Greetings all,
Back on 12/19/99 I posted a rather verbose message to the Firewalls list
on how a number of search engines are taking the search criteria you are
entering and submitting it back to DoubleClick. Basically what you see
is just after submitting your parameters to a search engine, your
browser connects to ad.doubleclick.net in order to send something
similar to the following:
http://ad.doubleclick.net/adl/site_you_searched.com/result_front;kw=Tell+me+about+rashes;cat=stext;ord=119996981
Where the "kw" string is your list of search parameters (key words?) and
"ord" (based on research by Adrian Colley) is a hex conversion of your
cookie ID. In other words, your ID and what you've been looking for gets
sent back to DoubleClick.
Based on this article:
http://news.cnet.com/news/0-1005-200-1531929.html?tag=st.ne.1002.tgif
this info may eventually get correlated with the rest of your personal
info. Kind of a "personality profile" if you will, similar to the modern
day credit report. Do a search on "evil hacker sites" and this gets
associated with your profile. Of course the problem is that if your five
year old searches for "pictures of naked monkeys" they may associate
these key words with your ID as well.
This has organizational security implication as well. For example how
much would your competitors pay to know what info you are searching for?
IMHO given the number of sites involved in this "info sharing" the
practice has become a few steps shy of placing a sniffer outside your
firewall.
As mentioned in that original post, I've setup a "DoubleClick honeypot"
to ID the sites that are submitting this info back to DoubleClick. The
list I have so far is:
aj.com
ajkids.com
altavista.digital.com
anywho.com
av.com
babycenter.com
boston.com
buy.com
corptech.com
drcoop.com
greatdomains.com
hoovers.com
imdb.com
infoseek.com
foodtv.com
redhat.com
remarq.com
rocketlinks.com
rtq.net
yellowpages.com
The two that really bug me are RedHat (happens from their search page,
not the main page) as you would expect them to be more sensitive to
these kinds of issues and drcoop.com as the site is for searching
medical info (I now know *way* too much about what ails my users ;).
Note that these are *not* just ad partners, these sites forward your
search info back to DoubleClick.
Since this is all outbound TCP/80 traffic, it burns right though most
firewalls. If you try and block all HTTP to DoubleClick, many browsers
choke and kick an error back to the user. The only real effective means
of killing this traffic is to proxy through JunkBusters or a honeypot
similar to my setup (detailed in my 12/19 post).
Just curious if there is anyone out there that can add/delete from the
above list. I'm also wondering _why_ they do it. Do this sites receive
some form of financial return for submitting this info? Why don't they
state what they are doing in their privacy statement?
I'm also wondering if people feel an ORBS kind of setup is in order.
It's really starting to trouble me just how much information is getting
reported back to a single agency under the guise of "target
advertising". If the government was doing this people would be freaked.
Thoughts?
All input appreciated,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
