Google Using DoubleClick Tracking Cookies

dstates sends news coming out of the letters the House Energy and Commerce Committee sent to a number of broadband and Internet companies about their policies and practices on user tracking. The committee has now made public 25 responses to its queries, and many companies, including Google, acknowledge using targeted-advertising technology without explicitly informing customers. The Committee is considering legislation to require explicitly informing the consumer of the type of information being gathered and any intent to use it for a different purpose, and a right to say "no" to the collection or use. The submitter notes that, while Google denies using deep packet inspection, if the traffic is a Google search or email to or from a Gmail account, Google does not need DPI to see the contents of the message. "The revelations came in response to a bipartisan inquiry of how more Internet companies have gathered data on customers. Edward J. Markey (D-Mass.) said 'Increasingly, there are no limits technologically as to what a company can do in terms of collecting information... and then selling it as a commodity to other providers.' Some companies like NebuAd have tested deep-packet inspection with some broadband providers Knology and Cable One. Google said that it had begun to use the DoubleClick ad-serving cookie that allow the tracking of Web surfing across different sites but said it was not using deep packet inspection. Google promotes the fact that its merger with DoubleClick provides advertisers 'insight into the number of people who have seen an ad campaign,' as well as 'how many users visited their sites after seeing an ad.' Microsoft and Yahoo acknowledge the use of behavioral targeting. Yahoo says it allows users to turn off targeted advertising on its Web sites; Microsoft has not yet responded to the committee."

Solution: Opera

[morgan_greywolf (835522)]

1. Turn off cookies globally.
2. Turn on cookies for sites that need it by hitting F12 and hitting 'Accept cookes only from the site I visit'.

Done. No more doubleclick cookies.

Solution: Options

[bunratty (545641)]

Or use Firefox and uncheck Accept third-party cookies in the Privacy Options. Or use Internet Explorer and block third-party cookies. Or use Safari and disallow third-party cookies. I don't see any reason to switch browsers just to access a basic feature.

Re:Solution: about:config, not Options

[Kargan (250092)]

The developers of Firefox removed the option to disable third party cookies in Firefox 2.0 and later, stating the reason that it was not possible to block all third party cookies with this function.

There are basically two options to disable third party cookies in Firefox 2 versions.

The first would be to disable it manually by opening about:config from the address bar. Search for network.cookie.cookieBehavior and take a look a the value. If it is set to 0 you accept all cookies, 1 means you only accept cookies from the same server, 2 means you disable all cookies. Setting it to 1 has the same effect that the option in the old firefox browsers had: it disables third party cookies.

You could install an add-on as well that blocks third party cookies. One of the many extensions that does that is called CookieSafe [mozilla.org]. This one makes it possible to disable all cookies and allow them only for specific sites (whitelist).

Re:Solution: about:config, not Options

[bakuun (976228)]

They added the function again in firefox 3.0, so it is again possible to block third-party cookies without any extensions or other software than just a fresh firefox installation.

ESSENTIAL ADD-ONS

[zobier (585066)]

Like others have said, CookieSafe [mozilla.org] and CS Lite [mozilla.org] are like NoScript [mozilla.org] for cookies with the option to allow cookies for a specific site: permanently, for each session or once-off.

I currently use the above extensions as well as Adblock [mozilla.org], Filterset.G [mozilla.org] and RefControl [mozilla.org]. The latter set to "forge" (send the root of the site as the referrer).

I consider these the essential privacy/security add-ons for Firefox. I'm interested if anyone has any others to add to the list.

Re:

[I)_MaLaClYpSe_(I (447961)]

Sorry, hit submit accidentally:

I use:

• Adblock Plus, for blocking Advertisement

• CustomizeGoogle, for making gmail use HTTPS only

• Firekeeper, IDS/IPS for Firefox

• FormFox, shows you where a form submitted gets sent to

• McAffe Site Advisor,

• NoScript,

• SafeHistory, defends against visited-link-based web privacy attacks

• Site Security Policy, enforces security policies for how a websites's content should behave

• TrackMeNot, protects against data profiling by search engines

• User Agent Switcher, lets me surf as googlebot

Re:

[AmiMoJo (196126)]

An even better option is the Cookie Button extension for Firefox. It is basically a shortcut to add and remove sites from the exceptions list for cookies. That way you can set Firefox to accept but clear all cookies when closed, except those you elect to keep (to stay logged in to forums etc).

This protects your privacy by preventing tracking over sessions, while screwing things up for advertisers. It would be even better if there was some way to delete cookies over an hour old automatically, as that would p

IF your browser handles 3rd part cookies properly

[schwaang (667808)]

Not all versions of major browsers behave the way you expect them to when you try to disable third-party cookies.
Check out Steve Gibson's cookie forensics page [grc.com].
Here's a neat browser stats page [grc.com] showing graphically how GRC visitors have their 3rd party cookies configured by browser.

Re:Solution: Options

[beckerist (985855)]

https://addons.mozilla.org/en-US/firefox/addon/5207 [mozilla.org]

Yep

Why is this news?

[vtavares (148447)]

Did anyone really believe Google wasn't doing this?

Re:

[haystor (102186)]

This is an outrage! My advertising is relevant!

Re:

[mikael (484)]

I noticed that the download of slashdot webpages would be delayed by some strange link to

http://www.google-analytics.com/ga.js [google-analytics.com]

http://www.ad.doubleclick.net/adj/ostg.slashdot/yro_p1_leader;logged_in=1;dcopt= [doubleclick.net]....

You can check this by clicking on Adblock in Firefox.

I do wonder if this allows doubleclick.net to see past "anonymous coward" postings.

"The Committee is considering legislation"

[sm62704 (957197)]

Translation: "better start donating to our campaigns."

Cynical? Yeah, I'm cynical. You don't get as old as me without being either stupid, cynical, or both. My bet is the legislation will either die in committee, or be watered down to the point of meaningless, or voted down.

It's alright

[by Anonymous Coward]

I usually just single-click any urls I come across.

And slashdot uses doubleclick & google-analyti

[viking80 (697716)]

And slashdot uses doubleclick & google-analytics as well.

Try disabling scripts with firefox "noScript". I think /. is more readable without allowing doubleclick.net & google-analytics.com

Re:

[afabbro (33948)]

...well, it does except for all of us who speed up our surfing by putting

127.0.0.1 google-analytics.com

in our hosts file...

Re:

[christefano (899436)]

Don't forget these, too:

127.0.0.1 www.google-analytics.com
127.0.0.1 ssl.google-analytics.com

While you're at it:

127.0.0.1 doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.ne

Not a problem

[gamanimatron (1327245)]

Ahem. STOP SPENDING MY TAX DOLLARS ON THIS CRAP.

Anyone using a computer who doesn't understand why they shouldn't accept all cookies and scripts and click on everything shiny deserves (yes, really!) to have their actions remotely monitored and the resulting data sold to the highest bidder.

I don't want to drown in regulation just because some idiots can't be bothered to pull their collective head out before they use their systems.

Re:

[Gat0r30y (957941)]

What if your ISP just starts to monitor all your traffic by IP? Do you have any reasonable expectation of privacy on the internet?
1)ISP gives you a static IP
2)Monitor all traffic to/from said IP address
3)Sell for profit
That would be OK with you?
What if they also decided to block any and all encrypted traffic?

Ummm

[gEvil (beta) (945888)]

Ummm, isn't this exactly what we would expect them to do with all that information? The only people who should be surprised by this are the ones who have no idea how the internet works. That said, there are plenty of workarounds, including limiting accepted cookies only to sites you specify, or having your browser clear everything out upon closing. Sure it doesn't totally fix the problem (assuming you consider it a problem), but it certainly does limit the amount of tracking they can do.

Re:

[John Hasler (414242)]

Or just not accepting any cookies at all from Google or Doubleclick.

A missprint in its mission statment.

[jellomizer (103300)]

"Don't Do Eval". not "Don't Do Evil". The guys at Google wanted to make sure all the employees wouldn't use the eval command to create possible security holes by executing string.

Opt out if you're worried

[SiliconEntity (448450)]

Google makes it easy to opt out of the doubleclick tracking cookie:

http://www.google.com/privacy_ads.html [google.com]

"Anyone may opt out of the DoubleClick cookie (for both the Google content network and DoubleClick ad serving) at any time by clicking the button above."

Re: Opt out if you're worried

[rs232 (849320)]

"Google makes it easy to opt out of the doubleclick tracking cookie"

Or you could put doubleclick.net & google-analytics.com in your hosts [someonewhocares.org] file and point the entries to 127.0.0.1 The advertisers still don't get it, intrusive adverts like on television don't work on the Internet

Re:

[MarkusQ (450076)]

Nothing wrong with cookies. It's not "private data". My name, credit card and home address aren't included. I WANT websites to know my desktop resolution, screen depth, and even processor speed if it means the website is presented in a manner tailored for and best suited to my needs!!

I'll change my mind when they start tracking national IDs, bank accounts and capturing my webcam streams without my permission.

The problem is, a disturbingly small amount of information is needed to distinguish you from ever

Re:

[PetriBORG (518266)]

A useful link.

Funny thing is that when I clicked on Opt-out I got the following error:

DoubleClick DART cookie opt-out error

An error occurred assigning the opt-out cookie. Possible causes include manually rejecting the opt-out cookie when it is assigned or that your web browser is configured to reject cookies automatically. Check your browserâ(TM)s configuration settings, and please try again. Note: you will get this error message if your browser does not support cookies.

Apparently their opt-out i

not a problem ..

[rs232 (849320)]

Not a problem as I don't ever see adverts, as I use Firefox, nscript and customised userContent.css and userChrome.css files. At least while I still have legal control of my computer.

I can turn off targeted advertising...

[XanC (644172)]

...With or without Yahoo's option.

AdBlock Plus [adblockplus.org]

Block all cookies by default

[mlwmohawk (801821)]

In this day and age, just block all cookies by default, and allow ones from sites you use. This will even block "doubleclick" cookies as those aren't from the site you are visiting.

This doesn't address IP address, but it is a step.

Privoxy or a Blocking hosts file is your friend.

[Lumpy (12016)]

Honestly, I dont care about the legit uses anymore this stuff is so out of hand that I am helping lots of people non techy and techy alike to install blocking hosts files and privoxy on their home computers to eliminate this crud.

Friends dont let friends surf the net without adblocking.

Use CS Lite if you're using Firefox

[HomerJ (11142)]

CS Lite [mozilla.org]

This will let you block all those types of cookies, and as well give you MUCH better cookie management in Firefox. It lets you just deny cookies globally and just enable them for sites you want, without being a total pain in the ass

Combine that with Adblock Plus, with the tracking filters, and you can get past all this tracking stuff without having to use no-script, which considering how javascript heavy most sites are today, is like swatting a fly with a sledgehammer

DFP

[binaryseraph (955557)]

After they sort this cookie stuff out, I hope they hold a House Commity on forcing DoubleClick (google) to make an ad-server that doesnt crash every 5 minutes (or at least one that you can log-into with firefox). -Disgruntled Ad Trafficker

Disingenuous much?

[BobMcD (601576)]

I find it ironic that this government, who greedily gobbles up vast volumes of data at every opportunity, would be barking up this tree.

Re:Disingenuous much?

[Opportunist (166417)]

"Do as I say, don't do as I do".

It's not just for religion anymore.

Re:

[John Hasler (414242)]

The US does not have a parliamentary form of government. The adminstration (the "government" in European parlance) is distinct from the Congress, which is what is holding these hearings and is controlled by the opposition.

Re:

[JCSoRocks (1142053)]

They have to make it look like they're against this sort of thing so that they can keep on doing it themselves. That way the sheeple will believe them in 2015 when they say they aren't doing anything wrong even though there's mountains of evidence pointing to a national database full of illegal surveillance information and biometric data on every citizen.

Not the same

[CopaceticOpus (965603)]

Google's targeted advertisements seems reasonable; When you decide to use their free services, you should know that advertising is a part of the deal.

Broadband providers using DPI, on the other hand, is like the USPS opening your private mail and then profiting off of what they learn about you. It's all about the expectation of privacy. Broadband providers need to transfer bits and stay out of the content business. If they start doing this, there will be no way to use the internet with any modicum of privacy.

And Doubleclick doesn't need DPI either...

[nweaver (113078)]

You see, they don't just get the cookie, they also get the referrer field, so Google doesn't just get to see that it is "Nicholas Weaver" who's surfing the web, but can see that I am composing a reply to this article, because the referrer field in the doubleclick adds and google analytics on slashdot allow them to know this!

Evil...

[Darkness404 (1287218)]

It seems like DoubleClick is Google's evil twin. When Google wants to get something using "do no evil" it is Google, if they want to do something that is evil, they use DoubleClick

Obvious?

[statemachine (840641)]

The submitter notes that, while Google denies using deep packet inspection, if the traffic is a Google search or email to or from a Gmail account, Google does not need DPI to see the contents of the message.

Google can read your Gmail? Shocking! Who doesn't know this?

Tinfoil hats are the way to go

[pseudorand (603231)]

This isn't news to me. I proudly wear a tinfoil hat and therefore have always assumed Google and every other search engine does everything technically possible to track my internet usage. And I behave accordingly. Firefox deletes ALL private data each time I close it. I don't do ANYTHING on the Internet that would be upsetting if it were public knowledge.

So, you see, those of us wearing tinfoil hats aren't recluses that hide in the forest and survive on nuts and berries to avoid the grid. Instead, we are people who simply avoid the grid if and when we do want privacy and don't get upset when we get some confirmation of what we've known all along: the grid ain't private.

And as for targeted advertising, everyone's got it all wrong. Targeted advertising is the ONE thing that I DO want them to track me for. After all, seeing ads for things I might actually want to buy rather than crap I don't want is a Good Thing. Targeted Advertising IS consumer friendly. It's feeding the data into health insurance eligibility and credit scores and potentially inaccurate data into legal proceedings that's scary.

So everyone needs to stop worrying about advertising and start demanding that congress pass a law stating that if a company collects information about you and shares it with a third party without your explicit consent, that information is considered "public" in that it can count towards liable claims. Don't worry about what they share. Worry about your right to sue them if sharing the info causes you harm.

An observation

[dkleinsc (563838)]

Maybe it's just me, but has anyone else noticed the pattern of a roughly daily "Google invades your privacy" story?

I'm not saying they're accurate or not: for all I know it's just an astroturfing campaign. It's just a significant trend around here.

Full Disclosure.

[Ohrion (814105)]

Full Disclosure is the only thing I think Google needs to have, which it appears they already do. If you disagree and want to opt out, there is an easy solution (use another search engine). What I personally care about, is if my Internet Provider starts doing this. I believe there is a big difference between the 2.

But isn't Google already opt-in?

[by Anonymous Coward]

while Google denies using deep packet inspection, if the traffic is a Google search or email to or from a Gmail account, Google does not need DPI to see the contents of the message.
..
Markey said he and his colleagues plan to introduce legislation next year, a sort of online-privacy Bill of Rights, that would require that consumers must opt in to the tracking of their online behavior and the collection and sharing of their personal data.

Isn't DELIBERATELY having all your email intentionally sent to Google, about as opt-in as things can get? We have known all along that Google reads the email that the users opt to have sent to them.

I am starting to really get pissed off at the weirdo "modern" privacy movement. It used to be that we worried someone was watching us. But now we're taking active steps to push our "private" information into other people's faces, while still expecting them to not pay attention to what we are giving them. It's starting to get really absurd.

The first step to protecting your privacy isn't to regulate the spies. No, the first step is to stop cooperating with the spies. If you won't take that step, then your privacy obviously doesn't mean jack shit to you, so quit crying to the government to do something about it.

Stop sending I-looked-at-this-webpage packets to doubleclick. Stop sending your private email to Google, and stop sending your search requests to Google. You are giving them this stuff. You fucking opted in.

I always thought

[bogie (31020)]

That people who used Gmail for anything remotely personal are fucking nuts. 5 years, 10 years down the road do you really think that all of your personal Gmail information won't be either a) sold to advertisers, insurance companies, and financial institutions and b) stolen by hackers?

The original Google founders have no idea what a monster they are creating. An essential, and most times helpful monster, but a monster none the less that will someday turn on everyone. I'm looking into only using a proxy for all Google searches, you should too.

CustomizeGoogle

[Animats (122034)]

There's CustomizeGoogle, a Greasemonkey script which will, among other things, randomize the replies to Google's cookies. Unfortunately, it's rather slow, and may result in Javascript "script running too long" errors. Right idea, though.

Re:

[IceCreamGuy (904648)]

why would they NOT use doubleclick's cookies? Did you think they paid $LARGEAMOUNT for doubleclick just to shut them down?

"$LARGEAMOUNT" = /s/\/d/$PUREEVIL/;

Re:

[jeiler (1106393)]

Lessons in Googlespeak:

"Google does it" == "Not Evil."

Re:But But ...

[Anne_Nonymous (313852)]

>> their motto is "Don't be evil"
 
...where "don't be" approaches "be" for some values of evil.

Re:

[Colonel Korn (1258968)]

I'd rather targeted advertising than random advertising since no advertising isn't an option.

I suggest you refer to several of the above posts, and perhaps to a Google search on the subject. (Virtually) no advertising certainly is an option.