DoubleClick Settles Privacy Investigation

guttentag writes "DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.' It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles. However, it will continue to use to track users with cookies. The Washington Post also has an article, but it is conspicuously missing the standard disclosure statement that informs readers of The Post's business relationship with DoubleClick." Well, let me be sure to point out then that Slashdot also serves Doubleclick ads. If you recall, this all started when Doubleclick merged with a database company and announced plans to merge its online and offline databases.

Profiles

What? Are they like Equifax and the other credit agencies now? "Access to their profiles". Let me guess, this will involve making 10 phone calls, waiting on hold. Where's the URL man!?

Doubleclick makes me happy ...

... that I get prompted by mozilla before I accept cookies.

got of cheap

"DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.

Thats small compared to what they made.. and they will "continue to track users with cookies"

Says what... if audit takes 4 years they can do what they do for 4 years.
Their privacy policy is a big joke... but who cares anyways. Whats about cost to "users".

Profile Access

"It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles."

Where will we have access to our profiles? What will it be looked up by? Our cookie? Our email address? I will be interested to see just what information is linked to me personally.

I don't think we will be able to see everything. Only time will tell.

Chris
www.talkingtoad.com

Bank of America

Doubleclick will sell to anyone, and I can't believe that some people buy into it. For example, I have an account with Bank Of America, and one day while I was checking my account balances I noticed that mozilla was loading something from doubleclick. I looked at the page and there were no ads to be seen. I checked out the HTML source and sure enough they were loading a 1x1 transparent gif from doubleclick. Now, could someone please explain to me why Bank of America would be interested in doing that? The only possible reason they could be doing this is:

1) Doubleclick is paying them an assload of money to do it.
2) BOA is receiving browsing profiles for their banking customers.

Those are the only possible benefits I can see from this whole thing. Any comments?

cookie blocking

its so nice to just block all cookies. Then when a website tells me that I need a cookie, or a shopping cart doesn't work I go back and accept it. I have yet to see a cookie that serves a dual purpose of tracking you and doing something useful, like a shopping cart. It seems that doubleclick and other ad companies always use separate cookies from that of the site advertised on.
So until they find a better way to do it, I don't think they are going to get me.
As for all this stuff they are doing. Allowing users to view profiles. Paying for "education" etc. It's all just the usual. They do a few things to make themselves not look like a horrible evil. Whoever is pestering them has to lay off for a bit, and they continue business as usual.
Does anyone know if doubleclick is currently profitable? I mean considering how banner ads don't work, how can a company that relies on them still exist?

Cookies

"However, it will continue to use to track users with cookies"

You mean they dare to track who goes to their site? Thats an outrageous intrusion into my privacy! Imagine what would happen in high-street stores kept details of who bought what! What about governmental agencies? We must fight this threat to our freedom before its too late!

Ironic..

Slashdot also serves Doubleclick ads

Yeah, I know. I find it really amusing when the topic is the typical MS bashing post and there is a huge ad for Visual Studio.net

Time to have some fun

'Correct' your profile to be a 80 year old trans-gendered, trans-racial, Alaskian arc-welder living in New York with a disposible income of $125,000.
That aught to cause a few people to pause.

Or just change your address to match double click's...

Remember- the data is only as good as you give it.

They can't track me!

I redirected all doubleclick.anything names to localhost long ago. Problem solved! (Of course there's always junkbuster too)

The bit I don't get is...

...what doubleclick do about multi-user PC's?

Loads of people use my PC, my family when the come round to visit, my friends etc. And they all surf the web taking advantage of my broadband connection :o)

Their profile of "me" must be a right mess. I think they're taking advertisers for a ride when they say they can target people who visit "this" sort of web page, when there is no guarantee that the person using the computer at a given time is the same person that visited "that" web page.

I'm sure there's more to it that i'm missing (like linking up with email addresses on forms etc), but i'm still not sure I really understand what / how they're profiling.

PHB.

One Word

Use Mozilla, selectively block Doubleclick cookies (as I do) and laugh all the way through the web page that serves Doubleclick adds :)

D.

Profile access might be a scam

What would be better than making you "sign up" to view your profile? Just for authentication, you know, to make sure nobody else accesses it "by mistake". Then, they'd have names and email addresses to go along with browsing profiles, if they don't have a match for every one already. Neat trick, if you ask me.

Double click as Big Brother

So this screen we sit in front of has some machinery behind it that can track our activities and behaviors? You say it's merging like crazy consolidating databases? Nice. How very 1984.

Disinformation

Would it be possible to write a program that feeds disinformation to doubleclick? If 5000 people would download it (I might) and run it on theire xDSL modem... How fast would theire database be turning bad? And if their statistics are wrong, their business is gone.

How does one wirte such a jammer-program?

double click ads blocked

Well, let me be sure to point out then that Slashdot also serves Doubleclick ads.

Well, let me be sure to point out then that Doubleclick ads are blocked here. So when my Slashdot page comes up, regardless of whether the Elite Monkeys generate it, or the Random Elephants generate it, or the Barrel of Psycho Mummies generate it, if it has images that refer to any server in the doubleclick domain (and a few others), they come up blank (a 1x1 transparent GIF is substituted). If Slashdot wants to be sure to maximize revenues, it should either be sure it charges for providing the tag, even if the image is never loaded, or make sure a different advertising source is used (which may be hard if the advertiser wants to use doubleclick ... but then, those are going to be advertisers that are not going to generate as much revenue for this very reason). As I edit this comment, I'm seeing a banner ad for OSDN's PriceCompare. I may check it out later when I'm bored.

But, but--authorities say "Cookies are harmless"

Two or three years ago, all the newspaper computer columns were full of "don't worry, be happy" explanations of why cookies cannot be used to identify individuals. They stated authoritatively that there was NO POSSIBLE WAY cookies could be used in this fashion and "explained" the "technical reasons" behind it.

For example, Infoworld columnist Fred Langa says here [browsertune.com] that "To me, cookies seem pretty harmless. Despite commonly-voiced concerns among the anti-cookie faction, cookies (or the JavaScripts that create them) won't let website owners surreptitiously figure out who you are, for example... My advice: leave cookies turned on; the real benefits far outweigh the very small risks."

Indeed, a Google search on "cookies cannot be used to identify individuals" turns up 21000 hits--mostly in Web site's privacy statements.

DoubleClick's motto: when it comes to invading privacy, we do the "impossible" every day.

I think Slashdot should rethink its connection with DoubleClick.

Avoid it all together

One way to not appear in their databases...

# hosts
0.0.0.0 doubleclick.com
0.0.0.0 doubleclick.net

etc., etc. for any adservers that you don't like the look of.

Proposed Cookie 'Extension'...

Perhaps all the Cookie Paranoia could be put to rest if there were a mandatory extension to the existing Cookie Protocol which indicated the 'type' or 'use' of a particular cookie, examples could include:
** Session Tracking
** Shopping (Carts etc.)
** Advertisers and Profilers (such as Doubleclick)
And possibly a variety of others.

Once such a system was in place, a user should be able to select whether to Accept, Reject or be Prompted for cookies of each type.

The only problem would be getting the adertisers to use their 'designated' cookie type...

Nuke ads and cookies.

If you've got Mac OS X, try using OmniWeb [omnigroup.com]. It can block ads and off-site cookies, and you can block all images from any site matching a regular expression (VERY cool).
How is DoubleClick going to cause any problems if their ads don't load and their cookies don't take?

Where's the money, honey?

(* from the perspective of the guy putting DoubleClick ads on his website *)

Does this mean that people that rely on advertising dollars are now Double Screwed?

First, Double Click has to generate revenue to pay for this settlement, so I'm sure they're going to take that money from their publishers

Second, now that they can't resell demographics, does this mean they will have an even further revenue shortage?

My question is this: They already don't pay shit to their publishers, so I ask Double Click:
Where's they money gonna come from?

Doubleclick Privacy: 404

Just tried viewing their Privacy statement:

http://www.doubleclick.com/us/corporate/privacy/ pr ivacy/default.asp?asp_object_1=&

Got a 404... imagine that.

Education?

[...] an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.'

Does that mean we're going to see 'truth' commericals about web privacy like we see about cigarettes?

Every day, thousands of browsers die due to an overdose of cookies. Friends don't let friends save cookies.

Ad-Aware deletes their cookies

I've found Ad-Aware to be a great tool for pulling out all kinds of spyware, including Double-Click's and other's cookies.

http://www.lavasoftusa.com/ [lavasoftusa.com] to download.

Best way to handle doubleclick

# cp db.localhost db.doubleclick
# cat << EOF >> named.conf
> zone "doubleclick.net" {
> notify no;
> type master;
> file "/etc/bind/db.doubleclick";
> };
> EOF

Dont care havent seen a DoubleClick AD in Months

This the best thing to happen since Mozilla. http://www.adshield.org/ Freeware ad and popup blocker. FU M$ and your explorer. Learn what people really want.

Protection from aliens and ADVERTISERS

I always wrap my computers with aluminum foil to prevent aliens and advertisers from sucking personal data about me into their databases. Also wrapping your tv in foil prevents the subliminal messages from the government from taking hold of your thought processes.

It would be fair to doubleclick

if the FBI would give people access to their profiles....

Funny how the US Govt doesnt get fined for the same type of Carnivore related privacy violations.

That's it?!

Good lord, what a weak settlement.

DoubleClick obfuscator?

I've thought of doing a Mozilla (I.E. too, maybe) plug-in that would do the following when loading images:

1) check for untrusted domains...e.g. doubleclick
2) check for images being loaded with some id being appended to the query string (e.g. embedded e-mail images that alert spammers when someone opens a mail.)

This plug-in would disect the number and generate a random number in a similar format and send that number in the cookie or the query string as the case may be.

This would ultimately render doubleclick's business model useless (well, assuming everyone would use such a plug-in). And as far as I see it, it's fair game since I *never* gave them (direct) permission to collect information on me in the first place.

I AM Doubleclick!

Says so right here in my hosts file: ads.doubleclick.net 127.0.0.1 ...funny, I don't remember being notified of an investigation.

Doubleclick and the Post

Ummm, there is a large insert near the beginning of the article stating that the Post's website uses Doubleclick to serve ads.

How Persistent?

I've firewalled out doubleclick's stuff a long time ago, but I was wondering how they key the stuff in their database. Is it keyed by the cookie, or something more persistent on the client machine? I.e., if somebody runs Ad-Aware and deletes a doubleclick cookie, then receives another different one the next day on the same client machine, does it break doubleclick's correlation of the prior and later data? Somehow I'd be surprised if it does...

MSIE has done a briliant thing!

yeah I know I'm not supposed to say that sort of thing here - but they have!
In MSIE6.0 you can block (and I believe it's default) secondary cookies, meaning cookies originating from secondary items like banner ads. This actually blocks doubliclick in the right way. Think about it!
Cookies are a good thing. And people are generally way too paranoid. "I have disabled cookies" is really a sad statement.