Slashdot Log In
DoubleClick DoubleCross
Posted by
michael
on Wed Jan 26, 2000 12:10 AM
from the where-did-you-go-today dept.
from the where-did-you-go-today dept.
Slav writes "We've known for a while that tracking of Web users was possible and a few companies have been experimenting with it on a small scale. Now DoubleClick, Inc. has confirmed that it's tracking Web surfers [by name and address] with the help of the databases of its newly acquired Abacus Direct." Every site that you visit which has a DoubleClick ad - all 11,500 of them - can be notified of your name, address, phone number, etc., as soon as you visit the site. Or to look at it another way, your consumer profile in the gigantic Abacus database (hundreds of fields of data for essentially every person in the United States) will now include information about what Web sites you visit.
This discussion has been archived.
No new comments can be posted.
DoubleClick DoubleCross
|
Log In/Create an Account
| Top
| 507 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
IANALAY? (Score:3)
Is there anything in the electronic privacy act or any other such legislation that gives the courts a way to stop DC from doing this? There are an awful lot of non-Slashdot users out there who have no idea they are being tracked. If I start finding Web hit logs in my TRW statement, I'm going to be pissed.
Internet == Advertisers? Bullshit. (Score:3)
Give me the web minus advertisers any friggin' day. I don't want the ads, and I don't care if the sites that depend on them go away (including this one which I spend so much time on).
If that means we go to a micropay system, that's fine with me -- I do however expect my ISP costs to go to $0 -- no InterLATA charge, no upstream provider costs, no "what the hell is that fee for?" -- $0.
The advertisers' retort is that they provide a valuable referral service for businesses/websites that would otherwise disappear. If micropay comes onto the scene then so do microcredits for referrals, meaning that the role of advertisers is replaced by a less obtrusive referral system which eliminates the data-hoarding third-party which will continue to sell us out in ever more creative ways.
The elimination of ubiquitous advertising would decrease by approximately 10% on average the amount of bandwidth consumed by web traffic. I am paying my ISP costs to fund infrastructure so those amoral cons can get rich? I am supporting their banner services to enable sites, the majority of which I would never even care to go to, to exist on impression revenues?
Essentially we have a welfare system where poor sites which could not otherwise exist can rake in money from ad revenues and become hugely profitable (andover anyone?) at the expense of the privacy and bandwidth of net users. Let's go to micropay. Shut down the advertisers. Dump the sites if they can't make a buck. If they can't survive under micropay (i.e., no readers were willing to pay for their content) it is an indication there was nothing there worth paying for (and hence they were abusing this welfare system) anyway.
Even under a micropay system many users will prefer to view ads instead of actually paying monetarily for their content (note this is different than not paying). The option of choosing which is the important thing -- a true "opt out": no ads, no doublecross, just "here's your penny, now gimme my page". This would, of course, have to be realized at the ISP level most likely ...
Re:You have mail! (Score:3)
I wrote a perl script [festing.org] that does it. You just make a .cookies.allow text file in your home directory, have the script run as a cron job, whenever you start/stop Netscape, or any other time you feel like it. It wipes out all cookies except those from sites specified in the .cookies.allow file.
Hope that helps!
Re:Shop button (Score:4)
You can disable the My Shopping button and Netscape Radio feature by editing the prefs.js file.
To disable the My Shopping button, open the prefs.js file and add the following statement:
user_pref("browser.chrome.disableMyShopping", true);
To disable the Netscape Radio plugin, open the prefs.js file and add the following statement:
user_pref("browser.chrome.disableNetscapeRadio", true);
Its ~/.netscape/preferences.js on unix, but it works fine.
Re:EVERYONE E-MAIL THESE ADDRESSES (Score:4)
---
Re:Opt-Out (Score:5)
Consider commercials versus tele-marketers. I'd prefer that the companies calling about all their crap would do commercials/banner-ads instead of calling me. That way I won't feel so violated when they pitch their products. When you call me day and night about some crap, even something I might want to buy, I can't just say "I don't wanna hear it, so I won't answer the phone." I pay for my phone, and I do expect that friends and family wanting to talk to me will call me from time to time. With commercials/banner-ads, I can choose to watch the ad, switch the channel, scroll the page, etc if I dont't want to hear your pitch. What I find happens often with both commercials and banner ads, is that since I only see them on the channels/sites where I have an interest,(as opposed to just being displayed on my screen from time to time the aol or geocities way) they are far more likely to be an ad for something I'm interested in. So I'm more likely to listen, read, inquire + buy.
In essence what I'm saying is that yes, we do get something back from advertising in the form of:
- information about new products and services
- financial support for sites/channels/shows that otherwise would not exist, or would have to charge for access
- increased competition from content providers to attract and hold our attention (to help bring in the ad revenue of course)
- sometimes entertaining ads
so you see, banner ads, or even cookies, are not the problem. The problem with the double-click thing is that the web surfer is being covertly tracked and logged in their travels around the web. Filtering out _all_ ads/cookies wil not simply subvert doubleclicks attempts at tracking you, but it could stifle the means by which many a web site makes the $$$ to keep serving up that porn^H^H^H^Hcontent, yeah content, that's the ticket.Of course, you are free to chose whether you, or the network you manage, will participate in the whole banner ad/cookies thing. I would be cautious however in choosing to replace banner-ads with banners of your own making. You could be opening a can of worms in regards to redistributing or modifying the copyrighted content of a particular web site. Several web sites have won lawsuits claiming that by altering their content, or putting it in a frame, you are violating their copyright on the content. It's the notion that ISPs have "common carrier" status that grants them some immunity from this kind of suit. However, if you start selectively modifying the ads that come through, you may be crossing that line from ISP for your students, to being a content provider. I would simply allow or deny all ads to keep that line clear. Otherwise, you could simply sell the (cached) banner ad space to advertisers who want to reach your students. Again, an extremely risky proposition.
-earl
Probably -- misrepresentation & fraud (Score:3)
If a company says it's going to do one thing, then does another, then they're open for a whole mess of legal problems -- misrepresentation, fraud, etc. A legal friend of mine is interested in pursuing this idea on the spam front -- include a header which says "this message is not spam", allowing people to filter on it. Including this header (a non-default, BTW) in mail which is spam then becomes legally actionable.
Similar logic applies to Doubleclick. Do I give them the chance. No.
Yes, the law can be your friend.
What part of "Gestalt" don't you understand?
Interesting... (Score:3)
The difference: DeCSS was made under a non-profit situation. DoubleClick's tracking reeks of commercialism.
Information wants to be free. But DoubleClick wants to sell the information. Information it didn't even let the people know it was gathering. There is your difference for you.
Spreading the word. (Score:4)
Its not enough for geeks to opt out. We need to get the whole 'net to opt out. Attached is the email I sent to about 20 people. May I suggest that all of you go and do likewise?
--
Distribution of this memo is unlimited.
Since I am probably the biggest spam-hater alive, you can imagine for me to originate one of these chain things is pretty unusual. (In fact, its more than unusual, its unprecidented). Nevertheless, I think that the danger to our society (and the internet as a whole) represented by the situation I am about to describe is great enough that I will take the flames and pass this on.
There is a company called "doubleclick.com". They provide the little banner ads that you see on most web-sites nowadays. That is, when you pull up a web page with advertising, the company making that web page points your web-browser towards DoubleClick's web servers to get an appropriate ad. DoubleClick then pays the company if you click on the ad (anywhere from 1 to 10 cents for a click-through -- if you just look at it, they often get some small fraction of a penny for showing it to you).
In order to target the ads, DoubleClick sets what is called a "cookie" in your browser. This cookie uniquely identifies your computer on the internet. DoubleClick uses this information to target advertisements towards you based on your previous viewing patterns: if you typically click on ads for computer hardware, DoubleClick will show you lots of ads for computer hardware. However, all of this is still anonymous.
That is, it was thought to be until the following story came out:
To summarize, the above story relates how DoubleClick bought a direct marketing company called Abacus Direct. Abacus Direct maintains a database covering over 90% of all American households. And DoubleClick acknowledges that they have begun linking Abacus Direct's database with theirs.The net effect of this is that, for a price, a vendor can get your name, address, phone number, /and/ your reading habits. They can find out what newspapers you read (over the web), what web sites you visit, etc. They can find out what products you buy -- it is simple to link information from amazon.com to doubleclick as well. They can then use this information to target advertisements at you.
Many people don't see the problem with this. May I suggest that you consider this: the express purpose of advertising is to get you to buy things which you would not ordinarily buy. That is, the perfect person in their eyes is a profligate spend-thrift. Happiness through possesions is the mantra they push.
The advertising industry has already demonstrated that they will stop at nothing to sell products. For example, consider that the "June Cleaver" perfect housewife of the 1950's is acknowledged to have been created by and for the advertising industry! Or consider some of the tactics used by the baby formula companies to get mothers to not breastfeed, despite the acknowledged medical fact that breast-feeding is far better for the child. (Some of the tactics used in developing countries were exceptionally gruesome.) What about the toilet-training "experts" who are employed by the diaper companies? Ever wonder why we suddenly need Size 5 Pampers?
We have already seen what advertising can do with statistical sampling alone: what will they be able to do with specific data about you? That is, what will happen when, instead of marketing to a mythical (but frighteningly accurate) average household, they are marketing to you personally?
Fortunately, there is a way out. You can visit:
And decline to have your information tracked. I highly recommend it. I could go on for pages about why this is important -- the point is that once we have given Madison Avenue this power, we will never be able to take it back. The time to opt out is now.Data Mining (Score:3)
Should you be allowed to know i have a history of cancer in my family before i buy insurance from you?
127.0.0.1 (Score:4)
Sorry 'bout the heavy MS content.
Re:Yes, solution for IE (Score:3)
How to do it [cjb.net]
Privacy Statement Lies (Score:3)
In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address.
This, as we now know, is untrue. Granted, they collect it from another server, and not from you, but they still collect it when they send you an ad.
Liars.
-Waldo
Opt-Out (Score:5)
I am the administrator of a few web caches (I use squid) and I've started blocking web ads a while ago, replacing them by one-pixel blank gifs. It probably fixes the problem...
Another solution (and a rant) (Score:3)
The simplest method would be to either block all traffic from doubleclick.net, or frequently go on search-and-destroy missions through your cookie files, looking for doubleclick.net cookies and systematically removing them all from your system. Profiling cannot work if the ID code is no longer valid.
Another method that would take more effort to set up but can potentially cause irreparable damage to the usefulness of the cookie as a profiling tool follows. Set up a central web site for doubleclick.net cookies. Users of the site would download special software that swaps cookies. Then the software would upload your doubleclick.net cookie, and you would receive another random cookie back. Swapping cookies like this destroys them as a tracking resource.
This isn't illegal, but doubleclick.net may decide to sue the site to force them to stop trading cookies in this way anyway. If this happens, all the users on the site can then launch a class action countersuit against doubleclick.net with the goal of forcing them to stop profiling. For example, does it constitute illegal wiretapping? And does doubleclick.net have a valid end-user licence for the use of the personal information in this way?
Everyone, please remember the horrendous Orwellian scenario that already exists when profiling is combined with Web Bugs (also more euphemistically known as clear gifs). Web Bugs are small (typically 1x1 pixel) clear gifs that are found on the bottom of web pages that inform the owners that the page has been loaded. Doubleclick.net already know what pages you visit, a lot more than you think. And it's happening now.
Doubleclick.net are not the only net terrorists that are acting this way. They are merely the most prominent, and the first that have actually admitted to the practice. Where I refer to doubleclick.net here, substitute many other ad banner companies freely.
If you want to boycott companies, the following need to be boycotted, in order of importance:
--
doubleclick (Score:3)
Note also that you will only be associated w/ the database if they have some way to associate you w/ your entry in their database. Once your cookie is there, though, they will know.
Re:Bad (Score:3)
--
Additional Information & Links (Score:3)
DoubleClick's Privacy Policy. [doubleclick.com]
Information Collected in the Process of Delivering an ad by DoubleClick [doubleclick.net]
Doub leClick "Opt-Out" Option (how-to) [doubleclick.net]
info@doubleclick.net email address [mailto]
Re:Bad (Score:3)
You have mail! (Score:4)
Well, I'm sure that going a little far, she probably will only be getting free samples of KY jelly in the mail and a free issue of Jonny Leatherpants and his Magic Nipple Clamps.
But in all seriousness, I thought the FTC was tring to cut down or make on this kind of thing illegal, *and* with the whole Pentium 3 serial code fiasco, it is painfully clear that people value their privacy on the web.
Anyone know of a site or utility to clear out certain cookies like these, but leave the nice ones in like Slashdot?
What doubleclick? (Score:3)
Server: line.ryans.dhs.org
Address: 199.201.131.225
*** line.ryans.dhs.org can't find www.doubleclick.net: Non-existent host/domain
Golly, my dns server must be misconfigured
Ryan
Re:127.0.0.1 (Score:3)
Any chance someone could create a cookie we could all paste into our caches that indicates that every single one of us is the MPAA Executive Offices? Let Doubleclick track them. Somehow I think they might deserve each other.
--
Time for a new Mozilla module. Any volunteers? (Score:3)
It should make its way to the preferences section, preferably together with a cookie filter. By making it a standard part of Mozilla, it will pressure Netscape and M$ to copy the feature.
This way the user has some control of how much info he gives away by browsing. Anonimizing proxies are also a solution, but it's best to make a
Re:Opt-Out (Score:5)
The stats for the proxies, when merged together, give exactly this:
62.46% Global Hit-Rate
29.63% Doubleclick.net Hit-Rate
03.72% Doubleclick.net KB Transferred
By making a simple calculation doubleclick alone is using 7.84% of my bandwith, therefore increasing my monthly costs by more or less that amount. The connections we use have a base cost that's pretty low plus 12$ a gigabyte. So doubleclick (and other ad sites, but mostly doubleclick) is costing us a non-insignificant amount of money !
Now, I'm sure the stats are different than they would in another environement - this is an educational establishement so the sites visited tend to be more often the same, and a normal proxy would probably devote less bandwith to doubleclick.net, and a normal site would probably not pay for bandwith by the gig like we do.
The problem is, they're making money without us getting anything in return. I don't feel it's immoral to deprive them of their revenue as long as they won't compensate us at all. I think that if more proxy administrators start doing the same, or perhaps even replacing the doubleclick banners (that's pretty easy to do, and I am considering doing it), doubleclick will have to react and do something.
What I'd consider fair is for them to offer us a share of the revenue. It wouldn't have to be big.. And perhaps offer a solution to cache their ads more efficiently rather to get such a low hit-rate.
Please reply with any constructive input, I appreciate it
Cookie crumbs (Score:4)
- Most sites that I am personally interested in use very few or no cookies at all
- Many sites out there use an obscene number of cookies. 10-15 for 1 page is not uncommon. Regardless of whether you object to the privacy issues, this is bad design. I suspect that there are Web Authoring systems out there that enable cookies for every single page, image, and sound clip by default, and many of those cookies are not used for anything useful.
- Some sites have what I believe is a legitimate purpose for cookies. If I am not mistaken,
/. sets only 1 cookie on my machine and from this 1 cookie is able to do all kinds of user specific configuration - Other than for legitimate uses (user customation, on-line ordering, etc.,) (in which case I support accepting cookies) rejecting all other cookies on the web will not affect you web-surfing experience 99.44 percent of the time
- Fortunately, I usually find that sites that use lots of cookies are really not that interesting too me, anyway. Strange coincidence?
Of course, regarding the last point, there are some exceptions. I find Netscapes's cookie-handling policy, while better than giving no choice at all, does not offer enough flexibility for my tastes. I would prefer to be able to accept/reject cookies based on a set of filters and rules for domains, transaction types, etc. I believe lynx has some better capabilites than Netscape in this department.Further, I think it would be useful to have a set of switches that are easily accessible on the toolbar that would allow you to toggle cookie policy on the fly. This would be much more useful than the latest Netscape feature, the "Shop" button. What a waste of real-estate. It would be nice to get something like that into Mozilla. I'll start tinkering with the Mozilla source just as soon as it takes less than two hours to download via cable modem ;) Ramble, ramble, ramble.
Should we trust Doubleclick not to track us? (Score:4)
The thing is, do we want to trust Doubleclick not to track us personally, even after we opt out? I think it's less than prudent to put that kind of faith in a company that's been decieving us since last year.
A simpler (and more thorough) solution: block cookies from doubleclick.net. Hell, if you've got a firewall, block all packets to and from doubleclick.net. I, personally, can't see any reason to connect to a doubleclick server. Who wants the ads anyway? Same thing goes for preferences.com, flycast.com, and any other advertising company. I've been dropping all packets to and from the domains mentioned above, with no significant problems. Of course, I don't get to see those specially targeted banner ads, but I don't really think I'm missing out :)
--
Time to Act on Privacy Issues (Score:4)
Is there any alternative to these two options? You bet there is. The alternative is to empower individuals to police their own privacy. People shouldn't have to rely on the Federal Trade Commission or any bureaucratic agency to make sure their privacy is safe. This means making sure that every man, woman, and child has an ENFORCEABLE right to make sure their personal information is not used in a way they have not authorized. It also means making sure that all individuals have swift and certain REMEDIES against any business that (by negligence or deliberately) misuses personal data or fails to protect it.
This proposal would not be bad for business. To the contrary, it s essential to the viability of the new economy. Protection for individual privacy just provides a better incentive for business to be truly responsive to customer wants and needs.
Pipe dream? Not if enough people demand the rights they should already be able to enjoy. But the deal is ALREADY being cut in Washington next month to prevent YOU from exercisng the rights you should have.
Look at the list of panelists on what the Federal Trade Commission calls a "balanced" committee to examine how to protect consumer information. See http://www.ftc.gov/opa/2000/01/asrev.htm -- aside from one or two "token" privacy advocates, the whole panel is dominated by comercial internests -- such as representatives of the Direct Marketing Association AND the law firm that represented it (Piper & Marbury) AND several of its member companies.
So what can you do? Call your Member of Congress and both of your Senators. If you're really ambitious, call your state government representatives, too. For each office, get the name of the staffer who handles "Internet Privacy and Medical Privacy" issues. Tell that person that you are a constitutent, that you vote, and that it is important to you for Congress to empower individuals to protect their own privacy on the Internet. Ask if your Congressperson or Senator has a position on this issue, and if so, what that position is.
Then point out how you are upset by how the FTC has composed its Advisory Panel principally of industry representatives. Tell your elected officials that you do not feel safe when government agencies puts representatives of the Wolves in charge of writing the rules for protection of the Sheep.
If you learn anything particularly interesting on the subject, post it here on /.
Other contacts (who may have good ideas on how to get involved in making sure lawmakers make good rules) are Diedre Mulligan at the Center for Democracy and Technology, and Mark Rotenberg at the Electronic Privacy Information Center.
Re:Bad (Score:4)
I got a full list of their subnets through ARIN, conveniently listed below. Some of these guys may not actually be Double Click, but since they all have "Double Click" somewhere in their names, they all get blocked at my router level:
[root@foo
[arin.net]
Double Click (NETBLK-UU-208-211-225) UU-208-211-225
208.211.225.0 - 208.211.225.255
Double Click (NETBLK-UU-208-203-243) UU-208-203-243
208.203.243.0 - 208.203.243.255
Double Click (NETBLK-UU-204-178-112-160) UU-204-178-112-160
204.178.112.160 - 204.178.112.191
Double Click (NETBLK-UU-204-253-104) UU-204-253-104
204.253.104.0 - 204.253.105.255
Double Click (NETBLK-CYPC-2162306564) CYPC-2162306564
216.230.65.64 - 216.230.65.79
Double Click (NETBLK-UU-63-77-79-192) UU-63-77-79-192
63.77.79.192 - 63.77.79.255
Double Click Computers (NETBLK-DCLICK-T1-BLK) DCLICK-T1-BLK
204.186.74.0 - 204.186.74.255
Double Click Imaging, Inc. (ICO-HST) NS1.ICONETWORKS.NET 204.94.129.65
Double Click Imaging, Inc. (NET-DOUBLECLICK2) DOUBLECLICK2 192.65.80.0
Double Click, Inc. (NETBLK-DOUBLECLICK31-60-18) DOUBLECLICK31-60-18
128.11.60.64 - 128.11.60.127
Double Click, Inc. (NETBLK-DOUBLECLICK-92-19) DOUBLECLICK-92-19
128.11.92.0 - 128.11.92.255
Double Click, Inc. (NETBLK-DOUBLECLICK-210-08) DOUBLECLICK-210-08
199.95.210.0 - 199.95.210.255
Double Click, Inc. (NETBLK-DOUBLECLICK3) DOUBLECLICK3
199.95.206.0 - 199.95.209.255
Yes, yes, yes, yes, yes (Score:5)
...that's full agreement with all points above. For Linux users, deploying Junkbuster is as easy as downloading the RPM or DEB file and installing it. For Windows users, either NT or Win9x, you can also use the proxy.
Both the banner and cookie action are way cool. The following blockfile eliminates pretty darned near all the banner ads (and the sites associated with them if a full site or domain is listed). Note that I've allowed banners at a number of Linux-friendly sites, on principle, though you could change this if you wanted.
/*.*/ad/
/*.*/ads/
/*.*/advert/
/*.*/adverts/
a32.g.a.yimg.com/
ad.*.*
adforce.imgis.com/
adremote.*.*
ads*.*.*
doubleclick.net
image.pathfinder.com/sponsors*
preferences.com
sfgate.com/place-ads
Those few lines block virtually all the ad traffic I see.
For cookies, I block all, then selectively allow a limited number of sites with which I do business. Mostly message boards.
There was a really good program Online Profiling [npr.org] on NPR's Talk of the Nation a couple of months back. Other useful resources are Center for Democracy and Technology [cdt.org], and for a look at the other side, NetworkAdvertising.Org [networkadvertising.org] and Direct Marketing Association [the-dma.org]
If setting up a proxy is too much for you, the following tricks will prevent a permanent cookie file from being generated:
I'm not sure what the corresponding IE trix are. For Linux, lynx and other browsers can use the link to /dev/null trick.
What part of "Gestalt" don't you understand?
Here's the middle ground I'd like to see (Score:5)
I would accept promises from companies. I think most are trustworthy enough. But, promising alone is not enough, I want recourse and/or punishment. IRS employees keep getting caught sneaking peeks: the death penalty is what I'd like to see (don't like it? don't peek and even if you are the President (hi Echelon) something they've been known to do) But assuming others aren't that etreme, how about firing, pension loss... something serious. At least tell me what the punishment is. A simpler case to illustrate: I haven't forgiven Real Networks for its spying transgressions, but they could have repaired a lot of trust if they said, "we screwed up, and we are going to delete all the info we grabbed, plus one month worth of all our server logs, and we fired that guy."
A more global pet proposal of mine is this: as a compromise between the privacy nuts and data gulpers: if information about me is stored in a database and includes any sort of address/contact information, then the database owner must tell me once a year what they have on me. It would cost only a small amount per person, and if it does not have that much economic value, don't keep it. Then at least the average person would develop an awareness of what's out there.
Lets all use the same cookie! (Score:5)