Slashdot Mirror
FTC Petitioned on Data Profiling
Mephistopholies sent /. a link to an AP article about this Washington hearing, but I prefer the more complete NY Times story about it. The Federal Trade Commission is being asked to examine web profiling and tracking technology as used by the likes of Doubleclick to track users across multiple sites. The article also notes that it is likely some sort of bill to facilitate taking away individuals' domain names (you may have heard this spun as an "anti-cybersquatting" bill) will pass this year.
A side note: slashdot readers who like YRO stories should realize that we will posting an increasing number of them in the YRO section only - they won't ever appear on the main page of slashdot.org, but will be accessible via the Sections link on the left side of the page, and there's a YRO slashbox now, too, so you can see the headlines for YRO on the home page if you so desire (and are minimally competent at setting your user preferences).
Whats up with the colors?
/. a redesign isn't needed
Not that
Maybe it's just the lack of coffee but what does YRO mean?
Free speech. Free press. Power to the people!
squid.conf :
[...]
acl dclick dstdomain doubleclick.net
[...]
http_access deny dclick
[...]
Repeat for every annoying ad server...
the anonymizer "snoop" is here in case ppl are interested. It doesn't come close to showing all that doubleclick and friends know about you.
(notext)
And if the account gets nuked, create another and post it again. Maybe the NYT will eventually figure out that exactly one anon acct is easier to disregard for their marketing statistics than to deal with boatloads of bogus accounts continually created and publically posted by people who don't wanna be branded and tracked like Jews in a concentration camp.
This is why webmasters should quit doing it without asking. Maybe we need the courts to bust a few heads before advertisers Get It(tm).
To continue the analogy, imagine that the Bubblekick reps in each store watched you come in and wrote down some little identifier (say, your license plate). Each Bubblekick rep would have correlation of which stores you visit and what you look at in each one.
Fool. They sell your personal information to marketers. Phone #, address, and so on. Yer a tool.
=======================
! #LinuxwareZ !
! Lynchin' MS Niggers !
! Since 1997 !
=======================
Do you own the CO2 you've exhaled from your lungs and let wandering around the atmosphere? Do you own the photons that you have bounced off your body and sent flying every which way? Of course you don't. And this browser-tracking practice is the exact same thing. As you browse the web, you bleed information and leave it for anyone to pick up. Telling these companies "You can't do that!" is shirking the responsibility you have to use your computer responsibly. It is possible to use your computer such that you do not leave information in the browser-tracking databases. Not knowing how is no defense, any more than not knowing how to drive a car is a defense when you've rammed it into your neighbor's minivan. Either learn what you're doing and behave responsibly, or admit you don't know what you're doing and take your chances, or just stay off the network. The choice is entirely yours; don't blame it on the web trackers.
Furthermore, restricting the web-tracking practices of these companies would be equivalent to restricting the kinds of information that can be conveyed through the internet. Do you want freedom of speech, or do you want the illusion of privacy? Freedom does not guarantee you security, be it in the "real world" or on the internet, and I'd really really appreciate it if you didn't help erode my personal liberties by dictating what I can or cannot say, or what I can or cannot do with information that clueless people leave lying around for anyone to pick up.
-- Guges --
Think James Bond - SMERSH or Smert' Spionam was Russian for "Death to Spies"
--
Do whales have krillfiles ?
As much as most /.'ers like for the net to be free from government regulation, I think the time for that is soon coming to an end. It seems to me that the net could be free from regulation only so long as nothing of any importance passed on it. Now that more and more business is being done on the net, and it is being filled with children and little old ladies rather than college students, I don't think that is tenable. A wonderful example of how this is the case is the whole cyber-squatting issue.
/very/ pregnant. In nine months, you are going to have a child unless drastic measures are taken. It is as inevitable as a stone rolling downhill.
The assumption of many in the net community is that having a little bit of government, a little bit of restraint, a little bit of regulation is like being "a little bit pregnant". I don't think this is true. You see, the irony in the phrase "a little bit pregnant" arises from the inevitability of pregnancy. Once you are "a little bit" pregnant, you will soon be
I don't think that regulation is like this. In fact, there is ample empirical evidence that it is not. Consider the meat-packing industry. For almost 100 years, it has been subject to federal and state regulation. Yet today, it is far from dominated by the federal government. You could argue that the regulation has been ineffectual: tyrranical it is not. Regulation has not grown to the extremes of communist control of industry that were predicted.
I guess that's my only point: many on the net are so afraid of the government that they fail to recognize the positive work that government can do. Like the meat industry in the 1890's, we are so afraid that the government will "take over" that we don't mind letting a few kids die of e. coli poisoning.
I wonder if, like the meat industry, we aren't really motivated by short term profit at any cost? Our privacy, our dignity as humans, anything for money.
I have never ever heard of one case of misuse of collected consumer information. Ad companies could care less about that, that's like selling porno to kids, it's not ethical AND there's no money in it. The only people interested in gathering information about you for sinister reasons is the NSA and the FBI.
It's ridiculous that people are worried about this. Ooooh they are going to know that you buy 19th century british history books at amazon or that you've looked up asian sports bras on yahoo. Big deal! If I were going to be worried about ANYTHING I would worry about whether my web-based email service is snooping around in my online email. Now that's a serious privacy threat but nobody seems to worry about that one. It's just those dirty advertising companies who know what banner ads you've seen.
What is the WORST thing that can happen if a web site tracks your movements? They show you banner ads that are more to your liking? Oh NO, The sky is falling! They offer you discounts on products they think you might like. OH NO! Why are people so freaked out about this?
...they are tracking you surfing habits and spending habits, if you buy things. They are going to send you banners based on these surfing and spending habits. Now that's not so great, but this has nothing to do with pr0n or mp3's or warez or whatever.
/.er in a previous conversation found a 1x1 pixel gif on the FED-EX site that was trying to implant a doubleclick cookie. I don't know what the fact that I ship things has to do anything with what my spending habits are, and I don't care. As far as I'm concerned it's not their business. And I'm sure Fedex isn't the only place out there doing this.
This has to do with any site that runs doubleclick ad-banners, and some that don't. A
If you are a lynx only guy then I'm sorry I don't really know what to tell you. I like the pretty pictures I guess.
I would say that there isn't much difference, as Lynx handles cookies like any other browser.
Get junkbuster and make all your freinds get it too. Let the companies figure it out for themselves. Of course there are always plenty of sheep tucked away in Doubleclicks databases.
Posted by NJViking:
Does the cypherpunks/cypherpunks login still work at NY Times? IIRC, last time I tried getting in, it didn't work, so perhaps NYT has removed that.
-= NJV =-
Posted by NJViking:
Junkbuster can stop web redirectors from tracking where you've been. I think more and more people should be running this type of software in order to avoid being tracked by direct marketers.
-= NJV =-
In regards to the anti-squatting bill (man, everybody hates campers), whereas I agree with it in general, I'm offended that it was tacked onto the ass end of a completely unrelated bill.
Riders should be outlawed, pure and simple. More "evil" legislation has been tacked onto the end of popular bills that we now have a huge number of laws that never would have gone into effect if they had been on their own.
Okay, I'm done ranting now.
Boobies never hurt anyone. - Sherry Glaser.
However, I don't want companies looking around at my web browsing patterns... why? It's none of their god damned bussiness how, when, why or where I browse the web.
My comment about pr0n was not so indicative, my bad. When I talked of pr0n, it was as an example - I'm with you with your point. It's difficult though isn't it - you go into a shop - is it the business of that shop to find out what you buy? Is it their business which route you take around it? Is it their business if they can change their shop by looking at how people go around shops in general?
Maybe you'd like their shop more if they did look and acted upon it.
I'm with you though. I'd like to be able to look at sites without doubleclick knowing about them. I'd like legislation to make it impossible for them to join these usage databases with user registration details. Why? I'm not entirely sure. I'm not sure whether I care so much about what is 'my business', I just don't like it, and that should be enough. It looks like it will be, with possible legislation. But from the companies' point of view, they want to see how they can gear their site towards you more, so they can get more money from you. They don't see that as so bad. But it looks like we might win to an extent. Hopefully!
thenerd.
The camels are coming.
The camels are coming. I'm in love.
I've just come away from giving a presentation about web tracking.
It's difficult to weigh up the benefits and disadvantages for the companies and the users - on the one hand companies can really improve their site (layout, usability, quality of information) based on that information. Being able to track people across multiple sites will be enable companies to really cater for those that are coming to their site.
However, users, understandably, don't want every move of theirs tracked - presumably with the worry that they will in the end, be held accountable for that time they typed in www.pr0n4u.com.
Balancing the wants of the company and of the individual is always difficult. In the end, is the individual willing to pay the price of less privacy for a 'better' (i.e. targetted to get the most visits/$$'s from you) browsing experience? Without these measures are unscrupulous people going to join your browsing records with your browsing information?
This area is going to get very complex, legislative-wise, with products such as Novell's DigitalMe campaign to store user profiles 'for your convenience'. This is put forward as a great enabler, but in fact mostly, it is an enabler for companies to get information about you, or aggregate information about you and others, and helps you very little.
With the introduction of the W3C's P3P platform, it will be easier for users to keep track of where their personal details are going, but this kind of collaborative tracking really is a bit difficult. Obviously, DoubleClick will have a privacy policy. When they change it in the case of legislation, will they chuck away your data?
thenerd
The camels are coming.
The camels are coming. I'm in love.
On the last "Geeks in Space" page, someone asked about the colors, and I hazarded a guess that it was to distinguish the different Slashdot "sections".
I also commented that black was not a good color to use, and I suggested orange, like "#bb4400". I was joking! I thought they should change it, but I didn't actually mean for them to use orange! Now I see this page in an orange/brown "#663300", which is pretty close to what I said. Actually, it turns out that "#bb4400" is not a "web color", the closest one looks worse, and "#663300" is the next one down, according to Apple's HTML color picker. If this is my fault, I'm sorry.
Actually, on second thought, it doesn't look so bad. I even kind of like it, and I definitely think color-coding the sections like this is a good idea. However, I see that the "Geeks in Space" section is still in black, and the Slashdot logo images are still in the standard "#006666" Slashdot green. Especially here in YRO, I think the logos should be changed to match, since the brown and green look kind of painful together.
David Gould
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
This may be out of character in light of my posting history on the subject of Slashdot registration (which, relevantly enough, you can look up if interested), but I don't mind Slashdot's posting-history. I figure everything I say on Slashdot is completely public; if I didn't want people to know what I think, I wouldn't post it in a public forum, or at least not under my own name. The users.pl page just collects all the comments into a handy location, which I find very useful for keeping track of replies to my comments, etc. I just wish it went further back, keeping links into the archived stories. If someone wants to keep track of what I say, he could just as well do it by scanning all the stories for my name.
The reason I don't mind this is that it is not required. I choose to post under my real name because I consider what I say here to be public, and I choose what to say with that in mind. If I wanted to say something that I didn't want my name attached to, I'd post it anonymously (and, being paranoid, I'd probably log out and zap my cookie instead of just using this little "Post Anonymously" checkbox).
I believe it's very important for people to be able to post anonymously if they so choose, for, among other, the same reasons that concern you, but I don't insist on doing so myself. I also am very much against the discrimination that people get when they do so: defaulting to a lower score is arguable, but insulting them by labelling them as "cowards" is unnecessarily confrontational and much of the hostility that is directed toward them is unwarranted -- a lot of people seem to think "anonymous posts" and "bad posts" are the same thing, when I see only (at best) a weak correlation.
I am definitely bothered by the "to serve you better, we track you" thing that so many sites do, especially when they don't offer any special services that inherently depend on tracking, but just collect the data, presumably to improve their own operations through some sort of decision-support database, or else to sell it to other marketers. In the first case, that information is mine, dammit, and if they ask nicely, I might be willing to sell it to them, but they can't have it for free. Improving the overall quality of service that they can offer does not count as paying me. The second case is even worse -- they have no right to do that without my permission, which they will never get.
About the NYT registration thing, I just never read any story of theirs, as a matter of policy, because the privilege of reading a story (and looking at an ad banner) is not something for which I'm willing to sell my information. I used "cypherpunks/cypherpunks" a couple of times (way back), but then I decided that I don't like that. I'm just not interested enough in anything they have to say to register, or to resort to trickery, which would be supporting them with the ad banner anyway.
As for Slashdot posting links to the NYT, I don't have a problem with that -- people who don't mind it can use it, and people who feel as I do can decline to do so. There's no need for Slashdot to boycott them, even if some of us decide to do so. What I don't like is when it's the only link given for a story. I guess, sometimes at least, it's the only one available, but it's better when another link can be provided, like this time. Before long, someone usually finds the same story on another site and posts the link in a comment, anyway.
David Gould
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
Yes, you can install ipchains on your Linux box if you are using kernel 2.2.x. If you using 2.0.x then you need ipfwadm and if you are using 2.3.x you need netfilter/iptables.
Please don't post whining complaints when you could be out searching for an actual link -*gasp*- all by yourself.
I don't agree with the "popular names" clause, as I stated before. However, from your description it doesn't sound like the Newton situation would fall under the new law anyway. I'm not familiar with the background on this, but it sounds like newton.com wasn't held by Mr. Newton solely to squeeze a lot of money out of Apple computer. This case sounds like the same old "big corp. unleashes lawyers and dollars to grab by intimidation what they can't take by law" story. See veronica.org, ajax.org, etc. If newton.com wasn't a business with interests in the same arena as the trademark holder, then it should have been safe from Apple's actions.
Of course things didn't work out that way. But the course of events in the newton.com situation would not have been altered by the proposed cyber-squatting bill. The real problems were:
I'll be the first person to agree with you that the current legal situation involving domain name disputes favors big business considerably at the expense of the individual domain owner. I just want to see the real issues are being addressed, rather than the usual /. railing against everything the government does. Removing the popular names clause and adding some protection for the individual domain owner (loser pays legal costs in trademark disputes?) would be a welcome addition to this bill, but I don't see how prohibitions specifically against "cybersquatting with intent to resell to the registered trademark owner" can be used to take away an individual's personal domain, like newton.com, veronica.org, or ajax.org.
Your right to not believe: Americans United for Separation of Church and
Please don't post NY Times articles when you know of another one, because some of us object to registration!
Does anyone have a pointer to another article, please?
11.0010010000111111011010101000100010000101101000
The first and only piece of commercial software I have purchased since 1992 was Intermute... http://www.intermute.com
Its similar to Junkbuster, but is java based, easier to configure, and works on NT as well.
--Mark
Here are a few:
194.237.107.11 (no,se,dk,es)
193.128.61.168 (uk)
195.154.216.201 (fr)
212.172.60.10 (de)
210.150.23.240 (jp)
How do I use IP chains, is this a program I can install on my Linux box?
-- Tov Are Jacobsen
However, there are a lot of bogus ads out there. For example, there is an ad cycling though /. for a vendor "giving away" an alpha linux system. Yet when you click to their site, no mention of it anywhere. Then there are ads like the incredably annoying "Punch the Monkey". There are a couple of sites which regularly have this ad running (Infoseek being one of them) which I no longer visit... at all.
The end result of all this? I've been using WRQ's AtGuard so I don't have to deal with ads, and in theory the privacy involving refers and cookies from sites which I don't want to give cookies to. Of course this doesn't help me on all systems I have access to, but it keeps a lid on my primary systems.
Does this harm the revenue stream to sites that I wish to support because I no longer click through? Probably. How much? Who knows. Do I like the added privacy protection? Definately!
Dunno if you're still reading this, but I caught your sig. What's that supposed to be and should it be in Cyrillic?
--The Curious Russian Enthusiast
Blah I can't get my sig to work, it won't fit.
I recently worked for a large retailer who also did a lot of catalog business, and they did (and certainly still do) quite a bit to collect info on their customers. I just figured I'd throw out some of the whys so that people could see it from their point of view. This isn't about anything online, but I'm sure that the same rules apply.
They send out a huge number of catalogs every year, and those catalogs cost them a fair amount to produce. At least $1 a pop. So obviously it is in their best interest to only send catalogs to those who actually want them. And in a very real sense, if they were able to do this perfectly, it would be good for the consumer as well. No one would be bothered with junk mail they didn't want. In theory, it would be a win-win situation.
But to go about this requires collecting a lot of data, some of it that would bother a privacy expert, and likely even a normal customer. For example, they want to track whether or not you go to the store after receiving a catalog. This tells them that, even though you didn't order through the catalog, it still brought you to the store and therefore wasn't a wasted mailing. Of course, to do this, they have to somehow get your address when you buy from the store.
I was in the unfortunate position of doing some of the programming at the front end, and it bothered me because we quite literally were doing things behind our customer's backs. For instance, store personel would ask for a customer's zip-code "for marketting purposes". Now, I'm sure nearly everyone thinks this is for some sort of demographic info. It is not. Instead, they take the zip code, and your name, and use the combination to figure out your entire address. In other words, they say, "Aha, this credit card number belongs to the John Smith at zipcode 12345. Since there is only one, this means that he's the one that lives at 555, mockingbird lane. let's send him a catalog".
We used check readers for similar purposes. Customers assume that their checks are being authorized. They are not. Instead, the bank account number is captured, and then sent to a nice little service that returns a name and address when given a bank account number.
But again, this is all just to figure out who to send catalogs to. Which creates an interesting situation. The company ends up with all this data on you, your name, credit card number, bank account. Data that I'm sure makes everyone here a little (or a lot) queasy to see in someone's hands. Yet it isn't captured for any real nefarious purpose. It is, at least in theory, captured to help you, at least from the company's point of view.
This is why companies can act so schizophrenic about privacy. They truly do what they do to help "serve you better". Unfortunately, the end result is not necessarily in your best interest.
I completely understand the whole situation at "Real". I'm sure that the people who invaded the privacy of all of their users truly believed that they were doing what they were doing to help serve their customers better. That is what makes the corporate invasion of privacy so insidious. The people who do it don't think they are doing anything to hurt anyone. And they really aren't, in their own little world. But the net effect of a thousand companies "better serving" their customers is a complete and utter destruction of any notion of privacy.
The cake is a pie
(Drat, page won't reload right now - can't see if this has been posted already. I hate being redundant.)
--
Advertisers: If you attach cookies to your banner ads,
Time is Nature's way of keeping everything from happening at once... the bitch.
Want to guess where newton.com points to now? Click on it and weep. Note, this is *after* the demise of the Newton.
The "trademarks and popular names" clause is just going to mean that small businesses, who do not have the exposure to justify going to the PTO to register names, are going to be shoved out of cyberspace by the big guys. And that's just wrong. This cybersquatting bill needs to have a safe-harbor clause for "natives" like Newton, and hefty statutory damages for name-grabs like Apple's. Without that, it should be scrapped.
--
Advertisers: If you attach cookies to your banner ads,
Time is Nature's way of keeping everything from happening at once... the bitch.
I found this on the Wired News site - gives some more information on the subject: Your Rights Online: FTC Petitioned on Data Profiling
This got me thinking about just blocking anything from doubleclick. Here's my ipchains-save:
-A output -s 0.0.0.0/0.0.0.0 -d 208.211.225.89/255.255.255.255 -j REJECT
-A output -s 0.0.0.0/0.0.0.0 -d 199.95.207.0/255.255.255.0 -j REJECT
-A output -s 0.0.0.0/0.0.0.0 -d 199.95.208.0/255.255.255.0 -j REJECT
-A output -s 0.0.0.0/0.0.0.0 -d 204.253.104.80/255.255.255.255 -j REJECT
Use 'em, abuse 'em, let me know if there's more IPs.
ipchains-restore (file with above text)
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
P3P is a great idea, and I'm all in favour of it.
OTOH, P3P is not a solution to this type of tracking, nor will it ever be. What P3P does is usually misunderstood, even by the nerderati, so please let me point out something significant.
P3P is a protocol for a site to tell a browser what the privacy policy of the site is. Note the direction the information flows in -- only one way. There's no scope in P3P for your browser to be configured to suppress privacy information, nor for it to request a site to not log particular information. The best a full P3P implementation could achieve, even assuming full and honest cooperation of the site operator, is for it to connect to a site and then disable access to the pages with a "Lets not go there" message.
I might still wish to shop at Badgers 'R Us, even though they have a loathsome default logging policy, but only providing they want my business enough to turn logs off on request. Click trails are very low value individually - sites can't afford to lose real trade in favour of them, so we do have the economic advantage here.
P3P can only tell me not to go in, it can't allow me to still shop there without leaving the log trail behind. What we need is a negotiated mechanism for a privacy / logging compromise -- if somewhere like Skylighter (a pyrotechnics vendor) wants to bar users from the shop unless there's reasonable logging in effect, then that's fair and reasonable. OTOH, if World Of Fish request logs, then my browser should tell them to get stuffed and they should either accept this, or lose my business to Piece O' Pike a few blocks down.
A major failing of the UK DPA (Data Protection Act) is that it's too much like P3P. It's good at telling you who has your data, but it's bad at controlling them getting it in the first place. You can't re-bottle the genie.
There's nothing wrong with posting a link to NY Times just 'cause you don't like 'em dumb ass. Slashdot doesn't exist to serve you exclusively.
Right, insults will work.
;-)
Seriously, why is it a bad thing for someone to mention that they don't like the NY Times registration requirements? Especially on a Your-rights-online posting involving profiling based on computer-based tracking? When you register for the NYT, you allow tracking, whether or not you agree with it.
This is another case of "to serve you better, we track you". Whether it's good or bad, legal or illegal, I still don't want them to do it.
In fact, I'm not even in favor of Slashdot's registration requirements. I was in the midst of doing a book review for slashdot when they implemented the "track what person 'X' has said for the past few weeks" feature, and stopped doing the review. A lot of what Slashdot does to serve me better, removes some of the privacy I might otherwise have had.
Welcome to the brave new world
Isn't it lovely when the goverment actually works in accordance with the constitution rather than against it.
"I have never ever heard of one case of misuse of collected consumer information. Ad companies could care less about that, that's like selling porno to kids, it's not ethical AND there's no money in it." There are several companies whose sole business is to sell addresses and phone numbers of consumers. How far do you have to stretch your imagination to see the worth of a list of people with a known interest. The concern here, I think is that this data is indeed valuable, and *WILL* be sold. There are benign uses like selling this data to companies who will be nice and give you discounts, but there are also malignant uses like selling this information to private investigation services or to companies or organizations with questionable agendas.