DoubleClick Settles Privacy Investigation

guttentag writes "DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.' It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles. However, it will continue to use to track users with cookies. The Washington Post also has an article, but it is conspicuously missing the standard disclosure statement that informs readers of The Post's business relationship with DoubleClick." Well, let me be sure to point out then that Slashdot also serves Doubleclick ads. If you recall, this all started when Doubleclick merged with a database company and announced plans to merge its online and offline databases.

Profiles

[Delrin]

What? Are they like Equifax and the other credit agencies now? "Access to their profiles". Let me guess, this will involve making 10 phone calls, waiting on hold. Where's the URL man!?

Doubleclick makes me happy ...

[YeeHaW_Jelte]

... that I get prompted by mozilla before I accept cookies.

Bank of America

Doubleclick will sell to anyone, and I can't believe that some people buy into it. For example, I have an account with Bank Of America, and one day while I was checking my account balances I noticed that mozilla was loading something from doubleclick. I looked at the page and there were no ads to be seen. I checked out the HTML source and sure enough they were loading a 1x1 transparent gif from doubleclick. Now, could someone please explain to me why Bank of America would be interested in doing that? The only possible reason they could be doing this is:

1) Doubleclick is paying them an assload of money to do it.
2) BOA is receiving browsing profiles for their banking customers.

Those are the only possible benefits I can see from this whole thing. Any comments?

Re:Bank of America

[geekoid]

3) The web designer has a dbl click account, and is sticking a link on every page he does.

Re:Bank of America

[jesterzog]

I'm not a BOA customer, but presumably there's an online privacy statement or a terms of use somewhere. It should state what information is collected and how they use it.

Have you read it?

If it doesn't say anything, just phone them up and ask them.

cookie blocking

[Apreche]

its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it. I have yet to see a cookie that serves a dual purpose of tracking you and doing something useful, like a shopping cart. It seems that doubleclick and other ad companies always use separate cookies from that of the site advertised on.
So until they find a better way to do it, I don't think they are going to get me.
As for all this stuff they are doing. Allowing users to view profiles. Paying for "education" etc. It's all just the usual. They do a few things to make themselves not look like a horrible evil. Whoever is pestering them has to lay off for a bit, and they continue business as usual.
Does anyone know if doubleclick is currently profitable? I mean considering how banner ads don't work, how can a company that relies on them still exist?

Re:cookie blocking

[Christopher+Bibbs]

Tracking by IP only works if the users have static IP addresses and aren't using proxy servers. So that basically takes care of dial-up, most broadband, and corporate web surfers. Cookies, however, are per user (when the browser allows them).

So um? get educated! ;)

Re:cookie blocking

[ishark]

its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it.

Same here. And with galeon after doing what I need I open up the cookie dialog, select the cookie I just accepted and hit "remove and block"....just in case :)

And don't forget the option "limit maximum lifetime of cookies to this session" in Mozilla... (hmm I wonder when galeon will add it as well...)

Re:cookie blocking

[Christopher+Bibbs]

And what if it shows the same IP hitting different websites at 10:48:01, 10:48:13, and 10:48:37? Is that a single user jumping around or multiple users behind a proxy? Hard to say.

Bottom line, tracking by IP address doesn't work. Too many users work through proxies or beind NAT routers and then DHCP and dial-up further complicate things.

Getting "creative" with data is a way to fool a customer. Real results require solid methods.

So um, quit being stubborn!

Ironic..

[Frank+of+Earth]

Slashdot also serves Doubleclick ads

Yeah, I know. I find it really amusing when the topic is the typical MS bashing post and there is a huge ad for Visual Studio.net

Time to have some fun

[hrieke]

'Correct' your profile to be a 80 year old trans-gendered, trans-racial, Alaskian arc-welder living in New York with a disposible income of $125,000.
That aught to cause a few people to pause.

Or just change your address to match double click's...

Remember- the data is only as good as you give it.

Re:Time to have some fun

[onion2k]

Just coz I happen to be a skilled manual working eskimo with gender and race issues living in the Big Apple doesn't mean you have to take the piss. Oh, and happy octogenerian birthday to me.

They can't track me!

I redirected all doubleclick.anything names to localhost long ago. Problem solved! (Of course there's always junkbuster too)

One Word

[dusanv]

Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)

D.

Re:One Word

[Jucius+Maximus]

"Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)"

Yeah but there are always web bugs. You'd better get yourself a hosts blocking list.

Personally, I swear by /etc/hosts or /winnt/system32/drivers/etc/hosts, wherever the circumstances apply.

Re:One Word

[Jucius+Maximus]

"You can set Mozilla to block images from sites. That will block the web bugs that are images."

Of course you can. (Was the checkbox added back to the GUI in 1.1? I haven't got it yet.)

But sometimes I use opera or even IE for stubborn sites and then my image blocking does not carry over.

Ips don't work as well as cookies

[autopr0n]

Well, IP address for a lot of dialup users are reassigned each time they connect. For AOL users, this means millions of possible address. Given that AOL has something like 40% market share in the US, IP based tracking won't work that well.

On the other hand, cookie based systems work well, and are linked to user accounts on specific computers.

Opting out is done by setting the double click cookie to zero or something, and it seems to work pretty well.

I remember opting out and starting to see ads for feminine hygiene stuff. Maybe it was really a kind of punishment :P

Well..

[autopr0n]

Most of the time, when more then one person uses a computer frequently, multiple user accounts are set up.

Under windows (as well as most unix installs) A persons cookies will be linked to their user accounts, not the PC itself.

And yes, most families really do have seperate user accounts set up.

Profile access might be a scam

[chfn]

What would be better than making you "sign up" to view your profile? Just for authentication, you know, to make sure nobody else accesses it "by mistake". Then, they'd have names and email addresses to go along with browsing profiles, if they don't have a match for every one already. Neat trick, if you ask me.

Double click as Big Brother

[ziriyab]

So this screen we sit in front of has some machinery behind it that can track our activities and behaviors? You say it's merging like crazy consolidating databases? Nice. How very 1984.

Disinformation

[JanMark]

Would it be possible to write a program that feeds disinformation to doubleclick? If 5000 people would download it (I might) and run it on theire xDSL modem... How fast would theire database be turning bad? And if their statistics are wrong, their business is gone.

How does one wirte such a jammer-program?

Re:Disinformation

[flonker]

A simple way to sour their database is a cookie sharing scheme.

• You have a P2P cookie sharing proxy server.
• You get sent a request for a cookie.
• Your proxy computes a random chance of creating a new cookie, or using an existing one
• If it decided to use an existing cookie, it searches the P2P network for a cookie that matches the requested cookie, and uses that cookie.
• If it decided to create a new cookie, or if it didn't find any existing cookies, then it requests a new cookie, and uses that one.
• Whatever the new results of the cookie are are saved, and shared over the P2P network.
• Cookies are used consistently per session. ie. you only request one cookie per website per 20 minutes, for example.
• Another mechanism that may be necessary is a cookie checkout mechanism, where each cookie is used in only one session at a time.

The two problem with this is that you have to explicitly decide which cookies you want to share, as I'm sure not everyone wants to share their cookie saved slashdot login. And you'd have a problem with the possibility of your bank account being linked to a randomly generated browsing profile, or something similar. Neither of these problems are insurmountable, but they need to be addressed.

double click ads blocked

[Skapare]

Well, let me be sure to point out then that Slashdot also serves Doubleclick ads.

Well, let me be sure to point out then that Doubleclick ads are blocked here. So when my Slashdot page comes up, regardless of whether the Elite Monkeys generate it, or the Random Elephants generate it, or the Barrel of Psycho Mummies generate it, if it has images that refer to any server in the doubleclick domain (and a few others), they come up blank (a 1x1 transparent GIF is substituted). If Slashdot wants to be sure to maximize revenues, it should either be sure it charges for providing the tag, even if the image is never loaded, or make sure a different advertising source is used (which may be hard if the advertiser wants to use doubleclick ... but then, those are going to be advertisers that are not going to generate as much revenue for this very reason). As I edit this comment, I'm seeing a banner ad for OSDN's PriceCompare. I may check it out later when I'm bored.

Oh yeah...

[Balinares]

I must say, I just love it, in a perverse kind of way, when MS actually pays Slashdot to host their own bashing.

Sometimes, life's just too good. :)

But, but--authorities say "Cookies are harmless"

[dpbsmith]

Two or three years ago, all the newspaper computer columns were full of "don't worry, be happy" explanations of why cookies cannot be used to identify individuals. They stated authoritatively that there was NO POSSIBLE WAY cookies could be used in this fashion and "explained" the "technical reasons" behind it.

For example, Infoworld columnist Fred Langa says here that "To me, cookies seem pretty harmless. Despite commonly-voiced concerns among the anti-cookie faction, cookies (or the JavaScripts that create them) won't let website owners surreptitiously figure out who you are, for example... My advice: leave cookies turned on; the real benefits far outweigh the very small risks."

Indeed, a Google search on "cookies cannot be used to identify individuals" turns up 21000 hits--mostly in Web site's privacy statements.

DoubleClick's motto: when it comes to invading privacy, we do the "impossible" every day.

I think Slashdot should rethink its connection with DoubleClick.

Proposed Cookie 'Extension'...

[vofka]

Perhaps all the Cookie Paranoia could be put to rest if there were a mandatory extension to the existing Cookie Protocol which indicated the 'type' or 'use' of a particular cookie, examples could include:
** Session Tracking
** Shopping (Carts etc.)
** Advertisers and Profilers (such as Doubleclick)
And possibly a variety of others.

Once such a system was in place, a user should be able to select whether to Accept, Reject or be Prompted for cookies of each type.

The only problem would be getting the adertisers to use their 'designated' cookie type...

Re:Proposed Cookie 'Extension'...

[Skapare]

Another option would be to have everything that jumps between domains (possibly for domains that are configured, or domains not configured to be exempted) have the HTTP "Referer" header suppressed, or forged. That would create the brick wall boundary between domains where information cannot as easily pass between, through your server. Cookies cannot be retrieved across domains, but by associating the cookie you get from the image with the domain in the "Referer" they can still track what domain you are surfing.

BTW, I do have cookies on, but each new instance of my browser creates a whole new context to run in (which it thinks is my home directory), which means an empty set of cookie each time. So I just make sure I start a new instance each time I go to another site.

Education?

[evilviper]

[...] an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.'

Does that mean we're going to see 'truth' commericals about web privacy like we see about cigarettes?

Every day, thousands of browsers die due to an overdose of cookies. Friends don't let friends save cookies.

Re:Doubleclick Privacy: 404

[Tribbles]

Try removing the space in the second "privacy", and it works. For some reason (probably IE's fault), the URL always ends up with a space in it (it was doing it when I was previewing this).

Protection from aliens and ADVERTISERS

[Kristoffor]

I always wrap my computers with aluminum foil to prevent aliens and advertisers from sucking personal data about me into their databases. Also wrapping your tv in foil prevents the subliminal messages from the government from taking hold of your thought processes.

Re:Doubleclick Privacy: 404

[Amazing+Quantum+Man]

Not IE's fault. It's the lameness filter. If you want to post a URL, use tags.

Re:Doubleclick Privacy: 404

[Skapare]

I got a 1x1 pixel transparent GIF file. But that is because I directed all queries for anything in doubleclick.com (and some others) at my DNS server over to a special IP address on which my web server always delivers that 1x1 pixel transparent GIF file no matter what URI is requested. It even does it on HTTPS (self signed cert).

Here is my list:

• atwola.com
• dotsteraffiliate.com
• doubleclick.com
• doubleclick.net
• hitbox.com
• hitprofile.com
• porntrack.com
• clickfinders.com
• network.realmedia.com
• qksrv.net

Re:Dont care havent seen a DoubleClick AD in Month

[Skapare]

My DNS server sends all queries for doubleclick.com and doubleclick.net (and some others) over an HTTP/HTTPS server that for any URI requested, always delivers a 1x1 transparent GIF. Bingo, no ads, and nothing tracked.

Re:Best way to handle doubleclick

[Skapare]

My setup is a little more sophisticated. It sets the address for *.doubleclick.com (and others) to a special web server configuration which always delivers a 1x1 transparent GIF no matter what URI is requested. Bam, no tracking, and a clean substitute for ads.

Re:DoubleClick obfuscator?

[Sylver+Dragon]

If you do make one of these, please, please, post it on /. so people like me can find it. I'm not a programmer, and as such, probably couldn't put something like this together. However, I would love to be able to start dumping junk into the databases of these companies. The more tools we have to generate a low signal to noise ratio for these marketing drones, the better off we'll all be.

Re:But, but--authorities say "Cookies are harmless

[alexburke]

I think Slashdot should rethink its connection with DoubleClick.

Once x% of the Slashdot community subscribes, I'm sure Slashdot will do away with ads altogether.

However, until that point in time, we can go fuck ourselves -- we'll take what we're given, and we'll like it.

Personally, though, I haven't seen an ad on Slashdot for quite some time indeed. Oops.