/cookies

I accept all cookies, but every time (though rarely) when I exit netscape it trashes them. If I want to keep a cookie, then I set the file writable, let netscape write it, emacs the non-wanted cookies away and re-chmod it.

Does Mozilla include a cookie editor? It would be great to be able to "accept" all cookies but throw them away after a while, unless you specifically ask to keep them (without doing that chmod hack).

Lawyers versus Spammers

[iapetus]

It should be a case of the lesser of two evils being preferable, but I really can't make up my mind which is which.

Here's my suggestion: let the court cases go ahead, and when the advertising company representatives are in court along with all the lawyers, blow the building up. (All members of the public would obviously have been replaced with inflatable replicas before this event...) That way everyone wins.

Huh?

[Garthnak]

Are you kidding? Of course they're tracking us! Major League Baseball has satellites in the sky watching our every move, I tell you...collecting their insidious marketing information.

--Garthnak

Easy

[Col.+Panic]

Internet Explorer:

View, Internet Options, Advanced, Disable all cookie use.

Netscape:

Edit, Preferences, Advanced, Disable cookies.

Lynx, KFM, Mozilla - you don't need to be told how.

Re:Easy

[John+Jorsett]

The real solution is for browsers to not save any cookies to disk without your express approval. IE allows you to disable stored cookies, and allow per-session cookies (internet options->security->custom, halfway down).

Try doing this and remaining logged in on SlashDot. You can't, which means it isn't a real solution. I think we need a lot more control over the cookies. I'd find it a useful feature to be able to restrict cookie use to only the site that placed it. I.E. none of this DoubleClick third-party stuff that lets site A see what my site B cookie contains. That would eliminate the ability to track activity from site to site, at least.

Re:Easy

Yeah, that's easy, 'cept it won't work. You'll have a helluva time surfing many sites without allowing non-persistent (not saved to disk) cookies. Many sites use them to figure out what page you came from, what options you've chosen (for this session), what ads they've thrown at you, etc.

The real solution is for browsers to not save any cookies to disk without your express approval. IE allows you to disable stored cookies, and allow per-session cookies (internet options->security->custom, halfway down). Oh, but it's IE, so it must be bad. Ahem.

Your solution is just silly.

Re:Easy

[tshak]

And then scratch your head and wonder why you can't maintain session with sites that you login to. Sure, those sites could (should?) use HTTP authentication, but there's a lot of plusses to using cookies to maintain session.

Personally, I use window washer. For you non windows folks, since everything isn't in some crypted registry or "metabase", a simple shell script or even perl script will do. Every night I have a cron job ^H^H^H^H^H^H^H Windows schedular that runs window washers "autowash" that removes all cookies, history, and any other means of finding out where I've been - no tracking me now! The nice thing, is that I have a list of specific cookies from specific sites that are allowed to place cookies for session reasons - those don't get cleaned (like my slashdot cookie). You'd also be surprised at how much system performance increases when your FAT is not loaded with so many cache/history/cookie files all over the place!

Come on, people.

[BayCityTroller]

This is precisely what advertising companies do. They are paid to determine the habits of their viewers, which is valuable information. It is completely transparent to you, you see nothing, you pay nothing, and all the while you get the content or other service you were seeking on-line for free.

I don't believe the net could survive without advertising. The tracking of customer habits is just anoter facet of it. There are plenty of other things to worry about right now, like free speech rights on the net. Let's leave advertisers alone for once, because in the great big world of the Web, you could say that they're the least of our concerns.

Re:Come on, people.

[Tadghe]

The net existed for many years without a single Advertisment, indeed the web existed for a short while without it to.

Besides, getting rid of cookies won't stop advertisers, just make them rely more on "Other" methods.....

Tadghe

Re:Come on, people.

[mikethegeek]

Advertisers can rely on any "other" methods they wish, so long as they are legal.

I think a wise advertiser should realize that pissing off your potential customers with annoying ads and privacy invasions isn't the best way to sell something.

That's why the twin evils of modern marketing: telemarketing and SPAM are highly inefficient. Telemarketing and SPAM require the marketer to annnoy hundreds, if not thousands of persons per sale. Not only is the return rate horrible, I think these companies are pissing off many people who will sooner cut off their arm than buy one of their products.

I have NEVER bought a product a SPAMMER or telemarketer has ever tried to sell me, and I never will. My phone line is constantly on the internet anyway, which (to the telemarketers chagrin) prevents them from reaching me. People whom I want to be able to contact me know how to contact me.

MCI and AT&T so pissed me off with their constant harassment I flatly told both companies I'd sooner use tin cans and string rather than their phone services.

Re:Come on, people.

[SCHecklerX]

Why is it you think the net could not survive without advertising? Maybe without it, sites would actually focus on content once again.

Everything was going along just fine until 1994-1995 when everything became commercialized.

Online transactions are about the only big difference nowadays...and, well, if you are selling things via the web, you really don't need advertising on your web page, now do you?

Re:Come on, people.

[Chagrin]

If MCI or AT&T calls you, or if any telemarketer calls you, all you have to do is tell them to put you on their "do not call list". Secondly, ask them to mail you a copy of their do-not-call policy, which they are required to do.

If they fail to do either, you are then able to sue them for $500 in small claims court.

I don't have references handy, but I'm sure you can dig them up from a search engine if you give it some time. Or you can just complain about it...

Re:Come on, people.

[mikethegeek]

I've requested this time and again of all telemarketers. It won't work. The only system that will ever protect people is an "opt in", not an "opt out". It won't work because you have to individually "opt out" with each and every company that might telemarket.

But the telemarketers know that NO ONE will ever "opt in" so they sent their lobbyist drones to Congress.

I'm happy with simply denying them access my never leaving my line free for them to call. I have a pager, ICQ, e-mail, etc, and anyone who needs to get ahold of me can.

Ideuts

[ideut]

From the article: Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives ...

I'm sorry, but you implicitly give permission to do this when you configure your browser settings. Trouble is, life gets hard when you disable all cookies.. you can't even log in to slashdot.

Re:Ideuts

[xantho]

I'm sorry, but you implicitly give permission to do this when you configure your browser settings. Trouble is, life gets hard when you disable all cookies.. you can't even log in to slashdot.

Next time we meet on the sidewalk, I'll punch you in the stomach. It's your own damn fault, you weren't wearing your cast iron chest protector.

--Xantho

Damn...

[Cloud+9]

Wish I'd thought of that... */me clicks furiously on every add banner in sight.*

Konqueror does some of these

[Krischi]

It lets you specify accept/reject policies on a site-by-site basis. You can also configure it such that it will ask for a policy every time a cookie is being sent by a site that you have not covered yet.

As for learning and blacklists, wouldn't that make a great coding project? :-)

Re:Konqueror does some of these

[Tycho]

Internet Explorer 5.0 for the MacOS has the same feature. IE also allows you to browse your cookies, view them and selectively delete them. My only complaint is that if you accidentally deny a site, go into the preferences and allow cookies from that site. IE removes the settings for all denied sites and you have to deny these sites again when these sites send you cookies again. It really isn't that bad of a problem, but it is annoying.

Re:Ridiculous

[Tackhead]

> They're not trying to track you so they can shop you to the FBI for visiting porn sites, they're just making things better for you - partly because products are cheaper as it means decisions can be made more accurately, and partly because it means you get what you want.

1) I decide what's "better for me". Not Doublefuck. When a marketer says it wants to "do you a favor", treat it like a government employee - grab your wallet and run like hell.

2) What prevents the Feds from issuing a subpoena to Doubleclick and (That other bunch of shitweasels they merged with in order to assign real-life identities to their cookie database, that got them in such trouble with the FTC), in much the same way they would with an ISP of a suspect?

I wonder

[CharlieG]

Can we charge them for the USE of our computer? Say, $10/day/bit?

Send them a bill?

Cookies, "Web bugs", and mass media (what else?)

[Faies]

We always hear about how all anti-cookie lawsuits mention the fact that users are not able to go against cookies. And of course, its obvious how easy it is to disable cookies.

Microsoft recently tried to show the public a new version of Internet Explorer which implemented "new" functions to let users easily determine which cookies they want and which they don't want as if none existed before. This only compounds the problem by giving the impression that we have no security at all unless we get the newest software.

In light of all of this, why does the media not report the other side? They are all caught up in the mode of earning money- scaring the public, getting ratings by users who want to know what is happening, keep them focused on updates to see if their privacy will be protected after all. After all, wtf is up with all this "constitutional crisis" crap? People talk about how the electoral system is messed up, and we need to get rid of it to save the world. I'm relieved to see that Time Magazine is willing to point out that "what would happen in a popular vote system where the margin is as narrow as the Gore-Bush margin...demands for recounts, not in two or three states but in 50". Even Hilary Clinton says she would support such a measure in Congress. Nobody is willing to truly speak for the electoral system and cite parallels when baseball series such as the one in 1997 ended up with one team scoring more runs and still losing overall, or even mention that things like this have happened before.

Back on the issue of online privacy, the media fails to mention the fact that most websites at least give a privacy policy- people are too lazy to read the legal information thrown in their face and then complain about how they never knew this or that. If the website never mentioned such a policy, it's the fault of the website, not the ad company which told the website to follow certain guidelines. If anybody is wondering what "web bugs" are, they are only another cause of massive violations of privacy. (see the link/reference to them on the original article mentioned ). They are simply the one pixel gifs that many people use in invisible counters and such. Cookies are often only used in them to ensure that a person is not counted twice, not to monitor tracking- yet cnet portrays them to maliciously violate our privacy all the time.

These "web bugs" are described early on with the following excerpt from that article:
Savvy Web surfers know they are being tracked when they see a banner ad. But people can't see Web bugs, and anti-cookie filters won't catch them. So the Web bugs wind up tracking surfers in areas online where banner ads are not present or on sites where people may not expect to be trailed.

Firstly, it is a sad thing when people assume that a banner ad = cookie when websites like Yahoo sell their own ads and place cookies even without banner ads. Secondly, it is even worse when the article seems to assume that anti-cookie filters look just for banner ads. The best filter is the options menu of course, and it is impossible to miss a cookie with that. And finally, the last part of the excerpt mentions that people expect to be trailed when there are banner ads around, when the article along with other cnet articles say that most people do not even know they are being tracked in the first place. The true savvy users like us know that cookies are everywhere, and are not synonymic with one another.

Do not blame the masses for making ridiculous lawsuits, but the law firms who go for money, not ethics, and the media for making stories sound good while only distorting the truth. And on a final note, it is interesting to see how 60 minutes aired a story on Echelon (sorry if I got the show wrong, but the segment was shown on a major network), the most powerful version of Big Brother that I can think of, and most people just shrug and accept it. Why can't people sue the government after all?

-------------------------------------------------- --
Faies
"[This ISP] is completely secure if you are using a standard operating system like Windows 98"

Is this going a bit too far?

[davejhiggins]

I'm wondering how long it will be before someone receives a lawsuit for keeping web access logs from their site; especially publicly-accessible ones that show which IPs have visited the most / most recently.

Even though the case in question here might be "good" one from our point of view -- which generally seems to be that advertisers and spam are bad (unless you're the one getting paid for it ;) -- I worry that the more this snowballs, the sooner it will affect the security of our systems because we're not allowed to keep logs of who's been connecting to them.

Dave

oximoron

[doctored]

Unless you can sue anonymously, sue'ing will only reveal who you are, thereby going against your fight for privacy...

Tracking vs Cracking?

[jpm242]

Technically, couldn't tracking be considered the same as cracking?

Why is it illegal for Joe Cracker to hack himself into a corp's website/intranet in order to get sensitive information while it's perfectly legal for that same corp to track the user's sensitive information?

I think that license agreement do too much for the big boys and not enough for the users. Wouldn't it be possible for a user to specify his own "license agreement", and then the sites could refuse/accept him as a viewer of that content? If such a mechanism could be put in place, the sites wouldn't have any choice but to agree with the most users, and if they fail to respect the surfers' "licence agreements", they would be liable, just as ordinary surfers are when they break a site's license agreement.

Just my 2 cents.

J:P

Go ahead

[ishrat]

Track me and I won't sue you I'll spam you instead. Confused?

ipchains can do the trick

[tftp]

function Blackhole() {
local log=""
if [ "x$1" = "x-l" ]
then
log="-l"
shift
fi
while [ ! "x$1" = "x" ]
do
ipchains -A input -d $1 -s $ANYWHERE \
-i $INTERNAL_INTERFACE -j REJECT
ipchains -A input -s $1 -d $ANYWHERE \
-j DENY $log
ipchains -A output -s $ANYWHERE \
-d $1 -j REJECT $log
shift
done
}

# Reject everything from/to Doubleclick on all interfaces.
Blackhole 204.253.104.0/24
Blackhole 205.138.3.0/24
Blackhole 208.184.29.0/24
Blackhole 208.32.211.0/24
Blackhole 209.67.38.0/24

Re:sig..("hope Jesus right meek shall inherit eart

[kubrick]

Umm... I'm no Christian, but wasn't that from the Sermon on the Mount?

"Blessed are the meek: For they shall inherit the earth."

Probably rewritten by generations of churchmen since, and I presume Jesus spoke Aramaic or Hebrew, assuming he really existed, but anyway...

ObLifeOfBrian:

"I think it was 'blessed are the cheesemakers'."

BTW Einstein was no genius, but he had a great publicity machine (that's just me playing devil's advocate :)

Consider the possibility . . .

[alecto]

. . . of blackmail. Sure, you can sue us. Of course, some of the information we collected might come out in discovery. Like that site in the Christmas Island domain that's always in your HTTP_REFERRER, and that you spend an awful lot of time on the Victoria's Secret site putting items in your shopping cart that are much too big for your wife. It would be regrettable for it to come to this, wouldn't it? I thought so. So, you pay our attorney's fees and we forget this whole sordid incident.

Idcide privacy...

[verbot]

For Windows users, there is a program called Idcide that will block out 3rd party cookies from banner companies, such as the ones this article talks about.

You can find it at http://www.idcide.com.

There was an article about this program a few months ago on Slashdot. I've been using it for a few months now, and love it. The only drawbacks are that it's for Windows/Internet Explorer users only (the Netscape version is in beta testing now).

I Always Pimp This Book...

[Seumas]

I always pimp this book to friends, family and acquaintences -- especially if they are not in the technical field or are generally uninformed about the concerns of privacy invasion by corporations, governments, organizations and online services. It is a great over-view of almost every major concern and the existing reality, with insight into the possible (and likely) potential reality of abuse.

The book was also reviewed on Slashdot some months ago: Database Nation (O'Reilly).

If you know someone who gives their personal information just to get a 'Club Card' at Safeway so they can buy groceries, hands over their personal information to Radio Shack just for the privelage of buying things from them, or sign up for those "Hawaiian Trip Giveaway"'s that are in a lot of stores, restaurants and laundromats (a scheme to get your address, name and age as well as other information) -- give this book to them this holiday. It'll make them think twice about the comfortable little world they think they live in.
---
seumas.com

which browsers to use???

[bleh-of-the-huns]

Okay, I have not been following the browser wars very closely, but I remember something about the fact the AOL killed the attempt netscape/mozilla made to add a functiont aht would only accept images from the site you were visiting (hence killing banner adds, tracking clear images etc etc). Now, are there any browsers out there that have this type of privacy and security functionality. It's obvious that netscape and IE will never have anything like that since they are a huge advertising platform for MS and AOL.

What I want is a broswer that supports java, is w3c compliant, blocks images that do not originate from the requested site, and the ability to not accept or send cookies to any site but the one I am visiting.

Anything out their that will follow these std's

What Other Choice do They Have

[cluge]

I have customers that change e-mail names approx once a year. What a pain in the arse, but trying to get yourself "removed" from a mailing list is a joke.

One of those customers apparently is being "followed". Every change he still ends up on the list. Perhaps he should sue?

Aren't there enough "stalkers" in the world without PAYING people to stalk me? As I read the Florida anti-stalker statute (which as we all know, FL law is "subjective") I should be able to press criminal charges against advertisers that "track" me. Check out the statue here and tell me what you think!

Some things never change

[grovertime]

One of my closest colleagues is a high-ranking official from Doubleclick and we've discussed this situation to no end. It is a finer line than most media outlets report, most seeming to want to indulge in David vs. Goliath tales of evil advertising empires tracking innocent individuals. But the issue runs far deeper. Tracking a user's likes and dislikes is nothing new - online or off. The trouble is now we have to announce what we are doing, even if it damages our businesses and really comes at no actual cost to the individual. Unfortunately, most of this sentiment is fueled by the same anti-corporate notions that lingers in the mind of all, say, programmers or coders who don't want to be mainstream, don't want to lose their individuality, but can't wait to throw together some software package, grab a public shell and set sail down their own corporate stream. The issue here is less on privacy or invasion and more on theoretical control - we can't stand, in our personal lives or public ones - to be known. Mystery is fun for sure. But to sue every company that is aware you like pink cardigan sweaters who tells the pink cardigan sweater factory that information - that just makes us all a bunch of over-lawyering dodos.

1. 
   P 2 P___H U M O R
   

Who's ready for shoppin' tomorrow?

BIggest shopping day of the year, it is.

I already looked through the flyers and filled my Palm with what I ned to get.

I figure I'll get up early tomorrow, fill my 32 oz travel mug with coffee, and hop in the old Ford Expedition to go mano a mano with all the other holiday shoppers, spending money I don't have to buy expensive gifts as a way of compensating for my lack of emotional intimacy with my friends and relatives.

Just a warning, don't get in front of me at the Starbucks drive-thru unless you're fast!.

As for now, eat soem TRukey, watch some football, drink some beer, scratch my balls, and be glad I have teeth, unlke some UKians I Could name.