re: cookies and other bugs that travel your desktop and the web
Thanks to Stephen Temple on the FNet/FCM board, my attention was
diverted to this article concerning cookies and other forms of pestilence
on the web, once again.
currents.net
The article is copied below for posterity. I wonder if we can get some
comments here from some knowledgeable web crafters on this topic. I
have had my own doubts in the past concerning cookies from a privacy
perspective, which were very nicely dispelled by some of the www
knowledgeable on these boards. Is Scott Lemon or Darren DeNunzio
looking in here? If so, your comments would be quite welcome. And
those of anyone else who could add some useful dialog on the topic.
In a related matter which touches on other areas of covert surveillance
and intrusion, along with some other more legitimate forms of packet
intervention, I posted the following this morning to Jay Lowe on the
last mile thread, in case anyone is interested:
Message 12032189
Regards, Frank Coluccio
------begin copy:
Daily News
Plague Of "Web Bugs"
By Robert O'Harrow Jr, The Washington Post.
November 16, 1999
In a scramble to monitor the behavior of consumers online,
marketing companies on the World Wide Web are increasingly
using a tool to surreptitiously track what computer users do on
the network and automatically report the details to centralized
advertising services.
The tool, known as a "Web bug," lets advertising services
companies fetch data from multiple Web sites without
computer users' knowledge and send it to databases for
analysis and storage.
Online marketers have for several years gathered information
through the use of "cookies" - a simple sort of computer code
that serves as a unique identifier for each computer user at a
Web site. Banner advertisements on Web sites routinely use
cookies to record the number of people who view an ad or click
on the ad itself.
But Web bugs, named by a computer privacy specialist
suspicious of them, can gather information without a
sophisticated computer user's knowledge, since they set
cookies and gather information even on pages displaying no
ads.
"If there's an ad on the page, there's a suggestion this page has
an affiliation with some other site. You might expect that there
was someone watching," Jason Catlett, president of
Junkbusters Corp., a privacy advocacy and consulting
company. "But the Web bug has no purpose but surveillance."
Until recently, almost no one but computer specialists had
heard about Web bugs, often known in the trade as "clear
GIFs." But with exploding interest in target marketing on the
Internet - and several companies poised to begin identifying
computer users by name - Web bugs have suddenly drawn the
attention of advertisers, government officials and privacy
advocates.
Officials at the Federal Trade Commission, who said they
learned details about Web bugs at a workshop this week about
online profiling, will examine the bug's impact on consumer
privacy, according to David Medine, the FTC's associate
director for financial practices.
Medine said the concern is that consumers - even those
familiar with cookies - may never know that the information they
agree to give a particular, trusted Web site may now be shared
with a centralized advertising server that is gathering
information about their activities. That's because few sites
disclose they are deploying a Web bug even if a user has set
his Web browser to alert him if a site is trying to place a
cookie.
Computer users can configure their browsers to block the
setting of a cookie. But if a user allows just one site in an
advertising network to set a cookie, it enables all of the Web
bugs in that network to perform.
Among the sites deploying the tool are
www.mentalwellness.com, an "online resource for
schizophrenia and other mental health information" operated by
Janssen Pharmaceutica Products, L.P. The code, on a page
with stories about famous people who suffered from mental
illness, sends information to an online advertising service called
DoubleClick Inc., which gathers and analyzes information about
computer users at some 1,400 Web sites.
A spokesman for Janssen said its Web bug is used only to
help the company identify the most popular material at the site.
With the help of a cookie, the Web bug typically identifies a
machine, the page it opened, the time it arrived and other
details. That information, sent to a company that provides
advertising services such as DoubleClick, can then be used to
determine if someone subsequently visits another company
page in the same ad network to buy something or read other
material.
"It's a way of collecting consumer activity at their online store,"
said David Rosenblatt, senior vice president for global
technology at DoubleClick.
But for consumer watchdogs, Web bugs and other tracking
tools represent a growing, sophisticated threat to the privacy
and autonomy of online computer users. Although much of the
information collected by ad servers now is not personally
identified, it soon will be in many cases.
DoubleClick, the industry leader, has begun creating an
"information alliance" of businesses that will share customer
information in a vast digital pool. Once a computer user shares
a name online with any alliance member, DoubleClick will be
able to associate that name with cookies at all other
participating members' sites. But DoubleClick and eight other
leading advertising servers pledged this week to allow
consumers to opt out of such practices.
Richard M. Smith is a computer security specialist who named
the Web bugs, because he believes they perform somewhat
like hidden microphones. He said the same kind of code as
Web bugs is used in certain types of Web-related e-mail to
bounce information from thousands of people - such as if a note
was opened - back to a marketer who wants to know the
effectiveness of the pitch. Next week he intends to post a paper
about them on his own Web site,
tiac.net , which now has posted a
frequently asked questions paper on Web bugs.
"I don't think this stuff is properly disclosed by any stretch of
the imagination," said Smith of Brookline, Mass., who has been
asked by the FTC to write an analysis of the mechanism.
--------end copy |
