Doubleclick Clear of FTC Probe

innertruth writes "Cnet has an article about FTC dropping its probe into DoubleClick privacy practices. Without the FCC looking over their sholder now we have to wonder what they really will do with all the information they've collected online and that offline database they now have." The FTC's letter ending their investigation has more information. Keep in mind that the FTC has a very narrow mandate: "Is Doubleclick doing something different than what they say?" So as long as Doubleclick states their practices accurately - whether they are or are not linking the household information from Abacus with the click information from Doubleclick's network - then the FTC's role is ended.

IP addies?

What are the domain names, subhosts, etc for doubleclick? I'd like to just opt out completely with a little editing of the hosts file.

I wonder...

How much did Doubleclick have to pay the FTC to drop the probe? Hmmmm...maybe somebody at doubleclick used their privacy violation skills to dig up some pics of the FTC director's wife with a 12 year old Guatamalan boy.

Re:IP addies?

this gets called from my main firewall init script: (edit for non-IPChains)

#!/bin/sh
#
# /etc/rc.d/ip.blacklist: IP forwarding blacklist script.
#

IPCHAINS=/sbin/ipchains

### doubleclick.net sucks arse
$IPCHAINS -A output -d 63.77.79.192/26 -j REJECT
$IPCHAINS -A output -d 63.85.84.0/24 -j REJECT
$IPCHAINS -A output -d 63.160.54.0/24 -j REJECT
$IPCHAINS -A output -d 63.166.98.0/24 -j REJECT
$IPCHAINS -A output -d 63.168.198.0/25 -j REJECT

$IPCHAINS -A output -d 128.11.60.64/26 -j REJECT
$IPCHAINS -A output -d 128.11.92.0/24 -j REJECT

$IPCHAINS -A output -d 192.65.80.0/24 -j REJECT

$IPCHAINS -A output -d 199.95.206.0/23 -j REJECT
$IPCHAINS -A output -d 199.95.208.0/23 -j REJECT
$IPCHAINS -A output -d 199.95.210.0/24 -j REJECT

$IPCHAINS -A output -d 204.94.129.65/32 -j REJECT
$IPCHAINS -A output -d 204.176.152.248/28 -j REJECT
$IPCHAINS -A output -d 204.176.177.0/24 -j REJECT
$IPCHAINS -A output -d 204.178.112.100/32 -j REJECT
$IPCHAINS -A output -d 204.178.112.160/27 -j REJECT
$IPCHAINS -A output -d 204.186.74.0/24 -j REJECT
$IPCHAINS -A output -d 204.253.104.0/23 -j REJECT

$IPCHAINS -A output -d 205.138.3.0/24 -j REJECT

$IPCHAINS -A output -d 206.65.181.96/30 -j REJECT
$IPCHAINS -A output -d 206.65.181.104/30 -j REJECT
$IPCHAINS -A output -d 206.65.183.0/24 -j REJECT

$IPCHAINS -A output -d 208.10.202.0/24 -j REJECT
$IPCHAINS -A output -d 208.32.211.0/24 -j REJECT
$IPCHAINS -A output -d 208.184.29.0/24 -j REJECT
$IPCHAINS -A output -d 208.203.243.0/24 -j REJECT
$IPCHAINS -A output -d 208.211.225.0/24 -j REJECT
$IPCHAINS -A output -d 208.228.86.0/24 -j REJECT

$IPCHAINS -A output -d 209.67.38.101/30 -j REJECT
$IPCHAINS -A output -d 209.67.38.105/30 -j REJECT
$IPCHAINS -A output -d 209.67.38.150/32 -j REJECT
$IPCHAINS -A output -d 209.167.73.128/27 -j REJECT
$IPCHAINS -A output -d 209.249.231.45/32 -j REJECT

$IPCHAINS -A output -d 216.94.59.64/27 -j REJECT
$IPCHAINS -A output -d 216.230.65.64/28 -j REJECT

### msn
$IPCHAINS -A output -d 207.46.188.0/24 -j REJECT

### quova.com
$IPCHAINS -A output -d 63.109.88.104/29 -j REJECT
$IPCHAINS -A output -d 63.102.181.0/24 -j REJECT

### virus junk
# i love you virus
$IPCHAINS -A output -d 199.108.232.1/30 -j REJECT
-----

FTC has no power (yet) regarding privacy

As the summary of the articles suggests, all the FTC can do is say if DoubleClick and Abacus were legal in aggregating information. As of this time, the US Congress has not given the FTC any power to restrict or hound companies that do not violate privacy rights, save in the case that if promise the user one thing and do another (the classic toysmart.com case) then they can step in, but only under the guise of untruthful business practices.

Now, if we DO get a privacy bill, I would suspect that it would give the FTC the power to say where to draw the line at collecting personal information and/or aggregating it. If we had such a bill now, I would have expected that the FTC would have come down hard on DoubleClick. Fortunately, privacy may be an issue with the Dubya adminstration, so we might see such a bill soon.

FUD and Doubleclick

I always hear things about how evil Doubleclick are. For example, I run a website with advertising from Doubleclick. I have received a lot of flames from readers of the site about how evil they are, but I just can't see it myself.

What are the allegations against them?

That they collect data on customers in order to target advertising at them.

Wow! I mean big whoop.

This is not evil. If I get an ad targeted to me I'm pleased - I'd far rather have an advert for a nice geek product than one of these untargeted plastic pearl ads.

So then what's the problem. The sum total of the evil is that you get good ads. This is not bad. I like buying things off the internet because it's cheap and convenient, and if I get a good offer I'm pleased.

Furthermore, this means things are cheaper for you, which is also good, because companies spend less on advertising and sell more because of the targeting.

Even if you do object to good offers then you should be used to companies monitoring you because *get this* it happens already! Everything you buy, those store cards, and even the man interviewing you in the street goes to data organizations. People make such a fuss just because the internet's involved. Do you notice polling organizations getting investigated?

Of course not. This information's not even personal. It's information about people, not you.

Still further, lest you forget, you're not just having these people coming into your house and spying on you. It's not like that. You give the information voluntarily - you don't have to go to these sites.

Finally, what do you think would happen without this? Do you think the journalists on these ad-funded sites live on air? Of course they don't. It's time people realize that things have to be paid for - and unless you want to pay for the sites you visit, you better realize how good you got it - getting an improved consumer experience, cheaper products and free journalism. Sometimes I think these people don't like the internet, because they're doing a lot to kill it by trying to stop these sites funding themselves.

Probe??

By probe, they do mean anal probe right? That is what the FTC does, isn't it? If not I wonder who the gentlemen who came to my door the other day were...

Man the data they must have on Steve Jobs

is it just me or does everyone put "Steve Jobs" into "name" fields on online forms?

Re:IP addies?

What are the domain names, subhosts, etc for doubleclick?
$ nslookup doubleclick.net
Server: tenerus.speakeasy.org
Address: 216.231.41.2

Name: doubleclick.net
Address: 199.95.206.201

$ whois 199.95.206.201
[whois.arin.net]
(lameness filter violating stuff was here)
199.92.0.0 - 199.95.255.255
Double Click, Inc. (more lameness filter stuff here)
199.95.206.0 - 199.95.209.255


Looks like doubleclick has 199.95.206.0 - 199.95.209.255.
You may need to add a -h whois.arin.net or @whois.arin.net to your whois commandline.

Re:Read the fine print

If a company asks for your phone number and you they don't really need it, say you don't have a phone...

I tried that, but they didn't believe me. I finally became so pissed off at her insistance that I hung up.

That was over two weeks ago, and I'm starting to suspect that my pizza isn't on the way...

Doubleclick stats

It turns out that the cookies Doubleclick issues are hex numbers in sequence, so if you get enough, you can tell how many are being issued and other fascinating statistical facts.

ddccss [zgp.org], the Distributed DoubleClick Cookie Snarfing System, now has more than 15 million DoubleClick cookies in its archive.

Also, there's a Fucking Retards Guide to Blocking doubleclick.net [zgp.org].

Re:FUD and Doubleclick

1) They're not up-front and completely open about it. Most people (esp. non-geeks) have certain expectations when dealing with banner ads, and doubleclick does something more, without informing them. While not illegal, people like it a lot more when companies refrain doing unexpected things to them.

2) The privacy intrusions aren't equitable. In other words, they get to see 10% more of what we do, but we don't get to see 10% more of what they do. This is one proposed standard that I've seen for deciding if a privacy intrusion is acceptable, and it scales nicely to the Transparent Society [wirednews.com]. But in the monetary sense, it might be equitable, in that the site gets money for violating your privacy, and in turn, you get more costly services for free. *shrug*

3) They've tried to make the information personally identifiable before, so why should we trust them with our data? I expect that soon, a company will emerge that will properly anonymize such information and still target ads, and will eventually be accepted by the public as a good thing (in that companies can respond to desires more quickly, so consumers get what they want faster). Such a company will have to do everything possible to make sure that its end users trust that company, because the collected data is more easily abused than most. Doubleclick has done just the opposite.
--

How much do they pay you???

You are missing a few things here!

They are not paying me for storing their cookies! They have not asked me for my permission top collect information about me.

On your site, do you have a user approve their computer be used for storage before the storage of the cookie is done?