RealNetworks asserts that this data isn't being stored. The likely scenario is that they're taking the information, finding the genres associated with it, and storing aggregate information about those genres in an attempt to find your approximate music interest. This is still quite useful information, but suddenly RealNetworks doesn't look so evil, so the people that read these YRO pieces are less likely to mention it.
I can't think of any reason they'd be interested in storing all of the artists and songs you listen to. Do you have any idea how large a database would need to be to store this information? Aggregate trends, however, can be represented with a few small numbers and fits RealNetwork's likely needs perfectly.
Now, again, I'm not defending RealNetwork's practices here, but I feel I do need to step in since so many people like you keep spreading this misinformation.
What a legal tightrope - we're not storing your info for very long. Yeah, not storing my personal info, but I'm sure you're saving the results of what CD's are listened to, how often, and whom by just getting rid of my GUID and replacing it with a demographic.
A more likely scenario is that they're storing information in an aggregate fashion, perhaps numerical values corresponding to the music genres you tend to like.
I can think of zero reason whatsoever that they would actually be interested in the actual titles and artists you listen to. It does make sense for them to want to know what *types* of music you listen to, which can be pretty easily gleamed from data like bands/albums that doesn't require it to be stored.
if you do not want them to do it, you do not register on their site. real networks chose to HIDE the fact that they are collectitng this information from users of their software.
No, they chose not to DISCLOSE the information to the public. There's a difference between not mentioning something and deliberately trying to keep it a secret. Let's not jump the gun here.
I'm not trying to defend RealNetworks here, as I disagree with what they're doing, but I'm getting kind of annoyed at everyone's assertions that they're doing this maliciously. Let's wait until we hear a few more *unbiased* takes at the situation before we start spreading misinformation about their intentions.
This is from a company who spewed ads from their servers and is so far still on the MAPS RBL for doing it.
Do you have more information on this? RealNetworks actively spams people unsolicitedly? What IP blocks are listed under the MAPS RBL? I've never received unsolicited e-mail from RealNetworks (but then I've never checked the checkbox that indicates my desire to have this happen, either)...
I realize RealNetworks puts ads out on their various pieces of software, which is perfectly fine (that's the price to pay for free software), and as far as I know, the RBL deals only with spamming-related issues.
Do you have more information (like, say, proof) of these allegations?
They may "analyze" it on-the-fly and just modify aggregate statistics about your listening habits. If you regularly listen to rock music, they may have a "likes_rock_music" statistic that goes up as you listen to more rock, etc.
but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....
Everyone is making the dangerous assumption here that RealNetworks is *combining* this information for their evil spying practices. Most all major products I download from the Internet ask me for my name, and bits of other information. Most (if not all) give me the option to decline sending this information in.
SEPARATELY, RealNetworks is allegedly collecting information about your listening habits (tied to a userID not necessarily tied to your contact information). I'm not going to try and defend this, since I lack information one way or the other, but it seems like a great many of you are just assuming that RealNetworks uses this information together somehow.
Further extending the music store analogy, let's say you get one of those FrequentListener discount cards there. You give them your name, address, phone number, etc., and shop there every week or so. Now, the clerks know you by face, but that does NOT mean remotely that they automatically know your name and are linking every purchase in their head with your address and phone number. Yes, they collect the information, but that doesn't mean they're using it together.
Again, I'm not trying to defend RealNetworks here, but I do think many of you are taking this to an unfair level...
There is a difference between failing to mention something and keeping something a secret. Unfortunately, most privacy activists fail to realize this difference, and so it becomes the custom to assume that whenever somebody fails to mention something, it automatically means they are attempting to keep it a secret.
I'm not saying this isn't the case here, but it just seems like everyone reads the headlines and immediately jumps on the anti-RealNetworks bandwagon without really doing much investigation on their own...
Because if you are in a hurry when you install a software, or are simply not interested in all the bells and whistles, you usually skip the READMEs and trust the (Net)Etiquette of the software you use.
If this is truly the case, then you have absolutely no right to complain. A company can only go so far in giving the user options. NATURALLY, they will have 'yes' automatically selected. If you breeze through the installation, it's your own fault for not paying attention, and it would have made absolutely no difference if Real had omitted the checkbox entirely from its program's installation.
It's not like this is an obscure option. It's pretty plainly visible in the installation wizard. They're not trying to hide the option from you, and I don't feel they're being evil in the slightest by defaulting it to 'yes'.
And before you folks start going off about how all laywers are inherently evil (as some have already started doing), consider the possibility that it's our laws and judicial system that's at fault here. There will always be laywers stepping up when another one backs down due to his own ethics.
Face it: Americans like being able to blame somebody. They like the security lawsuits give them. They know that if they do something pretty stupid, they usually have the ability to save face and sue somebody else. It's this mentality that has made our judicial system what it is today...
Go inside an ISP some time and see how difficult it is to simply keep core services on-line 24x7.
I worked for 2 years at an ISP developing a tremendous amount of back-end software for our engineers and administrators. I do know what I'm talking about. I don't know where you get your information, but there wasn't much in the way of difficulty keeping our core services up 24/7. There was an occasional downed link or a hard drive failure, but we were most certainly not putting out fires 24/7.
I could, in 10 minutes, write something up in Perl that would interface with a RADIUS database and monitor network traffic, compiling a list of web sites visited by each user and recording the data. This wouldn't even be taking advantage of the lower-level packet tracing features available in every terminal server OS I've seen, which would probably make the task tons easier.
The last thing any ISP wants to deal with is some packet level logging on all the traffic, and the horrendous data-mining task of putting those logs back together again afterwards.
Is there really that much difference between this and intercepting cookies via a proxy server? You still have to go through the work of putting things back together in order to associate that cookie with the user dialed up.
No, gleaning data from cookies is efficient, that's why they were invented. Gleaning data from raw IP-level logs is mind-numbingly hard work, and that's before you start dealing with DHCP and proxying on the client-side of the ISP (not uncommon for small businesses).
Maybe you just don't have any practical experience with real world companies doing this sort of thing. I could make this association with a single database lookup at my previous ISP, and my current employer (which uses DHCP) goes so far as to use dynamic DNS to use my username as part of my hostname for the IP my workstation receives. Again, pretty trivial to use this information.
It's not easy, is it ?
Maybe we're just thinking of two different approaches to the problem, but my argument still stands. Internet providers don't set up proxy servers so they can spy on their customers and sell the data to marketers. If you don't believe me, call your ISP and ask them. If you seem to think they're lying (what would they stand to gain by lying?), maybe you should find an ISP you can trust, or at least set up a secure, encrypted tunnel to someone you do trust and do all of your web browsing through it.
I really think it's funny that people actually believe ISP's do this sort of thing. You must get headaches a lot worrying about these things.
The disconcerting thing is, that's about to change... DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website...
This is what I was objecting to. Your name doesn't help DoubleClick target banner ads in the least. In order for your name to be useful, the database would have to be parceled out and sold to other marketers (postal ones, as your name is pretty much useless in an online world, whereas your address could be used to send junk mail), which wasn't mentioned in the article itself, but you seem to be bringing up now. This is fine.
Secondly, this information is NOT as valuable to marketers as you seem to think. Say DoubleClick puts out 100 ads. Say 90 of those have cookies enabled. Say 60 of those are from a home PC or a person's personal workstation (as opposed to a computer lab or public workstation). Say 20 of those browse the web regularly enough for DoubleClick to have a halfway decent profile to allow for targeted advertising. Now, say I'm a company that sells computers. Looking at DoubleClick's master list of targets, I discover that about 1 in 20 people in their database would definitely be interested in purchasing a new computer. We are now down to 1% of the original list (with 80% of the list marked as "unknown").
These profiles are also only one end of the preference range. Just because a person visits bicycling sites and not computer sites doesn't mean he's only interested in bicycling and isn't interested in purchasing computers. The profiles just offer *suggestions* and do nothing to indicate what the person *doesn't* like, which would be necessary if one is going to spend any money mailing out ads.
If I were trying to sell computers, I'd probably stick with the anonymous list I have (or purchase a cheaper anonymous list), because I *certainly* wouldn't limit my options to the small portion of users that happen to have built up profiles.
The cost of this list would likely far outweigh the costs involved in ignoring it. I won't argue that there is value in a postal list that also contains a person's likes/dislikes, but do you really think these lists don't already exist? When you buy a magazine, your name is circulated around a bunch of other similar magazines. This is exactly another form of "targeted advertising", which is all this list of people and their browsing preferences would be, is a way to target postal ads just like online ones.
In any event, we were talking about proxy servers here. As I mentioned in another comment, your ISP currently has the ability to log and track every single Internet packet sent to/from your PC. With most terminal servers, it's pretty trivial, and there are no laws that I know of that prohibit it. Should we ban ISP's now? The reason ISP's don't do this kind of thing is because they realize that a customer's trust is valuable if they want to keep your business. If an ISP started selling your personal information even WITHOUT included bits about your browsing habits, this would be quickly discovered and their business would dry up. This is not good business sense.
The point is, your ISP wouldn't *have* to go through a proxy server if they wanted to collect this information. They could do so much more efficiently just by monitoring your connection itself and record the hostnames you visit. THEY DON'T DO THIS. Any of it. If you really truly believe your ISP is evil and wishes to violate your privacy and sell all sorts of sordid details about your browsing behavior, perhaps it's time you found another ISP.
I get ads about the eastern seaboard too. And the western.
If I were a marketing company like DoubleClick, and I wanted to try and target some banner ads by relatively specific geographic regions, I would probably try and find out which ISP's are in that region and serve up my banner ads based on what *hostname* (or domain) the browser was coming from. This is the only way you can get geographic data (if at all) from an Internet host.
It's not possible to find a person's geographic location by observing the delays in Internet packets. If you don't believe me, call up your local university's computer science department, or your ISP, or *somebody* that has even half a clue about how IP networks work and ask them.
ISP's can (technologically) very easily monitor and log every Internet packet being sent from or received by your computer. As far as I know, there are no laws preventing this.
Does this mean we should ban ISP's? Of course not. You trust that your ISP will behave in an ethical manner regarding how you use your Internet connection. Your ISP understands that keeping your trust is essential to keep your business.
The point is, if your ISP really wanted to start logging and selling data regarding your browsing habits, they have the technology to do it in a manner much more efficient than by gleaming the data from proxy servers and cookies.
wants to figure out which special banner ad promotion will attract the most buyers
That's why they give different URL's to each banner. Banner 1 goes to/promotion/1 which records this information and redirects them to the main page. Banner 2 goes to/promotion/2, etc. This is how *I* do it, and I imagine for accounting purposes, this is already being done for just about everyone anyways, since they have to have some way of recording where the click-through came from, it's a trivial matter to make a minor change depending on the nature of the ad itself...
As far as seeing which ad creates which sales, it's an equally trivial matter to set a cookie on the shopping site itself when the user arrives, and check the value of this cookie when they make their purchase.
What I'm trying to say is that there are pretty easy, existing ways to do what you're describing that don't require any sort of evil collaboration between companies like you suggest.
The marketing company couldn't care a bit what your name is. It doesn't help them target their advertising to you. It's not in their best interests to collect this information, if nothing else than the TREMENDOUS negative PR attention this would earn them.
I'm not following..? Who said anything about privacy being redundant? I said your ISP could care less what your browsing habits are, just like marketers could care less what your name is. I don't see what you're commenting about..?
To illustrate the difference between these two cookie settings in Netscape...
From the Netscape help text on this feature:
Select
Accept only cookies that get sent back to the originating server to disable the transmission of cookie information to servers other than the server that originally transmitted the page.
I thought it was for something else, so yes, this is an excellent way to eliminate any potential privacy issues with 3rd party cookies.
No offense, but you obviously have no concept of how the Internet works. It's not possible to determine anything REMOTELY geographical (except perhaps "on our continent" and "on another continent") by examining network "distance" (packet times).
I can't explain why you saw what you saw (I don't even know what port 8 is for, if anything), but I can tell you for certain that it has nothing to do with them trying to track down your geographic location.
They can't. Everyone suggesting this is especially paranoid today. A company would have to explicitely volunteer this data to the companies doing the tracking.
Besides, even if they did, what in the way of marketing information would the banner ad companies get out of it? How would having your name help them target banner ads more effectively? I don't get it..
(1) I disagree. They've made posting on Slashdot a breeze, purchasing things from Amazon a "One-Click" (tm) process and generally have made my browsing experience quite nice. (2) Have fun. (3) I will. I do. I doubt they've really noticed your refuals to shop with them, personally. (4) Neither am I. Probably more-so.
The 'domain' property of a cookie was actually well thought-out and designed so that what you describe couldn't normally happen. The domain setting must be at a minimum a 2nd-level domain (i.e. must contain a nested dot; e.g. ".co.uk" *would* be valid under this rule, while ".org" would not). IN ADDITION, the domain must not be *below* the hostname sending the cookie (i.e. the remainder of the hostname must not contain nested dots).
Valid hostnames and cookie domains:
www.example.com.example.com
www.sub.example.com.sub.example.com
www.example.co.uk.example.co.uk
Invalid:
www.example.com.com
www.sub.example.com.example.com
www.example.co.uk.co.uk
Section 7 of the spec outlines quite a few privacy issues known at the time and methods browsers can work around them. User agents themselves are perfectly free to set additional constraints.
Because it's not worth it. The time it takes them to sit down and draft an e-mail costs them more than the redundant bandwidth you use by not utilizing their proxy server.
Last time when I looked up @Home's web site, they still did not have any relevant statement regarding privacy issues and proxy connection. In the meantime they've switched over most of their customers, who had never been informed about the privacy consequencies of the "technical upgrade".
Of course they're not answering you. They're probably saying to themselves, "there's that privacy wacko again" and chuckling to themselves.
I would too.
Why would your ISP even *want* to construct such an intimately personal profile about you? What would they gain out of it? It's like calling up your local grocery store and demand they give you a written statement saying their cashiers won't come over to your house in the middle of the night and spray-paint a bunch of yellow smily faces on your windows.
Stop flattering yourself. Your personal information is 100% useless to marketers, and your browsing habits are 100% useless to your ISP. I can't think of a single reason your ISP would want to collect this sort of information. Proxy servers are not evil minions of privacy-invading corporations. They're just there to speed up your 'Net connection and cut down on redundant bandwidth usage.
It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex.
WHY in God's name would FedEx do this? Why in the world would a marketing company CARE about this information? How does this allow them to more effectively target their banner ads at you?
Slashdot Mirror
Doubtful.
RealNetworks asserts that this data isn't being stored. The likely scenario is that they're taking the information, finding the genres associated with it, and storing aggregate information about those genres in an attempt to find your approximate music interest. This is still quite useful information, but suddenly RealNetworks doesn't look so evil, so the people that read these YRO pieces are less likely to mention it.
I can't think of any reason they'd be interested in storing all of the artists and songs you listen to. Do you have any idea how large a database would need to be to store this information? Aggregate trends, however, can be represented with a few small numbers and fits RealNetwork's likely needs perfectly.
Now, again, I'm not defending RealNetwork's practices here, but I feel I do need to step in since so many people like you keep spreading this misinformation.
What a legal tightrope - we're not storing your info for very long. Yeah, not storing my personal info, but I'm sure you're saving the results of what CD's are listened to, how often, and whom by just getting rid of my GUID and replacing it with a demographic.
A more likely scenario is that they're storing information in an aggregate fashion, perhaps numerical values corresponding to the music genres you tend to like.
I can think of zero reason whatsoever that they would actually be interested in the actual titles and artists you listen to. It does make sense for them to want to know what *types* of music you listen to, which can be pretty easily gleamed from data like bands/albums that doesn't require it to be stored.
Just an idea, but it does seem logical...
if you do not want them to do it, you do not register on their site. real networks chose to HIDE the fact that they are collectitng this information from users of their software.
No, they chose not to DISCLOSE the information to the public. There's a difference between not mentioning something and deliberately trying to keep it a secret. Let's not jump the gun here.
I'm not trying to defend RealNetworks here, as I disagree with what they're doing, but I'm getting kind of annoyed at everyone's assertions that they're doing this maliciously. Let's wait until we hear a few more *unbiased* takes at the situation before we start spreading misinformation about their intentions.
This is from a company who spewed ads from their servers and is so far still on the MAPS RBL for doing it.
Do you have more information on this? RealNetworks actively spams people unsolicitedly? What IP blocks are listed under the MAPS RBL? I've never received unsolicited e-mail from RealNetworks (but then I've never checked the checkbox that indicates my desire to have this happen, either)...
I realize RealNetworks puts ads out on their various pieces of software, which is perfectly fine (that's the price to pay for free software), and as far as I know, the RBL deals only with spamming-related issues.
Do you have more information (like, say, proof) of these allegations?
They may "analyze" it on-the-fly and just modify aggregate statistics about your listening habits. If you regularly listen to rock music, they may have a "likes_rock_music" statistic that goes up as you listen to more rock, etc.
Just an idea..
but you don't normally expect him to ask you questions about who you are and where you have just come from, and you definitely don't expect the manufacturer of the jukebox to have the right to do so....
Everyone is making the dangerous assumption here that RealNetworks is *combining* this information for their evil spying practices. Most all major products I download from the Internet ask me for my name, and bits of other information. Most (if not all) give me the option to decline sending this information in.
SEPARATELY, RealNetworks is allegedly collecting information about your listening habits (tied to a userID not necessarily tied to your contact information). I'm not going to try and defend this, since I lack information one way or the other, but it seems like a great many of you are just assuming that RealNetworks uses this information together somehow.
Further extending the music store analogy, let's say you get one of those FrequentListener discount cards there. You give them your name, address, phone number, etc., and shop there every week or so. Now, the clerks know you by face, but that does NOT mean remotely that they automatically know your name and are linking every purchase in their head with your address and phone number. Yes, they collect the information, but that doesn't mean they're using it together.
Again, I'm not trying to defend RealNetworks here, but I do think many of you are taking this to an unfair level...
Secrecy?
There is a difference between failing to mention something and keeping something a secret. Unfortunately, most privacy activists fail to realize this difference, and so it becomes the custom to assume that whenever somebody fails to mention something, it automatically means they are attempting to keep it a secret.
I'm not saying this isn't the case here, but it just seems like everyone reads the headlines and immediately jumps on the anti-RealNetworks bandwagon without really doing much investigation on their own...
Because if you are in a hurry when you install a software, or are simply not interested in all the bells and whistles, you usually skip the READMEs and trust the (Net)Etiquette of the software you use.
If this is truly the case, then you have absolutely no right to complain. A company can only go so far in giving the user options. NATURALLY, they will have 'yes' automatically selected. If you breeze through the installation, it's your own fault for not paying attention, and it would have made absolutely no difference if Real had omitted the checkbox entirely from its program's installation.
It's not like this is an obscure option. It's pretty plainly visible in the installation wizard. They're not trying to hide the option from you, and I don't feel they're being evil in the slightest by defaulting it to 'yes'.
Land of Litigation.
And before you folks start going off about how all laywers are inherently evil (as some have already started doing), consider the possibility that it's our laws and judicial system that's at fault here. There will always be laywers stepping up when another one backs down due to his own ethics.
Face it: Americans like being able to blame somebody. They like the security lawsuits give them. They know that if they do something pretty stupid, they usually have the ability to save face and sue somebody else. It's this mentality that has made our judicial system what it is today...
Go inside an ISP some time and see how difficult it is to simply keep core services on-line 24x7.
I worked for 2 years at an ISP developing a tremendous amount of back-end software for our engineers and administrators. I do know what I'm talking about. I don't know where you get your information, but there wasn't much in the way of difficulty keeping our core services up 24/7. There was an occasional downed link or a hard drive failure, but we were most certainly not putting out fires 24/7.
I could, in 10 minutes, write something up in Perl that would interface with a RADIUS database and monitor network traffic, compiling a list of web sites visited by each user and recording the data. This wouldn't even be taking advantage of the lower-level packet tracing features available in every terminal server OS I've seen, which would probably make the task tons easier.
The last thing any ISP wants to deal with is some packet level logging on all the traffic, and the horrendous data-mining task of putting those logs back together again afterwards.
Is there really that much difference between this and intercepting cookies via a proxy server? You still have to go through the work of putting things back together in order to associate that cookie with the user dialed up.
No, gleaning data from cookies is efficient, that's why they were invented. Gleaning data from raw IP-level logs is mind-numbingly hard work, and that's before you start dealing with DHCP and proxying on the client-side of the ISP (not uncommon for small businesses).
Maybe you just don't have any practical experience with real world companies doing this sort of thing. I could make this association with a single database lookup at my previous ISP, and my current employer (which uses DHCP) goes so far as to use dynamic DNS to use my username as part of my hostname for the IP my workstation receives. Again, pretty trivial to use this information.
It's not easy, is it ?
Maybe we're just thinking of two different approaches to the problem, but my argument still stands. Internet providers don't set up proxy servers so they can spy on their customers and sell the data to marketers. If you don't believe me, call your ISP and ask them. If you seem to think they're lying (what would they stand to gain by lying?), maybe you should find an ISP you can trust, or at least set up a secure, encrypted tunnel to someone you do trust and do all of your web browsing through it.
I really think it's funny that people actually believe ISP's do this sort of thing. You must get headaches a lot worrying about these things.
Firstly:
The disconcerting thing is, that's about to change... DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website...
This is what I was objecting to. Your name doesn't help DoubleClick target banner ads in the least. In order for your name to be useful, the database would have to be parceled out and sold to other marketers (postal ones, as your name is pretty much useless in an online world, whereas your address could be used to send junk mail), which wasn't mentioned in the article itself, but you seem to be bringing up now. This is fine.
Secondly, this information is NOT as valuable to marketers as you seem to think. Say DoubleClick puts out 100 ads. Say 90 of those have cookies enabled. Say 60 of those are from a home PC or a person's personal workstation (as opposed to a computer lab or public workstation). Say 20 of those browse the web regularly enough for DoubleClick to have a halfway decent profile to allow for targeted advertising. Now, say I'm a company that sells computers. Looking at DoubleClick's master list of targets, I discover that about 1 in 20 people in their database would definitely be interested in purchasing a new computer. We are now down to 1% of the original list (with 80% of the list marked as "unknown").
These profiles are also only one end of the preference range. Just because a person visits bicycling sites and not computer sites doesn't mean he's only interested in bicycling and isn't interested in purchasing computers. The profiles just offer *suggestions* and do nothing to indicate what the person *doesn't* like, which would be necessary if one is going to spend any money mailing out ads.
If I were trying to sell computers, I'd probably stick with the anonymous list I have (or purchase a cheaper anonymous list), because I *certainly* wouldn't limit my options to the small portion of users that happen to have built up profiles.
The cost of this list would likely far outweigh the costs involved in ignoring it. I won't argue that there is value in a postal list that also contains a person's likes/dislikes, but do you really think these lists don't already exist? When you buy a magazine, your name is circulated around a bunch of other similar magazines. This is exactly another form of "targeted advertising", which is all this list of people and their browsing preferences would be, is a way to target postal ads just like online ones.
In any event, we were talking about proxy servers here. As I mentioned in another comment, your ISP currently has the ability to log and track every single Internet packet sent to/from your PC. With most terminal servers, it's pretty trivial, and there are no laws that I know of that prohibit it. Should we ban ISP's now? The reason ISP's don't do this kind of thing is because they realize that a customer's trust is valuable if they want to keep your business. If an ISP started selling your personal information even WITHOUT included bits about your browsing habits, this would be quickly discovered and their business would dry up. This is not good business sense.
The point is, your ISP wouldn't *have* to go through a proxy server if they wanted to collect this information. They could do so much more efficiently just by monitoring your connection itself and record the hostnames you visit. THEY DON'T DO THIS. Any of it. If you really truly believe your ISP is evil and wishes to violate your privacy and sell all sorts of sordid details about your browsing behavior, perhaps it's time you found another ISP.
I get ads about the eastern seaboard too. And the western.
If I were a marketing company like DoubleClick, and I wanted to try and target some banner ads by relatively specific geographic regions, I would probably try and find out which ISP's are in that region and serve up my banner ads based on what *hostname* (or domain) the browser was coming from. This is the only way you can get geographic data (if at all) from an Internet host.
It's not possible to find a person's geographic location by observing the delays in Internet packets. If you don't believe me, call up your local university's computer science department, or your ISP, or *somebody* that has even half a clue about how IP networks work and ask them.
ISP's can (technologically) very easily monitor and log every Internet packet being sent from or received by your computer. As far as I know, there are no laws preventing this.
Does this mean we should ban ISP's? Of course not. You trust that your ISP will behave in an ethical manner regarding how you use your Internet connection. Your ISP understands that keeping your trust is essential to keep your business.
The point is, if your ISP really wanted to start logging and selling data regarding your browsing habits, they have the technology to do it in a manner much more efficient than by gleaming the data from proxy servers and cookies.
But they don't.
wants to figure out which special banner ad promotion will attract the most buyers
/promotion/1 which records this information and redirects them to the main page. Banner 2 goes to /promotion/2, etc. This is how *I* do it, and I imagine for accounting purposes, this is already being done for just about everyone anyways, since they have to have some way of recording where the click-through came from, it's a trivial matter to make a minor change depending on the nature of the ad itself...
That's why they give different URL's to each banner. Banner 1 goes to
As far as seeing which ad creates which sales, it's an equally trivial matter to set a cookie on the shopping site itself when the user arrives, and check the value of this cookie when they make their purchase.
What I'm trying to say is that there are pretty easy, existing ways to do what you're describing that don't require any sort of evil collaboration between companies like you suggest.
The marketing company couldn't care a bit what your name is. It doesn't help them target their advertising to you. It's not in their best interests to collect this information, if nothing else than the TREMENDOUS negative PR attention this would earn them.
I'm not following..? Who said anything about privacy being redundant? I said your ISP could care less what your browsing habits are, just like marketers could care less what your name is. I don't see what you're commenting about..?
And don't tell me this is unrealistic, I had to deal with exactly this scenario for a job.
Umm, I wasn't going to. In fact, I was going to say, "Good point."
May I ask what company does this?
From the Netscape help text on this feature:
I thought it was for something else, so yes, this is an excellent way to eliminate any potential privacy issues with 3rd party cookies.No offense, but you obviously have no concept of how the Internet works. It's not possible to determine anything REMOTELY geographical (except perhaps "on our continent" and "on another continent") by examining network "distance" (packet times).
I can't explain why you saw what you saw (I don't even know what port 8 is for, if anything), but I can tell you for certain that it has nothing to do with them trying to track down your geographic location.
They can't. Everyone suggesting this is especially paranoid today. A company would have to explicitely volunteer this data to the companies doing the tracking.
Besides, even if they did, what in the way of marketing information would the banner ad companies get out of it? How would having your name help them target banner ads more effectively? I don't get it..
Why wouldn't it affect you? You do browse the 'web, yes?
(1) I disagree. They've made posting on Slashdot a breeze, purchasing things from Amazon a "One-Click" (tm) process and generally have made my browsing experience quite nice.
(2) Have fun.
(3) I will. I do. I doubt they've really noticed your refuals to shop with them, personally.
(4) Neither am I. Probably more-so.
The 'domain' property of a cookie was actually well thought-out and designed so that what you describe couldn't normally happen. The domain setting must be at a minimum a 2nd-level domain (i.e. must contain a nested dot; e.g. ".co.uk" *would* be valid under this rule, while ".org" would not). IN ADDITION, the domain must not be *below* the hostname sending the cookie (i.e. the remainder of the hostname must not contain nested dots).
Valid hostnames and cookie domains:
- www.example.com
.example.com - www.sub.example.com
.sub.example.com - www.example.co.uk
.example.co.uk
Invalid:- www.example.com
.com - www.sub.example.com
.example.com - www.example.co.uk
.co.uk
Section 7 of the spec outlines quite a few privacy issues known at the time and methods browsers can work around them. User agents themselves are perfectly free to set additional constraints.My repeated email offer ... has not been answered.
Because it's not worth it. The time it takes them to sit down and draft an e-mail costs them more than the redundant bandwidth you use by not utilizing their proxy server.
They could care less.
Last time when I looked up @Home's web site, they still did not have any relevant statement regarding privacy issues and proxy connection. In the meantime they've switched over most of their customers, who had never been informed about the privacy consequencies of the "technical upgrade".
Of course they're not answering you. They're probably saying to themselves, "there's that privacy wacko again" and chuckling to themselves.
I would too.
Why would your ISP even *want* to construct such an intimately personal profile about you? What would they gain out of it? It's like calling up your local grocery store and demand they give you a written statement saying their cashiers won't come over to your house in the middle of the night and spray-paint a bunch of yellow smily faces on your windows.
Stop flattering yourself. Your personal information is 100% useless to marketers, and your browsing habits are 100% useless to your ISP. I can't think of a single reason your ISP would want to collect this sort of information. Proxy servers are not evil minions of privacy-invading corporations. They're just there to speed up your 'Net connection and cut down on redundant bandwidth usage.
It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex.
WHY in God's name would FedEx do this? Why in the world would a marketing company CARE about this information? How does this allow them to more effectively target their banner ads at you?
I don't get it..