Would Exchanging Cookies Defeat DoubleClick? 28
An Anonymous Coward asks: "After reading all the articles on cookies, DoubleClick, etc., an idea occurred to me and i thought i'd throw it out to the community to comment/flame and/or hopefully implement: since privacy is compromised because cookies *correlate* you with where you've been and other info, would it be feasible to host a "cookie exchange" server and application? e.g. you'd run this app before you surf, and it would reach into your browser cookie jar and *exchange* your DoubleClick cookie with somebody else's who is also running Cookie Exchange. Repeat for each site you wish to remain anonymous for. It seems that this would be more effective than disabling cookies, as it would mess up DoubleClick's correlations and tracking - you'd never have the same profile from day-to-day!" While an interesting thought. It doesn't exactly address the problem. I can imagine this making even more SPAM because one user's tracking profile now contains useless information from someone else's cookies. Would this be a good idea or even a fun way to protest DoubleClick?
IP logging and Dial-Up customers? Think again. (Score:1)
Sounds good to me! (Score:1)
Pointless (Score:3)
There is absolutely no difference between playing cookie-exchange and simply disabling doubleclick cookies.
Why take it that far? (Score:1)
Worst case, I figure this creates a mess at their end of things when invalid data turns up (that I'm sure they just ignore and reset). Best case is what I've had happen a few times - something I change gets interpreted correctly and all of a sudden I start seeing ads for stuff that's just ridiculously off-target for me. As a 24 year-old male techie, it's a bit amusing to suddenly find yourself bombarded with women's jewelry ads, expectant mother products, etc..
Well, it would make cookies more useful... (Score:2)
The proposal would poison DoubleClick's database. This would force DoubleClick to separate its banner-ad operation from its tracking operation...and then guess how long it will take for HTTP proxy packages to start filtering the 1x1 (or smaller than 8x8) GIFs.
Count me out, though. I block all the DoubleClick domains I can in my DNS server, and I see no reason to unblock those domains.
Slashdot occasionally has doubleclick ads (Score:2)
Re:Pointless (Score:1)
Well, ALMOST no diff. (Score:1)
However, for those of us who can now truly say: "Doubleclick thinks I'm bogus.. Yeah" there IS a difference, namely that we should no longer be counted as "reliable info" which at least keeps us out of their "target group" or whatever. And at the same time make us feel better, knowing that we've done our bit to make the world safe from democracy (pardon the pun).
Personally, I think that it would be much more efficient to mess with their data, but seeing as the number of people who would participate in a venture such as this would probably only mess up so small a percentage of their DB that they'd hardly notice, then what's the point ? I mean those of us who object are also the same ones who knows how to do something about the problem. WE are NOT the ones that give them accurate data by keeping the cookies. Like so many others, I just delete mine after a while.
No if we REALLY want to do something about DoubleClick, it should be transparent to the user. Something more like a "cookie-virus" that would mess up peoples double-click cookie without them knowing. This could easily hit a VERY large part of their users, and SERIOUSLY corrupt their data. Ofcourse having the cookie look into a "legit" cookie-excahgne DB to find new intresting values might not be a bad idea, in which case this program/DB would be nice to have.
But all in all.. The program on it's own is not worth much... Not ANYTHING really.
cool idea, but probably not helpful (Score:1)
A Cookie Corruptor.... (Score:3)
1. The cookie equivalent of RBL or ORBS. Some list of bad-guys. (Yeah, I know about JunkBusters. Tried it, but it was clunky.) It should work over the 19.2 and 28.8 connections I'm plagued with at hotels.
2. A little program or plug-in, that when evil attempts to store 1k of information on my computer, it crushes the cookie, and returns completely random information. But nicely formatted random information.
I'll settle for #2. I guess I know what program I'm going to be starting on.
It would be nice for the cookie alert pop-ups most browsers had two more buttons: "Always Accept from This Domain", and "Ban EVERYTHING from This Domain".
I don't want the cookie, the traffic, the graphic.
Re:Why go through the trouble.. (Score:1)
Part of the problem is that the opt-out isn't forever. I have a cron job running that alerts me when my DoubleClick cookie changes away from OPT_OUT. I think I get at least one hit a week; when I look, the cookie has changed from "OPT_OUT" to "A".
What's happening here? I've heard that client-side Javascript can change cookies, and that some sites use older scripts that don't know about OPT_OUT. Regardless of why it's happening, the important this is that it does happen.
So why "A"? Probably just a bug in the script. I haven't let it sit around to see what happens to it; I just flip it back ASAP.
My solution is slightly kludgy. I have two Perl scripts:
I'd like to run this at least once a day, but I have two problems:
(Okay, these are "problems" only in relation to the issue at hand.)
So right now, I run the scripts when I get warned that my DoubleClick cookie has changed. As I said, that usually means at least once per week. Not ideal, but I can live with it.
well (Score:1)
--
Re:A Cookie Corruptor.... (Score:1)
Why go through the trouble.. (Score:1)
Besides that, I could never understand why people cared about such things.. After all - would you rather see an ad for something you don't care about, or something that supposedly might be interesting for you? (And no, don't give me "I would rather see no ads at all" - people who create the very sites you are visiting do need to get paid)
Funny, but worth it? (Score:3)
But beyond amusement, this wouldn't serve much purpose IF you could pull it off. On a large enough scale, it might amount to a form of protest, but why? Okay...Doubleclick has become the poster child of the profiling evil empire. And now Coremetrics has received the brunt of the privacy policy ignorance of its clients, putting the spotlight on third party data-mining. In either case, cookies represent an essential tool to get their jobs done. If you don't like it...your options are simple:
but that's the long way around... (Score:1)
Re:A Cookie Corruptor.... (Score:1)
read-only cookie file (Score:1)
What other cookies do I need? I have my browser set to accept all cookies, so I never get bothered with the "accept this cookie?" prompt, but I never have to trim my cookies file either because it's read-only.
Now, when I -do- want to keep a cookie, I unfortunately have to shut down Netscape, chmod the file, and restart, but it's an extreme rarity that I actually want to add a cookie to the file.
If you wanna have more fun with DoubleClick and the like, do what I did above, but remove the DoubleClick OPT_OUT cookie. That way, each individual browser session (e.g. every separate time you run Netscape) will get a unique DoubleClick cookie, but you can't be tracked between sessions because the cookie won't be saved.
Re:Why go through the trouble.. (Score:2)
I don't get it. People know not to reply to "opt-out" spam. Why would I want to put an opt-out cookie in my browser? I just don't trust Doubleclick.com or Preferences.com that much.
I browse with cookies set to ask (and reject if from different domain if that's available) and I use the Esc key (or the N key in IE) to reject cookies. Sites with too many cookies are ones I don't visit much. I'll sometimes accept a cookie valid only for the session, but I'm very unlikely to accept a persistant cookie especially one with an expiration date out in 2047.
Re:Well, ALMOST no diff. (Score:1)
The best way to block ads (no extra software requi (Score:2)
Re:Why go through the trouble.. (Score:2)
Preferences.com now has an opt-out (the cookie name is "PreferencesID" and the value is "OPT-OUT" in the root path, if you want to set it manually).
There's no secret Javascript method required to change a cookie - the ad server could change the opt-out one into something else on any connection. If you do want to prevent these cookies from being changed without your consent, just edit your cookie file to contain those few cookies you actually want (probably the opt-outs, plus a few auto-login cookies like your slashdot one), then make the file read-only. Session cookies will still work fine, since they're only ever set in memory anyway. When you want to set a new persistent cookie just make the file temporarily writeable. Note that you can also do this without ever setting any opt-out cookies and get more-or-less the same result that the Ask Slashdot question is looking for, since you'll then get a new "persistent" cookie for each new browser session, and Doubleclick et al will get a very inflated database full of distinctively uninformative microusers. I prefer the opt-out since it should prevent them from ever tying those microusers to any real-world identifying info, in case I ever let some leak.
This works on any version of Netscape (Unix, Mac, Windows) and with some Resedit shenanigans ("Lock" & "Protect" the cookies resource in the Internet Preferences file) on the Mac version of MSIE. Dunno if there's a registry hack to do it under Windows IE, probably not.
Re:read-only cookie file (Score:2)
I've been advising concerned people to lock their cookie files/resources for at least three years; glad to see it's finally catching on.
Re:Why go through the trouble.. (Score:2)
Mozilla style with cookies (Score:2)
I use a very simple criteria. If the cookie will do me substantial good, I will accept it. Thus I accept cookies for sites with passwords and logins, and customizable content. I never accept cookies for advertisements like doubleclick.
The beauty of it shows up in the remembering sites part. I only need to refuse a doubleclick ad once. Then it is bit-bucketed forever.
Your browser should do things that are in your best interest, such as the way mozilla handles cookies.
Does yours ?!
Re:A Cookie Corruptor.... (Score:2)
You'll like the new KDE Konqueror browser. The two actions "reject" and "accept" have three options "all cookies", "all cookies from this domain" and "this cookie only". Works real nice.
Whenever I see anything ad related, it's reject for the entire domain. And sites I _do_ trust get a permanent clearance.
Re:The best way to block ads (no extra software re (Score:1)
Re:The best way to block ads (no extra software re (Score:2)