Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

DoubleClick Settles Privacy Investigation 99

Posted by michael from the nothing-to-see-here-move-along dept.
guttentag writes "DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.' It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles. However, it will continue to use to track users with cookies. The Washington Post also has an article, but it is conspicuously missing the standard disclosure statement that informs readers of The Post's business relationship with DoubleClick." Well, let me be sure to point out then that Slashdot also serves Doubleclick ads. If you recall, this all started when Doubleclick merged with a database company and announced plans to merge its online and offline databases.
This discussion has been archived. No new comments can be posted.

DoubleClick Settles Privacy Investigation More

DoubleClick Settles Privacy Investigation

Comments Filter:

  • Profiles (Score:2, Insightful)

    by Delrin ( 98403 )
    What? Are they like Equifax and the other credit agencies now? "Access to their profiles". Let me guess, this will involve making 10 phone calls, waiting on hold. Where's the URL man!?
    • "Let me guess, this will involve making 10 phone calls, waiting on hold."

      And after all that, it'll still be wrong

  • Doubleclick makes me happy ... (Score:4, Funny)

    by YeeHaW_Jelte ( 451855 ) on Tuesday August 27, 2002 @08:28AM (#4147604) Homepage
    ... that I get prompted by mozilla before I accept cookies.
  • "DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.

    Thats small compared to what they made.. and they will "continue to track users with cookies"

    Says what... if audit takes 4 years they can do what they do for 4 years.
    Their privacy policy is a big joke... but who cares anyways. Whats about cost to "users".

  • "It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles."

    Where will we have access to our profiles? What will it be looked up by? Our cookie? Our email address? I will be interested to see just what information is linked to me personally.

    I don't think we will be able to see everything. Only time will tell.

    Chris
    www.talkingtoad.com

  • Bank of America (Score:5, Interesting)

    by Anonymous Coward on Tuesday August 27, 2002 @08:30AM (#4147616)
    Doubleclick will sell to anyone, and I can't believe that some people buy into it. For example, I have an account with Bank Of America, and one day while I was checking my account balances I noticed that mozilla was loading something from doubleclick. I looked at the page and there were no ads to be seen. I checked out the HTML source and sure enough they were loading a 1x1 transparent gif from doubleclick. Now, could someone please explain to me why Bank of America would be interested in doing that? The only possible reason they could be doing this is:

    1) Doubleclick is paying them an assload of money to do it.
    2) BOA is receiving browsing profiles for their banking customers.

    Those are the only possible benefits I can see from this whole thing. Any comments?
    • 3) The web designer has a dbl click account, and is sticking a link on every page he does.

    • I'm not a BOA customer, but presumably there's an online privacy statement or a terms of use somewhere. It should state what information is collected and how they use it.

      Have you read it?

      If it doesn't say anything, just phone them up and ask them.

  • its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it. I have yet to see a cookie that serves a dual purpose of tracking you and doing something useful, like a shopping cart. It seems that doubleclick and other ad companies always use separate cookies from that of the site advertised on.
    So until they find a better way to do it, I don't think they are going to get me.
    As for all this stuff they are doing. Allowing users to view profiles. Paying for "education" etc. It's all just the usual. They do a few things to make themselves not look like a horrible evil. Whoever is pestering them has to lay off for a bit, and they continue business as usual.
    Does anyone know if doubleclick is currently profitable? I mean considering how banner ads don't work, how can a company that relies on them still exist?
    • You have IP? I have IP, oh 100% ok?

      Seriously. Web site owners can track your viewing habits by checking their log files. Your friggin IP is logged in it. If I collaborate with website XYZ we can both check what you are doing.

      So um? get real!
      • Well, IP address for a lot of dialup users are reassigned each time they connect. For AOL users, this means millions of possible address. Given that AOL has something like 40% market share in the US, IP based tracking won't work that well.

        On the other hand, cookie based systems work well, and are linked to user accounts on specific computers.

        Opting out is done by setting the double click cookie to zero or something, and it seems to work pretty well.

        I remember opting out and starting to see ads for feminine hygiene stuff. Maybe it was really a kind of punishment :P
      • Tracking by IP only works if the users have static IP addresses and aren't using proxy servers. So that basically takes care of dial-up, most broadband, and corporate web surfers. Cookies, however, are per user (when the browser allows them).

        So um? get educated! ;)
        • Oh so when you go online you goto one site than hang up?

          There is a correlation between IP and time. E.G YOU!

          If at 10:46 you goto a site with IP X then at 10:48 you goto a site with IP X then if we are collaborating we could put it together that you're the same person.

          Perhaps less effective on the whole but generally not impossible or infeasible at all.

          So um, get creative!
          • And what if it shows the same IP hitting different websites at 10:48:01, 10:48:13, and 10:48:37? Is that a single user jumping around or multiple users behind a proxy? Hard to say.

            Bottom line, tracking by IP address doesn't work. Too many users work through proxies or beind NAT routers and then DHCP and dial-up further complicate things.

            Getting "creative" with data is a way to fool a customer. Real results require solid methods.

            So um, quit being stubborn!
            • I never said cookies are not a good method of getting browsing habits. I am just saying [as a cryptographer] that there is more information lying around than most think. Its just a matter of looking at the data and interpretting it.

              And as you say "lots of users behind proxies" that's true. However, most people I know don't have everyone in their house go on the net simultaneously. So it stands to reason the IP's are due to one user.

              Even still there are other things like referrer tags...etc...

              Tom
    • its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it.

      Same here. And with galeon after doing what I need I open up the cookie dialog, select the cookie I just accepted and hit "remove and block"....just in case :)

      And don't forget the option "limit maximum lifetime of cookies to this session" in Mozilla... (hmm I wonder when galeon will add it as well...)

    • Last year, DoubleClick came to my university to try to recruit coop students. I don't think anyone took them seriously. It was when dot-coms were dropping like flies, and I was so sure DoubleClick was going down too.

  • Cookies (Score:1, Funny)

    by Anonymous Coward
    "However, it will continue to use to track users with cookies"

    You mean they dare to track who goes to their site? Thats an outrageous intrusion into my privacy! Imagine what would happen in high-street stores kept details of who bought what! What about governmental agencies? We must fight this threat to our freedom before its too late!
    • Not their site, but sites that load their ads. You don't have to even visit the doubleclick site to be tracked by their system.

      That's the problem. And I still haven't seen how we're getting access to our profiles.

    • As a part of my holy mission of battling ignorance let me point out that you "go to their" site in the eyes of your browser every time you load some advertisment from their server. Meaning that you probably visited it right now.

  • Ironic.. (Score:5, Interesting)

    by Frank of Earth ( 126705 ) <frank@fper3.14kins.com minus pi> on Tuesday August 27, 2002 @08:35AM (#4147634) Homepage Journal
    Slashdot also serves Doubleclick ads

    Yeah, I know. I find it really amusing when the topic is the typical MS bashing post and there is a huge ad for Visual Studio.net

    • Oh yeah... (Score:3, Funny)

      by Balinares ( 316703 )
      I must say, I just love it, in a perverse kind of way, when MS actually pays Slashdot to host their own bashing.

      Sometimes, life's just too good. :)
  • 'Correct' your profile to be a 80 year old trans-gendered, trans-racial, Alaskian arc-welder living in New York with a disposible income of $125,000.
    That aught to cause a few people to pause.

    Or just change your address to match double click's...

    Remember- the data is only as good as you give it.
    • Just coz I happen to be a skilled manual working eskimo with gender and race issues living in the Big Apple doesn't mean you have to take the piss. Oh, and happy octogenerian birthday to me.

  • They can't track me! (Score:3, Informative)

    by Anonymous Coward on Tuesday August 27, 2002 @08:39AM (#4147656)
    I redirected all doubleclick.anything names to localhost long ago. Problem solved! (Of course there's always junkbuster too)
  • ...what doubleclick do about multi-user PC's?

    Loads of people use my PC, my family when the come round to visit, my friends etc. And they all surf the web taking advantage of my broadband connection :o)

    Their profile of "me" must be a right mess. I think they're taking advertisers for a ride when they say they can target people who visit "this" sort of web page, when there is no guarantee that the person using the computer at a given time is the same person that visited "that" web page.

    I'm sure there's more to it that i'm missing (like linking up with email addresses on forms etc), but i'm still not sure I really understand what / how they're profiling.

    PHB.
    • Most of the time, when more then one person uses a computer frequently, multiple user accounts are set up.

      Under windows (as well as most unix installs) A persons cookies will be linked to their user accounts, not the PC itself.

      And yes, most families really do have seperate user accounts set up.
    • So whenever my girlfriend uses my computer it will add more fun things to my profile, and I get can breast enlargement ads in addition to penile-enlargement ads? I'm sure most of the information they have on a large amount of users is more-or-less useless...
      Hmmm... doubleclick is reading in that a user likes websites about uses for gerbils that certainly aren't sanctioned by my local petstore. Of course, the user was just looking for pet food supplies and found that gerbillove.com isn't actually to do with standard affection for your fine furry friends. That won't stop google though, so now you can enjoy the pleasure of having your email address added to lists such as "gerbilfetish" and "rodentlust" etc etc

      And you wonder how they got your email address...

  • One Word (Score:3, Informative)

    by dusanv ( 256645 ) on Tuesday August 27, 2002 @08:46AM (#4147674)
    Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)

    D.

    • Re:One Word (Score:3, Informative)

      by Jucius Maximus ( 229128 )
      "Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)"

      Yeah but there are always web bugs [nandotimes.com]. You'd better get yourself a hosts blocking list [smartin-designs.com].

      Personally, I swear by /etc/hosts or /winnt/system32/drivers/etc/hosts, wherever the circumstances apply.

      • Web bugs sounds interesting but I can speculate it is IE related (too bad they don't really elabotate) and I don't use IE at all (just too many security concerns with it). Does anyone know what they are using to pull out someone's address book (must be ActiveX/VBScript/Internet Exploder/Outbreak Express related)? Your "hosts" idea isn't too bad either except that I use to many machines to be mocking with hosts file on all of them. Much easier to use squid or BIND to block Doubleclick completely (if you use these). Mozilla cookie handling also helps. Too bad it doesn't support roaming profiles yet so I have to set it on every machine...

        Cheers.
      • You can set Mozilla to block images from sites. That will block the web bugs that are images.
        • "You can set Mozilla to block images from sites. That will block the web bugs that are images."

          Of course you can. (Was the checkbox added back to the GUI in 1.1? I haven't got it yet.)

          But sometimes I use opera or even IE for stubborn sites and then my image blocking does not carry over.

  • What would be better than making you "sign up" to view your profile? Just for authentication, you know, to make sure nobody else accesses it "by mistake". Then, they'd have names and email addresses to go along with browsing profiles, if they don't have a match for every one already. Neat trick, if you ask me.
  • So this screen we sit in front of has some machinery behind it that can track our activities and behaviors? You say it's merging like crazy consolidating databases? Nice. How very 1984.

  • Disinformation (Score:3, Interesting)

    by JanMark ( 547992 ) on Tuesday August 27, 2002 @08:56AM (#4147721) Homepage
    Would it be possible to write a program that feeds disinformation to doubleclick? If 5000 people would download it (I might) and run it on theire xDSL modem... How fast would theire database be turning bad? And if their statistics are wrong, their business is gone.

    How does one wirte such a jammer-program?
    • A simple way to sour their database is a cookie sharing scheme.
      • You have a P2P cookie sharing proxy server.
      • You get sent a request for a cookie.
      • Your proxy computes a random chance of creating a new cookie, or using an existing one
      • If it decided to use an existing cookie, it searches the P2P network for a cookie that matches the requested cookie, and uses that cookie.
      • If it decided to create a new cookie, or if it didn't find any existing cookies, then it requests a new cookie, and uses that one.
      • Whatever the new results of the cookie are are saved, and shared over the P2P network.
      • Cookies are used consistently per session. ie. you only request one cookie per website per 20 minutes, for example.
      • Another mechanism that may be necessary is a cookie checkout mechanism, where each cookie is used in only one session at a time.

      The two problem with this is that you have to explicitly decide which cookies you want to share, as I'm sure not everyone wants to share their cookie saved slashdot login. And you'd have a problem with the possibility of your bank account being linked to a randomly generated browsing profile, or something similar. Neither of these problems are insurmountable, but they need to be addressed.
  • Well, let me be sure to point out then that Slashdot also serves Doubleclick ads.

    Well, let me be sure to point out then that Doubleclick ads are blocked here. So when my Slashdot page comes up, regardless of whether the Elite Monkeys generate it, or the Random Elephants generate it, or the Barrel of Psycho Mummies generate it, if it has images that refer to any server in the doubleclick domain (and a few others), they come up blank (a 1x1 transparent GIF is substituted). If Slashdot wants to be sure to maximize revenues, it should either be sure it charges for providing the tag, even if the image is never loaded, or make sure a different advertising source is used (which may be hard if the advertiser wants to use doubleclick ... but then, those are going to be advertisers that are not going to generate as much revenue for this very reason). As I edit this comment, I'm seeing a banner ad for OSDN's PriceCompare. I may check it out later when I'm bored.

  • But, but--authorities say "Cookies are harmless" (Score:3, Interesting)

    by dpbsmith ( 263124 ) on Tuesday August 27, 2002 @09:19AM (#4147837) Homepage
    Two or three years ago, all the newspaper computer columns were full of "don't worry, be happy" explanations of why cookies cannot be used to identify individuals. They stated authoritatively that there was NO POSSIBLE WAY cookies could be used in this fashion and "explained" the "technical reasons" behind it.

    For example, Infoworld columnist Fred Langa says here [browsertune.com] that "To me, cookies seem pretty harmless. Despite commonly-voiced concerns among the anti-cookie faction, cookies (or the JavaScripts that create them) won't let website owners surreptitiously figure out who you are, for example... My advice: leave cookies turned on; the real benefits far outweigh the very small risks."

    Indeed, a Google search on "cookies cannot be used to identify individuals" turns up 21000 hits--mostly in Web site's privacy statements.

    DoubleClick's motto: when it comes to invading privacy, we do the "impossible" every day.

    I think Slashdot should rethink its connection with DoubleClick.
    • I think Slashdot should rethink its connection with DoubleClick.

      Once x% of the Slashdot community subscribes, I'm sure Slashdot will do away with ads altogether.

      However, until that point in time, we can go fuck ourselves -- we'll take what we're given, and we'll like it.

      Personally, though, I haven't seen an ad on Slashdot for quite some time indeed. Oops [guidescope.com].
  • One way to not appear in their databases...

    # hosts
    0.0.0.0 doubleclick.com
    0.0.0.0 doubleclick.net

    etc., etc. for any adservers that you don't like the look of.

  • Proposed Cookie 'Extension'... (Score:3, Interesting)

    by vofka ( 572268 ) on Tuesday August 27, 2002 @09:30AM (#4147909) Journal
    Perhaps all the Cookie Paranoia could be put to rest if there were a mandatory extension to the existing Cookie Protocol which indicated the 'type' or 'use' of a particular cookie, examples could include:
    ** Session Tracking
    ** Shopping (Carts etc.)
    ** Advertisers and Profilers (such as Doubleclick)
    And possibly a variety of others.

    Once such a system was in place, a user should be able to select whether to Accept, Reject or be Prompted for cookies of each type.

    The only problem would be getting the adertisers to use their 'designated' cookie type...

    • Another option would be to have everything that jumps between domains (possibly for domains that are configured, or domains not configured to be exempted) have the HTTP "Referer" header suppressed, or forged. That would create the brick wall boundary between domains where information cannot as easily pass between, through your server. Cookies cannot be retrieved across domains, but by associating the cookie you get from the image with the domain in the "Referer" they can still track what domain you are surfing.

      BTW, I do have cookies on, but each new instance of my browser creates a whole new context to run in (which it thinks is my home directory), which means an empty set of cookie each time. So I just make sure I start a new instance each time I go to another site.

  • If you've got Mac OS X, try using OmniWeb [omnigroup.com]. It can block ads and off-site cookies, and you can block all images from any site matching a regular expression (VERY cool).
    How is DoubleClick going to cause any problems if their ads don't load and their cookies don't take?
  • (* from the perspective of the guy putting DoubleClick ads on his website *)

    Does this mean that people that rely on advertising dollars are now Double Screwed?

    First, Double Click has to generate revenue to pay for this settlement, so I'm sure they're going to take that money from their publishers

    Second, now that they can't resell demographics, does this mean they will have an even further revenue shortage?

    My question is this: They already don't pay shit to their publishers, so I ask Double Click:
    Where's they money gonna come from?

  • Just tried viewing their Privacy statement:

    http://www.doubleclick.com/us/corporate/privacy/ pr ivacy/default.asp?asp_object_1=&

    Got a 404... imagine that.

    • Try removing the space in the second "privacy", and it works. For some reason (probably IE's fault), the URL always ends up with a space in it (it was doing it when I was previewing this).

    • I got a 1x1 pixel transparent GIF file. But that is because I directed all queries for anything in doubleclick.com (and some others) at my DNS server over to a special IP address on which my web server always delivers that 1x1 pixel transparent GIF file no matter what URI is requested. It even does it on HTTPS (self signed cert).

      Here is my list:

      • atwola.com
      • dotsteraffiliate.com
      • doubleclick.com
      • doubleclick.net
      • hitbox.com
      • hitprofile.com
      • porntrack.com
      • clickfinders.com
      • network.realmedia.com
      • qksrv.net
  • [...] an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.'

    Does that mean we're going to see 'truth' commericals about web privacy like we see about cigarettes?

    Every day, thousands of browsers die due to an overdose of cookies. Friends don't let friends save cookies.

  • I've found Ad-Aware to be a great tool for pulling out all kinds of spyware, including Double-Click's and other's cookies.

    http://www.lavasoftusa.com/ [lavasoftusa.com] to download.
  • # cp db.localhost db.doubleclick
    # cat << EOF >> named.conf
    > zone "doubleclick.net" {
    > notify no;
    > type master;
    > file "/etc/bind/db.doubleclick";
    > };
    > EOF

    • My setup is a little more sophisticated. It sets the address for *.doubleclick.com (and others) to a special web server configuration which always delivers a 1x1 transparent GIF no matter what URI is requested. Bam, no tracking, and a clean substitute for ads.

  • This the best thing to happen since Mozilla. http://www.adshield.org/ Freeware ad and popup blocker. FU M$ and your explorer. Learn what people really want.
  • I always wrap my computers with aluminum foil to prevent aliens and advertisers from sucking personal data about me into their databases. Also wrapping your tv in foil prevents the subliminal messages from the government from taking hold of your thought processes.
  • if the FBI would give people access to their profiles....

    Funny how the US Govt doesnt get fined for the same type of Carnivore related privacy violations.
  • Good lord, what a weak settlement.
  • I've thought of doing a Mozilla (I.E. too, maybe) plug-in that would do the following when loading images:

    1) check for untrusted domains...e.g. doubleclick
    2) check for images being loaded with some id being appended to the query string (e.g. embedded e-mail images that alert spammers when someone opens a mail.)

    This plug-in would disect the number and generate a random number in a similar format and send that number in the cookie or the query string as the case may be.

    This would ultimately render doubleclick's business model useless (well, assuming everyone would use such a plug-in). And as far as I see it, it's fair game since I *never* gave them (direct) permission to collect information on me in the first place.

    • If you do make one of these, please, please, post it on /. so people like me can find it. I'm not a programmer, and as such, probably couldn't put something like this together. However, I would love to be able to start dumping junk into the databases of these companies. The more tools we have to generate a low signal to noise ratio for these marketing drones, the better off we'll all be.

  • Says so right here in my hosts file: ads.doubleclick.net 127.0.0.1 ...funny, I don't remember being notified of an investigation.
  • Ummm, there is a large insert near the beginning of the article stating that the Post's website uses Doubleclick to serve ads.
  • I've firewalled out doubleclick's stuff a long time ago, but I was wondering how they key the stuff in their database. Is it keyed by the cookie, or something more persistent on the client machine? I.e., if somebody runs Ad-Aware and deletes a doubleclick cookie, then receives another different one the next day on the same client machine, does it break doubleclick's correlation of the prior and later data? Somehow I'd be surprised if it does...
  • yeah I know I'm not supposed to say that sort of thing here - but they have!
    In MSIE6.0 you can block (and I believe it's default) secondary cookies, meaning cookies originating from secondary items like banner ads. This actually blocks doubliclick in the right way. Think about it!
    Cookies are a good thing. And people are generally way too paranoid. "I have disabled cookies" is really a sad statement.

Slashdot Top Deals

E = MC ** 2 +- 3db

Close