Google Using DoubleClick Tracking Cookies 175
dstates sends news coming out of the letters the House Energy and Commerce Committee sent to a number of broadband and Internet companies about their policies and practices on user tracking. The committee has now made public 25 responses to its queries, and many companies, including Google, acknowledge using targeted-advertising technology without explicitly informing customers. The Committee is considering legislation to require explicitly informing the consumer of the type of information being gathered and any intent to use it for a different purpose, and a right to say "no" to the collection or use. The submitter notes that, while Google denies using deep packet inspection, if the traffic is a Google search or email to or from a Gmail account, Google does not need DPI to see the contents of the message. "The revelations came in response to a bipartisan inquiry of how more Internet companies have gathered data on customers. Edward J. Markey (D-Mass.) said 'Increasingly, there are no limits technologically as to what a company can do in terms of collecting information... and then selling it as a commodity to other providers.' Some companies like NebuAd have tested deep-packet inspection with some broadband providers Knology and Cable One. Google said that it had begun to use the DoubleClick ad-serving cookie that allow the tracking of Web surfing across different sites but said it was not using deep packet inspection. Google promotes the fact that its merger with DoubleClick provides advertisers 'insight into the number of people who have seen an ad campaign,' as well as 'how many users visited their sites after seeing an ad.' Microsoft and Yahoo acknowledge the use of behavioral targeting. Yahoo says it allows users to turn off targeted advertising on its Web sites; Microsoft has not yet responded to the committee."
Solution: Opera (Score:5, Informative)
1. Turn off cookies globally.
2. Turn on cookies for sites that need it by hitting F12 and hitting 'Accept cookes only from the site I visit'.
Done. No more doubleclick cookies.
And slashdot uses doubleclick & google-analyti (Score:5, Informative)
And slashdot uses doubleclick & google-analytics as well.
Try disabling scripts with firefox "noScript". I think /. is more readable without allowing doubleclick.net & google-analytics.com
Opt out if you're worried (Score:5, Informative)
Google makes it easy to opt out of the doubleclick tracking cookie:
http://www.google.com/privacy_ads.html [google.com]
"Anyone may opt out of the DoubleClick cookie (for both the Google content network and DoubleClick ad serving) at any time by clicking the button above."
I can turn off targeted advertising... (Score:3, Informative)
...With or without Yahoo's option.
AdBlock Plus [adblockplus.org]
Re: Opt out if you're worried (Score:5, Informative)
Or you could put doubleclick.net & google-analytics.com in your hosts [someonewhocares.org] file and point the entries to 127.0.0.1 The advertisers still don't get it, intrusive adverts like on television don't work on the Internet
Block all cookies by default (Score:3, Informative)
In this day and age, just block all cookies by default, and allow ones from sites you use. This will even block "doubleclick" cookies as those aren't from the site you are visiting.
This doesn't address IP address, but it is a step.
And Doubleclick doesn't need DPI either... (Score:5, Informative)
You see, they don't just get the cookie, they also get the referrer field, so Google doesn't just get to see that it is "Nicholas Weaver" who's surfing the web, but can see that I am composing a reply to this article, because the referrer field in the doubleclick adds and google analytics on slashdot allow them to know this!
Solution: Options (Score:5, Informative)
Re:Disingenuous much? (Score:3, Informative)
The US does not have a parliamentary form of government. The adminstration (the "government" in European parlance) is distinct from the Congress, which is what is holding these hearings and is controlled by the opposition.
Re:Solution: Options (Score:1, Informative)
I use CS Lite extension to block cookies. Works like No-Script except for cookies.
Re:Solution: about:config, not Options (Score:4, Informative)
There are basically two options to disable third party cookies in Firefox 2 versions.
The first would be to disable it manually by opening about:config from the address bar. Search for network.cookie.cookieBehavior and take a look a the value. If it is set to 0 you accept all cookies, 1 means you only accept cookies from the same server, 2 means you disable all cookies. Setting it to 1 has the same effect that the option in the old firefox browsers had: it disables third party cookies.
You could install an add-on as well that blocks third party cookies. One of the many extensions that does that is called CookieSafe [mozilla.org]. This one makes it possible to disable all cookies and allow them only for specific sites (whitelist).
Re:Solution: Options (Score:3, Informative)
An even better option is the Cookie Button extension for Firefox. It is basically a shortcut to add and remove sites from the exceptions list for cookies. That way you can set Firefox to accept but clear all cookies when closed, except those you elect to keep (to stay logged in to forums etc).
This protects your privacy by preventing tracking over sessions, while screwing things up for advertisers. It would be even better if there was some way to delete cookies over an hour old automatically, as that would prevent tracking ever within the session from being reliable.
Re:Solution: about:config, not Options (Score:4, Informative)
Re:And slashdot uses doubleclick & google-anal (Score:3, Informative)
127.0.0.1 google-analytics.com
in our hosts file...
IF your browser handles 3rd part cookies properly (Score:3, Informative)
Not all versions of major browsers behave the way you expect them to when you try to disable third-party cookies.
Check out Steve Gibson's cookie forensics page [grc.com].
Here's a neat browser stats page [grc.com] showing graphically how GRC visitors have their 3rd party cookies configured by browser.
Comment removed (Score:4, Informative)
Re:And slashdot uses doubleclick & google-anal (Score:3, Informative)
Don't forget these, too:
127.0.0.1 www.google-analytics.com
127.0.0.1 ssl.google-analytics.com
While you're at it:
127.0.0.1 doubleclick.net
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
ESSENTIAL ADD-ONS (Score:3, Informative)
Like others have said, CookieSafe [mozilla.org] and CS Lite [mozilla.org] are like NoScript [mozilla.org] for cookies with the option to allow cookies for a specific site: permanently, for each session or once-off.
I currently use the above extensions as well as Adblock [mozilla.org], Filterset.G [mozilla.org] and RefControl [mozilla.org]. The latter set to "forge" (send the root of the site as the referrer).
I consider these the essential privacy/security add-ons for Firefox. I'm interested if anyone has any others to add to the list.