Slashdot Mirror
Cookies, Ad Banners, and Privacy
When Netscape embraced-and-extended the HTTP spec in 1995, it was really just trying to digitize the shopping cart. Allowing a server to store just a few bits on the client added almost no overhead and it made many applications, such as shopping carts, very convenient.
Maybe it was deliberate; maybe nobody really cared; or maybe it was an engineer's simple distaste for tweaking a spec too much: but they allowed cookies to hang off GIFs as well as HTML, and that changed everything. There were probably ten people in the: world at that point who could have foreseen the explosion in banner ad traffic, yielding a multi-billion-dollar industry in less than five years.
Yes, billion -- the large banner-ad company DoubleClick merged with database firm Abacus Direct last year in a billion-dollar stock swap. How much is a billion dollars worth of advertising revenue on the net? At DoubleClick's current rate, it's about 750 billion banner ads. Think of it as four petabytes of GIFs.
And the vast majority of those GIFs just get ignored. When's the last time you clicked a banner? There aren't any precise figures, but the consensus is that the average click-through rate is dropping. Three percent click-through used to be good. Now a well-targeted ad will be happy to get one or two percent. It's hard work to make money from banners, and getting harder every day.
That's why DoubleClick, and firms like it, need to maximize their efficiency. Their income ends up depending on that click-through rate. The higher they can raise that number, the more they can justify charging their clients. Sending targeted ads becomes critical. And the only way to target you is to learn more about you.
The GIF cookie loophole makes this pretty easy. The first banner ad that your browser requested from a banner-ad company got a user ID cookie sent back with it. And - here's the key - since so many banner GIFs all come from the same company's domain name, your browser sends back the same user ID no matter which website you're viewing the banner on. Your user ID is being tracked all over the web.
In the case of DoubleClick, that's a fair number of sites. They won't talk to you unless you serve a million impressions a month - and their network includes 651 publishers which translates to who-knows how many websites. All told, they deliver a billion ads every two days.
Though the Internet Movie Database can't tell where else you've been on the web today, the company delivering its banners knows. That same company knows if you read National Review, TeenMag, or Dilbert. It knows if you're into professional wrestling or what cruises you were looking at on Travelocity. It even has some of your click history through WebMD.com.
The comforting thing has always been that, while the corporation may be able to follow your footprints around the web, at least they haven't known it's you who's making them. The disconcerting thing is, that's about to change.
Remember that billion-dollar merger between DoubleClick and the database company? This database company doesn't sell software. Abacus Direct uses databases to store names, addresses, and other information about people. In offices across the country, their computers have information on two billion purchases made from 1,100 separate consumer catalogs over the years, "representing virtually all U.S. consumer catalog buying households." Their CEO brags,
"Through the sophisticated use of state-of-the-art technologies and modeling techniques, Abacus' outstanding ability to synthesize vast amounts of data into valuable insights about individual consumer buying behaviors has proven itself to be an important marketing tool for our age."
That's why it's very interesting that DoubleClick's privacy policy changed earlier this month. Its text used to read:
"DoubleClick does not know the name, email address, phone number, or home address of anybody who visits a site in the DoubleClick Network. All users who receive an ad targeted by DoubleClick's technology remain completely anonymous."
That promise is gone without a trace from the new policy. The new policy reads:
"In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address."
Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database.
A little further down is the portent of things to come. There is "one particular Web publisher" in their network which collects a "log-in name and demographic data about users." Which publisher is that? They don't say.
Whoever it is, you may already have given it your name and address, perhaps to register for a contest, or maybe in exchange for reading its free content. Everyone does it; it's a small price to pay. DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website.
And if their programmers do their jobs right, it'll end up being a simple SQL query to join up your user ID, the name you gave the mysterious web publisher, your Abacus demographic data and catalog purchases, and the footprints you've left all over the net for the past two years, into a single big lump of your online/offline data.
To be fair, their privacy policy promises they won't start doing this without, er, changing their privacy policy:
"...should DoubleClick ever match the non-personally-identifiable information collected by DoubleClick with Abacus database information, DoubleClick will revise this Privacy Statement to accurately reflect its modified data collection and data use policies and ensure that you have adequate notice of any changes and a choice to participate."
Aren't you glad that, when DoubleClick revised its privacy statement on October13,1999, you were given adequate notice of how you were being tracked across the internet? (They've sent out 46 press releases so far this year. Informing you about weakening your privacy wasn't one of them.)
Things aren't as bad as they could be. One fortunate thing is that the banner-ad market isn't a monopoly yet. Not even close. Adbility lists over fifty ad networks, of which DoubleClick is just one of the larger ones (probably the largest).
But, when any rapidly expanding market starts to level off, the smaller and less-efficient companies get eaten. Nobody knows when the internet's growth curve will hit that point, but exponential expansion can't continue forever. At some point, the companies that can't send banner ads targeted to your community will get left behind. We'll end up with two, maybe three, meganetworks that deliver a large majority of the world's banner ads.
What can you do about it? To protect your own personal privacy, opt out of DoubleClick's cookies. Of course, this doesn't affect other banner-ad companies, who may or may not even offer this solution once they get as big as DoubleClick. It also doesn't help novice websurfers like your grandmother, who doesn't understand why she should refuse free cookies. More importantly, it can't ever be a real answer - if more than a tiny percentage of their audience ever opted out, DoubleClick would see the competitive advantage of their billion-dollar merger start to erode, and that'd be the end of that option.
What makes more sense is to close the cookie loophole. DoubleClick isn't the real problem; the HTTP spec is the problem. The browsers should change their implementation of cookies so that, by default, foreign sites can't send me cookies along with their GIFs. Why should cookies be allowed onto my hard drive if they aren't attached to the page I'm viewing?
Since DoubleClick's privacy policy claims that cookies "are not essential for us to continue our leadership," they should have no problem supporting this as the default behavior of every major web browser.
I don't log into the New York Times, nor Slashdot, nor anywhere else. It's easy enough to data-mine our lives as it is. Down with cookies!
Cause what else would they do out of the jar...?
Is your friend.
what is this alleged "junkbuster" of which you speek?
a lecture I attended here in the Universisty I study, conducted by a professor from the UCSB from Santa Barbara (yeah, I'm from Brazil, the guy traveled a lot :-) ). It was centred in web security and privacy. He, after talking about the many 4.0x releases of Netscape where he pointed what kind of security/privacy holes they found and asked Netscape to fix, raised the topic of the DoubleClick ads. He, if I remember well, said that the people from his lab (where they reserach, guess what? Security and privacy over the Internet) comdemned the company's attitude of tracing the steps of users to know about what are the sites they visit and stuff like that, but the company would care less about what they thought. It's a shame (for me) that I can't remember much about it, as it was quite some time ago. But it shows that, it doesn't matter what we want, these ad companies are only interested in their contracts, screw the people that are unfortunate enough to load one of their banners.
Please, monstar, go back and read the article before posting. It answers your question in full. In fact, I think you could say that cookies being used for spying is the topic of article itself.
... Your user ID is being tracked all over the web. ... while the corporation may be able to follow your footprints around the web, at least they haven't known it's you who's making them. The disconcerting thing is, that's about to change.
the only way to target you is to learn more about you. The GIF cookie loophole makes this pretty easy.
I would like to avoid being redundant, but I feel it is necessary to point out where exactly in the article you question was answered.
Don't even let them know what browser type you use! Block ads, block cookies, even lock HTTP referers! Block any peice of information you CAN! http://www.junkbuster.com/
Just wondering, ...
Why not 'ln -s /dev/null cookies' and send them down the bit bucket?
cd .netscape /dev/null cookies
rm cookies
ln -s
Well, privacy might not be sacred to YOU, but it is to ME> Here where I live... they have cameras everywhere. In traffic.and then they deliver the ticket to you.. in the mail. and if you dont pay up, they'll steal your car. They even have stop lights that will change to red, if you are speeding. Its like this- the front runner in the next presidential election has said "there ought to be limits to freedom" what kind of bullshit is that??? Someone peaks into my window, I'll stab them, or die trying....
Junkbuster rules !!! DIE YOU DAMNED, DIRTY APE ADVERTISERS!!!
Oh, and there IS a corner store where I live. It has about 7 aisles, and organic food. I stay away from megastores.
and yes, you are correct. In my early morning-before-coffee state, I mis-named that book. Oh well, you got meaning.
I was talking about privacy. Is not watching someone- wherever they are- in the shower,peaking through the fence, or window, following them around, invading their privacy?
# Following line is in my .profile file. # They can profile only one session. # then I'm clean again. # Plus I have dynamic IP rm -f ~/.netscape/cookies
# Following line is in my
# They can profile only one session.
# then I'm clean again.
# Plus I have dynamic IP
rm -f ~/.netscape/cookies
I've been using junkbuster for, maybe 3 years now, and it's the most useful piece of web-related software I know. See their site for related useful stuff (their anti-telemarketing dialogs are hilarious). If you want to control who gets your cookies, if you don't want to see another banner ad (or waste your bandwidth on downloading it, for that matter) - then junkbuster is for you.
The only way to go that wouldn't make you loose content would be to have a table of the domains you don't want to fetch images from. Or better: A table of regexp's for the absolute URL, to determine whether to fetch it or not.
But I know that a credit card purchase is tracked. If I don't want a purchase tracked, I make the choice not to use the card. Lots of people overlook cookies, and as you say, they allow even your browsing to be tracked. Not just your windowshopping, but the kinds of things you read. Anyone with any knowledge of 20th century history should know that this is Not A Good Thing.
IE 5 allows you to set which sites you will accept cookies from, and which you want. I've already filtered out Doubleclick, myself. Anyone know where to find a list of the others so we can filter them too?
It is only a problem if there are no means for the average person to defend themself against it. Personally, I have been using Junkbuster for quite some time now, and the banner ads never show up (difficult to concentrate with them blinking). In fact, the connection to doubleclick or whoever is never even made, so no tracking is possible. Better yet, the proxy is free under Linux, is configurable, and is pretty powerful. It has a number of options when it comes to cookies, in addition to other filtering. Personally, I just like it because it helps my 14.4K modem load pages faster, since (without fail) no content will load until the banners have been fully loaded. The only aspects that are sometimes annoying is that unloaded images always appear as broken pictures (instead of being replaced by an invisible single-pixel-image or something) and it takes some tweaking to keep it from blocking "download" and other harmless links with "ad" in the URL. The feature I like best? I added microsoft.com to the blockfile, and if I try to connect to their site, it simply fails to load :)
No, but they don't have my name or any contact info.
shred your credit cards
Have never applied for any, or any form of credit, for exactly this reason.
always pay cash (not even cheques)
I do this. Fortunately, I live in a large city so all the utility offices are convenient. This has the side effect that I use snail-mail so infrequently that every time I send a letter I have to find out the new postage rate.
Actually, I don't even have a bank account - I used to, but the bank closed it for lack of activity, and I haven't gotten a new one.
avoid a drivers license Yes, again for privacy reasons.
avoid owning a home or conventional renting
Actually, it's quite possible to buy a house without giving your real name. A mortgage is not really feasible. Renting is not a problem. (Hint: start by subletting. Once you're living there, the landlord will be happy to let you renew without checking references.)
don't register to vote I haven't been eligible long enough to bother, so I haven't investigated this yet.
don't file taxes
This is the difficult one. It's possible to pay your taxes without filing, or getting any identifying numbers, but you have to plan it very carefully and avoid certain kinds of investments. You also have to read way too much income tax law and argue with people paying you a bit. Having photocopies of the chapter and verse of the law is very useful.
This is the only one I lose money on, because I have to make sure that I never have tax owing when I would need to file, and I just don't claim the refund.
I haven't found it terribly difficult.
There are very few sites that use cookies which don't use them for spying. I'm under pressure from VC's to use cookies on our web site BECAUSE they want to be able to spy on people.
TWW
Tracking users by the tens of millions
Would you like another cookie, my dear?
A report by Saul Hansell in the 8/16 NY Times (front page, below the fold) documents a trend guaranteed to disturb those concerned about online privacy [6] . Some very large commercial sites have agreed to feed information about their customers' reading, shopping, and entertainment habits into a system called Engage that is already tracking the movements of 30 million Internet users by means of cookies. This program is a perfect exemplar of the kind of application for cookies that Net privacy advocates have long warned of (and cookie-loving Webmasters have long disparaged). CMG Information Services's Engage system in theory guarantees anonymity, but it would be trivial to abuse. GeoCities (rhymes with "atrocities") and Lycos-Tripod between them will bring over 29 million additional Net users under the guns of the target marketers. Note that the NY Times site itself requires free registration and makes you bite the cookie to get to content.
Note added 1998-08-20: John Carter sent this little perl script for Linux users troubled by cookies. Carter writes:
If builders built like programmers wrote, then the first woodpecker to come along would destroy all civilization. I forget who wrote that, but here is my cookiepecker . It gently scrambles your cookie file, and then you can listen for the distant sound of crashing web servers. Works on netscape on linux using perl 5.
[6]
I clicked an ad on Salon.com. I proffered no information about myself at the advertiser's Web site. Less than a week later came a coupon from the advertiser to my home, with my name and address correct. Given the size and newness of this advertiser, I can only surmise that they merged my userID with information already available in their databases to target me. Efficient, and scary. I opted out on DoubleClick
You missed the point. Doubleclick will now be able to draw on the Abacus Direct info to match up your personal information (name, address, etc.) with your cookie. Up until now, it could only track your movements and present tailored ads. Now, it can put your name to its info.
Do you want Doubleclick to know that you - specifically, you, identified by name - are looking up medical information (let's say, sexually transmitted diseases), filling a subscription on-line, and looking for books on living with syphillis?
Or perhaps that you, specifically, you, identified by name - have a particular interest in pornography? With certain "special" interests?
Or perhaps that you are exhibiting typical behavior for someone in severe financial trouble?
Do you trust Doubleclick to keep that information and not sell it?
Do you trust Doubleclick's technical staff to keep crackers out?
duh
That's what Junkbuster does.
That's stupid. They could just store the opt out cookie on your computer and everytime the regular cookie is about to be added or updated they just update it on the server side instead of the client side. Junkbuster is the best method for filtering cookies, not to mention the increase in speed from not having to download ads. Avoid doubleclicked altogether.
Add user_pref("network.sendRefererHeader", false); to your preferences.js such that Netscape won't send a Referer: field identifying the site you came from in a subsequent HTTP request. Arnonymous
Before you read "Big brother" alias 1984 - I suggest you read some info on netiquette. I'll tell you this secret (dont tell anyone else), big letters and nasty words will not get you anywhere. Unfortunatly some Linux advocates seems to have forgotten some of the basic netiquette rules. Bad thing for a good OS.
If you are speeding, you are breaking the law. You know it is illegal to break the law ? If you dont like the law, then you try to do something about the law. Why are there cameras ? Because some doesn't respect the law and are driving to fast (that includes myself).
The laws are the foundation of the society which you are part of. Your society is a democracy? Democracy is basically something like:
Majority decides everything.
That can be a pretty cruel thing, especially if the majority doesn't like the minority. But you propably live in a society where the majority respect minorities.
Actually I like your approach, not shopping in the mega-stores. We have this word for it where I live, political consumer/shopper. You influence the companies with your ability to go and shop where you like, buying the products you like. But as everyone is shopping in the MEGA-store, it seems like people dont care. I would say you are a minority.
Now that I come to think of it, removing adds is like stealing. You get all the good things, but do not want what come with it. You want candy from the candy-man, but you give him fake money.
If you dont agree to "there ought to be limits to freedom" you would agree that "Im free to everything I want. Yesterday I killed the neightboors just for the fun of it." I know this is pretty far fetched - but that is a consequence of what your saying. Society decides what you are free to do, and what you are not free to do. Actually Im getting tired of the paranoid guys screaming "freedom above all" thing. Following your freedom above all, companies can use their freedom to register their customers. You don't like this type of freedom, well do you punk ?
Basically there has to be rules! If there are no rules you have anarchy. Is that what you would prefer ?
I'd like to give all of you poo-pooers of cookie
..The internet has been corrupted.
danger a big collective kick in the ass. *BOOM*!
There. I feel much better now.
Believe it or not, the internet is part of *reality*. That means, what happens on the internet overlaps into the meat-domain.
One day your insurance goes up...a lot. "Why is this?", You ask yourself. Could it be that the
insurance companies have purchased some info? Hmmm?
Damnit. For years I've seen this shit grow little
by little and now it's here.
For all you ninnies who surf with java and cookies
and without junkbuster...
WAKE UP!!!!
*shaking you*
WAKE UP!!!
9 out of every 10 people are morons. So even with these warning signs literally *blasting* everywhere, most will continue on like
sheep, never changing a thing......
I hate to say it. Damnit I hate to even admit
it. *cough*
My friends, the internet, at least the HTML side,
has become a trojan horse. It's time for us
who know how, to create alternate channels..
private channels for our surfing. A server
system from which all participants must abide
by *STRICT* protocols which protect privacy.
We need to do this.
Have it back, actually.
But, and this is the important part, on MY terms.
Filters do work. I don't load graphics by default, but can easily load the one(s) I want, or all, if I wish to see them. Cookies left off, auto-rejected. I haven't "killed" any sites yet. I have gotten the web (and net) the way I want to see it. You want to it different? Fine, go right ahead. It's all about choice and freedom.
If some site actually convinces me it's worthwile, I can turn things back on. This doesn't happen often. My take is that this indicates that "99% of everything is crap" and the web is no exception.
Am I "privacy freak"? Sort of, perhaps. I don't care to have nosy fools know exactly what I, or someone else using my system, may look at. But generic information - contact info - is readily available. What worries me is not these little things, it is that little things can too easily become big things, and big things are harder to set right once out of hand.
Feh. I suppose you revel in all those cold calls during your dinner? Networked communications make it possible for a hundred thousand corporate reptiles to clamor for one's attention, at once or in sequence. That's the order of magnitude of the number of seconds in a day! All day! Waking, eating, sleeping! Knock, knock! Rrrring! Banner, banner, bamboo steamers!
One's choices now become:1) Prevent/moderate advertising. Can't legislate that without breaking freedom of speech, so I demand the ability to 'harden the target'!
2) Walk away from your browser, fax and phones. There's a wonderful result; DOSsed from my tools by your "well developed" <spit> Internet. (TV has long been useless for this reason. Kill your television.)
3) Go slowly and wretchedly mad as the din of an endless parade of MBA demons mauls your wits in ever-increasing garishness, callously mining for your attention.
I DO NOT ACCEPT that I must allow any fsck-head who feels like it to hassle me even for a nanosecond.
Aside from the revolting behavior of 'never-pay policy' insurers gaffing their customers with results collected for 'simple statistical purposes', I insist on gating who does and doesn't get in my face, thank you very much. My quality of life and sanity depend on this. Reaffirming this basic right and need MUST occur over and over again, else the collective behavior of fictitious persons will swamp us all in useless promo-sewage.
PS: Like those nifty banner ads, do you? You can have mine. Just publicly declare you'll use Outlook98 on NT, and I'll hack up a proxy to auto-post the banners I get as HTML emails. I'm sure others here would helpfully join in, and if you ask each individual banner advertiser, each one would assent to participating. Happy reading!(1) Cookies are still evil
(2) I continue to keep 'em disabled.
(3) If a site requires cookies, I don't go there nor shop there.
(4) I am not alone in the slightest on this issue.
It's pretty simple economics, eh?
I'm not out to get you, really. You can trust me, I'm with the government, and I'm here to help you.
Better yet - look up the company's website and find out thier mailing address. Give it back to them.
Problem is they don't die - at least not all the time and not right away.
I have written to doubleclick to complain that their cookies keep my ISDN line open by sending a packet every 55 seconds or so EVEN AFTER QUITTING NETSCAPE.
This is true on Linux but not on PC or Mac
Look, I gotta wonder: why the hell is everyone so concerned about privacy? I ask because it's a losing battle: anyone can find out what they want about you, period.
If anyone says otherwise, they're a liar.
And I gotta think, too, that if *no one* has privacy -- if everyone is at the same risk -- then what's the big deal?
AFIC, the only time I'd worry about privacy is if I don't have it and my neighbor does.
It's a battle that's already lost. Maybe 15 years ago -- when the internet (as we think of it today) was still in its infancy -- I'd worry about it. Maybe I'd sit and fret and talk about how it's becoming a problem. But now the problem has come and gone.
But now, I've given up. Sure, I get worried about identity theft. And I take the normal precautions to protect against it -- shredding important stuff, being careful with the SS#, etc. But that won't stop a determined thief.
Do I still worry about it? Sure. Do I wish things were different? Of course.
But at this point there's an element of futility. Yeah, I could stop all the little cookies and complain about the banner ads and blah blah blah.
But that's a waste of time. Life is too short to analyze each cookie that's pumped into your browser. Browsing without cookies is a pain, with cookies is a risk.
*shrug*
Actually, I do want to keep ALL BANNER ADS blocked. Including slashdot's. Absolutely none of them has been useful to me, except as a way to waste precious bandwidth. Many of them are even US centric, which means that some people may not be able to get what's advertised, even if they click through to it.
;-)
If this means that I miss something that I really would have wanted to click-through to and purchase, so be it. I'd rather waste time putting text strings into blockfiles than seeing Blinkenlicht bannerads.
I even block banner ads at work, though we have a fast connection to the greater internet.
Simply escaping the cookie system does little to harm the value of cookies and databases to these people. What I want to do is pollute thier data. how can I... ...decrease clickthru rates? Is there a program/script which would load banner ads without displaying them, thus diluting the perceived value of banner ads in general? Would it be better to target specific ads, or to have a web crawler that "ate" banners at a prodigous rate? Extreme: Imagine a distributed.net client... ...reduce demographic targeting accuracy? would it be worthwhile to "harvest" cookies in quantity, from widely disparate sites, so that my cookie history would be valueless? ...increase the "cost" of each bit of info. Maybe a *huge* cookie file (see above) would cost more bandwith at thier end? I'm ignorant of the technical merit (or lach thereof) of these ideas, but /. seems like the best place to ask.
Ad banners are changing. They USED to be just GIF's, but now they are changing into embedded HTML pages. Banning cookies on Gif's will do NOTHING. What web site operators are finding is that Ad companies like DoubleClick pay more if you let them serve ads that contain HTML and java / javascript. Why? Click through is higher. BTW, my company serves it's ads through doubleclick, so I've had to work out the technical issues with them. Ad's are a fact of life. It's what allows companies like mine to exist, and allows us to provide our service for free. We want to continue to provide our services free in the future, so we also have other streams of revenue that reduce our dependancy on Ads, but can't yet eliminate it. I too am concerned about the privacy issues, and one of my BIG beefs with browsers is the lack of an option to say "Never accept ads from THIS site". I can turn them off, on, or ask for each and every cookie, but not on a site by site basis. What NEEDS to happen is the ability to turn off (or on) cookies, java, and javascript on a site by site basis. This would give me control and security that I don't have now.
i work with a group which does cookie tracking. they are going to keep sending the cookies if you refuse them. instead, accept the cookies then edit the cookie file (with a perl script preferably) and set all the cookie IDs to "FUCKYOU" if we all do it, they won't know who we are.
Power to the man! heh heh. whatever.
depends on the definition of "page".
Since they let IMGs set cookies just like pages,
it is possible they treat the IMGs as pages
themselves.
IF "www.me.com" has a banner ad, thatis
from "them.com/images/banner3.gif"
and it tries to set a cookie for "them.com",
will netscape treat "www.me.com" as the
current page, or "them.com" as the current page?
I believe I have empirical evidence that
it is relative to the IMG. but its been a while,
so I can't claim 100% certainty.
It does make much difference. There are no saints. Every Net user has done things that are not just embarassing, but even illegal. Each man has his upsides and downsides. Most of the downsides have to be hidden in order to make communication between men possible. For instance, look at the "Monicagate" - Clinton was humiliated by millions of people around the world, although it was a private business - his, his wife's, and Monica's. The conclusion: it is important that the online user's privacy would be enforced really hard in order to protect the human society.
Thank you for taking the time to articulate
/.
/. 'rs who don't think privacy is
my exact feelings about this issue.
I'd just like to add one thing. The corporate
disrespect of privacy bothers me to no end.
What is worse though, are the pathetic comments I've been
reading here on
A lot of those posts are trying to demonize people
who value privacy. I'm frightened by this.
for all you
*precious*, I just want to say this to you:
Fuck you. Fuck your numbskull attitudes. Your
choices today are going to haunt you. We have
tried to warn you. You didn't listen.
Where's the software to skim the file and overwrite everything that isn't allowed?
Find the cookies file on your system and remove it. When a new one is created -- go to a site you know uses them -- quit your browser and lock the file so it's read-only. Henceforth, all your cookies will be lost everytime you quit your browser.
You probably have to exit your browser to force it to update the cookies.txt file.
..erm, something the Sex Pistols told you to never mind? But then, only a eunuch would never mind his bollocks.
Port 7, but yes, you're correct.
These wankers try all sorts of shit to connect back to your box to find the "best route" when resolving DNS queries or some such. I finally blackholed them on this web proxy box that was getting slammed with their lameness.
This was back on the 2.0 kernel, but you should be able to slide it over to ipchains without too much difficulty.
# doubleclick bullshit hosts
/sbin/ipfwadm -i deny -I -S 199.95.207.65
/sbin/ipfwadm -i deny -I -S 199.95.208.86
/sbin/ipfwadm -i deny -I -S 207.239.35.70
/sbin/ipfwadm -i deny -I -S 208.32.211.70
/sbin/ipfwadm -i deny -I -S 204.253.104.0/24
/sbin/ipfwadm -i deny -I -S 209.67.38.48
/sbin/ipfwadm -i deny -I -S 209.67.38.49
How did I find these? Well, I just setup a log on port 7, then kept doing "host ad.doubleclick.net" and watched who bounced off the firewall.
Turds.
It sounds like your concerns about 'privacy' are one of the dominant factors in your life right now. You have already been conditioned to exhibit all of the bizarre behaviors you mentioned (no drivers' license, dealing with taxes in a nonstandard way, etc.). That means that your original goal -- presumably to avoid being "controlled" by The Man -- has already been compromised.
Give it up. It's too late. You're only inconveniencing yourself, not anyone else (besides the luckless IRS clerks and traffic-court judges who have to put up with your paranoia).
*laughs*
Well, Fastolfe: Do you understand a word from this whole topic? I can't think of any reason beleaving that you do.
Let me tell you this:
No amount of redundant bandwith usage makes my right to privacy redundant(TM).
In Mac and WinTel versions of Netscape it says: "Accept only cookies the get sent back to the originating server" which to me implies no protection against server cookies. After all, the orginating server of the banner gif/cookie is DoubleClick. I have that option clicked, but I just presume it prevents others from browsing through my browsers collection of cookies. Or am I missing something?
It's not as thorough as Freedom is, but another option is a personal proxy server. I'm currently using a product called InterMute. It's a nice package. It's unfortunately not free, but there are similar GPL'd products out there. As I'm browsing slashdot and elsewhere, I have site-by-site control of ads, cookies, Javascript, and Java.
This is a facility that browsers should have had years ago (well, okay, everything but the ads...), and would have if they were GPL from the start. The current granularity of everything/warn/nothing just doesn't cut it. I like Lynx's model of allowing "always from this domain" and "never from this domain". Itermute gives you a good approximation of this (it's not interactive, but you can get the same results). You setup what's allowed by default, and you can apply by-site or by-domain overrides. You can filter both inbound AND outbound cookies, javascript, java, popup windows, etc.
Now, on my.yahoo.com, I like to cache my login. So I let it send cookies. But for the most part I block everything. I have to turn it off to buy things, but that's okay. In addition to enhancing privacy, it reclaims screen space wasted by banner ads.
It has its downside. No cookies means I'm an anoymous coward, but I like it that way... Such is the price of privacy. (I could allow cookies to SlashDot, but I see no reason to...) Also, as a web developer for a firm who's revenue model depends on banner ads, I have to worry a bit about these tools. But as the original poster said, Grandma will not even understand why I use these tools, much let bother to figure out how to use them... That's what we have to change. Make it simple and figure out how to install it by default with new machines. Maybe a new "Privacy Shield" option that ships for free on Dell, Gateway, etc...?
I used to think so myself at first, but now I think it's probably a combination of more mundane reasons:
I remember that when I began serious surfing three years ago, I heavily relied on the "Don't Download Images" option to make my browsing faster. (It helped that the OS/2 version of Netscape I was using then had an explicit "Images" button to load all images in a page, if you decided you needed them.)
As time passed, however (and I switched from the crappy IBM Global Network to a better ISP), Web surfing has become fast enough for me that it does not make much sense to use the "Don't Download Images" button anymore. The time saved by it simply isn't repayed by the time spent re-loading pages for which I need the pictures.
I suppose this attitude is more or less what stood behind the various migrations of the "Don't Download Images" button, not some sort of Evil Conspiracy(TM).
Just my two cents. - Ido
Before you get too cocky and analytical about
other people....
Consider that your own personality(passive, fatalistic, defeated) comes with it's own
pathologies too.
So they have broken your spirit. You have been
defeated and have given up. That is a shame.
You rationalize pimping off your personal data
for meaningless trinkets on the 'net with a
a fatalistic attitide that you have nothing to lose.
You damn yourself with an attitude like that.
If you currently care about nothing, privacy
might be a good area to start with.
If nothing else, do it for personal pride. So
you can look in the mirror and see a person
who gives a fuck about something.
But that's the thing. Because one company is selling data on you, their clients will expect all companies to sell data on you. If we could stop it everywhere (which we could if we had browsers that were made for the reader, and not for web developers) then it would be an even playing field for everyone, and there would be less pressure to invade our privacy.
On a related note, it would be really nice if the really big "portals" and slashdot would stop linking to sites that required registration, like the New York Times. It would pressure those sites to open up their sites, and stop treating their readers (I almost said customers, but I suppose their advertisers are their customers) like cattle to be branded.
WHY in God's name would FedEx do this? Why in the world would a marketing company CARE about this information? How does this allow them to more effectively target their banner ads at you? I'm not sure why FedEx is doing this, but let me give you an made up example of how many sites that use this "single-pixel GIF" trick are using it. Let's say Amazon (this is totally made up, I'm not saying or implying that Amazon does this) wants to figure out which special banner ad promotion will attract the most buyers: free overnight shipping, or $5 off the purchase. Without the single-pixel GIF trick the best Amazon will be able to know is what the "click-through" rate is for each banner (how many people saw and clicked on each banner). However, if they let their ad management provider put a single-pixel gif on the final checkout page, they will now be able to get the precise "buy-through" rate for each of the ads since the ad management provider can precisely match the IDs of ad viewers with the IDs of book buyers. Sneaky ain't it? And yes, if the two companies decided to "work together" they could precisely match up IDs with names, addresses, etc.
Rarely. Feh. You aren't debating honestly. I watched your discussion unfold and then watched you pull out the dirty sophistry card from under the table. Straw man: (100% Privacy is unobtainable, therefore you are wrong to be advocating privacy) to Red herring: (You are wrong because you aren't debating the "subject line".) to Plain Silliness. Circular Argument: (You were wrong because I was right) bwahaha!!! -Just an amused bystander. :) There is a correlation of debating style to subject matter/position for many things. Could be certain positions don't have a leg to stand on? Is this world showing symptoms caused by "Too much privacy?" Hmmmm? If that ever becomes the case, perhaps a legitmate argument can be made against desires for more privacy. A valid case can be presented that there isn't enough privacy. This is topic. Prove the validity of your general stance and show me how excess privacy is disruptive/harmful in a way that exceeds the damage we have seen by lack thereof.
Yes, greed is a major (probably only) motivator for DoubleClick. But there is no end to the number of ways the data DoubleClick's collecting can be exploited - for money!
The hypothetical situation the person above cited (employer doing a background check) is a perfect example of another way DoubleClick can make money off its database.
There are 100 million Americans with jobs. Multiply that by $30 per background check. I think 3 billion is plenty of motivation for a "greedy" company.
There are lots of other scenarios in which the database can be exploited. Health insurance companies want to find people with pre-existing conditions. You buy a cajun cookbook online and 3 months later, your health insurance company doubles your premiums because you're in a "high risk category" for heart disease. How'd they find out? They bought your purchase records from DoubleClick. Why did DoubleClick sell them this information? Greed, dummy!
Now maybe you're thinking, well gee, don't companies have the right to protect their own interests in this way. Sure, but they are run by humans, and humans have irrational prejudices. WTF would reading a Gay Rights web page have to do with your suitability for employment? Beats me, but I bet there are many companies who would label you as a "subversive" and wouldn't hire you. Acting in your own interests is great for everyone as long as it is ENLIGHTENED self-interest that motivates you. If you're just acting on your prejudices, many will suffer as a result.
Often, you're essentially trading your info for something of value like a free software license. I wouldn't be suprised if some nasty company could convince a per^h^hrosecutor that you've committed fraud. How paranoid are you?
Go to any big city ask a con-man how they operate. Almost anyone will buckle if they keep getting the pitch. The advertisers do it for the same reason: it works often enough to be worth the effort. No one but you cares if it bothers you.
So what do you get once you combine Pentium IIIs (with processor IDs), with all the other tracking going on via cookies?
"Sending targeted ads becomes critical. And the only way to target you is to learn more about you. ... The comforting thing has always been that, while the corporation may be able to follow your footprints around the web, at least they haven't known it's you who's making them. The disconcerting thing is, that's about to change... DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website... And if their programmers do their jobs right, it'll end up being a simple SQL query to join up your user ID, the name you gave the mysterious web publisher, your Abacus demographic data and catalog purchases, and the footprints you've left all over the net for the past two years, into a single big lump of your online/offline data."
You are wrong, Fastolfe: marketers would kill for your name and address if they know exactly what are you interested in, what services, products are you using or plan to use.
That's exactly what marketers do: finding the persons (pardon, customers) for specific products or services.
My point beyond the original article is that @Home can get exactly this EXTREMELY VALUABLE information from their customers, connecting to @Home proxy servers - without using complex cross-references, with far less pain and effort than DoubleClick.
That's what this story - and my comment is about.
If you still think:
"I said your ISP could care less what your browsing habits are, just like marketers could care less what your name is."
then end of story. You just don't get it. Period.
Caveat: This works for netscape. I don't have a clue what that mental IE is doing, or how it does it.
The original person asked why FedEx was including these single-pixel gifs from DoubleClick and I gave an answer about how some sites are using them. Yes FedEx could do everything themselves but they obviously are not. And I didn't say sites WERE "collaborating" with the ad management companies, I just said that was something the technology does make possible.
good article, but i think you're being a little overzealous with the links ;-)
I happened upon a website over a year ago which contained a collection of cookies. It's still there, at: http://www.geocities.com/CapeCanaveral/Hangar/6354 /cookies.html
but it looks like it hasn't been updated recently.
I thought it would be a good idea to exchange cookies on a massive scale, in order to make cookies more risky for businesses to use. I guess I have a bit of net.subversiveness in me.
Becouze there are buyers who find this data very valuable. Simple as that.
The point is that it should not be the question of YOUR approval or your company's guarantee.
It should be legislated to be illegal, in order to protect the basic human rights for privacy.
Trade those supermarket cards every so often, especially with friends from other cities where the chain exists. I'm sure my original card has been used to by tampons a number of times by now, and I'm male. BTW, no it's not my real identity I gave, but why not further confound their damn databases anyway by trading?
The higher they can raise that number, the more they can justify charging their clients. Sending targeted ads becomes critical. And the only way to target you is to learn more about you... well. i think this is not completely true. and there we come to the content sites. if sites vuild up a community you have a specific group. if these site would start to contact companys for banner-place they want to sale and communicate them who their users are (like 15-40 years old tech people...) then you have already a pretty good chance as advertiser to target the people you want. But as long as sites leave it to a company like double-click this will not change. because they want to sell as many ads as possible in the first place... _mrph
Hey,
Cookies really aren't so bad. All this privacy crap is starting to piss me off. What the heck are you afraid of? That someone figures out you surf porn pages? Or that someone figures out a way to actually show you banners of stuff that you like?? Where is your damn problem with getting TARGETED ads? They can't kill you or anything, they can just make your life easier if they show you stuff in your interest!
Also, non-text attached cookies serve a higher purpose than to target the banner ads. They provide the one and only way for Application Service Providers to accurately figure out if you have been at the given website before or not. This is needed for simple statistical purposes to give the user of a website good and informative statistics!
On top of all this, closing your silly 'gif-loophole' doesn't help you a bit. Doubleclick serves many banners through full HTML and not just GIFs.
Regarding those people that posted about Junkbuster... Banners are junk huh? What do you want, to kill all your favorite websites? To kill the whole web as it exists right now? There simply is almost no other way to make money on the Internet for a freesite than BANNER ADS. Live with it! If you do not want the damn Banner Ads, you should not go to the damn site.
All in all, why don't all of you that complain so much about how well the Internet developed because of simple things as Cookies and Banner Ads go and leave this freaking net alone and get on Internet 2 and have fun there? It'll take a while till this one gets commercial. OR heck, why don't you all just go and stop using the World Wide Web? It doesn't seem to be what you want.
Fabian Thylmann
fthylmann-spam@spam-stats.net
see http://www.junkbusters.com/ Basically, those folks give out an http proxy which selectively blocks cookie traffic. This way, you can have Rob's cookies for ./, and refuse doubleclick.net's. Also, you can prevent some domains (such as doubleclick.net) from sending you any bit of "information". In some countries (Europe, mainly), there's still no such thing as flat-fee phone access, and ADSL&Cable is slow to deploy once you're not in the main cities (how can you believe the same telco [France Télécom] can charge $70 for ADSL and $1/hour (best price, evenings and week-ends, usually $2) for V90 access ! So, wasting bandwith for ads is, er, a waste. I wouldn't mind getting ads if the ad companies reimbursed me for the uselessy spent bandwith (+ various "administrative" charges I'd set at 500% of the bandwith cost)
I think you missed the point here - it has nothing to do with whether you mind banner ads or not, the point is that somebody can track your web usage and potentially attach a name to it one day. If you visit a site of dubious nature then one day 5 years down the road somebody could theoretically blackmail you about this (if you were famous for example.)
If you choose to opt out, the userid in your cookie gets changed to OPT_OUT
Why not change it yourself, make the number slightly different?!! Get someone else's ID connected to all your porn-surfing! Prize for the
first person to get a whitehouse.gov DoubleClick ID!!!
While we're on this topic, how likely is it that you could crash a remote server by putting unexpected values in your cookies, hehe ??
Bah.
Very Lazy Coward.
Doubleclick send banner based on your IP. At the university, my computer has a static IP address and when I visit dilbert.com, they send me local based companies' banner. For example, I get banners written in french while viewing an english site. I get stuff like local tv station or banks...
Sure, you can break anyone's privacy by expending sufficient resources. However, there are not sufficient resources to break everyone's privacy in that way, so the damage is limited. Cookie-tracking and other such technologies allow everyone's privacy to be broken without much expenditure. Whole different animal.
The assumption that this has something to do with GIFS vs .HTML files is incorrect. Doubleclick ads could always be put in a frame, and render with a full HTML file. What's more, it is fairly illogical to restrict what HTTP headers can be sent based on the Content-type. What's needed is better browser rules for cookies, not abolishing attaching them to GIFs - that's just a red herring. It would take ad companies two days to adapt around that - the way I mentioned is probably only one of many ways in which they could.
I wonder though. We're in an evolutionary arms race. Ads from when I grew up many moons ago were almost childishly manipulative; they wouldn't work on today's generation of media saturated and savvy young people. Pretty much its all just so much white noise. The advertisers have got some mileage out of "hip" and "self-referential" ads, but that kind of thing can't work forever.
The original banner ad idea was to become more like pink noise -- a little harder to screen out mentally. This really is a tiny innovation, and not very sustainable as clickthrough drops to zero. Where you really have to look out is when the other species really mutates in a major way. Things like product placement in the movies, or other subtle things that are meant to affect us in a subconscious way. When did you ever see an advertisement for beanie babies? The entire value of Pokemon cards is entirely fabricated through sophisticated and stealthy marketing techniques.
The real serious evolutionary development here is the use of stealthy methods to perform highly targeted, and perhaps very subtle manipulation. Now the marketers will say that its in your best interest, and after a fashion, I agree it is not the worst of all possible scenarios. The worst scenario would be to get huge numbers of intrusive and badly targeted pitches. But it is disingenuous to say that they're doing this out our best interest. In the end, as people become yet more sophisticated, I don't know if the advertisers and marketers will be able to survive just on targeting pitches better.
Inevitably the text content and even design of web sites is going to be secretively customized to better influence my behavior. This is kind of like direct mail, which tries in a quaint way to look like it is personal communication for me. But this is much more dangerous because it will very plausibly purport to be something I asked for, but actually be a kind of Trojan horse to advance _somebody_else's_ agenda.
The bottom line is that this is a struggle for control over information. The advertisers would like us to be passive recipients of information, mentally active only to the degree necessary to respond to the buy impulse they are trying to generate. I, on the other hand, would like the marketing people to be my data lackeys, returning just the information I want, when I want it, neither more nor less, and have the technical means of thwarting their current attempts to track me in this new medium.
Anyone who has successfully (and completely) escaped advertising please tell me how. You'd never be able to watch TV again, net use would be extremely restricted, and you'd probably need to cut off all contact with the outside world and go live in the woods.
I view demographics and targeted marketing as a necessary evil. I only need to look at television to see why.
Television is an almost completely untargeted market. Yeah, they can advertise toys during the cartoons and 900 numbers during the 2am episodes of Star Trek, but in general they have no way of targeting adds any better than that. Because they still need to make money on the poor hit rates of untargeted adds, TV devotes roughly half of the time real estate to advertising. 50 percent of what I watch. That's way too much.
I see the much more acceptable alternative of direct, targeted marketing to be much more acceptable. If companies know who I am and what my interests are (motherboards, radio controlled airplanes, cooking) they can advertise just the things I'm interested in.
This has incredible benefits to me as well as them. Since I'm actually interested in the products they're selling, they get a much better hit rate. That means they make more profits per ad. More profits per add means they don't need as much real estate. Suddenly they're taking only 5 percent of my desktop instead of the 50 percent they take on TV.
I don't have to get annoyed by adds that I don't care about, either. That alone seems enough to me to justify supporting direct marketing. Think of it. *No*more*feminine*hygine*adds!* Everything I see advertised at me is something I have a vested interest in.
Yes, I agree that no advertising is the preferable alternative, but I don't see that happening anytime this lifetime. Since I have to live with advertising, I'd much rather be shown stuff I care about and might buy than waste my time on random junk.
Or even better, delete the cookie.txt file and replace it by a cookie.txt read-only folder and tell netscape to accept cookies... That way they won't get stored on your drive, but no site will refuse you :)
--
Always listen to experts, they'll tell you what can't be done and why... Then do it.
may I recommend a product called IE or NS clean...it runs in the background and refuses or deletes cookies either immediatly or in a very short time..it can also edit cookie string to return 'JUNK' data...Let doubleclick's DB fill up with erroneus info..that will help them make a buck :)
Privacy - your basic human right, no matter who says it otherwise - seems to have an even worse threat by companies like @Home.
During an update I was asked to blindly follow their instructions and connect to their proxy server.
Their tech-support guy did not understand why I was refusing to do so and told me that "that was the only way to use @Home after the upgrade".
His supervisor quickly corrected this statement, with a warning "in this case your service will not be optimally fast".
I told him about my privacy concerns if all my requests go thru their proxy server and the full list of my Internet access can end up in their log files. Since @Home knows my subscriber information, they can very easily create a very specific, personal profile.
After acknowledging that "technically it is possible to do that", he said, "I promise you that we don't do that..."
I said I'd prefer a legally binding statement, as part of my contract with @Home that it would never happen, and they would be legally accountable id if still ever happened.
He could not help me to find this or any similar commitment from the company, just like the receptionist and several other people next day, when I called the office and asked for someone who is in charge of costumer privacy issues.
They appearantly could not find anyone who'd fit this description and they repeatedly switched me over to network engineers.
Last time when I looked up @Home's web site, they still did not have any relevant statement regarding privacy issues and proxy connection. In the meantime they've switched over most of their customers, who had never been informed about the privacy consequencies of the "technical upgrade".
Fixing the cookie handling browser standard is one thing - but there is a stong need to a proper legislation that would make it illegal to ISP's, Internet ad companies, etc. to create personal (not statistical) profile of citizens, using the Internet.
Companies, that pretend not to understand how their practice is offending their customers basic human rights are very well aware of what is at stake.
My repeated email offer that I'd connect to their proxy server (to save them money by allowing them to keep my traffic withing their own network) as soon as I can get their CEO's access log files in return for mine - has not been answered.
Just like my question: if you don't want to share yours with me, why do you think I should share mine with you?
The biggest problem I have with modern society is this amazing notion that, as an gestalt entity, it seems to have that my desire to own a product is not the result of my own thought processes. It's not that I don't want a subscription to a web-based pornography emailer, it's simply that it hasn't been advertised enough at me. If they could just, just, just tell me about it, just a few more times, I'll suddenly want the damn thing.
I don't want a Ford Escort, no matter how often you tell me it's stylish, I don't believe that Lotus makes "super.human.software" no matter how often I'm told. A deceit is a deceit however often it's repeated.
Banner adverts and targetted marketing are perfect examples of this. The reason I don't click through SlashDot's banner adverts for CodeWarrior is that I don't want the blasted thing. It doesn't matter how often you deliver the image to me, I still don't want the thing.
How long is it going to take before people stop making things people don't want and trying to convince them that they do ever more streneously...
Will we still have a culture left by then? Or will we end up, tired of advertising, and left wondering what we had to fill the world before it?
Or are we already there?
When was the last time salesman spoke truth to customer? Does anyone remember?
I am a person. I will decide if I want your product. The frequency of you telling me about it is not a factor. Learn.
[sillywiz]
*yawn* As I am not a US citizen this doesn't worry me too much right now.
Ha! I think we already look like the same user...
My Freakin Blog
So *that's* why I had to pay so much....
The Data Protection Act does entitle us to ask what data companies hold on us. If you stamp your foot (very hard) it is possible to get them...but they can charge a "reasonable" fee for providing the service to cover their costs.
Like you say this doesn't work outside the UK. Sigh.
Of course Safeway or Tesco hold far more data on the average UK citizen than doubleclick has about any individual......
As numerous posters have pointed out, it is quite possible to screen the cookies on your system. However...
It is too difficult for the average web user to use any of the schemes proposed. The browser ought to be able to cleanup cookies, allow them from 'friendly' sites only, etc, etc out of the box.
How can we achieve this? Wander over to http://www.mozilla.org/ and learn a bit about XUL. Code up the dialogs that are required and try submitting them...
I'm uinsg netscape 4.5-98286 on solaris, and there is an option to only accept cookies from the same site. You bet I've got that on. I thought there was an option to do the same with images, but I can't find it. (Might be in 4.6 or something)
Not that this really matters, the only sites I use crashscape for are the ones that I can't view with lynx.
Whether all this boils down to a privacy intrusion or not is an open question. However, I find the cookies themselves irrelevant in this matter. Cookies are merely a convenience and a nice concept to the information provider, but they don't add any significant functionality to the data exchange process.
Even if you disable everything that deals with cookies, you are still stuck with the ultimate cookie--the URL. Before cookies, some servers encoded the same kind of personalization data in long URLs. For all I know, this technique may still be in popular use. You type in a short URL found in a magazine, and the server immediately redirects you to a personalized URL, full of cryptic parameters, or simply containing a user ID. Disable URL redirection as well, and what do you have left?
The cookies simply provide a cleaner way to implement this, without burdening the URL with massive amounts of data. Besides avoiding URL buffer overflow, the cookies are supposed to be less visible to the user. However, they add no new functionality for tracking user habits. If you are worried about your privacy, you should be more concerned about what information sits in somebody else's database, than about what is stored on your own hard drive.
The essence of this news item, though, seems to be Doubleclick's omnipresence, doing away with the argument that all those different sites you visit won't be able to match their logs in order to find out anything important about you (they simply won't have to). I haven't studied Doubleclick's policy. Does it say anything about whether Doubleclick will comply with requests from law enforcement authorities to find out who seem to be frequent visitors to warez sites displaying Doubleclick banners? Is that something to be concerned about in the first place?
Or consider trading this kind of information - wouldn't you be interested in the fact that your neighbour clicks both Alcoholic Anonymous and Ballantines thrice a day?
The bottom line is that this kind of information is and should be private. In many countries there are privacy protection laws already, but as always the internet makes national laws rather useless ("we are not collecting any information, our ad-serving Bermuda subsidiary is").
Stephan
chmod ugo+w ~/.netscape/cookies
netscape &
[Log into Slashdot, exit Netscape]
chmod ugo-w ~/.netscape/cookies
netscape &
[Surf all the world with short-lived cookies only]
Stephan
*grin*
Stephan
With a sufficiently finegrained filter, you can accept banner ads on selected pages while refusing them from elsewhere. Check out the referer: field.
(Myself, I refuse Doubleclick and all of the other big ones period, even from sites that I like.)
"Hot lesbian witches! It's fucking genius!"
Option 3 would not be acceptable, as more and more high volume sites distribute their content. Images often come from a different machine than the page itself. Slashdot does it.
"Hot lesbian witches! It's fucking genius!"
Hell, I leave my browser up for such extended lengths of time, I sometimes forget the passwords to password-protected webspaces. I just kinda forget that I'm in there 'cuz Netscape remembers 'em all. Then, when I occasionally boot into Gamedows'98 to play Jagged Alliance II and come back to get some work done, I gotta re-enter all those passwords which were... uh... what again? Where'd by clipboard go with those little notes? *scrounge scrounge shuffle*
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
Good basic idea, but might break some stuff you were actually interested in seeing. =/
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
When I think of cookies in images, I think of such tools as WebSideStory, a handy little service useful for learning all manner of interesting information about traffic coming to your website. Cookies are used in a variety of ways, such as measuring return visitors, keeping track of other pages visited on that site, and so on. It may be possible to perform analyses like that with IMG SRCing, given direct access to the logs, but the IMG SRC cookie behaviour makes it very simple and elegant to produce these sorts of services as third-party tools that you simply add in to your site.
Of course, things have changed since WSS started up, and now they provide this enormous, poorly formatted wad of javascript to produce the same result as that original image once did. The offshoot of that is a good demonstration that even if IMG SRC cookies were disabled, banner ad'rs would still have avenues to accumulate the same information... so killing IMG SRC cookies to kill banner ads (or thier data gathering) would be moot, aside from pissing off a bunch of people who depend on that behaviour.
I agree to the idea that collecting excessive information on personal habits is disconcerting and regulation would be nice. Unfortunately, enforcing such a law would be nigh impossible. As some famous type person once said: "You can't legislate morality."
Of course, just because it's impossible to ensure complete privacy doesn't mean you shouldn't make it as hard as possible for the Bad Guys® to scoop up as much information about you as possible. I suppose I've just become jaded from my past experiences, and perhaps a bit lazy because there's very little I do in my life that I couldn't comfortably discuss among friends.
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
What never ceases to amaze me is the plethora of comparitively minor things (like cookies helping companies know if you like pr0n) that'll get people's panties in a bunch, compared to some of the Really Big Issues... Echelon, for example. Yes, you might point to slashdot and similar hackerish resources as people being aware and trying to take action... but ask Mr. Puter Everyman what Echelon is and you'll get a blank stare, ask him about cookies and privacy and you'll hear a stream of media induced rhetoric about how it'll bring a rain of firey destruction down on our heads. There are, of course, even greater threats to our personal privacy and security than Echelon or Cookies, but I can't think of any this early in the A.M. ;)
Coincidentally, there are a great many people out there who think they can be 100% secure, 100% anonymous. Some hold that concept as a basic life foundation stone right up to the point where that illusion is irrevocably shattered (having been BnEd, Hacked, mugged, defrauded, stalked, surveiled et al). Security professionals of all stripes make big bucks off those shattered illusions.
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
The truly paranoid can indeed adopt a underground lifestyle to obscure his/her existance in order to avoid detection or the perceived negative aspects of whatever is being hidden from. The downside of course is that living an underground lifestyle is extremely restrictive and generally a lot less fun and carefree than the lifestyle being lived by the oblivious (or willfully ignorant) corporate tools.
Considering that I've designed stuff that uses IMG SRC cookies, and make use of other stuff that does, I think I'll let myself be a corporate tool for a little while longer. ;)
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
Paranoid direct-marketing reasons shouldn't be used as a reason to break perfectly acceptable behaviour in a browser (especially a behaviour that has generated a multi-billion dollar industry!)... yes, there are people collecting information about you in order to more efficiently sell you things. There's people collecting information about your power consumption, long distance usage and a host of other things too, not to mention the government going through your spending habits for whatever purposes they have (probably tax related ;).
Having done my time in surveillance/counter-surveillance circles, I can honestly say that what most people consider as privacy is the most widely-hyped and catered-to fictional ideal of all time. Anyone can find out anything about anyone else, so long as they have the time, money and talent to do it. What most people consider as privacy would best be described as obscurity... lost in a sea of other dull, obscure people leading a life too dull to be of any concern to anyone (except perhaps ad banner people and spammers ;).
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
Example: you visit an AIDS awareness web site, then hop over to Amazon.com and buy a book about living with HIV. You do this because your kid sister has a friend who is HIV positive and wants to know more about it and asked you to do her a favour.
Years later, you put in an application for life assurance to cover your endowment mortgage ... and the life assurance company turns you down. Seems their data mining brought up a warning flag: "buys material about living with AIDS, visits AIDS awareness websites". Ergo, their expert system deduces that you may have HIV (a very bad life insurance risk!).
Admittedly, this sort of abuse shouldn't be possible if proper privacy laws are in place. But in the USA, there are no effective consumer privacy laws (hence the current fracas with the EU, which is bringing in reasonable ones). Nothing stops your insurance company from buying the DoubleClick net's database to check against health risks; it's not information subject to medical confidentiality, is it?
This is a relatively mild example of how data mining can go wrong. Much, much worse things can happen to you -- comp.risks is full of examples of people being arrested and dragged off to prison because they share the same name and birthday as a wanted felon, or similar cases of public officials putting their trust blindly in a database that has had information indiscriminately shovelled into it.
If we bring political or governmental issues into it, it gets even worse -- imagine, for example, if your local police force starts looking for people who have looked at web sites with details of how to pick locks and who are not registered locksmiths. Sound outrageous? Of course it is -- until it happens.
Privacy is a fundamental human right; and one that is barely protected by law here in the EU, and utterly inadequately protected in the US.
And they have a right to make a proffit. Many companies, INCLUDING SLASHDOT (andover) use banner ads to make ends meet. To pay for their lines and employees. If they didnt, how do YOU think you would read slashdot? Answer, you would have to pay for it.
Banner ad companies, as has been so rightly stated, are in a tough business. Clickthrough rates are falling (I am seeing 2.3% on my sites I serve, as I use cookies and other information to target the best banners I can) and they need to be able to appeal to the people paying the bills. If they dont, people wont be paying the bills for too much longer, and you will have to pay for your slashdot, or your CNN.com or your altavista. Yes there are alternatives, like google which I believe is academicly funded, but we NEED corporations to provide these huge bandwidth pipes we now have and the slew of services we now have. Academia and the government will NO LONGER PROVIDE THIS.
Personally, my company guarentees your private information will not be passed on. However we gather AS MUCH information as possible to target banner ads that are more appropriate. And I ask you, WHY IS THIS BAD? You will see a banner ad whether our database has information on you or not, its just more likely that if we have some information about your preferences, you will see one you might be interested in. Is it such a crime to try and make a fair profit and to stay in business? If banner ads dont survive, 95% of the net will become pay per view. Do you REALLY want that?
Dont get me wrong, I DO NOT APPROVE of selling on information about clients. My company specifically guarentees we will not do this. But making a profit is the right of anyone. By fighting the banner ad companies, you win a short-term battle, the right to have your screens free of advertising. But you lose the war the first time you have to pay a subscription to get access to slashdot.
I have to say, although I dislike privacy invasion as much as the next person, I fail to see the problem as a big one in this case.
/., or to work out what someone likes to buy. Hey, it's optional.
Cookies are a simple incentive. Turn them off, no tracking, and no personalisation. Turn them on, and you pay for you personalisation with tracking. Cookies simply allow tracking, how you use that tracking is up to you - either to customise a page, like
I realise most people don't know it's happening and don't know how to turn it off, but that's missing the point again.
Let's suppose there's a case of real abuse of the data gleaned through this, and that case comes to light. Newspapers everywhere will be able to publish info on how to turn cookies off, it will be well publicised, and brought to a stop. Already there are browsers like the KDE Konqueror that let you exclude certain sites from storing cookies, while allowing the rest to pass. It's a flexible technology that can grow around blatant abuse.
There are many invasions of privacy, from CCTV to office drug tests that are far more insidious than this.
Sure, it's cheap and tacky and insulting an annoying, but it's not the end of the world.
-----
"Accept the cookie, but don't click the banner. They won't be getting any useful info from you."
Untrue, sadly. The gif is served from doubleclick, and your cookie is sent out with the GET request, so they will already know that you are looking at the site.
But I agree, this isn't the end of the world.
-----
This is pretty silly if you ask me. Disabling the ability to get cookies via image requests would break a great deal of existing sites that use cookies. There *are* legitimate reasons why you'd want to set a cookie when the browser requests an image.
And it isn't just images. Any HTTP query has the opportunity to set a cookie. It's part of the *HTTP* spec which has nothing at all to do with the contents of the query itself. The "Content-type:" header (values such as "text/html" and "image/gif") is an HTTP header, just like "Cookie:". There are valid uses for cookies in HTTP requests that don't ultimately serve up HTML pages.
I think this might have been done on Slashdot more for performance reasons (no DNS lookup0 than for preventing people from changing the IP association...
They can't. Everyone suggesting this is especially paranoid today. A company would have to explicitely volunteer this data to the companies doing the tracking.
Besides, even if they did, what in the way of marketing information would the banner ad companies get out of it? How would having your name help them target banner ads more effectively? I don't get it..
No offense, but you obviously have no concept of how the Internet works. It's not possible to determine anything REMOTELY geographical (except perhaps "on our continent" and "on another continent") by examining network "distance" (packet times).
I can't explain why you saw what you saw (I don't even know what port 8 is for, if anything), but I can tell you for certain that it has nothing to do with them trying to track down your geographic location.
And don't tell me this is unrealistic, I had to deal with exactly this scenario for a job.
Umm, I wasn't going to. In fact, I was going to say, "Good point."
May I ask what company does this?
- This would break a bunch of sites.
- This would break a bunch of sites.
- This would break a bunch of sites.
- If implemented, you'd either have to use this button pretty frequently (esp. since a lot of page failures might not be obviously attributable to this setting) or just give up and leave it turned off.
Just implement an "intelligent" cookie management system. Instead of just having options for enable/disable/prompt, have your "prompt" option have a checkbox that says "Don't ask me about cookies from this site again." Your accept/decline preference would be stored. That way you can decline cookies from Doubleclick and accept cookies from Slashdot without getting pelted with prompts for *every* cookie..Just as importantly, no server can read another server's data, each site reads only its own cookies
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Your correction isn't entirely accurate. (Or maybe it is, but it sounds like you're saying something slightly different)
To illustrate the difference between these two cookie settings in Netscape, you need to be aware that in a cookie, the creator can specify things like an expiration date, a relative URI path to which the cookie will apply, and a "domain" setting which determines which hostnames the cookie will be sent to. The domain can never be more generalized than a 2nd-level domain in the case of the generic TLD's (I can't set the domain to '.org' but I can set it to 'slashdot.org' or 'subdomain.example.com'). Naturally, the originating site must lie within this domain.
This allows you to set a cookie from, say, www3.example.com using a domain of 'example.com' and have the cookie be sent back to www2.example.com, which is a very good thing. If you don't specify a domain, or use the Netscape cookie option you recommend, cookies will only be sent back to www3 and never www2 (which has to create a new cookie), which will likely break example.com's web site's use of cookies.
This setting has nothing to do with JavaScript. I remember vaguely some talk several months (years?) back about a vulnerability in Netscape's JavaScript that allowed a malicious coder to retrieve cookies as you suggest, but I believe that was fixed a long time ago.
P.S. What web site's scripts actually put your username and password in the URL string? That sounds incredibly stupid to me, for precisely the reasons you indicate. Any high school web-head knows better than this. Sounds like you need to write a letter.
As much as I love photo.net, this is another example of paranoia feeding paranoia.
There is no evidence anywhere that any company has ever started merging databases containing user information with a database containing browsing habits. In order for this to work, the people obtaining the information (the site you're giving this information to) would have to KNOWINGLY provide your contact information to the sites doing the tracking in such a way that they could associate your information with the "browser-ID" they have on file (difficult).
If you're giving them your information, chances are you're buying something from them, which means they have a *LOT* to lose if knowledge of this behavior ever got out. Do you have any idea what kind of PR mess this would cause? Legal issues? It's not good business sense. For this reason, unless you're doing business with an irreputable company, you can usually put some stock in their online privacy statements (which I tend to read before giving them my personal information, don't you?).
Further, WHY WOULD THIS BE OF ANY VALUE? All marketing companies care about is marketing their products. ALL they want to know is a person's shopping habits. Information such as your name, address, phone number, etc. is MEANINGLESS to them. It does not help them dole out banner ads, so it's useless information. Why would they spend so much money and time merging these databases when the gain is nil? Companies don't tend to do things unless there's a potential for profit (in public image or hard cash). I don't see the line to profit here.
It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex.
WHY in God's name would FedEx do this? Why in the world would a marketing company CARE about this information? How does this allow them to more effectively target their banner ads at you?
I don't get it..
The 'domain' property of a cookie was actually well thought-out and designed so that what you describe couldn't normally happen. The domain setting must be at a minimum a 2nd-level domain (i.e. must contain a nested dot; e.g. ".co.uk" *would* be valid under this rule, while ".org" would not). IN ADDITION, the domain must not be *below* the hostname sending the cookie (i.e. the remainder of the hostname must not contain nested dots).
Valid hostnames and cookie domains:
- www.example.com
.example.com - www.sub.example.com
.sub.example.com - www.example.co.uk
.example.co.uk
Invalid:- www.example.com
.com - www.sub.example.com
.example.com - www.example.co.uk
.co.uk
Section 7 of the spec outlines quite a few privacy issues known at the time and methods browsers can work around them. User agents themselves are perfectly free to set additional constraints.From the Netscape help text on this feature:
I thought it was for something else, so yes, this is an excellent way to eliminate any potential privacy issues with 3rd party cookies.I get ads about the eastern seaboard too. And the western.
If I were a marketing company like DoubleClick, and I wanted to try and target some banner ads by relatively specific geographic regions, I would probably try and find out which ISP's are in that region and serve up my banner ads based on what *hostname* (or domain) the browser was coming from. This is the only way you can get geographic data (if at all) from an Internet host.
It's not possible to find a person's geographic location by observing the delays in Internet packets. If you don't believe me, call up your local university's computer science department, or your ISP, or *somebody* that has even half a clue about how IP networks work and ask them.
colour me ignorant, but what is the Poll Tax? I'm not from that side of the pond...
This sort of thing is made much harder due to the Data Protection Act (easy to find - do a search). I'm still not sure why US citizens haven't asked for a similar law - I guess it might be because the citizens don't decide the laws there any more - the lobyists do.
Matt. Want XML + Apache + Stylesheets? Get AxKit.
ANY demographic information that can be gathered about a user is worth money.
Abacus can do all sorts of things, such as sell the data other companies. I know, I used to work for Experian, which has records on 95% of American households.
This information is prized by direct mail marketers. Database marketing tries to intelligently send you "junk" mail - it's not called junk mail if you respond! By targetting people, they actually increase response rates which increases their profits. Database marketers, or list compilers, get their information from all sorts of suprising sources. This is just another obvious one.
They just have to link an anonymous web user to a real-world profile. How might they do this? DoubleClick will no doubt try and get contracts with web-sites that do collect real-world demographic information (online travel agent???). Perhaps a redirect from that web-site to theirs would be all it takes.
..."sabotage of data on your own hard drive, placed there without your permission "...
I disagree. By not disabling cookies in your browser settings, you implicitly agree to their use. Really, the browser installation should verify this as ignorant users - obviously unlike you who knows about cookies - will not be aware of what's going on. Although legally, ignorance is no excuse.
"DoubleClick believes all users should have a positive Web experience.
Because of this belief, we allow advertisers to control the frequency (the number of times) a Web user sees an ad banner. We believe that frequency control makes advertising on the Web less intrusive by insuring that users are not bombarded with repeat ad messages. Opting-out removes our ability to control frequency of exposure to individual users."
Positive web-experience my arse! They just want to get as many different types of ad on our screens as possible!
having never bought a single thing through buy.com, I am personally not affected by this, but it strikes me that it would be similar to a tv station preventing you from changing the channel during an infomercial. Just dumb.
I changed my NT hosts file to block DoubleClick half an hour ago. It's already blocked a few ads from Yahoo! Mail. Time will tell what else it affects. It might make a good /. report.- --------------
----------------------------------------
my blog: good times, man, good times
NT has a HOSTS file in %systemroot\system32\drivers\etc\- -------
It's in the same format as the UNIX ones, so you just have to point the banner servers at 127.0.0.1 to block them. Yay!
-----------------------------------------------
my blog: good times, man, good times
I trust Rob. I repeat: Sooner or later, everyone must trust someone. Otherwise, you end up living in a fortress of your own making, with no friends. As with affairs of the heart, so with computers: You must make yourself vulnerable to reach true intimacy.
Beer recipe: free! #Source
Cold pints: $2 #Product
In this article, it's said:
Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database
This is an incredible assumption that is made to clarify the point, an assumption which is most likely overlooked by most people reading this. To be able to function as an article, one must assume that Doubleclick already has your name and e-mail address and I honestly fail to see how unless they're gathering it through corporate partnerships (most companies have policies about distributing the information gathered on web forms). Just clicking through on links can't give this information to Doubleclick since it's not a form query and I don't know if I've ever seen an ad that directs to a web page that enables them to track the user ID of the person who clicked through to get to it. If this was the case, then more people than just Doubleclick are using your 'user ID'.
YRO continually impresses me with their targeted propaganda. Phrases like 'user ID' make it seem like Doubleclick's identifiers are personal in some way when they're really just fancy tracking numbers. And to fault Doubleclick for it's partnership with Abacus Direct is to fault the town butcher for working with the town guy-who-packages-meat. It only makes sense for the two companies to get together. One may not have a very high opinion of direct marketing (I certainly don't), but companies working with Abacus Direct do far, far worse than Doubleclick when it comes to tracking down what you're buying.
I'm sick of paranoia in my news. Slashdot used to be 'News for nerds' and now, at least with YRO, it's becoming a soapbox for privacy champions. Let the soapboxes remain in the commenting section and quit making faulty assumptions to sell your story to me.
You can configure cookies on a per-site basis.
I think I let slashdot, amazon, and maybe
borders cookies through, and no others...
For every problem, there is at least one solution that is simple, neat, and wrong.
I don't care about tracking. I visit websites
with smut on them sometimes. It's not a secret.
A lot of people do it. But advertisements drive
me nuts. Targeted ads, untargeted ads, I don't
want to see them. It's my computer, and I'm
quite happy that filtering proxies give me control
over what I see. I'm not out to kill websites,
I'm not out to save them. I'm going to use them,
and I'll contribute back to the Internet as I see
fit. It's not a productive use of my time or
computer resources or screen space to stick
animated banners all over websites I visit. It
makes my browser burn more cycles, and I never
visit them anyhow. I might as well not see them,
and I don't. As to there being no other way
to make money on the internet, get this:
I DON'T CARE. I really don't. You live with it.
Commercialization is killing usenet, and I'd be
very happy to see less money being tossed around
on the net, especially if it meant fewer banner
ads.
:P
For every problem, there is at least one solution that is simple, neat, and wrong.
You're almost constantly divulging information to a third party in real life. Let me try and explain. Suppose you use a credit card, this is a bank backed service. You released some personal information for this privledge, quite understandibly. Each time you use this line of credit the transactions can build up a profile of your buying habits.
Suppose you don't use credit though. A profile is still built up. Consider bathroom tissue at your local grocery store. The grocery store sells a certain amount of single-ply and a certain amount of two-ply. The sell through on the two-ply is probably a lot quicker than the sell through on single-ply. This information is then fed back to the manufacturer (through the distributor) which tells them to make less single-ply tissue. They also make two-ply quilted tissue however. The sell through on this is less than plain two-ply tissue but the manufacturer knows that the profit margin is a lot higher. As a result two actions are initiated: They pay for more eye level shelf space at the grocery store to display two-ply quilted tissue and they launch an advertising campaign.
Cookies is a potentially more directed advertising research but there is still a layer of anonimity between you and the entity being tracked. They can only correlate the click through characteristics with some cookie stored in your browser, they can't correlate it with an individual person (which can be done with a credit card or grocery store discount card). Actually, it can only be resolved on a per cookie per machine basis and there is no way to tie together the accounts you have on various machines (home account, work account, school account etc)
I'm willing to give up this bit of data (though I've probably only clicked through 4 whole banner adds in my life) if it means that a site like slashdot can exist. I consider it a necessary evil and a pretty benign evil at that. If I had to pay for slashdot via donations or fees I would have to decide based on the same criteria I donate to public television and you could probably expect the same level of support: 1/10 people who watch public TV ever make a donation.
Actually, those were facts. I don't see how your posting is even relevant to the original article which started this thread. The article was referring to banner adds and the use of cookies to collect statistics, not sites like the New York Times where you are required to divulge personal information in order to read their stories.
As an aside the New York Times has every right to ask this information, you have every right to refuse or falsify it. You've got every right to go elsewhere for news as well. I'd much prefer being educated on the impacts of the internet on personal privacy than having a privacy gestapo like you seem to prefer regulating what can and can not be done.
As for the New York Times being the only news site which collects information on its users you are pretty close to 100% inaccurate. ABC News, CNN, CBS news and NBC News all make use of banner adds. The issue the article was dealing with. I can't connect to the BBC News and it looks like it may be the one news site that doesn't use banner adds.
Whether or not the Dreamcast was actually connected to the internet or not was not the issue. It turns out that it isn't. The issue was that the owner of an allegedly popular Dreamcast news site felt it was his perogative to run nmap against his users which indicated just how much privacy you really have.
You stated, and I quote: "Why should they be allowed to make extra revenue off us when every other news site in the world doesn't?" referring to the New York Times. I didn't refute that the New York Times made people fill out personal information (in fact I reinforced this notion by stating it was possible to lie about the information) nor did I insist that the mentioned sites required you to provide personal information. What I refuted was your stance that the other sites don't make money off of us. As I illustrated by the use of banner ads on the other sites, this is plainly untrue.
In simpler words: You were wrong.
I applaud that privacy advocates try to educate people on privacy concerns. What I don't believe in is sensationalism. There needs to be some indication that while this is new to the internet its business as usual in many other forms of commerce. Don't fuel the luddites or conspiracy theorists.
If you want real anonimity then:
...
discard all your ISP accounts
shred your credit cards
always pay cash (not even cheques)
avoid a drivers license
avoid owning a home or conventional renting
don't register to vote
don't file taxes
Even surfing anonymously on slashdot is betting your privacy on the scruples of Rob and co. Check out the article (just over a month ago) about maybe being able to telnet into a Dreamcast. sTp81 runs nmap on systems that use his Dreamcast coverage site. That to me is a pretty blatant invasion of privacy.
Every time you use credit some information is being collected about you, not as a class of users but individually, its called your credit report.
Just about everything you do can be used to track you or track down information about you (do you rent in an upscale community or do you have the upper unit in somebodies home?) and this has been true for a long time. Privacy has been dead about as long as commerce has existed.
New technologies may mean new ways to track (such as banner adds) but the concept isn't new. It's also the price each of us has to pay due to our expectaction on getting most services, such as slashdot, for free. Somebody has to foot the bill and unless CmdrTaco, Hemos and Nate have a rich uncle its going to be us through banner ads.
192.168.255.5 ad.doubleclick.net
Of course, if they disallow the opt-out, I'm still out, and I like that.
As a matter of fact, yes I want the old Internet back, but alas this is how it goes.
-- Solaris Central - http://w
Here's a simple cshell script I wrote to keep my cookie file clean. Just throw it in cron.
/tmp/cookies.`date +%y%.%m%.%d`
;) /tmp/cookies.new /tmp/cookies.new /tmp/cookies.new
/tmp/cookies.new ~/.netscape/cookies
/tmp/cookies.`date +%y%.%m%.%d` `find ~/.netscape/old/|tail -1` > \
/tmp/cookies.`date +%y%.%m%.%d` ~/.netscape/old/cookies.`date +%y%.%m%.%d`
#!/bin/csh
#copy yesterday's cookie file. We put it in tmp for now, because we want to
#compare it later with the last cookie file
cp ~/.netscape/cookies
#collect what we will allow to be kept in the cookie file
#We can trust Malda, right?
grep slashdot ~/.netscape/cookies >
#That silly free-registration stuff
grep nytimes ~/.netscape/cookies >>
#Do you, uh, Yahoo!?
grep yahoo ~/.netscape/cookies >>
#And whatever else you want to add. You get the idea, I think....
#make the new cookie file
cp
#look for new stuff put in the old cookie file
diff
~/.netscape/old/cookie.`date +%y%.%m%.%d`.diff
#add yesterday's cookie file to the old ones
cp
That would break the way images are served right now in Slashdot (from images.slashdot.org), for example.
Personally, I think that it would be too inconvenient for those of us who make a living designing and mantaining websites; OTOH, I can't help but be appalled by most people's "why worry?? Direct marketers are your friends!!!" attitude in this thread... Okay, so "they" can already violate our privacy in a number of ways; does that make it *right*? If that is true, it's actually a much better reason to not allow the Powers That Be to come up with Yet Another Way to break your privacy.
Okay, after learning of this 'ability', I did that today, then I checked my cookies.txt file - and it still has an ID number in it, it doesn't say optout like the website claims.
So, is this a special ID for 'opt out', or are they just lying about being able to opt out?
How about a Jam Double Click day?
Stupid idea?
Thanks for bringing this up. This is exactly the text given for that option in Netscape Communicator 4.6, which I also use. The text is 100% wrong and misleading. "The page being viewed" may be WebMD.com, but the cookie attached to the ad banner comes from DoubleClick.net.
If you don't believe me, quit Netscape, rename your ~/.netscape/cookies file, restart Netscape, go to my.webmd.com, verify for yourself that the banner ad comes from doubleclick.net, quit Netscape, and "grep doubleclick ~/.netscape/cookies".
As Gerv points out, Netscape 4.7 finally makes this option read: "Accept only cookies that get sent back to the originating server." This is technically accurate, but 99.9+% of the audience will still not understand that they'll be tracked from site to site across the internet.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
...as do I, obviously, since we are both posting with logins, unless there's a way that I'm not aware of to have a single-session, cookie-free Slashdot login (if there is, I'd appreciate being let in on the secret, and if not, there really should be). That's probably the only reason my cookies are still enabled.
I remember that the cookie issue came up in a big way when Slashdot first created logins, and again as a tangent whenever people would start debating anonymous posting (which I strongly support, even though I eventually decided to log in myself). A lot of people don't seem to get the point that "whether or not Slashdot should require cookies" is a whole different issue from "whether or not cookies are bad". That is, someone would say, I don't want to log in because I don't want to enable cookies", and someone would reply "You idiot! There's nothing wrong with cookies." In that context, I just kept wishing people would realize that that's not the point: the first guy doesn't want to enable cookies -- whether or not his reasons are valid has very little to do with whether or not Slashdot should force him to do so. Even ignoring that, though, I should hope that when something like this comes up, it would make people re-evaluate the question.
Anyway, this story inspired me to take a look at my own cookie file, and it was a real eye-opener. The Mac version of Netscape calls it "MagicCookie" instead of "cookie.txt", and its type code is 'COOK', which I had to use ResEdit to change to 'TEXT' before it would open in a text editor (I assume Netscape will still be able to use it), though it is a perfectly normal text file. I didn't see anything but normal readable text, or anything that could be references to locations within the file -- just some comments and then a lot of line entries, so I assume I can ignore the comment "# This is a generated file! Do not edit.", as long as I don't screw up the format by corrupting any entries. I removed everything except slashdot.org and a few work-related entries.
slashdot.org has made some interesting entries in addition to my login info, though, that really don't seem to belong there. Here are the entry names, minus all the other values:
www.slashdot.org... user
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
Some of those could be records of my poll-votes, to prevent repeat-voting, but I'm pretty sure in most cases that I'd remember if we'd ever had those polls. No, it doesn't have actual values for these, or at least not readable ones, though the values could be codes of some kind. More likely, it's someone's idea of a joke, i.e., messing with the more paranoid minds; I guess I could be sort of falling for a trawl here -- in that case, for the record, I see it and I'm not really falling for it.
This really bothers me (the whole cookie thing, not Slashdot). I for one am very much wanting a browser feature to specify in advance the list of cookies to allow. Do I remember correctly that this is in the works for Mozilla?
David Gould
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
As far as I can tell IE5 doesn't do this: The cookie settings are under Tools/Internet options in the security tab, but it's either Enable, Disable or Prompt for cookies.
Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty
I guess whatever check Netscape is using to determine that condition (cookie originating from a different server than the page) fails under certain conditions.
Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty
The junkbuster is a proxy that filters banner ads, cookies, etc based on simple regular expression like syntax. The default blocklist filters out pretty much all the crud out there, making for faster downloads.
Chris Wareham
Adultery is his business.
Purjury is ours.
If he hadn't groped Paula Jones in the first place, he'd have never been called to testify - which means he wouldn't have had to lie.
When your President is a lying, cheating loser, there are worse things than 'embarrassing' him. Personally, I think a guy like that is immune to embarrassment.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
- Jeff
To all the people who say they don't care...
Its all nice and good if these stats are being
used to target advertising at you. Hey, i kinda
like the idea of getting relevant banner ads.
What should scare you is when you apply for a
job and the employer checks with doubleclick and
they say this guy's a no-no cause you accidentaly
clicked through to some pr0n/extremist/wacko
sites.
Put this in your crontab:
/usr/bin/perl -pi -e 's/^\.doubleclick\.net.*\n//' ~/.netscape/cookies
Problem solved.
I used to do something I thought was really smart at that time: I just set up an IP chain to block adserver*.doubleclick.net (via some IP ranges). Then, I noticed User Friendly used DoubleClick. Suddenly, I was responsible for Illiad losing money. I turned the filter back on.
:-)
:-)
I think you have three real choices:
1. Don't accept the cookies. Irritating every time, unless you have some auto-option. Go Lynx for this!
2. Accept the cookie, but don't click the banner. They won't be getting any useful info from you.
3. Accept the cookie, and _let them_ build a profile on you. Sure, you will get ads that are more interesting to you -- so what? If you don't want or need the product, don't click... Of course, spam is more irritating -- guard that e-mail address, or get a spam filter (mail me if you're interested in betatesting my own). I thought commercials (ads in this case) actually were supposed to be a Good Thing(TM) for the _user_ as well as the company? If you get ads for products you want, is there anything wrong with that?
OK, I see this might be a bit controversial
/* Steinar */
(This comment is of course GPLed.)
I just black hole all doubleclick ads (and many others) without using a proxy for the rest of my browsing. See my "how to" at
http://www.schooner.com/~loverso/no-ads/
I've written something similar (it filters cookies, but you can run two in series to block ads). It doesn't come with a list of sites to block - you must decide yourself. For more info, check out http://www.andrewcooke.free-online.co.uk/jara/alfa jor/index.html
Andrew
http://www.acooke.org
It's not the ads, it's the information you can gather. Let me give an example of the kind of thing you can find with an sql join.
Once upon a time, my employer did library systems and drugstore systems. In the drugstore system, customer adresses & phone numbers were protected, but they weren't protected in the library system
So a user selected for people who had a perscription for birth-control pills in the drugstore database, and joined for matching names in the library database. This gave him names and adresses, which he filtered to get ones nearby.
Anyone want to guess what he was planning to "sell" the selected customers?
---davedavecb@spamcop.net
So it comes down to this>
Some direct mailer thinks they know what I like so they send me a bunch of catalogs and coupons. Got that now; make paper mache or stuff the fireplace. In the future all mail carriers will be robots to carry all of the junk mail.
Some law enforcement entity wants to know where I go, what sites I visit, what I shop for. Doesn't sound very hard to do now. Imagine how important you'll seem to yourself when the Man kicks down your door.
The information will get abused and/or misused, misinterpreted or is just inaccurate. Is this a real shocker? Gee, in the future banks and insurance companies will be difficult, arbitrary and arrogant.
Even companies that collect and use this kind of information today don't do a good job with it. How different spellings of your name do you see in your junk mail? No, what you want is as many companies as possible doing as poor a job as possible and then selling the results to one another. Imagine a whole economy based on trading bad useless data amongst ourselves.
As the great Athenian philosopher Mediocrates said: "Aim low, you can't fuck it up."
Yes - this is distrubing. No - this is not unique. :)
The net is become more and more like the outside world. The idea of advertising corps surupticiously tracking my movements across the net really gets my hackles up. But should it? Or rather, if this does then shouldn't an awful lot of other things too? My credit card company knows all the shops I got to too. Yet somehow I tend not to think about this.
Prehaps it's because we're used to thinking of the net, conciously or not, as a refuge from the more sordid elements of a world ruled by multi-nationals.
But now the pendulum swings the other way. The same things, the same technologies, that let us (individuals) get a leg up, help out the corps even more. I have to acutally get a credit card before they can track me. But now I can be tracked, not from my purchases, but just from window shopping. And just as we got a head start online over the commerical world, commererce has a head start over the legal world. The protections afforded me in the 'real world' are minimal enough. What can I hope for in an environment that crossed countless borders and exists almost exclusivly in the abstract.
The upshot of it all? Same ol' same ol'. It's not 'right', and it's not 'fair', and we shouldn't have to like it or lump it - but we're not doing ourselves any favours thinking of this as net specific thing.
My 2c worth of ramblings.
... with eskimo chains i tatto my brain all the way...
- Recompile your kernel with ip firewalling support.
- add the following two lines to your boot scripts:
- ipchains -P input allow
- ipchains -A input deny -s doubleclick.com
this is sans manpage, see ipchains(8) for more details.--sam
--sam
Any technology distinguishable from magic is insufficiently advanced.
On the windows machine that I am typing this from I created a batch file called cleanall.bat that does the following:
/y c:\windows\tempor~1\*.* /y c:\windows\cookies\*.* /y c:\windows\temp\*.* /y c:\windows\history\*.*
deltree
deltree
deltree
deltree
I then put c:\windows\local\cleanall.bat as the last line in my autoexec.bat file
(c:\windows\local is the directory that all my bat files and command line programs are sitting in. This way I could add it to my path easily)
Windows convieniently needs to be rebooted about once every day or two so all cookies and temp files get deleated.
Note: You have to delete most of this stuff booted to msdos because windows won't let you so deleting it on the way in is convienient. You may also have to rem cleanall.bat out of your autoexec.bat file temporarily if you are installing new software that reboots as part of the install.
Every wrong attempt discarded is a step forward - T. Edison
Or, alternately, you could run iCab. :)
http://www.icab.de
I'm so glad I have a Squid ACL rule blocking access to doubleclick :-)
Here is how you stop the cookie spying problem: Click on Edit|Preferences|Advanced...."
And there it is! The radio button. Click this text: "Only accept cookies originating from the same server as the page being viewed."
Now click okay! Now you can only get a cookie if the server sending you the HTML (or whatever) page is sending it. Inline gifs from other computers can't send cookies. (Well, they can send them, but they are ignored.)
So stop complaining and click that button.
This
I don't really mind about ad's - slashdot has
some goods ones sometimes. What I hate are the
pop-ups, like those on geocities, tripod, etc.
Is there a way to avoid pop-ups, configuring
it by site.
If the banner advertising industry actually understood the demographics they were collecting, they might be able to show me banners I'd be interested in. I spend hours surfing the web, but I click on maybe one banner a month. From The Economist:
"... although marketers are waking up to the importance of the web as a new advertising medium, few know how to make the best use of it. Most still "spray and pray", throwing money at the web in the hope of reaching a mass-audience and building a brand, just as they did once before in the broadcast world."
But all this money spent on advertising on the web has done nothing to draw me in. Ads for internet companies work on TV, I've actually been tempted to check out websites after I've seen their ads on TV. But the banners that everyonne sees everywhere aren't much more than annoying.
I like my privacy as much as the next person, but I'll save my fights for a problem that's staring me in the face, threatning to do some serious damage... not a banner ad that I can just as easily ignore.
Does deleting the double-click cookie every so often help? I suppose it severs your connection to them, but is their current store of info still useful to them?
The link for opting out (which is both in the original story and the pareent to this reply) is excellent. I imagine DoubleClick will get an example of the "slashdot effect" today, on the opting out page...
DoubleClick isn't neccesarily ignoring small fry; somewhere in the body of this well-written column, it is asserted that they ignore you unless you're at a certain threshold. Well, my site
(http://www.auschron.com) is under said threshold, and we get a phone call from the sales weasels every other month or so. So they are prospecting towards smaller markets...
Perhaps you should look at the announcement: http://www.atguard.com/product_info/final.html This site says WRQ is licensing rights to sell AtGuard to Symantec as part of Norton Internet Security 2000. (And also licensed AtGuard to ASCII Network Technology.) According to the above URL at the site you posted, support and the web site will end from WRQ in under two months.
I run with Netscape in "ask before setting a cookie" mode, and I've become used to rejecting DoubleClick cookies. A few weeks ago, I was getting tracking data on a package from fedex, from the usual spot, http://www.fedex.com/us/tracking, and was presented with, and rejected, a DoubleClick cookie. What surprised me about this is that there are no DoubleClick ads on the page. What's going on is that there's an IMG tag at the bottom of the page which loads a 1x1 GIF from DoubleClick; this is the only reference to DoubleClick on the page, and it seems placed at the end so that delays in loading the ad won't keep the page from rendering. (Usually, they go for the opposite effect, trying to arrange the page so that not much renders until you've seen the ad).
The tracking IMG does not seem to appear on the next page you receive, which presents tracking results, so they can't harvest your airbill tracking numbers by simply grabbing them out of the Referer headers on the requests for these GIFs. It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex. The random-looking numbers in the URLs of the DoubleClick GIFs could be there to facilitate this kind of cross-referencing --- Fedex knows image http://ad.doubleclick.net/activity/3/5555/22222 was on a page they shipped to the browser with Fedex cookie X, and DoubleClick associates it with DoubleClick cookie Y, so if the URLs are unique, they can figure out that those two cookies went to the same browser, and pool the associated user profiles after the fact. But you can't spot that kind of thing by looking at the pages.
(Yes, I should probably install junkbuster, or something like, which would allow me to state rules about which cookies to present and which to reject out of hand, but I gotta get one of those round tuit things first).
For a yet-to-be-named site I'm developing we'll be 'watching' where people go on the site, what types of things they want to see. easy way to do this... send a cookie to them that states "Hi, I'm me. I have a user counter number of ##." and it gets thrown into a database for later analysis. True, this could be done with tracking IP numbers and such, but blah, that's a pain. cookies are easy.
The good thing about this is if someone has cookies disabled, bummer, we don't get their data. none of the site is broken because of it.
This will in turn make the site more friendly to the user because it will keep what people want, throw out things people don't want. lots easier and lots more truthful than saying "do you like this session please select yes or no".
Blarf, if you ask me, when I go to a site that I'll be putting any information into (such as amazon.com or whatever), I go and clear that cookie out of my file after I'm done. I like my slashdot autologin. :-)
--onyx--
My machine is on 24/7. The only programs that I never close are netscape and xemacs.
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
For more peace of mind, just perterb their cookies a little bit. Be someone else...
Surfing the net and other cliches...
Surfing the net and other cliches...
(Who Meta-Meta-Moderates the Meta-Moderators?)
I think commercialization of our culture has its scary spots, sure, but blocking out banner ads while you read Slashdot makes no sense. The ads are how Slashdot GETS FUNDED! Without the ads, Slashdot would not be able to afford its bandwidth, systems, and personnel.
If you want to protest against ads, go ahead.. just stop reading Slashdot! Blocking them out means that you're reading something that is being made possible by other people who ARE reading the ads. In my book, this is called leeching.
So if you really want to be productive, then instead of refusing to watch ads but accepting what they pay for, I suggest you work toward thinking up an alternative way to effectively fund things. Reader-funded Slashdot, for instance.
Otherwise, either only visit ad-free sites like Google, or don't surf at all.
All this hypocrisy of watching TV without the commercials or surfing the web without the ads which pay for what you're watching/reading makes me sick.
A sorta workable solution for this particular problem would be to disallow any packages going to DoubleClick.net on the firewall level.
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 199.95.208.0/24 -j REJECT
That way you won't get the banners and you won't send information to DoubleClick.net.
(Shamelessly stolen from Rusty Russel's ipchains-HOWTO)
One of the worst things about browsers in general is that I can't conveniently choose what cookies to accept and which I'd rather reject.
Wouldn't it be nice if I could tell my browser "Please accept all cookies from sites x and y that are sent back to themselves" rather than just making it a blanket statement about all sites?
I do like the "ask me before accepting a cookie" option, but I wish I had a lot more control. I'd like to set up my browser to auto-expire cookies after a certain time since the last visit to particular sites. I'd like a convenient way to delete all cookies from a particular site and ban cookies from that site henceforth. And some sites (hi, Slashdot!) I'd like to freely accept cookies from--as long as they were being sent back to Slashdot. I'd also like "ask me before reading one of my cookies" as an option to help me evaluate whether to allow that site to store cookies on my system.
And while I'm at it, I'd like my own F-16. Sigh.
I don't mind cookies being attached to GIFs so much. I just want control of the cookies. After all, it's my dang system--not theirs.
Here's the scenario. Just pretend for a moment that /. is evil:
Note: in the above scheme, cookies are entirely uneccessary. All that is needed is for /. and DoubleClick to conspire to share session and user information. It's reasonable to assume that any site offering DoubleClick banners has no qualms about doing this. Sessions can be tracked simply with URLs. Cookies make it easier for DoubleClick to tell when I hop to another site, but if I typically frequent sites that I have personalized, and thus sign in, then they have all the info they need. Blocking cookies reduces but doesn't eliminate the tracking.
Expiring cookies per session preserves your anonymity only if you never reveal identifying information during that session.
The best way to prevent this abuse is to block all HTTP requests to banner servers. That way, /. would have to simply share it's data with DoubleClick in more conventional ways. Of course, that would have to be stated in the /. privacy policy.
The browsers should change their implementation of cookies so that, by default, foreign sites can't send me cookies along with their GIFs
A simpler solution is to disable cookies in the browser. Netscape at least has a setting for that
With Mozilla we can do what we want. Need to change the way cookies are handled? Go ahead - you've got the source. Want to build Junkbuster right in? Suit yourself. How about a random cookie feature - where you accept the cookie, but you return some fictional person's data... hey, if you implement that, I for one will use your patch.
Life's a bitch but somebody's gotta do it.
If cookies weren't allowed in img src tags, banner sites would just switch to using frames for their ads.
-- Don't Tase me, bro!
You forget that it is likely that junk mail shall follow. And discovering that you read "the hanky panky site" by your parents, and oversealos neigbour, etc can sometime be a very unpleasant experience (that is besides all the junk in your mailboxen - both electronic and snail).
I am actually glad that these practices are explicitly prohibited in europe by the data protection act.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Left shift 1 for e-mail...
I was shocked to see such a well-researched and fact checked article on slashdot!! Great work!
How do you do that? I run a Perl script nightly on Windows and UNIX that removes all cookies that I don't want. An even simpler approach is to make your cookies file read-only (edit it beforehand and leave in it only the cookies you like) or replace it with an empty directory (no persistent cookies at all).
Why should you be concerned about long-term tracking? I think it will only be a matter of time until life insurance, credit card companies, employers, and health insurance companies use your purchasing and browsing data to assign you to risk groups. And all of that will happen with automated data mining techniques, so there will be little cause to claim discrimination if the neural network classifier doesn't like you. It's not that I'm a particularly high risk to insurers, I just don't want to feel that my health insurance company is looking over my shoulder every time I order a pizza with extra cheese.
With per-session cookies, advertisers get some data, but they can't correlate it easily with personal information. That seems like a good compromise to me.
>>Now that makes me uneasy. Are you insane!? It makes you uneasy that people can know what medical condition you've been looking up on the web!? It makes you uneasy that people can know you visit religious sites AND porn sites. I'm not religious, i'm an atheist, but this is crazy. No one has a right to hire a detective and follow you around just to find out how they can target ads at you. Is there nothing you wouldn't allow someone to do to you in the name of profit? ...just wondering
an enigma wrapped around a paradox driven by a paradigm shift
Junkbuster comes in a Windows flavor, too. I use it on my home dual boot system in both its Windows and Linux versions.
Editor Emeritus and Senior Writer, TeleRead.org
Would you like to buy some Unamerican Activities? http://www.unamerican.com
Note: this is not advertising
Also note: Linux is the shit stickers
Disabling cookies not from the same server as the one sending you the page does _not_ work.
;)
// Jens M Andreasen
The problem is that the banner is viewed as a page in its own right, and of course the gif is originating from the same site as the cookie.
Try doing what you say AND leave the warnings on.
Read the warnings and you'll see names of lots of weired servers where you have never been or wanted to go.
Hey, this even happens here on slashdot from time to time
mvh
send + more == money?
i'd like to take this opportunity to bitch and moan a bit.
h tml#discontent
really i think the problem here is that web browsers don't give the users quite enough choice as to what kind of things the remote sites are going to do to them.
someone suggested that cookies are a trade-off; they give you customisation but you lose privacy. why do they have to be a trade-off?
Why is there not one single web browser out there that will let me say "accept cookies ONLY from "www.slashdot.org"? or "no new cookies"?
the closest i've seen yet is a feature in IE4/mac (and maybe other browsers, i'm not sure..), which i use, which asks you every time you visit a site whether you want to accept cookies from there in the future. if you say "no", it throws out any cookie information from that adress in the future. But, of course, this means that every time i visit a site i've never been to, i have to deal with a little dialog box saying "do you want to accept cookies from www.blah.com?". And because for some reason this dialog box has been made modal, and because of the mac os's cooperative multitasking, this means that until i go and click that dialog IE doesn't load anything. grr.
what i'd LIKE to be able to do is get the cookie from www.slashdot.org in my file, and then tell the browser to never accept any cookies again and not let any sites except slashdot.org read cookies. But that's not an option, so i put up with the constant dialog boxes.
It's too bad the web browser companies go all or nothing with their features. There's some situations where you want something more flexible than a simple on/off switch. Instead of having a little click box saying "allow javascript" it would be very nice to be able to allow only _parts_ of javascript; like, allow document.write()s and mouseovers and things that pages require to work, and then disable things like popup windows.
Of course, this is why mozilla is such a good thing. i like the idea of being able to delete huge swaths of code from my web browser.
thank you for your time.
-mcc-baka
why web browsers suck: http://home.earthlink.net/~mcclure111/cyberleary.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Junkbuster discards all cookies, except from those places I want them, such as slashdot. Most other places that require cookies aren't interesting enough, so they loose me. Junkbuster also kills those stupid banner ads. :-)
A simpler solution is to disable cookies in the browser. Netscape at least has a setting for that.
It doesn't ask for your name. The URL brings up a page that explains what opting out does and then if you decide to go ahead you click a link, it does it. They never ask you to type a single thing.
That's what Roaming Profiles in Netscape are for. :)
Actually, disabling cookies with GIF's won't help very much, as most new banners are shown through iframe/ilayer, which means that your browser requests a true web page from the ad network (btw...Slashdot does this too ;)
Martin May
I use (*sigh*) IE5 to show me offered cookies (my making custom changes to the Internet security zone). Any image server that wants to give me a persistent cookie goes into my Restricted Sites zone, which (among other things) are prevented from giving me cookies.
Here's my list:
The hosts without the * are the scariest. ngnetwork.pcworld.com is offering me a cookie named NGADsomething. Want to bet that host, though in the pcworld.com domain, is actually the IP address of an ngadcenter host? In other words, you can block the ngadcenter domain and NGAD can still track you. Ouch.
I haven't (yet) set up host lookup to set all those hosts and domains to 127.0.0.1, but I'm thinking about it. --PSRC
Stupid job ads, weird spam, occasional insight at
If you do use junkbuster, comment out the following lines from the blocklist file:
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Just wondering, what is this "poll tax" you refer to?
"All those tubes and wires and careful notes!"
There's a further refinement you can do, though, and it's similarly quick and dirty. Aren't most of us running an Apache server or three somewhere? Well, if those missing-image icons look like crap to you, to, just stuff something like the following in your httpd.conf (I'll just treat the doubleclick case for simplicity):
This way, you see, you not only get a filler image of your choice (which could be just a patch of solid color to scale), you get to track them in your logfiles...
Notes:
I run a program, Proxomitron, that allows me to kill nosy scripts, kill geocities popups etc. At first it was divine, most banner ads were killed and a lot of annoyances were gone. Suddenly, i could not log into excite's free web mail unless i turned the Proxomitron off. It falsely tells me there is a communication error. This is not true. What is more, at one point I could log in fine with the proxomitron, this just started after a recent "upgrade". I have stopped using that account, but this is really annoying.
I really wonder what exactly their page is up to.
--- If you don't want to know the answer, don't ask the question.
For those of us with MacOS, go to this page on Apple's Develope network site: http://developer.apple.com/qa/nw/nw59.html
The syntax is:
localhost CNAME foo.bar.com
foo.bar.com A 127.0.0.1
I don't yet know if it works, but the info is there if anyone wants it.
I'm going to try it anyways. Can't hurt?
Ppoe
ie
It doesn't mean much now, it's built for the future.
junkbuster......ever since I've started using this things have become so much easier. It's nice to do a tail -f on the junkbuster log and see exactly how many sites try and set cookies. Plus I don't deal with banner ads. If i find a site that has a banner add being served up, I view source and put it in the blocklist. There are 2 sites I allow banner ads from, slashdot and freshmeat. I want to support these sites and so I might get served an ad I want to follow through.
"We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
This is known for a while. I rip off some lengthy snippet from photo.net, which illustrate the potential of cookies quiet well. Read the really interesting full text here (somewhat down the page).
Magic cookies mean the end of privacy on the Internet.
Suppose that three publishers cooperate and agree to serve all of their banner ads from http://noprivacy.com. When Joe User visits search-engine.com and types in "acne cream", the page comes back with an IMG referencing noprivacy.com.
Joe's browser will automatically visit noprivacy.com and ask for "the GIF for SE9734".
If this is Joe's first time using any of these three cooperating services, noprivacy.com will issue a Set-Cookie header to Joe's browser.
Meanwhile, search-engine.com sends a message to noprivacy.com saying "SE9734 was a request for acne cream pages." The "acne cream" string gets stored in noprivacy.com's database along with "browser_id 7586."
When Joe visits bigmagazine.com, he is forced to register and give his name, e-mail address, Snail mail address, and credit card number. There are no ads in bigmagazine.com. They have too much integrity for that. So they include in their pages an IMG referencing a blank GIF at noprivacy.com. Joe's browser requests "the blank GIF for BM17377" and, because it is talking to noprivacy.com, the site that issued the Set-Cookie header, the browser includes a cookie header saying "I'm browser_id 7586."
When all is said and done, the noprivacy.com folks know Joe User's name, his interests, and the fact that he has downloaded 6 spanking JPEGs from kiddieporn.com.
Uhm, just checked, maybe it's time to deliberatly alter the content of my cookies...
From http://www.doubleclick.com/privacy_policy/ :
In addition, in connection solely with the delivery of ads via DoubleClick technology to one particular Web publisher's Web site, DoubleClick combines the non-personally-identifiable data collected by DoubleClick from a user's computer with the log-in name and demographic data about users collected by the Web publisher and furnished to DoubleClick for the purpose of ad targeting.
There are some cases when a user voluntarily provides personal information in response to an ad (a survey or purchase form, for example). In these situations, DoubleClick (or a third party engaged by DoubleClick) collects the information on behalf of the advertiser and/or Web site. This information is used by the advertiser and/or Web site so that you can receive the goods, services or information that you requested. Where indicated in some requests, DoubleClick may use this information in aggregate form to get a more precise profile of the type of individuals viewing ads or visiting the Web sites.
It's interesting to see whats in there...especially the ones from slashdot that have the letters "SSN" in them.
Am I the only one a bit concerned by the following tag line from Naviant's full page ads in many tech /business magazines from the past few months:
"New precision web targeting from naviant combines physical-world data with online behaviour - for the very first time"
The copy continues:
"With the acquisition of IQ2.net, we're taking data integrity to a level it's never reached before that includes name, address, demographics, psychographics and clickstream behavior."
- all quotes from page 115 of the November, 1999 issue of Fast Company, the ad has also run in a number of other magazines
The phrase "psychographics" is a peculiar one, very much makes me wonder where they are getting their information, and to what purposes it will be used.
Shannon Clark
-- Join us in Chicago May 1-4th for MeshForum -- writer, historian, tech geek, entrepreneur, internet junky since '91 --
Man someone spouts the knee-jerk privacy rant and he gets moderated up. Must be revenge for the top-level AC's getting moderated up. The difference? The top-level person made a coherent argument, this clown I'm replying to is trying to draw a comparison between cookies and someone watching you while you shower?!? What a joke.
Blar.
-----
--
perl -e'$_=shift;die eval' '"$^X $0\047\$_=shift;die eval\047 \047$_\047"' at -e line 1.
Yes, But we were too polite to mention it.
:-)
"Yes, there are two paths you can go by, but in the long run there's still time to change the road you're on." Somehow seems more appropriate for the url
Wouldn't it be possible for my browser to have an option to fetch inline images in a page only if the image was on the same server as the page? That way I could see the useful content, but discard all banner ads. Or would I discard too much useful stuff too? Comments?
11.0010010000111111011010101000100010000101101000
I think I've confused the UK authorities still further - I've moved to Sweden :-)
:-)
Anyway, I think you raise valid points - at the end of the day, I truly believe privacy is a personal issue. In Sweden there is a national ID card system such as is stronlgly resisted in the UK, but I haven't seen any real evidence of it being misused yet.
Good luck in keeping yourself hidden - and don't get caught doing anything naughty now
A little planning goes a long way...
I have read the article and I understand all the concepts presented. However I'm still having a hard time convincing myself that this is something I should be worried about.
Y'see I don't particularly mind seeing banner ads. Hell, I even click through occasionally. I completely sympathise with those who hate banner ads however, especially on the grounds of bandwidth.
However opting out of DoubleClick's system isn't going to stop you from receiving banner ads. It just means that they won't be able to serve you the banner ads that their system thinks you will be most interested in.
At the same time, there are commercial organisations collecting and storing information about my habits every day - supermarket club-cards, Visa spending patterns, online book purchases etc. I truly hope that for the most part they are doing so, in order to learn more about my habits as one of their many customers. To be honest, unless they start sending me unsolicited spam, I don't find it too much of a hassle.
I also sometimes think it must be quite amusing, as I live a fairly unconventional lifestyle.
I spent a few years hiding from all the lists I could. I was avoiding the "poll tax" in England. Every 6 months I moved house, I worked so I wouldn't be on the unemployment register, I never filled in official forms.
The tactic worked, but it was hard work. It also meant no credit, difficulty getting banking facilities, difficulty getting utilities connected when I moved house - everything was a lot of hassle. In the end the Poll Tax went away and I was able to come back into normal life and start building up a credit rating etc. Much easier to manage life.
In short - I understand people's privacy concerns, but how serious is it really, to have targeted advertising pointed in your direction??
A little planning goes a long way...
However, I was surprised to see a banner ad for specials at Austin area stores -- a convenience store chain, I think -- on the banner. So either I had some very inventive cookies, or they were making a guess based on my ISP, Illuminati Online which only covers two cities in Texas, Austin & Houston, in terms of dialup.
-- 'As it all washes away you know -- as it all is one, no one is alone.' -Cosmic Disorder
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
I noticed something new from the NY Times today - they usually try to set two cookies, and I let them, but now they've got a third which is especially interesting in light of the anti-doubleclick techniques discussed here.
The third cookie they tried to give me today's name and value were -
RMPP-.doubleclick.net-id=A
.. the cookie itself was sent/requested from privacyproxy.nytimes.com, whatever that is.
I don't know what those are used for; they're not discussed nor disclosed in the NYTimes' online privacy policy, which does disclose/explain the other two cookies they serve.
It seems to be attached to the "House Passes Cybersquatting Bill" story, but not to some of the others, if you'd like to take a look for yourself.
**Ignorance, fear and unjustified paranoia mainly**
Perhaps... but why do we not seem to care if these companies track our every click. How would you feel if the automotive industry installed a GPS in your car then tracked your every move, only to sell the information to marketing companies. "Hey..that might be nice... then I can get targeted ads sent to me based upon my habits"... uh...I don't think so. Or heck.. why not tatoo bar codes on our heads then we can install scanners in every store that will read those and track your every shopping habit ???? I doubt many pepople would tolerate that.
So why do we tolerate it on the internet ? I think it's important to remeber that we are in the early stages of the web, as technology grows this will only get worse.
I don't have anything to hide, but that doesn't mean I should have to give up the right to be anonymous when I choose.
Cookie Pal intercepts all cookie-setting attempts as they happen and lets you decide on a site-by-site basis whether to accept the cookie or not. It also lets you set wildcards so anything from *.doubleclick.net is rejected, and *.slashdot.org is accepted. Mine has a huge list of auto-reject sites, a small list of auto-accept sites. If the site I'm visiting isn't in either list, Cookie Pal prompts me with 4 options: Accept Always, Reject Always, Accept This Time, Reject This Time. I could just as easily have it auto-reject or auto-accept sites not in my lists. It's a very lightweight program with a simple but effective UI that I can't recommend enough.
AtGuard takes care of the banner ads (although it can do a lot more than that). It is basically a transparent firewall. Some of the more useful features: block images based on whole or partial URL matching (anything from doubleclick is rejected as is anything matching "*ad/*"), block HTTP_REFERRER fields, prevent animated gifs from looping...
Thanks to these tools I haven't seen an unwanted banner ad or animated gif in months, and the only cookies I have are the really useful ones that store preferences or enable shopping carts, etc.
I want to see if I can add some of these features to Mozilla (when I get more time) so everyone can have them available and so the internet-ad economy collapses. Call me a luddite, but I really miss the days when it was unheard of to even have a bit of promotional text on your web page.
Yep, there is. For IE, go to the security tab under internet options. Click on the restricted sites, then click the "Sites." button under it. Type in the sites you want to block em out on (*.geocities.com, etc.). Click ok, then "Custom Level" at the bottom. You can disable everything or just "Active Scripting" which will get rid of the popups. -ruD
And for those who didn't take a look at it before here's a link to Slashdot's article on David Brin's privacy book "The Transparent Society"
Since your UID is smaller than mine, I can only conclude that you're trolling. -s20451 (410424)
There is also a nice URL to verify that you are runing the proxy correctly, and displays the loaded blocklist and configuration. It works great as a home page.
I've been using this setup for quite a long time and I am very happy with the results. The browsing time is greatly increased and without the clutter.
Why not set your browser to accept cookies, and then make the cookie file read only.
That way cookies only last for the length of your netscape session.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
I know it happens since I see it at times. Ever notice how you seem to get banners about things going on in your zone of the world but not in others? They, doubleclick, track you down even to the point where they try to access a port on your machine, for me it was port 8, and using the reply info (time to opne the connection) they can guess within a couple of states where you are.
How did I find this out? Because I could, I setup a firewall to block everything bellow port 1024, and noticed a barage on my port 8 one day. I resolved the ip's and found it to be *.doubleclick.net. After a while, I noticed the traffic to be less from accros the us and instead from the tri state area. Yes, I am in NY.
So even if you turn off your cookies, there are demographics on you stilll
-
ping -f 255.255.255.255 # if only
Actually it's fairly easy, using this method, to just collect all of the cookies you *want* (slashdot is the only one I keep), delete all the other lines, and then make the file read-only. This way you get convenience, but only when you want it (I read slashdot up to 6 times a day, logging in manually each time.. ugh), and don't have to use a resource-gobbling helper program or a bandwith-gobbling proxy. Best of both worlds.
fh
When a company needs to sell a product, and do by only paying what they need for banner ads, what would be the most efficient payment for banner ads? Targeted per click ads? Targeted per sale (more revenue per customer of course) or just a flat rate? What do the major companies do?
Cleaning out this file does a couple of things for my peace of mind. 1) It screws with the statistics of all those places that use cookies for tracking me. 2) It clears out potentially percievably incriminating data if my employer were to decide to hire web-Nazi's to see what people are doing on company computers even in their off hours. If I ever want somebody to know what I've seen on the net I'll tell them myself.
--
My office has been taken over by iPod people.
But CmdrTaco does have a rich uncle! His name, if I recall, is Andover Dotnet. Cool guy, although he tends to throw lots of money around for really silly things...
Now, read a page on the web, you tell DoubleClick about that! As I see it, compromising your privacy to someone you do business with is no concern, giving out the details to some third party is.
To clean my cookie file everytime I login, I use the following script:
.profile:
==== ~/.netscape/fixcookies ====
#!/bin/bash
cd `dirname $0`
umask 077
prog=`basename $0`
GREP=/usr/bin/grep
# create lock file and fix cookies
if ln -s $prog $prog.lock 2>/dev/null; then
$GREP -f cookies.valid cookies.new
mv -f cookies cookies.old
mv -f cookies.new cookies
rm -f $prog.lock
fi
==== end ====
==== ~/.netscape/cookies.valid ====
^#
^$
^slashdot.org\>
==== end ====
And add the following to
# delete bad cookies
~/.netscape/fixcookies
This ensures that bad cookies I receive only last one day or so.
and run it when I login. Cookie pecker is a trivial perl hack which reads the cookie file and changes a random character in each cookie to a random other character.
Reality is 80m polygons - Alvy Ray Smith
It seems to me that better than banning all cookies attached to GIFs, browsers should have reasonable cookie handling options. So far I seen precisely one browser that appears to handle them vaguely sensibly, and that is Lynx (!).
When you are prompted to accept a cookie, as well as Yes and No options, you can indicate Always or Never to accept cookies from that domain. If netscape had this option, and kept your choices persistently (which Lynx doesn't for now) the matter is very simple. Just choose 'Never' the first time you see a doubleclick cookie. In addition Lynx allows you to view all currently held cookies and discard them at will or change Always/Never options by domain.
The only things I found dismaying was the number of sites that use an algorithm for creation of a user id based on your ip address. The other one was x10.com having my name in there (presumably from that firecracker deal they had a while back)
Not a huge deal, just time to update my sblock.conf
-transiit
Cool features include an estimate of the time saved by not downloading banner ads, a switch to block popup windows in Java(script), and a switch to modify animated GIFs so they only play once.
When something comes up it hasn't seen before it pops up a dialog asking how to deal with it. This is the firewall software for your grandmother, or at least as close as it can be.
Altogether a nice package. BTW, I have no relationship with these people other than as a satisfied customer.
Paul.
You are lost in a twisty maze of little standards, all different.
Just as importantly, no server can read another server's data, each site reads only its own cookies
... I've been fed up with this for a while now. I use AtGuard (Win32) to block ads, cookies, referrers, and access to most ports and transport protocols on my box. This does a few things, first is "secures" my swiss chees ... err I mean Windows box a little by allowing me to control all incoming and outgoing packet traffic (ICMP, IGMP, UDP, TCP, etc.) second, it lets me block cookies on a site by site basis. When a site wants to drop a cookie, the software asks me if I want to accept it or block cookies from that site. You'd be AMAZED how many sites use cookies that you'd never expect. Third, I use it to block referrers so if I'm at a page that I don't want public, it won't be due to someone parsing their access.log's looking for stuff. This also helps prevent any poorly written script that uses names/passwords in the URL from giving away my info. And lastly, I use it to block ads on many sites ... mainly those commercial sites (like ZDNet) which are simply overrun with ads. I usually allow ads on sites that really need the support for revenue.
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Now, as for tracking, cookies, and ads
And yes, I run ads and cookies on my site out of necessity, not marketing or demographic reasons.
I think it's choking on some HTML, because I once cancelled it while it was loading a page that would do this repeatedly. Then I viewed the page source, which retrieved the rest. I saved the file and viewed it locally, but it still hung.
I suppose this wouldn't work for everyone, but most of my favorite sites are all about images (gotta get my Dilbert/Bizarro/Zippy fix.) Even though most images on these pages are the same each time and just get loaded from my cache, I find it faster to just click the image icon in the location where I've grown accustomed to clicking it. I assume this is mostly due to waiting for (uncached) animated banners.
I know you said that you quit Netscape, but are you _sure_ that Netscape knows this? With Netscape 4.6.1 on Linux, I've seen netscape processes running days after I "quit" Netscape. If that's what's happening to you, and the page Netscape thinks you're looking at has a DoubleClick banner, that would explain the behavior you're seeing. Of course, if you've allready checked your process table, this isn't an issue. ;)
If, eventually, ever site on the net uses the same one or two huge ad banner companies, and they track you with cookies and then let's say they decide to share tracking info with each other.. They now have a complete log of every web page you visit that has ads. Targetted advertising is merely the best way that ad banner companies have come up with to "use" this information. There are other, far more useful/insidious ways to use this information. For what it's worth, although cookies make this much easier, it's not impossible to do it without them.
Anyway, advertising is not the issue -- it's the information behind the advertising. The issue is not that an ad company can give you targetted advertising -- the issue is that, because a single entity is present on a such a large percentage of web pages, you can be tracked and identified as you surf the web. If you don't care about maintaining privacy on the web, then likely you don't care about this either.
--- Where's my X.400 protocol decoder?
In Netscape, look for the file 'cookies.txt' in the Netscape directory (or one of its subdirectories.) Open this file in your text editor and delete everything after where is says "Do not edit." Save the file, then change the file's properties to 'Read only'.
Now your browser will accept cookies but will not save them to disk. They will be able to track you only for the current session while the cookies are held in RAM. Once you have shut down your browser, they are all lost and the next time you visit a website with one of their banner ads, you are a whole new person to them!
You can do the same thing in IE by changing the properties of the 'Cookies' folder.
Ideology is for ideots.
I agree. I fail to see the logic in giving a company my name and info just so they won't collect my name and info about me. I would prefer that they just don't even know that I exist.
On a tangent to this, I hated it when supermarkets brought in their customer cards and you could no longer buy anything at sale prices unless you gave all your personal info. My solution? I simply created a virtual identity. The store now thinks my name is Peter Rabbit, not Trickster Coyote, and that I live at a non-existent address around the corner.
Ideology is for ideots.
don't file taxes
This is the difficult one. It's possible to pay your taxes without filing, or getting any identifying numbers, but you have to plan it very carefully and avoid certain kinds of investments. You also have to read way too much income tax law and argue with people paying you a bit. Having photocopies of the chapter and verse of the law is very useful.
***********************************
I tried this and the state attached my wages for not filing, even though they owed me money!!! And beware the feds will keep any return not claimed within three years! I got a very expensive education via that loophole, if there is a way around either please quote state or fed regs that apply.
Rick B.
GIFs are evil anyway.
-- Real free software sites don't use GIFs.
Hmm.... Can we tell I only scanned through the article? It offers a link to basicly the same thing.
------
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
This URL sets a cookie which allows you to opt out of doubleclick.net's tracking. http://ad.doubleclick.net/cgi-bin/optout?
------
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
What it should also do is let you provide a function to determine whether a cookie should be accepted, so we can reject cookies based on the URL (and mime type - a much more general solution than saying "html only").
This is exactly the sort of thing I want an open source browser for.
A few weeks ago I simply configured my Squid proxy not to let anything from Doubleclick.net go through. It's totally transparent to my users and I spared 1.5% of my total HTTP traffic (that's what Doubleclick.net was costing me before...).
Of course, you meant a shell script and a Perl program. Very funny sarcasm there...
-
Someone wrote in an earlier discussion (I won't take credit for it) that their ought to be a server that mimiced doubleclicks url interface, so that we could simply point doubleclick.net at that server in our hosts files. Maybe the server could sell adds and give the money to charity (and not tracks users, and carry only 2 kB static gifs).
I wonder if they would sue for that...
Most important: please don't start advocating laws for to solve things like this. Informing about it is good (this was a great article) but enforcing by violence, and our laws are based on violence, that which can be solved by intellect (a simple hack that keeps doubleclick and co out of your cookies file) is ALWAYS BAD.
-
Why bother with letter DoubleClick decide to remove their cookies? Do it yourself! In WebTechniques, Randal Schwartz wrote an Anonymizing Proxy server in Perl that can run as a console app in the background that you can use to strip out all your cookies (as he wrote it), or, with a slight modification, you can have it strip out only DoubleClicks's cookies.
The original column is at http://www.stonehenge.com /merlyn/WebTechniques/col11.html (code here), and he updated it (a "Preforking, compressing proxy" (code)) last February. He also wrote a "Cookie Jar" (code here) application that can be used for the same purpose.
They all run on *nix, of course, but I have gotten the original proxy server running on a Win95 box and on WinNT boxes using ActivePerl.
Check it out. Take control for yourself--don't rely on their ridiculous "opt-out" option. Fight back.
darren
(darren)
That, or turning off auto-loading of images. I never get banner ads. :>
Imagine applying that to the rest of the advertising world.
I'm reading a magazine. Upon seeing an add for a new car, if I'm not immediately calling the dealership to get more info... the add has failed.
I'm watching TV. McDonald's tempts me with various fast, hot offerings. If I'm not immediately driving to the local franchise the add has failed.
The radio's music selection is interupted. Coca-cola plays the "pop-hsssssst" noise of a fresh can being opened. I should be at my fridge and rooting out a Coke like some kind of experiment by Pavlov. Otherwise, the add has failed.
Please.
Advertisements don't generate immediate sales. They get the product out there in the minds of an audience. They let people know they're there. They might even, gawd forbid, SAY something about the product. But the main intent is mindshare. The consumer should think "I'm hungry" followed by "McDonalds". Coca-cola (followed by Pepsi) own the soft drink market. They're entrenched. Why bother spending huge amounts on advertising then? Mind share.
Click-through rates are an antiquated part of the web. Sure, bleeding edge companies like DoubleClick needed something to convince advertisers to divert funds from tried-and-true traditional media. But now its extra baggage.
Electronic media is becoming a part of the mainstream. Sure, traditional media will insist on the greater validity of "traditional journalism". While the point is weak at best, they are partly correct; traditional media will still be around. But it is slowly being time shared with its new online cousins. That means lost advertising time in the traditional space. That's less time to generate mind share for your product. If an advertiser wants to make that up, they need to also run online banners.
Advertisers WILL advertise online - with or without click-through rates.
Saaay. Spammers are kind enough to offer the same services. Maybe I should send THEM opt-out messages too?
For some reason, I fail to trust either.
Why boycot M:tg because of TV adds? If it weren't a Magic add it'd be an add for something significantly more lame.
-- The act of censorship is always worse than whatever is being censored. Always.
There is a nice little personal-proxy utility from Siemens, it's free for personal use, and does a good job of cutting the ads completely.
It can also remove referring-page info, etc.. and is very easy to setup and use, windows only unfortunately.
Have a look at: http://www.siemens.de/servers/wwash
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
Got that? It means I have to opt-out on my computer at work, my laptop, and my computer at home. Not only that, I have to remember to do it anytime I do a reinstall and my cookies are wiped. Otherwise, they'll start the tracking all over again.
You know, at times, I think the Luddites may have had the right idea.
"We're sorry, but the website you're trying to reach has been disconnected."
If you find the tone a little too egoistic, I think you missed the punchline:
Now does this have anything to do with my request for proof about "anybody can find out anything about anybody", or are you just feeling cranky?
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Embedding information in a URL doesn't carry from one session to the next, and can only carry from one page to another with a direct link. Completely different than what is possible with cookies.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
They use cookies, and also collect IP addresses. Yahoo does research on users' demographics, interests and behaviour based on your registration, server log files, from surveys and during a promotion, which it then shares with "advertisers and business partners".
Yahoo is also allowed to match user information with third party data.
Yahoo allows you to switch off cookies, but then you can't use its services, such as the web e-mail.
Non-techies might then use Mozilla because it protects their privacy better.
perl -e 'fork||print for split//,"hahahaha"'
Perhaps in light of the recent attention dealing with cookies and security, dealing with large user databases and ad servers (see the Slashdot article http://slashdot.org/article.pl?sid=99/10/22/024921 2&mode=nocomment for the concerns/problems people have), I condsidered a possibly feasable alternative to the cookie-attached-to-a-gif problem. Instead of changing HTTP, and removing a widely (mis)used function, you could offer partial Do Not Accept ability for cookies. In other words, you could have Netscape save a list, in an external importable text list, of servers you don't want to accept cookies from. Then pages that use cookies for USEFUL things (e-shopping, user prefs, etc.) don't lose their functionality, while pages with possibly imposing or veiled intentions (ad.doubleclick.net) won't be able to read a thing. And while the obvious solution for most banner services with directed marketing would be to take out as many servers as they can to get around the loophole, you could have several more options, such as "ban all except certain servers" or "ban all selected servers" or "ban from IP range" and disable all on an IP of any number of codes (such as any coming from 207.X.X.X or just 207.28.42.1). Also, I'm sure some overconcerned zealots would have a regularly updated composite ad-banner server list that you could easily use the (previously mentioned) import feature to update.
I'm sure this would be relatively easy to implement, since it's all just scanning and comparing, but I didn't suggest this to mozilla.org because it's not a bug, I'm no C guru, and it's not implemented in the binaries. And I'm sure if this were implemented in a certain form, it would let several power users and paranoids and privacy buffs sleep better at night, while not interrupting their slashdot user prefs.
And it would also evade the other current solution of turning "confirm cookies" on, and getting swamped by little confirmation boxes every time you load any page with an ad on it (most professional sites).
Thank you,
- WrexSoul
\/.
vvv
- WrexSoul
\/.
vvv
That's a good point...how does DoubleClick know it is obtaining information from people in countries in which it is legal to do so? Is there a way for DoubleClick to know, besides looking up an index of ISPs and discarding the information if it is illegally obtained, which I'm sure they would never do...
It's 10 PM. Do you know if you're un-American?
They really don't, but when this major company can combine your webclick data with and actual real person, well that's kinda like spying. Not counting the amount of mail that could generate you in your mailbox. If you think that Junk Snail Mail is a dying breed think again. If they have you name and address and they feel that they could send you something in the mail and you buy I guarantee that it will be moving in your directioni rather quickly. Maybe that is what they are doing here as well. Maybe they are going into the Junk Mail business as well, using the online click methods to target mail to your house.
Good is never enough, when you dream of being great!
Thanks for pointing that one out. I have just started using Linux myself and haven't really looked at all the settings in Netscape thinking they were all the same. I don't know if 4.61 has that in Windows because my motherboard is out on my Windows machine. thanks again though
Good is never enough, when you dream of being great!
I hope the internet porn industry gets a hold of this and only sends me banners for porn I want to look at, no more "fat girlz here", "pregnant chicks", or "50 plus", lets not even touch the gay ads...
Note to self: No more arguing with the faithful.
If you want a more comprehensive solution...check out Zero Knowledge Systems (http://www.freedom.net). It is the only way I've heard of to *completely* protect your privacy (of course it still depends on you being discreet with your personal information)
"You can't win. You can't break even. You can't quit." -A. Ginsberg
I don't worry about organizations like this being able to find out my home address, since i figured out early on that most sites will accept addresses like:
Cray Drygu
27 Sample St.
Mighton (my-town, get it?) ME, 01435.
Obviously totally made up, but they take it anyway. Places offering free services online do not need my home address, so when they require it, I just feed them something like that.
It helps, too, that I have a proxy set up to deny everything from *.doubleclick.net and every other ad-banner URL I could find. Sometimes I take it off when surfing /., but other than that, I almost never see banner ads, just these mysterious banner-ad sized blank spots...
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
Hey all, conspiracies are sexy but..
Let's just get something straight here:
yes lack of privacy sucks, but who do you think is getting this data? dclk doesn't care if you surf pr0n, dclk doesn't care if you are a lefty. dclk wants you to buy stuff, credit card companies want you to buy stuff. The motivation here is greed, not big brotherish evil. Any one of you that has money in internet stocks right now has money in the development of more privacy invading tools, sorry that's what brings in the money and that is what matters. How can dclk know that you where at a extermist site? do they run banners on extremist sites? are the cookieing you at that site? they don't advertise on pr0n sites either, so relax. Why would dclk want to sell their demographic data to your potential employer? they're gonna make a shitload more money selling it to landsend so they know you like sweaters? dclk can track you across their network only so unless you are being hired by a company that hates people who surf ivillage or any other middle of the road non-controvertial portal nonsense. Just be cool, go worry about the shitty state of american government or how much privacy you are losing in meatspace. Opt out of the cookie and surf pr0n (accidently or not)safe in the knowledge that you are safe from big brother. Doubleclick will never hurt their own position,image is king in overhyped internet stock land, they ain't gonna hurt the bottom line.
and I would like to add my vote to the group of people who say be wary keep you eye on big business to make sure their greed doesn't get out of hand, but where did all of you get your sense of entitlement from? why can you just have all the content and labor on the web without anything?
I click on a banner once and while just to even things out. I figure that my three years plus of free information and entertainment is worth that.
as a PS.
TO the guy that didn't get a drivers license because he is worried about privacy, who are you, carlos the jackal? what are you doing? do you collect pipebombs or anthrax spores? The government wants you to pay your taxes and not kill people, that's about it baby. certain people in power wish that we lived in a fascist state, but 99% of the government doesn't even want to know what you are doing. And I believe that there is often more at work than we are told by the mainstream media. I just don't want to be that paranoid.
Think what we will be able to do with the final mozilla code though:
Oh, for more coding time and less projects to work on!
This was a great article and was very informative. I wasn't aware that GIF's could be used to track us through the internet. And to think, Slashdot is one of the websites that allow them to perpetrate this crap on us. I used to think Rob and Hemos were working with us but they're really working for The Man after all.
Hates people who have stupid little sigs
I have developed a little different way to do an opt-out without relying on the company. All I do is delete all the cookies I do not want using a bat file (ie del C:\windows\cookies\username@doubleclick.* ) for IE and write a little QBASIC proggy that scans Netscapes cookies.txt and deletes all the lines that contain something I don't like.
OK, the unwanted cookies do not get removed when I'm online but everytime I reboot the unwanted ones get thrown out, forcing ad banner companies to set a new one every time.
Just thought I'd share the idea.
What we should do is all cut and paste the same data into our double-click cookie, so we all look like the same person to them.
Andrew Semprebon EQ Systems Inc.
why do people seem to think cookies are some form of spying?
...that take our cookie files and replace those cute hex digits with random numbers? Run your program once a day as a public service to privacy.
Here is a chance for "passive cracking". I change a file on my own machine and it trashes an ad company's data base. Naturally, they would try hard to identify such efforts, but it ups the cost of invading my privacy.
It is better to *keep cookies on and falsify* the information that to opt out!
We might even succeed in creating a new demographic segment: "people who screw up demographic databases for fun".
In all the articles I see on this topic, in print and on line, the main theme seems to be targeted advertising - as if this were a Bad Thing!
People, Targeted Advertising is a Good Thing! It means less meaningless crap spamgunned at you in hopes that you're one of the two percent interested in it!
NONE of the articles I've seen on this address the real problem: the potential for abuse of the data that tracks your purchases, shopping, and surfing habits. Nobody says anything about that, they just say that "advertisers will use this data to more precicely target their advertising".
I say horay for the advertisers! Now will somebody please take a look at what ELSE is going on here? At the potential for abuse, and what is actually being done to address it?
#Created10/26/99bythenon-mousecowherd.Norightsrese rved. r eview /\/g)eeep!Ihopeitworksforyou. y ourownRISC. e agewillvery. s ources,tostifle e sisleftasan n ewcookiefile} r egularly. s w ed i es.txt n g f ore
l low_cntallowed\n";
#well/.mademejumpthroughhoopstogetittoindentinp
#(:,$s/\t//gand:,$s/
#Nowarrantyexpressorimplied.Useatyourownrisk,on
#WorksformewithNetscrape4.6/perl5.00503.Yourmil
#Internetexploderusersneednotapply.
#Seewww.they.comforfurtherdisclaimers.
#
#purpose:
#useittoperiodicallycleanoutcookiesfromunwanted
#trackingefforts.Malliciouslychangingcookievalu
#exercise.BUG: Youshouldreallybeabletosetallow&denyinyour
#browser.Mozillafeature,anyone?
#
#usage:
#cookiecutter.pl[-comment][-deny]{cookiefile}>{
#-comment
#commentsoutdeniedlines,insteadofdeletingthem
#yourcookiefilewillgrowwithoutboundifyouusethis
#(yourcookiefilealreadygrowswithoutbound,butthi
#willmakeitgrowfaster)
#-deny
#denybydefault,allowonlyentriesspecificallyallo
#cookiefile
#somethingliked:\netscape\users\{username}\cook
#newcookiefile
#wherethecleanedupcookiefileshouldgo.Copythisto
#cookiefiletouse.Backingupcookiefilebeforecopyi
#newcookiefileoveritmightbeagoodidea.
#Makingitthesameascookiefileonthecommandline
#isabadideaonsomesystems.Shutdownthenetscrapebe
#youcopyit.
#Tabstopsare4
useGetopt::Long;
$lineno=0;
#Theminimalistapproach(usedonlywith-deny)
@allow=(
'(.*)(\.?)slashdot\.org'
);
#theotherway
@deny=(
'(.*)(\.?)flycast\.com',
'(.*)(\.?)doubleclick\.net',
'(.*)(\.?)usa\.hyperbanner\.net',
'(.*)(\.?)go\.com',
'(.*)(\.?)snap\.com',
);
GetOptions("comment","deny");
MAIN_LOOP:
while(){
$line=$_;
split;
if($_[0]=~/^#/){
print;
nextMAIN_LOOP;
}
if($opt_deny){
foreach(@allow){
if($_[0]=~/$_/){
$allow_cnt++;
print$line;
nextMAIN_LOOP;
}
$opt_commentandprint"#$line";
$deny_cnt++;
}
}
else{
foreach(@deny){
if($_[0]=~/$_/){
$deny_cnt++;
$opt_commentandprint"#$line";
nextMAIN_LOOP;
}
}
$allow_cnt++;
print$line;
}
$lineno++;
}
printSTDERR"$linenocookies\n$deny_cntdenied\n$a
Does anyone know offhand what the algorythm for thier id is? I'm thinking a perl script that changes the id in the cookies file with a new value. Thanks.
I also run a proxy server in which it would be possible to embed cookie filtering stuff. Is this possible in say Squid? I can't connect directly to a remote proxy from behind my firewall.
Hmmm....only problem with blocking Doubleclick cookies though is that it seems to break one's abilities to shop at at least one well-known Ecommerce site.
From the WWWAC List, as posted by a user there:
"I was having trouble putting items in my buy.com shopping cart. It kept
telling me I should check my cookies to make sure I had them enabled.
I do have them enabled.
However, in my hosts file I have the hostname ad.doubleclick.net pointing
to 127.0.0.1. (I seem to get about 30% fewer ads from this as I surf.)
Problem is, buy.com is broken when you point ad.doubleclick.net to nothingness.
I removed my block on Doubleclick and buy.com worked fine"
I must say the all-or-nothing implications of this is making me spew my coffee.
Comments? Technical solutions to this?
I do no remember signing a disclaimer with them, and I do not think that they are part of the Criminal Justice System.
Get a free ipod.
Maybe this check box will be in 5.0:
[ ] Block really embarassing cookies.
Netscape can market it as 'Porn Browser of Choice.'
On the other hand, we are all assured by one hundred percent of the mainstream news media that, despite the facts that George W. Bush is functionally illiterate, he has no meaningful positions on any major issues, he knows approximately zip about foreign policy, and all in all his sole "qualification" for the presidency is the accident of his birth, nevertheless said G.W. Bush is almost perfectly sure of winning the presidency, there's nothing anyone can do about it, and why? the main reason everybody states, is because his campaign has $37-million in cash. Now are they wrong? We'll see next fall, won't we?
Maybe sillywiz is unaffected by advertisements but it seems that the rest of us, a sizable majority of us at least, are as thoroughly hypnotized as so many automatons. Like it or dislike it, that seems to be the case.
Yours WDK - WKiernan@concentric.net
How about the web browser makes give you an option to disable cookies from certain servers, or maybe disable any connections with certain servers, or a whole bunch of server/cookie filtering that the user could play around with to make sure they aren't just another user id to some company that wants their money.
SuPz.orG
We don't really classify Football violence as a "riot" bud. Besides, the UK enjoys a really good reputation for crowd control.
Just yesterday FIFA officials said that the UK security facilities [with regard to the world cup]are the most up-to-date they have ever seen.
Bottom line is that the UK just doesn't see the football violence that it did during the late seventies.
However, actual riots that the UK has had of late
Toxteth : Race / Poverty
Brixton : Race
Newbury : Environmentalism
Trafalger Sq. : Poll Tax
Miners : Destruction of the coal industry
There is a certain rebellious culture within the UK. Maybe it all dates back to the punk/anarchist days? It's a very valid part of any society. The theory [and it's well founded] is that if you can't stick two fingers up at authority, then you are not part of a living society.
The LA race riots suprised a LOT of people in the UK
Remember kids! Guns don't kill people - Americans kill people.
Have to disagree with you about the riots. I think y'all (yup. Texan.) are still behind the Spainards. I mean (and I could be totally wrong about this), where else is there a riot every time there is a soccer (football) game? And I thought L.A. was bad :-)
censorship is a form of noise, which actively seeks to drown out content with silence - Crash Culligan
It can be configured to deny connections to any host or url you want, as well as a load of other things.
I have it running on my P133, with 56Kb dialup line, and there is very little browsing performance drop. I am normally browsing through 3 Netscape windows at a time, and some hosts are a little slow anyway.
The perl script will fork when it reaches a preset level of connections, and uses around 2.4Mb of memory for each process, so it's not small, but does the job very well.
Ocean ... Oceanic ... Oceanism ...     Schism
ocean@disinfo.net
Ocean....Oceanic....Oceanism....Schism
ERR:network is unreachabl
I was always curious if there was a way or an application that would allow you to block cookies from certain companies...
for example, when you receive a cookie from the Doubleclick network, it says "doubleclick" somewhere in the cookie. Now, I was wondering if there is someway to block cookies that contain any of the following words "doubleclick, flycast, etc"
Anyone know of an app or a way? I know you can change browser settings to ask you if you want to accept a cookie or not, but that's more of a distraction than anything else these days....
Anyone?
....that will never, ever be implemented.
1. The system finds out I never click through to an ad.
2. The system gives up trying to sell me stuff, and I never have to see a banner ever again.
3. This same system doesn't report back that I and a million other people don't click on a certain set of ads, which causes the sponsers to pull out, which causes my favorite sites to go down.
Like I said, it'll never happen.
Is this post not nifty? Sluggy Freelance. Worshi
Do you mean they are actually going to try to target me with products I might actually want to buy, rather than things I have no interest in whatsoever?
I'll start getting ads for stuff like computer hardware and stop getting ads for orthopedic underwear?!? Whatever shall I do?!?
C'mon people! Being on the right mailing lists is the key to getting *less* junk mail, because if it is an ad for something you might actually want to purchase, it *isn't junk*. And no, I don't work for any sort of marketer. I just realize that reading advertising is often the best way for me to find the best price on the items I wish to purchase.
Maybe it'll mean those morons from "the internet's safest casino" or whatever they call it will stop e-mailing me just because I elect to use a hotmail mailbox.
Don't Kill Me. Eric
Anyone know of any good SW or work-arounds?...or am I going to have to put Linux on this-here powerbook, after all.
Yeeps.
Tom ("the infamous tms") Swiss (not Swift, not Suiss, not Smith, Swiss!) earns his daily bread as a software geek. He holds an M.S. in Computer Science from the University of Maryland, College Park. (If you'd like to pay him gobs of money to develop software for you, his resume is available.) He also studies karate, writes poetry which he reads at various places in and around Baltimore, and plays guitar. He has read poetry at one time or another at open readings at Planet X, Java Heads, Funk's Democratic Coffee Spot, Minas, the Bohemian Cafe, and One World Cafe, and done featured spots at the Adler Gallery (From Our Lips series) and the Raven bookshop (Stark Raven Mad series). He has brought his eclectic acoustic music to the stages of Leadbetter's, Wyatt's, and the One World Cafe. He lives in Catonsville, a suburb on the southwest side of Baltimore. He thinks that the existence of The Simpsons, The Tick, and Babylon 5 justifies the existence of television. Tom came into the world naked, screaming, and covered in bodily fluids on the evening of January 12th, 1970, proving to his parents that the "rhythm method" is not an effective means of birth control. His full name is Thomas Mark Swiss, interesting anagrams of which include "Swish! A storm mask," and "A storm's kiss - wham!" He stands 170 cm (5 ft., 7 in.) tall and weighs about 73 kg (160 lbs.) with brown eyes and long brown hair ("And all should cry, Beware! Beware! / His flashing eyes, his floating hair! / Weave a circle round him thrice, / And close your eyes with holy dread, / For he on honeydew hath fed, / And drunk the milk of Paradise." -- "Kubla Khan", Samuel Taylor Coleridge). He's been accused of resembling Jesus, Satan, and/or Tom Cruise, and of sounding like Jim Morrison and/or Jello Biafra. His Keirsey personality type is somewhere between INTP and ENTP. His blood type is A positive. Tom firmly believes that dogs are far wiser than cats, that Bugs Bunny has the Buddha nature, and that as there are no gods it is necessary that we become them. He is a genuine and authorized pope (authorized by The House of Apostles of Eris), and a self-appointed ersatz Zen Master, pseudo High Priest, substitute Taoist Sage, apprentice Jedi Knight, and Techno-mage in training. He is either a cynical romantic or a romantic cynic, but not sure which. On the net, Tom is a member of the CyberDojo traditional karate mailing list. He maintains the Leather Alternatives Frequently Asked Questions list used by vegans all over the world. He sincerely wishes that everyone on the net would learn the difference between "your" and "you're", but doubts it will ever happen. Tom is often asked about the quotes in his .signature. (What's So Funny 'Bout) Peace, Love and Understanding? was indeed written by Nick Lowe, although it was made famous by Elvis Costello. Why is it in his .sig? Here's the story, excerpted from a USENET discussion with Barbara O'Brien (mahababs@ios.com): >: "What's so funny 'bout peace, love and understanding?" - Nick Lowe > >Most of the time people use phrases in their .sigs that have a special >meaning to them. You just repeat words cause they look nice, I guess. Hmm, so your commitment to peace, love and understanding is to advocate locking people in cages (which certainly devalues and dehumanizes them more than selling sex ever could, if the latter does at all) for consensual acts? On the off chance that anyone really cares about the significance of the quote in my .sig: A few years ago, my friend Mike and I went to a Midnight Oil concert. The last song they did (or maybe second to last) was Nick Lowe's ""What's so funny ('bout peace, love and understanding?)" (often miscredited to Elvis Costello, who recorded the best known version). It was a great show, ending with one of my favorite songs. I was pleased, and we headed back to the parking lot. On the way to the car, we came across two guys, who had obviously just come from the show, shouting and shoving at each other - a fight about to break out. Maybe they just hadn't been paying attention to that last song. I know they heard it; might even have been dancing and signing along to it. But ten minutes later, the meaning was forgotten. I couldn't help it. I yelled, "HEY! WHAT'S SO FUNNY ABOUT PEACE, LOVE, AND UNDERSTANDING?!" The crowd cheered. The pugilists payed no attention. I went over and tried to separate them. My friend Mike joined me. Somehow we broke up the fight and prevented anyone (including ourselves; the pugilists were bigger than us!) from getting hurt. That's my contribution to peace, love and understanding, Barbara. When I see someone about to be a victim of violence, I try to stop it. I try to make peace when I can. If I can't, I try to defend the innocent. I've been fortunate so far in that none of these situation have turned very violent. And if that ain't good enough for you, frankly I don't give a damn. "Born to die" comes from a series of animated shorts (about thirty seconds or a minute in length) shown on MTV around 1987 that began with the voice-over: `Stevie Washington - the angry youth. Born to die. New York's New York. The turn of the century. All crime.' His previous net.incarnations have been fantom(at)wam.umd.edu, tms(at)cs.umd.edu, tms(at)tis.com, and tswiss(at)normandev.com. His current net.avatars are tms(at)bcpl.net and tms(at)infamous.net. This page almost undoubtedly makes him sound more interesting than he really is. To assist you in identifying the suspect, some photos follow:
I know this affects only a subset of /. readers, but: those who browse on Macs can simply and surely defeat all cookie activity by replacing the "MagicCookie" file in their Netscape prefs folder with a folder of the same name.
Since the MacOS forbids replacing a folder with a file, any attempt to set cookies will transparently fail. I've had it so since Netscape 2, and doubleclick just told me I had no cookie to opt-out from!
For those unable to effect this method, what happens if you lock the cookie file?
Whatever you do will be insignificant, but it is very important that you do it. --Gandhi
Turn them on, and you pay for your personalisation with tracking.
:-)). This means I never see the GIFs in question -- does it mean I don't get the cookies? Dumb question I know, but there you are.
But this is a game of bait-and-switch. You accept a cookie from one site, once, and then your personal information becomes a commodity for evermore, accessible to anyone who's prepared to pay for it, and (in the US) you have no right to stop them. That's a usurious price to pay.
BTW, I tend to use IE(work)/Netscape(home), but always turn graphics off (I only care for text
jsm
One thing that you might want to keep in mind that DoubleClick is not collecting information in order to terrorize the population. They very simply want to track where a particular user has been in order to better target them for ads in the future. For example (assuming doubleclick was everywhere), if I were looking at a page, they would know that I visit /. and many other tech sites. That means they would have an idea that an ad for computer software would be better targeted for me than a tampon ad. Does it HURT me to at least see ads that might be of relavance? No, of course not. Of course, there is also the argument that these web ads are the only source of revenue for a lot of these web companies. If too many people start blocking these sites... they will start charging for access, and everyone loses there. If you don't like the ads, ignore them because they don't hurt you. --- "Progress is the God of the Machine"
-rt-
** Evil Canadians are taking over the world. Learn about the conspiracy
Allow cookies in Netscape. Change the cookies file permissions to read-only.
I used to do this...Unfortunately most of my browsing is now at work on IE. But this gives me another idea...Why not FOok with them a little, and make up a generic cookies file (zipped folder for Microsoft-users) that has one person's, say a fictitious one's userid in it (wouldn't that be as simple as changing the text of the cookie?) If enough people were all hitting the web at once with this could you imagine the marketing dept's greif...
"Good god that Mike Rotch fellow goes everywhere!"
mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.
Is how quickly the government will be wanting to sink it's hooks into this info! Even if it is used strictly to annoy^H^H^H^H^Hadvertise to us more effectively, I never asked for this. I never wanted it from the beginning and I just found out that simply ignoring the banners is not enough to keep from being tracked. I applaud /. for putting this up, despite their own banner ads.
As far as the advertiser-apologists who are saying that this is the only way the web exists today, I would like to point out that the links on the slashdot front-page get far more trust and clickage than any 1"x5" piece of animated fluff at top of the page.
Let your freinds know all about it with this link.
mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.
I just check my (netscape) browsers cookie settings....
And found a setting saying "Only accept cookies originating from the same server as the page being viewed".
This just might be the plug to the "GIF cookie" loophole.
Hans Voss
---
Hans Voss
---
"I have no special talents, I am just passionately curious" -- Albert Einstein
As long as you're going to try to devalue the banner ad system, I suppose you have a better model for funding of web pages? I'm not trying to be sarcastic - I've been working on a site, and am trying *very* hard to think of another convenient way to fund it - if you have one in mind, let me know, eh?
I suggest we move this discussion to Cosource.com. Let people who want a solution vote by submitting a request, committing a few bucks, or making a proposal.
I would submit a request myself, but also want to make a proposal.
By "ad.doubleclick.net" do you mean "127.0.0.1"? Am I missing something, or would that be an easy way to avoid all this mess in the first place (that is, on a box where you have root)?
...is that these "Commercials" are becoming too high-tech for their own good! It's going to turn out just like in Futurama where we'll all have commercials in our dreams! =)
...
I've got to agree here. I've worked in these systems on the marketing side
a) anonymity is taken incredibly seriously - even WITH the technology available it is understood how people feel about privacy and in some cases even suggesting a system that could make partial identifications has resulted in being swiftly admonished.
b) Marketing people are trying to help. Remember, they are not technical, they feel they are performing a huge service to the end user and the advertiser by doing this.
What is more likely is that DoubleClick tracks surfing habits and generates a usage profile which demonstrate general interests (for instance, many people who visit slashdot use linux and a not inconsequential number like to eat blue m & ms). This allows DoubleClick to serve ads that are of interest to that particular group...in addition, taking that information you can create a model of an ideal target to crossreference with your named database (making the assumption that the Abacus database contains some useful information with regards to hobbies, employment etc), which can then be used for a targetted mailing campaign.
Yes, perhaps a couple of people in the mailing list surfed those sites but it was because their data profile matched.
People also seem to forget about the sheer volume of data that's there, I think its more than a little egotistical to believe that anyone is interested in YOU as a person. Yes, it may feel 'funny' because you're aware of your own capabilities with regards to using information that our computers generate, and yes, you've tracked down the odd spammer or idiot in a chat room - now multiply that information by a couple of million - the noise drowns out any individuality you may have had.
Matching names to id tags? for what purpose? Personally I dont have time to wade through information to find an anonymous person from idaho who may or may not have visited a hacking site or porn. And neither does anyone else.
Even going out on an extreme limb - ok the company isnt doing it, so the FBI order them to pull your profile?? for what?! The sites that the FBI are interested in are very unlikely to use DoubleClick as their ad server, and no, the banner companies dont cooperate so there's little chance that they can build a huge picture of everything you've done online.
I used to feel paranoid about cookies until i worked in this sector and saw that they really aren't interested in who you are, they do care about making your web experience better - that seems like weird logic but they figure you'd prefer to see banner ads about things you're interested in rather than things you're not. Unfortunately the web has to be funded by something, banners are a way for many sites to keep their information available for free.
Here in Russia a text-content banner network(russian resource) recently emerged. Yes, they deliver pieces of html into their clients' pages.
This is just to show that forbidding cookies alongside gifs is NOT a good way out of the problem. In fact any http-url can deliver a cookie with it. Remember how many tags have SRC attribute beside IMG.
I get around this by setting my browser to prompt for cookies then I just check manually if the originating domain is the same as the site I'm at. Works here at slashdot where the banner company (focalink) will occasionally try and save a cookie.
In IE you specify different security options for "trusted sites" and "restricted sites" and then you list which hosts belong to which of these "zones". All I have to do is list "*.doubleclick.net" as a restricted site and, voila, no more cookies from the doubleclick banners, but I can still get cookies from the site that displays the banner.
Sophisticated, maybe. Stealth? Nope. They're advertised in lots of places. Product placement in TV shows other than the animated Pokemon show.
The "aim it at the young people who watch TV" idea has been around since the beginning of the action figure era. Pokemon cards managed to melt together the action figure, baseball card, and card game marketing ideas. Once they reached something near critical mass, all they needed to do to get a media blitz is announce detection of counterfeit cards.
You want stealth marketing, look at Magic: the Gathering card marketing, before the recent TV commercial blitz. Comic book vendors where given a higher incentive (better pricing? I don't know) based on how many cards they managed to sell. Does anyone else know how MtG cards were marketed, prior to the TV blitz? I certainly don't remember. And, now that they've started ads on TV, I haven't (and won't) buy any more of them.
I've had both targeted ads, and untargeted ads, aimed at me for as long as I've had access to purchasing power.
Potential for abuse? It's already being abused. The company I lease my apartment from, EQR, has a banner ad pointing to a credit reporting agency, on the 'contact the landlord at the following address and phone number' page. Whether they can cross-track between the two sites or not, I don't know.
All I know is that the potential for abuse is relatively high, and that such abuse would be nearly impossible to detect without some sort of tracker trackers to watch the actions of those who track someone. "Who will watch the guards?" only becomes a meaningful question, when we actually have guards in place. In this case, a better question is probably who is watching the IETF (internet engineering task force? members include Cisco, Intel, Lucent, etc.). If the technology to reduce or prevent abuse isn't being designed in now, then perhaps there's a need for a law about it. Perhaps the need to provide some amount of personal privacy should overpower the need to provide protection from abuse. The problem then becomes, who writes the law? EPIC? EFF? IBM? CIA? NSA? average joe congressman? Few members of Congress (or other elected government officials) have as much training in electronics as I do, and I don't know the answer. How can I expect them to come up with a correct law?
This is, and always will be, a tough question. Once truly well-targeted ads start showing up, you won't even notice them.
Heh, and on the law front, most abuses on the net are already prosecutable under current law. The congressmen seem to have forgotten that, and are bent on adding new laws for us to accidentally break.
By the way, this is an advertisement, and I'm trying to get you to buy my ideas. Please vote for me in the next election.
But you lose the war the first time you have to pay a subscription to get access to
/. cost $5 or less per year, AND turned off tracking, AND turned off all banner ads, then I'd be happy to pay that subscription fee. I suspect there's more than a few here that would be willing to do so. The problem with pay-per-view, is in the amount charged, and the difficulty of collecting small sums of money. Some newspaper sites (hopefully now defunct) were charging on the order of 1 to 2 dollars a page. Their content was not worth that much. That's how much they charged for the entire printed newspaper... Face it, most content isn't worth a dollar a page.
slashdot.
You are making an unwarranted assumption here. The amount of money Slashdot is getting from advertisers may be much less than you think.
If
The difficulty in collecting small sums is that banks don't like handling the collection of (for instance) 5 cents from each of 3000 different people.
Sites survived before banner ads, and they'll continue to survive with or without them. They may not be the same, or even running on the same computers, but they will survive. Several sites are out there that have no banner ads, and make no direct revenue for the site operators. They're still there, and show no sign of going away. If the disappearance of advertising increases my costs to access the web, so be it. I'm willing to give up a little of my cash, in order to avoid the time it takes to try to ignore the blinkenlicht banners.
Ads of all sorts annoy me intensely. I would be very happy if all the advertising agencies finally admitted that ads don't work on people like me, and allowed me to avoid them. They haven't, and aren't likely to, because a few of the ads do work. (I do my best to avoid being taken in, but don't always avoid it. When I do respond positively to an ad, I regret it later.) It is much harder to get advertising taken out of a medium than it is to get it inserted.
Oh, to heck with it. I give up.
/. wouldn't be worth the $5 a year it would cost, because it would cost $50 a year to do it without advertising. That's it. I'll stick with print advertising, where the ads don't blink in my face all day while I'm reading.
Slashdot, keep the banner ads if you want. I don't care anymore. There is no use in my complaining about them, because no one will listen. Those who do listen, will decide that there's nothing they can do about it, because they need the revenue, and I've pretty much decided that
The cure for banner ads will probably be worse than the disease, as we start getting targetted infomercials (aka interstitials) between pages. There's nothing I can do about that. I don't work for a company that sells or advertises consumer products. There's no compelling reason for any corporation to listen to me, as I'm only one customer out of many.
I'm sick of Madison Avenue and all the ad agencies trying to figure out how to better make use of my money (by getting me to purchase the products advertised). There's apparently nothing I can do about it, because all these ad agencies are here to stay, and there's no possible way to make money without selling something on the web, even if it's just advertising.
I hope I'm wrong (or just manic-depressive), but there sure seems to be very little, if anything, I can do to stop advertising. Not only that, but I'm not really sure that I want to stop it.
To really confuse things, there's a perl script called "cookiepecker.pl" (no I don't remember where it is found, but www.perl.com/CPAN ought to have it somewhere.)
;-) I encourage all web administrators, owners, and users, to do the same, and stop trying to track me without my consent, or by making it impossible to use the site effectively without consenting to tracking.
This perl script will change a few bits in each cookie, whenever it's run, though it only works on cookies in the cookiefile (session-only cookies won't be affected, and cookies already loaded into netscape probably won't be affected) I think you can tell it not to change certain cookies at all, but don't quote me on that.
Unless the site has implemented ECC (error-correction codes) in their cookies, this will at least confuse the heck out of the servers, and might accidentally give you someone else's tracking number for a while.
I can see the website owners complaining about this now... "How dare you screw up my carefully set cookies? Are you some kind of evil hacker?"
I dare, because you do. I chose long ago to use my powers only for good
Slashdot is one example, in that if you want to be heard, you have to login and accept the cookie.
I understand the need to make money. I just don't understand the need to make more money by tracking every move a customer makes, just because it's possible. Possibility does not imply correctness.
In simpler words, "just because you can do something, doesn't mean you should."
I no longer use Application Service Providers, for just that reason. There's absolutely no guarantee that (if it existed) Microsoft Office for Web wouldn't store a clear copy of anything I might write on it somewhere that MS could search through it for interesting bits. MS:"But we won't search through it for interesting bits" Errr... Yeah, that makes me feel much more secure. And I won't search through Microsoft source code for interesting bits either. That doesn't mean they'll give it to me.
I'm afraid your option #3 would wreck my links page.
--
My other computer is your IIS server.
The other half of protecting your privacy is to lie, lie, LIE! Are you filling out yet another web registration form asking you needlessly intrusive questions about where you live, your email address, your family, or whatever? Make it up. Yes, I think I'll be William Jefferson Clinton today, that's president@whitehouse.gov to you peons, etc...
I figure if they're going to send me junk [e]mail, I'll give them junk data back.
--
My other computer is your IIS server.
How can my real name get linked to these storages? There are exactly two instances where I enter real information into my computer. 1. Corporate email 2. Purchase over a secure connection (although the credit card number I only give out by phone) Correct me if I'm wrong: but no browser can get anything out of my email application. (Outlook, well, you never know...) What about the secure sights which claim to keep data private? There are never any ads or gifs on the order forms; but could that data get an id on me from a cookie and attach it? feeling even more paranoid than usual...
Allow cookies in Netscape. Change the cookies file permissions to read-only. Cookies will live only as long as Netscape/whatever is running, all the shopping carts work fine. When you exit, your cookies will not survive. The next time you get a DoubleClick ad your record is clean and the system gives you a new id since it thinks you are a new user. This will not only prevent them from logging you, it will also make their database explode... problem solved
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.