DoubleClick DoubleCross 507
Slav writes "We've known for a while that tracking of Web users was possible and a few companies have been experimenting with it on a small scale. Now DoubleClick, Inc. has confirmed that it's tracking Web surfers [by name and address] with the help of the databases of its newly acquired Abacus Direct." Every site that you visit which has a DoubleClick ad - all 11,500 of them - can be notified of your name, address, phone number, etc., as soon as you visit the site. Or to look at it another way, your consumer profile in the gigantic Abacus database (hundreds of fields of data for essentially every person in the United States) will now include information about what Web sites you visit.
IANALAY? (Score:3)
Is there anything in the electronic privacy act or any other such legislation that gives the courts a way to stop DC from doing this? There are an awful lot of non-Slashdot users out there who have no idea they are being tracked. If I start finding Web hit logs in my TRW statement, I'm going to be pissed.
Re:This Might Sway Some (Score:2)
Y'know, if Hitler saved a kitten from the cold, then, in fact, he WOULDN'T be ALL bad. That's exactly right. In fact, Hitler wasn't ALL bad. There were many GOOD things that he did, that simply happen to be overshadowed by all the VERY BAD things that he did.
There is no single person without ANY redeeming qualities, and there are no people that act purely out of [evil|anger|rage|etc]. Nobody (at least that I know of (yes, I know of Manson, et al.) is ALL bad. Everyone has some redeeming quality, no matter how slight. Even Uncle Billy.
Thank you for this time to make a fool of myself.
Re:Should we trust Doubleclick not to track us? (Score:2)
I just opted-out, and checked my double-click cookie. It now contains simply "OPT_OUT", with no extra characters (IE 4.5, MacOS). I don't see how they could possibly track my individual site visits with that.
I'm actually quite happy with doubleclick about this. I hope they keep their word, and don't send me a new unique id cookie at some point.
- Isaac =)
Time to start poisoning those pigeons. (Score:2)
More effective than singing a bar of Alice's Restaurant, anyway.
Internet == Advertisers? Bullshit. (Score:3)
Give me the web minus advertisers any friggin' day. I don't want the ads, and I don't care if the sites that depend on them go away (including this one which I spend so much time on).
If that means we go to a micropay system, that's fine with me -- I do however expect my ISP costs to go to $0 -- no InterLATA charge, no upstream provider costs, no "what the hell is that fee for?" -- $0.
The advertisers' retort is that they provide a valuable referral service for businesses/websites that would otherwise disappear. If micropay comes onto the scene then so do microcredits for referrals, meaning that the role of advertisers is replaced by a less obtrusive referral system which eliminates the data-hoarding third-party which will continue to sell us out in ever more creative ways.
The elimination of ubiquitous advertising would decrease by approximately 10% on average the amount of bandwidth consumed by web traffic. I am paying my ISP costs to fund infrastructure so those amoral cons can get rich? I am supporting their banner services to enable sites, the majority of which I would never even care to go to, to exist on impression revenues?
Essentially we have a welfare system where poor sites which could not otherwise exist can rake in money from ad revenues and become hugely profitable (andover anyone?) at the expense of the privacy and bandwidth of net users. Let's go to micropay. Shut down the advertisers. Dump the sites if they can't make a buck. If they can't survive under micropay (i.e., no readers were willing to pay for their content) it is an indication there was nothing there worth paying for (and hence they were abusing this welfare system) anyway.
Even under a micropay system many users will prefer to view ads instead of actually paying monetarily for their content (note this is different than not paying). The option of choosing which is the important thing -- a true "opt out": no ads, no doublecross, just "here's your penny, now gimme my page". This would, of course, have to be realized at the ISP level most likely ...
Bocking DoubleClick at the firewall ... (Score:2)
Serious, Re:Lets all use the same cookie! (Score:2)
Bad (Score:2)
(I'm not a novice; I just want a list of any products/free packages to get current info)
Couldn't the database be poisoned? (Score:2)
So would there be some cool way for us Internet type folks to poison the database with fake entries, bogus cookies? Make it so they couldnt' tell real visitors hitting legitimate banners from say, an orchestrated champaign of spoofed visitors, visitors who want their privacy kept private?
Can this be done? Would this be legal?
Re:Time for a new Mozilla module. Any volunteers? (Score:2)
If I connect to a site, say, http://www.yahoo.com, and it references some content (graphics, whatever) not on a server in "yahoo.com", no cookies are sent.
Re:You have mail! (Score:3)
I wrote a perl script [festing.org] that does it. You just make a .cookies.allow text file in your home directory, have the script run as a cron job, whenever you start/stop Netscape, or any other time you feel like it. It wipes out all cookies except those from sites specified in the .cookies.allow file.
Hope that helps!
Re:Another solution (and a rant) (Score:2)
Much simpler than any swaping scheme.
How to get rid of doubleclick (Score:2)
A hint: cat >>/etc/hosts <<'EOF' 127.1.0.1 ad.doubleclick.net EOF cat >>/etc/httpd/conf/httpd.conf <<'EOF' <VirtualHost 127.1.0.1> ServerName ad.doubleclick.net AliasMatch .* /home/httpd/icons/spam.gif </VirtualHost>
That's what I've been doing for the last year or so. It is just sooo pleasant. Also, it reduces the load times somewhat. And you can customize your spam.gif icon.
If you aren't root on the machine you use, you have to LD_PRELOAD a bogus gethostbyname() that will similarly redirect ad.doubleclick.net. I've done this, but it's a pain.
Another solution, of course, is to use a proxy such as junkbuster. Unfortunately, I know no proxy that has satisfactory HTTP/1.1 semantics.
Re:Shop button (Score:4)
You can disable the My Shopping button and Netscape Radio feature by editing the prefs.js file.
To disable the My Shopping button, open the prefs.js file and add the following statement:
user_pref("browser.chrome.disableMyShopping", true);
To disable the Netscape Radio plugin, open the prefs.js file and add the following statement:
user_pref("browser.chrome.disableNetscapeRadio", true);
Its ~/.netscape/preferences.js on unix, but it works fine.
Our privacy is already gone... (Score:2)
You can't do ANYTHING USEFUL on the web these days without filling out a user profile. For example, last night I went to do a Smart Update for Netscape, and I was asked to first create an email account by filling out a profile (What?!? I just want the stupid software update, not a long-term relationship!). Windows 98 has a feature where it can now download via the internet the latest drivers for your computer...but first, tell us about your first born.
The problem is so bad that the Mac version of IE has an AutoFill button to give out all of your personal info with a single click (granted, a nice feature, but the very fact that it rates inclusion in the program says something about how often surfers have to fill out profiles).
Don't look for the big battle, because consumers have already lost the war in the trenches.
Re:cookies... (Score:2)
Re:One possible way? (Score:2)
Yes, it's actually a cute little hack... It's a text file with lines ending in \n\n\r, i.e. two carriage returns, then a line feed: 0D 0D 0A in hex. Most text editors will convert this weirdness to more traditional line endings, at which point Navigator knows some hapless luser has edited the file.
Simple solution: use a hex editor (or, of course, a capable enough text editor). For the record, I use the "Accept all cookies" option with a read-only cookies.txt that contains only a small list of hand-picked cookies (Slashdot, for instance). Works splendidly.
Re:How to get rid of doubleclick (Score:2)
Re:Anyone looked at DoubleClicks privacy notice? (Score:2)
Re:Opt-Out (Score:2)
And if you still don't trust them (Score:2)
--
Re:doubleclick (Score:2)
True, though it is probably wiser to reject all cookies by default and only enable them on sites that you know you need them for. After all, doubleclick might for some reason use a different server name at some point, or an IP address. And doubleclick is not the only potential nasty out there.
This problem is so very easily solved. Add "only accept cookies originating from the server that you see in the URL" (ie. that owns the HTML document or top frameset) to browsers like IE that don't have it, and make it the default option for all browsers. Legitimate sites disabled approx. zero. Doubleclick dead in the water.
Wonder how much money Microsoft could extort from doubleclick by threatening to do this? :-) Go MS!
--
This comment was brought to you by And Clover.
Re:Lets all use the same cookie! (Score:2)
On NT it in \WINNT\System32\drivers\etc (Score:2)
Re:EVERYONE E-MAIL THESE ADDRESSES (Score:4)
---
Simple, Existing Technical Solution (Score:2)
Re:Opt-Out (Score:2)
Re:Opt-Out (Score:5)
Consider commercials versus tele-marketers. I'd prefer that the companies calling about all their crap would do commercials/banner-ads instead of calling me. That way I won't feel so violated when they pitch their products. When you call me day and night about some crap, even something I might want to buy, I can't just say "I don't wanna hear it, so I won't answer the phone." I pay for my phone, and I do expect that friends and family wanting to talk to me will call me from time to time. With commercials/banner-ads, I can choose to watch the ad, switch the channel, scroll the page, etc if I dont't want to hear your pitch. What I find happens often with both commercials and banner ads, is that since I only see them on the channels/sites where I have an interest,(as opposed to just being displayed on my screen from time to time the aol or geocities way) they are far more likely to be an ad for something I'm interested in. So I'm more likely to listen, read, inquire + buy.
In essence what I'm saying is that yes, we do get something back from advertising in the form of:
- information about new products and services
- financial support for sites/channels/shows that otherwise would not exist, or would have to charge for access
- increased competition from content providers to attract and hold our attention (to help bring in the ad revenue of course)
- sometimes entertaining ads
so you see, banner ads, or even cookies, are not the problem. The problem with the double-click thing is that the web surfer is being covertly tracked and logged in their travels around the web. Filtering out _all_ ads/cookies wil not simply subvert doubleclicks attempts at tracking you, but it could stifle the means by which many a web site makes the $$$ to keep serving up that porn^H^H^H^Hcontent, yeah content, that's the ticket.Of course, you are free to chose whether you, or the network you manage, will participate in the whole banner ad/cookies thing. I would be cautious however in choosing to replace banner-ads with banners of your own making. You could be opening a can of worms in regards to redistributing or modifying the copyrighted content of a particular web site. Several web sites have won lawsuits claiming that by altering their content, or putting it in a frame, you are violating their copyright on the content. It's the notion that ISPs have "common carrier" status that grants them some immunity from this kind of suit. However, if you start selectively modifying the ads that come through, you may be crossing that line from ISP for your students, to being a content provider. I would simply allow or deny all ads to keep that line clear. Otherwise, you could simply sell the (cached) banner ad space to advertisers who want to reach your students. Again, an extremely risky proposition.
-earl
Probably -- misrepresentation & fraud (Score:3)
If a company says it's going to do one thing, then does another, then they're open for a whole mess of legal problems -- misrepresentation, fraud, etc. A legal friend of mine is interested in pursuing this idea on the spam front -- include a header which says "this message is not spam", allowing people to filter on it. Including this header (a non-default, BTW) in mail which is spam then becomes legally actionable.
Similar logic applies to Doubleclick. Do I give them the chance. No.
Yes, the law can be your friend.
What part of "Gestalt" don't you understand?
Re:Anybody have a list of Dblclick sites? (Score:2)
Doubleclick when I was there wasn't matching cookies to names and addresses because they knew people would holler like mad if they thought they could be tracked down like that.
I don't think you really have to worry about getting junk mail or anything as a result of the info they have. Then again that may have changed in the year since I worked for them, who knows.
Re:Cookie crumbs (Score:2)
From RFC2109:
To prevent possible security or privacy iolations, a user agent rejects a cookie (shall not store its information) if any of the following is true:
- The value for the Domain attribute contains no embedded dots or does not start with a dot.
- The value for the request-host does not domain-match the Domain attribute.
- The request-host is a FQDN (not IP address) and has the form HD, where D is the value of the Domain attribute, and H is a string that contains one or more dots.
Basically, 1 means you can't set a cookie forHowever, I've seen the last one uses more and more by sites, hotmail being one example. One of Hotmail's servers lc2.law5.hotmail.passport.com sets a cookie for
This may not seem a problem if you usually browse sites with
--
Fight Back!! Re:Time for a new Mozilla module. (Score:2)
Of course, you should be able to specify the domains that you always accept cookies from, and the domains that you never accept cookies from. But, what could be an entertaining third option would be to send a fake cookie to the domain. I'm thinking of some simple configuration where you could set a fixed prefix, and have it add the right number of numbers and/or letters onto the end of it. Lot's of sites just use something simple like:
"ID=nnnnnnnnnn". So, you just make up a random number each time you send them a cookie. End result? Their database starts filling up with random junk, and/or their error logs start growing with strange errors. If enough people were doing this, it could become a real headache for the cookie monsters.
Another interesting possibility, which is more involved, is some sort of anonymous cookie exchange. When your browser got a new cookie, it could automatically upload it to the cookie exchange server. The server would then send you a whole list of other matching cookies to use randomly. This would prevent the cookie sites from using large cookies with CRC's or MAC's to detect spoofed cookies. Since they would all be real, legit cookies, they would all be accepted by the tracking site. End result? Lots of random records with little to no marketing value.
I doubt that Netscape or IE would ever decide to pick up such a feature, but that's the great thing about Mozilla. They don't have to.
Junkbuster! (Score:2)
You may want to take a look at setting up a Junkbuster [junkbusters.com] proxy server on your web browsing machine. There are proxies for *nix and Win32. I've set 'em up on my FreeBSD box, my NT box, and my Win98 box, then configured my web browsers to use the appropriate proxy. It's sweet!
Re:Yes, yes, yes, yes, yes (Score:2)
My blocklist is available here [cloudmaster.com], and via anonymous rsync at rsync://cloudmaster.com/redir/redir
Assuming you already have squid up and running, you can just
- mkdir
/var/squid/blocker - echo "redirect_program
/var/squid/blocker/squid.redir" >> /etc/squid.conf - rsync -v rsync://cloudmaster.com/redir/*
/var/squid/blocker - cd
/var/squid/blocker - make
At least, I think that will likely work. You get the point...Re:Dynamic IP? (Score:2)
The tracking works regardless of IP address because the information is stored as a cookie. The cookie remains consistent on your browser even if you change IP addresses.
---
Interesting... (Score:3)
The difference: DeCSS was made under a non-profit situation. DoubleClick's tracking reeks of commercialism.
Information wants to be free. But DoubleClick wants to sell the information. Information it didn't even let the people know it was gathering. There is your difference for you.
Mozilla open source solution (Score:2)
Is it possible to do IP spoofing via a browser? Never mind the cookies, they will track us with IP addresses. What I want is a button on mozilla that toggles whether I reject cookies, adds and spoofs my IP address or recieves cookies, ads and sends my real IP for any given site I am looking at, in real time. Is this possible?
This may become the biggest issue on the net. Most slashdotters can probably figure out how to avoid tracking but we need a solution for idiots.
I would love to hear suggestions.
All of Doubleclick's Networks! (Score:2)
ipchains -A output -d 199.95.206.0/24 -j REJECT
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 199.95.208.0/24 -j REJECT
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 63.160.54.0/24 -j REJECT
ipchains -A output -d 208.211.225.0/24 -j REJECT
ipchains -A output -d 208.10.202.0/24 -j REJECT
ipchains -A output -d 216.94.59.0/24 -j REJECT
ipchains -A output -d 208.228.78.0/24 -j REJECT
ipchains -A output -d 208.228.86.0/24 -j REJECT
ipchains -A output -d 209.167.73.0/24 -j REJECT
ipchains -A output -d 208.229.75.0/24 -j REJECT
ipchains -A output -d 208.203.243.0/24 -j REJECT
ipchains -A output -d 204.178.112.160/24 -j REJECT
ipchains -A output -d 204.253.104.0/24 -j REJECT
ipchains -A output -d 216.230.65.0/24 -j REJECT
ipchains -A output -d 63.77.79.0/24 -j REJECT
ipchains -A output -d 128.11.60.0/24 -j REJECT
ipchains -A output -d 128.11.92.0/24 -j REJECT
ipchains -A output -d 199.95.210.0/24 -j REJECT
ipchains -A output -d 199.95.206.0/24 -j REJECT
---
FYI, there is an Open Source option (Score:2)
I don't have any problem with your endorsement (it is useful information, after all), but For Your Information, there is an Open Source product available that blocks banner ads, cookies, and such. Source available, no cost, and protected by the GPL [fsf.org], it is called "The Internet Junkbuster" and is available for free download from www.junkbusters.com [junkbusters.com]. It functions as a proxy server, and guards your privacy.
Just FYI.
Boycott doubleclick SPECIFICALLY (Score:2)
Blocking all ads from all ad companies won't do much good, the market will shrink a bit bit the percentages will be about the same. The answer is to specifically block doubleclick (and any others that start tracking name/address etc.). That way, a specific practice is punished, and not doing that is rewarded. It also sends a message to DoubleClick's clients "your ad isn't being seen, but it WILL be if you get rid of DoubleClick and choose another ad company". To advertising supported websites it says "You'll get more clickthrough pay if you switch away from DoubleClick".
That DOUBLES the impact of the boycott.
Now for some notes on blocking DoubleDlick. First, they use round robin DNS and several different address blocks. If you don't firewall every last one of them, you will get their ads. They have some sort of odd DNS system that assigns addresses to ad.doubleclick.net based on network latencies which they measure by sending packets to port 7 (TCP echo service). I know this because they triggered portsentry on a network I am responsable for and they explained that when I emailed root about it.
The easiest option if you are on a Unix system is to use a local DNS server and set up doubleclick.com and doubleclick.net as master zones. That will cause name lookups for doubleclick to fail.
I would like to firewall their address blocks as well for good measure. Does anyone have a list of all of the addresses assigned to them? I did do dns lookup and check the returned address with rs.arin.net, but the IP is a non-portable address owned by above.net.
Dataprotection Act : EU and UK (Score:2)
Why doesn't the US do somthing like this? Its not about interfereing with your rights, its to stop business from abusing your information.
Spreading the word. (Score:4)
Its not enough for geeks to opt out. We need to get the whole 'net to opt out. Attached is the email I sent to about 20 people. May I suggest that all of you go and do likewise?
--
Distribution of this memo is unlimited.
Since I am probably the biggest spam-hater alive, you can imagine for me to originate one of these chain things is pretty unusual. (In fact, its more than unusual, its unprecidented). Nevertheless, I think that the danger to our society (and the internet as a whole) represented by the situation I am about to describe is great enough that I will take the flames and pass this on.
There is a company called "doubleclick.com". They provide the little banner ads that you see on most web-sites nowadays. That is, when you pull up a web page with advertising, the company making that web page points your web-browser towards DoubleClick's web servers to get an appropriate ad. DoubleClick then pays the company if you click on the ad (anywhere from 1 to 10 cents for a click-through -- if you just look at it, they often get some small fraction of a penny for showing it to you).
In order to target the ads, DoubleClick sets what is called a "cookie" in your browser. This cookie uniquely identifies your computer on the internet. DoubleClick uses this information to target advertisements towards you based on your previous viewing patterns: if you typically click on ads for computer hardware, DoubleClick will show you lots of ads for computer hardware. However, all of this is still anonymous.
That is, it was thought to be until the following story came out:
To summarize, the above story relates how DoubleClick bought a direct marketing company called Abacus Direct. Abacus Direct maintains a database covering over 90% of all American households. And DoubleClick acknowledges that they have begun linking Abacus Direct's database with theirs.The net effect of this is that, for a price, a vendor can get your name, address, phone number, /and/ your reading habits. They can find out what newspapers you read (over the web), what web sites you visit, etc. They can find out what products you buy -- it is simple to link information from amazon.com to doubleclick as well. They can then use this information to target advertisements at you.
Many people don't see the problem with this. May I suggest that you consider this: the express purpose of advertising is to get you to buy things which you would not ordinarily buy. That is, the perfect person in their eyes is a profligate spend-thrift. Happiness through possesions is the mantra they push.
The advertising industry has already demonstrated that they will stop at nothing to sell products. For example, consider that the "June Cleaver" perfect housewife of the 1950's is acknowledged to have been created by and for the advertising industry! Or consider some of the tactics used by the baby formula companies to get mothers to not breastfeed, despite the acknowledged medical fact that breast-feeding is far better for the child. (Some of the tactics used in developing countries were exceptionally gruesome.) What about the toilet-training "experts" who are employed by the diaper companies? Ever wonder why we suddenly need Size 5 Pampers?
We have already seen what advertising can do with statistical sampling alone: what will they be able to do with specific data about you? That is, what will happen when, instead of marketing to a mythical (but frighteningly accurate) average household, they are marketing to you personally?
Fortunately, there is a way out. You can visit:
And decline to have your information tracked. I highly recommend it. I could go on for pages about why this is important -- the point is that once we have given Madison Avenue this power, we will never be able to take it back. The time to opt out is now.Data Mining (Score:3)
Should you be allowed to know i have a history of cancer in my family before i buy insurance from you?
127.0.0.1 (Score:4)
Sorry 'bout the heavy MS content.
Re:Yes, solution for IE (Score:3)
How to do it [cjb.net]
You can do better. :-) (Score:2)
With a little Perl/Python/whatever hackery, you could easily create a script to randomize you cookie files. It's easy, you just open the file, read the cookie values, change a few random digits here and there, and write it back out. Ideally the new cookie should have the same format as the old one, so that it looks like valid data even though it's random junk.
Then set up a cron job to run this script at regular intervals. And set your browser prefs to just accept all cookies, because you know they're going to get scrambled anyway. Voila, every day you are a different person to the likes of doubleclick. But they can't tell that they're getting bogus data, and so they aggressively attempt to target market these random non-persons.
The only thing to keep in mind is to periodically quit/restart your browser, so as to wipe out any memory-resident cookies.
I did this at my last job, but I lost the script in transition and haven't gotten around to re-creating it. But it's easy for anyone with even a little bit of Perl skill.
Great idea! (Score:2)
I really like this idea. This should definitely be added to Mozilla. The way to combat these sort of practices isn't just to block them, but to make them impractical/unprofitable.
New XFMail home page [slappy.org]
Re:Should we trust Doubleclick not to track us? (Score:2)
Hell, I occasionally (like once every few months) even click on one.
Privacy Statement Lies (Score:3)
In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address.
This, as we now know, is untrue. Granted, they collect it from another server, and not from you, but they still collect it when they send you an ad.
Liars.
-Waldo
Opt-Out (Score:5)
I am the administrator of a few web caches (I use squid) and I've started blocking web ads a while ago, replacing them by one-pixel blank gifs. It probably fixes the problem...
Re:Privacy... did anyone else notice? (Score:2)
EU e-commerce laws, apparently, are similar to this though, mainly dealing with credit card info and other stuff. Sorry, I have no link, but I recall that the EU has some policies that to do e-commerce with the EU, you must follow their strict privacy rules.
ie: contact/name info can be provided for payment, but it is *forbidden* for the company receiving it to use it for anything else.
And you are right.. it is completely screwed up that these companies can tell DoubleClick who *I* am, as their customer, but DoubleClick cannot tell *me* about their customers
Comparison (Score:2)
I haven't downloaded Stefan's junkbuster, but reviewing his page:
What part of "Gestalt" don't you understand?
Re:Bad (Score:2)
And for all you Linux guys, do the same thing, except to the
Another solution (and a rant) (Score:3)
The simplest method would be to either block all traffic from doubleclick.net, or frequently go on search-and-destroy missions through your cookie files, looking for doubleclick.net cookies and systematically removing them all from your system. Profiling cannot work if the ID code is no longer valid.
Another method that would take more effort to set up but can potentially cause irreparable damage to the usefulness of the cookie as a profiling tool follows. Set up a central web site for doubleclick.net cookies. Users of the site would download special software that swaps cookies. Then the software would upload your doubleclick.net cookie, and you would receive another random cookie back. Swapping cookies like this destroys them as a tracking resource.
This isn't illegal, but doubleclick.net may decide to sue the site to force them to stop trading cookies in this way anyway. If this happens, all the users on the site can then launch a class action countersuit against doubleclick.net with the goal of forcing them to stop profiling. For example, does it constitute illegal wiretapping? And does doubleclick.net have a valid end-user licence for the use of the personal information in this way?
Everyone, please remember the horrendous Orwellian scenario that already exists when profiling is combined with Web Bugs (also more euphemistically known as clear gifs). Web Bugs are small (typically 1x1 pixel) clear gifs that are found on the bottom of web pages that inform the owners that the page has been loaded. Doubleclick.net already know what pages you visit, a lot more than you think. And it's happening now.
Doubleclick.net are not the only net terrorists that are acting this way. They are merely the most prominent, and the first that have actually admitted to the practice. Where I refer to doubleclick.net here, substitute many other ad banner companies freely.
If you want to boycott companies, the following need to be boycotted, in order of importance:
--
doubleclick (Score:3)
Note also that you will only be associated w/ the database if they have some way to associate you w/ your entry in their database. Once your cookie is there, though, they will know.
Re:Bad (Score:3)
--
Additional Information & Links (Score:3)
DoubleClick's Privacy Policy. [doubleclick.com]
Information Collected in the Process of Delivering an ad by DoubleClick [doubleclick.net]
Doub leClick "Opt-Out" Option (how-to) [doubleclick.net]
info@doubleclick.net email address [mailto]
rm -rf cookies.txt (Score:2)
E-Mail Response From DoubleClick (Score:2)
Wednesday, January 26, 2000 3:22 PM
"Waldo L. Jaquith"
RE: Privacy Statement
Thank you for contacting DoubleClick with your concerns. Protecting the
privacy of consumers is of paramount importance to DoubleClick. We are
founding members of several organizations (NetCoalition.com and Network
Advertising Initiative) that are currently creating standards that protect
online consumer privacy, and belong to the Online Privacy Alliance. First
and foremost, we want to make sure that you understand exactly what we do,
and to clear up any misperceptions that exist in the media or marketplace.
First, it is important to understand that Web advertising is critical to
ensuring that consumers like yourself can continue to access Web sites at no
cost. . Effective Web advertising assures that the Web's information,
content, and resources remain free for everyone.
Second, we would like to clear up a huge misconception in the marketplace
that companies such as DoubleClick have the ability to "track" what an
Internet user is doing throughout the Web without their knowledge or
consent. The fact is that the only time DoubleClick knows when a user
visits a Web site is if DoubleClick is serving an ad to that particular Web
site. Even then, the information that is collected by DoubleClick is used
only for advertising and reporting purposes, so that our customers can gauge
the effectiveness of their advertising campaigns.
DoubleClick does not know the identity of any user to whom DoubleClick
delivers an ad until and unless that user has been provided notice about and
consented to having his or her identity used in connection with serving
advertising and other online marketing services.
You should also know that DoubleClick does not sell any information
collected from cookies to third parties. DoubleClick has an explanation of
what a "cookie" is and how it is used on its Web site that we invite you to
read at http://www.doubleclick.net/privacy_policy/.
Simply put, cookies are small text files that are sent to a user's hard
drive in order to facilitate surfing on the Internet. They are commonly
used by Web sites to maintain a customized environment for each user and to
make it easier for customers to purchase goods and services. DoubleClick
also uses cookies to limit the number of times a customer sees an ad, which
our customers have told us is important to them. We also use them to
measure ad effectiveness on behalf of advertisers and Web sites with which
DoubleClick does business.
However, please be assured that until, and unless, a person chooses to
provide personally identifiable information to a Web site, DoubleClick has
no way to know their identity. All DoubleClick knows is that a computer's
browser is visiting the site.
Finally, we want you to know that DoubleClick does create profiles about
consumers solely in an attempt to deliver ads that the user may be
interested in viewing. Again, DoubleClick does not create a profile about
any user unless that consumer has received notice and the opportunity to opt
out from such profiling. Moreover, DoubleClick does not create profiles that
contain sensitive information such as a consumer's medical information.
Consumers can absolutely choose not to accept DoubleClick cookies or to
receive ads tailored to their personal information by opting out at
DoubleClick's Web site at
http://www.doubleclick.net/privacy_policy/priva
We hope that you will take a minute to read the complete discussion of what
information DoubleClick does collect and how it's used. Please visit our
privacy policy on our Web site at
http://www.doubleclick.net/privacy_policy/. The page also provides you
with the opportunity to opt out from DoubleClick's cookies.
If you need more information about DoubleClick please feel free to contact
us at 212-683-0001.
Again, thank you for contacting us with your concerns. We hope that this
letter has helped to clear them up and that you will contact us if you need
more information.
Sincerely,
DoubleClick, Inc. (NASDAQ: DCLK)
http://www.doubleclick.net
Re:Bad (Score:2)
in general, cookies are OK, and quite useful, for short-lived browser/server interaction state keeping. There is no real need for long-term cookies; at worst you'll have to enter a password a few times more. And clearing your cookie file very effectively dissociates any further browsing from any profile doubleclick may have of you.
Re:Bad (Score:3)
Re:Should we trust Doubleclick not to track us? (Score:2)
Well, yes, on some extremely ad-heavy and poorly-designed sites that assumed the ads were there. Small price to pay...
--
Re:Another solution (and a rant) (Score:2)
You have mail! (Score:4)
Well, I'm sure that going a little far, she probably will only be getting free samples of KY jelly in the mail and a free issue of Jonny Leatherpants and his Magic Nipple Clamps.
But in all seriousness, I thought the FTC was tring to cut down or make on this kind of thing illegal, *and* with the whole Pentium 3 serial code fiasco, it is painfully clear that people value their privacy on the web.
Anyone know of a site or utility to clear out certain cookies like these, but leave the nice ones in like Slashdot?
Big Brother (Score:2)
George W. Bush-- Not a crackhead since 1974!
Ad and cookie blocking for Windows (Score:2)
To stop this stuff, and also save on bandwidth, I use AtGuard [atguard.com]. It filters cookies on a per-site basis, and also blocks access to URLs containing certain sub-strings (which can also be configured on a per-site basis). Overall a really cool and useful program which deserves to be far better known.
Unfortunately I've just discovered that WRQ (the creators of AtGuard) have sold the rights to Symantec [symantec.com], and its now part of Norton Internet Security 2000 for almost twice the price of just AtGuard. But you get a virus scanner as well. Ho hum.
Paul.
Re:IANALAY? (Score:2)
Offtopic: domain sorter script (Score:2)
#
# usage: domain.sort.pl < listofdomainnames > sortedlistofdomainnames
#
# Sorts by each domain, so all *.com's are sorted together, and
# all *.abc.com's are sorted together near the top of all *.coms, etc.
# Doesn't sort dotted IP4 addresses well, but doesn't mangle them either.
sub reversehost
{
my @terms = split(/\./, shift);
@terms = reverse @terms;
join('.', @terms);
}
sub main
{
my @lines = <>;
foreach my $line (@lines)
{ chomp $line; $line = reversehost($line); }
@lines = sort { $a cmp $b } @lines;
foreach my $line (@lines)
{ print reversehost($line) . "\n"; }
}
main();
1;
"This is not spam" (Score:2)
I already filter on messages that say "This is NOT SPAM". They go straight to my spam folder. Haven't had a false positive yet.
Re:utility that will accept, then delete a cookie (Score:2)
Maybe it could happen in Mozilla?
Web logs still leak info; opt out *completely* (Score:2)
I'm doing this under IE4.0 at work. The HOSTS file is useless since all HTTP traffic goes through a proxy, but going into the advanced-proxy configuration allows one to specify sites which should not be accessed through the proxy. Routing these to the local network gets them blocked at the firewall, and they time out. This is better than blocking cookies, because the ad site never gets to see an IP address, let alone the http:referrer field.
Something to be aware of: Even if you use the write-protected cookie file trick under Netscape, if you accept a cookie it will still be active until the end of your session. This means you will be letting Doubleclick/Abacus connect your hits to your name and home address, at least for the rest of your surfing that day. Blocking all access to Doubleclick costs them a lot more.
Slashdot serves a lot of its own ads, which I still see (of course). I will happily patronize Slashdot, because I doubt it is going to sell my private information to anyone or track me between sites. Doubleclick, flycast, bfast, hitbox and the rest are not so friendly, and I think that sites which use their services should not be given the benefit of the doubt (or the revenue).
Here's my current blocklist (pardon the formatting): ;ads16.focalink.com;redherring.ngadcenter.net; ads.guardianunlimited.co.uk; media.preferences.com;excite.com; stats.superstats.com;mojofarm.mediaplex.com
a32.g.a.yimg.com;valueclick.com; mojofarm.sjc.mediaplex.com;www.burstnet.com ad-adex3.flycast.com;ads17.focalink.com; ad.doubleclick.net;ad.uk.doubleclick.net; a1.g.a.yimg.com;ad.preferences.com; barnesandnoble.bfast.com;ads.enliven.com; ads09.focalink.com; view.avenuea.com;ads.i33.com;ads.bfast.com; adserver.track-star.com;ads.admaximize.com; ads24.focalink.com;banners.orbitcycle.com; adforce.imgis.com;service.bfast.com; ph-ad04.focalink.com;leader.linkexchange.com; adex3.flycast.com;Ogilvy.ngadcenter.net; ads18.focalink.com;ads06.focalink.com; van.ads.link4ads.com;view.accendo.com; ads19.focalink.com;ads21.focalink.com; thinknyc.eu-adcenter.net;ph-ad05.focalink.com; ad.doubleclick.net;barnesandnoble.bfast.com; gm.preferences.com;newads.cmpnet.com; ads25.focalink.com;ads22.focalink.com; app-05.www.ibm.com;cookies.cmpnet.com; ads20.focalink.com;idealab-ad.flycast.com; ph-ad07.focalink.com;ads15.focalink.com; ads10.focalink.com;ad.ca.doubleclick.net; static.admaximize.com;ads.dallasnews.com; realmedia.com;www.rbiproduction.co.uk; w131.hitbox.com;ln.doubleclick.net; c1.thecounter.com;ads23.focalink.com; maximumpcads.imaginemedia.com; maximumpcads.snv.futurenet.com; www56.valueclick.com;ads05.focalink.com; kansas.valueclick.com;oz.valueclick.com; ads07.focalink.com;ads12.focalink.com
--
Shareware tools for windows users (Score:2)
If you're a windows user like I'm forced to be, I strongly recommend AtGuard [atguard.com]. It was recently bought out by Symantec, but I think you can still get trial versions and stuff.
The way this thing works is that it scans TCP/IP requests and never transmits the ones matching a certain pattern. I end up seeing less than 0.1% of the banner ads on the 'net, and when I do see one, I just add the relevant pattern to my block list and never see ads from that site again.
AtGuard also does one more amazing thing -- it stops animated GIFs from looping. About time!!
Along with AtGuard I use Cookie Pal [kburra.com]. It basically intercepts the Netscape or IE cookie request dialog, and handles it. What makes it better than Netscape or IE is:
Eventually (once it's more stable and I have more time) I plan to get Mozilla and, if someone hasn't done it first, add all these features to the source. At one point I had read enough of the Mozilla source to know how to stop the animated GIFs but I never got around to adding the changes. Until then these tools are amazing and I can't recommend them enough.
Moderators: I know this is endorsement of commercial Windows products by a Windows user. I know it's not accompanied by the requisite amount of Slashdot Windows trashing or anti-commercial ranting, but let's face it, many of us have to use Windows, and many of us are willing to pay a few bucks for a good commercial tool when there's no open source alternative. Please help me get the word out and help people regain their privacy and freedom from advertising by bumping this up a couple of points. (And no, I'm not associated with either product, just a happy user).
Re:Should we trust Doubleclick not to track us? (Score:2)
So I just deleted the
Re:Couldn't the database be poisoned? (Score:2)
Re:Serious, Re:Lets all use the same cookie! (Score:2)
Exchanging cookies (like wearing and swapping masks) is a great twist on this concept. I like it.
--
Re:Time to Act on Privacy Issues (Score:2)
Government is not the answer to individual privacy, just as government is not the answer to individual security. Government can make it easier or more difficult to do these things, but ultimately it comes down to individual responsibility. Frankly, the best way for government to make anything easier is to get the hell out the way and let us do our thing. (Actually, the Europeans' various privacy legislation isn't such a bad attempt, but if you think the American Congress is going to pass any such thing, I have a steak dinner that says you're sadly mistaken.)
Folks, our privacy is being taken away with technology. We can use technology (or the lack of it) to fight this. Junkbuster is an excellent example. Refusing supermarket club cards, and choosing who you shop with by how they respect your privacy, is another. Joining EFF, and contributing to other worthy organizations like EPIC, is yet another.
We might be able, over time, to bludgeon the rotters in the District O'Crime into respecting us... which is why EPIC and such are worthy causes. But for the nonce, we are far more effective at protecting our privacy as individuals than as subjects of the Imperial Federal Government. IF your congresscritter will listen, talk to him. My last one would not (in fact, she was a Communist... but I digress). But in the short term, protecting privacy is simply a matter of using your head and the word "no"... and voting with your feet.
Oh, one way to keep track of issues that I haven't seen posted here before: The Privacy mailing list, which IIRC is a digest of comp.society.privacy (not posting to Usenet is a good way to keep one's email private!), which is available from privacy-request@vortex.com. Simply being aware of what's out there is one of the best ways to run a clean operation.
In The Art of War Sun Tsu says that if you know your enemy, and you know yourself, you have already won half the battle. You can use the Net, one of the very things being used to take your privacy, to learn about the enemy. You can learn what it knows about you. And once you do that, you can then figure out how to control it, make it work *for* you. I leave the rest to the reader.
--
There is no spoon.
What doubleclick? (Score:3)
Server: line.ryans.dhs.org
Address: 199.201.131.225
*** line.ryans.dhs.org can't find www.doubleclick.net: Non-existent host/domain
Golly, my dns server must be misconfigured
Ryan
Re:Bad (Score:2)
--
Re:127.0.0.1 (Score:3)
Any chance someone could create a cookie we could all paste into our caches that indicates that every single one of us is the MPAA Executive Offices? Let Doubleclick track them. Somehow I think they might deserve each other.
--
Re:Netscape Configuration (Score:2)
Sorry to shout, but I fear many people share the same misapprehension. Cookies can be attached to images as well as to web pages. By attaching cookies to banner ads or invisible GIFs served from a common source, servers can pass information about you between themselves. Since the cookie comes from the same source as the image, the "Only accept cookies originating from the same server" option will gladly accept them. You must block or delete cookies if you wish to prevent this tracking. (Also note that even the mighty, mighty Junkbuster [junkbuster.com] won't protect you fully - cookies can still get thru in Javascript and SSL.)
For a detailed explanation see Chapter 9 of Phillip and Alex's Guide to Web Publishing [photo.net] (scroll down about halfway for the relevant section).
Re:127.0.0.1 (Score:2)
Want me to know about your sponsors? I won't feel the need to block a simple, plain text "Supporters of this page include...The Frobozz Corp, makers of fine Frobozz Grue Repellent." It might even give me a warm fuzzy feeling towards The Frobozz Corp, that a dancing grue animation never would.
Ad banners are dying, and I can't wait to piss on their graves.
Re: (Score:2)
*Ads* aren't necessarily bad... (Score:2)
Like it or not, advertising revenue pays for a substantial part of "The Internet" as we know it today. Yes, it probably would be nice if the whole thing was funded by magic, but it isn't, and banner advertising does provide a relatively straightforward way of funding lots of useful sites. There's nothing intrinsically wrong with provision of advertising space, and DoubleClick does do a pretty good job of selecting and targeting ad banners based on your cookie trail - no worse than anyone else, anyway.
However, the business of associating this cookie trail with your "real-life" name and address takes us into serious privacy issues - I'm not totally clear what the legal situation in the USA is, but in the EU they must provide an opt-out from such a system, and they must abide by it. Any evidence that they are failing to abide by the opt-out will be taken very seriously indeed by the data protection people. I'm sure a similar régime must prevail in the USA and elsewhere.
Let's not get carried away, folks. Don't confuse the "necessary evil" (web ads) with the serious privacy issue. Ads aren't necessarily bad, but DC and others have to abide by the rules of privacy, and these are legally enforceable.
Slight disclaimer : My fiancée works for DoubleClick, but the views expressed above are mine alone.
OK...everyone use this cookie (Score:2)
New XFMail home page [slappy.org]
Re:127.0.0.1 (Score:2)
Under Windows 2000 (and I would assume NT as well) this file resides in the c:\winnt\system32\drivers\etc directory, to be exact.
Re:127.0.0.1 (Score:2)
Just checked this out and verified it under Netscape 4.7 (again, under Windows 2000 Professional) and it works just fine, that is where ads used to be you just see the broken image box in it's place.
Oh. My. God. (Score:2)
I mean sure, this was something that was sorta expected when I first heard about this (some old slashdot story). But after realizine the implications of this I just have to say...Wow. Welcome to a new era of junk mail people. Ultimately that is what this will result in. Okay it might be a little more severe than that, but what I really think will come of this is that a few more of us might be getting doubles of the edmund scientific cataloge.
Okay, bad joke. This is serious. And I really wonder how the opt out link that they provide is used. Do you have to opt out for every IP address that you have? I opted out from my work IP but now I'm at home. Does that mean that evey thing I do from here they can track? What about people with dial-up connections? They don't have a static IP. Does this mean that they can't opt out at all? I'm kinda scared of the implications of this. For me I hope that it just means that I'll get more spam on my hotmail account. But still......
Pete
not viewing ads != stealing (Score:2)
"Stealing" is a harsh way to put it. What about people who browse the web with auto-load images turned off? I see nothing wrong with processing downloaded code and data as the user or administrator sees fit. People should in no way be obligated to endure ads or any other objectionable content.
The Internet is a public network. By putting up websites and serving requested information to users, site owners are freely offering and releasing information. Users may then store, process, act upon, or discard that information as they see fit. The fact that many sites are sustained by revenue from ads should not deprive users of those basic, reasonable rights.
In any case, I think that it is less ethical to covertly track and profile people than for people to set up their software to not request ads or accept cookies. People don't exist for the sole purpose of generating revenue.
Time for a new Mozilla module. Any volunteers? (Score:3)
It should make its way to the preferences section, preferably together with a cookie filter. By making it a standard part of Mozilla, it will pressure Netscape and M$ to copy the feature.
This way the user has some control of how much info he gives away by browsing. Anonimizing proxies are also a solution, but it's best to make a
Re:Data Mining (Score:2)
That's just paranoia, mostly it's manufacturers and retailers who want to be able to serve you better.
If that's all it is, then DoubleClick and it's business associates would be happy to tell us who is part of the program. No business serves a customer well by sneaking around behind their backs. If they want to listen to what I'm telling them, then they should listen to what I'M TELLING them, not covertly gather information that I'm NOT telling them.
Furthermore, unlike many of those programs, DoubleClick not only does this after explicitly claiming otherwise, but they share it around with many other companies quietly. Even if I had some sort of grocery card (I certainly don't!), the information is not available to other merchants the moment I walk into their store. With DoubleClick, it apparently is. This like many other things is marginally acceptable on a small scale but becomes grossly unacceptable when applied on a larger scale.
The only really postive thing that you can do is to fill out false and misleading information voluntarily...
That's great fun! Von Wilhelm, Hochkis. nationality: German. Occupation: Shepherd. Relation to family: Other.
I've secured the patent!! (Score:2)
Arm Yourself Against Spam (Score:2)
It is unfortunate that we have to go to the trouble of installing these things, but the only cost of running it is the time it takes you to install the software. on the other hand, you'll be protecting your privacy as well as your bandwidth.
Re:Opt-Out (Score:5)
The stats for the proxies, when merged together, give exactly this:
62.46% Global Hit-Rate
29.63% Doubleclick.net Hit-Rate
03.72% Doubleclick.net KB Transferred
By making a simple calculation doubleclick alone is using 7.84% of my bandwith, therefore increasing my monthly costs by more or less that amount. The connections we use have a base cost that's pretty low plus 12$ a gigabyte. So doubleclick (and other ad sites, but mostly doubleclick) is costing us a non-insignificant amount of money !
Now, I'm sure the stats are different than they would in another environement - this is an educational establishement so the sites visited tend to be more often the same, and a normal proxy would probably devote less bandwith to doubleclick.net, and a normal site would probably not pay for bandwith by the gig like we do.
The problem is, they're making money without us getting anything in return. I don't feel it's immoral to deprive them of their revenue as long as they won't compensate us at all. I think that if more proxy administrators start doing the same, or perhaps even replacing the doubleclick banners (that's pretty easy to do, and I am considering doing it), doubleclick will have to react and do something.
What I'd consider fair is for them to offer us a share of the revenue. It wouldn't have to be big.. And perhaps offer a solution to cache their ads more efficiently rather to get such a low hit-rate.
Please reply with any constructive input, I appreciate it
Cookie crumbs (Score:4)
- Most sites that I am personally interested in use very few or no cookies at all
- Many sites out there use an obscene number of cookies. 10-15 for 1 page is not uncommon. Regardless of whether you object to the privacy issues, this is bad design. I suspect that there are Web Authoring systems out there that enable cookies for every single page, image, and sound clip by default, and many of those cookies are not used for anything useful.
- Some sites have what I believe is a legitimate purpose for cookies. If I am not mistaken,
/. sets only 1 cookie on my machine and from this 1 cookie is able to do all kinds of user specific configuration - Other than for legitimate uses (user customation, on-line ordering, etc.,) (in which case I support accepting cookies) rejecting all other cookies on the web will not affect you web-surfing experience 99.44 percent of the time
- Fortunately, I usually find that sites that use lots of cookies are really not that interesting too me, anyway. Strange coincidence?
Of course, regarding the last point, there are some exceptions. I find Netscapes's cookie-handling policy, while better than giving no choice at all, does not offer enough flexibility for my tastes. I would prefer to be able to accept/reject cookies based on a set of filters and rules for domains, transaction types, etc. I believe lynx has some better capabilites than Netscape in this department.Further, I think it would be useful to have a set of switches that are easily accessible on the toolbar that would allow you to toggle cookie policy on the fly. This would be much more useful than the latest Netscape feature, the "Shop" button. What a waste of real-estate. It would be nice to get something like that into Mozilla. I'll start tinkering with the Mozilla source just as soon as it takes less than two hours to download via cable modem ;) Ramble, ramble, ramble.
Should we trust Doubleclick not to track us? (Score:4)
The thing is, do we want to trust Doubleclick not to track us personally, even after we opt out? I think it's less than prudent to put that kind of faith in a company that's been decieving us since last year.
A simpler (and more thorough) solution: block cookies from doubleclick.net. Hell, if you've got a firewall, block all packets to and from doubleclick.net. I, personally, can't see any reason to connect to a doubleclick server. Who wants the ads anyway? Same thing goes for preferences.com, flycast.com, and any other advertising company. I've been dropping all packets to and from the domains mentioned above, with no significant problems. Of course, I don't get to see those specially targeted banner ads, but I don't really think I'm missing out :)
--
Time to Act on Privacy Issues (Score:4)
Is there any alternative to these two options? You bet there is. The alternative is to empower individuals to police their own privacy. People shouldn't have to rely on the Federal Trade Commission or any bureaucratic agency to make sure their privacy is safe. This means making sure that every man, woman, and child has an ENFORCEABLE right to make sure their personal information is not used in a way they have not authorized. It also means making sure that all individuals have swift and certain REMEDIES against any business that (by negligence or deliberately) misuses personal data or fails to protect it.
This proposal would not be bad for business. To the contrary, it s essential to the viability of the new economy. Protection for individual privacy just provides a better incentive for business to be truly responsive to customer wants and needs.
Pipe dream? Not if enough people demand the rights they should already be able to enjoy. But the deal is ALREADY being cut in Washington next month to prevent YOU from exercisng the rights you should have.
Look at the list of panelists on what the Federal Trade Commission calls a "balanced" committee to examine how to protect consumer information. See http://www.ftc.gov/opa/2000/01/asrev.htm -- aside from one or two "token" privacy advocates, the whole panel is dominated by comercial internests -- such as representatives of the Direct Marketing Association AND the law firm that represented it (Piper & Marbury) AND several of its member companies.
So what can you do? Call your Member of Congress and both of your Senators. If you're really ambitious, call your state government representatives, too. For each office, get the name of the staffer who handles "Internet Privacy and Medical Privacy" issues. Tell that person that you are a constitutent, that you vote, and that it is important to you for Congress to empower individuals to protect their own privacy on the Internet. Ask if your Congressperson or Senator has a position on this issue, and if so, what that position is.
Then point out how you are upset by how the FTC has composed its Advisory Panel principally of industry representatives. Tell your elected officials that you do not feel safe when government agencies puts representatives of the Wolves in charge of writing the rules for protection of the Sheep.
If you learn anything particularly interesting on the subject, post it here on /.
Other contacts (who may have good ideas on how to get involved in making sure lawmakers make good rules) are Diedre Mulligan at the Center for Democracy and Technology, and Mark Rotenberg at the Electronic Privacy Information Center.
Re:Bad (Score:4)
I got a full list of their subnets through ARIN, conveniently listed below. Some of these guys may not actually be Double Click, but since they all have "Double Click" somewhere in their names, they all get blocked at my router level:
[root@foo
[arin.net]
Double Click (NETBLK-UU-208-211-225) UU-208-211-225
208.211.225.0 - 208.211.225.255
Double Click (NETBLK-UU-208-203-243) UU-208-203-243
208.203.243.0 - 208.203.243.255
Double Click (NETBLK-UU-204-178-112-160) UU-204-178-112-160
204.178.112.160 - 204.178.112.191
Double Click (NETBLK-UU-204-253-104) UU-204-253-104
204.253.104.0 - 204.253.105.255
Double Click (NETBLK-CYPC-2162306564) CYPC-2162306564
216.230.65.64 - 216.230.65.79
Double Click (NETBLK-UU-63-77-79-192) UU-63-77-79-192
63.77.79.192 - 63.77.79.255
Double Click Computers (NETBLK-DCLICK-T1-BLK) DCLICK-T1-BLK
204.186.74.0 - 204.186.74.255
Double Click Imaging, Inc. (ICO-HST) NS1.ICONETWORKS.NET 204.94.129.65
Double Click Imaging, Inc. (NET-DOUBLECLICK2) DOUBLECLICK2 192.65.80.0
Double Click, Inc. (NETBLK-DOUBLECLICK31-60-18) DOUBLECLICK31-60-18
128.11.60.64 - 128.11.60.127
Double Click, Inc. (NETBLK-DOUBLECLICK-92-19) DOUBLECLICK-92-19
128.11.92.0 - 128.11.92.255
Double Click, Inc. (NETBLK-DOUBLECLICK-210-08) DOUBLECLICK-210-08
199.95.210.0 - 199.95.210.255
Double Click, Inc. (NETBLK-DOUBLECLICK3) DOUBLECLICK3
199.95.206.0 - 199.95.209.255
Yes, yes, yes, yes, yes (Score:5)
...that's full agreement with all points above. For Linux users, deploying Junkbuster is as easy as downloading the RPM or DEB file and installing it. For Windows users, either NT or Win9x, you can also use the proxy.
Both the banner and cookie action are way cool. The following blockfile eliminates pretty darned near all the banner ads (and the sites associated with them if a full site or domain is listed). Note that I've allowed banners at a number of Linux-friendly sites, on principle, though you could change this if you wanted.
/*.*/ad/
/*.*/ads/
/*.*/advert/
/*.*/adverts/
a32.g.a.yimg.com/
ad.*.*
adforce.imgis.com/
adremote.*.*
ads*.*.*
doubleclick.net
image.pathfinder.com/sponsors*
preferences.com
sfgate.com/place-ads
Those few lines block virtually all the ad traffic I see.
For cookies, I block all, then selectively allow a limited number of sites with which I do business. Mostly message boards.
There was a really good program Online Profiling [npr.org] on NPR's Talk of the Nation a couple of months back. Other useful resources are Center for Democracy and Technology [cdt.org], and for a look at the other side, NetworkAdvertising.Org [networkadvertising.org] and Direct Marketing Association [the-dma.org]
If setting up a proxy is too much for you, the following tricks will prevent a permanent cookie file from being generated:
I'm not sure what the corresponding IE trix are. For Linux, lynx and other browsers can use the link to /dev/null trick.
What part of "Gestalt" don't you understand?
Here's the middle ground I'd like to see (Score:5)
I would accept promises from companies. I think most are trustworthy enough. But, promising alone is not enough, I want recourse and/or punishment. IRS employees keep getting caught sneaking peeks: the death penalty is what I'd like to see (don't like it? don't peek and even if you are the President (hi Echelon) something they've been known to do) But assuming others aren't that etreme, how about firing, pension loss... something serious. At least tell me what the punishment is. A simpler case to illustrate: I haven't forgiven Real Networks for its spying transgressions, but they could have repaired a lot of trust if they said, "we screwed up, and we are going to delete all the info we grabbed, plus one month worth of all our server logs, and we fired that guy."
A more global pet proposal of mine is this: as a compromise between the privacy nuts and data gulpers: if information about me is stored in a database and includes any sort of address/contact information, then the database owner must tell me once a year what they have on me. It would cost only a small amount per person, and if it does not have that much economic value, don't keep it. Then at least the average person would develop an awareness of what's out there.
Lets all use the same cookie! (Score:5)