Slashdot Mirror
Cookies, Ad Banners, and Privacy
When Netscape embraced-and-extended the HTTP spec in 1995, it was really just trying to digitize the shopping cart. Allowing a server to store just a few bits on the client added almost no overhead and it made many applications, such as shopping carts, very convenient.
Maybe it was deliberate; maybe nobody really cared; or maybe it was an engineer's simple distaste for tweaking a spec too much: but they allowed cookies to hang off GIFs as well as HTML, and that changed everything. There were probably ten people in the: world at that point who could have foreseen the explosion in banner ad traffic, yielding a multi-billion-dollar industry in less than five years.
Yes, billion -- the large banner-ad company DoubleClick merged with database firm Abacus Direct last year in a billion-dollar stock swap. How much is a billion dollars worth of advertising revenue on the net? At DoubleClick's current rate, it's about 750 billion banner ads. Think of it as four petabytes of GIFs.
And the vast majority of those GIFs just get ignored. When's the last time you clicked a banner? There aren't any precise figures, but the consensus is that the average click-through rate is dropping. Three percent click-through used to be good. Now a well-targeted ad will be happy to get one or two percent. It's hard work to make money from banners, and getting harder every day.
That's why DoubleClick, and firms like it, need to maximize their efficiency. Their income ends up depending on that click-through rate. The higher they can raise that number, the more they can justify charging their clients. Sending targeted ads becomes critical. And the only way to target you is to learn more about you.
The GIF cookie loophole makes this pretty easy. The first banner ad that your browser requested from a banner-ad company got a user ID cookie sent back with it. And - here's the key - since so many banner GIFs all come from the same company's domain name, your browser sends back the same user ID no matter which website you're viewing the banner on. Your user ID is being tracked all over the web.
In the case of DoubleClick, that's a fair number of sites. They won't talk to you unless you serve a million impressions a month - and their network includes 651 publishers which translates to who-knows how many websites. All told, they deliver a billion ads every two days.
Though the Internet Movie Database can't tell where else you've been on the web today, the company delivering its banners knows. That same company knows if you read National Review, TeenMag, or Dilbert. It knows if you're into professional wrestling or what cruises you were looking at on Travelocity. It even has some of your click history through WebMD.com.
The comforting thing has always been that, while the corporation may be able to follow your footprints around the web, at least they haven't known it's you who's making them. The disconcerting thing is, that's about to change.
Remember that billion-dollar merger between DoubleClick and the database company? This database company doesn't sell software. Abacus Direct uses databases to store names, addresses, and other information about people. In offices across the country, their computers have information on two billion purchases made from 1,100 separate consumer catalogs over the years, "representing virtually all U.S. consumer catalog buying households." Their CEO brags,
"Through the sophisticated use of state-of-the-art technologies and modeling techniques, Abacus' outstanding ability to synthesize vast amounts of data into valuable insights about individual consumer buying behaviors has proven itself to be an important marketing tool for our age."
That's why it's very interesting that DoubleClick's privacy policy changed earlier this month. Its text used to read:
"DoubleClick does not know the name, email address, phone number, or home address of anybody who visits a site in the DoubleClick Network. All users who receive an ad targeted by DoubleClick's technology remain completely anonymous."
That promise is gone without a trace from the new policy. The new policy reads:
"In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address."
Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database.
A little further down is the portent of things to come. There is "one particular Web publisher" in their network which collects a "log-in name and demographic data about users." Which publisher is that? They don't say.
Whoever it is, you may already have given it your name and address, perhaps to register for a contest, or maybe in exchange for reading its free content. Everyone does it; it's a small price to pay. DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website.
And if their programmers do their jobs right, it'll end up being a simple SQL query to join up your user ID, the name you gave the mysterious web publisher, your Abacus demographic data and catalog purchases, and the footprints you've left all over the net for the past two years, into a single big lump of your online/offline data.
To be fair, their privacy policy promises they won't start doing this without, er, changing their privacy policy:
"...should DoubleClick ever match the non-personally-identifiable information collected by DoubleClick with Abacus database information, DoubleClick will revise this Privacy Statement to accurately reflect its modified data collection and data use policies and ensure that you have adequate notice of any changes and a choice to participate."
Aren't you glad that, when DoubleClick revised its privacy statement on October13,1999, you were given adequate notice of how you were being tracked across the internet? (They've sent out 46 press releases so far this year. Informing you about weakening your privacy wasn't one of them.)
Things aren't as bad as they could be. One fortunate thing is that the banner-ad market isn't a monopoly yet. Not even close. Adbility lists over fifty ad networks, of which DoubleClick is just one of the larger ones (probably the largest).
But, when any rapidly expanding market starts to level off, the smaller and less-efficient companies get eaten. Nobody knows when the internet's growth curve will hit that point, but exponential expansion can't continue forever. At some point, the companies that can't send banner ads targeted to your community will get left behind. We'll end up with two, maybe three, meganetworks that deliver a large majority of the world's banner ads.
What can you do about it? To protect your own personal privacy, opt out of DoubleClick's cookies. Of course, this doesn't affect other banner-ad companies, who may or may not even offer this solution once they get as big as DoubleClick. It also doesn't help novice websurfers like your grandmother, who doesn't understand why she should refuse free cookies. More importantly, it can't ever be a real answer - if more than a tiny percentage of their audience ever opted out, DoubleClick would see the competitive advantage of their billion-dollar merger start to erode, and that'd be the end of that option.
What makes more sense is to close the cookie loophole. DoubleClick isn't the real problem; the HTTP spec is the problem. The browsers should change their implementation of cookies so that, by default, foreign sites can't send me cookies along with their GIFs. Why should cookies be allowed onto my hard drive if they aren't attached to the page I'm viewing?
Since DoubleClick's privacy policy claims that cookies "are not essential for us to continue our leadership," they should have no problem supporting this as the default behavior of every major web browser.
The higher they can raise that number, the more they can justify charging their clients. Sending targeted ads becomes critical. And the only way to target you is to learn more about you... well. i think this is not completely true. and there we come to the content sites. if sites vuild up a community you have a specific group. if these site would start to contact companys for banner-place they want to sale and communicate them who their users are (like 15-40 years old tech people...) then you have already a pretty good chance as advertiser to target the people you want. But as long as sites leave it to a company like double-click this will not change. because they want to sell as many ads as possible in the first place... _mrph
Hey,
Cookies really aren't so bad. All this privacy crap is starting to piss me off. What the heck are you afraid of? That someone figures out you surf porn pages? Or that someone figures out a way to actually show you banners of stuff that you like?? Where is your damn problem with getting TARGETED ads? They can't kill you or anything, they can just make your life easier if they show you stuff in your interest!
Also, non-text attached cookies serve a higher purpose than to target the banner ads. They provide the one and only way for Application Service Providers to accurately figure out if you have been at the given website before or not. This is needed for simple statistical purposes to give the user of a website good and informative statistics!
On top of all this, closing your silly 'gif-loophole' doesn't help you a bit. Doubleclick serves many banners through full HTML and not just GIFs.
Regarding those people that posted about Junkbuster... Banners are junk huh? What do you want, to kill all your favorite websites? To kill the whole web as it exists right now? There simply is almost no other way to make money on the Internet for a freesite than BANNER ADS. Live with it! If you do not want the damn Banner Ads, you should not go to the damn site.
All in all, why don't all of you that complain so much about how well the Internet developed because of simple things as Cookies and Banner Ads go and leave this freaking net alone and get on Internet 2 and have fun there? It'll take a while till this one gets commercial. OR heck, why don't you all just go and stop using the World Wide Web? It doesn't seem to be what you want.
Fabian Thylmann
fthylmann-spam@spam-stats.net
see http://www.junkbusters.com/ Basically, those folks give out an http proxy which selectively blocks cookie traffic. This way, you can have Rob's cookies for ./, and refuse doubleclick.net's. Also, you can prevent some domains (such as doubleclick.net) from sending you any bit of "information". In some countries (Europe, mainly), there's still no such thing as flat-fee phone access, and ADSL&Cable is slow to deploy once you're not in the main cities (how can you believe the same telco [France Télécom] can charge $70 for ADSL and $1/hour (best price, evenings and week-ends, usually $2) for V90 access ! So, wasting bandwith for ads is, er, a waste. I wouldn't mind getting ads if the ad companies reimbursed me for the uselessy spent bandwith (+ various "administrative" charges I'd set at 500% of the bandwith cost)
I think you missed the point here - it has nothing to do with whether you mind banner ads or not, the point is that somebody can track your web usage and potentially attach a name to it one day. If you visit a site of dubious nature then one day 5 years down the road somebody could theoretically blackmail you about this (if you were famous for example.)
If you choose to opt out, the userid in your cookie gets changed to OPT_OUT
Why not change it yourself, make the number slightly different?!! Get someone else's ID connected to all your porn-surfing! Prize for the
first person to get a whitehouse.gov DoubleClick ID!!!
While we're on this topic, how likely is it that you could crash a remote server by putting unexpected values in your cookies, hehe ??
Bah.
Very Lazy Coward.
Doubleclick send banner based on your IP. At the university, my computer has a static IP address and when I visit dilbert.com, they send me local based companies' banner. For example, I get banners written in french while viewing an english site. I get stuff like local tv station or banks...
Sure, you can break anyone's privacy by expending sufficient resources. However, there are not sufficient resources to break everyone's privacy in that way, so the damage is limited. Cookie-tracking and other such technologies allow everyone's privacy to be broken without much expenditure. Whole different animal.
The assumption that this has something to do with GIFS vs .HTML files is incorrect. Doubleclick ads could always be put in a frame, and render with a full HTML file. What's more, it is fairly illogical to restrict what HTTP headers can be sent based on the Content-type. What's needed is better browser rules for cookies, not abolishing attaching them to GIFs - that's just a red herring. It would take ad companies two days to adapt around that - the way I mentioned is probably only one of many ways in which they could.
I wonder though. We're in an evolutionary arms race. Ads from when I grew up many moons ago were almost childishly manipulative; they wouldn't work on today's generation of media saturated and savvy young people. Pretty much its all just so much white noise. The advertisers have got some mileage out of "hip" and "self-referential" ads, but that kind of thing can't work forever.
The original banner ad idea was to become more like pink noise -- a little harder to screen out mentally. This really is a tiny innovation, and not very sustainable as clickthrough drops to zero. Where you really have to look out is when the other species really mutates in a major way. Things like product placement in the movies, or other subtle things that are meant to affect us in a subconscious way. When did you ever see an advertisement for beanie babies? The entire value of Pokemon cards is entirely fabricated through sophisticated and stealthy marketing techniques.
The real serious evolutionary development here is the use of stealthy methods to perform highly targeted, and perhaps very subtle manipulation. Now the marketers will say that its in your best interest, and after a fashion, I agree it is not the worst of all possible scenarios. The worst scenario would be to get huge numbers of intrusive and badly targeted pitches. But it is disingenuous to say that they're doing this out our best interest. In the end, as people become yet more sophisticated, I don't know if the advertisers and marketers will be able to survive just on targeting pitches better.
Inevitably the text content and even design of web sites is going to be secretively customized to better influence my behavior. This is kind of like direct mail, which tries in a quaint way to look like it is personal communication for me. But this is much more dangerous because it will very plausibly purport to be something I asked for, but actually be a kind of Trojan horse to advance _somebody_else's_ agenda.
The bottom line is that this is a struggle for control over information. The advertisers would like us to be passive recipients of information, mentally active only to the degree necessary to respond to the buy impulse they are trying to generate. I, on the other hand, would like the marketing people to be my data lackeys, returning just the information I want, when I want it, neither more nor less, and have the technical means of thwarting their current attempts to track me in this new medium.
Anyone who has successfully (and completely) escaped advertising please tell me how. You'd never be able to watch TV again, net use would be extremely restricted, and you'd probably need to cut off all contact with the outside world and go live in the woods.
I view demographics and targeted marketing as a necessary evil. I only need to look at television to see why.
Television is an almost completely untargeted market. Yeah, they can advertise toys during the cartoons and 900 numbers during the 2am episodes of Star Trek, but in general they have no way of targeting adds any better than that. Because they still need to make money on the poor hit rates of untargeted adds, TV devotes roughly half of the time real estate to advertising. 50 percent of what I watch. That's way too much.
I see the much more acceptable alternative of direct, targeted marketing to be much more acceptable. If companies know who I am and what my interests are (motherboards, radio controlled airplanes, cooking) they can advertise just the things I'm interested in.
This has incredible benefits to me as well as them. Since I'm actually interested in the products they're selling, they get a much better hit rate. That means they make more profits per ad. More profits per add means they don't need as much real estate. Suddenly they're taking only 5 percent of my desktop instead of the 50 percent they take on TV.
I don't have to get annoyed by adds that I don't care about, either. That alone seems enough to me to justify supporting direct marketing. Think of it. *No*more*feminine*hygine*adds!* Everything I see advertised at me is something I have a vested interest in.
Yes, I agree that no advertising is the preferable alternative, but I don't see that happening anytime this lifetime. Since I have to live with advertising, I'd much rather be shown stuff I care about and might buy than waste my time on random junk.
Or even better, delete the cookie.txt file and replace it by a cookie.txt read-only folder and tell netscape to accept cookies... That way they won't get stored on your drive, but no site will refuse you :)
--
Always listen to experts, they'll tell you what can't be done and why... Then do it.
may I recommend a product called IE or NS clean...it runs in the background and refuses or deletes cookies either immediatly or in a very short time..it can also edit cookie string to return 'JUNK' data...Let doubleclick's DB fill up with erroneus info..that will help them make a buck :)
Privacy - your basic human right, no matter who says it otherwise - seems to have an even worse threat by companies like @Home.
During an update I was asked to blindly follow their instructions and connect to their proxy server.
Their tech-support guy did not understand why I was refusing to do so and told me that "that was the only way to use @Home after the upgrade".
His supervisor quickly corrected this statement, with a warning "in this case your service will not be optimally fast".
I told him about my privacy concerns if all my requests go thru their proxy server and the full list of my Internet access can end up in their log files. Since @Home knows my subscriber information, they can very easily create a very specific, personal profile.
After acknowledging that "technically it is possible to do that", he said, "I promise you that we don't do that..."
I said I'd prefer a legally binding statement, as part of my contract with @Home that it would never happen, and they would be legally accountable id if still ever happened.
He could not help me to find this or any similar commitment from the company, just like the receptionist and several other people next day, when I called the office and asked for someone who is in charge of costumer privacy issues.
They appearantly could not find anyone who'd fit this description and they repeatedly switched me over to network engineers.
Last time when I looked up @Home's web site, they still did not have any relevant statement regarding privacy issues and proxy connection. In the meantime they've switched over most of their customers, who had never been informed about the privacy consequencies of the "technical upgrade".
Fixing the cookie handling browser standard is one thing - but there is a stong need to a proper legislation that would make it illegal to ISP's, Internet ad companies, etc. to create personal (not statistical) profile of citizens, using the Internet.
Companies, that pretend not to understand how their practice is offending their customers basic human rights are very well aware of what is at stake.
My repeated email offer that I'd connect to their proxy server (to save them money by allowing them to keep my traffic withing their own network) as soon as I can get their CEO's access log files in return for mine - has not been answered.
Just like my question: if you don't want to share yours with me, why do you think I should share mine with you?
The biggest problem I have with modern society is this amazing notion that, as an gestalt entity, it seems to have that my desire to own a product is not the result of my own thought processes. It's not that I don't want a subscription to a web-based pornography emailer, it's simply that it hasn't been advertised enough at me. If they could just, just, just tell me about it, just a few more times, I'll suddenly want the damn thing.
I don't want a Ford Escort, no matter how often you tell me it's stylish, I don't believe that Lotus makes "super.human.software" no matter how often I'm told. A deceit is a deceit however often it's repeated.
Banner adverts and targetted marketing are perfect examples of this. The reason I don't click through SlashDot's banner adverts for CodeWarrior is that I don't want the blasted thing. It doesn't matter how often you deliver the image to me, I still don't want the thing.
How long is it going to take before people stop making things people don't want and trying to convince them that they do ever more streneously...
Will we still have a culture left by then? Or will we end up, tired of advertising, and left wondering what we had to fill the world before it?
Or are we already there?
When was the last time salesman spoke truth to customer? Does anyone remember?
I am a person. I will decide if I want your product. The frequency of you telling me about it is not a factor. Learn.
[sillywiz]
*yawn* As I am not a US citizen this doesn't worry me too much right now.
Ha! I think we already look like the same user...
My Freakin Blog
So *that's* why I had to pay so much....
The Data Protection Act does entitle us to ask what data companies hold on us. If you stamp your foot (very hard) it is possible to get them...but they can charge a "reasonable" fee for providing the service to cover their costs.
Like you say this doesn't work outside the UK. Sigh.
Of course Safeway or Tesco hold far more data on the average UK citizen than doubleclick has about any individual......
As numerous posters have pointed out, it is quite possible to screen the cookies on your system. However...
It is too difficult for the average web user to use any of the schemes proposed. The browser ought to be able to cleanup cookies, allow them from 'friendly' sites only, etc, etc out of the box.
How can we achieve this? Wander over to http://www.mozilla.org/ and learn a bit about XUL. Code up the dialogs that are required and try submitting them...
I'm uinsg netscape 4.5-98286 on solaris, and there is an option to only accept cookies from the same site. You bet I've got that on. I thought there was an option to do the same with images, but I can't find it. (Might be in 4.6 or something)
Not that this really matters, the only sites I use crashscape for are the ones that I can't view with lynx.
Whether all this boils down to a privacy intrusion or not is an open question. However, I find the cookies themselves irrelevant in this matter. Cookies are merely a convenience and a nice concept to the information provider, but they don't add any significant functionality to the data exchange process.
Even if you disable everything that deals with cookies, you are still stuck with the ultimate cookie--the URL. Before cookies, some servers encoded the same kind of personalization data in long URLs. For all I know, this technique may still be in popular use. You type in a short URL found in a magazine, and the server immediately redirects you to a personalized URL, full of cryptic parameters, or simply containing a user ID. Disable URL redirection as well, and what do you have left?
The cookies simply provide a cleaner way to implement this, without burdening the URL with massive amounts of data. Besides avoiding URL buffer overflow, the cookies are supposed to be less visible to the user. However, they add no new functionality for tracking user habits. If you are worried about your privacy, you should be more concerned about what information sits in somebody else's database, than about what is stored on your own hard drive.
The essence of this news item, though, seems to be Doubleclick's omnipresence, doing away with the argument that all those different sites you visit won't be able to match their logs in order to find out anything important about you (they simply won't have to). I haven't studied Doubleclick's policy. Does it say anything about whether Doubleclick will comply with requests from law enforcement authorities to find out who seem to be frequent visitors to warez sites displaying Doubleclick banners? Is that something to be concerned about in the first place?
Or consider trading this kind of information - wouldn't you be interested in the fact that your neighbour clicks both Alcoholic Anonymous and Ballantines thrice a day?
The bottom line is that this kind of information is and should be private. In many countries there are privacy protection laws already, but as always the internet makes national laws rather useless ("we are not collecting any information, our ad-serving Bermuda subsidiary is").
Stephan
chmod ugo+w ~/.netscape/cookies
netscape &
[Log into Slashdot, exit Netscape]
chmod ugo-w ~/.netscape/cookies
netscape &
[Surf all the world with short-lived cookies only]
Stephan
*grin*
Stephan
With a sufficiently finegrained filter, you can accept banner ads on selected pages while refusing them from elsewhere. Check out the referer: field.
(Myself, I refuse Doubleclick and all of the other big ones period, even from sites that I like.)
"Hot lesbian witches! It's fucking genius!"
Option 3 would not be acceptable, as more and more high volume sites distribute their content. Images often come from a different machine than the page itself. Slashdot does it.
"Hot lesbian witches! It's fucking genius!"
Hell, I leave my browser up for such extended lengths of time, I sometimes forget the passwords to password-protected webspaces. I just kinda forget that I'm in there 'cuz Netscape remembers 'em all. Then, when I occasionally boot into Gamedows'98 to play Jagged Alliance II and come back to get some work done, I gotta re-enter all those passwords which were... uh... what again? Where'd by clipboard go with those little notes? *scrounge scrounge shuffle*
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
Good basic idea, but might break some stuff you were actually interested in seeing. =/
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
When I think of cookies in images, I think of such tools as WebSideStory, a handy little service useful for learning all manner of interesting information about traffic coming to your website. Cookies are used in a variety of ways, such as measuring return visitors, keeping track of other pages visited on that site, and so on. It may be possible to perform analyses like that with IMG SRCing, given direct access to the logs, but the IMG SRC cookie behaviour makes it very simple and elegant to produce these sorts of services as third-party tools that you simply add in to your site.
Of course, things have changed since WSS started up, and now they provide this enormous, poorly formatted wad of javascript to produce the same result as that original image once did. The offshoot of that is a good demonstration that even if IMG SRC cookies were disabled, banner ad'rs would still have avenues to accumulate the same information... so killing IMG SRC cookies to kill banner ads (or thier data gathering) would be moot, aside from pissing off a bunch of people who depend on that behaviour.
I agree to the idea that collecting excessive information on personal habits is disconcerting and regulation would be nice. Unfortunately, enforcing such a law would be nigh impossible. As some famous type person once said: "You can't legislate morality."
Of course, just because it's impossible to ensure complete privacy doesn't mean you shouldn't make it as hard as possible for the Bad Guys® to scoop up as much information about you as possible. I suppose I've just become jaded from my past experiences, and perhaps a bit lazy because there's very little I do in my life that I couldn't comfortably discuss among friends.
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
What never ceases to amaze me is the plethora of comparitively minor things (like cookies helping companies know if you like pr0n) that'll get people's panties in a bunch, compared to some of the Really Big Issues... Echelon, for example. Yes, you might point to slashdot and similar hackerish resources as people being aware and trying to take action... but ask Mr. Puter Everyman what Echelon is and you'll get a blank stare, ask him about cookies and privacy and you'll hear a stream of media induced rhetoric about how it'll bring a rain of firey destruction down on our heads. There are, of course, even greater threats to our personal privacy and security than Echelon or Cookies, but I can't think of any this early in the A.M. ;)
Coincidentally, there are a great many people out there who think they can be 100% secure, 100% anonymous. Some hold that concept as a basic life foundation stone right up to the point where that illusion is irrevocably shattered (having been BnEd, Hacked, mugged, defrauded, stalked, surveiled et al). Security professionals of all stripes make big bucks off those shattered illusions.
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
The truly paranoid can indeed adopt a underground lifestyle to obscure his/her existance in order to avoid detection or the perceived negative aspects of whatever is being hidden from. The downside of course is that living an underground lifestyle is extremely restrictive and generally a lot less fun and carefree than the lifestyle being lived by the oblivious (or willfully ignorant) corporate tools.
Considering that I've designed stuff that uses IMG SRC cookies, and make use of other stuff that does, I think I'll let myself be a corporate tool for a little while longer. ;)
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
Paranoid direct-marketing reasons shouldn't be used as a reason to break perfectly acceptable behaviour in a browser (especially a behaviour that has generated a multi-billion dollar industry!)... yes, there are people collecting information about you in order to more efficiently sell you things. There's people collecting information about your power consumption, long distance usage and a host of other things too, not to mention the government going through your spending habits for whatever purposes they have (probably tax related ;).
Having done my time in surveillance/counter-surveillance circles, I can honestly say that what most people consider as privacy is the most widely-hyped and catered-to fictional ideal of all time. Anyone can find out anything about anyone else, so long as they have the time, money and talent to do it. What most people consider as privacy would best be described as obscurity... lost in a sea of other dull, obscure people leading a life too dull to be of any concern to anyone (except perhaps ad banner people and spammers ;).
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
Example: you visit an AIDS awareness web site, then hop over to Amazon.com and buy a book about living with HIV. You do this because your kid sister has a friend who is HIV positive and wants to know more about it and asked you to do her a favour.
Years later, you put in an application for life assurance to cover your endowment mortgage ... and the life assurance company turns you down. Seems their data mining brought up a warning flag: "buys material about living with AIDS, visits AIDS awareness websites". Ergo, their expert system deduces that you may have HIV (a very bad life insurance risk!).
Admittedly, this sort of abuse shouldn't be possible if proper privacy laws are in place. But in the USA, there are no effective consumer privacy laws (hence the current fracas with the EU, which is bringing in reasonable ones). Nothing stops your insurance company from buying the DoubleClick net's database to check against health risks; it's not information subject to medical confidentiality, is it?
This is a relatively mild example of how data mining can go wrong. Much, much worse things can happen to you -- comp.risks is full of examples of people being arrested and dragged off to prison because they share the same name and birthday as a wanted felon, or similar cases of public officials putting their trust blindly in a database that has had information indiscriminately shovelled into it.
If we bring political or governmental issues into it, it gets even worse -- imagine, for example, if your local police force starts looking for people who have looked at web sites with details of how to pick locks and who are not registered locksmiths. Sound outrageous? Of course it is -- until it happens.
Privacy is a fundamental human right; and one that is barely protected by law here in the EU, and utterly inadequately protected in the US.
And they have a right to make a proffit. Many companies, INCLUDING SLASHDOT (andover) use banner ads to make ends meet. To pay for their lines and employees. If they didnt, how do YOU think you would read slashdot? Answer, you would have to pay for it.
Banner ad companies, as has been so rightly stated, are in a tough business. Clickthrough rates are falling (I am seeing 2.3% on my sites I serve, as I use cookies and other information to target the best banners I can) and they need to be able to appeal to the people paying the bills. If they dont, people wont be paying the bills for too much longer, and you will have to pay for your slashdot, or your CNN.com or your altavista. Yes there are alternatives, like google which I believe is academicly funded, but we NEED corporations to provide these huge bandwidth pipes we now have and the slew of services we now have. Academia and the government will NO LONGER PROVIDE THIS.
Personally, my company guarentees your private information will not be passed on. However we gather AS MUCH information as possible to target banner ads that are more appropriate. And I ask you, WHY IS THIS BAD? You will see a banner ad whether our database has information on you or not, its just more likely that if we have some information about your preferences, you will see one you might be interested in. Is it such a crime to try and make a fair profit and to stay in business? If banner ads dont survive, 95% of the net will become pay per view. Do you REALLY want that?
Dont get me wrong, I DO NOT APPROVE of selling on information about clients. My company specifically guarentees we will not do this. But making a profit is the right of anyone. By fighting the banner ad companies, you win a short-term battle, the right to have your screens free of advertising. But you lose the war the first time you have to pay a subscription to get access to slashdot.
I have to say, although I dislike privacy invasion as much as the next person, I fail to see the problem as a big one in this case.
/., or to work out what someone likes to buy. Hey, it's optional.
Cookies are a simple incentive. Turn them off, no tracking, and no personalisation. Turn them on, and you pay for you personalisation with tracking. Cookies simply allow tracking, how you use that tracking is up to you - either to customise a page, like
I realise most people don't know it's happening and don't know how to turn it off, but that's missing the point again.
Let's suppose there's a case of real abuse of the data gleaned through this, and that case comes to light. Newspapers everywhere will be able to publish info on how to turn cookies off, it will be well publicised, and brought to a stop. Already there are browsers like the KDE Konqueror that let you exclude certain sites from storing cookies, while allowing the rest to pass. It's a flexible technology that can grow around blatant abuse.
There are many invasions of privacy, from CCTV to office drug tests that are far more insidious than this.
Sure, it's cheap and tacky and insulting an annoying, but it's not the end of the world.
-----
"Accept the cookie, but don't click the banner. They won't be getting any useful info from you."
Untrue, sadly. The gif is served from doubleclick, and your cookie is sent out with the GET request, so they will already know that you are looking at the site.
But I agree, this isn't the end of the world.
-----
This is pretty silly if you ask me. Disabling the ability to get cookies via image requests would break a great deal of existing sites that use cookies. There *are* legitimate reasons why you'd want to set a cookie when the browser requests an image.
And it isn't just images. Any HTTP query has the opportunity to set a cookie. It's part of the *HTTP* spec which has nothing at all to do with the contents of the query itself. The "Content-type:" header (values such as "text/html" and "image/gif") is an HTTP header, just like "Cookie:". There are valid uses for cookies in HTTP requests that don't ultimately serve up HTML pages.
I think this might have been done on Slashdot more for performance reasons (no DNS lookup0 than for preventing people from changing the IP association...
(1) I disagree. They've made posting on Slashdot a breeze, purchasing things from Amazon a "One-Click" (tm) process and generally have made my browsing experience quite nice.
(2) Have fun.
(3) I will. I do. I doubt they've really noticed your refuals to shop with them, personally.
(4) Neither am I. Probably more-so.
They can't. Everyone suggesting this is especially paranoid today. A company would have to explicitely volunteer this data to the companies doing the tracking.
Besides, even if they did, what in the way of marketing information would the banner ad companies get out of it? How would having your name help them target banner ads more effectively? I don't get it..
No offense, but you obviously have no concept of how the Internet works. It's not possible to determine anything REMOTELY geographical (except perhaps "on our continent" and "on another continent") by examining network "distance" (packet times).
I can't explain why you saw what you saw (I don't even know what port 8 is for, if anything), but I can tell you for certain that it has nothing to do with them trying to track down your geographic location.
And don't tell me this is unrealistic, I had to deal with exactly this scenario for a job.
Umm, I wasn't going to. In fact, I was going to say, "Good point."
May I ask what company does this?
- This would break a bunch of sites.
- This would break a bunch of sites.
- This would break a bunch of sites.
- If implemented, you'd either have to use this button pretty frequently (esp. since a lot of page failures might not be obviously attributable to this setting) or just give up and leave it turned off.
Just implement an "intelligent" cookie management system. Instead of just having options for enable/disable/prompt, have your "prompt" option have a checkbox that says "Don't ask me about cookies from this site again." Your accept/decline preference would be stored. That way you can decline cookies from Doubleclick and accept cookies from Slashdot without getting pelted with prompts for *every* cookie..Just as importantly, no server can read another server's data, each site reads only its own cookies
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Your correction isn't entirely accurate. (Or maybe it is, but it sounds like you're saying something slightly different)
To illustrate the difference between these two cookie settings in Netscape, you need to be aware that in a cookie, the creator can specify things like an expiration date, a relative URI path to which the cookie will apply, and a "domain" setting which determines which hostnames the cookie will be sent to. The domain can never be more generalized than a 2nd-level domain in the case of the generic TLD's (I can't set the domain to '.org' but I can set it to 'slashdot.org' or 'subdomain.example.com'). Naturally, the originating site must lie within this domain.
This allows you to set a cookie from, say, www3.example.com using a domain of 'example.com' and have the cookie be sent back to www2.example.com, which is a very good thing. If you don't specify a domain, or use the Netscape cookie option you recommend, cookies will only be sent back to www3 and never www2 (which has to create a new cookie), which will likely break example.com's web site's use of cookies.
This setting has nothing to do with JavaScript. I remember vaguely some talk several months (years?) back about a vulnerability in Netscape's JavaScript that allowed a malicious coder to retrieve cookies as you suggest, but I believe that was fixed a long time ago.
P.S. What web site's scripts actually put your username and password in the URL string? That sounds incredibly stupid to me, for precisely the reasons you indicate. Any high school web-head knows better than this. Sounds like you need to write a letter.
As much as I love photo.net, this is another example of paranoia feeding paranoia.
There is no evidence anywhere that any company has ever started merging databases containing user information with a database containing browsing habits. In order for this to work, the people obtaining the information (the site you're giving this information to) would have to KNOWINGLY provide your contact information to the sites doing the tracking in such a way that they could associate your information with the "browser-ID" they have on file (difficult).
If you're giving them your information, chances are you're buying something from them, which means they have a *LOT* to lose if knowledge of this behavior ever got out. Do you have any idea what kind of PR mess this would cause? Legal issues? It's not good business sense. For this reason, unless you're doing business with an irreputable company, you can usually put some stock in their online privacy statements (which I tend to read before giving them my personal information, don't you?).
Further, WHY WOULD THIS BE OF ANY VALUE? All marketing companies care about is marketing their products. ALL they want to know is a person's shopping habits. Information such as your name, address, phone number, etc. is MEANINGLESS to them. It does not help them dole out banner ads, so it's useless information. Why would they spend so much money and time merging these databases when the gain is nil? Companies don't tend to do things unless there's a potential for profit (in public image or hard cash). I don't see the line to profit here.
It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex.
WHY in God's name would FedEx do this? Why in the world would a marketing company CARE about this information? How does this allow them to more effectively target their banner ads at you?
I don't get it..
The 'domain' property of a cookie was actually well thought-out and designed so that what you describe couldn't normally happen. The domain setting must be at a minimum a 2nd-level domain (i.e. must contain a nested dot; e.g. ".co.uk" *would* be valid under this rule, while ".org" would not). IN ADDITION, the domain must not be *below* the hostname sending the cookie (i.e. the remainder of the hostname must not contain nested dots).
Valid hostnames and cookie domains:
- www.example.com
.example.com - www.sub.example.com
.sub.example.com - www.example.co.uk
.example.co.uk
Invalid:- www.example.com
.com - www.sub.example.com
.example.com - www.example.co.uk
.co.uk
Section 7 of the spec outlines quite a few privacy issues known at the time and methods browsers can work around them. User agents themselves are perfectly free to set additional constraints.From the Netscape help text on this feature:
I thought it was for something else, so yes, this is an excellent way to eliminate any potential privacy issues with 3rd party cookies.I get ads about the eastern seaboard too. And the western.
If I were a marketing company like DoubleClick, and I wanted to try and target some banner ads by relatively specific geographic regions, I would probably try and find out which ISP's are in that region and serve up my banner ads based on what *hostname* (or domain) the browser was coming from. This is the only way you can get geographic data (if at all) from an Internet host.
It's not possible to find a person's geographic location by observing the delays in Internet packets. If you don't believe me, call up your local university's computer science department, or your ISP, or *somebody* that has even half a clue about how IP networks work and ask them.
colour me ignorant, but what is the Poll Tax? I'm not from that side of the pond...
This sort of thing is made much harder due to the Data Protection Act (easy to find - do a search). I'm still not sure why US citizens haven't asked for a similar law - I guess it might be because the citizens don't decide the laws there any more - the lobyists do.
Matt. Want XML + Apache + Stylesheets? Get AxKit.
ANY demographic information that can be gathered about a user is worth money.
Abacus can do all sorts of things, such as sell the data other companies. I know, I used to work for Experian, which has records on 95% of American households.
This information is prized by direct mail marketers. Database marketing tries to intelligently send you "junk" mail - it's not called junk mail if you respond! By targetting people, they actually increase response rates which increases their profits. Database marketers, or list compilers, get their information from all sorts of suprising sources. This is just another obvious one.
They just have to link an anonymous web user to a real-world profile. How might they do this? DoubleClick will no doubt try and get contracts with web-sites that do collect real-world demographic information (online travel agent???). Perhaps a redirect from that web-site to theirs would be all it takes.
..."sabotage of data on your own hard drive, placed there without your permission "...
I disagree. By not disabling cookies in your browser settings, you implicitly agree to their use. Really, the browser installation should verify this as ignorant users - obviously unlike you who knows about cookies - will not be aware of what's going on. Although legally, ignorance is no excuse.
"DoubleClick believes all users should have a positive Web experience.
Because of this belief, we allow advertisers to control the frequency (the number of times) a Web user sees an ad banner. We believe that frequency control makes advertising on the Web less intrusive by insuring that users are not bombarded with repeat ad messages. Opting-out removes our ability to control frequency of exposure to individual users."
Positive web-experience my arse! They just want to get as many different types of ad on our screens as possible!
having never bought a single thing through buy.com, I am personally not affected by this, but it strikes me that it would be similar to a tv station preventing you from changing the channel during an infomercial. Just dumb.
I changed my NT hosts file to block DoubleClick half an hour ago. It's already blocked a few ads from Yahoo! Mail. Time will tell what else it affects. It might make a good /. report.- --------------
----------------------------------------
my blog: good times, man, good times
NT has a HOSTS file in %systemroot\system32\drivers\etc\- -------
It's in the same format as the UNIX ones, so you just have to point the banner servers at 127.0.0.1 to block them. Yay!
-----------------------------------------------
my blog: good times, man, good times
I trust Rob. I repeat: Sooner or later, everyone must trust someone. Otherwise, you end up living in a fortress of your own making, with no friends. As with affairs of the heart, so with computers: You must make yourself vulnerable to reach true intimacy.
Beer recipe: free! #Source
Cold pints: $2 #Product
In this article, it's said:
Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database
This is an incredible assumption that is made to clarify the point, an assumption which is most likely overlooked by most people reading this. To be able to function as an article, one must assume that Doubleclick already has your name and e-mail address and I honestly fail to see how unless they're gathering it through corporate partnerships (most companies have policies about distributing the information gathered on web forms). Just clicking through on links can't give this information to Doubleclick since it's not a form query and I don't know if I've ever seen an ad that directs to a web page that enables them to track the user ID of the person who clicked through to get to it. If this was the case, then more people than just Doubleclick are using your 'user ID'.
YRO continually impresses me with their targeted propaganda. Phrases like 'user ID' make it seem like Doubleclick's identifiers are personal in some way when they're really just fancy tracking numbers. And to fault Doubleclick for it's partnership with Abacus Direct is to fault the town butcher for working with the town guy-who-packages-meat. It only makes sense for the two companies to get together. One may not have a very high opinion of direct marketing (I certainly don't), but companies working with Abacus Direct do far, far worse than Doubleclick when it comes to tracking down what you're buying.
I'm sick of paranoia in my news. Slashdot used to be 'News for nerds' and now, at least with YRO, it's becoming a soapbox for privacy champions. Let the soapboxes remain in the commenting section and quit making faulty assumptions to sell your story to me.
You can configure cookies on a per-site basis.
I think I let slashdot, amazon, and maybe
borders cookies through, and no others...
For every problem, there is at least one solution that is simple, neat, and wrong.
I don't care about tracking. I visit websites
with smut on them sometimes. It's not a secret.
A lot of people do it. But advertisements drive
me nuts. Targeted ads, untargeted ads, I don't
want to see them. It's my computer, and I'm
quite happy that filtering proxies give me control
over what I see. I'm not out to kill websites,
I'm not out to save them. I'm going to use them,
and I'll contribute back to the Internet as I see
fit. It's not a productive use of my time or
computer resources or screen space to stick
animated banners all over websites I visit. It
makes my browser burn more cycles, and I never
visit them anyhow. I might as well not see them,
and I don't. As to there being no other way
to make money on the internet, get this:
I DON'T CARE. I really don't. You live with it.
Commercialization is killing usenet, and I'd be
very happy to see less money being tossed around
on the net, especially if it meant fewer banner
ads.
:P
For every problem, there is at least one solution that is simple, neat, and wrong.
You're almost constantly divulging information to a third party in real life. Let me try and explain. Suppose you use a credit card, this is a bank backed service. You released some personal information for this privledge, quite understandibly. Each time you use this line of credit the transactions can build up a profile of your buying habits.
Suppose you don't use credit though. A profile is still built up. Consider bathroom tissue at your local grocery store. The grocery store sells a certain amount of single-ply and a certain amount of two-ply. The sell through on the two-ply is probably a lot quicker than the sell through on single-ply. This information is then fed back to the manufacturer (through the distributor) which tells them to make less single-ply tissue. They also make two-ply quilted tissue however. The sell through on this is less than plain two-ply tissue but the manufacturer knows that the profit margin is a lot higher. As a result two actions are initiated: They pay for more eye level shelf space at the grocery store to display two-ply quilted tissue and they launch an advertising campaign.
Cookies is a potentially more directed advertising research but there is still a layer of anonimity between you and the entity being tracked. They can only correlate the click through characteristics with some cookie stored in your browser, they can't correlate it with an individual person (which can be done with a credit card or grocery store discount card). Actually, it can only be resolved on a per cookie per machine basis and there is no way to tie together the accounts you have on various machines (home account, work account, school account etc)
I'm willing to give up this bit of data (though I've probably only clicked through 4 whole banner adds in my life) if it means that a site like slashdot can exist. I consider it a necessary evil and a pretty benign evil at that. If I had to pay for slashdot via donations or fees I would have to decide based on the same criteria I donate to public television and you could probably expect the same level of support: 1/10 people who watch public TV ever make a donation.
Actually, those were facts. I don't see how your posting is even relevant to the original article which started this thread. The article was referring to banner adds and the use of cookies to collect statistics, not sites like the New York Times where you are required to divulge personal information in order to read their stories.
As an aside the New York Times has every right to ask this information, you have every right to refuse or falsify it. You've got every right to go elsewhere for news as well. I'd much prefer being educated on the impacts of the internet on personal privacy than having a privacy gestapo like you seem to prefer regulating what can and can not be done.
As for the New York Times being the only news site which collects information on its users you are pretty close to 100% inaccurate. ABC News, CNN, CBS news and NBC News all make use of banner adds. The issue the article was dealing with. I can't connect to the BBC News and it looks like it may be the one news site that doesn't use banner adds.
Whether or not the Dreamcast was actually connected to the internet or not was not the issue. It turns out that it isn't. The issue was that the owner of an allegedly popular Dreamcast news site felt it was his perogative to run nmap against his users which indicated just how much privacy you really have.
You stated, and I quote: "Why should they be allowed to make extra revenue off us when every other news site in the world doesn't?" referring to the New York Times. I didn't refute that the New York Times made people fill out personal information (in fact I reinforced this notion by stating it was possible to lie about the information) nor did I insist that the mentioned sites required you to provide personal information. What I refuted was your stance that the other sites don't make money off of us. As I illustrated by the use of banner ads on the other sites, this is plainly untrue.
In simpler words: You were wrong.
I applaud that privacy advocates try to educate people on privacy concerns. What I don't believe in is sensationalism. There needs to be some indication that while this is new to the internet its business as usual in many other forms of commerce. Don't fuel the luddites or conspiracy theorists.
If you want real anonimity then:
...
discard all your ISP accounts
shred your credit cards
always pay cash (not even cheques)
avoid a drivers license
avoid owning a home or conventional renting
don't register to vote
don't file taxes
Even surfing anonymously on slashdot is betting your privacy on the scruples of Rob and co. Check out the article (just over a month ago) about maybe being able to telnet into a Dreamcast. sTp81 runs nmap on systems that use his Dreamcast coverage site. That to me is a pretty blatant invasion of privacy.
Every time you use credit some information is being collected about you, not as a class of users but individually, its called your credit report.
Just about everything you do can be used to track you or track down information about you (do you rent in an upscale community or do you have the upper unit in somebodies home?) and this has been true for a long time. Privacy has been dead about as long as commerce has existed.
New technologies may mean new ways to track (such as banner adds) but the concept isn't new. It's also the price each of us has to pay due to our expectaction on getting most services, such as slashdot, for free. Somebody has to foot the bill and unless CmdrTaco, Hemos and Nate have a rich uncle its going to be us through banner ads.
192.168.255.5 ad.doubleclick.net
Of course, if they disallow the opt-out, I'm still out, and I like that.
As a matter of fact, yes I want the old Internet back, but alas this is how it goes.
-- Solaris Central - http://w
Here's a simple cshell script I wrote to keep my cookie file clean. Just throw it in cron.
/tmp/cookies.`date +%y%.%m%.%d`
;) /tmp/cookies.new /tmp/cookies.new /tmp/cookies.new
/tmp/cookies.new ~/.netscape/cookies
/tmp/cookies.`date +%y%.%m%.%d` `find ~/.netscape/old/|tail -1` > \
/tmp/cookies.`date +%y%.%m%.%d` ~/.netscape/old/cookies.`date +%y%.%m%.%d`
#!/bin/csh
#copy yesterday's cookie file. We put it in tmp for now, because we want to
#compare it later with the last cookie file
cp ~/.netscape/cookies
#collect what we will allow to be kept in the cookie file
#We can trust Malda, right?
grep slashdot ~/.netscape/cookies >
#That silly free-registration stuff
grep nytimes ~/.netscape/cookies >>
#Do you, uh, Yahoo!?
grep yahoo ~/.netscape/cookies >>
#And whatever else you want to add. You get the idea, I think....
#make the new cookie file
cp
#look for new stuff put in the old cookie file
diff
~/.netscape/old/cookie.`date +%y%.%m%.%d`.diff
#add yesterday's cookie file to the old ones
cp
That would break the way images are served right now in Slashdot (from images.slashdot.org), for example.
Personally, I think that it would be too inconvenient for those of us who make a living designing and mantaining websites; OTOH, I can't help but be appalled by most people's "why worry?? Direct marketers are your friends!!!" attitude in this thread... Okay, so "they" can already violate our privacy in a number of ways; does that make it *right*? If that is true, it's actually a much better reason to not allow the Powers That Be to come up with Yet Another Way to break your privacy.
Okay, after learning of this 'ability', I did that today, then I checked my cookies.txt file - and it still has an ID number in it, it doesn't say optout like the website claims.
So, is this a special ID for 'opt out', or are they just lying about being able to opt out?
How about a Jam Double Click day?
Stupid idea?
Thanks for bringing this up. This is exactly the text given for that option in Netscape Communicator 4.6, which I also use. The text is 100% wrong and misleading. "The page being viewed" may be WebMD.com, but the cookie attached to the ad banner comes from DoubleClick.net.
If you don't believe me, quit Netscape, rename your ~/.netscape/cookies file, restart Netscape, go to my.webmd.com, verify for yourself that the banner ad comes from doubleclick.net, quit Netscape, and "grep doubleclick ~/.netscape/cookies".
As Gerv points out, Netscape 4.7 finally makes this option read: "Accept only cookies that get sent back to the originating server." This is technically accurate, but 99.9+% of the audience will still not understand that they'll be tracked from site to site across the internet.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
...as do I, obviously, since we are both posting with logins, unless there's a way that I'm not aware of to have a single-session, cookie-free Slashdot login (if there is, I'd appreciate being let in on the secret, and if not, there really should be). That's probably the only reason my cookies are still enabled.
I remember that the cookie issue came up in a big way when Slashdot first created logins, and again as a tangent whenever people would start debating anonymous posting (which I strongly support, even though I eventually decided to log in myself). A lot of people don't seem to get the point that "whether or not Slashdot should require cookies" is a whole different issue from "whether or not cookies are bad". That is, someone would say, I don't want to log in because I don't want to enable cookies", and someone would reply "You idiot! There's nothing wrong with cookies." In that context, I just kept wishing people would realize that that's not the point: the first guy doesn't want to enable cookies -- whether or not his reasons are valid has very little to do with whether or not Slashdot should force him to do so. Even ignoring that, though, I should hope that when something like this comes up, it would make people re-evaluate the question.
Anyway, this story inspired me to take a look at my own cookie file, and it was a real eye-opener. The Mac version of Netscape calls it "MagicCookie" instead of "cookie.txt", and its type code is 'COOK', which I had to use ResEdit to change to 'TEXT' before it would open in a text editor (I assume Netscape will still be able to use it), though it is a perfectly normal text file. I didn't see anything but normal readable text, or anything that could be references to locations within the file -- just some comments and then a lot of line entries, so I assume I can ignore the comment "# This is a generated file! Do not edit.", as long as I don't screw up the format by corrupting any entries. I removed everything except slashdot.org and a few work-related entries.
slashdot.org has made some interesting entries in addition to my login info, though, that really don't seem to belong there. Here are the entry names, minus all the other values:
www.slashdot.org... user
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
slashdot.org
Some of those could be records of my poll-votes, to prevent repeat-voting, but I'm pretty sure in most cases that I'd remember if we'd ever had those polls. No, it doesn't have actual values for these, or at least not readable ones, though the values could be codes of some kind. More likely, it's someone's idea of a joke, i.e., messing with the more paranoid minds; I guess I could be sort of falling for a trawl here -- in that case, for the record, I see it and I'm not really falling for it.
This really bothers me (the whole cookie thing, not Slashdot). I for one am very much wanting a browser feature to specify in advance the list of cookies to allow. Do I remember correctly that this is in the works for Mozilla?
David Gould
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
As far as I can tell IE5 doesn't do this: The cookie settings are under Tools/Internet options in the security tab, but it's either Enable, Disable or Prompt for cookies.
Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty
I guess whatever check Netscape is using to determine that condition (cookie originating from a different server than the page) fails under certain conditions.
Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty
No. In fact, I refuse to shop at stores that push that bullshit.
> Do you fill out free magazine subscrition forms? Same thing.
No and I don't know anyone who does.
> Do you fill out product registration forms? Same things. Get over it. There is nothing wrong with the use of cookies.
I don't fill out registration forms either. They have to honor their warantee regardless, so screw them and their f***ing forms.
Get a clue: There are a lot of people out there who *resent* being tracked like elk in a wildlife preserve.
"I once preached peaceful coexistence with Windows. You may laugh at my expense - I deserve it." Be's Jean-Louis Gass
The junkbuster is a proxy that filters banner ads, cookies, etc based on simple regular expression like syntax. The default blocklist filters out pretty much all the crud out there, making for faster downloads.
Chris Wareham
Adultery is his business.
Purjury is ours.
If he hadn't groped Paula Jones in the first place, he'd have never been called to testify - which means he wouldn't have had to lie.
When your President is a lying, cheating loser, there are worse things than 'embarrassing' him. Personally, I think a guy like that is immune to embarrassment.
- Darchmare
- Axis Mutatis, http://www.axismutatis.net
- Jeff
To all the people who say they don't care...
Its all nice and good if these stats are being
used to target advertising at you. Hey, i kinda
like the idea of getting relevant banner ads.
What should scare you is when you apply for a
job and the employer checks with doubleclick and
they say this guy's a no-no cause you accidentaly
clicked through to some pr0n/extremist/wacko
sites.
Put this in your crontab:
/usr/bin/perl -pi -e 's/^\.doubleclick\.net.*\n//' ~/.netscape/cookies
Problem solved.
I used to do something I thought was really smart at that time: I just set up an IP chain to block adserver*.doubleclick.net (via some IP ranges). Then, I noticed User Friendly used DoubleClick. Suddenly, I was responsible for Illiad losing money. I turned the filter back on.
:-)
:-)
I think you have three real choices:
1. Don't accept the cookies. Irritating every time, unless you have some auto-option. Go Lynx for this!
2. Accept the cookie, but don't click the banner. They won't be getting any useful info from you.
3. Accept the cookie, and _let them_ build a profile on you. Sure, you will get ads that are more interesting to you -- so what? If you don't want or need the product, don't click... Of course, spam is more irritating -- guard that e-mail address, or get a spam filter (mail me if you're interested in betatesting my own). I thought commercials (ads in this case) actually were supposed to be a Good Thing(TM) for the _user_ as well as the company? If you get ads for products you want, is there anything wrong with that?
OK, I see this might be a bit controversial
/* Steinar */
(This comment is of course GPLed.)
I just black hole all doubleclick ads (and many others) without using a proxy for the rest of my browsing. See my "how to" at
http://www.schooner.com/~loverso/no-ads/
I've written something similar (it filters cookies, but you can run two in series to block ads). It doesn't come with a list of sites to block - you must decide yourself. For more info, check out http://www.andrewcooke.free-online.co.uk/jara/alfa jor/index.html
Andrew
http://www.acooke.org
It's not the ads, it's the information you can gather. Let me give an example of the kind of thing you can find with an sql join.
Once upon a time, my employer did library systems and drugstore systems. In the drugstore system, customer adresses & phone numbers were protected, but they weren't protected in the library system
So a user selected for people who had a perscription for birth-control pills in the drugstore database, and joined for matching names in the library database. This gave him names and adresses, which he filtered to get ones nearby.
Anyone want to guess what he was planning to "sell" the selected customers?
---davedavecb@spamcop.net
So it comes down to this>
Some direct mailer thinks they know what I like so they send me a bunch of catalogs and coupons. Got that now; make paper mache or stuff the fireplace. In the future all mail carriers will be robots to carry all of the junk mail.
Some law enforcement entity wants to know where I go, what sites I visit, what I shop for. Doesn't sound very hard to do now. Imagine how important you'll seem to yourself when the Man kicks down your door.
The information will get abused and/or misused, misinterpreted or is just inaccurate. Is this a real shocker? Gee, in the future banks and insurance companies will be difficult, arbitrary and arrogant.
Even companies that collect and use this kind of information today don't do a good job with it. How different spellings of your name do you see in your junk mail? No, what you want is as many companies as possible doing as poor a job as possible and then selling the results to one another. Imagine a whole economy based on trading bad useless data amongst ourselves.
As the great Athenian philosopher Mediocrates said: "Aim low, you can't fuck it up."
Yes - this is distrubing. No - this is not unique. :)
The net is become more and more like the outside world. The idea of advertising corps surupticiously tracking my movements across the net really gets my hackles up. But should it? Or rather, if this does then shouldn't an awful lot of other things too? My credit card company knows all the shops I got to too. Yet somehow I tend not to think about this.
Prehaps it's because we're used to thinking of the net, conciously or not, as a refuge from the more sordid elements of a world ruled by multi-nationals.
But now the pendulum swings the other way. The same things, the same technologies, that let us (individuals) get a leg up, help out the corps even more. I have to acutally get a credit card before they can track me. But now I can be tracked, not from my purchases, but just from window shopping. And just as we got a head start online over the commerical world, commererce has a head start over the legal world. The protections afforded me in the 'real world' are minimal enough. What can I hope for in an environment that crossed countless borders and exists almost exclusivly in the abstract.
The upshot of it all? Same ol' same ol'. It's not 'right', and it's not 'fair', and we shouldn't have to like it or lump it - but we're not doing ourselves any favours thinking of this as net specific thing.
My 2c worth of ramblings.
... with eskimo chains i tatto my brain all the way...
- Recompile your kernel with ip firewalling support.
- add the following two lines to your boot scripts:
- ipchains -P input allow
- ipchains -A input deny -s doubleclick.com
this is sans manpage, see ipchains(8) for more details.--sam
--sam
Any technology distinguishable from magic is insufficiently advanced.
On the windows machine that I am typing this from I created a batch file called cleanall.bat that does the following:
/y c:\windows\tempor~1\*.* /y c:\windows\cookies\*.* /y c:\windows\temp\*.* /y c:\windows\history\*.*
deltree
deltree
deltree
deltree
I then put c:\windows\local\cleanall.bat as the last line in my autoexec.bat file
(c:\windows\local is the directory that all my bat files and command line programs are sitting in. This way I could add it to my path easily)
Windows convieniently needs to be rebooted about once every day or two so all cookies and temp files get deleated.
Note: You have to delete most of this stuff booted to msdos because windows won't let you so deleting it on the way in is convienient. You may also have to rem cleanall.bat out of your autoexec.bat file temporarily if you are installing new software that reboots as part of the install.
Every wrong attempt discarded is a step forward - T. Edison
Or, alternately, you could run iCab. :)
http://www.icab.de
I'm so glad I have a Squid ACL rule blocking access to doubleclick :-)
Here is how you stop the cookie spying problem: Click on Edit|Preferences|Advanced...."
And there it is! The radio button. Click this text: "Only accept cookies originating from the same server as the page being viewed."
Now click okay! Now you can only get a cookie if the server sending you the HTML (or whatever) page is sending it. Inline gifs from other computers can't send cookies. (Well, they can send them, but they are ignored.)
So stop complaining and click that button.
This
I don't really mind about ad's - slashdot has
some goods ones sometimes. What I hate are the
pop-ups, like those on geocities, tripod, etc.
Is there a way to avoid pop-ups, configuring
it by site.
If the banner advertising industry actually understood the demographics they were collecting, they might be able to show me banners I'd be interested in. I spend hours surfing the web, but I click on maybe one banner a month. From The Economist:
"... although marketers are waking up to the importance of the web as a new advertising medium, few know how to make the best use of it. Most still "spray and pray", throwing money at the web in the hope of reaching a mass-audience and building a brand, just as they did once before in the broadcast world."
But all this money spent on advertising on the web has done nothing to draw me in. Ads for internet companies work on TV, I've actually been tempted to check out websites after I've seen their ads on TV. But the banners that everyonne sees everywhere aren't much more than annoying.
I like my privacy as much as the next person, but I'll save my fights for a problem that's staring me in the face, threatning to do some serious damage... not a banner ad that I can just as easily ignore.
Does deleting the double-click cookie every so often help? I suppose it severs your connection to them, but is their current store of info still useful to them?
The link for opting out (which is both in the original story and the pareent to this reply) is excellent. I imagine DoubleClick will get an example of the "slashdot effect" today, on the opting out page...
DoubleClick isn't neccesarily ignoring small fry; somewhere in the body of this well-written column, it is asserted that they ignore you unless you're at a certain threshold. Well, my site
(http://www.auschron.com) is under said threshold, and we get a phone call from the sales weasels every other month or so. So they are prospecting towards smaller markets...
Perhaps you should look at the announcement: http://www.atguard.com/product_info/final.html This site says WRQ is licensing rights to sell AtGuard to Symantec as part of Norton Internet Security 2000. (And also licensed AtGuard to ASCII Network Technology.) According to the above URL at the site you posted, support and the web site will end from WRQ in under two months.
I run with Netscape in "ask before setting a cookie" mode, and I've become used to rejecting DoubleClick cookies. A few weeks ago, I was getting tracking data on a package from fedex, from the usual spot, http://www.fedex.com/us/tracking, and was presented with, and rejected, a DoubleClick cookie. What surprised me about this is that there are no DoubleClick ads on the page. What's going on is that there's an IMG tag at the bottom of the page which loads a 1x1 GIF from DoubleClick; this is the only reference to DoubleClick on the page, and it seems placed at the end so that delays in loading the ad won't keep the page from rendering. (Usually, they go for the opposite effect, trying to arrange the page so that not much renders until you've seen the ad).
The tracking IMG does not seem to appear on the next page you receive, which presents tracking results, so they can't harvest your airbill tracking numbers by simply grabbing them out of the Referer headers on the requests for these GIFs. It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex. The random-looking numbers in the URLs of the DoubleClick GIFs could be there to facilitate this kind of cross-referencing --- Fedex knows image http://ad.doubleclick.net/activity/3/5555/22222 was on a page they shipped to the browser with Fedex cookie X, and DoubleClick associates it with DoubleClick cookie Y, so if the URLs are unique, they can figure out that those two cookies went to the same browser, and pool the associated user profiles after the fact. But you can't spot that kind of thing by looking at the pages.
(Yes, I should probably install junkbuster, or something like, which would allow me to state rules about which cookies to present and which to reject out of hand, but I gotta get one of those round tuit things first).
For a yet-to-be-named site I'm developing we'll be 'watching' where people go on the site, what types of things they want to see. easy way to do this... send a cookie to them that states "Hi, I'm me. I have a user counter number of ##." and it gets thrown into a database for later analysis. True, this could be done with tracking IP numbers and such, but blah, that's a pain. cookies are easy.
The good thing about this is if someone has cookies disabled, bummer, we don't get their data. none of the site is broken because of it.
This will in turn make the site more friendly to the user because it will keep what people want, throw out things people don't want. lots easier and lots more truthful than saying "do you like this session please select yes or no".
Blarf, if you ask me, when I go to a site that I'll be putting any information into (such as amazon.com or whatever), I go and clear that cookie out of my file after I'm done. I like my slashdot autologin. :-)
--onyx--
My machine is on 24/7. The only programs that I never close are netscape and xemacs.
--Ivan, weenie NT4 user: bite me!
--weenie NT4 user: bite me!
"Computers are nothing but a perfect illusion of order" -- Iggy Pop
For more peace of mind, just perterb their cookies a little bit. Be someone else...
Surfing the net and other cliches...
Surfing the net and other cliches...
(Who Meta-Meta-Moderates the Meta-Moderators?)
I think commercialization of our culture has its scary spots, sure, but blocking out banner ads while you read Slashdot makes no sense. The ads are how Slashdot GETS FUNDED! Without the ads, Slashdot would not be able to afford its bandwidth, systems, and personnel.
If you want to protest against ads, go ahead.. just stop reading Slashdot! Blocking them out means that you're reading something that is being made possible by other people who ARE reading the ads. In my book, this is called leeching.
So if you really want to be productive, then instead of refusing to watch ads but accepting what they pay for, I suggest you work toward thinking up an alternative way to effectively fund things. Reader-funded Slashdot, for instance.
Otherwise, either only visit ad-free sites like Google, or don't surf at all.
All this hypocrisy of watching TV without the commercials or surfing the web without the ads which pay for what you're watching/reading makes me sick.
A sorta workable solution for this particular problem would be to disallow any packages going to DoubleClick.net on the firewall level.
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 199.95.208.0/24 -j REJECT
That way you won't get the banners and you won't send information to DoubleClick.net.
(Shamelessly stolen from Rusty Russel's ipchains-HOWTO)
One of the worst things about browsers in general is that I can't conveniently choose what cookies to accept and which I'd rather reject.
Wouldn't it be nice if I could tell my browser "Please accept all cookies from sites x and y that are sent back to themselves" rather than just making it a blanket statement about all sites?
I do like the "ask me before accepting a cookie" option, but I wish I had a lot more control. I'd like to set up my browser to auto-expire cookies after a certain time since the last visit to particular sites. I'd like a convenient way to delete all cookies from a particular site and ban cookies from that site henceforth. And some sites (hi, Slashdot!) I'd like to freely accept cookies from--as long as they were being sent back to Slashdot. I'd also like "ask me before reading one of my cookies" as an option to help me evaluate whether to allow that site to store cookies on my system.
And while I'm at it, I'd like my own F-16. Sigh.
I don't mind cookies being attached to GIFs so much. I just want control of the cookies. After all, it's my dang system--not theirs.
Here's the scenario. Just pretend for a moment that /. is evil:
Note: in the above scheme, cookies are entirely uneccessary. All that is needed is for /. and DoubleClick to conspire to share session and user information. It's reasonable to assume that any site offering DoubleClick banners has no qualms about doing this. Sessions can be tracked simply with URLs. Cookies make it easier for DoubleClick to tell when I hop to another site, but if I typically frequent sites that I have personalized, and thus sign in, then they have all the info they need. Blocking cookies reduces but doesn't eliminate the tracking.
Expiring cookies per session preserves your anonymity only if you never reveal identifying information during that session.
The best way to prevent this abuse is to block all HTTP requests to banner servers. That way, /. would have to simply share it's data with DoubleClick in more conventional ways. Of course, that would have to be stated in the /. privacy policy.
The browsers should change their implementation of cookies so that, by default, foreign sites can't send me cookies along with their GIFs
A simpler solution is to disable cookies in the browser. Netscape at least has a setting for that
With Mozilla we can do what we want. Need to change the way cookies are handled? Go ahead - you've got the source. Want to build Junkbuster right in? Suit yourself. How about a random cookie feature - where you accept the cookie, but you return some fictional person's data... hey, if you implement that, I for one will use your patch.
Life's a bitch but somebody's gotta do it.
If cookies weren't allowed in img src tags, banner sites would just switch to using frames for their ads.
-- Don't Tase me, bro!
You forget that it is likely that junk mail shall follow. And discovering that you read "the hanky panky site" by your parents, and oversealos neigbour, etc can sometime be a very unpleasant experience (that is besides all the junk in your mailboxen - both electronic and snail).
I am actually glad that these practices are explicitly prohibited in europe by the data protection act.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Left shift 1 for e-mail...
I was shocked to see such a well-researched and fact checked article on slashdot!! Great work!
Why shouldn't I let people know I'm using "Nutscrape/1.0 (CP/M; 8-bit)"? That's what squid says I'm using, and it wouldn't lie, would it? ;-)
I ate something that disagreed with me. Maybe I should have cooked him first.
How do you do that? I run a Perl script nightly on Windows and UNIX that removes all cookies that I don't want. An even simpler approach is to make your cookies file read-only (edit it beforehand and leave in it only the cookies you like) or replace it with an empty directory (no persistent cookies at all).
Why should you be concerned about long-term tracking? I think it will only be a matter of time until life insurance, credit card companies, employers, and health insurance companies use your purchasing and browsing data to assign you to risk groups. And all of that will happen with automated data mining techniques, so there will be little cause to claim discrimination if the neural network classifier doesn't like you. It's not that I'm a particularly high risk to insurers, I just don't want to feel that my health insurance company is looking over my shoulder every time I order a pizza with extra cheese.
With per-session cookies, advertisers get some data, but they can't correlate it easily with personal information. That seems like a good compromise to me.
>>Now that makes me uneasy. Are you insane!? It makes you uneasy that people can know what medical condition you've been looking up on the web!? It makes you uneasy that people can know you visit religious sites AND porn sites. I'm not religious, i'm an atheist, but this is crazy. No one has a right to hire a detective and follow you around just to find out how they can target ads at you. Is there nothing you wouldn't allow someone to do to you in the name of profit? ...just wondering
an enigma wrapped around a paradox driven by a paradigm shift
Junkbuster comes in a Windows flavor, too. I use it on my home dual boot system in both its Windows and Linux versions.
Editor Emeritus and Senior Writer, TeleRead.org
Would you like to buy some Unamerican Activities? http://www.unamerican.com
Note: this is not advertising
Also note: Linux is the shit stickers
Disabling cookies not from the same server as the one sending you the page does _not_ work.
;)
// Jens M Andreasen
The problem is that the banner is viewed as a page in its own right, and of course the gif is originating from the same site as the cookie.
Try doing what you say AND leave the warnings on.
Read the warnings and you'll see names of lots of weired servers where you have never been or wanted to go.
Hey, this even happens here on slashdot from time to time
mvh
send + more == money?
i'd like to take this opportunity to bitch and moan a bit.
h tml#discontent
really i think the problem here is that web browsers don't give the users quite enough choice as to what kind of things the remote sites are going to do to them.
someone suggested that cookies are a trade-off; they give you customisation but you lose privacy. why do they have to be a trade-off?
Why is there not one single web browser out there that will let me say "accept cookies ONLY from "www.slashdot.org"? or "no new cookies"?
the closest i've seen yet is a feature in IE4/mac (and maybe other browsers, i'm not sure..), which i use, which asks you every time you visit a site whether you want to accept cookies from there in the future. if you say "no", it throws out any cookie information from that adress in the future. But, of course, this means that every time i visit a site i've never been to, i have to deal with a little dialog box saying "do you want to accept cookies from www.blah.com?". And because for some reason this dialog box has been made modal, and because of the mac os's cooperative multitasking, this means that until i go and click that dialog IE doesn't load anything. grr.
what i'd LIKE to be able to do is get the cookie from www.slashdot.org in my file, and then tell the browser to never accept any cookies again and not let any sites except slashdot.org read cookies. But that's not an option, so i put up with the constant dialog boxes.
It's too bad the web browser companies go all or nothing with their features. There's some situations where you want something more flexible than a simple on/off switch. Instead of having a little click box saying "allow javascript" it would be very nice to be able to allow only _parts_ of javascript; like, allow document.write()s and mouseovers and things that pages require to work, and then disable things like popup windows.
Of course, this is why mozilla is such a good thing. i like the idea of being able to delete huge swaths of code from my web browser.
thank you for your time.
-mcc-baka
why web browsers suck: http://home.earthlink.net/~mcclure111/cyberleary.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Junkbuster discards all cookies, except from those places I want them, such as slashdot. Most other places that require cookies aren't interesting enough, so they loose me. Junkbuster also kills those stupid banner ads. :-)
A simpler solution is to disable cookies in the browser. Netscape at least has a setting for that.
It doesn't ask for your name. The URL brings up a page that explains what opting out does and then if you decide to go ahead you click a link, it does it. They never ask you to type a single thing.
That's what Roaming Profiles in Netscape are for. :)
Actually, disabling cookies with GIF's won't help very much, as most new banners are shown through iframe/ilayer, which means that your browser requests a true web page from the ad network (btw...Slashdot does this too ;)
Martin May
I use (*sigh*) IE5 to show me offered cookies (my making custom changes to the Internet security zone). Any image server that wants to give me a persistent cookie goes into my Restricted Sites zone, which (among other things) are prevented from giving me cookies.
Here's my list:
The hosts without the * are the scariest. ngnetwork.pcworld.com is offering me a cookie named NGADsomething. Want to bet that host, though in the pcworld.com domain, is actually the IP address of an ngadcenter host? In other words, you can block the ngadcenter domain and NGAD can still track you. Ouch.
I haven't (yet) set up host lookup to set all those hosts and domains to 127.0.0.1, but I'm thinking about it. --PSRC
Stupid job ads, weird spam, occasional insight at
If you do use junkbuster, comment out the following lines from the blocklist file:
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Just wondering, what is this "poll tax" you refer to?
"All those tubes and wires and careful notes!"
There's a further refinement you can do, though, and it's similarly quick and dirty. Aren't most of us running an Apache server or three somewhere? Well, if those missing-image icons look like crap to you, to, just stuff something like the following in your httpd.conf (I'll just treat the doubleclick case for simplicity):
This way, you see, you not only get a filler image of your choice (which could be just a patch of solid color to scale), you get to track them in your logfiles...
Notes:
I run a program, Proxomitron, that allows me to kill nosy scripts, kill geocities popups etc. At first it was divine, most banner ads were killed and a lot of annoyances were gone. Suddenly, i could not log into excite's free web mail unless i turned the Proxomitron off. It falsely tells me there is a communication error. This is not true. What is more, at one point I could log in fine with the proxomitron, this just started after a recent "upgrade". I have stopped using that account, but this is really annoying.
I really wonder what exactly their page is up to.
--- If you don't want to know the answer, don't ask the question.
Instead, call up your ISP (speak to customer service, not tech support). Explain that you don't like banner ads and ask them to run a Junkbuster proxy for customers of theirs that would like to browse ad-free. You'll most likely be speaking to a non-technical person, so explain what a proxy server is, how it works, why it would still be optional, etc.
Gates' Law: Every 18 months, the speed of software halves.
For those of us with MacOS, go to this page on Apple's Develope network site: http://developer.apple.com/qa/nw/nw59.html
The syntax is:
localhost CNAME foo.bar.com
foo.bar.com A 127.0.0.1
I don't yet know if it works, but the info is there if anyone wants it.
I'm going to try it anyways. Can't hurt?
Ppoe
ie
It doesn't mean much now, it's built for the future.
junkbuster......ever since I've started using this things have become so much easier. It's nice to do a tail -f on the junkbuster log and see exactly how many sites try and set cookies. Plus I don't deal with banner ads. If i find a site that has a banner add being served up, I view source and put it in the blocklist. There are 2 sites I allow banner ads from, slashdot and freshmeat. I want to support these sites and so I might get served an ad I want to follow through.
"We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
This is known for a while. I rip off some lengthy snippet from photo.net, which illustrate the potential of cookies quiet well. Read the really interesting full text here (somewhat down the page).
Magic cookies mean the end of privacy on the Internet.
Suppose that three publishers cooperate and agree to serve all of their banner ads from http://noprivacy.com. When Joe User visits search-engine.com and types in "acne cream", the page comes back with an IMG referencing noprivacy.com.
Joe's browser will automatically visit noprivacy.com and ask for "the GIF for SE9734".
If this is Joe's first time using any of these three cooperating services, noprivacy.com will issue a Set-Cookie header to Joe's browser.
Meanwhile, search-engine.com sends a message to noprivacy.com saying "SE9734 was a request for acne cream pages." The "acne cream" string gets stored in noprivacy.com's database along with "browser_id 7586."
When Joe visits bigmagazine.com, he is forced to register and give his name, e-mail address, Snail mail address, and credit card number. There are no ads in bigmagazine.com. They have too much integrity for that. So they include in their pages an IMG referencing a blank GIF at noprivacy.com. Joe's browser requests "the blank GIF for BM17377" and, because it is talking to noprivacy.com, the site that issued the Set-Cookie header, the browser includes a cookie header saying "I'm browser_id 7586."
When all is said and done, the noprivacy.com folks know Joe User's name, his interests, and the fact that he has downloaded 6 spanking JPEGs from kiddieporn.com.
Uhm, just checked, maybe it's time to deliberatly alter the content of my cookies...
From http://www.doubleclick.com/privacy_policy/ :
In addition, in connection solely with the delivery of ads via DoubleClick technology to one particular Web publisher's Web site, DoubleClick combines the non-personally-identifiable data collected by DoubleClick from a user's computer with the log-in name and demographic data about users collected by the Web publisher and furnished to DoubleClick for the purpose of ad targeting.
There are some cases when a user voluntarily provides personal information in response to an ad (a survey or purchase form, for example). In these situations, DoubleClick (or a third party engaged by DoubleClick) collects the information on behalf of the advertiser and/or Web site. This information is used by the advertiser and/or Web site so that you can receive the goods, services or information that you requested. Where indicated in some requests, DoubleClick may use this information in aggregate form to get a more precise profile of the type of individuals viewing ads or visiting the Web sites.
It's interesting to see whats in there...especially the ones from slashdot that have the letters "SSN" in them.
Am I the only one a bit concerned by the following tag line from Naviant's full page ads in many tech /business magazines from the past few months:
"New precision web targeting from naviant combines physical-world data with online behaviour - for the very first time"
The copy continues:
"With the acquisition of IQ2.net, we're taking data integrity to a level it's never reached before that includes name, address, demographics, psychographics and clickstream behavior."
- all quotes from page 115 of the November, 1999 issue of Fast Company, the ad has also run in a number of other magazines
The phrase "psychographics" is a peculiar one, very much makes me wonder where they are getting their information, and to what purposes it will be used.
Shannon Clark
-- Join us in Chicago May 1-4th for MeshForum -- writer, historian, tech geek, entrepreneur, internet junky since '91 --
Man someone spouts the knee-jerk privacy rant and he gets moderated up. Must be revenge for the top-level AC's getting moderated up. The difference? The top-level person made a coherent argument, this clown I'm replying to is trying to draw a comparison between cookies and someone watching you while you shower?!? What a joke.
Blar.
-----
--
perl -e'$_=shift;die eval' '"$^X $0\047\$_=shift;die eval\047 \047$_\047"' at -e line 1.
Yes, But we were too polite to mention it.
:-)
"Yes, there are two paths you can go by, but in the long run there's still time to change the road you're on." Somehow seems more appropriate for the url
Wouldn't it be possible for my browser to have an option to fetch inline images in a page only if the image was on the same server as the page? That way I could see the useful content, but discard all banner ads. Or would I discard too much useful stuff too? Comments?
11.0010010000111111011010101000100010000101101000
I think I've confused the UK authorities still further - I've moved to Sweden :-)
:-)
Anyway, I think you raise valid points - at the end of the day, I truly believe privacy is a personal issue. In Sweden there is a national ID card system such as is stronlgly resisted in the UK, but I haven't seen any real evidence of it being misused yet.
Good luck in keeping yourself hidden - and don't get caught doing anything naughty now
A little planning goes a long way...
I have read the article and I understand all the concepts presented. However I'm still having a hard time convincing myself that this is something I should be worried about.
Y'see I don't particularly mind seeing banner ads. Hell, I even click through occasionally. I completely sympathise with those who hate banner ads however, especially on the grounds of bandwidth.
However opting out of DoubleClick's system isn't going to stop you from receiving banner ads. It just means that they won't be able to serve you the banner ads that their system thinks you will be most interested in.
At the same time, there are commercial organisations collecting and storing information about my habits every day - supermarket club-cards, Visa spending patterns, online book purchases etc. I truly hope that for the most part they are doing so, in order to learn more about my habits as one of their many customers. To be honest, unless they start sending me unsolicited spam, I don't find it too much of a hassle.
I also sometimes think it must be quite amusing, as I live a fairly unconventional lifestyle.
I spent a few years hiding from all the lists I could. I was avoiding the "poll tax" in England. Every 6 months I moved house, I worked so I wouldn't be on the unemployment register, I never filled in official forms.
The tactic worked, but it was hard work. It also meant no credit, difficulty getting banking facilities, difficulty getting utilities connected when I moved house - everything was a lot of hassle. In the end the Poll Tax went away and I was able to come back into normal life and start building up a credit rating etc. Much easier to manage life.
In short - I understand people's privacy concerns, but how serious is it really, to have targeted advertising pointed in your direction??
A little planning goes a long way...
However, I was surprised to see a banner ad for specials at Austin area stores -- a convenience store chain, I think -- on the banner. So either I had some very inventive cookies, or they were making a guess based on my ISP, Illuminati Online which only covers two cities in Texas, Austin & Houston, in terms of dialup.
-- 'As it all washes away you know -- as it all is one, no one is alone.' -Cosmic Disorder
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
I noticed something new from the NY Times today - they usually try to set two cookies, and I let them, but now they've got a third which is especially interesting in light of the anti-doubleclick techniques discussed here.
The third cookie they tried to give me today's name and value were -
RMPP-.doubleclick.net-id=A
.. the cookie itself was sent/requested from privacyproxy.nytimes.com, whatever that is.
I don't know what those are used for; they're not discussed nor disclosed in the NYTimes' online privacy policy, which does disclose/explain the other two cookies they serve.
It seems to be attached to the "House Passes Cybersquatting Bill" story, but not to some of the others, if you'd like to take a look for yourself.
I've been thinking that it would be good to do a wide-scale protest (like the Windows Refund Day) where everyone we can get runs a script for a few days which slashdots a bunch of advert sites in random trends.
Although this would temporarily raise advert revenues, it might undermine industry's faith in ad bars altogether.
Let's destroy their signal-to-noise ratio! =)
It's only denial of service if you deny service! I'm merely suggesting skewing their statistics/information gathering so the cross-referencing of data is less valid. With no large-scale resistance, they're only going to get more invasive.
How long is it going to be before the content you are presented with is altered by the data they have on you? Imagine if a big corporation decided to give pure FUD to clueless newbie managers, and real information to techies?
I have nothing against ad bars per se., but I do object to this big-brotherish cross-referencing.
I definitely don't have anything against cookies.. for storing personal preferences, they're great. I just want those preferences to benefit me, and me only.
**Ignorance, fear and unjustified paranoia mainly**
Perhaps... but why do we not seem to care if these companies track our every click. How would you feel if the automotive industry installed a GPS in your car then tracked your every move, only to sell the information to marketing companies. "Hey..that might be nice... then I can get targeted ads sent to me based upon my habits"... uh...I don't think so. Or heck.. why not tatoo bar codes on our heads then we can install scanners in every store that will read those and track your every shopping habit ???? I doubt many pepople would tolerate that.
So why do we tolerate it on the internet ? I think it's important to remeber that we are in the early stages of the web, as technology grows this will only get worse.
I don't have anything to hide, but that doesn't mean I should have to give up the right to be anonymous when I choose.
Cookie Pal intercepts all cookie-setting attempts as they happen and lets you decide on a site-by-site basis whether to accept the cookie or not. It also lets you set wildcards so anything from *.doubleclick.net is rejected, and *.slashdot.org is accepted. Mine has a huge list of auto-reject sites, a small list of auto-accept sites. If the site I'm visiting isn't in either list, Cookie Pal prompts me with 4 options: Accept Always, Reject Always, Accept This Time, Reject This Time. I could just as easily have it auto-reject or auto-accept sites not in my lists. It's a very lightweight program with a simple but effective UI that I can't recommend enough.
AtGuard takes care of the banner ads (although it can do a lot more than that). It is basically a transparent firewall. Some of the more useful features: block images based on whole or partial URL matching (anything from doubleclick is rejected as is anything matching "*ad/*"), block HTTP_REFERRER fields, prevent animated gifs from looping...
Thanks to these tools I haven't seen an unwanted banner ad or animated gif in months, and the only cookies I have are the really useful ones that store preferences or enable shopping carts, etc.
I want to see if I can add some of these features to Mozilla (when I get more time) so everyone can have them available and so the internet-ad economy collapses. Call me a luddite, but I really miss the days when it was unheard of to even have a bit of promotional text on your web page.
Yep, there is. For IE, go to the security tab under internet options. Click on the restricted sites, then click the "Sites." button under it. Type in the sites you want to block em out on (*.geocities.com, etc.). Click ok, then "Custom Level" at the bottom. You can disable everything or just "Active Scripting" which will get rid of the popups. -ruD
And for those who didn't take a look at it before here's a link to Slashdot's article on David Brin's privacy book "The Transparent Society"
Since your UID is smaller than mine, I can only conclude that you're trolling. -s20451 (410424)
There is also a nice URL to verify that you are runing the proxy correctly, and displays the loaded blocklist and configuration. It works great as a home page.
I've been using this setup for quite a long time and I am very happy with the results. The browsing time is greatly increased and without the clutter.
I know it happens since I see it at times. Ever notice how you seem to get banners about things going on in your zone of the world but not in others? They, doubleclick, track you down even to the point where they try to access a port on your machine, for me it was port 8, and using the reply info (time to opne the connection) they can guess within a couple of states where you are.
How did I find this out? Because I could, I setup a firewall to block everything bellow port 1024, and noticed a barage on my port 8 one day. I resolved the ip's and found it to be *.doubleclick.net. After a while, I noticed the traffic to be less from accros the us and instead from the tri state area. Yes, I am in NY.
So even if you turn off your cookies, there are demographics on you stilll
-
ping -f 255.255.255.255 # if only
Actually it's fairly easy, using this method, to just collect all of the cookies you *want* (slashdot is the only one I keep), delete all the other lines, and then make the file read-only. This way you get convenience, but only when you want it (I read slashdot up to 6 times a day, logging in manually each time.. ugh), and don't have to use a resource-gobbling helper program or a bandwith-gobbling proxy. Best of both worlds.
fh
When a company needs to sell a product, and do by only paying what they need for banner ads, what would be the most efficient payment for banner ads? Targeted per click ads? Targeted per sale (more revenue per customer of course) or just a flat rate? What do the major companies do?
Cleaning out this file does a couple of things for my peace of mind. 1) It screws with the statistics of all those places that use cookies for tracking me. 2) It clears out potentially percievably incriminating data if my employer were to decide to hire web-Nazi's to see what people are doing on company computers even in their off hours. If I ever want somebody to know what I've seen on the net I'll tell them myself.
--
My office has been taken over by iPod people.
But CmdrTaco does have a rich uncle! His name, if I recall, is Andover Dotnet. Cool guy, although he tends to throw lots of money around for really silly things...
Now, read a page on the web, you tell DoubleClick about that! As I see it, compromising your privacy to someone you do business with is no concern, giving out the details to some third party is.
To clean my cookie file everytime I login, I use the following script:
.profile:
==== ~/.netscape/fixcookies ====
#!/bin/bash
cd `dirname $0`
umask 077
prog=`basename $0`
GREP=/usr/bin/grep
# create lock file and fix cookies
if ln -s $prog $prog.lock 2>/dev/null; then
$GREP -f cookies.valid cookies.new
mv -f cookies cookies.old
mv -f cookies.new cookies
rm -f $prog.lock
fi
==== end ====
==== ~/.netscape/cookies.valid ====
^#
^$
^slashdot.org\>
==== end ====
And add the following to
# delete bad cookies
~/.netscape/fixcookies
This ensures that bad cookies I receive only last one day or so.
and run it when I login. Cookie pecker is a trivial perl hack which reads the cookie file and changes a random character in each cookie to a random other character.
Reality is 80m polygons - Alvy Ray Smith
How long is it going to be before the content you are presented with is altered by the data they have on you? Imagine if a big corporation decided to give pure FUD to clueless newbie managers, and real information to techies?
This might be better than what we tend to get at the moment - namely, that they give pure FUD to clueless newbie managers, an no information to techies.
--
"I am Blair of EU^H^HBorg. Surrender your currency and prepare to be assimilated."
--
"This isn't the post you're looking for. Move along."
It seems to me that better than banning all cookies attached to GIFs, browsers should have reasonable cookie handling options. So far I seen precisely one browser that appears to handle them vaguely sensibly, and that is Lynx (!).
When you are prompted to accept a cookie, as well as Yes and No options, you can indicate Always or Never to accept cookies from that domain. If netscape had this option, and kept your choices persistently (which Lynx doesn't for now) the matter is very simple. Just choose 'Never' the first time you see a doubleclick cookie. In addition Lynx allows you to view all currently held cookies and discard them at will or change Always/Never options by domain.
The only things I found dismaying was the number of sites that use an algorithm for creation of a user id based on your ip address. The other one was x10.com having my name in there (presumably from that firecracker deal they had a while back)
Not a huge deal, just time to update my sblock.conf
-transiit
Cool features include an estimate of the time saved by not downloading banner ads, a switch to block popup windows in Java(script), and a switch to modify animated GIFs so they only play once.
When something comes up it hasn't seen before it pops up a dialog asking how to deal with it. This is the firewall software for your grandmother, or at least as close as it can be.
Altogether a nice package. BTW, I have no relationship with these people other than as a satisfied customer.
Paul.
You are lost in a twisty maze of little standards, all different.
Just as importantly, no server can read another server's data, each site reads only its own cookies
... I've been fed up with this for a while now. I use AtGuard (Win32) to block ads, cookies, referrers, and access to most ports and transport protocols on my box. This does a few things, first is "secures" my swiss chees ... err I mean Windows box a little by allowing me to control all incoming and outgoing packet traffic (ICMP, IGMP, UDP, TCP, etc.) second, it lets me block cookies on a site by site basis. When a site wants to drop a cookie, the software asks me if I want to accept it or block cookies from that site. You'd be AMAZED how many sites use cookies that you'd never expect. Third, I use it to block referrers so if I'm at a page that I don't want public, it won't be due to someone parsing their access.log's looking for stuff. This also helps prevent any poorly written script that uses names/passwords in the URL from giving away my info. And lastly, I use it to block ads on many sites ... mainly those commercial sites (like ZDNet) which are simply overrun with ads. I usually allow ads on sites that really need the support for revenue.
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Now, as for tracking, cookies, and ads
And yes, I run ads and cookies on my site out of necessity, not marketing or demographic reasons.
I think it's choking on some HTML, because I once cancelled it while it was loading a page that would do this repeatedly. Then I viewed the page source, which retrieved the rest. I saved the file and viewed it locally, but it still hung.
I suppose this wouldn't work for everyone, but most of my favorite sites are all about images (gotta get my Dilbert/Bizarro/Zippy fix.) Even though most images on these pages are the same each time and just get loaded from my cache, I find it faster to just click the image icon in the location where I've grown accustomed to clicking it. I assume this is mostly due to waiting for (uncached) animated banners.
I know you said that you quit Netscape, but are you _sure_ that Netscape knows this? With Netscape 4.6.1 on Linux, I've seen netscape processes running days after I "quit" Netscape. If that's what's happening to you, and the page Netscape thinks you're looking at has a DoubleClick banner, that would explain the behavior you're seeing. Of course, if you've allready checked your process table, this isn't an issue. ;)
If, eventually, ever site on the net uses the same one or two huge ad banner companies, and they track you with cookies and then let's say they decide to share tracking info with each other.. They now have a complete log of every web page you visit that has ads. Targetted advertising is merely the best way that ad banner companies have come up with to "use" this information. There are other, far more useful/insidious ways to use this information. For what it's worth, although cookies make this much easier, it's not impossible to do it without them.
Anyway, advertising is not the issue -- it's the information behind the advertising. The issue is not that an ad company can give you targetted advertising -- the issue is that, because a single entity is present on a such a large percentage of web pages, you can be tracked and identified as you surf the web. If you don't care about maintaining privacy on the web, then likely you don't care about this either.
--- Where's my X.400 protocol decoder?
In Netscape, look for the file 'cookies.txt' in the Netscape directory (or one of its subdirectories.) Open this file in your text editor and delete everything after where is says "Do not edit." Save the file, then change the file's properties to 'Read only'.
Now your browser will accept cookies but will not save them to disk. They will be able to track you only for the current session while the cookies are held in RAM. Once you have shut down your browser, they are all lost and the next time you visit a website with one of their banner ads, you are a whole new person to them!
You can do the same thing in IE by changing the properties of the 'Cookies' folder.
Ideology is for ideots.
I agree. I fail to see the logic in giving a company my name and info just so they won't collect my name and info about me. I would prefer that they just don't even know that I exist.
On a tangent to this, I hated it when supermarkets brought in their customer cards and you could no longer buy anything at sale prices unless you gave all your personal info. My solution? I simply created a virtual identity. The store now thinks my name is Peter Rabbit, not Trickster Coyote, and that I live at a non-existent address around the corner.
Ideology is for ideots.
don't file taxes
This is the difficult one. It's possible to pay your taxes without filing, or getting any identifying numbers, but you have to plan it very carefully and avoid certain kinds of investments. You also have to read way too much income tax law and argue with people paying you a bit. Having photocopies of the chapter and verse of the law is very useful.
***********************************
I tried this and the state attached my wages for not filing, even though they owed me money!!! And beware the feds will keep any return not claimed within three years! I got a very expensive education via that loophole, if there is a way around either please quote state or fed regs that apply.
Rick B.
GIFs are evil anyway.
-- Real free software sites don't use GIFs.
Hmm.... Can we tell I only scanned through the article? It offers a link to basicly the same thing.
------
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
This URL sets a cookie which allows you to opt out of doubleclick.net's tracking. http://ad.doubleclick.net/cgi-bin/optout?
------
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
What it should also do is let you provide a function to determine whether a cookie should be accepted, so we can reject cookies based on the URL (and mime type - a much more general solution than saying "html only").
This is exactly the sort of thing I want an open source browser for.
A few weeks ago I simply configured my Squid proxy not to let anything from Doubleclick.net go through. It's totally transparent to my users and I spared 1.5% of my total HTTP traffic (that's what Doubleclick.net was costing me before...).
Someone wrote in an earlier discussion (I won't take credit for it) that their ought to be a server that mimiced doubleclicks url interface, so that we could simply point doubleclick.net at that server in our hosts files. Maybe the server could sell adds and give the money to charity (and not tracks users, and carry only 2 kB static gifs).
I wonder if they would sue for that...
Most important: please don't start advocating laws for to solve things like this. Informing about it is good (this was a great article) but enforcing by violence, and our laws are based on violence, that which can be solved by intellect (a simple hack that keeps doubleclick and co out of your cookies file) is ALWAYS BAD.
-
Why bother with letter DoubleClick decide to remove their cookies? Do it yourself! In WebTechniques, Randal Schwartz wrote an Anonymizing Proxy server in Perl that can run as a console app in the background that you can use to strip out all your cookies (as he wrote it), or, with a slight modification, you can have it strip out only DoubleClicks's cookies.
The original column is at http://www.stonehenge.com /merlyn/WebTechniques/col11.html (code here), and he updated it (a "Preforking, compressing proxy" (code)) last February. He also wrote a "Cookie Jar" (code here) application that can be used for the same purpose.
They all run on *nix, of course, but I have gotten the original proxy server running on a Win95 box and on WinNT boxes using ActivePerl.
Check it out. Take control for yourself--don't rely on their ridiculous "opt-out" option. Fight back.
darren
(darren)
That, or turning off auto-loading of images. I never get banner ads. :>
Imagine applying that to the rest of the advertising world.
I'm reading a magazine. Upon seeing an add for a new car, if I'm not immediately calling the dealership to get more info... the add has failed.
I'm watching TV. McDonald's tempts me with various fast, hot offerings. If I'm not immediately driving to the local franchise the add has failed.
The radio's music selection is interupted. Coca-cola plays the "pop-hsssssst" noise of a fresh can being opened. I should be at my fridge and rooting out a Coke like some kind of experiment by Pavlov. Otherwise, the add has failed.
Please.
Advertisements don't generate immediate sales. They get the product out there in the minds of an audience. They let people know they're there. They might even, gawd forbid, SAY something about the product. But the main intent is mindshare. The consumer should think "I'm hungry" followed by "McDonalds". Coca-cola (followed by Pepsi) own the soft drink market. They're entrenched. Why bother spending huge amounts on advertising then? Mind share.
Click-through rates are an antiquated part of the web. Sure, bleeding edge companies like DoubleClick needed something to convince advertisers to divert funds from tried-and-true traditional media. But now its extra baggage.
Electronic media is becoming a part of the mainstream. Sure, traditional media will insist on the greater validity of "traditional journalism". While the point is weak at best, they are partly correct; traditional media will still be around. But it is slowly being time shared with its new online cousins. That means lost advertising time in the traditional space. That's less time to generate mind share for your product. If an advertiser wants to make that up, they need to also run online banners.
Advertisers WILL advertise online - with or without click-through rates.
Saaay. Spammers are kind enough to offer the same services. Maybe I should send THEM opt-out messages too?
For some reason, I fail to trust either.
Why boycot M:tg because of TV adds? If it weren't a Magic add it'd be an add for something significantly more lame.
-- The act of censorship is always worse than whatever is being censored. Always.
There is a nice little personal-proxy utility from Siemens, it's free for personal use, and does a good job of cutting the ads completely.
It can also remove referring-page info, etc.. and is very easy to setup and use, windows only unfortunately.
Have a look at: http://www.siemens.de/servers/wwash
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
Got that? It means I have to opt-out on my computer at work, my laptop, and my computer at home. Not only that, I have to remember to do it anytime I do a reinstall and my cookies are wiped. Otherwise, they'll start the tracking all over again.
You know, at times, I think the Luddites may have had the right idea.
"We're sorry, but the website you're trying to reach has been disconnected."
If you find the tone a little too egoistic, I think you missed the punchline:
Now does this have anything to do with my request for proof about "anybody can find out anything about anybody", or are you just feeling cranky?
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Embedding information in a URL doesn't carry from one session to the next, and can only carry from one page to another with a direct link. Completely different than what is possible with cookies.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
They use cookies, and also collect IP addresses. Yahoo does research on users' demographics, interests and behaviour based on your registration, server log files, from surveys and during a promotion, which it then shares with "advertisers and business partners".
Yahoo is also allowed to match user information with third party data.
Yahoo allows you to switch off cookies, but then you can't use its services, such as the web e-mail.
Non-techies might then use Mozilla because it protects their privacy better.
perl -e 'fork||print for split//,"hahahaha"'
Perhaps in light of the recent attention dealing with cookies and security, dealing with large user databases and ad servers (see the Slashdot article http://slashdot.org/article.pl?sid=99/10/22/024921 2&mode=nocomment for the concerns/problems people have), I condsidered a possibly feasable alternative to the cookie-attached-to-a-gif problem. Instead of changing HTTP, and removing a widely (mis)used function, you could offer partial Do Not Accept ability for cookies. In other words, you could have Netscape save a list, in an external importable text list, of servers you don't want to accept cookies from. Then pages that use cookies for USEFUL things (e-shopping, user prefs, etc.) don't lose their functionality, while pages with possibly imposing or veiled intentions (ad.doubleclick.net) won't be able to read a thing. And while the obvious solution for most banner services with directed marketing would be to take out as many servers as they can to get around the loophole, you could have several more options, such as "ban all except certain servers" or "ban all selected servers" or "ban from IP range" and disable all on an IP of any number of codes (such as any coming from 207.X.X.X or just 207.28.42.1). Also, I'm sure some overconcerned zealots would have a regularly updated composite ad-banner server list that you could easily use the (previously mentioned) import feature to update.
I'm sure this would be relatively easy to implement, since it's all just scanning and comparing, but I didn't suggest this to mozilla.org because it's not a bug, I'm no C guru, and it's not implemented in the binaries. And I'm sure if this were implemented in a certain form, it would let several power users and paranoids and privacy buffs sleep better at night, while not interrupting their slashdot user prefs.
And it would also evade the other current solution of turning "confirm cookies" on, and getting swamped by little confirmation boxes every time you load any page with an ad on it (most professional sites).
Thank you,
- WrexSoul
\/.
vvv
- WrexSoul
\/.
vvv
That's a good point...how does DoubleClick know it is obtaining information from people in countries in which it is legal to do so? Is there a way for DoubleClick to know, besides looking up an index of ISPs and discarding the information if it is illegally obtained, which I'm sure they would never do...
It's 10 PM. Do you know if you're un-American?
They really don't, but when this major company can combine your webclick data with and actual real person, well that's kinda like spying. Not counting the amount of mail that could generate you in your mailbox. If you think that Junk Snail Mail is a dying breed think again. If they have you name and address and they feel that they could send you something in the mail and you buy I guarantee that it will be moving in your directioni rather quickly. Maybe that is what they are doing here as well. Maybe they are going into the Junk Mail business as well, using the online click methods to target mail to your house.
Good is never enough, when you dream of being great!
Thanks for pointing that one out. I have just started using Linux myself and haven't really looked at all the settings in Netscape thinking they were all the same. I don't know if 4.61 has that in Windows because my motherboard is out on my Windows machine. thanks again though
Good is never enough, when you dream of being great!
I hope the internet porn industry gets a hold of this and only sends me banners for porn I want to look at, no more "fat girlz here", "pregnant chicks", or "50 plus", lets not even touch the gay ads...
Note to self: No more arguing with the faithful.
I don't understand people like you. I can just as easily embed hidden form fields in all the pages I care to. Pass around UID's on urls. Cookies are simply ANOTHER way to do it. The only difference being that they remain between browser sessions when instructed. Do you use your grocery store discount card? Same thing. Do you fill out free magazine subscrition forms? Same thing. Do you fill out product registration forms? Same things. Get over it. There is nothing wrong with the use of cookies.
If you want a more comprehensive solution...check out Zero Knowledge Systems (http://www.freedom.net). It is the only way I've heard of to *completely* protect your privacy (of course it still depends on you being discreet with your personal information)
"You can't win. You can't break even. You can't quit." -A. Ginsberg
I don't worry about organizations like this being able to find out my home address, since i figured out early on that most sites will accept addresses like:
Cray Drygu
27 Sample St.
Mighton (my-town, get it?) ME, 01435.
Obviously totally made up, but they take it anyway. Places offering free services online do not need my home address, so when they require it, I just feed them something like that.
It helps, too, that I have a proxy set up to deny everything from *.doubleclick.net and every other ad-banner URL I could find. Sometimes I take it off when surfing /., but other than that, I almost never see banner ads, just these mysterious banner-ad sized blank spots...
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
Hey all, conspiracies are sexy but..
Let's just get something straight here:
yes lack of privacy sucks, but who do you think is getting this data? dclk doesn't care if you surf pr0n, dclk doesn't care if you are a lefty. dclk wants you to buy stuff, credit card companies want you to buy stuff. The motivation here is greed, not big brotherish evil. Any one of you that has money in internet stocks right now has money in the development of more privacy invading tools, sorry that's what brings in the money and that is what matters. How can dclk know that you where at a extermist site? do they run banners on extremist sites? are the cookieing you at that site? they don't advertise on pr0n sites either, so relax. Why would dclk want to sell their demographic data to your potential employer? they're gonna make a shitload more money selling it to landsend so they know you like sweaters? dclk can track you across their network only so unless you are being hired by a company that hates people who surf ivillage or any other middle of the road non-controvertial portal nonsense. Just be cool, go worry about the shitty state of american government or how much privacy you are losing in meatspace. Opt out of the cookie and surf pr0n (accidently or not)safe in the knowledge that you are safe from big brother. Doubleclick will never hurt their own position,image is king in overhyped internet stock land, they ain't gonna hurt the bottom line.
and I would like to add my vote to the group of people who say be wary keep you eye on big business to make sure their greed doesn't get out of hand, but where did all of you get your sense of entitlement from? why can you just have all the content and labor on the web without anything?
I click on a banner once and while just to even things out. I figure that my three years plus of free information and entertainment is worth that.
as a PS.
TO the guy that didn't get a drivers license because he is worried about privacy, who are you, carlos the jackal? what are you doing? do you collect pipebombs or anthrax spores? The government wants you to pay your taxes and not kill people, that's about it baby. certain people in power wish that we lived in a fascist state, but 99% of the government doesn't even want to know what you are doing. And I believe that there is often more at work than we are told by the mainstream media. I just don't want to be that paranoid.
Think what we will be able to do with the final mozilla code though:
Oh, for more coding time and less projects to work on!
This was a great article and was very informative. I wasn't aware that GIF's could be used to track us through the internet. And to think, Slashdot is one of the websites that allow them to perpetrate this crap on us. I used to think Rob and Hemos were working with us but they're really working for The Man after all.
Hates people who have stupid little sigs
I have developed a little different way to do an opt-out without relying on the company. All I do is delete all the cookies I do not want using a bat file (ie del C:\windows\cookies\username@doubleclick.* ) for IE and write a little QBASIC proggy that scans Netscapes cookies.txt and deletes all the lines that contain something I don't like.
OK, the unwanted cookies do not get removed when I'm online but everytime I reboot the unwanted ones get thrown out, forcing ad banner companies to set a new one every time.
Just thought I'd share the idea.
What we should do is all cut and paste the same data into our double-click cookie, so we all look like the same person to them.
Andrew Semprebon EQ Systems Inc.
why do people seem to think cookies are some form of spying?
...that take our cookie files and replace those cute hex digits with random numbers? Run your program once a day as a public service to privacy.
Here is a chance for "passive cracking". I change a file on my own machine and it trashes an ad company's data base. Naturally, they would try hard to identify such efforts, but it ups the cost of invading my privacy.
It is better to *keep cookies on and falsify* the information that to opt out!
We might even succeed in creating a new demographic segment: "people who screw up demographic databases for fun".
In all the articles I see on this topic, in print and on line, the main theme seems to be targeted advertising - as if this were a Bad Thing!
People, Targeted Advertising is a Good Thing! It means less meaningless crap spamgunned at you in hopes that you're one of the two percent interested in it!
NONE of the articles I've seen on this address the real problem: the potential for abuse of the data that tracks your purchases, shopping, and surfing habits. Nobody says anything about that, they just say that "advertisers will use this data to more precicely target their advertising".
I say horay for the advertisers! Now will somebody please take a look at what ELSE is going on here? At the potential for abuse, and what is actually being done to address it?
#Created10/26/99bythenon-mousecowherd.Norightsrese rved. r eview /\/g)eeep!Ihopeitworksforyou. y ourownRISC. e agewillvery. s ources,tostifle e sisleftasan n ewcookiefile} r egularly. s w ed i es.txt n g f ore
l low_cntallowed\n";
#well/.mademejumpthroughhoopstogetittoindentinp
#(:,$s/\t//gand:,$s/
#Nowarrantyexpressorimplied.Useatyourownrisk,on
#WorksformewithNetscrape4.6/perl5.00503.Yourmil
#Internetexploderusersneednotapply.
#Seewww.they.comforfurtherdisclaimers.
#
#purpose:
#useittoperiodicallycleanoutcookiesfromunwanted
#trackingefforts.Malliciouslychangingcookievalu
#exercise.BUG: Youshouldreallybeabletosetallow&denyinyour
#browser.Mozillafeature,anyone?
#
#usage:
#cookiecutter.pl[-comment][-deny]{cookiefile}>{
#-comment
#commentsoutdeniedlines,insteadofdeletingthem
#yourcookiefilewillgrowwithoutboundifyouusethis
#(yourcookiefilealreadygrowswithoutbound,butthi
#willmakeitgrowfaster)
#-deny
#denybydefault,allowonlyentriesspecificallyallo
#cookiefile
#somethingliked:\netscape\users\{username}\cook
#newcookiefile
#wherethecleanedupcookiefileshouldgo.Copythisto
#cookiefiletouse.Backingupcookiefilebeforecopyi
#newcookiefileoveritmightbeagoodidea.
#Makingitthesameascookiefileonthecommandline
#isabadideaonsomesystems.Shutdownthenetscrapebe
#youcopyit.
#Tabstopsare4
useGetopt::Long;
$lineno=0;
#Theminimalistapproach(usedonlywith-deny)
@allow=(
'(.*)(\.?)slashdot\.org'
);
#theotherway
@deny=(
'(.*)(\.?)flycast\.com',
'(.*)(\.?)doubleclick\.net',
'(.*)(\.?)usa\.hyperbanner\.net',
'(.*)(\.?)go\.com',
'(.*)(\.?)snap\.com',
);
GetOptions("comment","deny");
MAIN_LOOP:
while(){
$line=$_;
split;
if($_[0]=~/^#/){
print;
nextMAIN_LOOP;
}
if($opt_deny){
foreach(@allow){
if($_[0]=~/$_/){
$allow_cnt++;
print$line;
nextMAIN_LOOP;
}
$opt_commentandprint"#$line";
$deny_cnt++;
}
}
else{
foreach(@deny){
if($_[0]=~/$_/){
$deny_cnt++;
$opt_commentandprint"#$line";
nextMAIN_LOOP;
}
}
$allow_cnt++;
print$line;
}
$lineno++;
}
printSTDERR"$linenocookies\n$deny_cntdenied\n$a
Does anyone know offhand what the algorythm for thier id is? I'm thinking a perl script that changes the id in the cookies file with a new value. Thanks.
I also run a proxy server in which it would be possible to embed cookie filtering stuff. Is this possible in say Squid? I can't connect directly to a remote proxy from behind my firewall.
Hmmm....only problem with blocking Doubleclick cookies though is that it seems to break one's abilities to shop at at least one well-known Ecommerce site.
From the WWWAC List, as posted by a user there:
"I was having trouble putting items in my buy.com shopping cart. It kept
telling me I should check my cookies to make sure I had them enabled.
I do have them enabled.
However, in my hosts file I have the hostname ad.doubleclick.net pointing
to 127.0.0.1. (I seem to get about 30% fewer ads from this as I surf.)
Problem is, buy.com is broken when you point ad.doubleclick.net to nothingness.
I removed my block on Doubleclick and buy.com worked fine"
I must say the all-or-nothing implications of this is making me spew my coffee.
Comments? Technical solutions to this?
I do no remember signing a disclaimer with them, and I do not think that they are part of the Criminal Justice System.
Get a free ipod.
Maybe this check box will be in 5.0:
[ ] Block really embarassing cookies.
Netscape can market it as 'Porn Browser of Choice.'
On the other hand, we are all assured by one hundred percent of the mainstream news media that, despite the facts that George W. Bush is functionally illiterate, he has no meaningful positions on any major issues, he knows approximately zip about foreign policy, and all in all his sole "qualification" for the presidency is the accident of his birth, nevertheless said G.W. Bush is almost perfectly sure of winning the presidency, there's nothing anyone can do about it, and why? the main reason everybody states, is because his campaign has $37-million in cash. Now are they wrong? We'll see next fall, won't we?
Maybe sillywiz is unaffected by advertisements but it seems that the rest of us, a sizable majority of us at least, are as thoroughly hypnotized as so many automatons. Like it or dislike it, that seems to be the case.
Yours WDK - WKiernan@concentric.net
How about the web browser makes give you an option to disable cookies from certain servers, or maybe disable any connections with certain servers, or a whole bunch of server/cookie filtering that the user could play around with to make sure they aren't just another user id to some company that wants their money.
SuPz.orG
We don't really classify Football violence as a "riot" bud. Besides, the UK enjoys a really good reputation for crowd control.
Just yesterday FIFA officials said that the UK security facilities [with regard to the world cup]are the most up-to-date they have ever seen.
Bottom line is that the UK just doesn't see the football violence that it did during the late seventies.
However, actual riots that the UK has had of late
Toxteth : Race / Poverty
Brixton : Race
Newbury : Environmentalism
Trafalger Sq. : Poll Tax
Miners : Destruction of the coal industry
There is a certain rebellious culture within the UK. Maybe it all dates back to the punk/anarchist days? It's a very valid part of any society. The theory [and it's well founded] is that if you can't stick two fingers up at authority, then you are not part of a living society.
The LA race riots suprised a LOT of people in the UK
Remember kids! Guns don't kill people - Americans kill people.
Have to disagree with you about the riots. I think y'all (yup. Texan.) are still behind the Spainards. I mean (and I could be totally wrong about this), where else is there a riot every time there is a soccer (football) game? And I thought L.A. was bad :-)
censorship is a form of noise, which actively seeks to drown out content with silence - Crash Culligan
It can be configured to deny connections to any host or url you want, as well as a load of other things.
I have it running on my P133, with 56Kb dialup line, and there is very little browsing performance drop. I am normally browsing through 3 Netscape windows at a time, and some hosts are a little slow anyway.
The perl script will fork when it reaches a preset level of connections, and uses around 2.4Mb of memory for each process, so it's not small, but does the job very well.
Ocean ... Oceanic ... Oceanism ...     Schism
ocean@disinfo.net
Ocean....Oceanic....Oceanism....Schism
ERR:network is unreachabl
I was always curious if there was a way or an application that would allow you to block cookies from certain companies...
for example, when you receive a cookie from the Doubleclick network, it says "doubleclick" somewhere in the cookie. Now, I was wondering if there is someway to block cookies that contain any of the following words "doubleclick, flycast, etc"
Anyone know of an app or a way? I know you can change browser settings to ask you if you want to accept a cookie or not, but that's more of a distraction than anything else these days....
Anyone?
....that will never, ever be implemented.
1. The system finds out I never click through to an ad.
2. The system gives up trying to sell me stuff, and I never have to see a banner ever again.
3. This same system doesn't report back that I and a million other people don't click on a certain set of ads, which causes the sponsers to pull out, which causes my favorite sites to go down.
Like I said, it'll never happen.
Is this post not nifty? Sluggy Freelance. Worshi
Do you mean they are actually going to try to target me with products I might actually want to buy, rather than things I have no interest in whatsoever?
I'll start getting ads for stuff like computer hardware and stop getting ads for orthopedic underwear?!? Whatever shall I do?!?
C'mon people! Being on the right mailing lists is the key to getting *less* junk mail, because if it is an ad for something you might actually want to purchase, it *isn't junk*. And no, I don't work for any sort of marketer. I just realize that reading advertising is often the best way for me to find the best price on the items I wish to purchase.
Maybe it'll mean those morons from "the internet's safest casino" or whatever they call it will stop e-mailing me just because I elect to use a hotmail mailbox.
Don't Kill Me. Eric
Anyone know of any good SW or work-arounds?...or am I going to have to put Linux on this-here powerbook, after all.
Yeeps.
Tom ("the infamous tms") Swiss (not Swift, not Suiss, not Smith, Swiss!) earns his daily bread as a software geek. He holds an M.S. in Computer Science from the University of Maryland, College Park. (If you'd like to pay him gobs of money to develop software for you, his resume is available.) He also studies karate, writes poetry which he reads at various places in and around Baltimore, and plays guitar. He has read poetry at one time or another at open readings at Planet X, Java Heads, Funk's Democratic Coffee Spot, Minas, the Bohemian Cafe, and One World Cafe, and done featured spots at the Adler Gallery (From Our Lips series) and the Raven bookshop (Stark Raven Mad series). He has brought his eclectic acoustic music to the stages of Leadbetter's, Wyatt's, and the One World Cafe. He lives in Catonsville, a suburb on the southwest side of Baltimore. He thinks that the existence of The Simpsons, The Tick, and Babylon 5 justifies the existence of television. Tom came into the world naked, screaming, and covered in bodily fluids on the evening of January 12th, 1970, proving to his parents that the "rhythm method" is not an effective means of birth control. His full name is Thomas Mark Swiss, interesting anagrams of which include "Swish! A storm mask," and "A storm's kiss - wham!" He stands 170 cm (5 ft., 7 in.) tall and weighs about 73 kg (160 lbs.) with brown eyes and long brown hair ("And all should cry, Beware! Beware! / His flashing eyes, his floating hair! / Weave a circle round him thrice, / And close your eyes with holy dread, / For he on honeydew hath fed, / And drunk the milk of Paradise." -- "Kubla Khan", Samuel Taylor Coleridge). He's been accused of resembling Jesus, Satan, and/or Tom Cruise, and of sounding like Jim Morrison and/or Jello Biafra. His Keirsey personality type is somewhere between INTP and ENTP. His blood type is A positive. Tom firmly believes that dogs are far wiser than cats, that Bugs Bunny has the Buddha nature, and that as there are no gods it is necessary that we become them. He is a genuine and authorized pope (authorized by The House of Apostles of Eris), and a self-appointed ersatz Zen Master, pseudo High Priest, substitute Taoist Sage, apprentice Jedi Knight, and Techno-mage in training. He is either a cynical romantic or a romantic cynic, but not sure which. On the net, Tom is a member of the CyberDojo traditional karate mailing list. He maintains the Leather Alternatives Frequently Asked Questions list used by vegans all over the world. He sincerely wishes that everyone on the net would learn the difference between "your" and "you're", but doubts it will ever happen. Tom is often asked about the quotes in his .signature. (What's So Funny 'Bout) Peace, Love and Understanding? was indeed written by Nick Lowe, although it was made famous by Elvis Costello. Why is it in his .sig? Here's the story, excerpted from a USENET discussion with Barbara O'Brien (mahababs@ios.com): >: "What's so funny 'bout peace, love and understanding?" - Nick Lowe > >Most of the time people use phrases in their .sigs that have a special >meaning to them. You just repeat words cause they look nice, I guess. Hmm, so your commitment to peace, love and understanding is to advocate locking people in cages (which certainly devalues and dehumanizes them more than selling sex ever could, if the latter does at all) for consensual acts? On the off chance that anyone really cares about the significance of the quote in my .sig: A few years ago, my friend Mike and I went to a Midnight Oil concert. The last song they did (or maybe second to last) was Nick Lowe's ""What's so funny ('bout peace, love and understanding?)" (often miscredited to Elvis Costello, who recorded the best known version). It was a great show, ending with one of my favorite songs. I was pleased, and we headed back to the parking lot. On the way to the car, we came across two guys, who had obviously just come from the show, shouting and shoving at each other - a fight about to break out. Maybe they just hadn't been paying attention to that last song. I know they heard it; might even have been dancing and signing along to it. But ten minutes later, the meaning was forgotten. I couldn't help it. I yelled, "HEY! WHAT'S SO FUNNY ABOUT PEACE, LOVE, AND UNDERSTANDING?!" The crowd cheered. The pugilists payed no attention. I went over and tried to separate them. My friend Mike joined me. Somehow we broke up the fight and prevented anyone (including ourselves; the pugilists were bigger than us!) from getting hurt. That's my contribution to peace, love and understanding, Barbara. When I see someone about to be a victim of violence, I try to stop it. I try to make peace when I can. If I can't, I try to defend the innocent. I've been fortunate so far in that none of these situation have turned very violent. And if that ain't good enough for you, frankly I don't give a damn. "Born to die" comes from a series of animated shorts (about thirty seconds or a minute in length) shown on MTV around 1987 that began with the voice-over: `Stevie Washington - the angry youth. Born to die. New York's New York. The turn of the century. All crime.' His previous net.incarnations have been fantom(at)wam.umd.edu, tms(at)cs.umd.edu, tms(at)tis.com, and tswiss(at)normandev.com. His current net.avatars are tms(at)bcpl.net and tms(at)infamous.net. This page almost undoubtedly makes him sound more interesting than he really is. To assist you in identifying the suspect, some photos follow:
I know this affects only a subset of /. readers, but: those who browse on Macs can simply and surely defeat all cookie activity by replacing the "MagicCookie" file in their Netscape prefs folder with a folder of the same name.
Since the MacOS forbids replacing a folder with a file, any attempt to set cookies will transparently fail. I've had it so since Netscape 2, and doubleclick just told me I had no cookie to opt-out from!
For those unable to effect this method, what happens if you lock the cookie file?
Whatever you do will be insignificant, but it is very important that you do it. --Gandhi
Turn them on, and you pay for your personalisation with tracking.
:-)). This means I never see the GIFs in question -- does it mean I don't get the cookies? Dumb question I know, but there you are.
But this is a game of bait-and-switch. You accept a cookie from one site, once, and then your personal information becomes a commodity for evermore, accessible to anyone who's prepared to pay for it, and (in the US) you have no right to stop them. That's a usurious price to pay.
BTW, I tend to use IE(work)/Netscape(home), but always turn graphics off (I only care for text
jsm
One thing that you might want to keep in mind that DoubleClick is not collecting information in order to terrorize the population. They very simply want to track where a particular user has been in order to better target them for ads in the future. For example (assuming doubleclick was everywhere), if I were looking at a page, they would know that I visit /. and many other tech sites. That means they would have an idea that an ad for computer software would be better targeted for me than a tampon ad. Does it HURT me to at least see ads that might be of relavance? No, of course not. Of course, there is also the argument that these web ads are the only source of revenue for a lot of these web companies. If too many people start blocking these sites... they will start charging for access, and everyone loses there. If you don't like the ads, ignore them because they don't hurt you. --- "Progress is the God of the Machine"
-rt-
** Evil Canadians are taking over the world. Learn about the conspiracy
Allow cookies in Netscape. Change the cookies file permissions to read-only.
I used to do this...Unfortunately most of my browsing is now at work on IE. But this gives me another idea...Why not FOok with them a little, and make up a generic cookies file (zipped folder for Microsoft-users) that has one person's, say a fictitious one's userid in it (wouldn't that be as simple as changing the text of the cookie?) If enough people were all hitting the web at once with this could you imagine the marketing dept's greif...
"Good god that Mike Rotch fellow goes everywhere!"
mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.
Is how quickly the government will be wanting to sink it's hooks into this info! Even if it is used strictly to annoy^H^H^H^H^Hadvertise to us more effectively, I never asked for this. I never wanted it from the beginning and I just found out that simply ignoring the banners is not enough to keep from being tracked. I applaud /. for putting this up, despite their own banner ads.
As far as the advertiser-apologists who are saying that this is the only way the web exists today, I would like to point out that the links on the slashdot front-page get far more trust and clickage than any 1"x5" piece of animated fluff at top of the page.
Let your freinds know all about it with this link.
mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.
I just check my (netscape) browsers cookie settings....
And found a setting saying "Only accept cookies originating from the same server as the page being viewed".
This just might be the plug to the "GIF cookie" loophole.
Hans Voss
---
Hans Voss
---
"I have no special talents, I am just passionately curious" -- Albert Einstein
As long as you're going to try to devalue the banner ad system, I suppose you have a better model for funding of web pages? I'm not trying to be sarcastic - I've been working on a site, and am trying *very* hard to think of another convenient way to fund it - if you have one in mind, let me know, eh?
Do people have the right to gather information about you? Certainly. People do it all the time. Biographers, credit bureaus, and employers do it daily. Do people have a right to use the information gathered against you in a harmful or discriminatory way? No. And there are numerous laws in place which prevent that in most cases.
As with all computer security/privacy issues, I hold by a single rule - if I don't want it known, I don't send it over the wire. That *includes* filling out forms which have my name and address, for contests, registrations, or what have you. I just *don't do it*. Much like the companies that ask you to put your card in a fishbowl for a free lunch - what do you think they're doing with those cards? Do you think they just *want* to give you a free lunch?
You're as protected as you want to be. Is it inconvenient for you to turn off cookies, because it disables some features of your favourite sites? Well, it's either that or accept a semi-anonymous profile on you in some database. Your choice. Get over it.
I suggest we move this discussion to Cosource.com. Let people who want a solution vote by submitting a request, committing a few bucks, or making a proposal.
I would submit a request myself, but also want to make a proposal.
By "ad.doubleclick.net" do you mean "127.0.0.1"? Am I missing something, or would that be an easy way to avoid all this mess in the first place (that is, on a box where you have root)?
...is that these "Commercials" are becoming too high-tech for their own good! It's going to turn out just like in Futurama where we'll all have commercials in our dreams! =)
...
I've got to agree here. I've worked in these systems on the marketing side
a) anonymity is taken incredibly seriously - even WITH the technology available it is understood how people feel about privacy and in some cases even suggesting a system that could make partial identifications has resulted in being swiftly admonished.
b) Marketing people are trying to help. Remember, they are not technical, they feel they are performing a huge service to the end user and the advertiser by doing this.
What is more likely is that DoubleClick tracks surfing habits and generates a usage profile which demonstrate general interests (for instance, many people who visit slashdot use linux and a not inconsequential number like to eat blue m & ms). This allows DoubleClick to serve ads that are of interest to that particular group...in addition, taking that information you can create a model of an ideal target to crossreference with your named database (making the assumption that the Abacus database contains some useful information with regards to hobbies, employment etc), which can then be used for a targetted mailing campaign.
Yes, perhaps a couple of people in the mailing list surfed those sites but it was because their data profile matched.
People also seem to forget about the sheer volume of data that's there, I think its more than a little egotistical to believe that anyone is interested in YOU as a person. Yes, it may feel 'funny' because you're aware of your own capabilities with regards to using information that our computers generate, and yes, you've tracked down the odd spammer or idiot in a chat room - now multiply that information by a couple of million - the noise drowns out any individuality you may have had.
Matching names to id tags? for what purpose? Personally I dont have time to wade through information to find an anonymous person from idaho who may or may not have visited a hacking site or porn. And neither does anyone else.
Even going out on an extreme limb - ok the company isnt doing it, so the FBI order them to pull your profile?? for what?! The sites that the FBI are interested in are very unlikely to use DoubleClick as their ad server, and no, the banner companies dont cooperate so there's little chance that they can build a huge picture of everything you've done online.
I used to feel paranoid about cookies until i worked in this sector and saw that they really aren't interested in who you are, they do care about making your web experience better - that seems like weird logic but they figure you'd prefer to see banner ads about things you're interested in rather than things you're not. Unfortunately the web has to be funded by something, banners are a way for many sites to keep their information available for free.
Here in Russia a text-content banner network(russian resource) recently emerged. Yes, they deliver pieces of html into their clients' pages.
This is just to show that forbidding cookies alongside gifs is NOT a good way out of the problem. In fact any http-url can deliver a cookie with it. Remember how many tags have SRC attribute beside IMG.
I get around this by setting my browser to prompt for cookies then I just check manually if the originating domain is the same as the site I'm at. Works here at slashdot where the banner company (focalink) will occasionally try and save a cookie.
In IE you specify different security options for "trusted sites" and "restricted sites" and then you list which hosts belong to which of these "zones". All I have to do is list "*.doubleclick.net" as a restricted site and, voila, no more cookies from the doubleclick banners, but I can still get cookies from the site that displays the banner.
Sophisticated, maybe. Stealth? Nope. They're advertised in lots of places. Product placement in TV shows other than the animated Pokemon show.
The "aim it at the young people who watch TV" idea has been around since the beginning of the action figure era. Pokemon cards managed to melt together the action figure, baseball card, and card game marketing ideas. Once they reached something near critical mass, all they needed to do to get a media blitz is announce detection of counterfeit cards.
You want stealth marketing, look at Magic: the Gathering card marketing, before the recent TV commercial blitz. Comic book vendors where given a higher incentive (better pricing? I don't know) based on how many cards they managed to sell. Does anyone else know how MtG cards were marketed, prior to the TV blitz? I certainly don't remember. And, now that they've started ads on TV, I haven't (and won't) buy any more of them.
I've had both targeted ads, and untargeted ads, aimed at me for as long as I've had access to purchasing power.
Potential for abuse? It's already being abused. The company I lease my apartment from, EQR, has a banner ad pointing to a credit reporting agency, on the 'contact the landlord at the following address and phone number' page. Whether they can cross-track between the two sites or not, I don't know.
All I know is that the potential for abuse is relatively high, and that such abuse would be nearly impossible to detect without some sort of tracker trackers to watch the actions of those who track someone. "Who will watch the guards?" only becomes a meaningful question, when we actually have guards in place. In this case, a better question is probably who is watching the IETF (internet engineering task force? members include Cisco, Intel, Lucent, etc.). If the technology to reduce or prevent abuse isn't being designed in now, then perhaps there's a need for a law about it. Perhaps the need to provide some amount of personal privacy should overpower the need to provide protection from abuse. The problem then becomes, who writes the law? EPIC? EFF? IBM? CIA? NSA? average joe congressman? Few members of Congress (or other elected government officials) have as much training in electronics as I do, and I don't know the answer. How can I expect them to come up with a correct law?
This is, and always will be, a tough question. Once truly well-targeted ads start showing up, you won't even notice them.
Heh, and on the law front, most abuses on the net are already prosecutable under current law. The congressmen seem to have forgotten that, and are bent on adding new laws for us to accidentally break.
By the way, this is an advertisement, and I'm trying to get you to buy my ideas. Please vote for me in the next election.
But you lose the war the first time you have to pay a subscription to get access to
/. cost $5 or less per year, AND turned off tracking, AND turned off all banner ads, then I'd be happy to pay that subscription fee. I suspect there's more than a few here that would be willing to do so. The problem with pay-per-view, is in the amount charged, and the difficulty of collecting small sums of money. Some newspaper sites (hopefully now defunct) were charging on the order of 1 to 2 dollars a page. Their content was not worth that much. That's how much they charged for the entire printed newspaper... Face it, most content isn't worth a dollar a page.
slashdot.
You are making an unwarranted assumption here. The amount of money Slashdot is getting from advertisers may be much less than you think.
If
The difficulty in collecting small sums is that banks don't like handling the collection of (for instance) 5 cents from each of 3000 different people.
Sites survived before banner ads, and they'll continue to survive with or without them. They may not be the same, or even running on the same computers, but they will survive. Several sites are out there that have no banner ads, and make no direct revenue for the site operators. They're still there, and show no sign of going away. If the disappearance of advertising increases my costs to access the web, so be it. I'm willing to give up a little of my cash, in order to avoid the time it takes to try to ignore the blinkenlicht banners.
Ads of all sorts annoy me intensely. I would be very happy if all the advertising agencies finally admitted that ads don't work on people like me, and allowed me to avoid them. They haven't, and aren't likely to, because a few of the ads do work. (I do my best to avoid being taken in, but don't always avoid it. When I do respond positively to an ad, I regret it later.) It is much harder to get advertising taken out of a medium than it is to get it inserted.
Oh, to heck with it. I give up.
/. wouldn't be worth the $5 a year it would cost, because it would cost $50 a year to do it without advertising. That's it. I'll stick with print advertising, where the ads don't blink in my face all day while I'm reading.
Slashdot, keep the banner ads if you want. I don't care anymore. There is no use in my complaining about them, because no one will listen. Those who do listen, will decide that there's nothing they can do about it, because they need the revenue, and I've pretty much decided that
The cure for banner ads will probably be worse than the disease, as we start getting targetted infomercials (aka interstitials) between pages. There's nothing I can do about that. I don't work for a company that sells or advertises consumer products. There's no compelling reason for any corporation to listen to me, as I'm only one customer out of many.
I'm sick of Madison Avenue and all the ad agencies trying to figure out how to better make use of my money (by getting me to purchase the products advertised). There's apparently nothing I can do about it, because all these ad agencies are here to stay, and there's no possible way to make money without selling something on the web, even if it's just advertising.
I hope I'm wrong (or just manic-depressive), but there sure seems to be very little, if anything, I can do to stop advertising. Not only that, but I'm not really sure that I want to stop it.
To really confuse things, there's a perl script called "cookiepecker.pl" (no I don't remember where it is found, but www.perl.com/CPAN ought to have it somewhere.)
;-) I encourage all web administrators, owners, and users, to do the same, and stop trying to track me without my consent, or by making it impossible to use the site effectively without consenting to tracking.
This perl script will change a few bits in each cookie, whenever it's run, though it only works on cookies in the cookiefile (session-only cookies won't be affected, and cookies already loaded into netscape probably won't be affected) I think you can tell it not to change certain cookies at all, but don't quote me on that.
Unless the site has implemented ECC (error-correction codes) in their cookies, this will at least confuse the heck out of the servers, and might accidentally give you someone else's tracking number for a while.
I can see the website owners complaining about this now... "How dare you screw up my carefully set cookies? Are you some kind of evil hacker?"
I dare, because you do. I chose long ago to use my powers only for good
Slashdot is one example, in that if you want to be heard, you have to login and accept the cookie.
I understand the need to make money. I just don't understand the need to make more money by tracking every move a customer makes, just because it's possible. Possibility does not imply correctness.
In simpler words, "just because you can do something, doesn't mean you should."
I no longer use Application Service Providers, for just that reason. There's absolutely no guarantee that (if it existed) Microsoft Office for Web wouldn't store a clear copy of anything I might write on it somewhere that MS could search through it for interesting bits. MS:"But we won't search through it for interesting bits" Errr... Yeah, that makes me feel much more secure. And I won't search through Microsoft source code for interesting bits either. That doesn't mean they'll give it to me.
I'm afraid your option #3 would wreck my links page.
--
My other computer is your IIS server.
The other half of protecting your privacy is to lie, lie, LIE! Are you filling out yet another web registration form asking you needlessly intrusive questions about where you live, your email address, your family, or whatever? Make it up. Yes, I think I'll be William Jefferson Clinton today, that's president@whitehouse.gov to you peons, etc...
I figure if they're going to send me junk [e]mail, I'll give them junk data back.
--
My other computer is your IIS server.
How can my real name get linked to these storages? There are exactly two instances where I enter real information into my computer. 1. Corporate email 2. Purchase over a secure connection (although the credit card number I only give out by phone) Correct me if I'm wrong: but no browser can get anything out of my email application. (Outlook, well, you never know...) What about the secure sights which claim to keep data private? There are never any ads or gifs on the order forms; but could that data get an id on me from a cookie and attach it? feeling even more paranoid than usual...
Allow cookies in Netscape. Change the cookies file permissions to read-only. Cookies will live only as long as Netscape/whatever is running, all the shopping carts work fine. When you exit, your cookies will not survive. The next time you get a DoubleClick ad your record is clean and the system gives you a new id since it thinks you are a new user. This will not only prevent them from logging you, it will also make their database explode... problem solved
Idempotent operation: Like MS software, wether you run it once or often, that doesn't make it any better.