Lemur z i l l a Zone News


Tuesday, November 26, 2002

what's hot what's not

tom's XPlent adventure

Tom Matrullo runs Windows XP on his personal computer. This morning he was accosted by an advertisement that brought up a dialogue box wanting to know if Double Click could access his camera and microphone.

Tom shot off an email this morning wondering if I has heard of this.

I have raved and haragued about 'cookie' [1],[2],[3],[4],technology for years.
Cookies were orginally a technology that wrote a simple text file to your harddrive, so that on subsequent visits to a particular site it could remember your name, user name and password ostensibly to personalize your relationship with a site. In the early days of the web this was a cool feature.
Cookie placement requires javascript in one form or another to create, place and read cookies. Which is why some folks turn off javascript in their browsers. Which is enabled by default in browser installations.
Originally the cookie has a simple relationship with surfers. It could only be read by the originating site. and there was only one cookie per site. But it didn't take long at all to extend the capabilities, reach and amount and type of information harvested by the 'simple' cookie. The cookie is useful for determining browser,platform, browser features such as Flash, Javascript, Real Audio and other plugins.
With the creation of Third Party Adservers, (TPA) such as Double Click, you could now insert multiple cookies with other destinations and collect an enormous amount on information on click thru and multiple site surfing.
In order to enable these ads, the sites have to leave holes for insertion, which begs the question of extending the column inch methodology and squeezing content in terms of stories between these holes.)
Cookies are inserted in the code that sites serve ads. Commercialization of the web, in sites built for companies extended this technology to go far beyond a username/password txt file. On the TPA server side, the cookie is read by the originating site and depending on the server it can log the access,(which is used as a 'hit' or measurement of display, which is used as a selling point for pushing ads), it is also persistant, lying in wait for you to click thru to the site that is presenting the ad. Which is logged on the server and is also counted.
The infection spreads like this; you start at the New York Times, to read an article. In the upper right hand corner it says 'welcome tom' This is the NYT site cookie in action when you originally registered. So far so good. This useage has saved you the keystrokes to insert your username/password.
Looking on the page you will notice a number of advertisements in various formats. .gifs, jpgs., and .fla or flash files. The majority of them are from the NYT adserver, which reads the original cookie. But a number of these ads are served by others. This is where the plot thickens.
But wait there's more! The cookie that goes to the TPA is also read by other sites that use the same TPA. They now know that you started at the NYT, went to the Washington Post, popped in at Time, and spent x amount of time at each one as well as what you accessed, what other ads you were exposed to, what you accessed, what your browser is, screen resolution, IP address, what plugins you have and whether or not you have an identity that can be used for demographic purposes far beyond your username/password registration information.
Right about now you are probably thinking this really sucks. It does and it gets worse.
All the major sites have "privacy policies" of one sort or another.
They all read like Mission Impossible. They inform you that their advertisers use TPA's and then specifically disavow any responsibility for the information collected or used.
--NYT Privacy Policy--
"We use a proprietary advertising server to display ads on our site. In addition, advertisers may elect to use third-party advertising companies to serve ads onto our website. Please click here to see a list of these advertising agencies and their privacy policies. In the course of serving these advertisements, the third-party advertisers may place or recognize a unique "cookie" on your browser. We do not have access to these cookies or any information that they may contain. If you would like more information about this practice and about your option not to accept cookies placed by these companies, please click here. Acceptance of cookies from domains other than nytimes.com is optional."
The next paragraph details the useage of WebBugs.
"Clear Gifs (Web Beacons/Web Bugs): We use a proprietary advertising serving system to display ads on our site. In addition, advertisers may elect to use third party advertising companies to serve ads onto our website, and in these instances may use a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs/action tags) to help better manage advertising on our site. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies. Clear gifs may ping or alert the advertiser's server about the online movements of Web users. For instance, advertisers may place a clear gif allowing them to recognize an existing cookie on your browser if from the same service. The main difference between cookies and clear gifs is that clear gifs are invisible on the page and are much smaller, about the size of the period at the end of this sentence. Please keep in mind we do not have access to any information collected by these clear gifs nor additional information they may be tied to by the advertiser. Please click here to see a list of these advertising agencies and their privacy policies."
(I could spend hours detailing the ethics of this but you could probably do a much better job than I.)
If you receive HTML email and wonder why you keep getting more of it, despite the fact that you think you are careful about your email address, you may thank microsoft for adding this 'feature'. Yep! Your email client is spying on you too!
Mozilla and Opera also do it, but in their clients you can disable HTML email. You can also disable cookies and manage them from the client much easier and with more control than you can with Internet Explorer. The alledged 'privacy controls' in internet explorer are a joke and have a tendency to be overwritten or set back to the default, (bend over and let us track you) with every update and patch you apply for the 'security holes' they announce for their products.
All is not lost in the battle for your privacy. There are a number of techniques that you can use to stem the invasion of your privacy.
Being on a windows machine you can utilize one of the features of the operating system known as the hosts file.
http://www.accs-net.com/hosts/what_is_hosts.html
http://www.ecst.csuchico.edu/~atman/spam/adblock.shtml
(My personal hosts file is almost 500K in size. This is a txt file. There are almost 2000 entries in it.)
It needs frequent updating as TPA's keep adding webservers.
Norton Internet Security is a program which will give you a measure of control as well.
Oh yeah, disallow all cookies and type your user names and passwords.
[1] Click Thru is Evil [Posted] September 26, 1998
[2] Click Thru is Evil II [Posted] February 25, 2000
[3] Double Click Opts Out [Posted] March 04, 2000
[4] Cookies in the Back Door [Posted] April 04, 2000
Bookshelf

Building Accessible WebsitesBuilding Accessible Websites is a stunning book.

Accessibility is not an afterthought anymore. It is a vital component of the World Wide Web for Personal, Professional and Commercial websites.

This book is not a theoretical discussion about the right thing to do, but a compelling guide to techniques and practices to enhance the ability of websites to convey their messages.

With concrete code examples not only as a how to, but why they are important by browser, technology and display, Joe guides you through the minefield of what works, what doesn't, and offers you suggestions to add value to what you do.

From how the disabled use computers, through structure, navigation, to testing and certification, Basic, Intermediate, and Advanced methods of creating or adding accessibilty to your websites are clearly provided.

Joe Clark presents a powerful and relentless case for accessibility that needs to be read by every practitioner of website building.

p i x e l v i e w

Mitch Ratcliffe is definitely an other. The 21st century holds the promise of rich multimedia across the web. Mitch was blazing this trail in the 20th century. From code to finance.

p i x e l v i e w - behind the screen with Mitch Ratcliffe
read here - go there

Opinion

It's Time to Stop the Music

I want you to stop buying Commercial Music and going to Movies for six months.
Because if You do not cut off their money they will cut off your Internet access. They have already killed Internet Radio.This is not about the short term pain of your favorite musician, they have already been screwed so royally that it is amazing that you can even recognize them.

It's Time to Stop the Music
read here - go there
Source: the head lemur


Current News
Old News

Searching LemurZone

Search this weblog

Other News
Other Views

site menumenu

Electronic Frontier Foundation Join Now

Independents Day

ageless the site

Support A Stand Against Pop-under Ads

Support Free Speech Online

your host, see i don't look crazy...but it is a small picture

headlemur

Web Standards Project

] News | Opinion | p i x e l v i e w | Links | Notes | Home [

you are here ·

Copyright © 1997-2001 lemurzone design all rights reserved