Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

DoubleClick Taken to Court 299

AdemoN was the first to the gate with the latest on the DoubleClick privacy fiasco. A woman in California has sued DoubleClick, alleging that they have violated her privacy rights by representing themselves as not collecting personal information, while actually doing so. Remember - you can opt-out of the whole thing as well. Click below for a note on a major PR blunder by DoubleClick from Roblimo.

- Friday, January 28, 2 p.m. US EST

Tuesday USA Today reporter Will Rodger wrote about DoubleClick. We linked to his story here. Wednesday afternoon a DoubleClick Corporate Communications person* called Andover.net Corporate Communications VP Janet Holian and asked her to remove our story and the link to USA Today.

Janet passed the problem to me, since Andover has a very strict policy prohibiting Andover corporate people from interfering in editorial decisions.

I listened politely to the DoubleClick person, who told me USA Today's story was innacurate and we were wrong to link to it, and how she was calling journalists all over the country to tell them that the information in it was false and should not be relied upon. Then she requested that we pull the Slashdot story that linked to the USA Today story. No direct threats were made, but the words "refer this to our legal department" were said.

I said no, we couldn't and wouldn't pull the story.

Next move: I called USA Today. These guys are good fact-checkers. They pointed me at some of DoubleClick's own press releases and privacy policy pages, most of which had already been referenced by Slashdot in this story back in October, 1999.

An Open Offer
I offered DoubleClick's Corporate Communications person a chance to state their side of the story here, on Slashdot. I promised to run whatever they sent verbatim. I have received nothing from them so far. I called DoubleClick and reiterated the offer before writing this. Still nothing, not even an e-mail saying what information they feel is incorrect in any of the stories written about them here, in USA Today or in other media.

At this point, it's DoubleClick's move. Perhaps, eventually, they'll post something on their Press Release page. We'll keep an eye on it in case they do.

* I left out the name of the DoubleClick Corporate Communications person purely as a personal courtesy. She is a very nice woman in a bad position, trying to do a very tough job - which, right now, could probably best be described as "frantic damage control."

This discussion has been archived. No new comments can be posted.

DoubleClick Taken to Court

Comments Filter:
  • by Anonymous Coward
    I dont know about you, but i wouldnt want this guy as my lawyer.

    Lawyer: So Mr Greenjeans have you ever seen my
    defendant before?

    MrG: Welp, yes I did. I saw him steal something from my store.

    Lawyer: Shut up, old man. You listen to me you stupid fuck, you never saw my defendant.

    Lawyer2: Objection your honor, this is insane. He can not swear at a witness.

    Lawyer: Shut up you fucken prick, I fucked your wife last night, how about that?!

    Judge: Mr Asee, will you please remove that bag from your head? I can not make out who you are.

    Laywer: No, dickhead. This bag allows me curse off in court.
  • I will agree that there is a time and a place for lawyers, but I believe that they have taken their place a step too far. Lawyers abuse their rights by putting stupid lawsuits in our courts, like the woman who got burned by McDonald's coffee. These cases use up precious resources in our courts that could be used much, much more efficiently. With everything that's been going on in courts right now, I say the government should start putting restrictions on lawsuits rather than everything else in the world.
  • by Anonymous Coward
    These cases are not contradictory. In both cases, culpability is directed at the party who deliberately lies or tries to deceive the public.

    In the MPAA case, the MPAA is lying. They sell DVDs with the implicit understanding that the purchaser is going to view the movie. Then afterward, when the purchaser attempts to watch the movie on his Linux box, they want to change the terms of the deal and not allow that. That's not fair - you don't get to change the terms after the deal's done. If they had said up front "By buying this DVD, you agree to only use an MPAA-approved player," and the purchaser agreed to it, then their position would be justifiable. That isn't what they did. Furthermore, they're lying about the purpose of the lawsuits. Really, how many people are making illegal copies of DVDs? I'd wager not very many. Yet the MPAA keeps falsely misrepresenting this as the focus of their efforts.

    The Doubleclick case, like the MPAA case, involves a company which deceives the public and wants to change the terms of an agreement after the deal's done. Doubleclick said they were not collecting certain types of information and then did exactly what they claimed they weren't doing.

    Both cases have little to do with private information and a lot to do with who's lying and cheating.
  • by Anonymous Coward
    Currently I got following
    # 199.95.206.0 - 199.95.210.255 DOUBLECLICK1=199.95.207.0/24 DOUBLECLICK2=199.95.208.0/24 DOUBLECLICK5=199.95.206.0/24 DOUBLECLICK6=199.95.209.0/24 DOUBLECLICK7=199.95.210.0/24 # DOUBLECLICK3=208.32.211.0/24 DOUBLECLICK4=208.211.225.0/24 # DOUBLECLICK8=208.184.29.0/24

    and then of course

    ipchains -A output -d $DOUBLECLICK1 -j REJECT
    I know some of the entries could be concatened somehow but don't know how. Would 199.95.206.0/23 prevent 199.95.206.0 to 199.95.209.255. Any other IP ranges I am missing out ?
  • stupid lawsuits in our courts, like the woman who got burned by McDonald's coffee

    FUCK YOU, dude. I am guessing that your assertion is based on a typical fucken layman's analysis of the case ie fucken none at all. So having heard your side, may I fucken retort?

    Fuck you. The case was fucken good. The proof that the case was fuck3n good was that it fucken won. Bad cases don't fucken win.

    Fuck you. Do you think that this fucken lady showed up in the courthouse with Skadden Arps Ballseater and Bosch, while McDonalds like showed up with some drunken lazyass public defender? No. McD's has a fucken All-American, All-Star team of fucken lawyers. And they still lost. Sounds like a fucken good case to me.

    Fuck you. Do you fucken ring up Bill Gates and tell him how he doesn't deserve his money? I'll bet you fucken probably do. And I'm sure he gives as little of a fuck what you think as I do. Because he's got the $$$$, and you don't. And he's a winner, and you ain't. And this lady (and, may I add, her fucken attorney, who deserves a medal and not all this SHIT) is a winner too. Keep your petty fucken jealousy to yourself and spend an hour of your whining time every day studying. It's possible for a really good engineer to make nearly as much as a partner at a good law firm these days, ya know

    --just call me streetlawyer man, ma'am
  • by Anonymous Coward
    next is to go after the email spammers.

    After all, they indicated by typing "MAIL TO" into my SMTP server that they accept the terms in my SMTP banner.

    Terms like "you give me all your money and property".

  • by Anonymous Coward
    Anyway, if you have a DoubleClick cookie and you want to have fun with it, go to netdeals.com and type in the following info:

    Name: Kevin Ryan
    Occupation: DoubleClick President
    Email: kryan@doubleclick.net

    The top guy at DoubleClick is Kevin O'Connor, not Kevin Ryan. I used to work with O'Connor at DCA in the early 90s -- he was a total jerk back then, and from what I've heard & read here, it sounds like he's gotten even worse.
  • by Anonymous Coward
    Its interesting to note that the only reason Double click are being sued is because they slipped up. If they had announced that they were doing this then there would be no case. The suit was filled on the grounds that they claimed they wern't doing this kind of stuff, when in fact they were. If they'd just owned up and then kept their corporate head down it would all have blown over after a while and people would have forgotten about it. Sure they would have had a, relative, rush to opt out amongst those who saw what was happening. But after a while those who came along after wouldnt bother because they probably wouldnt even know. Joe Average Surfer just isn't aware of this kind of stuff anymore. The net is getting dumber and will continue to do so as the number of non-savvy users continues to grow. /. is not a representative sample of web users. Most people here know far more about the web that 99% of people on the web ever will.
  • I am not the original AC, and am not a lawyer. I have used the services of a lawyer several times, however, and I can say I am very glad they exist.

    When the police decide they don't like you, because you did not kiss their ass, a lawyer is the only person who will support you and help you, and who knows the ropes.

    Your attitude towards lawyers is as ignorant as a racist attitude towards blacks. Perhaps when you move out of your parents house (mentaly or phisically) and experience the real world, you might come to appreciate how lawyers are your friend.

  • by Anonymous Coward
    Just remember, opting out can be revoked at whim by doubleclick. All they would have to do is stop honoring the OPTOUT cookie value and push you a new tracking number.

    I'm sure if they get eoungh heat and see enough people opt-out to threaten their business, that little feature is history, and there's very little anyone can do about it.

    And yes, I've got the ads sites blocked in my /etc/hosts. There's very little doubleclick can do about that.

  • Good observation, but I think Bruce Sterling still beat you to it. :)
    ---
    pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
  • Surely you mean the .netscape/cookies.txt file, and not the bookmarks file. Unless you explicitly bookmark a doubleclick site, it won't appear in the bookmarks file...

    Good point though. Mark 'cookies.txt' as Read-Only, and you never save any cookies through a session. Of course, this affects all sites, not just doubleclick.

    Hmmm. AWEB3 on the Amiga lets you deny cookies from specific sites - why don't we petition Netscape/Mozilla/Opera/MS to do the same in their browsers, thus giving us the option to opt-out on all cookies from sites we are not sure about?

    Would like like to accept this cookie?
    Yes, No, Always from this site, never from this site.

    T.
  • Banner ads don't generally pay much...

    Reading Jakob Nielsen's "Why Advertising Doesn't Work on the Web" [useit.com] might be fruitful.

  • You mean like China does to the outside world?
    All those evil, capitalist sites? Sites where
    people speak freely about their governments?
    Even sites like slashdot?

    Or what a country like Iran would do given the
    chance -- if a woman had a picture of herself
    wearing an andover.net t-shirt and shorts, it'd
    be banned.

    These firewalls are already pretty regularly
    penetrated; cryptography and steganography only
    make it easier. Someone could host content
    offshore, relayed through any third-party country
    like the UK or India, and then redistribute it
    through the US. Unless you can get *everyone*
    in the world to blackhole route a site, it'll
    find a way through, especially if it's valuable
    data. During the recent Kosovo war, Serbian
    sites were still on the net, after all -- including free radio sites mirrored in Amsterdam
    detailing the plight of those trapped in the
    crossfire.

    After all, one person's "evil vile filithy trash"
    is another's message of freedom. Systems like
    ZKS Freedom [zks.net]
    will only make it harder to censor the net.

    If people want to protect privacy, they should
    do it themselves, using Freedom, throwaway accounts, or Junkbuster; they should run crying
    to the government to do it for them.
  • Physical people and property don't move offshore.
    It would be pretty hard to beat someone's
    wife from 6 000 miles away.

    A better parallel would be "we should legalize
    sending death threats via email because otherwise
    people will just send death threats from offshore". That argument breaks down precisely
    at the point where the email stops being a
    random piece of email (legal) and is a direct
    "immediate and palpable entreaty to or threat of
    violent action", which is already a criminal act,
    and is covered by existing law.
  • You don't even need to hack the browser: it already supports this! And it's easier than adding routes or /etc/host entries. See my post above [slashdot.org].
  • By adding the one line:
    • || shExpMatch(url, "*ads*")
    the auto-proxy config would also toss out all URLS with "ads" in them; but that isn't focused enough for my tastes. Anyway, I don't use something like JunkBuster itself for the reason given in the comments at my no-ads page:
    Why is this better than a ad-removing proxy?
    If you use a ad-removing proxy, then (by definition), all of your content must go through the proxy filter. This can slow down loading of pages, or cause other problems. This mechanism avoids this by avoiding the proxy altogether for the content you actually care about!
  • Keep in mind that nothing stops DoubleClick et al. from tracking you by, say, your IP address. There's nothing particularly sacred about your cookie; it's just "more unique" than other ways They have of identifying you. (Me, I refuse cookies from everywhere but Slashdot. :-)
  • Mac-only tip:

    Users of the iCab [www.icab.de] browser will find that it can filter cookies (and images too) based on domain (and a few other rules).

    It's a Mac only browser, and is still in pre-release. It's lacking Javascript, but has a remarkably small memory and disk footprint, it's also about half again as fast as IE or Netscape on a Mac.

  • For that matter, 99 44/100% of the Internet users don't even know that they can filter things like that out.

    Educate !

  • Maybe these OEMs are customers of DoubleClick or other advertising companies, so would not want to block ads.
  • You can do it in an easier way:

    #!/bin/sh
    DoubleClick="199.95.206.0/23 199.95.208.0/23 199.95.210.0/24 208.32.211.0/24 208.211.225.0/24 208.184.29.0/24"

    if [ -n "$DoubleClick" ];then
    for address in $DoubleClick
    do
    ipchains -A output -d $address -j REJECT
    done
    fi


    199.95.206.0/23 means 23 significant bits.
    199.95 is 16 bits, leaves 7 for 206
    206 = 11001110
    where 1100111 is significant

    so it'd block 199.95.206.x and 199.95.207.x only.

    and with 206.0/22, you'd block 204.x - 207.x, that's not what you want.

    with 208.0/23 you'd block 208.x and 209.x

    So basically you can get rid of 2 rules.

  • Isn't there a nice way to pollute their database? By sending bogus cookies, for instance?
  • by Anonymous Coward
    I know that I can opt out of Double Click's cookies by either not accepting them or accepting their opt out cookie, but what I really want to do is remove any and all info about me from their database. I'm sure they've used other methods to collect info on me, and I want it removed. What are my options?

    -D
  • by Anonymous Coward
    I like the fact that you have to explicitly ask them NOT to spy on you.

    In return, I will set up a spy camera in the homes of everyone who works for the comapany unless they respond to this post telling me that they want to opt out.
  • by Anonymous Coward
    I tried the Opt out thing with Mozilla (M13), and when I checked the cookies, I had two from doubleclick:

    One ws called id, with a value of "A"
    The other was had like a 16 digit alphaneumeric name, with similar content.

    Anyone else see anything similar?
  • by Anonymous Coward
    This is Slashdot. Balanced posts such as yours which point out the real need for lawyers to defend the interests of the little man are probably not welcome here.

    Sad, really.

  • these regulations will have an unintended consequence -- drive these businesses offshore.

    The best thing to do is to keep a public list of companies that do this. I have already blackholed doubleclick in my DNS caching server. I will do the same to any company that wants to violate my privacy. To me, doubleclick ads look remarkably like the broken image icon.

    I'm certain that they are not exactly crying over my action, but if enough people do that (especially if ISPs do that as a service to their customers) they will be hurt, and moving offshore won't help them.

  • Yes, I do believe that it violates certain privacy laws, but I don't think that's the case if whatever forms they use to gather that information have an opt-out or opt-in procedure. The customer must be made aware of this information exchange.

    As I understand it, they SORT OF let the customer know, but it's like in the Hitchiker's Guide, it's on file in the planning office (in a locked filing cabinet in a disused lavatory in the basement. The light had gone out and so had the stairs). In other words, the notification is in fine print in the privacy statement which is several pages deep.

  • For the IE users out there, if you do a search on your computer for 'doubleclick', it will find all the cookie files associated with that domain (IE stores each cookie in a separate file). Just edit the files to say 'OPT_OUT' or delete them altogether.

    I say put in 'OPT_OUT', since they can always reestablish the cookies. At least this way, if your information does end up in your stash, you can point to your cookie file and say, "See, it says, 'OPT_OUT'!"
  • 2) if they make a deal with major sites that use banners from doubleclick where the sites relay personal information submited to them back to doubleclick, the name->cookie mapping may be done.

    It's number two. They have setup limited partnerships with various companies to have that information relayed back to them. Yes, I do believe that it violates certain privacy laws, but I don't think that's the case if whatever forms they use to gather that information have an opt-out or opt-in procedure. The customer must be made aware of this information exchange.
  • huh? how do *privacy* policies have anything to do with *proprietary info* laws? what the DVD people did is figure something out by reverse engineering, and publish it. what the DoubleClick people are doing is figuring personal things about individuals and using them. there are arguments for the two kinds of protection: protection of privacy, and protection of trade secrets. but the two are not the same, and there's no reason why the laws about each should be exactly the same.

    personally, I support something like this:

    1. for trade secrets: employees and NDA-signers are bound by contract not to reveal them. anyone who reverse-engineers a product without being bound in a specific way is free to publish information about it. in other words: I don't want to give to companies the possibility to hide a secret somewhere in a user product, and then make it illegal for the user to figure out the secret. you can make it illegal to actually *use* the secret value in certain ways, but finding it and publishing it is OK. there's one way for companies to protect their research, which is patents; patent something, which publishes itit, and then no-one can use it without paying you. if you don't patent something, then it's up for grabs, via re-discovery, or reverse engineering. of course, this assumes a working, non-broken patent system, which rejects insufficiently specific patents, as well as obvious ones. (I'm not taking a stance as to whether algorithms shoudl be patentable here, that's another piece of debate).
    2. for personal information about individuals: I believe in protection, here. no company, entity or organization should be able to keep information about you without you having strong rights on that information (review, modify and delete rights). opt-out is not enough; for things liek what DoubleClick is doing, they should be legally required to do it in an opt-in way. exception: if you have a commercial tie with a company (you're a customer, etc...), then they can keep info about you. (i.e companies are allowed, and should be, to have a db of client interaction past histories. but not to sell it to another company).
  • I can't go to the "opt out" page because I've told my browser to never load any URL that comes from doubleclick. 8-} It's easy and works on UNIX,

    Windows, and Macs with IE5 or NS2-5. yes, and right now I can't go to your no-ads [schooner.com] page because Junkbuster sees "ads" in the url and tosses it :-)

    Junkbuster works like a dream, it's a really tight little program, and it even seems to cure Netscapes horrible DNS hangs. It comes as a rpm, exe, whatever, and also compiles from source in a few seconds, with a raw makefile that doesn't need configuring. One obvious improvement: instead of just giving you a link to the reason why it tossed a page, it should give you a "go there anyway" link as well. I'll see what I can do...
  • There were no cookies, spam, or ads. The information was accurate, up-to-date and well-moderated. The conversations were ALL on-topic and intelligent. It was called compuserve. The web underbid it.
  • 72202,142 myself -- been the same since 1979 (pretty good considering I was born in '75!).

    Former Sysop/AssistOp -- Adobe; Comics; Artists

    Unfortunately folks jumped ship to save a few dollars a month so we could spend hours longer searching for the same information. Now I'm on email lists that have 10 times as much noise, no threading and half the information of the old fora. But I guess that's progress!...
  • I've recently made efforts to decrypt the cookie file format for IE, and I can say what most of the fields are.

    id
    This is the cookie name. Don't trust any cookie with a name of "id", "user" or names containing these words if they are from a site you don't know or don't trust. It's a tracking cookie. Delete all such cookies on sight (unless they are from a site you trust, like slashdot), and if possible block access from the site via your firewall.

    OPT_OUT
    This is the cookie value.

    doubleclick.net/
    This is the domain and path for the cookie. This one means the cookie will be sent to all sites with a domain of doubleclick.net.

    0
    Don't know what this is, any ideas?

    1468938752
    31583413

    This is the expiration time of the cookie. More details on the format later. When you decrypt this time, you'll find that it's about 2030 or so. Most sites that push cookies at you with an expiration time this far in the future are not to be trusted.

    776923520
    29321255

    This is the creation time of the cookie.

    *
    I don't know what this is either, any ideas?

    The times are a 64-bit number. Take the first number, add the second number * 2^32, and divide by (I think) 10 million. You get number of milliseconds since about 1/1/1601. I have been having a little trouble determining the exact epoch (time when number = 0) of this number, because Microsoft seem to be deliberately obfuscating this information. For example, if you export cookies in Netscape format, the exported time is wrong.

    If you want to fake this date and time for any reason, such as destroying any usefulness of tracking you by the creation time, then note that the date and time is always exactly divisible by (I think 10 million), with no remainder.

    --
  • I say that you DO have to regulate this trash. If you can't keep off-shore folfs from doing it then just keep off-shore sites off our internet. Place a great big firewall up and regualte what goes through it.

    You really want the government telling you who you can and cannot connect to? Personally, that idea scares me. For one, it is just about the same thing as censorship. Sorry, but I don't want the government in that business.

    You can setup your own proxy server or firewall to prevent such privacy invasions, however. I recommend The Internet Junkbuster [junkbusters.com]; I set it up in like ten minutes the other day and it works great.
  • Depends. If collecting this information for later commercial use is a crime, then using doubleclick for banners would likewise be a crime. (Contracting for a criminal act is itself a crime, outside of conspiracy, etc)

    Sure, eventually all the big businesses could go offshore, but users still need homepages, and small sites still need banners, which would mean that there would be a market for a legal banner site.

    And, think of the fun, if they were offshore in such a way that our laws didn't apply to them, theirs wouldn't to us. A free site to hack on, and they'd have no legal grounds to stop you unless you broke laws of your host country, and I doubt the government would go out of their way to help them. :)

    I'm with the other poster in this group, I've filtered out banners I don't like. I use junkbuster (www.junkbuster.com) instead of misrouting the IP because the browser stops looking, but otherwise, I do the same.
  • Yeah, if foobar.com uses doubleclick and doesn't make any money off of me, wah. And if they go under because of it? Boo fucking hoo.

    If companies go under because they get boycotted for being sleezy it'll just open up a place for a new company. And if they use a banner company that doesn't suck, maybe people won't blacklist them, and they'll make a buck. If not, there'll be another right behind them willing to try.

    By your logic we should all go watch movies now, because the MPAA needs money, and if we don't support them, there will never be any entertainment again.
  • I simply fill out a different card every time I've got a few minutes, with whatever fake info I want, then when I'm shopping with friends, I give them my extra cards if they don't already have one. Share the wealth.

    The companies that do this are sleezy, because they usually jack the non-club price of hot items up, forcing non-participating shoppers to either go to two stores, pay very high prices, or sign over their privacy.


    And I like how the poster you (the poster I'm responging to) talked about a free plane trip every $2000... How about a free trip every $20k, and then only to certain destinations, for certain times, etc. That's how airmiles cards work.

    Speaking of bum deals, I received some gift certificates to the movies for my birthday and when I went to see James Bond:TWINE, I was told it was a premeire night and my gift certificates weren't any good. So I gave them hell about refusing to honor a contract. They didn't say anywhere that the gift certificates weren't valid for everything, except on the gift certificate itself, which you didn't see till you paid. Gave them hell for a while until they backed down. Freaking good for nothing assholes. As soon as they have your money they make it clear how much they care.
  • .doubleclick.net TRUE / FALSE 1920499189 id OPT_OUT


    That's what it was after I went there. I had to unblock them temporarily, but I thought it was worth the experiment.

    I wonder what the numbers are... Could be an ID.

    I've never seen a real doubeclick cookie, or I'd post that too for comparison.


    Everyone: Post your cookies from doubleclick. We'll figure out what everything means and then find a good way to screw with their stats.
  • Excellent, thank you. I had heard about junkbuster but never really looked into it much, figuring it would interfere with the proxy server here at work. It chains from my browser to the JB proxy to my company firewall just great. Took me 10 minutes to get it all working and add the cites I want to let cookies in (slashdot) and to block all the sites I don't want ads from (adfu, doubleclick, etc).

    Thank you.
  • AC posting allows an educated professional like me to swear like a thug in public. I say fucken keep it.


    First off, you sound like an ambulance chaser trying to justify his decision to leech off the teet of the productive portions of society.

    Secondly, you must not be overly educated if you don't know that most of the upper crust, semi-working class (politians, CEOs, etc.) have more vile mouths than your average hardened criminal.

    Thirdly, posting as an AC is no more in public than hiding in your closet.

    Fourthly, lawsuits are not particularily indicative of freedom, unless you mean the freedom to fuck over anyone who has less money than yourself. Or the freedom to run roughshod over the rights of others because they don't have enough money to stick it to you in a court of law.
  • hosts file:

    127.0.0.1 ad.doubleclick.net
    127.0.0.1 ads.doubleclick.net

    Bingo! no more problems, no more crappy ads, etc. I've been doing this with every banner provider I can find. However, can anyone come up with a good reason why this is a bad idea? (other than 'hope you don't work for doubleclick?')
  • by / ( 33804 )
    If he lives in NY, NY, he might be one of the six people listed here [switchboard.com]. Keeping with the spirit of Doubleclick, you could just randomly choose one of them and have that person's privacy royally invaded.
  • and for us Windows Weenies:

    echo:>cookies.txt
    attrib +r cookies.txt
    ---

  • A flashback [cnet.com] to June 15, 1999:
    • DoubleClick is not sweating over the plans of privacy watchdogs to upset the $1 billion merger of the Internet advertiser and market researcher Abacus Direct, a top DoubleClick executive said today.

      "We don't think it's an issue," said Kevin Ryan, DoubleClick's president.

      DoubleClick says there is no demand for prior consent. For instance, of the 75 million people per month who view DoubleClick network ads, only ten per day elect to remove the company's cookie, which tracks surfing habits, from their computers.

      "I've been very active on the online privacy issues with the FTC since 1997," he added. "We spent a lot of time on this in discussing the merger--if consumers are not happy, neither one of us has a business."

  • sorry. we can't think of any reason why this would be a bad idea..basically because this is not a unique approach. nobody is getting hurt, and nobody is even losing profits.

    //rdj
  • You might be right. Now tell these same people that if they wear this tracking bug around every time they shop at the mall and they'd get a free round-trip plane ticket to the destination of their choice for every $2000 they spent, you'd have about 90 people lining up to get their shoes bugged.

    Far fetched? Not at all. Our local mall does this already. Of course they call it "Mallperks" and you have to show a card to get your reward (the free plane ticket was just an example), but people seem to be willing to trade their privacy for a few extra gewgaws. And they do it even though anyone with a room-temperature IQ should know that all that information is going into a big database somewhere that They are going to use to know everything about you, including what games you play, what kind of makeup you buy, what toys your kids play with and probably how often you have sex.

    Needless to say I don't have one of these cards.
    --
  • I've written an editorial, FutureNet, DoubleClick and the Failed Prank [unquietmind.com], in an effort to explain this to the (un)common web surfer.

    BTW, I tried DoubleDlick's opt-out script using Netscape 4.7 under Linux (Gnome, Redhat 6.1) and it didn't work. Maybe something just glitched, but I ended up editing cookies manually.

  • Hear Hear! I suggest that all laws save the Constitution have expiry dates, and require periodic renewals (by the same level of support as was required to pass the law).


    The problem is that there is very little acting to remove bad law, and thus they just pile up, clogging the system.


    Force every federal law to stand for review every 10 years, and watch the volume of law shrink.


    I also say that all laws ought to be required to stand for 1 year public scrutiny, then be voted on as a straight yes/no vote. Any modifications restart the clock.


    Basically, let's bring the OSS methodology of "publish early, publish often" to law.

  • I know you guys try to keep the # of stories down, but you really should make this latest abomination out of DribbleCluck a new top level story! I almost missed it.


    This is the STUPIDEST way to handle this I can think of! "Hmm, I've set my shirt on fire. Perhaps I can run outside and dowse myself in something cold, like liquid oxygen..."


    You don't get this stupid by accident. It takes bad genetics, years of practice, and chemical assistance. I've blocked DC for years on my firewall, now I know I made the right decision.

  • "if that user has agreed to receive personally-tailored ads"

    What that means is you would have to read every privacy statement of every website you visit, and if even one mentions something in the fine print about viewing "personally tailored ads", DoubleClick can identify you and your web browsing habits.

    The odds are pretty good that you have "agreed" to that somewhere, since DoubleClick has such a large percentage of the banner ad business.
  • Buy placing "..." at the end of the domain being set, some browsers (i don't know if this has been fixed yet) can get confused as to the top level domain being set, and let everyone read the cookie.

    Here is where I read [cookiecentral.com] about it.

    And you are correct about second level domains sharing cookies. It depends on how you set the cookie. If you were to set it to "somerandomsite.com" it can be shared. If you were to set it to "www.somerandomsite.com" only www.somerandomsite.com can read it.

    Here is the reference I use anytime I need to use cookies: Cookie FAQ [cookiecentral.com]

  • Now that's a lawsuit I will stand behind, as it protects consumer rights rather than trampling them.

    I don't know when it started, but I certainly didn't give anyone express permission to buy and sell my life's history as a consumer, just so they could "target" the junk mail and telephone spam that they insist on hurling at me. These giant databases of consumer information are sketchy in and of themselves, but when they are combined with what I consider browsing surveillance, they very well could cross the line into corporate big brother behavior.

    If we have the freedom not to be illicitly watched by the government in our private lives (without cause), wouldn't that freedom extend to restrict the behavior of corporations?

    Additionally, if someone is indiscriminately watching my habits online, how close does that get to wiretapping?

    Just rambling ... feel free to flame or add.

  • Who is this woman? Is she trying to save us all from evil companies like dblclick or is she trying to suck them out of some shiny $$? I don't mean to offend her. I am just curious about why would anyone spend lots of money and energy on this. I mean, if it were some consumer association or the EFF, I'd understand and wish them all the luck in the world, but an individual ... I have to wonder.

  • Please don't misunderstand me. I don't want to know personal details about this person. I was just (innocently) asking if anyone knows why she's doing this. If it were "Tara Lemmey" the president of the EFF, I would not ask this question.

  • Sure you could do that. But will it be legal to use in the USA or EU data collected off-shore in a fashion illegal in the USA or EU?
    Maybe now, maybe not for long.

  • (hmmm.. the [preview] button should be be the default in the comment form, not [submit] :)

    have doubleclick explained how they are going to make this thing happen? i mean, yes they have a database with cookie 'movements' and yes, they have a database with names. but unless they have some way to link these two together, there is no way to make the name db usefull.
    there are two ways they can do the name->cookie mapping.

    1) if you give them your name, they obviously got what they need, so avoid that :-)
    2) if they make a deal with major sites that use banners from doubleclick where the sites relay personal information submited to them back to doubleclick, the name->cookie mapping may be done.

    but i belive #2 violates some privacy laws.

    larva
  • I run an Apache webserver/proxy and added these lines to httpd.conf to block doubleclick ads:
    <LocationMatch "http://ads*\.">
    RedirectMatch 301 .* http://www.mysite.org/empty.png
    </LocationMatch>
    <LocationMatch "http://[^/]*doubleclick">
    RedirectMatch 301 .* http://www.mysite.org/empty.png
    </LocationMatch>
    Maybe not as versatile as junkbuster, but it saves an extra proxy step.
  • This is the doubleclick cookie off my Win98 machine:

    id
    OPT_OUT
    doubleclick.net/
    0
    1468938752
    31583413
    776923520
    29321255
    *

    Anyone else who opted out, do you have these EXACT same numbers? Seems weird that my optout gives me random numbers....
  • This is my host file - posted because everyone is missing a few servers
    here are a the major ad corps

    127.0.0.1 adforce.imgis.com
    127.0.0.1 ads.enliven.com
    127.0.0.1 Ogilvy.ngadcenter.net
    127.0.0.1 oz.valueclick.com
    Double click below...
    127.0.0.1 doubleclick.net
    127.0.0.1 ads.doubleclick.net
    127.0.0.1 ad.doubleclick.net
    127.0.0.1 ad2.doubleclick.net
    127.0.0.1 ad3.doubleclick.net
    127.0.0.1 ad4.doubleclick.net
    127.0.0.1 ad5.doubleclick.net
    127.0.0.1 ad6.doubleclick.net
    127.0.0.1 ad7.doubleclick.net
    127.0.0.1 ad8.doubleclick.net
    127.0.0.1 ad9.doubleclick.net
    you might want to add in these for when they grow...
    127.0.0.1 ad10.doubleclick.net
    127.0.0.1 ad11.doubleclick.net
    127.0.0.1 ad12.doubleclick.net
    127.0.0.1 ad13.doubleclick.net
    127.0.0.1 ad14.doubleclick.net
    127.0.0.1 ad15.doubleclick.net
    127.0.0.1 ad16.doubleclick.net
    127.0.0.1 ad17.doubleclick.net
    127.0.0.1 ad18.doubleclick.net
    127.0.0.1 ad19.doubleclick.net
    127.0.0.1 ad20.doubleclick.net

    Aaron "PooF" Matthews
    E-mail: aaron@fish.pathcom.com
    To mail me remove "fish."
    ICQ: 11391152
    Quote: "Success is the greatest revenge"
  • When I've heard people criticize cookies, this has always been the horror story that they theorized about. My reply has always been that if someone was stupid enough to try it, they would be instantly sued by privacy groups.

    Hopefully this lawsuit will have the intended effect, and he we will have a precedent set that it's illegal to do this type of tracking. Then hopefully (although I doubt it will happen) people will stop freaking about cookies.

    Cookies are your friend. Cookies make web sites a whole lot simpler and more reliable.


    --

  • Well, first I should say that I don't really care about market tracking that much. I'm just not that paranoid ("Diana, get your gun. The marketing police are trying to break down the door!"). I just opt out when I find out.

    Second of all, they probably will just get a slap on the wrist and who cares? As long as they stop, I'm happy. I should point out that the women suffered no real financial damages.

    Personally, I don't want them to "go out of business". I like web advertising. You know why? Because without it, a lot of web services that I enjoy using would cease to exist. Having some ads that take up a minuscule part of my screen is a small price to pay for these services.

    Like Slashdot? Junkbuster just makes it harder for Slashdots to exist. You might try realizing that ads are what make a lot of these things possible, and show a little more appreciation and respect./P.

    --

  • I don't like doubleclick. They iconify a disturbing trend: a big brother keeping track of your habbits. (For the sake of selling you crap, no less.)
    This, however, is a stupid lawsuit. If the woman was genuinly concerned about privacy, she should do what many of us already do and filter out doubleclick before it arives at the browser.
    This individual is looking to raid some deep pockets, and she has targeted doubleclick because they are disliked enough that she may not look greedy compared to them.
    But this is still about greed. No, we don't like doubleclick, but is my enemy's enemy my friend?

  • One interesting thing about the lawsuit is that it is brought in California, by a California resident.
    California is one of a handful of States which, by State Constitution, gives its residents more privacy rights than afforded to the U.S. at large by the U.S. Constitution. It is unclear from reporting I've seen so far whether this Plaintiff is claiming privacy rights under the California constitution, but I am a California lawyer, and I would think about it seriously.
    The beauty of this would be that, if the Plaintiff does have a good case under California privacy law, then even if (hypothetically) she doesn't under federal law, as a practical matter DoubleClick would have to modify its behavior throughout the country, since it would be untenable for them to have one set of rules for California web users, another for everyone else.
  • "If the woman was genuinly concerned about privacy, she should do what many of us already do and filter out doubleclick before it arives at the browser.

    You know how to filter DoubleClick. I know how to filter DoubleClick. 99 and 44/100% of Internet users do not know how to filter DoubleClick. And there is no reason in the world that they should have to learn. Her privacy has, obviously, been invaded--the question now is whether a jury decides that her privacy is worth much.

  • you meant to say the cookies file, not the bookmarks.
  • Who is this woman?

    Well, let me check my server logs... she's a single white female who seems to like puppies and chocolate. She sleeps around a bit, has good credit... ha ha, just kidding.

    I'm trying to make the point that wanting to learn about people and their backgrounds and motives is just what Doubleclick does. I'm not saying I'm in favor of it, but folks who wish to regulate it have to realize that there are free speech implications. We are allowed to learn things and share what we learn, it's part of a free society.

  • It seems everyday I see more and more stories about a company doing something naughty, and then people sue them. Why is this? To get rich of course.

    If you think about it for a moment, one person suing a company won't do much. True, it does take money out of their pockets, give them some bad PR and perhaps invites other lawsuits, but this accomplishes nothing in the long run.

    What needs to be done is there should either be stricter laws against this kind of thing, or someone (dare I say the government?) should intervene. Personally, I perfer to see stronger privacy laws, but don't beleive it will ever happen due to lobbying by companies and senators thinking there are more "important things" that need to be done instead (such as government funded tests to see how fast ketchup flows. It's true.).

    So, in the end, the question stands "What can you do to help?". Contact representatives in government and tell them how you feel about abuses such as this. Write, e-mail, fax, call, stop by, whatever it takes to make your voice heard. If you don't help make a difference, then you're just helping DoubleClick by keeping quiet.

    A few people getting some money from a company won't help, but laws and speaking out against this sort of thing will.
  • According to the article in yesterday's post, a few companies have cut deals with them to record this information and pass it on. All it takes is one company trading it for them to get a lock on you.

    I'm not so worried about opting out. Frankly, cookies are sometimes useful, and really, Doubleclick is counting on people either not hearing, not caring/bothering, or forgetting when they reinstall their browser/use a different one/ get a new computer.

  • Interesting paragraph...

    The suit is asking the court to bar DoubleClick from using technology to collect personal information without the prior written consent of the Internet user.

    This strikes to the heart of what bugs me. I'm capable of finding out about Doubleckick's shenanagins and Junkbuster to block it out. I worry for those who can't.

    Doubleckick's dealings take the privacy of Joe Average who's gettin' on this "Internet Thing" without realising what's at stake. Notice all the new net-enabled stuff coming out (TV boxes, game consoles, microwave ovens). Now that web access comes in a box - just plug in and go, what technologies protect these people?

    I really don't have too much problem with Doubleckick collecting info. I do have a problem with them doing it behind the back of the average person. I hope this suit helps the masses.

  • The other danger with this is that with the all of the attention that this is getting could it be possable for other organizations to track you using double click's cookie?

    --Hephaestus_Lee

  • We could all just edit our double click cookie to be the same user id. Imagine the demographic of that user! One hell of a web surfer.
  • National Public Radio's Talk Of The Nation program is in the midst of devoting an hour this afternoon (28 Jan) to discussion of the DoubleClick issue, and internet privacy in general. (http://www.npr.org/programs/totn/)

    For anyone who is interested, a realplayer replay of the program should be available by tomorrow at http://search.npr.org/cf/cmn/cmnps02fm.cfm?MM=1&YY =2000&PrgID=5).

  • essentially, you do a:

    ln -s /dev/null cookies.txt

    and it accomplishes the same thing. writes do go to RAM so that for the duration of the netscape session, cookies are readable, but when you exit and restart netscape, all cookies are gone! ;-)

    --

  • first, there was regular broadcast television. it had to be paid for and since there was no subscriber fee, we were soon swamped with commercials. we hated it but we lived with it since it was the only business model of its day. this remained in effect for quite a number of years.

    then "cable tv" came about. it was a pay-to-access (or decode) service. and while there was some doubt that folks would actually pay for what they used to get for free, it soon took off in a big way. now, there are more than 10x pay stations compared to 'free' stations. (maybe even 100x if you have a BUD dish.)

    so why can't the new internet learn from this example? I, for one, would gladly pay for actual factual real content just to avoid spam, ads, Blinkin'Gifs, JavaScript hacks and other such annoying nonsense.

    but in return for my money, I'd want to be sure that my privacy is being protected. perhaps a contract that has, in essense, "if my personal information or viewing/browsing habits are ever recorded or exposed/sold, then $X dollars are to be refunded - plus damages - back to me". ie, a check and balance system of sorts. just to keep the sites honest.

    end effect: sites would get paid, consumers' rights would not be abused and content would continue to exist. and freedom of competition would keep it all affordable.

    --

  • by Anonymous Coward on Friday January 28, 2000 @05:42AM (#1328714)
    I know and have worked for several companies, who when they set an "opt-out" cookie, actually still track you by IP and the "opt-out". Even on a dial up, you're still pretty vulnerable and with DSL or Cable, you're still tracked with extreme accuracy. Honestly Kids, while Layers are a big problem, Marketing screws are so evil they make Layers look like priests.
  • by Masem ( 1171 ) on Friday January 28, 2000 @05:26AM (#1328715)
    While this is true, a while back , there was a discovered bug in Netscape (and IE, I believe) that affected many non-American users.

    As you state, if you have a cookie set for domain.com, then the cookie will be accessable by www.domain.com, ftp.domain.com, and anything with that ending. Basically, a domain-level cookie is valid for all machines within that domain.

    However, thanks to the Americanization of the web, Netscape didn't check the domain: they checked the last two fields for the match. So a cookie registered for demon.co.uk would work for all those machines, but a cookie set on co.uk would also be valid for *all* *.*.co.uk sites. This hole was used by a few malicious web masters, but I think it was quickly patched by Netscape.

  • by jlv ( 5619 ) on Friday January 28, 2000 @05:43AM (#1328716)
    I can't go to the "opt out" page because I've told my browser to never load any URL that comes from doubleclick. 8-} It's easy and works on UNIX, Windows, and Macs with IE5 or NS2-5.

    http://www.schooner.com/~loverso/no-ads/

    (I also blackhole a slew of other "ad banner" servers; mostly those that serve cookies or animated images)
  • by pdqlamb ( 10952 ) on Friday January 28, 2000 @04:45AM (#1328717)
    If you're using Netscape, you don't have to worry so much. First, edit the .netscape/bookmarks file. It's a text file. Delete all the lines that include doubleclick, or any other server that you don't know what it does.

    Then set the bookmarks file to read-only.

    This allows doubleclick and its ilk to set a cookie. But every time you re-start, it starts all over. So they get a little bit of data, but they can only trail you through one session.

    Or would you rather trust those bastard's opt-out, we wouldn't do anything nasty, we're good guys farce?
  • by winterstorm ( 13189 ) on Friday January 28, 2000 @08:29AM (#1328718)
    We should setup a network of DNS resolvers (DNS nameservers that just resolve addresses) that have alternate entries for the hosts of ad servers. Thus those individuals who wish to not see banner ads and not have their consumer activities profiled, could simply avoid ever connecting to the offending servers. Anyone willing to help out?
  • by mindstrm ( 20013 ) on Friday January 28, 2000 @06:24AM (#1328719)
    This is one step in the right direction towards good Privacy standards.

    Remember, when it comes to these 'marketing companies'....

    How is it companies that you do business with are free to give any information you give them to a marketing company, but the marketing company will not give you information about *their* customers?

  • by DragonHawk ( 21256 ) on Friday January 28, 2000 @05:00AM (#1328720) Homepage Journal
    When I went to click on that opt-out [doubleclick.net] link, I got a message saying the Internet JunkBuster [junkbusters.com] had blocked that URL.

    Aw, darn. ;-)
  • ... what I really want to do is remove any and all info about me from their database. I'm sure they've used other methods to collect info on me, and I want it removed. What are my options?

    Unfortunately, that information was likely collected using perfectly legal means, and is thus their property. You can control how they use it (e.g., stopping them from calling you to sell you things), but not the fact that they have it. You can usually tell them not to rent or sell your name, but I believe the law isn't clear on your rights in such cases.

    Check out the Data About You [junkbusters.com] page at JunkBusters.com [junkbusters.com] for more information about this sort of thing.
  • by Wah ( 30840 ) on Friday January 28, 2000 @06:27AM (#1328722) Homepage Journal
    IE users might also want to check this post [slashdot.org]
  • by bgarcia ( 33222 ) on Friday January 28, 2000 @09:53AM (#1328723) Homepage Journal
    We should setup a network of DNS resolvers (DNS nameservers that just resolve addresses) that have alternate entries for the hosts of ad servers.
    If you don't want to figure out how to setup BIND to do this, you can do this very easily using DNRD [home.com].

    Just setup a machine to act as the DNS server for your little network (or for your friends, or the whole internet - I wonder if it scales well?) and put those ad site (127.0.0.1) entries into the server's /etc/hosts file. Also, make a directory called /etc/dnrd (owned by root). Then run dnrd like so:

    dnrd -s
    Any entries in the server's /etc/hosts file will be answered by dnrd. Anything not found there will be forwarded to the real dns server.
  • by mOdQuArK! ( 87332 ) on Friday January 28, 2000 @12:05PM (#1328724)
    Well, I've got news for you, dickhead, the second method involves lawsuits. And those lawsuits have to be argued by lawyers. And that means that lawyers get rich. Check out the alternative any time you grudge us our big fucken' payoff. We don't get stock options, you know.

    Actually, the fact that a society needs specialists to interpret for its members just about every one of its rules indicates to me, as an engineer, that the system has grown too unwieldy & complex (too many special cases, too many "conflicting" rules, etc). If I were in charge of the design of this system, I would be working to consolidate & simplify the system until it were more maintainable - this would mean that more people would be able to understand "the rules" by themselves, and wouldn't need lawyers except for the most complex cases.

    Of course, I know that anybody who is benefiting strongly from the current state of the system (lawyers are a good example :) is going to strongly resist any attempt to change the system, even if changing the system would result in an overall improvement in the "happiness level" of the society. It's only when the forces of change are stronger than the forces of the status quo that a change will occur - and if the forces are severely polarized when a massive change occurs, then the fallout can cause major societal damage.

  • by DQuinn ( 110990 ) on Friday January 28, 2000 @06:17AM (#1328725)
    Well, the OPT-OUT thing is nice, but if you don't trust anyone (like me :P) you can use the following networks as masks in your ip filter (i'm just snipping out my rules from openbsd, but the ip networks are in there).



    block in quick on ne0 from 199.95.208.0/24 to any
    block out quick on ne0 from any to 199.95.208.0/24
    block in quick on ne0 from 199.95.207.0/24 to any
    block out quick on ne0 from any to 199.95.207.0/24
    block in quick on ne0 from 209.249.231.0/24 to any
    block out quick on ne0 from any to 209.249.231.0/24
    block in quick on ne0 from 204.253.104.0/24 to any
    block out quick on ne0 from any to 204.253.104.0/24
    block in quick on ne0 from 208.184.29.0/24 to any
    block out quick on ne0 from any to 208.184.29.0/24



    This seemed to be more reliable than using the doublclick.net network. But everytime i blocked on out they got back in through another spot :P These seem to be all of them though.
  • by GlitchZ28 ( 141271 ) on Friday January 28, 2000 @05:11AM (#1328726)
    Various Peoples, It seems taht everyone seems to take a real lax view of internet tracking because the average user can't even tell its happening. I bet if you ask 100 people in the mall if you could put a traking bug on thier shoe so you could tell where the went and what stores they bought stuff at and then catalog thier names and addresses in a huge database (with nothing in return)you would most likely recieve 100 no's. Now if people found out some place in the mall had secretly placed a tracking device on them and cataloged all of thier daily travels into a database I bet the place would be shutdown simply by the angry mob tearing the place apart.
  • by DjReagan ( 143826 ) on Friday January 28, 2000 @04:37AM (#1328727)
    Its about time those guys got taken down a peg or two. I've been filtering doubleclick out at my proxy server since I first noticed they were dropping cookies on each of their click-through ads. If you're after an easy way of blocking Doubleclick and others like them, check out Junkbusters [junkbusters.com] They have filters for win95/98/nt and unix, as well as a generic faq on blocking cookies and banner ads.
    --
  • by Anonymous Coward on Friday January 28, 2000 @05:04AM (#1328728)
    Fuck this. I'm a lawyer, and it chafes my ass to see this godman stupid point made over and over again. Let me ask you this question: How many lawsuits do you think you saw in the Soviet Union?

    I mean it. Lawsuits are a sign of freedom. They're a sign that the government has decided to leave as much as possible to the free market and the law of contract and tort, and not to come in with a big wet fucking nanny agency. Which of course still generates work for lawyers through a regulatory practice, but less open and less honest work.

    Would you rather Big Fucking Brother came in and spent fifty fucking years drawing up a piece of legislation precisely specifiyng what information could and couldn't be collected? All stuffed with pork, and with a big-ass federal agency to enforce it? Or would you rather this was decided in terms of general principles of tort and property, in an open court?

    Well, I've got news for you, dickhead, the second method involves lawsuits. And those lawsuits have to be argued by lawyers. And that means that lawyers get rich. Check out the alternative any time you grudge us our big fucken' payoff. We don't get stock options, you know.

    If the woman has a case, she will win. If she's whining like a bitch, she won't. End of. It's like a free market, only it's better than a free market because the smartest lawyer with the best argument always wins. How many other industries are there where the best product always wins? Not software.

    Lawsuits are freedom. That's why we have so many in America, and they have so many government agencies in Europe.

    AC posting allows an educated professional like me to swear like a thug in public. I say fucken keep it.
  • by Roast Beef ( 2298 ) on Friday January 28, 2000 @04:55AM (#1328729) Homepage
    For me, it's more than not wanting them tracking me. I don't want to support a company that tracks people. That's why I installed the Internet Junkbuster [junkbusters.com], and I have it set to block anything from doubelick.net.

    The Internet Junkbuster is a non-caching proxy that you run on your local computer. You tell it URL's to block and sites that you want to allow cookies from. It's really great. I can deny ads from doubleclick and any other company, as well as anything else I feel like blocking. It supports regexes for those that want them. I can allow cookies from Slashdot and deny them from everyone else.
  • by rdl ( 4744 ) <ryan AT venona DOT com> on Friday January 28, 2000 @04:51AM (#1328730) Homepage
    As with the US crypto export laws,
    as with the EU privacy regulations
    (where companies are not allowed to maintain
    databases of customers or use such information for
    focused marketing) and Texas's on again, off again
    status as far as selling DMV information to
    outside parties (Public Data [publicdata.com.ai])
    and E-Banking (ebanking.com (luxembourg) [ebanking.com]),
    and countless internet casinos and porn sites,
    these regulations will have an unintended
    consequence -- drive these businesses offshore.

    No longer does the US and EU have a monopoly
    on high-speed internet connectivity; it's possible
    for any business selling valuable data illegal
    in the US/EU to colocate a machine in a
    less-regulated country, such as Anguilla, or
    Costa Rica, or many others, employ a few locals
    to maintain it, and pay admittedly higher rates
    for satellite or undersea cable connectivity.
    In exchange, pay lower or no taxes, have no
    government interference in your business, etc.

    Sure, this only makes sense for certain kinds of
    data, data for which people are willing to pay
    money, but that's the only interesting data,
    anyway. When a T1 costs $100k/month, running
    an online gambling site making $3m/month is a
    lot better business than letting people
    leech mp3s.

    In the end, it's futile to try to restrict
    businesses like this; all doubleclick would need
    to do is contract with an offshore tracking
    company, connected to the net over a 128kbps
    satellite link, something they could set up
    for $20k/month, and put that machine anywhere
    in the world -- even on the back of a boat.
    If they need help, they should email me -- I've
    lived in Anguilla, the erstwhile datahaven, and
    know a thing or two about such things :) The
    situation is only getting better, as far as
    offshore colocation goes, as the major governments
    get more and more restrictive and bandwidth
    becomes more widely distributed -- in a few years,
    every country in Africa will have fiber-optic
    connectivity via redundant SONET, and that
    gives the prospective colocator a lot of
    potentially friendly and cash-starved countries
    to negotiate with who wouldn't care about
    the difference between online advertising and
    online pornography.

    The net views regulation as damage and routes
    around it -- cypherpunks.
  • by SurfsUp ( 11523 ) on Friday January 28, 2000 @07:05AM (#1328731)
    You know where to get the source. Do anything you want when Doubleclick comes sniffing around looking for its cookie. Have fun, play tricks on Doubleclick, whatever you want.

    Maybe there should be a contest to come up with the best anti-tracking hack for Mozilla.
  • by Mr. Slippery ( 47854 ) <tms&infamous,net> on Friday January 28, 2000 @07:34AM (#1328732) Homepage
    This individual is looking to raid some deep pockets, and she has targeted doubleclick because they are disliked enough that she may not look greedy compared to them.
    She targeted Dobuleclick because they committed fraud. The big issue is not that they were tracking individuals, but that they were doing so while claiming not to. That's gross and willful fraud.

    I say revoke their corporate charter, liquidate all corporate assests, fine the corporate officers and anyone else the law allows, and distribute the proceeds to everyone who was tracked or had their privacy compromised. But then, that's my opinion of what should happen to a lot of corporations.

  • by interiot ( 50685 ) on Friday January 28, 2000 @05:02AM (#1328733) Homepage
    Immediately off of their front page, DoubleClick's Privacy Statement [doubleclick.com]:
    • In the course of delivering an ad to you, DoubleClick does not collect any personally-identifiable information about you, such as your name, address, phone number or email address. DoubleClick does, however, collect non-personally identifiable information about you, such as the server your computer is logged onto, your browser type...
    But they go on to say
    • However, as described in "Abacus Alliance" and "Information Collected by DoubleClick's Web Sites" below, non-personally identifiable information collected by DoubleClick in the course of ad delivery can be associated with a user's personally identifiable information if that user has agreed to receive personally-tailored ads.
    Does anyone know which sites are a part of the "Abacus Alliance" and whether those sites explicitely ask your permission first? (eg. big flashing letters that say WE ARE WATCHING YOU! ?)
  • by Otto ( 17870 ) on Friday January 28, 2000 @06:59AM (#1328734) Homepage Journal
    Someone else posted this a while back, but here's what I did.. very simple.

    Add this to /etc/hosts (or in windows, find the "hosts" file under your windows directory):

    127.0.0.1 www.doubleclick.net
    127.0.0.1 ad.doubleclick.com
    127.0.0.1 ad.doubleclick.net
    127.0.0.1 ad.preferences.com
    127.0.0.1 ad.washingtonpost.com
    127.0.0.1 adbot.theonion.com
    127.0.0.1 adpick.switchboard.com
    127.0.0.1 ads.doubleclick.com
    127.0.0.1 ads.doubleclick.net
    127.0.0.1 ads.i33.com
    127.0.0.1 ads.infospace.com
    127.0.0.1 ads.msn.com
    127.0.0.1 ads.switchboard.com
    127.0.0.1 ads.washingtonpost.com

    That removes quite a lot of ads, and all of doubleclick.

    ---
  • by DragonHawk ( 21256 ) on Friday January 28, 2000 @05:27AM (#1328735) Homepage Journal
    This is all well and good, but don't the Pentium IIIs have a "thumbprint" that allows for them to see what we're doing?

    You got a network card in your system? That has a "thumbprint" too. The MAC address.

    You got any commercial software (e.g., Windows) on your system that you had to enter a software key to use? There's another "thumbprint" for you.

    How about a static IP address? Ever time you send a network request, you're identifying yourself.

    You think you're safe because you have a dynamic address? Do you at least always call the same ISP at the same phone number? You'll always be getting the same range of IP numbers, then. You and maybe a few dozen or hundred more people. That is almost as good as a unique personal ID, as far as demographics go.

    Fact of the matter is, tracking a computer is not that hard to do. If you ever give out any personal information at all (name, email, phone number, ZIP code), that can be combined with any of the above to nail down exactly who you are.

    I think Scott McNeally's right on this one. Privacy on the Internet is dead.

    The only way to improve things would be for the government to step in and make such unauthorized tracking illegal, with hefty fines for violators. You could even do some good by donating said fines to the EFF [eff.org].
  • by dodobh ( 65811 ) on Friday January 28, 2000 @08:23AM (#1328736) Homepage
    Hers my cookie. Dialup with dynamic i/p, so I don't mind.
    .doubleclick.net TRUE / FALSE 1920499140 id a486b3cd

It is now pitch dark. If you proceed, you will likely fall into a pit.

Working...