Slashdot Mirror
Google Using DoubleClick Tracking Cookies
dstates sends news coming out of the letters the House Energy and Commerce Committee sent to a number of broadband and Internet companies about their policies and practices on user tracking. The committee has now made public 25 responses to its queries, and many companies, including Google, acknowledge using targeted-advertising technology without explicitly informing customers. The Committee is considering legislation to require explicitly informing the consumer of the type of information being gathered and any intent to use it for a different purpose, and a right to say "no" to the collection or use. The submitter notes that, while Google denies using deep packet inspection, if the traffic is a Google search or email to or from a Gmail account, Google does not need DPI to see the contents of the message. "The revelations came in response to a bipartisan inquiry of how more Internet companies have gathered data on customers. Edward J. Markey (D-Mass.) said 'Increasingly, there are no limits technologically as to what a company can do in terms of collecting information... and then selling it as a commodity to other providers.' Some companies like NebuAd have tested deep-packet inspection with some broadband providers Knology and Cable One. Google said that it had begun to use the DoubleClick ad-serving cookie that allow the tracking of Web surfing across different sites but said it was not using deep packet inspection. Google promotes the fact that its merger with DoubleClick provides advertisers 'insight into the number of people who have seen an ad campaign,' as well as 'how many users visited their sites after seeing an ad.' Microsoft and Yahoo acknowledge the use of behavioral targeting. Yahoo says it allows users to turn off targeted advertising on its Web sites; Microsoft has not yet responded to the committee."
1. Turn off cookies globally.
2. Turn on cookies for sites that need it by hitting F12 and hitting 'Accept cookes only from the site I visit'.
Done. No more doubleclick cookies.
My blog
Did anyone really believe Google wasn't doing this?
Translation: "better start donating to our campaigns."
Cynical? Yeah, I'm cynical. You don't get as old as me without being either stupid, cynical, or both. My bet is the legislation will either die in committee, or be watered down to the point of meaningless, or voted down.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
why would they NOT use doubleclick's cookies? Did you think they paid $LARGEAMOUNT for doubleclick just to shut them down?
Do you even lift?
These aren't the 'roids you're looking for.
I usually just single-click any urls I come across.
And slashdot uses doubleclick & google-analytics as well.
Try disabling scripts with firefox "noScript". I think /. is more readable without allowing doubleclick.net & google-analytics.com
don't cut it off www.mgmbill.org
Ahem. STOP SPENDING MY TAX DOLLARS ON THIS CRAP.
Anyone using a computer who doesn't understand why they shouldn't accept all cookies and scripts and click on everything shiny deserves (yes, really!) to have their actions remotely monitored and the resulting data sold to the highest bidder.
I don't want to drown in regulation just because some idiots can't be bothered to pull their collective head out before they use their systems.
cogito ergo dubito
Be Evil.
Ubiquitously - A Ubiquity Developer Community
Ummm, isn't this exactly what we would expect them to do with all that information? The only people who should be surprised by this are the ones who have no idea how the internet works. That said, there are plenty of workarounds, including limiting accepted cookies only to sites you specify, or having your browser clear everything out upon closing. Sure it doesn't totally fix the problem (assuming you consider it a problem), but it certainly does limit the amount of tracking they can do.
This guy's the limit!
"Don't Do Eval". not "Don't Do Evil". The guys at Google wanted to make sure all the employees wouldn't use the eval command to create possible security holes by executing string.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Google makes it easy to opt out of the doubleclick tracking cookie:
http://www.google.com/privacy_ads.html
"Anyone may opt out of the DoubleClick cookie (for both the Google content network and DoubleClick ad serving) at any time by clicking the button above."
You're using Opera.
Not a problem as I don't ever see adverts, as I use Firefox, nscript and customised userContent.css and userChrome.css files. At least while I still have legal control of my computer.
davecb5620@gmail.com
I used to always block doubleclick cookies. I'd hate to lose all my stored google cookies, so which ones do I need to block?
their motto is "Don't be evil"
...With or without Yahoo's option.
AdBlock Plus
Google collects data that is the core of their business model using all possible legal means!
How dare they! I'm so *totally* shocked.
In this day and age, just block all cookies by default, and allow ones from sites you use. This will even block "doubleclick" cookies as those aren't from the site you are visiting.
This doesn't address IP address, but it is a step.
Honestly, I dont care about the legit uses anymore this stuff is so out of hand that I am helping lots of people non techy and techy alike to install blocking hosts files and privoxy on their home computers to eliminate this crud.
Friends dont let friends surf the net without adblocking.
Do not look at laser with remaining good eye.
CS Lite
This will let you block all those types of cookies, and as well give you MUCH better cookie management in Firefox. It lets you just deny cookies globally and just enable them for sites you want, without being a total pain in the ass
Combine that with Adblock Plus, with the tracking filters, and you can get past all this tracking stuff without having to use no-script, which considering how javascript heavy most sites are today, is like swatting a fly with a sledgehammer
After they sort this cookie stuff out, I hope they hold a House Commity on forcing DoubleClick (google) to make an ad-server that doesnt crash every 5 minutes (or at least one that you can log-into with firefox). -Disgruntled Ad Trafficker
I find it ironic that this government, who greedily gobbles up vast volumes of data at every opportunity, would be barking up this tree.
Google's targeted advertisements seems reasonable; When you decide to use their free services, you should know that advertising is a part of the deal.
Broadband providers using DPI, on the other hand, is like the USPS opening your private mail and then profiting off of what they learn about you. It's all about the expectation of privacy. Broadband providers need to transfer bits and stay out of the content business. If they start doing this, there will be no way to use the internet with any modicum of privacy.
You see, they don't just get the cookie, they also get the referrer field, so Google doesn't just get to see that it is "Nicholas Weaver" who's surfing the web, but can see that I am composing a reply to this article, because the referrer field in the doubleclick adds and google analytics on slashdot allow them to know this!
Test your net with Netalyzr
I've been blocking any and all traffic from DoubleClick in my router's hardware firewall practically since the day I bought it. Sometimes I'll click on a link to something completely innocuous, the firewall says "Blocked", and after doing a little investigation, I see it was trying to track my click from DoubleClick. Just say NO to Big Brother's Cookies.
Or use Firefox and uncheck Accept third-party cookies in the Privacy Options. Or use Internet Explorer and block third-party cookies. Or use Safari and disallow third-party cookies. I don't see any reason to switch browsers just to access a basic feature.
What a fool believes, he sees, no wise man has the power to reason away.
It seems like DoubleClick is Google's evil twin. When Google wants to get something using "do no evil" it is Google, if they want to do something that is evil, they use DoubleClick
Taxation is legalized theft, no more, no less.
The submitter notes that, while Google denies using deep packet inspection, if the traffic is a Google search or email to or from a Gmail account, Google does not need DPI to see the contents of the message.
Google can read your Gmail? Shocking! Who doesn't know this?
This isn't news to me. I proudly wear a tinfoil hat and therefore have always assumed Google and every other search engine does everything technically possible to track my internet usage. And I behave accordingly. Firefox deletes ALL private data each time I close it. I don't do ANYTHING on the Internet that would be upsetting if it were public knowledge.
So, you see, those of us wearing tinfoil hats aren't recluses that hide in the forest and survive on nuts and berries to avoid the grid. Instead, we are people who simply avoid the grid if and when we do want privacy and don't get upset when we get some confirmation of what we've known all along: the grid ain't private.
And as for targeted advertising, everyone's got it all wrong. Targeted advertising is the ONE thing that I DO want them to track me for. After all, seeing ads for things I might actually want to buy rather than crap I don't want is a Good Thing. Targeted Advertising IS consumer friendly. It's feeding the data into health insurance eligibility and credit scores and potentially inaccurate data into legal proceedings that's scary.
So everyone needs to stop worrying about advertising and start demanding that congress pass a law stating that if a company collects information about you and shares it with a third party without your explicit consent, that information is considered "public" in that it can count towards liable claims. Don't worry about what they share. Worry about your right to sue them if sharing the info causes you harm.
Maybe it's just me, but has anyone else noticed the pattern of a roughly daily "Google invades your privacy" story?
I'm not saying they're accurate or not: for all I know it's just an astroturfing campaign. It's just a significant trend around here.
I am officially gone from
n/t
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Even if Google is doing this, why does it matter? How is this affecting privacy? I don't care at all if Google knows that I did a search on ATi motherboards or NASA's R&D or how to pronounce Russian words.
If they want to do this to improve targeted advertising, go ahead. I'd rather targeted advertising than random advertising since no advertising isn't an option.
If it can figure out that I don't ever want to see any ads from Microsoft, Adobe or RealNetworks, then it can't be all bad.
Full Disclosure is the only thing I think Google needs to have, which it appears they already do. If you disagree and want to opt out, there is an easy solution (use another search engine). What I personally care about, is if my Internet Provider starts doing this. I believe there is a big difference between the 2.
Isn't DELIBERATELY having all your email intentionally sent to Google, about as opt-in as things can get? We have known all along that Google reads the email that the users opt to have sent to them.
I am starting to really get pissed off at the weirdo "modern" privacy movement. It used to be that we worried someone was watching us. But now we're taking active steps to push our "private" information into other people's faces, while still expecting them to not pay attention to what we are giving them. It's starting to get really absurd.
The first step to protecting your privacy isn't to regulate the spies. No, the first step is to stop cooperating with the spies. If you won't take that step, then your privacy obviously doesn't mean jack shit to you, so quit crying to the government to do something about it.
Stop sending I-looked-at-this-webpage packets to doubleclick. Stop sending your private email to Google, and stop sending your search requests to Google. You are giving them this stuff. You fucking opted in.
I want a cookie! (Evolution Control Committee, 37.2 MB, MP4 video)
Funny : the "opt out" allso uses a cookie.
Whats worse is that, according to *their own info* I have to 1) accept *ALL* third-party cookies and 2) lower my security-settings to enable those cookies to work.
Somehow I get the feeling that this "medicine" is, at least in my case and as far as I can tell, worse than the desease.
And I'm not a 100% sure I understood the whole "cookies" thing, but as far as I can tell that "opt out" cookie can be used (assuming some sort of unique number is stored in it) as easily for tracking purposes as any other cookie.
So, anyone knows what the contents of this "opt out" cookie are (my guess there is some sort of unique number stored in there (so they do not mix-up your opt-out with anybody elses ...) ) ?
For a medium sized network, I often run a DNS server where I create false zone files for infamous domains with wildcard records, such as the ones associated with the doubleclick service.
On the positive side, I see far less ads on the net. On the negative side, when I go to a web site that makes use of the associated cookies, I get javascript errors. The src location of the javascript script is on one of the domains, ad.doubleclick.com.
Steve Gibson would say.. 'instead of running javascript on all sites, only turn it on for sites that you trust'. Oh well.
GMail is great so long as you feel you can trust Google. They aren't quite at the point where I distrust them, but they're heading that way, and it's just a matter of time anyway. (And once you no longer trust them, it's too late because they own your old mail.)
So what are some decent alternatives to gmail? I want something independent of my ISP, and it's going to have to be a pay service since I don't want ads. They have to have a decent privacy policy, secure IMAP, and be likely to exist for 5+ years without being bought by MSyahoo, etc. Does this exist?
Damn, gmail was so seductive.
The developers of Firefox removed the option to disable third party cookies in Firefox 2.0 and later, stating the reason that it was not possible to block all third party cookies with this function.
There are basically two options to disable third party cookies in Firefox 2 versions.
The first would be to disable it manually by opening about:config from the address bar. Search for network.cookie.cookieBehavior and take a look a the value. If it is set to 0 you accept all cookies, 1 means you only accept cookies from the same server, 2 means you disable all cookies. Setting it to 1 has the same effect that the option in the old firefox browsers had: it disables third party cookies.
You could install an add-on as well that blocks third party cookies. One of the many extensions that does that is called CookieSafe. This one makes it possible to disable all cookies and allow them only for specific sites (whitelist).
Palaces, barricades, threats, meet promises
If Google can assert its legal terms just by publishing them (on something less than its homepage), then users can assert their own terms of privacy protection just by publishing them! What do you think? --Ben http://hack-igations.blogspot.com/2008/05/google-privacy-policy-terms-of-service.html [This is not legal advice for anyone, just a topic for public discussion.]
Benjamin Wright, Dallas, Texas, benjaminwright.us
They could go back to the three times daily "Comcast is f*cking with the internet" stories.
I've always found something like this or this is pretty effective.
This sig intentionally left blank.
Google is Doubleclick on steroids. They know more about you from their own cookies and services than from Doubleclick trackers. If you're concerned for your privacy, don't use Google tools, period.
That's not only overkill, it's annoying. Just do the "Accept cookies only from sites I visit" part and be done with it.
Besides, disabling cookies hardly stops them from tracking you. They could still hit you with a doublescript.js, which can be much more invasive than a cookie. Their server could glean your browser history based on link color, instead of just track you around affiliated sites. And most doubleclick site already drop doubleclick javascripts on you for banner rotation. All doubleclick has to do is change their code a bit if they aren't doing it already. At least with cookies, they have to be affiliated with the website to know you've been there.
You also need to disable swf files because they can store info cookie style too. You might diable cookies, but if you load doubleclick SWFs you're just as screwed.
Personally, I just use Omniweb and since I can filter links with perl-like regular expressions, I just drop everything from doubleclick... among other offenders.
I can understand popups or those stupid fucking overlays (I'm looking at you IMDB) but for the love of God what is your phobia of ads? I bet if Gmail started charging for service a shit load of you guys would jump ship. How do you propose some sites fund themselves to even break even on the internet. How inconvenient is a text ad on the side of the screen when you're searching the web or using google's email service. Some of the more annoying Flash ads with sound I most definitely block but if it's non-intrusive, subtle enough, and targeted, why do you give a shit. Blocking every ad is a shitty thing to do, especially if you're going to a site and consuming their content that they don't charge for. Sure they don't have a God given entitlement to make a profit but don't be surprised when more sites start restricting their content to premium users because of paranoid ad blockers like you.
"Deep Packet Inspection" is a buzzword from dumbasses who don't understand technology. It means "we had this information before, now we're looking at it." DPI means that rather than forwarding a packet, they forward AND examine it. This is like being handed a clear plastic bag full of pot to deliver to the guy in the next town, and claiming you're not aware of the contents; it's RIGHT THERE if you take a look. No special tools or manipulation of any persons or machines. It's just THERE.
Support my political activism on Patreon.
That people who used Gmail for anything remotely personal are fucking nuts. 5 years, 10 years down the road do you really think that all of your personal Gmail information won't be either a) sold to advertisers, insurance companies, and financial institutions and b) stolen by hackers?
The original Google founders have no idea what a monster they are creating. An essential, and most times helpful monster, but a monster none the less that will someday turn on everyone. I'm looking into only using a proxy for all Google searches, you should too.
If you wanna get rich, you know that payback is a bitch
They added the function again in firefox 3.0, so it is again possible to block third-party cookies without any extensions or other software than just a fresh firefox installation.
Does it really surprise everyone that Google invades people's privacy...
Fortran is for pimps.
Does Google still accept the old Doubleclick opt-out cookie?
doubleclick.net TRUE / FALSE 1920499288 id OPT_OUThome
it is the only cookie that loads when my browser starts.
Of course Firefox had to change with 3.0 so I can't read the cookie file now, dumbasses. Why does it have to be sqlite instead of text? It doesn't get saved anyway.
Professional Politicians are not the solution, they ARE the problem.
By getting relevant ads, doesn't that mean you're not seeing those smiley GIF's that scream HELLOOOO and SAY SOMETHING when you visit your Hotmail? Aside from information being in the wrong hands, what's the real problem here?
127.0.0.1 google-analytics.com
in our hosts file...
Advice: on VPS providers
Not all versions of major browsers behave the way you expect them to when you try to disable third-party cookies.
Check out Steve Gibson's cookie forensics page.
Here's a neat browser stats page showing graphically how GRC visitors have their 3rd party cookies configured by browser.
That's fine and dandy, until slashdot can't afford to host this site anymore because of $0 in ad revenue. Other than subscriptions, the web is fueled by advertising.
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
The developers of Firefox removed the option to disable third party cookies in Firefox 2.0 and later
How about checking your facts? I can see the option perfectly fine in my Firefox 3.0.1. To access it, click Tools -> Options, and then the tab Privacy.
Not routeable so doesn't go anywhere.
If you use a 10. net (dunno why, 192.168. net works for homes or small businesses) then use a 192.168 net.
There's so much advertising that even with targeting there's more crap ads than good ones and without (normal operating procedure) almost all of it crap advertising. It's a whole lot easier to IGNORE ALL ADVERTS than to work out which ones are relevant and worth looking into.
I only look at google ads when I'm looking to buy: I google the thing I want to buy and click on a link. I NEVER look at google ads (except to see "buy dark matter" on BOL.com or better yet "get dead infant girls to fuck" on Amazon [one day that snigger joke will see me in prison, I'm sure, and Amazon will get away scott free]).
When there was just a lot of advertising targeted ads would have been great. However, that's more expensive, so wasn't done. Then when people started blocking, they STILL didn't target ads, they just made them avoid our attempts to avoid them. Only when they were fucked because too many were blocking and the blocking getting too good did they think "maybe we shouldn't be giving blokes adverts to panty-liners" and ask about targeted ads. But they'd added more ads again and again because each blocked attempt made each advert worth less and so you needed more ads to make the same revenue.
Now it's too late.
Not really. I was intentionally taking conservative numbers, and focusing on the amount of information conveyed by the value (rather than the amount required to store it).
I think you mean 0..63, which is the same as saying 6..69, which gives reasonable coverage of 99.9% of the internet using population. But really, the information content is skewed, with the 12..50 age range giving much less information than the tail ends. To see this, consider that just knowing that someone is 115 years old today gives you their name, address, etc. because there is only one such person.
It can't really give you much more than 30 bits or so, since by that point you'd have uniquely identified the person. In practice, the limit is a little lower since many people often use (or could in principle use) any given machine. Realistically, it may take you down to a family at best, or a community (say, for a library or school computer).
There's quite a bit of redundancy there. For example, the MAC contains the manufacturer ID, which will typically be replicated across many devices.
It would give you all thirty if it were something only you were interested in. Otherwise it's limited to the binary log of the number of people who share the interest. So, for example, something like "mondrian" would give you a lot of information, while "breasts" and "chocolate" wouldn't tell you much.
Uh, no. A decimal digit only gives you about 3.3 bits, not 4. Remember, it's not how many bits it takes to store something in some scheme, but rather how much information it conveys that we are interested in here.
Not at all. Raising points like these that leads people to make their assumptions explicit, which is always a good thing.
--MarkusQ
Don't forget these, too:
127.0.0.1 www.google-analytics.com
127.0.0.1 ssl.google-analytics.com
While you're at it:
127.0.0.1 doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
There's CustomizeGoogle, a Greasemonkey script which will, among other things, randomize the replies to Google's cookies. Unfortunately, it's rather slow, and may result in Javascript "script running too long" errors. Right idea, though.
Flash ads on Slashdot are the reason I switched to Firefox sometime around 2003-2004.
100% cpu for an ad is not acceptable.
Firefox
Noscript
'nuff said
"If your parents never had children, chances are you wonât either." -Dick Cavett
You forgot the Evil bit.
How else do you propose to distinguish between me and my evil twin when I post anonymously? :)
(Besides the fact that he calls me his good twin.)
Like others have said, CookieSafe and CS Lite are like NoScript for cookies with the option to allow cookies for a specific site: permanently, for each session or once-off.
I currently use the above extensions as well as Adblock, Filterset.G and RefControl. The latter set to "forge" (send the root of the site as the referrer).
I consider these the essential privacy/security add-ons for Firefox. I'm interested if anyone has any others to add to the list.
Me lost me cookie at the disco.
The point is, I don't have to. I just prosecute you both for the (alleged) DMCA violation, or Guantanamize you both for (allegedly) being a danger to The Homeland, or whatever.
The point of the Evil Bit meme is that you can't build an accurate, effective solution to a fundamentally sociological problem with just technology. But there's no reason you can't put together a flawed, exploitable "solution" that is just plausible enough to cause no end of grief.
Look at it this way, if we believed that such tracking would work (provide accurate information of strictly limited scope with no potential for abuse) no one would object. No one is saying "DNS is evil because it allows people to stalk servers even when they move to a new IP address" or "Cell phone roaming technology X is evil because it never drops calls and routes incomming calls to the right places even when everyone's in constant motion."
The problem is, we think that tracking users this way is error prone, subject to abuse, and consequently inaccurate enough that innocent people get nailed for the supposed malfeasance of others.
--MarkusQ
"Blocking every ad is a shitty thing to do, especially if you're going to a site and consuming their content that they don't charge for."
Fuck you and fuck ads
- Google is destroying sourceforge (code.google.com)
- Google is a search monopoly
- Google markets to gullible developers by calling them fellow geeks
- Google stores your life's data on the web. Microsoft just did BSOD. What if Google does WSOD?
C'mon guys -- We need a new slashdot category gif for Google, like the swoosh on Bill's face.
Of course, turning off cookies helps.
But if you leave Javascript on, it's like closing the window while leaving the back door wide-open. Have you ever looked into what Google's "urchin.js" does? Cookies are harmless compared to that abomination.
For that matter, even those idiotic one-pixel GIFs track you.
The defense has to be more complex and multi-level to work.
Proposing such simple solutions
Constant vigilance.
At least, I think I found it.
Please stop stalking me, bro.
Please mod parent up; at least as informative (and far more useful to most of us) when compared to GP.
Ex vitio sapiens aleno emendat suum