DoubleClick DoublesBack

rjamestaylor was the first to write to us about the news that DoubleClick is reversing its decision to cross-reference individuals' information with their online habits. There's a great quote from Kevin O'Connor, DoubleClick's chief executive, who said in a statement, "I made a mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards." Privacy Advocates have won this battle, but we need to remain vigilant against future scenarios like what DoubleClick wanted to do. Moreover, look for what you can do to help establish legal consumer privacy laws where you live.

Too Late

[Anonymous Coward]

DoubleClick is black-holed at work and I've got 'em black-holed at home, too.

So is Akamai Technologies, after what I read on the firewall-wizards mailing list. (I note with some amusement that /. uses them. Why am I not surprised?) Call it a pre-emptive strike :-).

Their stock got whacked

[Anonymous Coward]

DCLK dropped 15% the day the FTC announced its investigation. A drop like that gets the CEO's attention in a hurry.

I've been thinking about an idea. Suppose someone started a non-profit investment trust chartered to directly influence companies like DCLK and AMZN. When a company does something hostile to the Internet, the trust steps in and buys a butt-load of put options on their stock. It would choose short-term somewhat out-of-the-money options to get leverage of 10:1 or better.

The trust would sometimes lose its investment but it could lean on the stock price a little bit. And sometimes it would make enough money to finance its continuing operations.

Jam 'em

[Anonymous Coward]

Find their lines in COOKIES.TXT or whatever, change some of the characters, write protect it and accept ONE cookie per session. Screw up their database!

Re:Their stock got whacked

[Cid Highwind]

IANAL, but I bet the FTC would have some really nasty things to say about a group that tries to influence stock prices.

From synopsis: "...legal consumer privacy laws..."

[Rollo]

Hmmm, aren't all laws legal by definition?

Re:Cookies and Banners

[bughunter]

The Internet Junkbuster does a fantastic job of filtering out banner ads, and can be used to filter cookies as well.

Yes, Junkbusters are great for my NT and Unix machines at work and in the lab. But at home, where I do all the surfing I prefer to keep secret, I run Macintosh. They don't offer anything for that platform.

Any recommendations, perhaps?

Not that hard on a Windows install of IE

[LadyNymphaea]

If you're using IE5 at least (I don't usually, but it's in front of me, so I know where to find things) there are two ways of defeating cookies. Both involve going to Internet Options (under the Tools menu.)

First is general cookie handling. When in Internet Options, click on the Advanced tab, and there should be an option there to either disable all cookies, accept all cookies, or be prompted to accept a cookie. I don't have the exact because the IE settings are disabled on the computer I'm currently using.

The second option is to manage cookies by security zones. Click on the Security tab. You can select global settings for the Internet zone (all the Internet) by clicking on Internet, and then clicking on Custom Level. There are two methods of cookie management: "Allow cookies that are stored on your computer" and "Allow per-session cookies." Options are Disable, Enable, and Prompt. You can also set servers to be put into Restricted zones, where you can select different cookie options for those servers as opposed to the general Internet zone. I have DoubleClick in Restricted and am not troubled by their cookies. IP addresses can be put into Restricted.

Yeah, I believe them. Sure.

[Scutter]

Two words: FSCK 'EM! They've already lied to us once, when they bought Abacus and promised not to cross-reference. There's not a chance in hell that I'm lifting my firewall filters.

I already despise telemarketers and telemarketing. It's gonna take a lot more than a decision reversal to change that opinion.

Re:Cookies and Banners

[tlhIngan]

I use <tt>identd</tt> all the time - it's required to utilize most IRC servers. Now, normally I run a Windoze box with an identd server - easy to change ID's that way. What would be nice is a way to get <tt>identd</tt> to instead of replying a real user ID, reply a fake one (user-settable).

I know <tt>ezbounce</tt> does have a modified identd that'll fake it as necessary, but one that
gets installed by default would be great.

By default, the identd server tells me who and the data of the identd request (incoming/outgoing), and I've only seen one webserver that actually did try to access it - it connected (once each per Netscape connection - ARG!), then timed out.

...but will they stop?

[segmond]

Admitting mistake, and stopping it are two different things. Just because they admit a mistake, doesn't mean, they will not lie and do it in secret.

Re:Better the devil you know?

[sufi]

An interesting read, thank you for posting the link

cache-22

[Hobbex]

But the fact that Doubleclick had to back down on this shows that standards aren't necessary.

Isn't it great to have the irony of fate on our side for once.

-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.

Invasion of Privacy.

[kaniff]

This is why its called an invasion of privacy. Most people wouldn't mind giving out information, so that DoubleClick could tailor their ads for narrowcasting. If fact, many people complain about getting ads they don't like. But what most people don't like information being compiled about them, and not knowing what information has been compiled. DoubleClick could have actually make this positive from the start by announcing optional narrow casted ads, just by filling out a form. And if it was voluntary, people would love it and I think the response would have been pretty overwhelming.

is it so simple?

[samantha]

It seems to me there is a tension between the desire for more customized services and offerings and privacy concerns. Sites cannot customize to a particular person without tracking information and even web habits. It is not at all clear that it is a boon to my interests to have to reestablish this information with every single site that I visit. We need to find a good middle ground. Perhaps some kind of information packet that I carry with me virtually that has various levels of trust/access to the sites I visit? But even this would not be enough necessarily as sites would need to analyze this information over many customers to tune their offerings.

My point is that there are legitimate and worthwhile reasons for gathering some of this information. It is not a black and white issue. The polarization of the issue as if it were does not help anyone.

Not really won.

[Patton]

I don't really consider the situation over and 'won' until they -cannot- cross reference. At all. As long as they can legally do it they can just start any time and not inform people.

How would you go about proving they've started doing it? Short of sueing them every month to get court to give you access to their memo's etc. I can't see a way to so his words are just that... words. They're an attempt at a treaty that cannot be verified that all parties are playing fair.

Re:Cookies and Banners

[Eponymous, Showered]

Indeed, one would think that Joe/Jane netizen would be befuddled by IJB (which I started using as a result of this DoubleClick fiasco and have no intention of stopping), but I helped spread the word on my other haunt, the decidedly non-slashdot-like ParentsPlace [parentsplace.com] and several of my pals there were surprised by the privacy invasion and used several different solutions to block doubleclick cookies.

I may turn the ads back on since the ads are paying sites' bills, but the cookies are byebye!

Privacy Programs

[Tayknight]

How well do online privacy prgrams like the one at http://www.freedom.net protect a surfer from being tracked to their real name?

Re:a rare event

[treble]

But I wonder if the reason they're discontinuing their plan is really because ot the "absence of government and industry privacy standards". I'd say it's more likely because of negative media exposure in the mainstream press. I say them providing the opt-out cookie and this most recent announcement are all moves to save (public) face. No one likes a pissed-off consumer.

Re:What are they doing with what they've already g

[GossG]

So, what are they going to do with the data they already collected? That's what I'm wondering.

They just put the plan on hold. The cross referencing will be back, as soon as there is a widely recognized standard on how much cross-referencing is "normal".

As KO'C put it, the mistake was acting in the absence of government and industry privacy standards

Re:Suspicions

[GossG]

I received a very polite, well-written response, saying that they were unhappy with it too, and that, for now, they were removing the doubleclick integration from their site - not to be reinstated until Doubleclick backed away from that policy.

User Friendly put an "opt-out" link under their doubleclick ad, and posted requests for people to recommend other ad services.

I started getting a large number of dead ads. At least some of them showed as being blocked by my employer's filtering software. Large corporations already run filtering software. Adding doubleclick to the blocker is easy and doesn't really impact the users of that corporate net. I wonder if the corporate case is scarier to dclick than boycotts one at a time?

PR

[DeepDarkSky]

Quite frankly, in the face of such negative public outcry, what else would you do? They admitted they made a mistake - not of the act itself, but of wanting to the act in the absence of government regulation. What this means is that they will still go ahead with it, and no doubt, they will spend lots of money to lobby hard for what they had in mind anyway. Except when that happens, they can point to the law that says they can.

Re:Confused about submission process

[MacRonin]

My guess is that is just luck as to who actually reads and evaluates your submission. I had the same problem as you. I submitted a diff article on the same topic on Thursday and was rejected quickly. I guess the person who read our submissions was not interested in the topic??

2000-03-02 23:26:39 DoubleClick backs down?? (articles,news) (declined)

Re:Cookies and Banners

[techwatcher]

I assume your question is rhetorical -- you must know the reason nothing comes bundled with IJB or other privacy-protective software or hardware... But for anyone who doesn't integrate so-called "real world" (i.e., business/commerce) facts into their technical understanding:

• Why plain folks aren't given privacy-protection options:
• Those who make decisions about bundling are marketing types.
• Marketing types don't want anyone preventing advertising from reaching them online.
• In addition, interlocking directorates and the interconnectedness of the few top-level people (in this still-hierarchical structure we live in) usually implies at least some of the folks whose companies want to send you cookies also control or partly own the companies selling the hardware (and bundling the software).

Re:Better the devil you know?

[techwatcher]

Thought you might like to see an unabashed example of the way these people think:

IN THE KNOWLEDGE CENTER
Personalization in Europe
by Jennifer Schu
-------------------------------------------------- --------
Europeans are slowly looking to personalization despite cultural and legal challenges. Although not as popular as in the US, personalization is making headway in Europe.
http://www.intra ware.com/research/itkc/2000/feb/euro_personal.html [intraware.com]

Re:Cookies!?

[TuRRIcaNEd]

Remember that the non tech-savvy users won't know about that feature. It's quite well hidden in NN, and practically invisible in IE!

The most recent installs ive done indicate....

[TuRRIcaNEd]

...for the Win32 and Mac versions of Communicator (Which, sad as it is, will be what most ppl are using), IIRC, since NC 4.0, all cookies are accepted by default. I disabled them while I was ResNetted at university, however, I have to use them now for work :-(

Which could be funny, because DoubleClick must think I'm really boring, as they have only ever tracked my work-relevant surfing. Seems their demographic has false information already! ;-)

What CAN they do with what they've already got?

[TuRRIcaNEd]

Theoretically they can still use the information that they obtained, I suppose. However, they have Michigan's Attorney-General up in arms about their tactics. If they used the information too freely, then would it not be possible for them to end up in court, have their process declared illegal (purely on the grounds of witholding information on what they were doing from the public), and hence not be allowed to use the information again on the grounds that it was obtained illegally?

I may be being idealistic about this, as I'm not sure about retroactive legality. However, even if that doesn't work, the PR stink that it would create would (hopefully) lead to a significant number of sites/net users blackholing, or simply not using them, their shareholders to balk at the lost revenue, and get a reversal on using the data too.

Again, I'd need someone to clarify the legal standpoint, but there _should_ be a way of getting this sort of corporate behaviour stopped.

Remember the words of the late, great Bill Hicks :

"If anyone here works in Marketing, or Advertising.....Kill yourselves." "There is no rationalisation for what you do, you are Satan's little helpers, KILL YOURSELVES!" - NB. Not Flamebait, just expressing a point, or as Bill would say "planting seeds".

What motivation other than money?

[cbustapeck]

Some people seem to be so surprised that doubleclick is changing because of negative feedback, rather than because they feel some moral need to behave in the most just manner. Am I the only one who sees this as rather normal? Almost all companies exist for the sake of making a profit, and those that really care about their customers tend to remain smaller. It is not just doubleclick that will do anything for money, it is virtually any company.

Confused about submission process

[RA-Zero]

Can someone please explain the submission process on Slashdot? I submitted this article 6 hours before it was posted, it got rejected almost immediately, and yet the article itself didn't get posted for another 6 hours.

I'm not sure why if an article can get rejected almost immediately, it takes takes that long to actually post one.

(I know this is off-topic, but I'm sure a lot of other submitters have wondered similar things themselves).


____________________________________

Remind me what the default is

[luckykaa]

I'm not totally sure, but I thought that NN did warn before accepting a cookie with the default settings.

Although it does seem that IE automatically accepts them by default. (And you're right about being hard to find. Took me a ages to find them, and I know roughly where to look)

Re:The most recent installs ive done indicate....

[luckykaa]

Half of me feels that people who don't know how to use a computer properly don't deserve privacy. Then I decide that thats probably too elitist an attitude. It would be nice if NN and IE gave you the option of handling cookies when it was installed, but cookies are too useful for me to get worried about their abuses.

Cookies!?

[luckykaa]

From the article

Granholm continued to level criticism the company failed to disclose to Internet users it is ``systematically implanting'' electronic files on the hard drives of users' computers - known as ``cookies'' in tech parlance - without their knowledge or consent.

I did consent to allow any company to implant cookies on my computer. I turned it off at first. Then I kept getting problems with pages not being available, so I switched to the "Warn before accepting cookies" setting. There were just too many cookies. Given the choice between access to web sites, and no cookies, I chose access. This seems reasonable to me. There's only a certain amount of data you can put into a cookie anyway. All this data has to be supplied vouluntarily.

DoubleClick, Cookies, Segregation.

[str3tch]

Suppose a major department store started a new policy: Adjusting their stock, prices, and interest rates based upon things like your zip code, income, and marital status, as well as an examination of whether you have visited any of their competitors?

Sounds bizarre, but that's exactly the "vision" promoted by the various profiling outfits that are busy mining data. It seems like a safe assumption that an online catalog viewed by an affluent businessman in a "proper" suburb will look quite different from that same catalog when viewed by a low-income user of a public terminal in a library.

The Internet (and other forms of electronic communication) has been perhaps the greatest catalyst for change in human society since the invention of writing.

If some people get their way, the Internet will become the perfect tool for segregation - and since it will be invisible (how will you know what your neighbor's version of that catalog looks like?) there will be few ways to fight it.

Re:right

[nostriluu]

My point was I find this whole thing a bit exaggerated. For sure it can easily get out of hand and become invasive, but it makes sense for producers to try and understand their consumers better, instead of just throwing out mass-market garbage perhaps we could have nicer stuff - starting with not seeing ads we're not interested in. Companies understand (or would be made to understand) if they cross lines and piss customers off. It's like saying every time you walk into a store and explain what it is you're looking for (building a relationship), this information should be thrown away so next time you have to explain it all over again. One of the biggest potentials of the internet is this richer communication, but it's being discarded in favour of mass market approaches.

Re:right

[nostriluu]

If I read your condescending remarks correctly, you're saying it's better to receive tons of completely irrelevant, annoying advertising than a smaller amount of relevant advertising? Eventually, when there are enough people using them, it will become increasingly difficult to see content if you're blocking banners, since the pages have to be paid for by someone, and I'd rather see relevant ads that mean something to me instead of the ton of noise I see today. Targetted advertising would be a /good/ thing if it truly allowed us to tailor what we saw and what was produced for us, and there would probably be far fewer ads since advertisers wouldn't need to put so many ads out to reach their potential customers. But I realize I'd get more slashdotkarmapoints if I towed the party line and just shut my eyes and ears whenever something was disturbing me in my cubbyhole. As for the advertising that's targetting at "people who think they're too smart for advertising to affect them," well, to be effective on me, it would have to be non-insulting, to the point, and relevant, in which case it would certainly be effective. Bring it on, I'd rather be assaulted by that than the irritating garbage I am subjected to everyday.

right

[nostriluu]

Right, we wouldn't want the producers to know anything about the consumers would we? After all, they might try to sell us stuff we're interested in.

Re:right

[steelwraith]

By following your train of thought, you won't mind if fourteen salespeople show up on your doorstep one night/calling you, trying to sell you insurance, because you bought a new car? You wouldn't be just a little miffed that the dealership released your address and/or phone number without your consent?

Now add other possible factors. You start getting queries from detailers, start getting info from garages and oil change places - this may be good info to get.

But.. you get a letter saying your spousal support is going to be increased (you have a new vehicle, you can afford it - where did that info come from?).. the advertising database of a company contacted by your dealership is cracked by car thieves that just happen to be looking for vehicles of a certain type - this is a bad use of info.

By conglomerating even more information on not just your buying habits, but your shopping habits as well, you're allowing not only for a correct use of that information, but also it's incorrect use. More efficient is not necessarily better. Do you really want to give someone that kind of insight into your life? And I say someone, as problems with unauthorized access to IRS data has shown the human equation is always going to be there.

Re:So what?

[Antifud4all]

Doubleclick is just like most other companies in the sense that they quest for the almighty dollar. I don't think that they will disable their user database unless it has stopped being profitable. I spent the summer working for a company that sold names and information on very specific demographic people. This selling of names has become less profitable. There were layoffs at this company for about 6 months before I needed to go back to school. With doubleclick, It has just so happened that their lack of profit and online privacy were a package deal. There was the added effect of their stock going up in value. What we saw, is doubleclick making a move that turned an area of their buissness into nothingness and gave their stock a shot in the arm.

Re:technical Solution to doublelclick

[AntiNorm]

ipchains -A input -s 208.84.29.0/24 -d 0.0.0.0/0 -j REJECT
ipchains -A input -s 0.0.0.0/0 -d 208.84.29.0/24 -j REJECT

Note that by using REJECT instead of DENY, your system will actually refuse the connections (instead of just ignoring them, which would cause your browser to stall).


=================================

Re:Cookies and Banners

[AntiNorm]

If you're not up to the task of porting IJB to the Mac, you can set it up as a proxy on a Win/*nix system and configure it so that your Mac will use it as an HTTP proxy. Pretty much the same way it works normally, only that IJB is running on one machine while [insert name of your favorite web browser here] is running on another.


=================================

Re:a rare event

[InS0MnIaC]

Perhaps it's time businesses like DoubleClick stopped assuming we want to "opt-in". It's like the credit card application that says "Check here if you do NOT want to participate in" blah blah blah.

The opt-out cookie is a start, but I'd prefer it to be the default setting. Then, if I decide I want my habits tracked (however unlikely), I can choose to do so...and DoubleClick can send me money. It'd be like AllAdvantage.com, except without the annoying "always-on-top" ad bar. If someone is going to get paid to use my information, it should be me.

In case you need it, here's the link to "opt-out" of DoubleClick. [doubleclick.com]

What's the real issue?

[BlewScreen]

I don't really see the problem here. It seems that everyone is crying about the fact that information that they offered VOLUNTARILY is availble to people other than those who they offered it too. Well, forgive me for saying so, but, how could you be so stupid?

If it is going to be a problem for you that someone has personal information about you, then don't give it to them. We don't need more regulations and laws that would be impossible to enforce anyway, we need to start using our own brains....

The post here about the person who wanted to buy a skirt, but wouldn't because of DoubleClick's partnership with the seller is a GREAT example of the power that consumers hold. If you're concerned about part of an agreement that you are going to enter into, either have the agreement modified, or don't sign. It's really that easy.

If you want to buy something from an on-line company, expect to have to adhear to their policies to do so. They make the rules, you don't have to follow them if you don't agree. Go somewhere else. The FREE MARKET really does work, contrary to the gov't's belief.

Don't get me wrong, I'm all for keeping my personal information private, but to do so, I actively practice discretion when I enter into agreements with entities that ask for personal information that I would prefer be kept private.

You always have the option to just say NO.

just my $.02

-rj

Re:From synopsis: "...legal consumer privacy laws.

[phil reed]

No. A law can found unconstitutional by the Supreme court, which means it is illegal. When that happens, the law in question is immediately invalidated. Any convictions under that law are instantly voided, retroactive back to when the law was inacted.


...phil

Re:Cookies and Banners

[Masem]

Actually, with the recent press covereage of the Doubleclick fiacso, I know that junkbusters.org has been printed in Newsweek, US News & WR, and an AP article in my local paper, as well as on CNN Headline News. Sure, it's not fixed common knowledge, but the word is out.

However, I do believe that we as citizens concerned about privacy need to get a few well placed TV ads to make the message strong or stronger.

a rare event

[Eric Sharkey]

It seems a rare event these days when a company can actually publicly admit, in no uncertain terms, that they made a mistake.

Hmm, Now how do we know they stop

[zyklone]

They have proved that they can do, even said so.
I wonder how long it will take until they try to get away with it again. I fear that the temptation of huge piles of money can make people forget promises fast.

Why trust them?

[Cid Highwind]

I'm happy to see that doubleclick is reversing their policy of openly disregarding every online privacy guideline in existance, but how would we know if they really stop cross-referencing or not? Doubleclick rates somewhere between microsoft's marketing department and the (U.S.) federal government on my list of people not to trust.
As long as doubleclick owns abacus' database, I'll have a very hard time believing that they are keeping the databases seperate. For now, I think doubleclick will stay aliased to 127.0.0.1 on my box.

Too late for me

[jms]

Too late for me. Their actions convinced me to take the time to install junkbuster. Now most web ads are things of the past for me, and I'm not going back.

They pissed in the well.

Re:Tracking users

[Wanker]

All the more reason to keep using text-based mailreaders

The best examples of this tracking are like this:

<IMG SRC="http://www.doubleclick.net/images/hidden-cgi/ pixel.gif?you@your-mail.com">

Where they send a 1x1 transparent image-- you'll never even see it unless you 'view source', and of course by then it's too late.

Gotta love fetchmail + pine! You get to see the source every time, before it can hurt you.

DoubleClick is not the only offender

[ludes]

At the risk of getting pounced on I'm going to make a few mitigating (not exculpatory, note the difference) remarks about DoubleClick. The simple fact is that these guys publicized their plans and got nailed, which is good. At least they announced what they were doing and didn't try to deny it.

The real question is how many other companies are sneaking around doing the same kind of thing under the radar of the media, etc. For instance, credit card companies track every purchase that you make and where and when you made it. Credit reporting agencies track all of your financial transactions except for pure cash. Obviously, your ISP can tell every site that you visit simply by correlating network traffic to your login or IP address and can read your email (what do you think those spam filtering "services" are doing?).

Generally the point I'm trying to make is that everyone knew that DoubleClick was using cookies to do some sort of tracing to begin with, they just previously weren't correlating it directly to your name, etc. I've been blocking their cookies for a while now because I KNEW they were there. The ones I'm worried about are the ones I can't see. The Internet is much more like a public street then any one wants to admit, and what you do on a public street can be seen by a lot of people. Be careful out there.....

Not as good as it sounds

[ajs]

What he's basically saying is "after the anti-privacy industry finishes lobbying congress the get laws passed, shit like this won't make our stock price plummet."

You didn't think these were nice people, did you? They're an ad-banner company, for gods' sake.

Better the devil you know?

[sufi]

It's not companies like doubleclick that worry me, it's the non internet based marketing companies that worry me. Like with storecards we don't actually *know* what they use the data they collect is used for, nor do we know who uses it.

I'm sure there are other companies that are not necessarily web based that are doing very similar things, and the only way we could really find out is through a leak from a member of staff somewhere.

I do wonder if it makes any difference at all, perhaps Big Brother is always watching? :o)

Nice to see them admit defeat though.

Re:Cookies and Banners

[dlc]

• This is great news, but the fact is, that it can be stopped already.

yeah, you know that, and I know that, and Hemos probably knows that too, but the average Net user -- and let's face it, slashdot readers tend not to be average Net users -- would have no idea how to even use, never mind setup and configure, something like IJB (which is a wonderful product, you're absolutely right).

Until ISPs start using things like IJB as a regular part of their services, companies like DoubleClick will continue to do shitty things like this, and the majority of the Internet using public will continue to be tracked and have their information sold to demographers and spammers.

So here's a question -- why don't OS manufacturers and distributors bundle IJB or something similar with their product? I mean, RedHat, for example, has tons of services turned on (who really uses or needs identd running? Home users need ntalk? Huh?); it would be trivial for them to implement IJB, get ti running, and configure their customized version of Communicator to use localhost:9999 (or whatever) as a proxy. Similarly, with the huge amount of Internet-related services that come configured on Windows 2000, why isn't a filter one of them? Can't you see AOL's configuration screens with an entry for Cookie filters?

My mind is a mind that I have come to know,

a few words about this...

[mykey2k]

Yeah, right.

Sure.

Uh-huh.

We believe you!

I'm sorry, but how can we *really* tell if these people are telling us the truth?

Pretty soon I predict the title of one of these articles here on /. will be:

DoubleClick DoubleBack DoubleCross.

Until then, I still fill out form with incorrectly spelled information so I know where companies get my name.

(I even got a chain letter a-la MAKE MONEY FAST style in the US-Mail. I sent it off to the Postmaster who I could only assume would be interested. :-) )

Thanks for reading.
-m

Re:right

[Mr. Slippery]

we wouldn't want the producers to know anything about the consumers would we? After all, they might try to sell us stuff we're interested in. If you're already interested in it, odds are good you already know about it and don't need advertising. The purpose of most advertising is to get you to buy stuff that you're not interested in.

"Doesn't work on me, I make up my own mind!" you shout. My friend, everyone says that advertising doesn't effect their decisions, but yet advertising does effect sales. Subtle indeed are the ways of manipulation; you can bet there's even a target demographic for "people who think they're too smart for advertising to affect them."

Do you want to empower those who wish to influence and manipulate you, or do you want to maintain your privacy and independence?

If I want you to sell me something, I'll tell you what I want, thank you very much, I don't need you snooping on me.

Re:Cookies and Banners

[kaphka]

IE 5 already does most of this. You can add sites to your "Restricted Zone" or "Trusted Zone", and give them different privleges (e.g. no javascript, no ActiveX, no cookies).

It's not perfect, though. You can only have the four fixed security zones, no more. And it could really use an easier way to block sites, such as a "this site is evil" button on the toolbar.

Personally, what I do is set my default cookie setting to "prompt", and then whenever I see a cookie that's suspicious, I add the domain to my restricted list.

I'm not saying that IE is the perfect browser when it comes to privacy, but if you're using it anyway, it's not too hard to set it up pretty tightly.

<cough*bull$h17*cough>

[wowbagger]

OK, let's get this straight:

1. Doubleclick starts tracking people
2. Doubleclick says "We'll never try to put a name to the cookie"
3. Doubleclick puts a name to the cookie (proving that they will lie when profit is involved)
4. Massive public uprising happens: people start blocking DC banner ads, sites stop using DC.(thus hurting DC's bottom line)
5. DC says, "OOPS! Sorry, we screwed up, and we'll never do it again. Honest! (until the gov't regulates it and tells us what we can get away with)"

Conclusion: DC will start this up again, as soon as the public furor has died down, and the gov't can be convinced to make it legal.

Second conclusion: I will continue to filter DC out at my proxy.

Re:Cookies and Banners

[mOdQuArK!]

That's why we need to build the IJB functionality directly into the browser, and make cookies, banners & java/javascript an "opt-in" feature, and on a site-by-site basis instead of either all-on or all-off.

Re:You can't have it both ways...

[KahunaBurger]

But I for one am sick and tired of hearing all these privacy advocates whine for legislation about privacy on the net, and then hear the same advocates turn around and cry when bills are passed to censor content. You can't have your cake and eat it too.

Hey, don't stop there, the hypocracy continues!

Publishers expect legal enforcement of copyright, yet expect the government not to censor their content!

Businesses want laws against embezzelment and theft but the whiners think they should be able to produce what they want, not what the government says.

And the gall of those feminists who ask the government not to regulate their reproduction and then turn right around and ask for rape to be taken seriously as a crime!

When will these people learn? I hope you continue to ferret out these hypocrits who want to have their cake and eat it too, where ever you imagine them.

-Kahuna Burger

Re:Cookies and Banners

[warpeightbot]

why don't OS manufacturers and distributors bundle IJB or something similar with their product?

Good question. IJB is 100% (almost fanatically) GNU, so no one in the Linux community would have a problem shipping it.... Ditto anybody else who isn't allergic to the GPL.

However, the Berkeley folks might have a problem with the "GPL Virus" on their distros; what's more, I'll bet you a jelly donut Bill Gates (that's Mister Big Brother to you :) would never, ever include a piece of amateur-written, untested, probably virus-laden software on his professionally-built, expensive release CD.... oh, come on, what do you have to hide? [remove tongue from cheek]

No, I think it's a damn fine idea and we ought to drop it in the ears of folks like Bob Young, Bruce Perens, Larry Augustin (he's no distromeister but he does build boxen that could be preconfigured...) post-haste.

Come to think of it, I think I installed IJB from RPM anyway, so it would be dead simple for the Red Hat and SuSE folks to simply sweep it onto the CD.... and the Debian and Slack folks could just run alien... boom, problem solved.

If we can get'em to do it...

--
"See, you not only have to be a good coder to create a system like Linux, you have to be a sneaky bastard too ;-)"
-- Linus Torvalds

What are they doing with what they've already got?

[dlc]

So, what are they going to do with the data they already collected? That's what I'm wondering. They may have already collected the amount of data that they want.

Also, who's to say that this wasn't their plan all along? Collect tons of data, cross-reference it with the Abacus databases, get profiles of tons of Net users, and then admit to "making a mistake" and try to get public sympathy through the admission. By now they must have enough data to make any demographer wet with desire. It sounds devious, but maybe it's not so far from the truth.

My mind is a mind that I have come to know,

Tracking users

[jamienk]

If double-click sends an HTML formatted email (which many email clients now read) with HTML something like this:

<IMG SRC="http://www.doubleclick.com/images/banner.gif? jamie@jamies_email.com">

then my email client will

1) Automatically send a "return receipt" to double-click

2) Send any double-click cookies I have

3) Associate my cookie (which shows all my past surfing to doubleclick sites) with my email address.

Email programs should not allow this.

Mozilla will easily let us block individual cookies.

You can't have it both ways...

[daVinci1980]

[rant]

This just absolutely pisses me off. People want the internet to be free, but at the same time they want to have their privacy on the net too. I'm sorry, but you can't have it both ways.

If you want the government not to regulate the content of the internet, then its simple. Keep them off of it. Once you allow the government to start passing privacy laws regarding the net, what is to stop them from passing laws regarding the content of the 'net itself? What next, will they start prosecuting based on posts in newsgroups?

These are perfect oppurtunities for we, the internet community, to show the government that we are able to regulate the net ourselves. The course of action is simple.

1) Sites that violate users' privacy are listed at a privacy site, or a forum is maintained in a high visibility area. This allows net consumers to have a common area where they can check to see if the vendor they're purchasing from will attempt to screw their privacy.

2) E-mail is sent to the offending site, indicating what was wrong, and that we as net consumers will cease to visit their site if the situation is not resolved.

This will, in effect, set a net boycott on sites who violate users' privacy, which will either cause the company to rectify their error, or will cause them to take their business off the net. (No revenue is typically a 'Bad Thing'.)

But I for one am sick and tired of hearing all these privacy advocates whine for legislation about privacy on the net, and then hear the same advocates turn around and cry when bills are passed to censor content. You can't have your cake and eat it too.
--
"A mind is a horrible thing to waste. But a mime...
It feels wonderful wasting those fsckers."

Was it us, or companies?

[DreamerFi]

This is far from over, folks. It took massive media attention and a few lawsuits to register that, hey, perhaps folks don't really like this, and it wasn't DoubleClick that responded, but their partners/clients. (I'm also puzzled why there's no case against DoubleClick pending at the European Union court level, since privacy laws here are much better - not perfect, mind you.)

Anyway, I wonder. For weeks we've seen the public awareness and outrage growing, and not much happening. Suddenly a few companies cancel their contract, and Double-Click wakes up. The lesson we can learn from this is simple, and seen many times before: hit a company where it hurts, in the wallet or at the shareholders, and only then they'll listen.

(firmly implanting tongue in cheek) Double-Click has done more for consumer awareness on privacy issues than most companies, and we should applaud them for that effort!

-John

Re:Cookies and Banners

[mOdQuArK!]

I want the IJB _BUILT_IN_ to my browser! Filters for cookies, URLS & javascript/java (and all the other stuff that your browser does "automatically") - all set up so you have to OPT IN, to prevent other sites from using your own browser against you "under the covers".

It's really annoying to have to keep turning on & off features of the browser for particular sites & URLs.

the-big-picture

[h3idi]

NPR carried this story yesterday afternoon. From what I gleaned, it seemed that Double Click had decided not to release (for sale of course) the existing cross-referenced database "at this time." The information they have there is worth millions of dollars to marketing companies worldwide, and I can't see them sitting on it for long. What I would do if I were CEO of DC at this point is to backtrack, make a big dieal about how I value people's privacy, then put a disclaimer on every site I can, and continue to collect information (they never said they wouldn't) while I lobby to create the legal and industry standard which conforms to my ends. Maybe I'm just an Evil Suit at heart, but this path seems quite obvious. Give it six months; with a disclaimer in place, DC can claim all the info in the database has been collected with the web participant's consent (for a larger price tag and to a bigger market thanks to all the publicity and a good PR spin). The participant's consent is where the potential privacy act case comes in; companies have been collecting and selling your information legally (for big big dollars) for decades, and we not only allow it, but we help them. How many times have you heard that an AOL'er likes the packaged bookmarks, chat rooms, ads and "helpful pointers" on her screen? Existing "government and industry privacy standards" allow for the information to be collected, collated, bought and sold. DC's database (which exists and makes marketing companies' CEO's salivate in their sleep) is the natural outgrowth of an organization that started as junk mailings (thank you Lillian Vernon and Carole Wright) and progressed to telemarketing. If you want to stop the travesty of being viewed as a wallet to pick, this is the industry you will be taking on, and IMO it's one which should never have gotten off the ground. Take Hemos' advice and get involved, locally and nationally to reclaim the right to have an unpolluted bio-bandwidth.

So what?

[evil_one]

It's not companies like doubleclick that we need to worry about. Regardless of doubleclick's intentions, it is still quite easy to track web user's habits. We need a way to insure privacy that does not depend on companies _not_ gathering our information.

Not necessarily permanent

[Romen]

According to this Wired article [wired.com], they plan to wait until there are more govenment and industry privacy standards. This means that once someone develops some self-serving standard, DoubleClick will consider it a-ok to follow that, and track everything you do again. Unfortunatley, the Yahoo article doesn't mention this.

I feel that we should be careful of DC's promises not to abuse our privacy, as they have not shown themseleves to be the most trustworthy business in that regard. We also should not blindly assume than any 'industry standard' for privacy will agree with the beliefs of people here on slashdot.


Sam TH

Cookies and Banners

[akey]

This is great news, but the fact is, that it can be stopped already. The Internet Junkbuster [junkbuster.com] does a fantastic job of filtering out banner ads, and can be used to filter cookies as well. DoubleClick (and others) can try to track me as much as they like, but since I have the IJB set up to reject all cookies that I haven't explicitly allowed, they're going to have a hard time doing so.

Suspicions

[elthia]

Actually, I saw some of what happened as a result of this.

I decided I didn't want anything to do with DoubleClick. I got a list of all of their 'associates' - the people who run their ads, give them info, etc. It's a disappointing list, just about _everyone_ uses DoubleClick. I almost stopped shopping online completely. However, I also sent letters to the people I would have otherwise shopped at. One example:

I was looking for a particular skirt, to replace one which had been damaged beyond repair. I couldn't find it until I went to a site called catalogcity. But they used doubleclick. I sent them a letter, telling them how happy I was to have found the skirt, but that I would not buy it until either DoubleClick backed out of their current invasive policy or this site stopped using DoubleClick. I told them that, while I use cookies on a regular basis, and am perfectly fine with targeted ads, I don't approve of anyone tying that in with what my income is, or my real address, or other such personal info.

I received a very polite, well-written response, saying that they were unhappy with it too, and that, for now, they were removing the doubleclick integration from their site - not to be reinstated until Doubleclick backed away from that policy.

This was a pleasant surprise, as I had expected no reply at all - the usual response to letters indicating a single lost sale is 'oh well, we've got plenty of happy customers, this one must be a fluke'.

It appears that catalogcity wasn't the only one, however. UserFriendly, Advance Internet (who run a number of the 'state' sites, like nj.com, oregonlive.com, and (I think) alabama.com), and a few others I spoke with were all looking for new adservers, or simply disabling doubleclick entirely for the duration of this mess.

Somehow, I don't think this is some sort of sneaky move. Doubleclick was feeling the heat, from consumers and from its affiliates, in a major way. I know for a fact that Advance, for example, generated a _lot_ of advertising for them (we're talking millions of pageviews a day, and that's just in ONE of the physical sites). When your major customers start complaining about something, you listen or you go under. The thing that makes me happy is that the major customers of DoubleClick were on the ball and listening well enough to put the heat on in the first place.

-Elthia