1996-06-30 - [Fwd: Doubleclick]

Header Data

From: Eric Murray <ericm@lne.com>
To: cypherpunks@toad.com
Message Hash: c2b49a71c1845e1690148032bb0f4a12968afcec2bbd2762a55abe5646d53d05
Message ID: <199606300526.WAA23105@slack.lne.com>
Reply To: N/A
UTC Datetime: 1996-06-30 08:23:07 UTC
Raw Date: Sun, 30 Jun 1996 16:23:07 +0800

Raw message

From: Eric Murray <ericm@lne.com>
Date: Sun, 30 Jun 1996 16:23:07 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Doubleclick]
Message-ID: <199606300526.WAA23105@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




[Multiple forwards deleted]

[short-attention-span summary:  someone's using Netscape
cookies as a way to target-market browser users.  Since I
hate being targeted, I came up with a hack "fix" to prevent
it, see below]


> >Date:    Wed, 26 Jun 1996 19:42:00 -0700
> >From:    Scott Wyant <scott_wyant@loop.com>
> >Subject: COMMENT: Cookie dough
> >
> >(I originally posted this to a library science listserve, and was asked to
> >post it here.  I hope it is of some interest to ADV-HTML readers)
> >
> >This list has seen discussion about the little "cookie" that a Netscape
> >server hands to your browser.  Have you wondered how someone might use it to
> >make some money?
> >
> >Here's how.
> >(This will take a while, but I think it's worth it.)
> >
> >Using Find File, look for a file called cookie.txt (or MagicCookie if you
> >have a Mac machine).  Using a text editor, open the file and take a look.
> > If you've been doing any browsing, the odds are about 80/20 that you'll find
> >a cookie in there from someone called "doubleclick.net."
> >
> >If you're like me, you never went to a site called "doubleclick."  So how did
> >they give you a cookie?  After all, the idea of the cookie, according to the
> >specs published by Netscape, is to make a more efficient connection between
> >the server the delivers the cookie and the client machine which receives it.
> >But we have never connected to "doubleclick."
> >
> >Close MagicCookie, connect to the Internet, and jump to <www.doubleclick.net>
> > Read all about how they are going to make money giving us cookies we don't
> >know about, collecting data on all World Wide Web users, and delivering
> >targeted REAL TIME marketing based on our cookies and our profiles.
> >
> >Pay special attention to the information at:
> ><www.doubleclick.net/advertising/howads.htm>
> >
> >You'll see that the folks at "doubleclick" make the point that this entire
> >transaction (between their server and your machine) is "transparent to the
> >user."  In plain English, that means you'll never know what hit you.
> >
> >So what's happening is, subscribers to the doubleclick service put a "cookie
> >request" on their home page FOR THE DOUBLECLICK COOKIE.  When you hit such a
> >site, it requests the cookie and take a look to see who you are, and any
> >other information in your cookie file.  It then sends a request to
> >"doubleclick" with your ID, requesting all available marketing information
> >about you.  (They're very coy about where this information comes from, but it
> >seems clear that at least some of it comes from your record of hitting
> >"doubleclick" enabled sites.)  You then receive specially targetted marketing
> >banners from the site.  In other words, if Helmut Newton and I log on to
> >the same site at the exact same time, I'll see ads for wetsuits and
> >basketballs, and Helmut will see ads for cameras.
> >
> >If you log in to a "doubleclick" enabled site, and it sends a request for
> >your "doubleclick" cookie, and you don't have one, why each and every one of
> >those sites will hand you a "doubleclick" cookie.
> >
> >Neat, huh?  And you can bet they're going to be rolling in the cookie dough.
> >Me, I edit my cookie file each and every time I go to a new site.  (Despite
> >the dire warning at the top of the file, you can edit it with no adverse
> >consequences.)
> >
> >Oh, and one other thing.  If you edit your cookie file BEFORE you connect to
> >"doubleclick," and then jump around at the site, you'll notice that they
> >DON'T hand you a cookie.  I probed the site pretty carefully, checking the
> >MagiCookie file, and nothing happened.
> >
> >Until I closed Netscape.  The LAST thing the 'doubleclick" site did was....
> >You guesed it.  They handed me a cookie.  So much for making the
> >client-server negotiation more efficient.  (In fairness, that cookie may
> >have been in memory until I closed Netscape -- I can't tell for sure.)
> >Scott Wyant
> >Spinoza Ltd.
> >


My own experiments shows that simply removing the cookie file
(~/.netscape/cookies) works to "fix" this, as long as you don't
have old netscape config files lying about (then it pops a dialog
asking if you want to nuke the old config, and uses the old
cookies file).  Netscape (version 3.0b for Linux) doesn't
recreate the cookies file.  Of course this "fix" means
that I'm not able to take advantage of whatever cookies might
offer me, but since I can't control them and never see them
there's probably not a lot that they do that I'll miss.


I think that Netscape should add a configuration to the browser
so that paranoid privacy fanatics like me can disable cookies
or better yet control which ones that we'll accept.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





Thread