Below is even more on this latest 'wake-up call'. <sigh> Jai Jai This is it ... we've been saying all along that Internet advertisers could start capturing users' identities and merge their online tracking information with customer information from other sources. Now it's happening, and we are not happy. DoubleClick Admits to Profiling of Surfers http://www.hackernews.com/arch.html?012600#1 http://www.usatoday.com/life/cyber/tech/cth211.htm http://news.cnet.com/news/0-1005-200-1531929.html?dtn.head Web Ad Blocking http://www.junkbusters.com/ http://www.ecst.csuchico.edu/~atman/spam/adblock.html Opting Out http://www.precipice.org/privacy/ http://opt-out.cdt.org/ I personally didn't have much problem with cookies so long as they did not identify anyone; although it bothered me that they were not transparent, I did not advise most people to turn them off. But if people's movements on the Web start being personally identified by default then that is a very serious situation. Paranoia about cookies is now reasonable. I've abridged and reformatted this issue of Privacy Forum; the full details are at <http://www.vortex.com/>. Date: Thu, 27 Jan 2000 13:14:13 -0800 From: PRIVACY Forum <[EMAIL PROTECTED]> PRIVACY Forum Digest Thursday, 27 January 2000 Volume 09 : Issue 06 ----------------------------------------------------- Date: Wed, 26 Jan 2000 19:39 PST From: [EMAIL PROTECTED] (Lauren Weinstein; PRIVACY Forum Moderator) Subject: You've Been Drafted--Welcome to the Cookie Wars! Greetings. Who the blazes is that guy? Have you noticed him? As you drive around town he follows you, noting everywhere you go. When you're out shopping, he lurks around the corner, madly scribbling down notes about what you bought, and even regarding what you just happened to glance at on the store shelves. When you head over to the library to do some research, he records everything you looked up. Then he calls around to the stores you frequent, and tries to convince them to give him all of your purchasing and registration history data. He watches you almost all day, every day, building up a dossier that might have impressed Stalin. In our everyday "physical" world, such a skulking character following us around would not be acceptable to most of us, and would result in a public outcry like few seen before. But in the misty "cyberspace" world, where the business plan so often seems to read "get away with whatever we damn well can," it's a different story. And the electronic equivalent of the spying lurker exists right now. Recent events indicate that the time for polite complaints has passed, and that we've now been forced into the arena of genuine war. Not maybe, not tomorrow, but right now. Today. And most of the power is in your hands, if you choose to use it. For years, many Web sites have treated us to benign descriptions of "cookies"--the little files that are dropped onto your hard drive that maintain information between web sessions. We're told how useful they are, how they're "our friends"--nothing to fear. And true, it *is* possible to use cookies in benign ways, for simple state and authentication control such as in "shopping cart" applications, for example. But the dark side of cookies is very dark indeed. There have been warnings for ages, including here in the PRIVACY Forum, about the ways in which cookies could be abused to virtually track your life both on and off the Web, by tying together information from vast numbers of disparate sources--Web browsing, on and off-Web purchases, even voter registration and other "public record" data. The purveyors of these systems have constantly insisted that our concerns were merely theoretical. This is now no longer the case. Enter stage right--our old "chums" at DoubleClick, Inc.! No strangers to this digest--they've been the topic both of articles and interviews here in the Forum in the past. They're the kings of web activity tracking supreme. When they bought Abacus Direct recently, it was predicted that the urge to combine their massive web tracking database (fed from innumerable web sites including such popular search engines as AltaVista) with Abacus' gigantic database would prove irresistible. And in fact, it is now being reported that DoubleClick has done exactly as predicted, and is tying together your Web movement data with Abacus' 90+ million household database. DoubleClick used to make a lot of hay out of saying that they never identified individual users. With the Abacus identification tie-in, that has now changed. Name, address, buying histories, Web movements, the whole enchilada. No need for paranoia, you *are* being watched--it's a fact. DoubleClick isn't the only commercial entity tracking your life in this way, but they appear to be the biggest. And of course, there are no effective laws that directly prohibit such activities. Remember, you have virtually *no rights* when it comes to the commercial use of your own information. DoubleClick makes the usual noises about how you can take it upon yourself to "opt-out" of their system-- assuming you knew it existed in the first place and understood the ramifications. However, to be effective, this requires that you accept their special "opt-out" cookie, and leave cookies enabled in your browser at all times--not really a solution at all! If you have some time to kill and a serious masochistic streak, take a look at http://www.doubleclick.net/privacy_policy for the full fun details. Be sure to pay particular attention to the part about the "Abacus Alliance" --the *really* amusing stuff is in there. I said earlier that you *have* the power to deal with these sorts of practices yourself. Right now. It's basically very simple: !!! Keep cookies turned OFF whenever possible !!! Keep cookies off in your browser. Warn your friends, your relatives, your associates! While some new rather underhanded techniques for recording user activity have been appearing in some quarters, DoubleClick's network depends heavily on cookies being enabled in Web browsers for their tracking and data matching actions, as do most similar systems. I've found that I can leave cookies completely disabled 99.9% of the time with no ill effects on the Web Experience. Don't bother with the "notify me when a cookie is requested" settings--they'll drive you bats--just turn cookies completely OFF. If there's a particular site that *requires* cookies that you simply must visit, turn cookies on (ideally in "only accept cookies that get sent back to the originating server" mode) for that visit, then turn them completely off immediately afterwards (and delete your cookie files afterwards as well if you know the procedure). There's a lot more to this than targeted advertising. Web users in commercial, industrial, military, or government environments should be concerned about the level of activity tracking such cookie networks could facilitate, and what impact they could have on the security of their routine operations. If most Web users would turn off their cookies and leave them off most of the time, the ability of companies to monitor and manipulate their Web activities would be significantly limited, instantly. Here's how to do it: In Netscape Navigator, 4.0 and later, go to Edit->Preferences->Advanced and choose "Disable Cookies". In IE, 4.0 and later, go to View->Internet Options->Advanced->Security ->Cookies->Disable all cookie use. Users of other browsers will need to consult their documentation. Also, note that there is apparently no existing way to disable cookies in WebTV. Surprise! To paraphrase Howard Beale (played by Peter Finch) from the 1976 film "Network": "I want you to go to your Web browser now. Disable the cookies. Then go to the window, and yell, 'I'm as mad as hell, and I'm not going to take those cookies anymore!' ... " You'll feel a lot better. Welcome to the cookie wars, soldier. --Lauren-- [EMAIL PROTECTED] Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ End of PRIVACY Forum Digest 09.06 ************************ ***************************************************************** "There Ought to be Limits to Freedom!" --George W Bush Press conference at the Texas State House, May 21, 1999 http://www.gwbush.com and 'speeches' at http://www.georgewbush.com --------------------------------------------------------------------------- Send administrative requests to [EMAIL PROTECTED]
