DoubleClick Settles Privacy Investigation 99
guttentag writes "DoubleClick ended the 30-month probe into its business practices with an agreement to pay $450,000 for the investigative costs of the states and 'consumer education.' It also agreed to allow a third-party to audit it for compliance with its privacy policy for four years and give individuals access to their profiles. However, it will continue to use to track users with cookies. The Washington Post also has an article, but it is conspicuously missing the standard disclosure statement that informs readers of The Post's business relationship with DoubleClick." Well, let me be sure to point out then that Slashdot also serves Doubleclick ads. If you recall, this all started when Doubleclick merged with a database company and announced plans to merge its online and offline databases.
Profiles (Score:2, Insightful)
Re:Profiles (Score:1)
And after all that, it'll still be wrong
Doubleclick makes me happy ... (Score:4, Funny)
got of cheap (Score:1)
Thats small compared to what they made.. and they will "continue to track users with cookies"
Says what... if audit takes 4 years they can do what they do for 4 years.
Their privacy policy is a big joke... but who cares anyways. Whats about cost to "users".
Re:got of cheap (Score:1)
Profile Access (Score:1)
Where will we have access to our profiles? What will it be looked up by? Our cookie? Our email address? I will be interested to see just what information is linked to me personally.
I don't think we will be able to see everything. Only time will tell.
Chris
www.talkingtoad.com
Re:Profile Access (Score:1)
Bank of America (Score:5, Interesting)
1) Doubleclick is paying them an assload of money to do it.
2) BOA is receiving browsing profiles for their banking customers.
Those are the only possible benefits I can see from this whole thing. Any comments?
Re:Bank of America (Score:2)
Re:Bank of America (Score:2)
I'm not a BOA customer, but presumably there's an online privacy statement or a terms of use somewhere. It should state what information is collected and how they use it.
Have you read it?
If it doesn't say anything, just phone them up and ask them.
cookie blocking (Score:2)
So until they find a better way to do it, I don't think they are going to get me.
As for all this stuff they are doing. Allowing users to view profiles. Paying for "education" etc. It's all just the usual. They do a few things to make themselves not look like a horrible evil. Whoever is pestering them has to lay off for a bit, and they continue business as usual.
Does anyone know if doubleclick is currently profitable? I mean considering how banner ads don't work, how can a company that relies on them still exist?
Re:cookie blocking (Score:1)
Seriously. Web site owners can track your viewing habits by checking their log files. Your friggin IP is logged in it. If I collaborate with website XYZ we can both check what you are doing.
So um? get real!
Ips don't work as well as cookies (Score:2)
On the other hand, cookie based systems work well, and are linked to user accounts on specific computers.
Opting out is done by setting the double click cookie to zero or something, and it seems to work pretty well.
I remember opting out and starting to see ads for feminine hygiene stuff. Maybe it was really a kind of punishment
Re:cookie blocking (Score:2)
So um? get educated!
Re:cookie blocking (Score:1)
There is a correlation between IP and time. E.G YOU!
If at 10:46 you goto a site with IP X then at 10:48 you goto a site with IP X then if we are collaborating we could put it together that you're the same person.
Perhaps less effective on the whole but generally not impossible or infeasible at all.
So um, get creative!
Re:cookie blocking (Score:2)
Bottom line, tracking by IP address doesn't work. Too many users work through proxies or beind NAT routers and then DHCP and dial-up further complicate things.
Getting "creative" with data is a way to fool a customer. Real results require solid methods.
So um, quit being stubborn!
Re:cookie blocking (Score:1)
And as you say "lots of users behind proxies" that's true. However, most people I know don't have everyone in their house go on the net simultaneously. So it stands to reason the IP's are due to one user.
Even still there are other things like referrer tags...etc...
Tom
Re:IP address? (Score:1)
Second, I was just pointing out that there is more information lying around then you guys care to admit. I mean in cryptanalysis the attacker doesn't stop because there is a little noise.
Simillarly if I want to data mine to the last drop I won't stop because I get a little noise.
Also about the "changing" IPs is this how you browse the web?
1. dial up [wait the 30 seconds]
2. do one HTTP request
3. disconnect, goto 1
???
Tom
Re:cookie blocking (Score:2)
Same here. And with galeon after doing what I need I open up the cookie dialog, select the cookie I just accepted and hit "remove and block"....just in case
And don't forget the option "limit maximum lifetime of cookies to this session" in Mozilla... (hmm I wonder when galeon will add it as well...)
Re:cookie blocking (Score:1)
Cookies (Score:1, Funny)
You mean they dare to track who goes to their site? Thats an outrageous intrusion into my privacy! Imagine what would happen in high-street stores kept details of who bought what! What about governmental agencies? We must fight this threat to our freedom before its too late!
Re:Cookies (Score:1)
That's the problem. And I still haven't seen how we're getting access to our profiles.
Re:Cookies (Score:1)
Ironic.. (Score:5, Interesting)
Yeah, I know. I find it really amusing when the topic is the typical MS bashing post and there is a huge ad for Visual Studio.net
Oh yeah... (Score:3, Funny)
Sometimes, life's just too good.
Time to have some fun (Score:2)
That aught to cause a few people to pause.
Or just change your address to match double click's...
Remember- the data is only as good as you give it.
Re:Time to have some fun (Score:2)
They can't track me! (Score:3, Informative)
The bit I don't get is... (Score:1)
Loads of people use my PC, my family when the come round to visit, my friends etc. And they all surf the web taking advantage of my broadband connection
Their profile of "me" must be a right mess. I think they're taking advertisers for a ride when they say they can target people who visit "this" sort of web page, when there is no guarantee that the person using the computer at a given time is the same person that visited "that" web page.
I'm sure there's more to it that i'm missing (like linking up with email addresses on forms etc), but i'm still not sure I really understand what / how they're profiling.
PHB.
Well.. (Score:2)
Under windows (as well as most unix installs) A persons cookies will be linked to their user accounts, not the PC itself.
And yes, most families really do have seperate user accounts set up.
Re:Breast enlargement ads (Score:1)
Hmmm... doubleclick is reading in that a user likes websites about uses for gerbils that certainly aren't sanctioned by my local petstore. Of course, the user was just looking for pet food supplies and found that gerbillove.com isn't actually to do with standard affection for your fine furry friends. That won't stop google though, so now you can enjoy the pleasure of having your email address added to lists such as "gerbilfetish" and "rodentlust" etc etc
And you wonder how they got your email address...
One Word (Score:3, Informative)
D.
Re:One Word (Score:3, Informative)
Yeah but there are always web bugs [nandotimes.com]. You'd better get yourself a hosts blocking list [smartin-designs.com].
Personally, I swear by /etc/hosts or /winnt/system32/drivers/etc/hosts, wherever the circumstances apply.
Re:One Word (Score:1)
Cheers.
Re:One Word (Score:1)
Re:One Word (Score:2)
Of course you can. (Was the checkbox added back to the GUI in 1.1? I haven't got it yet.)
But sometimes I use opera or even IE for stubborn sites and then my image blocking does not carry over.
Profile access might be a scam (Score:2, Insightful)
Double click as Big Brother (Score:2)
Disinformation (Score:3, Interesting)
How does one wirte such a jammer-program?
Re:Disinformation (Score:2)
The two problem with this is that you have to explicitly decide which cookies you want to share, as I'm sure not everyone wants to share their cookie saved slashdot login. And you'd have a problem with the possibility of your bank account being linked to a randomly generated browsing profile, or something similar. Neither of these problems are insurmountable, but they need to be addressed.
double click ads blocked (Score:2)
Well, let me be sure to point out then that Doubleclick ads are blocked here. So when my Slashdot page comes up, regardless of whether the Elite Monkeys generate it, or the Random Elephants generate it, or the Barrel of Psycho Mummies generate it, if it has images that refer to any server in the doubleclick domain (and a few others), they come up blank (a 1x1 transparent GIF is substituted). If Slashdot wants to be sure to maximize revenues, it should either be sure it charges for providing the tag, even if the image is never loaded, or make sure a different advertising source is used (which may be hard if the advertiser wants to use doubleclick ... but then, those are going to be advertisers that are not going to generate as much revenue for this very reason). As I edit this comment, I'm seeing a banner ad for OSDN's PriceCompare. I may check it out later when I'm bored.
But, but--authorities say "Cookies are harmless" (Score:3, Interesting)
For example, Infoworld columnist Fred Langa says here [browsertune.com] that "To me, cookies seem pretty harmless. Despite commonly-voiced concerns among the anti-cookie faction, cookies (or the JavaScripts that create them) won't let website owners surreptitiously figure out who you are, for example... My advice: leave cookies turned on; the real benefits far outweigh the very small risks."
Indeed, a Google search on "cookies cannot be used to identify individuals" turns up 21000 hits--mostly in Web site's privacy statements.
DoubleClick's motto: when it comes to invading privacy, we do the "impossible" every day.
I think Slashdot should rethink its connection with DoubleClick.
Re:But, but--authorities say "Cookies are harmless (Score:2)
Once x% of the Slashdot community subscribes, I'm sure Slashdot will do away with ads altogether.
However, until that point in time, we can go fuck ourselves -- we'll take what we're given, and we'll like it.
Personally, though, I haven't seen an ad on Slashdot for quite some time indeed. Oops [guidescope.com].
Avoid it all together (Score:1)
# hosts
0.0.0.0 doubleclick.com
0.0.0.0 doubleclick.net
etc., etc. for any adservers that you don't like the look of.
Proposed Cookie 'Extension'... (Score:3, Interesting)
** Session Tracking
** Shopping (Carts etc.)
** Advertisers and Profilers (such as Doubleclick)
And possibly a variety of others.
Once such a system was in place, a user should be able to select whether to Accept, Reject or be Prompted for cookies of each type.
The only problem would be getting the adertisers to use their 'designated' cookie type...
Re:Proposed Cookie 'Extension'... (Score:2)
Another option would be to have everything that jumps between domains (possibly for domains that are configured, or domains not configured to be exempted) have the HTTP "Referer" header suppressed, or forged. That would create the brick wall boundary between domains where information cannot as easily pass between, through your server. Cookies cannot be retrieved across domains, but by associating the cookie you get from the image with the domain in the "Referer" they can still track what domain you are surfing.
BTW, I do have cookies on, but each new instance of my browser creates a whole new context to run in (which it thinks is my home directory), which means an empty set of cookie each time. So I just make sure I start a new instance each time I go to another site.
Nuke ads and cookies. (Score:1)
How is DoubleClick going to cause any problems if their ads don't load and their cookies don't take?
Where's the money, honey? (Score:1)
Does this mean that people that rely on advertising dollars are now Double Screwed?
First, Double Click has to generate revenue to pay for this settlement, so I'm sure they're going to take that money from their publishers
Second, now that they can't resell demographics, does this mean they will have an even further revenue shortage?
My question is this: They already don't pay shit to their publishers, so I ask Double Click:
Where's they money gonna come from?
Doubleclick Privacy: 404 (Score:1)
http://www.doubleclick.com/us/corporate/privacy
Got a 404... imagine that.
Re:Doubleclick Privacy: 404 (Score:2)
Re:Doubleclick Privacy: 404 (Score:2)
Re:Doubleclick Privacy: 404 (Score:2)
I got a 1x1 pixel transparent GIF file. But that is because I directed all queries for anything in doubleclick.com (and some others) at my DNS server over to a special IP address on which my web server always delivers that 1x1 pixel transparent GIF file no matter what URI is requested. It even does it on HTTPS (self signed cert).
Here is my list:
Education? (Score:2)
Does that mean we're going to see 'truth' commericals about web privacy like we see about cigarettes?
Every day, thousands of browsers die due to an overdose of cookies. Friends don't let friends save cookies.
Ad-Aware deletes their cookies (Score:1)
I've found Ad-Aware to be a great tool for pulling out all kinds of spyware, including Double-Click's and other's cookies.
http://www.lavasoftusa.com/ [lavasoftusa.com] to download.Best way to handle doubleclick (Score:1)
# cat << EOF >> named.conf
> zone "doubleclick.net" {
> notify no;
> type master;
> file "/etc/bind/db.doubleclick";
> };
> EOF
Re:Best way to handle doubleclick (Score:2)
My setup is a little more sophisticated. It sets the address for *.doubleclick.com (and others) to a special web server configuration which always delivers a 1x1 transparent GIF no matter what URI is requested. Bam, no tracking, and a clean substitute for ads.
Dont care havent seen a DoubleClick AD in Months (Score:1)
Re:Dont care havent seen a DoubleClick AD in Month (Score:2)
My DNS server sends all queries for doubleclick.com and doubleclick.net (and some others) over an HTTP/HTTPS server that for any URI requested, always delivers a 1x1 transparent GIF. Bingo, no ads, and nothing tracked.
Protection from aliens and ADVERTISERS (Score:2, Funny)
It would be fair to doubleclick (Score:1)
Funny how the US Govt doesnt get fined for the same type of Carnivore related privacy violations.
That's it?! (Score:1)
DoubleClick obfuscator? (Score:1)
1) check for untrusted domains...e.g. doubleclick
2) check for images being loaded with some id being appended to the query string (e.g. embedded e-mail images that alert spammers when someone opens a mail.)
This plug-in would disect the number and generate a random number in a similar format and send that number in the cookie or the query string as the case may be.
This would ultimately render doubleclick's business model useless (well, assuming everyone would use such a plug-in). And as far as I see it, it's fair game since I *never* gave them (direct) permission to collect information on me in the first place.
Re:DoubleClick obfuscator? (Score:2)
I AM Doubleclick! (Score:1)
Doubleclick and the Post (Score:1)
How Persistent? (Score:1)
MSIE has done a briliant thing! (Score:1)
In MSIE6.0 you can block (and I believe it's default) secondary cookies, meaning cookies originating from secondary items like banner ads. This actually blocks doubliclick in the right way. Think about it!
Cookies are a good thing. And people are generally way too paranoid. "I have disabled cookies" is really a sad statement.