Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy

You Track Me, I Sue You 131

heytal writes: "Cnet has an article about lawsuits filed against advertising companies for allegedly tracking customers without their permission." We're going to see a lot more of this in the future.
This discussion has been archived. No new comments can be posted.

You Track Me, I Sue You

Comments Filter:
  • by Mad Hughagi ( 193374 ) on Thursday November 23, 2000 @08:27AM (#604791) Homepage Journal
    Web bugs can also be used in email. For example, companies can send a bulk HTML email newsletter that has Web bugs, which will determine how many people read the letter, how often they read it, and whether they forward it to anyone. The email "would include your email address in the URL or include a coded ID or encrypted email address to track when you opened it," Smith said. - From a previous article on the site.

    Now I don't know about you, but with regards to spamming and whatnot these 'web bugs' seem like a pretty blatent violation of privacy. Granted with cookies you do have the option of not using them, but this stuff takes it to the next level. Just another reason to use an email program that doesn't read HTML.

  • Or even more intimidating, what if marketers could put video cameras in your house to observe your consuming habits... How close to "1984" we've come if not a little late! *chuckle* I'll make sure to post how proceedings go with the Royal Bank. If this goes to court, I'll make sure to invite the media to cover the case. So who knows, you may just see me on TV in the next few months. Regards, Greg. pwake@golden.net
  • A web bug has nothing to do with cookies... It's basically an image request set to 1 by 1 pixels. The server on the other end will 404 it, but that doesn't matter at all. Since each email has a unique "bug", it's trivial to track that emails path across IP addresses... They can tell who the sucker was that forwarded it in the first place and pound them with more and more emails.

    So, html savy email programs would have to disallow retrieving images on the web, in order to deter web bugs.
  • IE sucks for cookie options (weird.. the only area where IE is behind NS) but NS has the option to only accept cookies from the domain you are visiting. This is a major blockade for the "cookie tracker monsters".

    Mozilla, NS6 has even better cookie blocking support. You can choose to block cookies from a domain. You can delete unwanted cookies and optionally refuse cookies from the deleted cookies domain, etc.

    Blocking all cookies seems a bit stupid since they have such value when used properly.


    --

    A mind is a terrible thing to taste.

  • I like your view. In order to do their filthy business, they are relying on the fact that the default setting is to accept cookies. It does not matter if you can change those settings. The real problem is that most of the people don't know anything about it. This is the reality.
  • When a process is running ON MY MACHINE without my permission to track me, its more like the motorist has a stowaway in the back seat monitoring my car from the inside of the freaking back seat.

    NO software should be able to put itself into HKEYLOCALMACHINE>SOFTWARE>MICROSOFT>WINDOWS>RUN/RU N SERVICES without my permission.

  • My heart is with them, but I don't know how much of a chance they have with this.. Wouldn't this be like signing up for a Safeway card with all your personal information, then suing them for tracking your buying habits? Why do people use factual info online? Actually, why do people give personal info to any corporation if its not absolutely required? If you are not using personal information, what do you care that they are tracking Joe_Blow_001001?

    I say spend your time doing something constructive, like filling the databases with junk. - More Noise! Less Signal!

  • I'm not a big fan of lawsuits, or the authority that some judges assume

    Granted that lawyers, and judges, and courtrooms have caused us all significant grief over the years, I think that it is important to realize that the system can work for us as long as we educate ourselves on how to use it effectively.

    This has been stated over and over, but too many geeks become alienated and then are content to simply roll over and bitch about the legal system without actually DOING ANYTHING to help our cause.

    In reality, we need more of those scum-sucking bastards (lawyers) on our team ;)

  • Wouldn't it be possible for a user to specify his own "license agreement"
    I wonder that, too - and I also wonder what happened to all those people who put "Unsolicited email sent to the my email address will be charged at £50" as their .sig or on their webpage... Have any of these people ever had any success in claiming their "fines"?

    Strong data typing is for those with weak minds.

  • Well duh. Are you saying that you are entitled to recieve free products and services without disclosing any information whatsoever?

    If you've got a problem with it, don't use their services. I'd only allow a company to set a cookie if i trusted them enough not to steal or cheat me. If i didn't think that was the case, i wouldn't do business with them period.

    the problem with things like ad cookies is that you usually aren't getting anything out of the bargain, and don't know what their intentions are. You can't choose who delivers ads to you.

    /spm
  • Instead of all this secret data gathering and tracking, why don't they offer an online questionnaire about user's browsing habits, with the opportunity to win something, or get money off e-coupons or something. At least then, their data will be more accurate as you're targeting a person, rather than a (possibly) shared machine that may have more than one person who uses it. The other downside of cookie-tracking is when people are doing a net search, and may hit a site which appears to be relevant to what the user is searching for but actually isn't.
  • Thanks a ton for pointing out our mistake. We are indebted to you and hope for further cooperation from you. The change will appear soon.
  • Well, I've heard @home allegedly tracks what web sites you visit if you are using their proxy server, and sells that information to advertising companies, ever wonder about all that e-mail spam? There's quite a few ISP's that block spam at the mail servers, but @home refuses to incorperate(sp) it...
  • > Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives and secretly tracked their movements across the Internet," the plaintiffs charged in a filing in Denver, Colo.

    That's not true. It's not placing something on a hard drive without consent. Cookies can be rejected - it's not a forced thing.

    In any case, there's really nothing wrong with tracking people

    First I will admit that I do not know a lot about US law since I live on the east side of the Pond. However, I do know something of how it is done over here.

    Here (in Norway) any business needs a permission from a certain government agency in order to store or collect data about a customer not directly required to perform the service purchased by the customer. I presume that the laws are similar but not exactly throughout the EU and EEA, although i can not be sure about this.

    What does this mean? Well, for starters this is applicable to all areas of business be they in the old or new economy. To me it seems that the question is not wether these ad agencies were allowed to place those cookies on customers computers but wether they were entitled to collect and store information about people's movements online.

    I think it is important that we distinguish between what they are doing (collecting information about customers) and how they are doing it (placing cookies on customers' computers). If we make laws that prevent people to collect data in a certain way then we will be like a dog chasing its own tail. It is the collecting of data which is wrong (note: i do not say illegal), not the placing of cookies without the user being aware of it.

    Finally, i would like to comment on buttfucker2000's apparent trust in corporate interests being good for the general public. You know, companies do not always have the customers' best interest at heart.

  • by Chacham ( 981 )

    I'm not a big fan of lawsuits, or the authority that some judges assume, but it is nice to see some action in this area. If only it gets reported widely enough so that even non-technical people are aware of what is going on with their privacy.

  • It installs itself as part of the latest version of Real Player - there doesn't seem to be an opportunity to not install it, nor are you told that it is being installed.

    Thankfully my firewall caught it.

  • If you give yourself two login names, you have several alternate IDs set up. That way, you can possibly have multiple lawsuits, or at least have two different accounts on amazon.com, one for the family, the other for, uhh, other things...

    Tell me what makes you so afraid
    Of all those people you say you hate

  • Yeah, go for it! Ever since I found Comet Cursor running on my system without my permission, I've been noticing more and more privacy violations, all so someone can make a buck. If they gave me a free PC, with the understanding they were going to track my use of it, fine. If they install tracking software surreptitiously on my pc to gather data (and thus money) without my permission, blast them to hell! Or Phobos!
  • I quite like one of lynx's options for cookies. That is to accept cookies during the session but then to discard them. This allows cookies to be used for one of their useful purposes - keeping state information between pages on a site (eg a shopping cart) but prevents tracking of viewing habits.

    It would be nice if the more widely used browsers offered the same option, preferably with the option of keeping some cookies (eg Slashdot login info) between sessions.

  • by BilldaCat ( 19181 ) on Thursday November 23, 2000 @08:11AM (#604810) Homepage
    Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives and secretly tracked their movements across the Internet," the plaintiffs charged in a filing in Denver, Colo.

    How can they do that? If the user has their browser set to accept cookies, and cookies get placed on their system, what is the problem with that? Seems like a case of people's ignorance, and instead of acknowledging that, they decide to sue someone instead.
  • Poor analogy. I venture that you are an ideut.
  • I wonder why this isnt against DoubleClick, they are tracking every step a surfer takes.
    We can only hope the lawsuit is a success =)
  • Imagine if these lawsuits result in victory for the plaintiff?

    Millions of users worldwide will be jumping on a class action lawsuit bandwagon.

    Say byebye to unscrupulous advertisers!
    ========================
    63,000 bugs in the code, 63,000 bugs,
    ya get 1 whacked with a service pack,
  • I read Slashdot, yet I still want to receive MS crap 'cause that's what I do for a living. The world ain't all black and white, my friend. J:P
  • I think suck a security scheme would need to be built in the HTTP protocol, and it would be really cool for some sort of non-profit org to help out the plaintiffs get their claims together, to form a class action or something like that...

    I ain't no legal expert, but then again, there's no justice...

    J:P
  • for w3m: chmod a-w ~/.w3m/cookies
    I have only _one_ cookie in there (:
  • by pod ( 1103 )
    The problem is not just with cookies in this case. Read the damn article. Web bugs and other such tricks that cannot be blocked by a regular user (or even a 'power' user) are at issue here.
  • Grab a recent mozilla [mozilla.org] build, open this xpi [netscape.com] in it to install java support, and have fun.
    SSL support, should you want it, is also installable from the "Install PSM" selection under the Debug drop-down menu.
    ---
    Where can the word be found, where can the word resound? Not here, there is not enough silence.
  • That was in reference to Microsoft :)
    ========================
    63,000 bugs in the code, 63,000 bugs,
    ya get 1 whacked with a service pack,
  • In Norway, tracing like this is illegal unless you get permission from the consumer. This is all privacy protection which is strictly enforced here.

    I can understand that people react to tracing like this because it _is_ an invasion of the private sphere.
  • (It was a banner loader for some software. C:\WINDOWS\SYSTEM\CD_LOAD.EXE)

    I noticed it too, when using NT, I am an ardent supporter of checking Task Manager a few timely daily, and killing *any* process that I can't figure out. Hasn't crashed the box yet, and it usually runs for two to four weeks before something crashes or freezes it, which is pretty good for NT.

    Anyway, CD_LOAD.EXE, is by CyDoor [cydoor.com] (I think, I already deleted it and it's registry entries) as a snooper for banner advertisments. It my case it was installed by Babylon [babylon.com]. Just checked, there's a list of downloads on the Cydoor website, so they probably all have it.

  • Among all the spam I regularly receive via e-mail, NONE of it is targetted at all to what I might remotely be interrested in purchasing. NONE whatsoever.

    Because of this, it has become rather obvious that DoubleClick and others like them are not collecting data to enable better customer profiling.

    Big Brother works for MediaClick, not for the CIA.
    --

  • A feature I would like is to have a local cookie-provider database, where you can choose which cookies to be allowed and which should go down the drain.

    Options like:
    - accept always
    - accept this session
    - never accept
    - deny this session

  • Try Junkbusters. It has most of this.

    And it's open source, so if you don't like the way it handles things, (it doesn't have a "deny/accept this session" option for cookies) you can extend it. Scratch that itch.

  • Why should @Home put in server-level spam blocks? Their fscking mailservers are down so much (at least the one(s) that handle my mail here in the Philadelphia area are), that I barely get ANY mail!

    ~Philly
  • They don't offer questionnaires with dangling-carrot prizes because Net-savvy people see right through that as a data-gathering trick, and may fill populate such forms with BS as a goof.

    It's much easier for the companies to just log your activities on the QT.

    ~Philly
  • I find this lawsuit to be troublesome. Even though I'm as cautious (paranoid?) over online privacy "threats" as anyone, I don't know if this suit has any merit. It seems simply an attempt to capitalize on the rising sentiments against marketers and dataminers profiling Web users using cookies.

    I'll leave my whole spiel on Cooki e angst [themestream.com] for another forum (which pays 2 cents per view), but I'm really surprised to read the comments here in Slashdot equating cookies with cracking, or believing that cookies lead to spam, or confusing them for the related but not synonymous "Web bug", or digressing into the topic of "spyware" which is not what the suit is about.

    Cookies are a part of the Web. They require compliance on your part. Your browser must cooperate with the server asking to set or read a cookie. The advertising networks take advantage of the fact that the default setting on most browsers is wide open and most naive users never know about it or bother to learn. The best part of this suit is that it will expose more people to the issue, leading more to seek and demand greater control over their Web browsing. Explorer, particularly v5.5 with the Privacy Enhancement, has the best set of options (though Netscape 6.0 has a pretty good built-in cookie manager). Explorer has so many other privacy worries though, not the least of which is the potential for abusing the DHTML Persistence [microsoft.com] "feature" of 5.0 and later.

    Cookies aren't the issue. It's what Engage, 24/7Media, Doubleclick, Matchlogic, AvenueA, et.al. are doing with the data they gather that's the bother. But I don't know if being "bothered" or "annoyed" is worthy of a suit. If it was, I'd like to go after the telemarketers first. I despise that tactic more than Web profiling.

  • Demios ? You mean "Deimos" don't you ?

    Cheers,
  • Isn't Phobos in hell? Oh, wait, that's Demios...

    Bill - aka taniwha
    --

  • We're going to see a lot more of this in the future.

    I'm not a big fan of using the courts to punish every perceived wrong, but in this case, I say good. Take a look at this article [nytimes.com] in the New York Times (free registration required to view it). Those spam emails you get frequently contain HTML that allows the sender to obtain access to your browser cookies and tie your online activities to your identity. Not to mention being able to obtain your IP number and derive your location from it (Postel Services [postel.co.kr] offers this feature for free in its HTML email service. Great way to stalk someone). Legislation doesn't seem to be forthcoming to curb these abuses, so at the moment the courts are the only weapon available.

  • with doubleclick.net, you can easily OPT_OUT of their tracking stuff, just go to h ttp://w ww.doubleclick.net/us/corporate/privacy/opt-out.as p?asp_object_1=& [doubleclick.net]
    --
  • Personally, I don't know why anyone would want to keep massive amounts of logs on hand for an extended period of time just because of the headache involved. Their has already been a good amount of lawsuits where sys. admins probably wished they hadn't kept the logs or those back-ups from the e-mail server three years ago. Just ask Mr. Bill Gates about that one.

  • Biggest shopping day of the year. On-line sites should get ready for all those script kiddies with smurf.c and a linux box. There will be some big shopping sites getting DoS'd I'll bet.
  • What's spam got to do with Doubleclick's ad targeting? You think the "horny teens", "find out anything about anyone", "make money fast" spam you get has anything at all to do with cookies or Doubleclick profiling? You need to go back to school, or develop a more critical form of logic.
  • Uh...have you seen nCognito [ncognito.com]?
  • I'd mod you up, but I don't get status anymore.
  • Only a dumb user would make a statment "Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives and secretly tracked their movements across the Internet," the plaintiffs charged in a filing in Denver, Colo. "

    If they were not truely dumb, they would realize that they could prevent cookies from being set on there machine. Both IE and Netscape have a way to shut off and turn on cookies. Although Microsofts IE is a little more illusive (IMHO). Nothing with cookies is done "covertly". If you are using a browser that accepts cookies, you can shut this functionality off, or have it prompt you before accepting cookies. In IE this may be more difficult, but is possible. Most web sites also state there stance on privacy. I don't think I have been to a web site that does not use cookies. SO are they going to include all these too? Many major web sites use cookies to track there users where abouts. If they are going to sue Matchlogic, why not include doubleclick and engage as well? Doubleclick is far worse than matchlogic. Doubleclick has mapped out IP addresses on teh web, and when you get one of their sites they know where you are on th eplanet. They 'say' that they do not use this, but the info is available. They also use cookies as well.

    If they want to do something about this then they need to use konqueror, lynx,or Netscape (not sure how well IE handles this) and set there browser to prompt on recieving cookies, then reject any ones they don't want. If IE cannot do this, then they really need to go after Microsoft and make them include better cookie handling features.

    I don't want a lot, I just want it all!
    Flame away, I have a hose!

  • Hi
    I used to work for Milberg as a contract paralegal before I switched paths and started programming. They are indeed scoundrels. In the class-action suits brought against Prudential and John Hancock (and other insurance companies) they pocketed over $95 million USD. The average plaintiff (who had been defrauded of tens of thousands of dollars) received a few hundred to maybe $1000. Partners who did not even work on these cases pocketed obscene amounts of cash.
    At first we felt like we were the good guys, taking on the big bad insurance crooks -- but in the end it was just a bunch of lawyers getting rich. Helped make my career change easier...
  • Check the laws in your local jurisdiction, as you may be entitled to more than the $150 you've billed for. Here in the US, we're entitled to at least $500 for each time a telemarketer calls after being told not to call anymore. I recently soaked Teleservices Direct for $500 and then $1000 after they wouldn't stop calling me. See http://osiris.978.org/~brianr/telem ark eting/ [978.org].

  • What is even wose about this kind of spyware is ythe resources that it uses to keep track of you.
    I manage an Internet firewall. A few months ago we wanted to find out why we were transmitting 50MB/hour to a particular IP address.
    Turns out it was the Cydor tracking address with about 100 different users all sending records every few minutes. Someone had downloaded an adware game called Free Solitaire (freesol.exe) and sent it out to friends. It took a week of helpdesk time to clear out the rats nest.
  • Oh, probably :) My spelling sucks and I'm not ashamed to admit it :) (mind you, it doesn't help when I can never remember how to say it either: I rarely hear it and I'm slightly dyslexic so I sometimes mess up my reading of new words which messes up my perception of the english language). Thanks for the correction; I though I probably had it wrong, but putting (sp?) in there would have killed the joke even worse than the miss-spelling :).

    Bill - aka taniwha
    --

  • I live in London, Ontario (Canada) and am unsure about the Canadian law regarding unsolicited telemarketing where the company has been told not to contact the individual; especially where the company presenting the contact information to the telemarketing firm has been told not to recontact the client. Does anyone here have any useful resources? Thanks in advance, Greg Currie pwake@golden.net
  • Please, keep us posted to the conclusion of this story!!!!

    --
    Americans are bred for stupidity.

  • by mce ( 509 )
    I basically have cookie support enabled (only from the site that the originating page came from, by the way, but that doesn't make much difference in practice) because some sites that I visit regularly use them for good purposes and I want things to work transparantly when I find a new site with cookies worth keeping.

    To compensate for this, I have a cookie eating script that gets run every night from my crontab. It reads in a cookie filter file, containing commands such as:

    retain ^slashdot\.org
    remove ads\..*

    and then acts accordingly: a cookie that matches a "retain" line is, well, retained. One that matches a "remove" line is... you guessed it. Cookies that match neither are reported to me, so that I can decide what to do with them next time round. Initially I ran this script once a week, but as I kept accumulating more "remove" directives, the number of manual interventions went down quite rapidly, so I increased the frequency. I'd move on to once every 6 hours, if it weren't for the fact that it's no use editing the cookie file while Netscape is running.

    A nice side effect of what I'm doing is that each time that I visit one of these tracking companies, they actually think that they've found another victim. Let them... :-)

    By the way, originally, I used the possibility to opt out whenever possible. But I found that, while my DoubleClick opt out cookie would indeed be kept around, the similar one from prefences.com tends to disappear automatically after some time. So nowadays I bluntly remove anything that's not absolutely required.

    --

  • I have been using the iCab browser, almost exclusively, for the past nine months. It has a built-in cookie editing feature. This isnÕt exactly what you described, blocking all third-party cookies, but it works very well for me.

    I have the general setting as ÒNever acceptÓ cookies, then there is the option to have exceptions to this. So I never accept cookies, except I Òalways acceptÓ them from Òslashdot.orgÓ and a couple other sites. Doubleclick.com is not among them. So any cookies not hosted by the site I am visiting will not be accepted.

    iCab also has a terrific user-configureable image-filtering feature. With this feature you can filter out any image with a path, filename, or URL name that ÒisÓ or ÒcontainsÓ /ad, /advert, /doubleclick, /banner . . . you get the idea. It replaces these images with a small icon of a melita coffee filter. Cute, eh? I have found this feature to be very successful in blocking ads while rarely blocking an image that is part of the content of a page. This has the added benefit of speeding up page-rendering.

    Unfortunately, iCab is a Mac-only program. If you are running Windows I recommend the Opera web-browser. It doesnÕt have these options built-in, but it may in the future. I donÕt know about Linux.

    Check the resources page of EPICÕs web page. There are some freeware tools that you can add to IE or Netscape to help you manage cookies and ads. I havenÕt had to use them, so I canÕt vouch for their effectiveness, but EPIC wonÕt steer you wrong.
  • Your information is already tracked by companies like Experian. Who in turn sell your name and profile for a mailing list(snail mail). They profile your name base off your income,age,sex,religion,buying habits ...etc. I understand why people are getting upset about the web bugs there is no way for you to get off the list. At least Experian and other list brokers you could call them up to get your name off thier list. There is no way you can do this with the other companies.
  • Is this like suing clothing stores and grocery stores for having cameras that look at me and track were i go? it is on their property of course though..
  • You are correct. Sometimes they also use cookies but all that really matters is the uni-pixel image. I got confused between this and something else I'm working on involving cookies.

    kc.
  • by mce ( 509 )
    Well, sometimes you can block them. For instance, there's a forum that I post to every so often that has a webbug on its entry form. So I saved the thing as HTML, edited it to my taste, and nowadays always post via that local page. Problem solved. Well, in that particular case, at least...

    --

  • There is WAY too much information on the web about me already, I'm quite sure. Everything you do, you have to 'register' for. It kills me.

    While I understand some sites have to do this (obviously if you're going to buy something online they need to know where to ship it, duh) the New York Times does not need to know where I live! And while I sometimes do fill in incorrect information, sometime I don't. I'd say its pretty easy to create an accurate profile of me online. I installed IDcide here at work, and its interesting to see just how many sites may use tracking networks.

    "God dosen't play dice."
    "Einstein, stop telling God what to do!"
  • by Anonymous Coward
    The plain truth is, the majority of modern web users wouldn't know a cookie if they saw it. So effectively, users are being tracked without permission.

    This is just plain wrong.

    If I go to Safeway and fill in a form for a club membership discount card, I am specifically giving my consent for them to track my purchase habits. But they're paying me to do it and I have specifically opted in. With both Netscape and IE, cookies are on by default, and not even notified! That is not opting in.

    There are grounds for a lawsuit.

  • Actually, your point would be better made to say that you can "easily" opt out not from a weird URL you give, but with a single click on a page that is prominently linked from their main page. It takes a lot for a company to do that, and whatever else they may be doing, I respect their being upfront about opting out.

    Read the cons, though. Fact is, I didn't opt out myself. You'll see advertising either way, wouldn't you like it NOT to be 24/7 over stuff that has nothing to do with your surfing preferences?
    go to www.doubleclick.com to see what I mean.

  • Why on earth was this modded down as flamebait?
    Advocating physical harm to spammers? Nah, happens constantly on /.
    Advocating physical harm to lawyers? No, same reason.
    It must be the suggestion to replace members of the public with blow-up dolls. OK, let's amend that:
    All members of the public will first be replaced by inflatable replicas, except for those too intelligent and valuable to be simulated by air and latex, such as Slashdot moderators. They will have the privilege and glory of being there in the flesh. Satisfied?
  • by Greg Currie ( 257538 ) on Thursday November 23, 2000 @10:01AM (#604854)
    Hi there, This is my first time on here, so please forgive any errors in posting. A friend referred me here to tell my story about fighting the Royal Bank over breech of privacy to telemarketers. If the text doesn't append properly to this message, write to me at pwake@golden.net and I'll put the entire text file on a server for anyone who wants it. If anyone has advice, feel free to email me as well... Regards, Greg Currie pwake@golden.net Hey guys, Thought you might get a chuckle out of this one... I've dealt with the Royal Bank for around 15 years now as a client and have had enough of their cutting back services and abusing their clients. Last year they closed down my branch and relocated my account to the downtown location here in London. So, now I have to drive further to deal with the Royal Bank and when I get there I have to PAY to park... Yes, I have to PAY to deal with my bank. When I get there, if I require a teller I usually end up in line for 30 to 40 minutes as they have three tellers active on average. Customer oriented? I don't think so... When I started my business account this year I was originally going to go with St. Willy's here in town for their wonderful customer-oriented philosophy. However, since I already had my personal account at the Royal Bank I decided to start my business account there. While starting my business account I also ordered company cheques through the bank. Sitting in my chair while we arranged all of this, I can remember a large proudly displayed and framed privacy and confidentiality policy regarding customer information. A few days after setting up my account I get a message on our business line from some unfamiliar company requesting that I call them back. When I finally get a hold of this company, I find out that they are a 3rd party to the Royal Bank who prints their business cheques and literature. First came the thin excuse for their call that they wished to confirm my information. Ok... I had already verified the information with the account manager at the bank and signed off that the information was correct, so why was I being called again? Fine. Then they go on to telemarket me their other products and services. "No... I saw your other services listed when I was at the Royal Bank and I chose only what I require..." Why these people were wasting my production time for unsolicited telemarketing because I had started a business account with the Royal Bank was beyond me... It just so happened that both the Royal Bank and St. Willy's were both presenting to a group of new business owners (including myself) at the London Community Small Business Centre a little later on. Before the entire group I sincerely brought up my concerns about the Royal Bank closing their branches, lacking parking for customers at their main location downtown, and allowing 3rd parties to telemarket me by providing my personal information to them. She stammered a bit and then stated that "that's just the way it is..." I was floored, she was telling me, her client, that the Royal Bank did not care about their clients' needs for service or desire for security over their personal information... After a pause, another new business owner stated that she felt the concerns were valid and deserved a better response. After the meeting, I approached the Royal Bank representative to press the matter and she promised to look into it if I called her with more information. After a lengthy period of time passed, she called me back apologizing for the delay and said that she had escalated the concern through their company's protocol for such matters. She assured me that the 3rd party was bound by a confidentiality agreement not to pass on my information and further and that they were likely just offering valuable services to myself. I informed her that that was not the point, that the Royal had given my personal information to this third party and that I had been telemarketed because of that. She agreed that it was not a very good answer from the Royal, but that it was all that they were going to do. My unfounded suspicion is that they must make money dealing with the company and don't want to lose the revenue. While closing the conversation with her, I informed her that I bill out at $250/hr for my time as a web designer and that I would, in the future, bill for my wasted time if I received unsolicited telemarketing because of the Royal Bank. This morning I received a phone call around 10:30am from a telemarketer representing the Royal Bank. I asked, "Does this have anything to do directly with my account?" "No." "Are you a telemarketing company?" "Yes." "What is your company name?" "Box Data" I then got the individual's name, the company phone number, and the fact that they were trying to sell my telephone and internet banking services (a service that I already have). Needless to say I was not very happy at wasting my time on this telemarketer. I called my Royal Bank account manager and presented my unhappiness at being telemarketed by a 3rd party company a second time due to their company. I also reminded her of my hourly billing rate and that I would be charging for my time by the whole hour. She promptly asked for my account number and had me removed from the company's telemarketing list. That very evening... In the middle of dinner... I get a phone call from a telemarketing company representing the Royal Bank wanting to sell me even more features. Again: "What is your company name?" "Box Data" I confirmed their contact information and the agent's name and informed him that I would be billing my hourly rate of $250 if he wished to continue. He decided to continue and try to sell me the services. I patiently listened, declined his offer, thanked him, and hung up. I then brought up my invoicing screen and made out two invoices for $250 and GST for each of the calls using my account manager's name as a purchase order number and dropped them into the mail. I wonder if the Royal Bank will just pay them? I doubt... I've seen how much they value profits over customer service... But I put a 30 days notice on the invoices and will send a second letter if the invoices are not paid. If my second letter does not result in payment then I will either forward the delinquent account to a collection agency or take the Royal Bank to small claims court. Both parties were informed of my billing rate and policy, and I consider that a legally binding verbal contract that I am willing to pursue in court. So, if I get paid I'll take my spouse out for a nice dinner compliments of the Royal Bank. If I don't get paid even after going to court, then I will at least have stood up for my personal right to privacy against a large profit-driven corporation. Regards, Greg.
  • by jesterzog ( 189797 ) on Thursday November 23, 2000 @10:01AM (#604855) Journal

    If the user has their browser set to accept cookies, and cookies get placed on their system, what is the problem with that? Seems like a case of people's ignorance, and instead of acknowledging that, they decide to sue someone instead.

    Well personally I see it as a violation of trust. Cookies have other uses than just tracking just like there's more reasons to leave your door unlocked than to let strangers walk into your home.

    For example, does the knowledge that I choose to read my email give anyone the right to send me lots of bulk, unsolicited email every day? Some people might argue yes, because I have the option of using filtering software or simply not reading it. I would argue no.

    Can people steal my car because I left it unlocked? Can they place a hidden camera in my house because I left the window open?

    If the answer is no, why should they have the right to put unsolicited cookies on my system because my browser is set up to allow it for other reasons? It goes beyond reasonable expectations of what the customer/victim is likely to want.

    Reasonable expectations might be allowing someone to come onto your property so they can knock on your door. If they came onto your property to dump their garbage or knock your house over (even if you didn't have a security system to stop them), it would be far beyond reasonable expectations.


    ===
  • Not that it matters for this case, but has anyone actually been able to make money because they can track users bettter?

    I worked for a dot-com (briefly), and though we tracked everyone's viewing and clicking history, we were at a loss to do anything useful with the info.

    Rates for banner ads kept dropping month by month, as advertisers learned how inneffective they were!

    I doubt that this info is actually useful.

    BTW: If you use Windows, Norton's "Internet Security" does a great job of blocking cookies and banner ads! It's transparent, so once you install it, you hardly know its there. Each time you visit a site that tries to cookie you, you can choose "Always allow for this site" or "Always Deny" (and also block ref-by!).

  • Many browsers offer an option like "accept only cookies that are only sent back to the originating server". The average user thinks of the content on a page or site as coming from a single server, so selecting the above option is their way of saying, "cnn.com can remember me, and unpopularviewpoint.com can remember me, but I'm not going to let the first know that I visit the second".

    However, cookies from BigBrotherMarketing.com which are associated with ads placed on both sites, and fetched via URLs identifying the page they came from, can track a user across multiple seemingly unrealted sites. A reasonable person might say these opperate "without consent or authorization", since the user selected an option designed to prevent this kind of tracking.

  • Uh, that was kinda' sorta' SHAKESPEARE.
    Jesus Christ, now they're taking credit for our geniuses too. Next you know, they'll say, "yeah, well who CREATED Einstein? Huh? HUH?? I thought so!"

    Hey, no offense eh? =))

  • Netscape: erase all data from the cookies.txt and make it read-only.

    This way netscape WILL accept coocies, but next time you run Netscape they're all gone :)
  • one for the family, the other for, uhh, other things... Use a seprate box for this. Ya never know what is kept as a cookie, registry entry (WIN BOX), or registration identification.
  • It doesn't even have to be a 1x1 pixel image - it can be any image that is loaded off a remote server that will be monitoring it.

    The 1x1 pixel images are just when they want to be sneaky...
  • You are weird :))
  • Nice picture of you, you weirdo!
    Long live Linux !!

    Cheers,
  • Make your money the old fashioned way! Sue for it.

    everyone is out for the fast buck these days...

    xxxxxxxxxxxxx
    whine, whine, whine, I'm slighted by the fact that

    did the horrible action of

    against me. I fear for my privacy from the mean ol' internet monster, and that fear has left emotionaly scarred. I want 1.7 million for my trouble and, of course, therepy that i'll never go to.
    xxxxxxxxxxxxxxx

    bah... what a waste. I think I'll go sue the state I live in because trafic lights keep me from getting home in time to catch my favorite tv shows, and then I'll sue McBurgerslingers because they screwed up my order.

    Lifes rough, get a f*cking helmet.

    -
  • by Voline ( 207517 )
    Sorry, I forgot, Electronic Privacy Information Center
    http://epic.org/
  • Netscape gives you the options to: (1) Accept all cookies, (2) Accept only cookies that get sent back to their originating server, (3) Disable all cookies. In addition, you can select: Warn me before accepting any cookies. There is no distinction between temporary (session specific) and stored (persistent) cookies.

    Disabling all cookies breaks many websites, while choosing Warn mode causes continual interruptions to accept/reject dozens of cookies, so most people just give up and accept all or most cookies. If you visit subscription websites, you must either enable cookies or type username/password pairs every time you want to access each site.

    I want my browser to:

    (A) Allow me to enable non-persistent cookies.

    (B) Let me decide which sites to accept stored cookies from, and which cookies to keep.

    (C) Remember my choices for accepted/rejected sources and destinations of cookies.

    (D) Use pattern matching to "learn" about sites from which I want to reject all cookies categorically.

    (E) Enable me to specify a blacklist of names from which cookies are automatically rejected if the name appears anywhere in the cookie-id.

    I'd also like to be able to cull my cookies - deleting them and moving their cookie-ids and source/target URLs to point to /dev/null or 127.0.0.1. One can sort of take this last step now by entering the offending URLs in the Hosts file, but it's somewhat a pain to do it by hand.

  • Yes... and it annoyed me when /. started sending me cookies all the time, instead of only on login. I have Navigator set to ask me whether to accept a cookie, but it's too stupid to ever figure out "Hey, he doesn't want cookies from this site at all!" so its pesters and pesters and you have to be damn patient for manual cookie filtering to be effective with Navigator. That was something nice about kfm, it had practical cookie control.

    So, while I had been about to argue/agree that the "setting cookies without consent" argument is legally shaky, perhaps it could be effectively counterargued that between the number of sites that demand cookies before cooperating and the difficulty of selective cookie acceptance with some major browsers (assuming Netscape is still major :p or that M$ hasn't set up some law so that only MSIE is a Major(tm) Browser), that it's an impractical option; particularly, that mistakes are too easily made, and you only have to accept one cookie by accident to let the ad tracing in the door.

  • Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives...
    It's tempting to rejoice at these marketing bastards getting their comeuppance, but on balance I hope this suit fizzles. Here's the transaction they're really talking about:
    1. Plaintiff requests an image from Defendant.
    2. Defendant transmits the image, including in his response a 'Cookie' header, which is a valid header in HTTP, the language which Plaintiff and Defendant are speaking.
    3. Plaintiff records this 'Cookie'.
    4. Time goes by.
    5. Plaintif requests a different image from Defendant. This time, Plaintiff includes the 'Cookie' header previously furnished by Defendant.
    6. Defendant deduces that both requests came from the same "person".
    I realize that most of this transaction was transparently performed by the plaintiff's web browser. But that's not the defendant's fault.
    I would really like the courts/legislature to validate the following principle:
    If you send a request to party X via a well known Internet protocol, and party X sends you a response conforming to that protocol, you can't sue or prosecute party X for so responding.
  • by sulli ( 195030 ) on Thursday November 23, 2000 @09:04AM (#604871) Journal
    Too bad the law firms involved (notably Milberg, Weiss, Bershad, Hynes & Lerach) are well known sharks, uninterested in anything but their own bottom lines. These are the guys who mount investor class actions whenever stocks go down, and the ones who sponsored California's Prop. 211 a few years ago.

    If an ethical plaintiff were involved, I'd give this story more credence.

  • Fed up with cookies, but can't disable them because some sites require them? Easy:

    chmod 400 ~/.netscape/cookies

    I accept all cookies, but every time (though rarely) when I exit netscape it trashes them. If I want to keep a cookie, then I set the file writable, let netscape write it, emacs the non-wanted cookies away and re-chmod it.

    Does Mozilla include a cookie editor? It would be great to be able to "accept" all cookies but throw them away after a while, unless you specifically ask to keep them (without doing that chmod hack).
  • It should be a case of the lesser of two evils being preferable, but I really can't make up my mind which is which.

    Here's my suggestion: let the court cases go ahead, and when the advertising company representatives are in court along with all the lawyers, blow the building up. (All members of the public would obviously have been replaced with inflatable replicas before this event...) That way everyone wins.
  • Are you kidding? Of course they're tracking us! Major League Baseball has satellites in the sky watching our every move, I tell you...collecting their insidious marketing information.

    --Garthnak

  • Internet Explorer:

    View, Internet Options, Advanced, Disable all cookie use.

    Netscape:

    Edit, Preferences, Advanced, Disable cookies.

    Lynx, KFM, Mozilla - you don't need to be told how.

  • This is precisely what advertising companies do. They are paid to determine the habits of their viewers, which is valuable information. It is completely transparent to you, you see nothing, you pay nothing, and all the while you get the content or other service you were seeking on-line for free.

    I don't believe the net could survive without advertising. The tracking of customer habits is just anoter facet of it. There are plenty of other things to worry about right now, like free speech rights on the net. Let's leave advertisers alone for once, because in the great big world of the Web, you could say that they're the least of our concerns.
  • From the article: Plaintiffs allege that (the defendant) has covertly, without consent or authorization, planted 'cookies' upon Internet users' computer hard disk drives ...

    I'm sorry, but you implicitly give permission to do this when you configure your browser settings. Trouble is, life gets hard when you disable all cookies.. you can't even log in to slashdot.

  • Wish I'd thought of that... */me clicks furiously on every add banner in sight.*
  • The net existed for many years without a single Advertisment, indeed the web existed for a short while without it to.

    Besides, getting rid of cookies won't stop advertisers, just make them rely more on "Other" methods.....

    Tadghe
  • > with doubleclick.net, you can easily OPT_OUT of their tracking stuff

    I trust DoubleCross to respect my privacy even less than I trust Carnivore. At least the feebs don't get paid based on the number of citizens whose privacy they invade.

    I didn't opt out, by the way - why the fuck should I opt out of something I never opted into?

    And as for the argument that "you'll see advertising anyway, wouldn't you prefer it to be relevant to you rather than random?", please stop repeating the classic false-dichotomy tactic used by marketers.

    If I'm not gonna click on their banners anyways - because (I know this is hard for the marketing mind to grasp) I read for the content, not the ads. So whether the ads are about goat sex or optimizing compilers, they're irrelevant either way.

    At least by firewalling Doubleclick (at the router, with the Junkbuster proxy, or with the HOSTS file in Windoze, and maybe all three :-), the ads remain irrelevant, and they can't make money by selling my surfing habits against my will.

    Nothing personal with respect to DoubleCross, you understand. The same goes for 24/7 Media, Exactis, and all the rest of the DMA shitweasels.

    /me goes away, muttering something about AT&T telemarketers and wire brushes...

  • > They're not trying to track you so they can shop you to the FBI for visiting porn sites, they're just making things better for you - partly because products are cheaper as it means decisions can be made more accurately, and partly because it means you get what you want.

    1) I decide what's "better for me". Not Doublefuck. When a marketer says it wants to "do you a favor", treat it like a government employee - grab your wallet and run like hell.

    2) What prevents the Feds from issuing a subpoena to Doubleclick and (That other bunch of shitweasels they merged with in order to assign real-life identities to their cookie database, that got them in such trouble with the FTC), in much the same way they would with an ISP of a suspect?

  • I don't believe that these so-called "web bugs" are cookies though. From what I have read on the page they are implemented simply by having the html read by your mail reader. Or that is what I got from the article anyways.

  • > Not that it matters for this case, but has anyone actually been able to make money because they can track users bettter?

    An advertiser is a guy who cons you into thinking that he can con your customer.

    So yeah, Doublefuck and its ilk have made money selling the line about user-profiling, but the jury's still out as to whether Doublefuck's customers can make money with it.

    Judging from what's happening to DCLK and TFSM and similar stocks, the market's got an opinion. IMHO it'll be amazing if these companies are still operational when the lawsuits are over with.

  • Can we charge them for the USE of our computer? Say, $10/day/bit?

    Send them a bill?

  • We always hear about how all anti-cookie lawsuits mention the fact that users are not able to go against cookies. And of course, its obvious how easy it is to disable cookies.

    Microsoft recently tried to show the public a new version of Internet Explorer which implemented "new" functions to let users easily determine which cookies they want and which they don't want as if none existed before. This only compounds the problem by giving the impression that we have no security at all unless we get the newest software.

    In light of all of this, why does the media not report the other side? They are all caught up in the mode of earning money- scaring the public, getting ratings by users who want to know what is happening, keep them focused on updates to see if their privacy will be protected after all. After all, wtf is up with all this "constitutional crisis" crap? People talk about how the electoral system is messed up, and we need to get rid of it to save the world. I'm relieved to see that Time Magazine is willing to point out that "what would happen in a popular vote system where the margin is as narrow as the Gore-Bush margin...demands for recounts, not in two or three states but in 50". Even Hilary Clinton says she would support such a measure in Congress. Nobody is willing to truly speak for the electoral system and cite parallels when baseball series such as the one in 1997 ended up with one team scoring more runs and still losing overall, or even mention that things like this have happened before.

    Back on the issue of online privacy, the media fails to mention the fact that most websites at least give a privacy policy- people are too lazy to read the legal information thrown in their face and then complain about how they never knew this or that. If the website never mentioned such a policy, it's the fault of the website, not the ad company which told the website to follow certain guidelines. If anybody is wondering what "web bugs" are, they are only another cause of massive violations of privacy. (see the link/reference to them on the original article mentioned [cnet.com]). They are simply the one pixel gifs that many people use in invisible counters and such. Cookies are often only used in them to ensure that a person is not counted twice, not to monitor tracking- yet cnet portrays them to maliciously violate our privacy all the time.

    These "web bugs" are described early on with the following excerpt from that article:
    Savvy Web surfers know they are being tracked when they see a banner ad. But people can't see Web bugs, and anti-cookie filters won't catch them. So the Web bugs wind up tracking surfers in areas online where banner ads are not present or on sites where people may not expect to be trailed.

    Firstly, it is a sad thing when people assume that a banner ad = cookie when websites like Yahoo sell their own ads and place cookies even without banner ads. Secondly, it is even worse when the article seems to assume that anti-cookie filters look just for banner ads. The best filter is the options menu of course, and it is impossible to miss a cookie with that. And finally, the last part of the excerpt mentions that people expect to be trailed when there are banner ads around, when the article along with other cnet articles say that most people do not even know they are being tracked in the first place. The true savvy users like us know that cookies are everywhere, and are not synonymic with one another.

    Do not blame the masses for making ridiculous lawsuits, but the law firms who go for money, not ethics, and the media for making stories sound good while only distorting the truth. And on a final note, it is interesting to see how 60 minutes aired a story on Echelon (sorry if I got the show wrong, but the segment was shown on a major network), the most powerful version of Big Brother that I can think of, and most people just shrug and accept it. Why can't people sue the government after all?

    -------------------------------------------------- --
    Faies
    "[This ISP] is completely secure if you are using a standard operating system like Windows 98"

  • I'm wondering how long it will be before someone receives a lawsuit for keeping web access logs from their site; especially publicly-accessible ones that show which IPs have visited the most / most recently.

    Even though the case in question here might be "good" one from our point of view -- which generally seems to be that advertisers and spam are bad (unless you're the one getting paid for it ;) -- I worry that the more this snowballs, the sooner it will affect the security of our systems because we're not allowed to keep logs of who's been connecting to them.

    Dave
  • by jpm242 ( 202316 ) on Thursday November 23, 2000 @08:17AM (#604902) Homepage
    Technically, couldn't tracking be considered the same as cracking?

    Why is it illegal for Joe Cracker to hack himself into a corp's website/intranet in order to get sensitive information while it's perfectly legal for that same corp to track the user's sensitive information?

    I think that license agreement do too much for the big boys and not enough for the users. Wouldn't it be possible for a user to specify his own "license agreement", and then the sites could refuse/accept him as a viewer of that content? If such a mechanism could be put in place, the sites wouldn't have any choice but to agree with the most users, and if they fail to respect the surfers' "licence agreements", they would be liable, just as ordinary surfers are when they break a site's license agreement.

    Just my 2 cents.

    J:P
  • by SCHecklerX ( 229973 ) <greg@gksnetworks.com> on Thursday November 23, 2000 @08:18AM (#604903) Homepage
    Why is it you think the net could not survive without advertising? Maybe without it, sites would actually focus on content once again.

    Everything was going along just fine until 1994-1995 when everything became commercialized.

    Online transactions are about the only big difference nowadays...and, well, if you are selling things via the web, you really don't need advertising on your web page, now do you?

  • by Anonymous Coward
    Yeah, that's easy, 'cept it won't work. You'll have a helluva time surfing many sites without allowing non-persistent (not saved to disk) cookies. Many sites use them to figure out what page you came from, what options you've chosen (for this session), what ads they've thrown at you, etc.

    The real solution is for browsers to not save any cookies to disk without your express approval. IE allows you to disable stored cookies, and allow per-session cookies (internet options->security->custom, halfway down). Oh, but it's IE, so it must be bad. Ahem.

    Your solution is just silly.

  • I recently had to implement code for DoubleClick tracking at my companies web-site and they really don't track all that much to tell the truth. What they will tell you is 1. How many unique users a page has 2. If a user was refreshing the page 3. click-through for pages you specify Yes they do it all with cookies and a javascript implemented random number generator to defeat browser cacheing. When I had to deal with the tech at DoubleClick for some QA he actually told me I had coded a page wrong so it was registering 2 hits for the homepage rather than a hit for each page. In truth I hadn't put any code at all in the second page just to see what they would say. Quite an incompetent bunch of people over there if you ask me.
  • I have customers that change e-mail names approx once a year. What a pain in the arse, but trying to get yourself "removed" from a mailing list is a joke.

    One of those customers apparently is being "followed". Every change he still ends up on the list. Perhaps he should sue?

    Aren't there enough "stalkers" in the world without PAYING people to stalk me? As I read the Florida anti-stalker statute (which as we all know, FL law is "subjective") I should be able to press criminal charges against advertisers that "track" me. Check out the statue here [nvc.org] and tell me what you think!

  • One of my closest colleagues is a high-ranking official from Doubleclick and we've discussed this situation to no end. It is a finer line than most media outlets report, most seeming to want to indulge in David vs. Goliath tales of evil advertising empires tracking innocent individuals. But the issue runs far deeper. Tracking a user's likes and dislikes is nothing new - online or off. The trouble is now we have to announce what we are doing, even if it damages our businesses and really comes at no actual cost to the individual. Unfortunately, most of this sentiment is fueled by the same anti-corporate notions that lingers in the mind of all, say, programmers or coders who don't want to be mainstream, don't want to lose their individuality, but can't wait to throw together some software package, grab a public shell and set sail down their own corporate stream. The issue here is less on privacy or invasion and more on theoretical control - we can't stand, in our personal lives or public ones - to be known. Mystery is fun for sure. But to sue every company that is aware you like pink cardigan sweaters who tells the pink cardigan sweater factory that information - that just makes us all a bunch of over-lawyering dodos.

    1. P 2 P___H U M O R [mikegallay.com]

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...