Cookies, Ad Banners, and Privacy 418
When Netscape embraced-and-extended the HTTP spec in 1995, it was really just trying to digitize the shopping cart. Allowing a server to store just a few bits on the client added almost no overhead and it made many applications, such as shopping carts, very convenient.
Maybe it was deliberate; maybe nobody really cared; or maybe it was an engineer's simple distaste for tweaking a spec too much: but they allowed cookies to hang off GIFs as well as HTML, and that changed everything. There were probably ten people in the: world at that point who could have foreseen the explosion in banner ad traffic, yielding a multi-billion-dollar industry in less than five years.
Yes, billion -- the large banner-ad company DoubleClick merged with database firm Abacus Direct last year in a billion-dollar stock swap. How much is a billion dollars worth of advertising revenue on the net? At DoubleClick's current rate, it's about 750 billion banner ads. Think of it as four petabytes of GIFs.
And the vast majority of those GIFs just get ignored. When's the last time you clicked a banner? There aren't any precise figures, but the consensus is that the average click-through rate is dropping. Three percent click-through used to be good. Now a well-targeted ad will be happy to get one or two percent. It's hard work to make money from banners, and getting harder every day.
That's why DoubleClick, and firms like it, need to maximize their efficiency. Their income ends up depending on that click-through rate. The higher they can raise that number, the more they can justify charging their clients. Sending targeted ads becomes critical. And the only way to target you is to learn more about you.
The GIF cookie loophole makes this pretty easy. The first banner ad that your browser requested from a banner-ad company got a user ID cookie sent back with it. And - here's the key - since so many banner GIFs all come from the same company's domain name, your browser sends back the same user ID no matter which website you're viewing the banner on. Your user ID is being tracked all over the web.
In the case of DoubleClick, that's a fair number of sites. They won't talk to you unless you serve a million impressions a month - and their network includes 651 publishers which translates to who-knows how many websites. All told, they deliver a billion ads every two days.
Though the Internet Movie Database can't tell where else you've been on the web today, the company delivering its banners knows. That same company knows if you read National Review, TeenMag, or Dilbert. It knows if you're into professional wrestling or what cruises you were looking at on Travelocity. It even has some of your click history through WebMD.com.
The comforting thing has always been that, while the corporation may be able to follow your footprints around the web, at least they haven't known it's you who's making them. The disconcerting thing is, that's about to change.
Remember that billion-dollar merger between DoubleClick and the database company? This database company doesn't sell software. Abacus Direct uses databases to store names, addresses, and other information about people. In offices across the country, their computers have information on two billion purchases made from 1,100 separate consumer catalogs over the years, "representing virtually all U.S. consumer catalog buying households." Their CEO brags,
"Through the sophisticated use of state-of-the-art technologies and modeling techniques, Abacus' outstanding ability to synthesize vast amounts of data into valuable insights about individual consumer buying behaviors has proven itself to be an important marketing tool for our age."
That's why it's very interesting that DoubleClick's privacy policy changed earlier this month. Its text used to read:
"DoubleClick does not know the name, email address, phone number, or home address of anybody who visits a site in the DoubleClick Network. All users who receive an ad targeted by DoubleClick's technology remain completely anonymous."
That promise is gone without a trace from the new policy. The new policy reads:
"In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address."
Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database.
A little further down is the portent of things to come. There is "one particular Web publisher" in their network which collects a "log-in name and demographic data about users." Which publisher is that? They don't say.
Whoever it is, you may already have given it your name and address, perhaps to register for a contest, or maybe in exchange for reading its free content. Everyone does it; it's a small price to pay. DoubleClick is already combining their demographic data (your name and address) with its own database (your viewing and clicking habits) in order to deliver more-targeted ads on this one website.
And if their programmers do their jobs right, it'll end up being a simple SQL query to join up your user ID, the name you gave the mysterious web publisher, your Abacus demographic data and catalog purchases, and the footprints you've left all over the net for the past two years, into a single big lump of your online/offline data.
To be fair, their privacy policy promises they won't start doing this without, er, changing their privacy policy:
"...should DoubleClick ever match the non-personally-identifiable information collected by DoubleClick with Abacus database information, DoubleClick will revise this Privacy Statement to accurately reflect its modified data collection and data use policies and ensure that you have adequate notice of any changes and a choice to participate."
Aren't you glad that, when DoubleClick revised its privacy statement on October13,1999, you were given adequate notice of how you were being tracked across the internet? (They've sent out 46 press releases so far this year. Informing you about weakening your privacy wasn't one of them.)
Things aren't as bad as they could be. One fortunate thing is that the banner-ad market isn't a monopoly yet. Not even close. Adbility lists over fifty ad networks, of which DoubleClick is just one of the larger ones (probably the largest).
But, when any rapidly expanding market starts to level off, the smaller and less-efficient companies get eaten. Nobody knows when the internet's growth curve will hit that point, but exponential expansion can't continue forever. At some point, the companies that can't send banner ads targeted to your community will get left behind. We'll end up with two, maybe three, meganetworks that deliver a large majority of the world's banner ads.
What can you do about it? To protect your own personal privacy, opt out of DoubleClick's cookies. Of course, this doesn't affect other banner-ad companies, who may or may not even offer this solution once they get as big as DoubleClick. It also doesn't help novice websurfers like your grandmother, who doesn't understand why she should refuse free cookies. More importantly, it can't ever be a real answer - if more than a tiny percentage of their audience ever opted out, DoubleClick would see the competitive advantage of their billion-dollar merger start to erode, and that'd be the end of that option.
What makes more sense is to close the cookie loophole. DoubleClick isn't the real problem; the HTTP spec is the problem. The browsers should change their implementation of cookies so that, by default, foreign sites can't send me cookies along with their GIFs. Why should cookies be allowed onto my hard drive if they aren't attached to the page I'm viewing?
Since DoubleClick's privacy policy claims that cookies "are not essential for us to continue our leadership," they should have no problem supporting this as the default behavior of every major web browser.
banner and how to target a specific group (Score:1)
You want your lame non-graphic Internet back?? (Score:1)
Cookies really aren't so bad. All this privacy crap is starting to piss me off. What the heck are you afraid of? That someone figures out you surf porn pages? Or that someone figures out a way to actually show you banners of stuff that you like?? Where is your damn problem with getting TARGETED ads? They can't kill you or anything, they can just make your life easier if they show you stuff in your interest!
Also, non-text attached cookies serve a higher purpose than to target the banner ads. They provide the one and only way for Application Service Providers to accurately figure out if you have been at the given website before or not. This is needed for simple statistical purposes to give the user of a website good and informative statistics!
On top of all this, closing your silly 'gif-loophole' doesn't help you a bit. Doubleclick serves many banners through full HTML and not just GIFs.
Regarding those people that posted about Junkbuster... Banners are junk huh? What do you want, to kill all your favorite websites? To kill the whole web as it exists right now? There simply is almost no other way to make money on the Internet for a freesite than BANNER ADS. Live with it! If you do not want the damn Banner Ads, you should not go to the damn site.
All in all, why don't all of you that complain so much about how well the Internet developed because of simple things as Cookies and Banner Ads go and leave this freaking net alone and get on Internet 2 and have fun there? It'll take a while till this one gets commercial. OR heck, why don't you all just go and stop using the World Wide Web? It doesn't seem to be what you want.
Fabian Thylmann
fthylmann-spam@spam-stats.net
Re:Junkbuster is the way to go (Score:1)
Re:You want your lame non-graphic Internet back?? (Score:1)
Re:Does it make much difference?? (Score:1)
play with them... (Score:1)
Why not change it yourself, make the number slightly different?!! Get someone else's ID connected to all your porn-surfing! Prize for the
first person to get a whitehouse.gov DoubleClick ID!!!
While we're on this topic, how likely is it that you could crash a remote server by putting unexpected values in your cookies, hehe ??
Bah.
Very Lazy Coward.
they also send banner based on the IP (Score:1)
Re:IMG SRC cookies needed (Score:1)
serious mistake here (Score:1)
Re:Advertising in general (Score:1)
The original banner ad idea was to become more like pink noise -- a little harder to screen out mentally. This really is a tiny innovation, and not very sustainable as clickthrough drops to zero. Where you really have to look out is when the other species really mutates in a major way. Things like product placement in the movies, or other subtle things that are meant to affect us in a subconscious way. When did you ever see an advertisement for beanie babies? The entire value of Pokemon cards is entirely fabricated through sophisticated and stealthy marketing techniques.
The real serious evolutionary development here is the use of stealthy methods to perform highly targeted, and perhaps very subtle manipulation. Now the marketers will say that its in your best interest, and after a fashion, I agree it is not the worst of all possible scenarios. The worst scenario would be to get huge numbers of intrusive and badly targeted pitches. But it is disingenuous to say that they're doing this out our best interest. In the end, as people become yet more sophisticated, I don't know if the advertisers and marketers will be able to survive just on targeting pitches better.
Inevitably the text content and even design of web sites is going to be secretively customized to better influence my behavior. This is kind of like direct mail, which tries in a quaint way to look like it is personal communication for me. But this is much more dangerous because it will very plausibly purport to be something I asked for, but actually be a kind of Trojan horse to advance _somebody_else's_ agenda.
The bottom line is that this is a struggle for control over information. The advertisers would like us to be passive recipients of information, mentally active only to the degree necessary to respond to the buy impulse they are trying to generate. I, on the other hand, would like the marketing people to be my data lackeys, returning just the information I want, when I want it, neither more nor less, and have the technical means of thwarting their current attempts to track me in this new medium.
Consider the alternative... (Score:1)
I view demographics and targeted marketing as a necessary evil. I only need to look at television to see why.
Television is an almost completely untargeted market. Yeah, they can advertise toys during the cartoons and 900 numbers during the 2am episodes of Star Trek, but in general they have no way of targeting adds any better than that. Because they still need to make money on the poor hit rates of untargeted adds, TV devotes roughly half of the time real estate to advertising. 50 percent of what I watch. That's way too much.
I see the much more acceptable alternative of direct, targeted marketing to be much more acceptable. If companies know who I am and what my interests are (motherboards, radio controlled airplanes, cooking) they can advertise just the things I'm interested in.
This has incredible benefits to me as well as them. Since I'm actually interested in the products they're selling, they get a much better hit rate. That means they make more profits per ad. More profits per add means they don't need as much real estate. Suddenly they're taking only 5 percent of my desktop instead of the 50 percent they take on TV.
I don't have to get annoyed by adds that I don't care about, either. That alone seems enough to me to justify supporting direct marketing. Think of it. *No*more*feminine*hygine*adds!* Everything I see advertised at me is something I have a vested interest in.
Yes, I agree that no advertising is the preferable alternative, but I don't see that happening anytime this lifetime. Since I have to live with advertising, I'd much rather be shown stuff I care about and might buy than waste my time on random junk.
Re:Junkbuster is the way to go (Score:1)
Or even better, delete the cookie.txt file and replace it by a cookie.txt read-only folder and tell netscape to accept cookies... That way they won't get stored on your drive, but no site will refuse you :)
--
Always listen to experts, they'll tell you what can't be done and why... Then do it.
Re:cookies? (Score:2)
Proxy servers are even worse (Score:2)
Privacy - your basic human right, no matter who says it otherwise - seems to have an even worse threat by companies like @Home.
During an update I was asked to blindly follow their instructions and connect to their proxy server.
Their tech-support guy did not understand why I was refusing to do so and told me that "that was the only way to use @Home after the upgrade".
His supervisor quickly corrected this statement, with a warning "in this case your service will not be optimally fast".
I told him about my privacy concerns if all my requests go thru their proxy server and the full list of my Internet access can end up in their log files. Since @Home knows my subscriber information, they can very easily create a very specific, personal profile.
After acknowledging that "technically it is possible to do that", he said, "I promise you that we don't do that..."
I said I'd prefer a legally binding statement, as part of my contract with @Home that it would never happen, and they would be legally accountable id if still ever happened.
He could not help me to find this or any similar commitment from the company, just like the receptionist and several other people next day, when I called the office and asked for someone who is in charge of costumer privacy issues.
They appearantly could not find anyone who'd fit this description and they repeatedly switched me over to network engineers.
Last time when I looked up @Home's web site, they still did not have any relevant statement regarding privacy issues and proxy connection. In the meantime they've switched over most of their customers, who had never been informed about the privacy consequencies of the "technical upgrade".
Fixing the cookie handling browser standard is one thing - but there is a stong need to a proper legislation that would make it illegal to ISP's, Internet ad companies, etc. to create personal (not statistical) profile of citizens, using the Internet.
Companies, that pretend not to understand how their practice is offending their customers basic human rights are very well aware of what is at stake.
My repeated email offer that I'd connect to their proxy server (to save them money by allowing them to keep my traffic withing their own network) as soon as I can get their CEO's access log files in return for mine - has not been answered.
Just like my question: if you don't want to share yours with me, why do you think I should share mine with you?
Advertising in general (Score:4)
I don't want a Ford Escort, no matter how often you tell me it's stylish, I don't believe that Lotus makes "super.human.software" no matter how often I'm told. A deceit is a deceit however often it's repeated.
Banner adverts and targetted marketing are perfect examples of this. The reason I don't click through SlashDot's banner adverts for CodeWarrior is that I don't want the blasted thing. It doesn't matter how often you deliver the image to me, I still don't want the thing.
How long is it going to take before people stop making things people don't want and trying to convince them that they do ever more streneously...
Will we still have a culture left by then? Or will we end up, tired of advertising, and left wondering what we had to fill the world before it?
Or are we already there?
When was the last time salesman spoke truth to customer? Does anyone remember?
I am a person. I will decide if I want your product. The frequency of you telling me about it is not a factor. Learn.
[sillywiz]
US (Score:1)
Re:US (Score:1)
Re:We could all have the same cookie (Score:1)
Poll Tax dodger (Score:1)
Re:Glad I live in the UK (Score:1)
Like you say this doesn't work outside the UK. Sigh.
Of course Safeway or Tesco hold far more data on the average UK citizen than doubleclick has about any individual......
Blocking cookies is too difficult (Score:1)
It is too difficult for the average web user to use any of the schemes proposed. The browser ought to be able to cleanup cookies, allow them from 'friendly' sites only, etc, etc out of the box.
How can we achieve this? Wander over to http://www.mozilla.org/ and learn a bit about XUL. Code up the dialogs that are required and try submitting them...
Netscape has it! (Score:1)
I'm uinsg netscape 4.5-98286 on solaris, and there is an option to only accept cookies from the same site. You bet I've got that on. I thought there was an option to do the same with images, but I can't find it. (Might be in 4.6 or something)
Not that this really matters, the only sites I use crashscape for are the ones that I can't view with lynx.
A privacy concern, yes? Dependant on cookies, no. (Score:1)
Whether all this boils down to a privacy intrusion or not is an open question. However, I find the cookies themselves irrelevant in this matter. Cookies are merely a convenience and a nice concept to the information provider, but they don't add any significant functionality to the data exchange process.
Even if you disable everything that deals with cookies, you are still stuck with the ultimate cookie--the URL. Before cookies, some servers encoded the same kind of personalization data in long URLs. For all I know, this technique may still be in popular use. You type in a short URL found in a magazine, and the server immediately redirects you to a personalized URL, full of cryptic parameters, or simply containing a user ID. Disable URL redirection as well, and what do you have left?
The cookies simply provide a cleaner way to implement this, without burdening the URL with massive amounts of data. Besides avoiding URL buffer overflow, the cookies are supposed to be less visible to the user. However, they add no new functionality for tracking user habits. If you are worried about your privacy, you should be more concerned about what information sits in somebody else's database, than about what is stored on your own hard drive.
The essence of this news item, though, seems to be Doubleclick's omnipresence, doing away with the argument that all those different sites you visit won't be able to match their logs in order to find out anything important about you (they simply won't have to). I haven't studied Doubleclick's policy. Does it say anything about whether Doubleclick will comply with requests from law enforcement authorities to find out who seem to be frequent visitors to warez sites displaying Doubleclick banners? Is that something to be concerned about in the first place?
Re:Does it make much difference?? (Score:1)
Or consider trading this kind of information - wouldn't you be interested in the fact that your neighbour clicks both Alcoholic Anonymous and Ballantines thrice a day?
The bottom line is that this kind of information is and should be private. In many countries there are privacy protection laws already, but as always the internet makes national laws rather useless ("we are not collecting any information, our ad-serving Bermuda subsidiary is").
Re:... 'cuz I'm too damn lazy (Score:1)
netscape &
[Log into Slashdot, exit Netscape]
chmod ugo-w ~/.netscape/cookies
netscape &
[Surf all the world with short-lived cookies only]
Re:We could all have the same cookie (Score:1)
*grin*
Re:An alternative approach (Score:1)
(Myself, I refuse Doubleclick and all of the other big ones period, even from sites that I like.)
IMG SRC cookies needed (Score:5)
Paranoid direct-marketing reasons shouldn't be used as a reason to break perfectly acceptable behaviour in a browser (especially a behaviour that has generated a multi-billion dollar industry!)... yes, there are people collecting information about you in order to more efficiently sell you things. There's people collecting information about your power consumption, long distance usage and a host of other things too, not to mention the government going through your spending habits for whatever purposes they have (probably tax related ;).
Having done my time in surveillance/counter-surveillance circles, I can honestly say that what most people consider as privacy is the most widely-hyped and catered-to fictional ideal of all time. Anyone can find out anything about anyone else, so long as they have the time, money and talent to do it. What most people consider as privacy would best be described as obscurity... lost in a sea of other dull, obscure people leading a life too dull to be of any concern to anyone (except perhaps ad banner people and spammers ;).
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
It's not the advertisers that matter ... (Score:5)
Example: you visit an AIDS awareness web site, then hop over to Amazon.com and buy a book about living with HIV. You do this because your kid sister has a friend who is HIV positive and wants to know more about it and asked you to do her a favour.
Years later, you put in an application for life assurance to cover your endowment mortgage ... and the life assurance company turns you down. Seems their data mining brought up a warning flag: "buys material about living with AIDS, visits AIDS awareness websites". Ergo, their expert system deduces that you may have HIV (a very bad life insurance risk!).
Admittedly, this sort of abuse shouldn't be possible if proper privacy laws are in place. But in the USA, there are no effective consumer privacy laws (hence the current fracas with the EU, which is bringing in reasonable ones). Nothing stops your insurance company from buying the DoubleClick net's database to check against health risks; it's not information subject to medical confidentiality, is it?
This is a relatively mild example of how data mining can go wrong. Much, much worse things can happen to you -- comp.risks [comp.risks] is full of examples of people being arrested and dragged off to prison because they share the same name and birthday as a wanted felon, or similar cases of public officials putting their trust blindly in a database that has had information indiscriminately shovelled into it.
If we bring political or governmental issues into it, it gets even worse -- imagine, for example, if your local police force starts looking for people who have looked at web sites with details of how to pick locks and who are not registered locksmiths. Sound outrageous? Of course it is -- until it happens.
Privacy is a fundamental human right; and one that is barely protected by law here in the EU, and utterly inadequately protected in the US.
No monsters here. (Score:2)
Cookies are a simple incentive. Turn them off, no tracking, and no personalisation. Turn them on, and you pay for you personalisation with tracking. Cookies simply allow tracking, how you use that tracking is up to you - either to customise a page, like
I realise most people don't know it's happening and don't know how to turn it off, but that's missing the point again.
Let's suppose there's a case of real abuse of the data gleaned through this, and that case comes to light. Newspapers everywhere will be able to publish info on how to turn cookies off, it will be well publicised, and brought to a stop. Already there are browsers like the KDE Konqueror that let you exclude certain sites from storing cookies, while allowing the rest to pass. It's a flexible technology that can grow around blatant abuse.
There are many invasions of privacy, from CCTV to office drug tests that are far more insidious than this.
Sure, it's cheap and tacky and insulting an annoying, but it's not the end of the world.
Re:An alternative approach (Score:2)
Untrue, sadly. The gif is served from doubleclick, and your cookie is sent out with the GET request, so they will already know that you are looking at the site.
But I agree, this isn't the end of the world.
Re:Imagine what we can do with the mozilla source. (Score:2)
- This would break a bunch of sites.
- This would break a bunch of sites.
- This would break a bunch of sites.
- If implemented, you'd either have to use this button pretty frequently (esp. since a lot of page failures might not be obviously attributable to this setting) or just give up and leave it turned off.
Just implement an "intelligent" cookie management system. Instead of just having options for enable/disable/prompt, have your "prompt" option have a checkbox that says "Don't ask me about cookies from this site again." Your accept/decline preference would be stored. That way you can decline cookies from Doubleclick and accept cookies from Slashdot without getting pelted with prompts for *every* cookie..Close, but not quite.. (Score:2)
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Your correction isn't entirely accurate. (Or maybe it is, but it sounds like you're saying something slightly different)
To illustrate the difference between these two cookie settings in Netscape, you need to be aware that in a cookie, the creator can specify things like an expiration date, a relative URI path to which the cookie will apply, and a "domain" setting which determines which hostnames the cookie will be sent to. The domain can never be more generalized than a 2nd-level domain in the case of the generic TLD's (I can't set the domain to '.org' but I can set it to 'slashdot.org' or 'subdomain.example.com'). Naturally, the originating site must lie within this domain.
This allows you to set a cookie from, say, www3.example.com using a domain of 'example.com' and have the cookie be sent back to www2.example.com, which is a very good thing. If you don't specify a domain, or use the Netscape cookie option you recommend, cookies will only be sent back to www3 and never www2 (which has to create a new cookie), which will likely break example.com's web site's use of cookies.
This setting has nothing to do with JavaScript. I remember vaguely some talk several months (years?) back about a vulnerability in Netscape's JavaScript that allowed a malicious coder to retrieve cookies as you suggest, but I believe that was fixed a long time ago.
P.S. What web site's scripts actually put your username and password in the URL string? That sounds incredibly stupid to me, for precisely the reasons you indicate. Any high school web-head knows better than this. Sounds like you need to write a letter.
Re:Illustrative example (Score:2)
There is no evidence anywhere that any company has ever started merging databases containing user information with a database containing browsing habits. In order for this to work, the people obtaining the information (the site you're giving this information to) would have to KNOWINGLY provide your contact information to the sites doing the tracking in such a way that they could associate your information with the "browser-ID" they have on file (difficult).
If you're giving them your information, chances are you're buying something from them, which means they have a *LOT* to lose if knowledge of this behavior ever got out. Do you have any idea what kind of PR mess this would cause? Legal issues? It's not good business sense. For this reason, unless you're doing business with an irreputable company, you can usually put some stock in their online privacy statements (which I tend to read before giving them my personal information, don't you?).
Further, WHY WOULD THIS BE OF ANY VALUE? All marketing companies care about is marketing their products. ALL they want to know is a person's shopping habits. Information such as your name, address, phone number, etc. is MEANINGLESS to them. It does not help them dole out banner ads, so it's useless information. Why would they spend so much money and time merging these databases when the gain is nil? Companies don't tend to do things unless there's a potential for profit (in public image or hard cash). I don't see the line to profit here.
Enough paranoia already (Score:2)
WHY in God's name would FedEx do this? Why in the world would a marketing company CARE about this information? How does this allow them to more effectively target their banner ads at you?
I don't get it..
Not quite (Score:2)
The 'domain' property of a cookie was actually well thought-out and designed so that what you describe couldn't normally happen. The domain setting must be at a minimum a 2nd-level domain (i.e. must contain a nested dot; e.g. ".co.uk" *would* be valid under this rule, while ".org" would not). IN ADDITION, the domain must not be *below* the hostname sending the cookie (i.e. the remainder of the hostname must not contain nested dots).
Valid hostnames and cookie domains:
- www.example.com
.example.com - www.sub.example.com
.sub.example.com - www.example.co.uk
.example.co.uk
Invalid:- www.example.com
.com - www.sub.example.com
.example.com - www.example.co.uk
.co.uk
Section 7 of the spec outlines quite a few privacy issues known at the time and methods browsers can work around them. User agents themselves are perfectly free to set additional constraints.My bad (Score:2)
From the Netscape help text on this feature:
I thought it was for something else, so yes, this is an excellent way to eliminate any potential privacy issues with 3rd party cookies.Re:Enough paranoia already (Score:2)
That's why they give different URL's to each banner. Banner 1 goes to
As far as seeing which ad creates which sales, it's an equally trivial matter to set a cookie on the shopping site itself when the user arrives, and check the value of this cookie when they make their purchase.
What I'm trying to say is that there are pretty easy, existing ways to do what you're describing that don't require any sort of evil collaboration between companies like you suggest.
The marketing company couldn't care a bit what your name is. It doesn't help them target their advertising to you. It's not in their best interests to collect this information, if nothing else than the TREMENDOUS negative PR attention this would earn them.
Re:Proxy servers are even worse (Score:2)
Does this mean we should ban ISP's? Of course not. You trust that your ISP will behave in an ethical manner regarding how you use your Internet connection. Your ISP understands that keeping your trust is essential to keep your business.
The point is, if your ISP really wanted to start logging and selling data regarding your browsing habits, they have the technology to do it in a manner much more efficient than by gleaming the data from proxy servers and cookies.
But they don't.
Re:Cookies are not all (Score:2)
If I were a marketing company like DoubleClick, and I wanted to try and target some banner ads by relatively specific geographic regions, I would probably try and find out which ISP's are in that region and serve up my banner ads based on what *hostname* (or domain) the browser was coming from. This is the only way you can get geographic data (if at all) from an Internet host.
It's not possible to find a person's geographic location by observing the delays in Internet packets. If you don't believe me, call up your local university's computer science department, or your ISP, or *somebody* that has even half a clue about how IP networks work and ask them.
Glad I live in the UK (Score:3)
A faulty line of reasoning (Score:2)
Of course not. In delivering the ad, DoubleClick just collects your user ID. It probably already has your name, address, phone number and email address, somewhere in the Abacus database
This is an incredible assumption that is made to clarify the point, an assumption which is most likely overlooked by most people reading this. To be able to function as an article, one must assume that Doubleclick already has your name and e-mail address and I honestly fail to see how unless they're gathering it through corporate partnerships (most companies have policies about distributing the information gathered on web forms). Just clicking through on links can't give this information to Doubleclick since it's not a form query and I don't know if I've ever seen an ad that directs to a web page that enables them to track the user ID of the person who clicked through to get to it. If this was the case, then more people than just Doubleclick are using your 'user ID'.
YRO continually impresses me with their targeted propaganda. Phrases like 'user ID' make it seem like Doubleclick's identifiers are personal in some way when they're really just fancy tracking numbers. And to fault Doubleclick for it's partnership with Abacus Direct is to fault the town butcher for working with the town guy-who-packages-meat. It only makes sense for the two companies to get together. One may not have a very high opinion of direct marketing (I certainly don't), but companies working with Abacus Direct do far, far worse than Doubleclick when it comes to tracking down what you're buying.
I'm sick of paranoia in my news. Slashdot used to be 'News for nerds' and now, at least with YRO, it's becoming a soapbox for privacy champions. Let the soapboxes remain in the commenting section and quit making faulty assumptions to sell your story to me.
Privacy has been dead for centuries (Score:3)
discard all your ISP accounts
shred your credit cards
always pay cash (not even cheques)
avoid a drivers license
avoid owning a home or conventional renting
don't register to vote
don't file taxes
Even surfing anonymously on slashdot is betting your privacy on the scruples of Rob and co. Check out the article (just over a month ago) [slashdot.org] about maybe being able to telnet into a Dreamcast. sTp81 [slashdot.org] runs nmap on systems that use his Dreamcast coverage site. That to me is a pretty blatant invasion of privacy.
Every time you use credit some information is being collected about you, not as a class of users but individually, its called your credit report.
Just about everything you do can be used to track you or track down information about you (do you rent in an upscale community or do you have the upper unit in somebodies home?) and this has been true for a long time. Privacy has been dead about as long as commerce has existed.
New technologies may mean new ways to track (such as banner adds) but the concept isn't new. It's also the price each of us has to pay due to our expectaction on getting most services, such as slashdot, for free. Somebody has to foot the bill and unless CmdrTaco, Hemos and Nate have a rich uncle its going to be us through banner ads.
www.junkbuster.com (Score:3)
Chris Wareham
Re:Does it make much difference?? (Score:3)
It's not the ads, it's the information you can gather. Let me give an example of the kind of thing you can find with an sql join.
Once upon a time, my employer did library systems and drugstore systems. In the drugstore system, customer adresses & phone numbers were protected, but they weren't protected in the library system
So a user selected for people who had a perscription for birth-control pills in the drugstore database, and joined for matching names in the library database. This gave him names and adresses, which he filtered to get ones nearby.
Anyone want to guess what he was planning to "sell" the selected customers?
---daveJust the way things are. (Score:2)
The net is become more and more like the outside world. The idea of advertising corps surupticiously tracking my movements across the net really gets my hackles up. But should it? Or rather, if this does then shouldn't an awful lot of other things too? My credit card company knows all the shops I got to too. Yet somehow I tend not to think about this.
Prehaps it's because we're used to thinking of the net, conciously or not, as a refuge from the more sordid elements of a world ruled by multi-nationals.
But now the pendulum swings the other way. The same things, the same technologies, that let us (individuals) get a leg up, help out the corps even more. I have to acutally get a credit card before they can track me. But now I can be tracked, not from my purchases, but just from window shopping. And just as we got a head start online over the commerical world, commererce has a head start over the legal world. The protections afforded me in the 'real world' are minimal enough. What can I hope for in an environment that crossed countless borders and exists almost exclusivly in the abstract.
The upshot of it all? Same ol' same ol'. It's not 'right', and it's not 'fair', and we shouldn't have to like it or lump it - but we're not doing ourselves any favours thinking of this as net specific thing.
My 2c worth of ramblings.
neat tips with firewall chains (Score:2)
- Recompile your kernel with ip firewalling support.
- add the following two lines to your boot scripts:
- ipchains -P input allow
- ipchains -A input deny -s doubleclick.com
this is sans manpage, see ipchains(8) for more details.--sam
Stop complaining if you use Netscape (Score:2)
And there it is! The radio button. Click this text: "Only accept cookies originating from the same server as the page being viewed."
Now click okay! Now you can only get a cookie if the server sending you the HTML (or whatever) page is sending it. Inline gifs from other computers can't send cookies. (Well, they can send them, but they are ignored.)
So stop complaining and click that button.
Re:IMG SRC cookies needed (Score:2)
I don't think you sufficiently established that this is really "perfectly acceptable":
"Cookies are damned convenient...for example, if you're trying to implement a link exchange or some other similar system where knowing how many times your 'message' has been seen is important..."
In short, in collecting behavioral info in banner ads. I just can't see any case where collecting data apart from the page is useful, except where the content of the image is itself divorced from the page. The only example I can think of for this is banner ad tracking.
Not that this, in and of itself, shouldn't be allowed, but there should be limits on the amount of information these companies should own or, for that matter, have access to. No matter how easy collecting details of my life is, that kind of behavior constitutes an invasion of privacy, a right implied by the Constitution.
To me, collecting excessive information on my habits is akin to stalking, and is one of the few places where government should be regulating the Internet. Except that software patent issues and recent legislation show a government neither sufficiently competent nor inclined to be responsible stewards of the Internet.
But that's another thread.... :)
phil
DoubleClick tracking from pages without ads (Score:2)
The tracking IMG does not seem to appear on the next page you receive, which presents tracking results, so they can't harvest your airbill tracking numbers by simply grabbing them out of the Referer headers on the requests for these GIFs. It's possible, however, that they're connecting airbills with browser cookies with the active cooperation of Fedex. The random-looking numbers in the URLs of the DoubleClick GIFs could be there to facilitate this kind of cross-referencing --- Fedex knows image http://ad.doubleclick.net/activity/3/5555/22222 was on a page they shipped to the browser with Fedex cookie X, and DoubleClick associates it with DoubleClick cookie Y, so if the URLs are unique, they can figure out that those two cookies went to the same browser, and pool the associated user profiles after the fact. But you can't spot that kind of thing by looking at the pages.
(Yes, I should probably install junkbuster, or something like, which would allow me to state rules about which cookies to present and which to reject out of hand, but I gotta get one of those round tuit things first).
Mozilla lets us do what we want (Score:3)
A simpler solution is to disable cookies in the browser. Netscape at least has a setting for that
With Mozilla we can do what we want. Need to change the way cookies are handled? Go ahead - you've got the source. Want to build Junkbuster right in? Suit yourself. How about a random cookie feature - where you accept the cookie, but you return some fictional person's data... hey, if you implement that, I for one will use your patch.
just use per session cookies (Score:3)
How do you do that? I run a Perl script nightly on Windows and UNIX that removes all cookies that I don't want. An even simpler approach is to make your cookies file read-only (edit it beforehand and leave in it only the cookies you like) or replace it with an empty directory (no persistent cookies at all).
Why should you be concerned about long-term tracking? I think it will only be a matter of time until life insurance, credit card companies, employers, and health insurance companies use your purchasing and browsing data to assign you to risk groups. And all of that will happen with automated data mining techniques, so there will be little cause to claim discrimination if the neural network classifier doesn't like you. It's not that I'm a particularly high risk to insurers, I just don't want to feel that my health insurance company is looking over my shoulder every time I order a pizza with extra cheese.
With per-session cookies, advertisers get some data, but they can't correlate it easily with personal information. That seems like a good compromise to me.
Re:I use AtGuard (Score:2)
Junkbuster is the way to go (Score:3)
A simpler solution is to disable cookies in the browser. Netscape at least has a setting for that.
Not only GIF's (Score:2)
/. and freshmeat are blocked by junkbuster (Score:2)
If you do use junkbuster, comment out the following lines from the blocklist file:
-B
Re:anonymous is best (Score:2)
Instead, call up your ISP (speak to customer service, not tech support). Explain that you don't like banner ads and ask them to run a Junkbuster proxy for customers of theirs that would like to browse ad-free. You'll most likely be speaking to a non-technical person, so explain what a proxy server is, how it works, why it would still be optional, etc.
Re:Junkbuster is the way to go (Score:5)
The original: http://www.junkbuster.com/ [junkbuster.com]
The version I use: http://www.waldherr.org/junkbuster/ [waldherr.org]
I prefer the latter because, well, look at the site and you'll see. Regardless, I urge you to install and use it.
Illustrative example (Score:2)
Magic cookies mean the end of privacy on the Internet.
Suppose that three publishers cooperate and agree to serve all of their banner ads from http://noprivacy.com. When Joe User visits search-engine.com and types in "acne cream", the page comes back with an IMG referencing noprivacy.com.
Joe's browser will automatically visit noprivacy.com and ask for "the GIF for SE9734".
If this is Joe's first time using any of these three cooperating services, noprivacy.com will issue a Set-Cookie header to Joe's browser.
Meanwhile, search-engine.com sends a message to noprivacy.com saying "SE9734 was a request for acne cream pages." The "acne cream" string gets stored in noprivacy.com's database along with "browser_id 7586."
When Joe visits bigmagazine.com, he is forced to register and give his name, e-mail address, Snail mail address, and credit card number. There are no ads in bigmagazine.com. They have too much integrity for that. So they include in their pages an IMG referencing a blank GIF at noprivacy.com. Joe's browser requests "the blank GIF for BM17377" and, because it is talking to noprivacy.com, the site that issued the Set-Cookie header, the browser includes a cookie header saying "I'm browser_id 7586."
When all is said and done, the noprivacy.com folks know Joe User's name, his interests, and the fact that he has downloaded 6 spanking JPEGs from kiddieporn.com.
Re:Illustrative example (Score:2)
Well, I thought of "Real word example" and discarded this for exactly the point you said.
This exact example isn't "real world" and it may be paranoia-feeding, but it's nevertheless possible. And many people, even people who know what cookies are, don't add one and one and come to the conclusion this example illustrates.
Perhaps this is a more realistic scenario:
A banner company which does an online prize competition (sp?) where everyone understands they need your adress to contact you when you win. They too require cookies and bang, they can track everyone who visits webpages with their banners on.
And in this case theres much value and no risk, they can offer their ad-clients a very good database with very exact profiles.
And don't tell me this is unrealistic, I had to deal with exactly this scenario for a job.
Re:Illustrative example (Score:2)
Point is, they did some kind of web lottery and collected prizes from companies. In the range of somewhat more expensive marketing giveaways.
And every fucking company they asked asked for the adresses. The general consensus was that the people who participate get something for doing that, so using their adresses was ok.
And everyone wanted to have the click-statistics, since there were several websites involved, so it was a kind of a banner business.
These adresses are what one calls "qualified contacts" (my translation, but it seems to match), i.e. much more worth than then pure adresse lists, more profiled. I was told they are worth around $10-$20 each - which I personally think is a bit expensive, but so much about the "free" giveaways we see everyday in the web.
The people involved weren't technicians, so nobody could imagine this cookie-magic.
But I swear you, if I had mentioned it they would have done it.
I'm pretty sure that someone like doubleclick could (not would!) do something like that.
Just encrypt the data in the cookies so that noone ever will be able to check that.
Hell, I'm pretty sure there are many profiles for me out there, my only hope is that they are not able to find out the real person behind. But all I wanted to illustrate is that it's not that hard.
addendum (Score:2)
From http://www.doubleclick.com/privacy_policy/ [doubleclick.com]:
In addition, in connection solely with the delivery of ads via DoubleClick technology to one particular Web publisher's Web site, DoubleClick combines the non-personally-identifiable data collected by DoubleClick from a user's computer with the log-in name and demographic data about users collected by the Web publisher and furnished to DoubleClick for the purpose of ad targeting.
There are some cases when a user voluntarily provides personal information in response to an ad (a survey or purchase form, for example). In these situations, DoubleClick (or a third party engaged by DoubleClick) collects the information on behalf of the advertiser and/or Web site. This information is used by the advertiser and/or Web site so that you can receive the goods, services or information that you requested. Where indicated in some requests, DoubleClick may use this information in aggregate form to get a more precise profile of the type of individuals viewing ads or visiting the Web sites.
Naviant - perhaps scarier? (Score:2)
"New precision web targeting from naviant combines physical-world data with online behaviour - for the very first time"
The copy continues:
"With the acquisition of IQ2.net, we're taking data integrity to a level it's never reached before that includes name, address, demographics, psychographics and clickstream behavior."
- all quotes from page 115 of the November, 1999 issue of Fast Company, the ad has also run in a number of other magazines
The phrase "psychographics" is a peculiar one, very much makes me wonder where they are getting their information, and to what purposes it will be used.
Shannon Clark
Re:Does it make much difference?? (Score:2)
Anyway, I think you raise valid points - at the end of the day, I truly believe privacy is a personal issue. In Sweden there is a national ID card system such as is stronlgly resisted in the UK, but I haven't seen any real evidence of it being misused yet.
Good luck in keeping yourself hidden - and don't get caught doing anything naughty now
Re:Poll Tax dodger (Score:2)
it's because we and thousands like us *didn't* pay that there is no Poll Tax now.
... either that or because you lived in a Labour borough instead of in Tory Wandsworth.
Does it make much difference?? (Score:3)
Y'see I don't particularly mind seeing banner ads. Hell, I even click through occasionally. I completely sympathise with those who hate banner ads however, especially on the grounds of bandwidth.
However opting out of DoubleClick's system isn't going to stop you from receiving banner ads. It just means that they won't be able to serve you the banner ads that their system thinks you will be most interested in.
At the same time, there are commercial organisations collecting and storing information about my habits every day - supermarket club-cards, Visa spending patterns, online book purchases etc. I truly hope that for the most part they are doing so, in order to learn more about my habits as one of their many customers. To be honest, unless they start sending me unsolicited spam, I don't find it too much of a hassle.
I also sometimes think it must be quite amusing, as I live a fairly unconventional lifestyle.
I spent a few years hiding from all the lists I could. I was avoiding the "poll tax" in England. Every 6 months I moved house, I worked so I wouldn't be on the unemployment register, I never filled in official forms.
The tactic worked, but it was hard work. It also meant no credit, difficulty getting banking facilities, difficulty getting utilities connected when I moved house - everything was a lot of hassle. In the end the Poll Tax went away and I was able to come back into normal life and start building up a credit rating etc. Much easier to manage life.
In short - I understand people's privacy concerns, but how serious is it really, to have targeted advertising pointed in your direction??
Re:Does it make much difference?? (Score:2)
Same here, but this then raises the interesting question of whether this behaviour is legal in the EU or not. I'm no lawyer, but IIRC UK Data Protection law requires information stored on you to be:
- Relevant
- Accurate
- Up-to-date, which includes destroying data you no longer need.
and, as I understand it, that's basically the case across Europe for all data held on computer.Now, Abacus probably don't have too much information on EU citizens because of those provisions, but if they do somehow get the data, is this then illegal? After all, one of the provisions of this legislation is that you can't export the data to a country with less stringent data protection laws to get round this. So, would this sort of thing count as gathering the data within the EU (for EU citizens, that is) then exporting it?
If this one isn't already defined then I could see the lawyers having some wonderful fun arguing this one...
Greg
Community maintained blocklist (Score:3)
There is also a nice URL [junkbuster.com] to verify that you are runing the proxy correctly, and displays the loaded blocklist and configuration. It works great as a home page.
I've been using this setup for quite a long time and I am very happy with the results. The browsing time is greatly increased and without the clutter.
Edit your cookies.txt regularly (Score:3)
Cleaning out this file does a couple of things for my peace of mind. 1) It screws with the statistics of all those places that use cookies for tracking me. 2) It clears out potentially percievably incriminating data if my employer were to decide to hire web-Nazi's to see what people are doing on company computers even in their off hours. If I ever want somebody to know what I've seen on the net I'll tell them myself.
--
Re:I use AtGuard (Score:2)
Cool features include an estimate of the time saved by not downloading banner ads, a switch to block popup windows in Java(script), and a switch to modify animated GIFs so they only play once.
When something comes up it hasn't seen before it pops up a dialog asking how to deal with it. This is the firewall software for your grandmother, or at least as close as it can be.
Altogether a nice package. BTW, I have no relationship with these people other than as a satisfied customer.
Paul.
Re:Close, but not quite.. (Score:2)
The vulnerability was in version 4.5 I believe and Netscape's "quick" fix was to set the cookie setting to "Accept only cookies which get sent back to the originating server"
P.S. What web site's scripts actually put your username and password in the URL string? That sounds incredibly stupid to me, for precisely the reasons you indicate. Any high school web-head knows better than this. Sounds like you need to write a letter.
I've run across "back woods" free email sites that embed usernames/passwords in the URL, myownemail.com is one I remember but it has since been fixed. ValueClick, one of the bigger banner ad brokers used to do this with their account section as well. This was REALLY bad since if someone got your username/password, they could re-route your checks! And I agree, people should know better than to do that. Their initial response was "there are no external links in the account section" but with the way MSIE throws out invalid referrers by grabbing random history URLs, it was very possible that a ValueClick username/password would end up in someone's access.log. After demonstrating this to them, they finally changed the system to use time expiring tokens in the URLs.
A correction and my experience (Score:3)
This isn't true if you leave Netscape's cookie settings at the default of "Accept All Cookies". You need to change it to "Accept only cookies which get sent back to the originating server" to prevent sites from "stealing" cookies of other sites with malicious javascript. I'm not sure how it works on IE but I'm sure it's just as easy with ActiveX giving out access to your entire hard drive to whomever wants it.
Now, as for tracking, cookies, and ads
And yes, I run ads and cookies on my site out of necessity, not marketing or demographic reasons.
Re:Discard images from different site than page? (Score:3)
In either \windows\hosts or
Essentially, the image will be broken. Some browsers handle this more gracefully than others.
------
Don't like it? Opt out. (Score:5)
------
Simple effective solution : filter it away ! (Score:2)
Fakeclick... (Score:2)
Someone wrote in an earlier discussion (I won't take credit for it) that their ought to be a server that mimiced doubleclicks url interface, so that we could simply point doubleclick.net at that server in our hosts files. Maybe the server could sell adds and give the money to charity (and not tracks users, and carry only 2 kB static gifs).
I wonder if they would sue for that...
Most important: please don't start advocating laws for to solve things like this. Informing about it is good (this was a great article) but enforcing by violence, and our laws are based on violence, that which can be solved by intellect (a simple hack that keeps doubleclick and co out of your cookies file) is ALWAYS BAD.
-
Take control for yourself! (Score:3)
Why bother with letter DoubleClick decide to remove their cookies? Do it yourself! In WebTechniques [webtechniques.com], Randal Schwartz [stonehenge.com] wrote an Anonymizing Proxy server in Perl that can run as a console app in the background that you can use to strip out all your cookies (as he wrote it), or, with a slight modification, you can have it strip out only DoubleClicks's cookies.
The original column is at http://www.stonehenge.com /merlyn/WebTechniques/col11.html [stonehenge.com] (code here [stonehenge.com]), and he updated it (a "Preforking, compressing proxy" [stonehenge.com] (code [stonehenge.com])) last February. He also wrote a "Cookie Jar" [stonehenge.com] (code here [stonehenge.com]) application that can be used for the same purpose.
They all run on *nix, of course, but I have gotten the original proxy server running on a Win95 box and on WinNT boxes using ActivePerl.
Check it out. Take control for yourself--don't rely on their ridiculous "opt-out" option. Fight back.
darren
Slashdot Cookie (Score:2)
Adds at Net Speed (Score:2)
Imagine applying that to the rest of the advertising world.
I'm reading a magazine. Upon seeing an add for a new car, if I'm not immediately calling the dealership to get more info... the add has failed.
I'm watching TV. McDonald's tempts me with various fast, hot offerings. If I'm not immediately driving to the local franchise the add has failed.
The radio's music selection is interupted. Coca-cola plays the "pop-hsssssst" noise of a fresh can being opened. I should be at my fridge and rooting out a Coke like some kind of experiment by Pavlov. Otherwise, the add has failed.
Please.
Advertisements don't generate immediate sales. They get the product out there in the minds of an audience. They let people know they're there. They might even, gawd forbid, SAY something about the product. But the main intent is mindshare. The consumer should think "I'm hungry" followed by "McDonalds". Coca-cola (followed by Pepsi) own the soft drink market. They're entrenched. Why bother spending huge amounts on advertising then? Mind share.
Click-through rates are an antiquated part of the web. Sure, bleeding edge companies like DoubleClick needed something to convince advertisers to divert funds from tried-and-true traditional media. But now its extra baggage.
Electronic media is becoming a part of the mainstream. Sure, traditional media will insist on the greater validity of "traditional journalism". While the point is weak at best, they are partly correct; traditional media will still be around. But it is slowly being time shared with its new online cousins. That means lost advertising time in the traditional space. That's less time to generate mind share for your product. If an advertiser wants to make that up, they need to also run online banners.
Advertisers WILL advertise online - with or without click-through rates.
Registered Opt-Outer (Score:2)
Saaay. Spammers are kind enough to offer the same services. Maybe I should send THEM opt-out messages too?
For some reason, I fail to trust either.
If you use windows, try WebWasher (Score:2)
It can also remove referring-page info, etc.. and is very easy to setup and use, windows only unfortunately.
Have a look at: http://www.siemens.de/servers/wwash [siemens.de]
Re:No; monsters here. (Score:2)
Re:IMG SRC cookies needed (Score:2)
Re:You want your lame non-graphic Internet back?? (Score:2)
Let me let you in on a few things they might not have told you, though. Ads are not in my interest. If I was interested in buying something right now, I'd be at eBay or Amazon, not Slashdot. Ads are targeted at getting me interested in something I'm not interested in.
The purpose of advertising is to influence behavioral choices. Targeted advertising is meant to be a more effective means of influencing behavioral choices. Some of us would prefer not to be programmed in this manner.
A higher purpose?! What could it be? Do GIF cookies feed the starving, house the poor, fight for Truth, Justice, and the Open Source Way? Oh, shoot, they just help with statistics. And they don't even do a good job of that since you don't know how many users have cookies off, deleted, or filtered! Well, there was a WWW before there were banner ads, you know? (There was even an Internet before the WWW! Really, it's true!) And the banner ad seems to be dying. If it goes away, something else will take its place - maybe PBS style memberships, maybe affiliate programs, maybe sponsored links.But that aside, you don't need to track me to show me an ad! TV doesn't. Radio doesn't. Billboards don't. I am perfectly anonymous when I ignore those ads. I prefer to also be anonymous when I ignore banner ads.
Re:Why's Everyone So Concerned about Privacy? (Score:2)
Good Point (Score:2)
Imagine what we can do with the mozilla source... (Score:3)
Think what we will be able to do with the final mozilla code though:
Oh, for more coding time and less projects to work on!
My independant Opt-Out option (Score:2)
OK, the unwanted cookies do not get removed when I'm online but everytime I reboot the unwanted ones get thrown out, forcing ad banner companies to set a new one every time.
Just thought I'd share the idea.
We could all have the same cookie (Score:2)
Busting Doubleclick cookies crumbles others, tho.. (Score:3)
From the WWWAC List, as posted by a user there:
"I was having trouble putting items in my buy.com shopping cart. It kept
telling me I should check my cookies to make sure I had them enabled.
I do have them enabled.
However, in my hosts file I have the hostname ad.doubleclick.net pointing
to 127.0.0.1. (I seem to get about 30% fewer ads from this as I surf.)
Problem is, buy.com is broken when you point ad.doubleclick.net to nothingness.
I removed my block on Doubleclick and buy.com worked fine"
I must say the all-or-nothing implications of this is making me spew my coffee.
Comments? Technical solutions to this?
Re:No; monsters here. (Score:2)
mod the above comment up, please
jsm
Netscape 4.61 (Linux) and Cookies (Score:2)
And found a setting saying "Only accept cookies originating from the same server as the page being viewed".
This just might be the plug to the "GIF cookie" loophole.
Hans Voss
---
Re:Junkbuster is the way to go (Score:2)
We need banner ads. They're a way of funding the Net from the disposable income of the WebTeeVee horde, so as to keep it cheap for those of the elite nerderati who have the ability to filter them.
Think of it as funding opera from lottery tickets 8-)
Re:cookies? (Score:3)
Ignorance, fear and unjustified paranoia mainly.
Time was when cookies just applied to a single site. What this fine article points out is that this is no longer true. The vendors of banner ads can now not only tell that I read Slashdot, but also that I read other sites AND they'll know that it's the same user agent who reads both Slashdot and UFO review, or who regularly reads content from 15 different sites about PalmPilots. This is much more commercially valuable information than simple being a Slashdot reader.
Weblog and magazine sites aren't the best place to sell banner ads. Lovely sites, but their catchment is just too broad. A real killer for banner ads would be technology that hits me with cigar ads on the prestigious Salon site, because it also knows that my browser visits regularly visits humidor.com.
Assuming that they'll do the things most profitable to them, chances are that the banner ad companies will use this information to send more specifically targetted banners. This isn't a bad thing overall. It probably means that when I read Slashdot in a year's time, I'll see the Linux banners replaced by golf club banners, because I'm not a Linux person but I do play an awful lot of golf. Is decoupling the banner ad from its host site context such a bad thing ? I think not.
Expect also to see cheap banner ad rates for small specialist sites like golf and cigars. They're not feeding the banners to make revenue, they're doing it to catch demographics. We're already seeing many kid's sites with on-line games, that are just there to catch information on who has kids and who is worth targetting with toy adverts. Imagine that being used to sell you kid's toys when you're browsing Slash, because months back it found you had a couple of pokemon-crazed offspring.
OTOH - If you're feeling paranoid, consider what a malicious ad server company could do with a cross reference of those browsers that regularly access both Church News and World Of Pron, or Accountancy Online and the Lose-Your-Shirt Casino. Remember too that "media" companies often extend from gutter tabloids to market research and new media companies. Now that makes me uneasy.
Re:You want your lame non-graphic Internet back?? (Score:2)
If you're going to mention your country, could you at least name it so I have a point of reference?
Re:Why opt out? (How 'bout this one?) (Score:2)
This perl script will change a few bits in each cookie, whenever it's run, though it only works on cookies in the cookiefile (session-only cookies won't be affected, and cookies already loaded into netscape probably won't be affected) I think you can tell it not to change certain cookies at all, but don't quote me on that.
Unless the site has implemented ECC (error-correction codes) in their cookies, this will at least confuse the heck out of the servers, and might accidentally give you someone else's tracking number for a while.
I can see the website owners complaining about this now... "How dare you screw up my carefully set cookies? Are you some kind of evil hacker?"
I dare, because you do. I chose long ago to use my powers only for good
Slashdot is one example, in that if you want to be heard, you have to login and accept the cookie.
I understand the need to make money. I just don't understand the need to make more money by tracking every move a customer makes, just because it's possible. Possibility does not imply correctness.
In simpler words, "just because you can do something, doesn't mean you should."
I no longer use Application Service Providers, for just that reason. There's absolutely no guarantee that (if it existed) Microsoft Office for Web wouldn't store a clear copy of anything I might write on it somewhere that MS could search through it for interesting bits. MS:"But we won't search through it for interesting bits" Errr... Yeah, that makes me feel much more secure. And I won't search through Microsoft source code for interesting bits either. That doesn't mean they'll give it to me.
Re:/. and freshmeat are blocked by junkbuster (Score:2)
No "playing favorites" by only letting certain sites through. I'm thus being unfair in equal proportion to all, which I think is actually being more than fair. To me, personally, ads do nothing to improve the net experience. To me, personally, they tend to decrease my enjoyment of the web. If I do nothing to discourage their use now, things will only get more commercial in the future.
I do not wish to encourage the further commercialization of the net. Any way that I can block ads, I will. Usenet, for instance, due to the lack of control from certain companies, is so full of advertizing, that no useful message gets through.
Advertizing, once it hits a medium, be it net, TV, or radio, never wants to stop. Ads may, or may not, work, but companies become afraid that if they don't advertise as much as their competitors, then they'll lose business. Thus, advertising tends towards a maximum.
At any point, if Slashdot was truly hurting for money, they could ask for donations. I'm perfectly happy to send in my $5 or so, along with everyone else. What I dislike, is the fact that Slashdot gets an unknown amount of money from bannerads, and there's no way for me to know either:
A) The product advertised is any better than any other product that's not been advertised. As far as I know, CmdrTaco et al do not decide exactly which ads get put up top, other than perhaps excluding blatantly Microsoft ads.
Or,
B) The product is worse than other alternatives, but got advertised more because it paid more for it.
A company's idea of how good its product is, and how much it advertises, and how good the product really is, are three almost independent variables, and the goodness of a product cannot be determined by watching or clicking through the ads.
Yes, my view of the internet doesn't mesh well with the desires of corporate marketing departments. For that, and for depriving Slashdot of the few cents of revenue they might get from my actually viewing the banner ads, I apologize must humbly. Where should I send the $5 for this years worth of banner ads?
Re:No; monsters here. (Score:3)
Welcome to the well-tracked world of the URL. It takes a great deal of time and effort to avoid tracking. If you want to avoid being tracked, you always have to examine the URL carefully BEFORE you click it.
If the medium is the message, why does the Direct Marketing Association require the target to send a request by US mail, in order to be put on the Telephone Preference Service? It's called cost-shifting by privacy advocates, and good business by the DMA.
Re:It's not the advertisers that matter ... (Score:4)
"You have no privacy, get over it."
The problem is that most CEOs do not have much in the way of privacy, what with journalists and photographers following them around with tape recorders and cameras, and security personell protecting them from unwanted attentions.
This lack of corporate director privacy encourages them to ignore the feelings of those who do have a small amount of privacy already, and make it truly difficult to remain unknown and still get the services provided by the corporation.
Slashdot itself is somewhat guilty of this. Everybody knows that Rob has an email address. Most who read Slashdot know how to find it, and probably send him enough email that he's swamped. At least occasionally, he's followed by reporters.
So, we end up with a login system that's not only extraordinarily complex and customizable, but also cookie powered and easily trackable. If Rob wants to find out what I read today, he probably can do so fairly easily. He can tell me that he's not, and won't, and that the software system that Slashdot uses is designed to prevent tracking (No, he hasn't told me this.) There's no proof one way or the other, unless there's tracking in the current Slash release.
Oh, and targetted ads... To DoubleClick, the-dma.org, et al, go away. I'm not a target, I'm a human being, and I despise being treated as another datapoint to be aimed at. Sure, I am a statistic. That doesn't mean I like it, or that I want to be treated as one by a bunch of corporations.
A low amount of privacy is no excuse for reducing privacy further.
The real privacy zealots will not be posting to Slashdot, or anywhere else on the net.
Why opt out? Do it hacker-style... (Score:5)