Fun_People Archive
29 Jan
You've Been Drafted--Welcome to the Cookie Wars!


Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Sat, 29 Jan 100 11:10:33 -0800
To: Fun_People
Precedence: bulk
Subject: You've Been Drafted--Welcome to the Cookie Wars!

X-Lib-of-Cong-ISSN: 1098-7649  -=[ Fun_People ]=-
X-http://www.langston.com/psl-bin/Fun_People.cgi
Forwarded-by: Mark Boolootian <booloo@cats.ucsc.edu>
From: Phil Agre <pagre@alpha.oac.ucla.edu>
[
This is it ... we've been saying all along that Internet advertisers could
start capturing users' identities and merge their online tracking
information with customer information from other sources.  Now it's
happening, and we are not happy.

DoubleClick Admits to Profiling of Surfers
http://www.hackernews.com/arch.html?012600#1
http://www.usatoday.com/life/cyber/tech/cth211.htm
http://news.cnet.com/news/0-1005-200-1531929.html?dtn.head

Web Ad Blocking
http://www.junkbusters.com/
http://www.ecst.csuchico.edu/~atman/spam/adblock.html

Opting Out
http://www.precipice.org/privacy/
http://opt-out.cdt.org/

I personally didn't have much problem with cookies so long as they did not
identify anyone; although it bothered me that they were not transparent,
I did not advise most people to turn them off.  But if people's movements
on the Web start being personally identified by default then that is a very
serious situation.  Paranoia about cookies is now reasonable.  I've abridged
and reformatted this issue of Privacy Forum; the full details are at
<http://www.vortex.com/>.
]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" option.  For information about RRE, including instructions
for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html
or send a message to requests@lists.gseis.ucla.edu with Subject: info rre
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

From: PRIVACY Forum <privacy@vortex.com>

PRIVACY Forum Digest      Thursday, 27 January 2000      Volume 09 : Issue 06

----------------------------------------------------------------------

From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject:  You've Been Drafted--Welcome to the Cookie Wars!

Greetings.  Who the blazes is that guy?  Have you noticed him?  As you
drive around town he follows you, noting everywhere you go.  When you're
out shopping, he lurks around the corner, madly scribbling down notes about
what you bought, and even regarding what you just happened to glance at on
the store shelves.  When you head over to the library to do some research,
he records everything you looked up.  Then he calls around to the stores
you frequent, and tries to convince them to give him all of your purchasing
and registration history data.  He watches you almost all day, every day,
building up a dossier that might have impressed Stalin.

In our everyday "physical" world, such a skulking character following us
around would not be acceptable to most of us, and would result in a public
outcry like few seen before.  But in the misty "cyberspace" world, where
the business plan so often seems to read "get away with whatever we damn
well can," it's a different story.  And the electronic equivalent of the
spying lurker exists right now.  Recent events indicate that the time for
polite complaints has passed, and that we've now been forced into the arena
of genuine war.  Not maybe, not tomorrow, but right now.  Today.  And most
of the power is in your hands, if you choose to use it.

For years, many Web sites have treated us to benign descriptions of
"cookies"--the little files that are dropped onto your hard drive that
maintain information between web sessions.  We're told how useful they are,
how they're "our friends"--nothing to fear.  And true, it *is* possible to
use cookies in benign ways, for simple state and authentication control
such as in "shopping cart" applications, for example.

But the dark side of cookies is very dark indeed.  There have been warnings
for ages, including here in the PRIVACY Forum, about the ways in which
cookies could be abused to virtually track your life both on and off the
Web, by tying together information from vast numbers of disparate
sources--Web browsing, on and off-Web purchases, even voter registration
and other "public record" data.  The purveyors of these systems have
constantly insisted that our concerns were merely theoretical.  This is
now no longer the case.

Enter stage right--our old "chums" at DoubleClick, Inc.!  No strangers to
this digest--they've been the topic both of articles and interviews here
in the Forum in the past.  They're the kings of web activity tracking
supreme.  When they bought Abacus Direct recently, it was predicted that
the urge to combine their massive web tracking database (fed from
innumerable web sites including such popular search engines as AltaVista)
with Abacus' gigantic database would prove irresistible.  And in fact, it
is now being reported that DoubleClick has done exactly as predicted, and
is tying together your Web movement data with Abacus' 90+ million household
database.  DoubleClick used to make a lot of hay out of saying that they
never identified individual users.  With the Abacus identification tie-in,
that has now changed.  Name, address, buying histories, Web movements, the
whole enchilada.  No need for paranoia, you *are* being watched--it's a
fact.

DoubleClick isn't the only commercial entity tracking your life in this
way, but they appear to be the biggest.  And of course, there are no
effective laws that directly prohibit such activities.  Remember, you have
virtually *no rights* when it comes to the commercial use of your own
information.  DoubleClick makes the usual noises about how you can take it
upon yourself to "opt-out" of their system-- assuming you knew it existed
in the first place and understood the ramifications.  However, to be
effective, this requires that you accept their special "opt-out" cookie,
and leave cookies enabled in your browser at all times--not really a
solution at all!

If you have some time to kill and a serious masochistic streak, take a look
at http://www.doubleclick.net/privacy_policy for the full fun details.  Be
sure to pay particular attention to the part about the "Abacus Alliance"
--the *really* amusing stuff is in there.

I said earlier that you *have* the power to deal with these sorts of
practices yourself.  Right now.  It's basically very simple:

  !!! Keep cookies turned OFF whenever possible !!!

Keep cookies off in your browser.  Warn your friends, your relatives, your
associates!  While some new rather underhanded techniques for recording
user activity have been appearing in some quarters, DoubleClick's network
depends heavily on cookies being enabled in Web browsers for their tracking
and data matching actions, as do most similar systems.

I've found that I can leave cookies completely disabled 99.9% of the time
with no ill effects on the Web Experience.  Don't bother with the "notify
me when a cookie is requested" settings--they'll drive you bats--just turn
cookies completely OFF.  If there's a particular site that *requires*
cookies that you simply must visit, turn cookies on (ideally in "only accept
cookies that get sent back to the originating server" mode) for that visit,
then turn them completely off immediately afterwards (and delete your cookie
files afterwards as well if you know the procedure).

There's a lot more to this than targeted advertising.  Web users in
commercial, industrial, military, or government environments should be
concerned about the level of activity tracking such cookie networks could
facilitate, and what impact they could have on the security of their routine
operations.

If most Web users would turn off their cookies and leave them off most of
the time, the ability of companies to monitor and manipulate their Web
activities would be significantly limited, instantly.

Here's how to do it:

In Netscape Navigator, 4.0 and later, go to Edit->Preferences->Advanced
and choose "Disable Cookies".

In IE, 4.0 and later, go to View->Internet Options->Advanced->Security
->Cookies->Disable all cookie use.

Users of other browsers will need to consult their documentation.  Also,
note that there is apparently no existing way to disable cookies in WebTV.
Surprise!

To paraphrase Howard Beale (played by Peter Finch) from the 1976 film
"Network":

   "I want you to go to your Web browser now.  Disable the cookies.
    Then go to the window, and yell, 'I'm as mad as hell, and I'm
    not going to take those cookies anymore!' ... "

You'll feel a lot better.  Welcome to the cookie wars, soldier.

--Lauren--
lauren@vortex.com
Lauren Weinstein
Moderator, PRIVACY Forum - http://www.vortex.com
Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org
Member, ACM Committee on Computers and Public Policy

------------------------------

End of PRIVACY Forum Digest 09.06
************************


prev [=] prev © 2000 Peter Langston []