DoubleClick Settles Privacy Investigation

guttentag writes "DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.' It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles. However, it will continue to use to track users with cookies. The Washington Post also has an article, but it is conspicuously missing the standard disclosure statement that informs readers of The Post's business relationship with DoubleClick." Well, let me be sure to point out then that Slashdot also serves Doubleclick ads. If you recall, this all started when Doubleclick merged with a database company and announced plans to merge its online and offline databases.

Profiles

[Delrin]

What? Are they like Equifax and the other credit agencies now? "Access to their profiles". Let me guess, this will involve making 10 phone calls, waiting on hold. Where's the URL man!?

Re:Profiles

[chfn]

"Let me guess, this will involve making 10 phone calls, waiting on hold."

And after all that, it'll still be wrong

Just goes to show...

exactly how much companies will pay for good information.
Reminds me of the Simpsons episode where the toy company bought the school for their market research...

Doubleclick makes me happy ...

[YeeHaW_Jelte]

... that I get prompted by mozilla before I accept cookies.

got of cheap

[tanveer1979]

"DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.

Thats small compared to what they made.. and they will "continue to track users with cookies"

Says what... if audit takes 4 years they can do what they do for 4 years.
Their privacy policy is a big joke... but who cares anyways. Whats about cost to "users".

Re:got of cheap

[ch-chuck]

No Joke - you can't even buy a decent house in Si Valley for that little anymore.

Profile Access

[alatesystems]

"It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles."

Where will we have access to our profiles? What will it be looked up by? Our cookie? Our email address? I will be interested to see just what information is linked to me personally.

I don't think we will be able to see everything. Only time will tell.

Chris
www.talkingtoad.com

Re:Profile Access

Will accessing the profile be stored as an event in the profile?

Re:Profile Access

[mwjlewis]

Do a search on Google for cookie, doubleclick and profile. You are sure to find something.

Bank of America

Doubleclick will sell to anyone, and I can't believe that some people buy into it. For example, I have an account with Bank Of America, and one day while I was checking my account balances I noticed that mozilla was loading something from doubleclick. I looked at the page and there were no ads to be seen. I checked out the HTML source and sure enough they were loading a 1x1 transparent gif from doubleclick. Now, could someone please explain to me why Bank of America would be interested in doing that? The only possible reason they could be doing this is:

1) Doubleclick is paying them an assload of money to do it.
2) BOA is receiving browsing profiles for their banking customers.

Those are the only possible benefits I can see from this whole thing. Any comments?

Re:Bank of America

I used to work at DoubleClick (engineering) and I can tell you exactly why BofA put the pixel there. DoubleClick uses technology they call "spotlight" to track which page views come about as the result of a user clicking an ad. Cookies are used to link the click event with the page view event. By plugging in some simple key/value pairs into the URL that requests the 1x1 image, companies can track sales (page=sales_confirmation;sold=ford_taurus;cost=... )

Online marketers would be nuts not to use this valuable tool to measure ROI. In fact, those who are slow to do this sort of tracking are likely to be driven out of the online marketing business as smarter companies use all of the tools available to them.

Re:Bank of America

No, neither reason is correct.

The point is that it allows some vague connection to be inferred between showing someone an ad ("impression") and later that person using a service or buying a product or whatever.

In this example, Bank of America presumably has DCLK ads on various sites. It is simple enough to track who "clicks through" the ads. But some people may see the ads and eventually go to Bank of America without clicking through. It is still interesting to know that they saw the ads, to try to figure out whether people who saw the ads are more likely to become customers, etc. That's why the 1x1 image. It's not necessarily to track and profile individuals. (Though it could be abused of course.) It's primarily intended as a measure of advertising effectiveness. That's why the advertisers pay for it. Lots of sites use them. It's not always for some evil purpose...

Re:Bank of America

The only possible reason they could be doing this is:

1) Doubleclick is paying them an assload of money to do it.

2) BOA is receiving browsing profiles for their banking customers.

The actual purpose is more mundane. I don't know BOA's and DoubleClick's relationship, but I know how it would normally work in internet advertising.

BOA advertises online on DoubleClick's networks. DoubleClick tracks which users (DoubleClick cookies) see which ads, e.g. which BOA ads. To tell if the advertising was effective, a 1x1 gif is placed on BOA's front page (or elsewhere on their site, depending on what they want to measure). That gif goes back to DC's servers with a DC cookie, allowing DC to answer various questions. E.g. what percentage of ad views on a given site resulted in purchases/home page visits/etc. Then, DC can stop running ads on sites that appear to be less effective, etc.

Summary: they place 1x1 gifs on their clients' sites to measure the effectiveness of various ad placements. You don't need to postulate anything more grandiose than that.

Not that DC hasn't and wouldn't do anything more grandiose, but I'm just reminding everyone what the basic purpose of those gifs are.

By the way, #1 is likely not true -- BOA presumably pays DC for the service of providing feedback and improvements on BOA's internet advertising effectiveness. #2 also probably isn't true. BOA doesn't care about the profiles, so long as DC provides them with good value for their advertising spend.

Re:Bank of America

[geekoid]

3) The web designer has a dbl click account, and is sticking a link on every page he does.

Re:Bank of America

[jesterzog]

I'm not a BOA customer, but presumably there's an online privacy statement or a terms of use somewhere. It should state what information is collected and how they use it.

Have you read it?

If it doesn't say anything, just phone them up and ask them.

cookie blocking

[Apreche]

its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it. I have yet to see a cookie that serves a dual purpose of tracking you and doing something useful, like a shopping cart. It seems that doubleclick and other ad companies always use separate cookies from that of the site advertised on.
So until they find a better way to do it, I don't think they are going to get me.
As for all this stuff they are doing. Allowing users to view profiles. Paying for "education" etc. It's all just the usual. They do a few things to make themselves not look like a horrible evil. Whoever is pestering them has to lay off for a bit, and they continue business as usual.
Does anyone know if doubleclick is currently profitable? I mean considering how banner ads don't work, how can a company that relies on them still exist?

Re:cookie blocking

[tomstdenis]

You have IP? I have IP, oh 100% ok?

Seriously. Web site owners can track your viewing habits by checking their log files. Your friggin IP is logged in it. If I collaborate with website XYZ we can both check what you are doing.

So um? get real!

Re:cookie blocking

[Christopher+Bibbs]

Tracking by IP only works if the users have static IP addresses and aren't using proxy servers. So that basically takes care of dial-up, most broadband, and corporate web surfers. Cookies, however, are per user (when the browser allows them).

So um? get educated! ;)

Re:cookie blocking

[ishark]

its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it.

Same here. And with galeon after doing what I need I open up the cookie dialog, select the cookie I just accepted and hit "remove and block"....just in case :)

And don't forget the option "limit maximum lifetime of cookies to this session" in Mozilla... (hmm I wonder when galeon will add it as well...)

Re:cookie blocking

Doubleclick has been rerouted to 127.0.0.1 in my Hosts file for ages. What do I care?

Re:cookie blocking

[purpledinoz]

Last year, DoubleClick came to my university to try to recruit coop students. I don't think anyone took them seriously. It was when dot-coms were dropping like flies, and I was so sure DoubleClick was going down too.

Re:cookie blocking

I solved the problem of all cookies, by a simple batch file in Windows. every hour, it goes though the system, and deletes any cookies it finds. (Yes I have to tell it where to go, and what are cookie files.) but hey it works.

I use to set the attrib to R for 1 file cookies (Like opera, and Mozilla/netscape) but it was impossible to do so with IE. (Which every program seems to want to use.) So this erasing is the next best thing.

I've said before, that companies will do anything they can to screw you, from Enron, to Doubleclick. Don't moan about it, just take it out of their dirty hands, and take control.

Now if soemone could tell me a simple and free way of truely blocking web bugs, (like Banc of America) I'd love to hear it.

Shadowwalker Delaforge
shado719@icqmail.com

Re:cookie blocking

[tomstdenis]

Oh so when you go online you goto one site than hang up?

There is a correlation between IP and time. E.G YOU!

If at 10:46 you goto a site with IP X then at 10:48 you goto a site with IP X then if we are collaborating we could put it together that you're the same person.

Perhaps less effective on the whole but generally not impossible or infeasible at all.

So um, get creative!

Re:cookie blocking

[Christopher+Bibbs]

And what if it shows the same IP hitting different websites at 10:48:01, 10:48:13, and 10:48:37? Is that a single user jumping around or multiple users behind a proxy? Hard to say.

Bottom line, tracking by IP address doesn't work. Too many users work through proxies or beind NAT routers and then DHCP and dial-up further complicate things.

Getting "creative" with data is a way to fool a customer. Real results require solid methods.

So um, quit being stubborn!

Re:cookie blocking

[tomstdenis]

I never said cookies are not a good method of getting browsing habits. I am just saying [as a cryptographer] that there is more information lying around than most think. Its just a matter of looking at the data and interpretting it.

And as you say "lots of users behind proxies" that's true. However, most people I know don't have everyone in their house go on the net simultaneously. So it stands to reason the IP's are due to one user.

Even still there are other things like referrer tags...etc...

Tom

Cookies

"However, it will continue to use to track users with cookies"

You mean they dare to track who goes to their site? Thats an outrageous intrusion into my privacy! Imagine what would happen in high-street stores kept details of who bought what! What about governmental agencies? We must fight this threat to our freedom before its too late!

Re:Cookies

[chfn]

Not their site, but sites that load their ads. You don't have to even visit the doubleclick site to be tracked by their system.

That's the problem. And I still haven't seen how we're getting access to our profiles.

Re:Cookies

[irve]

As a part of my holy mission of battling ignorance let me point out that you "go to their" site in the eyes of your browser every time you load some advertisment from their server. Meaning that you probably visited it right now.

Ironic..

[Frank+of+Earth]

Slashdot also serves Doubleclick ads

Yeah, I know. I find it really amusing when the topic is the typical MS bashing post and there is a huge ad for Visual Studio.net

Time to have some fun

[hrieke]

'Correct' your profile to be a 80 year old trans-gendered, trans-racial, Alaskian arc-welder living in New York with a disposible income of $125,000.
That aught to cause a few people to pause.

Or just change your address to match double click's...

Remember- the data is only as good as you give it.

Re:Time to have some fun

[onion2k]

Just coz I happen to be a skilled manual working eskimo with gender and race issues living in the Big Apple doesn't mean you have to take the piss. Oh, and happy octogenerian birthday to me.

They can't track me!

I redirected all doubleclick.anything names to localhost long ago. Problem solved! (Of course there's always junkbuster too)

The bit I don't get is...

[Boss,+Pointy+Haired]

...what doubleclick do about multi-user PC's?

Loads of people use my PC, my family when the come round to visit, my friends etc. And they all surf the web taking advantage of my broadband connection :o)

Their profile of "me" must be a right mess. I think they're taking advertisers for a ride when they say they can target people who visit "this" sort of web page, when there is no guarantee that the person using the computer at a given time is the same person that visited "that" web page.

I'm sure there's more to it that i'm missing (like linking up with email addresses on forms etc), but i'm still not sure I really understand what / how they're profiling.

PHB.

One Word

[dusanv]

Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)

D.

Re:One Word

[Jucius+Maximus]

"Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)"

Yeah but there are always web bugs. You'd better get yourself a hosts blocking list.

Personally, I swear by /etc/hosts or /winnt/system32/drivers/etc/hosts, wherever the circumstances apply.

Re:One Word

[dusanv]

Web bugs sounds interesting but I can speculate it is IE related (too bad they don't really elabotate) and I don't use IE at all (just too many security concerns with it). Does anyone know what they are using to pull out someone's address book (must be ActiveX/VBScript/Internet Exploder/Outbreak Express related)? Your "hosts" idea isn't too bad either except that I use to many machines to be mocking with hosts file on all of them. Much easier to use squid or BIND to block Doubleclick completely (if you use these). Mozilla cookie handling also helps. Too bad it doesn't support roaming profiles yet so I have to set it on every machine...

Cheers.

Re:One Word

[dismal+scientist]

You can set Mozilla to block images from sites. That will block the web bugs that are images.

Re:One Word

[Jucius+Maximus]

"You can set Mozilla to block images from sites. That will block the web bugs that are images."

Of course you can. (Was the checkbox added back to the GUI in 1.1? I haven't got it yet.)

But sometimes I use opera or even IE for stubborn sites and then my image blocking does not carry over.

Ips don't work as well as cookies

[autopr0n]

Well, IP address for a lot of dialup users are reassigned each time they connect. For AOL users, this means millions of possible address. Given that AOL has something like 40% market share in the US, IP based tracking won't work that well.

On the other hand, cookie based systems work well, and are linked to user accounts on specific computers.

Opting out is done by setting the double click cookie to zero or something, and it seems to work pretty well.

I remember opting out and starting to see ads for feminine hygiene stuff. Maybe it was really a kind of punishment :P

Well..

[autopr0n]

Most of the time, when more then one person uses a computer frequently, multiple user accounts are set up.

Under windows (as well as most unix installs) A persons cookies will be linked to their user accounts, not the PC itself.

And yes, most families really do have seperate user accounts set up.

DoubleClick Hiaku (I'm lame..)

[Jearil]

DoubleClick panics
To be cool like microsoft
Pretend innocence

Users profiles
Now open to the public
Cause mob to delete

Profile access might be a scam

[chfn]

What would be better than making you "sign up" to view your profile? Just for authentication, you know, to make sure nobody else accesses it "by mistake". Then, they'd have names and email addresses to go along with browsing profiles, if they don't have a match for every one already. Neat trick, if you ask me.

IP address?

The users IP address is about as useful as a chocolate teapot. Consider the following:

• Dial up users & Cable/DSL users almost always get a different IP address each time
• Anyone using a proxy (Many ISP's use web proxies, not to mention corporate and .edu users)
• Anyone using NAT (Same as above, essentially

Any computer which is used by more than one person (A family, say. My wife doesn't read Slashdot, and I rarely use EBay.)
If you think you can do user tracking just by using the IP address of the connecting computer, then I'm glad that this isn't 1999 anymore. You could have made millions with that poorly thought out business proposition.

Re:IP address?

[tomstdenis]

First remove your thumb from your ass. This isn't a competition.

Second, I was just pointing out that there is more information lying around then you guys care to admit. I mean in cryptanalysis the attacker doesn't stop because there is a little noise.

Simillarly if I want to data mine to the last drop I won't stop because I get a little noise.

Also about the "changing" IPs is this how you browse the web?

1. dial up [wait the 30 seconds]
2. do one HTTP request
3. disconnect, goto 1

???

Tom

Double click as Big Brother

[ziriyab]

So this screen we sit in front of has some machinery behind it that can track our activities and behaviors? You say it's merging like crazy consolidating databases? Nice. How very 1984.

Disinformation

[JanMark]

Would it be possible to write a program that feeds disinformation to doubleclick? If 5000 people would download it (I might) and run it on theire xDSL modem... How fast would theire database be turning bad? And if their statistics are wrong, their business is gone.

How does one wirte such a jammer-program?

Re:Disinformation

[flonker]

A simple way to sour their database is a cookie sharing scheme.

• You have a P2P cookie sharing proxy server.
• You get sent a request for a cookie.
• Your proxy computes a random chance of creating a new cookie, or using an existing one
• If it decided to use an existing cookie, it searches the P2P network for a cookie that matches the requested cookie, and uses that cookie.
• If it decided to create a new cookie, or if it didn't find any existing cookies, then it requests a new cookie, and uses that one.
• Whatever the new results of the cookie are are saved, and shared over the P2P network.
• Cookies are used consistently per session. ie. you only request one cookie per website per 20 minutes, for example.
• Another mechanism that may be necessary is a cookie checkout mechanism, where each cookie is used in only one session at a time.

The two problem with this is that you have to explicitly decide which cookies you want to share, as I'm sure not everyone wants to share their cookie saved slashdot login. And you'd have a problem with the possibility of your bank account being linked to a randomly generated browsing profile, or something similar. Neither of these problems are insurmountable, but they need to be addressed.

Slashdot: The register's comment board

[Anonymous+Sniper]

Slashdot: The register's news from yesterday, now with Comments(tm).

It's a pity that slashdot can't (won't) at least link to them - they have good articles, written by people who at least appear to have some common sense, and actually Check The Facts (learn that one, Boys!)

double click ads blocked

[Skapare]

Well, let me be sure to point out then that Slashdot also serves Doubleclick ads.

Well, let me be sure to point out then that Doubleclick ads are blocked here. So when my Slashdot page comes up, regardless of whether the Elite Monkeys generate it, or the Random Elephants generate it, or the Barrel of Psycho Mummies generate it, if it has images that refer to any server in the doubleclick domain (and a few others), they come up blank (a 1x1 transparent GIF is substituted). If Slashdot wants to be sure to maximize revenues, it should either be sure it charges for providing the tag, even if the image is never loaded, or make sure a different advertising source is used (which may be hard if the advertiser wants to use doubleclick ... but then, those are going to be advertisers that are not going to generate as much revenue for this very reason). As I edit this comment, I'm seeing a banner ad for OSDN's PriceCompare. I may check it out later when I'm bored.

servedby.advertising.com

But, what about those weasels at servedby.advertising.com?

Oh yeah...

[Balinares]

I must say, I just love it, in a perverse kind of way, when MS actually pays Slashdot to host their own bashing.

Sometimes, life's just too good. :)

But, but--authorities say "Cookies are harmless"

[dpbsmith]

Two or three years ago, all the newspaper computer columns were full of "don't worry, be happy" explanations of why cookies cannot be used to identify individuals. They stated authoritatively that there was NO POSSIBLE WAY cookies could be used in this fashion and "explained" the "technical reasons" behind it.

For example, Infoworld columnist Fred Langa says here that "To me, cookies seem pretty harmless. Despite commonly-voiced concerns among the anti-cookie faction, cookies (or the JavaScripts that create them) won't let website owners surreptitiously figure out who you are, for example... My advice: leave cookies turned on; the real benefits far outweigh the very small risks."

Indeed, a Google search on "cookies cannot be used to identify individuals" turns up 21000 hits--mostly in Web site's privacy statements.

DoubleClick's motto: when it comes to invading privacy, we do the "impossible" every day.

I think Slashdot should rethink its connection with DoubleClick.

Avoid it all together

[demon93]

One way to not appear in their databases...

# hosts
0.0.0.0 doubleclick.com
0.0.0.0 doubleclick.net

etc., etc. for any adservers that you don't like the look of.

Re:Avoid it all together

for your convenience just look at http://remember.mine.nu

Someone created such a hosts file with about 14600 entries

Proposed Cookie 'Extension'...

[vofka]

Perhaps all the Cookie Paranoia could be put to rest if there were a mandatory extension to the existing Cookie Protocol which indicated the 'type' or 'use' of a particular cookie, examples could include:
** Session Tracking
** Shopping (Carts etc.)
** Advertisers and Profilers (such as Doubleclick)
And possibly a variety of others.

Once such a system was in place, a user should be able to select whether to Accept, Reject or be Prompted for cookies of each type.

The only problem would be getting the adertisers to use their 'designated' cookie type...

Re:Proposed Cookie 'Extension'...

[Skapare]

Another option would be to have everything that jumps between domains (possibly for domains that are configured, or domains not configured to be exempted) have the HTTP "Referer" header suppressed, or forged. That would create the brick wall boundary between domains where information cannot as easily pass between, through your server. Cookies cannot be retrieved across domains, but by associating the cookie you get from the image with the domain in the "Referer" they can still track what domain you are surfing.

BTW, I do have cookies on, but each new instance of my browser creates a whole new context to run in (which it thinks is my home directory), which means an empty set of cookie each time. So I just make sure I start a new instance each time I go to another site.

Nuke ads and cookies.

[Tar-Palantir]

If you've got Mac OS X, try using OmniWeb. It can block ads and off-site cookies, and you can block all images from any site matching a regular expression (VERY cool).
How is DoubleClick going to cause any problems if their ads don't load and their cookies don't take?

Where's the money, honey?

[mustangdavis]

(* from the perspective of the guy putting DoubleClick ads on his website *)

Does this mean that people that rely on advertising dollars are now Double Screwed?

First, Double Click has to generate revenue to pay for this settlement, so I'm sure they're going to take that money from their publishers

Second, now that they can't resell demographics, does this mean they will have an even further revenue shortage?

My question is this: They already don't pay shit to their publishers, so I ask Double Click:
Where's they money gonna come from?

Doubleclick Privacy: 404

[doppleganger871]

Just tried viewing their Privacy statement:

http://www.doubleclick.com/us/corporate/privacy/ pr ivacy/default.asp?asp_object_1=&

Got a 404... imagine that.

Re:Doubleclick Privacy: 404

[Tribbles]

Try removing the space in the second "privacy", and it works. For some reason (probably IE's fault), the URL always ends up with a space in it (it was doing it when I was previewing this).

Re:Doubleclick Privacy: 404

[Amazing+Quantum+Man]

Not IE's fault. It's the lameness filter. If you want to post a URL, use tags.

Re:Doubleclick Privacy: 404

[Skapare]

I got a 1x1 pixel transparent GIF file. But that is because I directed all queries for anything in doubleclick.com (and some others) at my DNS server over to a special IP address on which my web server always delivers that 1x1 pixel transparent GIF file no matter what URI is requested. It even does it on HTTPS (self signed cert).

Here is my list:

• atwola.com
• dotsteraffiliate.com
• doubleclick.com
• doubleclick.net
• hitbox.com
• hitprofile.com
• porntrack.com
• clickfinders.com
• network.realmedia.com
• qksrv.net

Education?

[evilviper]

[...] an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.'

Does that mean we're going to see 'truth' commericals about web privacy like we see about cigarettes?

Every day, thousands of browsers die due to an overdose of cookies. Friends don't let friends save cookies.

Ad-Aware deletes their cookies

[Tinik]

I've found Ad-Aware to be a great tool for pulling out all kinds of spyware, including Double-Click's and other's cookies.

http://www.lavasoftusa.com/ to download.

Best way to handle doubleclick

[tijsvd]

# cp db.localhost db.doubleclick
# cat << EOF >> named.conf
> zone "doubleclick.net" {
> notify no;
> type master;
> file "/etc/bind/db.doubleclick";
> };
> EOF

Re:Best way to handle doubleclick

[Skapare]

My setup is a little more sophisticated. It sets the address for *.doubleclick.com (and others) to a special web server configuration which always delivers a 1x1 transparent GIF no matter what URI is requested. Bam, no tracking, and a clean substitute for ads.

Dont care havent seen a DoubleClick AD in Months

[Ozor]

This the best thing to happen since Mozilla. http://www.adshield.org/ Freeware ad and popup blocker. FU M$ and your explorer. Learn what people really want.

Protection from aliens and ADVERTISERS

[Kristoffor]

I always wrap my computers with aluminum foil to prevent aliens and advertisers from sucking personal data about me into their databases. Also wrapping your tv in foil prevents the subliminal messages from the government from taking hold of your thought processes.

Re:Protection from aliens and ADVERTISERS

Actually, making a Faraday cage like that around my TV blocks all TV reception... wait, that was the point, wasn't it?

It would be fair to doubleclick

[PrimeNumber]

if the FBI would give people access to their profiles....

Funny how the US Govt doesnt get fined for the same type of Carnivore related privacy violations.

Re:Breast enlargement ads

[phorm]

So whenever my girlfriend uses my computer it will add more fun things to my profile, and I get can breast enlargement ads in addition to penile-enlargement ads? I'm sure most of the information they have on a large amount of users is more-or-less useless...
Hmmm... doubleclick is reading in that a user likes websites about uses for gerbils that certainly aren't sanctioned by my local petstore. Of course, the user was just looking for pet food supplies and found that gerbillove.com isn't actually to do with standard affection for your fine furry friends. That won't stop google though, so now you can enjoy the pleasure of having your email address added to lists such as "gerbilfetish" and "rodentlust" etc etc

And you wonder how they got your email address...

That's it?!

[fire-eyes]

Good lord, what a weak settlement.

Add something like this to your firewall!

#block doubleclick.net
block return-rst out on ep0 from any to { 208.32.211.0/24, \
216.73.80.0/20, 208.228.86.0/24, 204.176.177.0/24, 205.138.3.0/24, \
63.168.198.0/25, 63.160.54.0/24, 63.166.98.0/24, 65.167.64.0/22, \
208.10.202.0/24, 64.240.193.64/26, 199.95.206.0/22 }

block in on ep0 from { 208.32.211.0/24, \
216.73.80.0/20, 208.228.86.0/24, 204.176.177.0/24, 205.138.3.0/24, \
63.168.198.0/25, 63.160.54.0/24, 63.166.98.0/24, 65.167.64.0/22, \
208.10.202.0/24, 64.240.193.64/26, 199.95.206.0/22 } to any

lol can you say

loopback host address. I've not seen a doubleclick ad in quite some time. Ad-aware pulls their cookies, so I don't have too....

DoubleClick obfuscator?

[mirio]

I've thought of doing a Mozilla (I.E. too, maybe) plug-in that would do the following when loading images:

1) check for untrusted domains...e.g. doubleclick
2) check for images being loaded with some id being appended to the query string (e.g. embedded e-mail images that alert spammers when someone opens a mail.)

This plug-in would disect the number and generate a random number in a similar format and send that number in the cookie or the query string as the case may be.

This would ultimately render doubleclick's business model useless (well, assuming everyone would use such a plug-in). And as far as I see it, it's fair game since I *never* gave them (direct) permission to collect information on me in the first place.

Re:DoubleClick obfuscator?

[Sylver+Dragon]

If you do make one of these, please, please, post it on /. so people like me can find it. I'm not a programmer, and as such, probably couldn't put something like this together. However, I would love to be able to start dumping junk into the databases of these companies. The more tools we have to generate a low signal to noise ratio for these marketing drones, the better off we'll all be.

Moo.

This is the result of two simple axioms: 1) Most software is very bad. 2) You usually get what you pay for.

Now, of course these two are not absolutes, and in particular the validity of number 2 could be questioned on a number of grounds. But companies aren't just paying for the software itself, they're paying for the entire process. And they beleive that if you invest in a process, you can achieve a better result than trying to guess which inexpensive option won't blow up in your face six months down the road.

Re:Dont care havent seen a DoubleClick AD in Month

[Skapare]

My DNS server sends all queries for doubleclick.com and doubleclick.net (and some others) over an HTTP/HTTPS server that for any URI requested, always delivers a 1x1 transparent GIF. Bingo, no ads, and nothing tracked.

I AM Doubleclick!

[beekr]

Says so right here in my hosts file: ads.doubleclick.net 127.0.0.1 ...funny, I don't remember being notified of an investigation.

Doubleclick and the Post

[Ndog]

Ummm, there is a large insert near the beginning of the article stating that the Post's website uses Doubleclick to serve ads.

How Persistent?

[Mryll]

I've firewalled out doubleclick's stuff a long time ago, but I was wondering how they key the stuff in their database. Is it keyed by the cookie, or something more persistent on the client machine? I.e., if somebody runs Ad-Aware and deletes a doubleclick cookie, then receives another different one the next day on the same client machine, does it break doubleclick's correlation of the prior and later data? Somehow I'd be surprised if it does...

Opt-Out Installs a Cookie

[Bri3D]

I know there are reasons behind this, but it is very funny to me that DoubleClick's "Cookie Opt-Out" installs a cookie. Rejecting it gives you a error page.

MSIE has done a briliant thing!

[holgie]

yeah I know I'm not supposed to say that sort of thing here - but they have!
In MSIE6.0 you can block (and I believe it's default) secondary cookies, meaning cookies originating from secondary items like banner ads. This actually blocks doubliclick in the right way. Think about it!
Cookies are a good thing. And people are generally way too paranoid. "I have disabled cookies" is really a sad statement.

Re:But, but--authorities say "Cookies are harmless

[alexburke]

I think Slashdot should rethink its connection with DoubleClick.

Once x% of the Slashdot community subscribes, I'm sure Slashdot will do away with ads altogether.

However, until that point in time, we can go fuck ourselves -- we'll take what we're given, and we'll like it.

Personally, though, I haven't seen an ad on Slashdot for quite some time indeed. Oops.

you never had privacy.

get over it.