[linux-elitists] The B Word, the P Word
Mon Jul 10 10:06:26 PDT 2000
Caldera won't say the "B" word: http://lwn.net/daily/cald-ircBX.php3
But Red Hat will: http://lwn.net/daily/rh-bitchx.php3
And the Internet Advertising Bureau came out with its "IAB
Privacy Guidelines". These guidelines address only
"PII" (Personally Identifiable Information".
The IAB is coming to San Francisco for a seminar on ass-covering
for privacy violation: https://www.iab.net/forms/privacy_info.html
Date: July 12, 2000
Time: 8:00 AM
Location: Nikko Hotel, San Francisco
Somehow, the capabilities that Doubleclick is selling to its
clients don't exactly match up with what they're putting on
their "privacy" pages. Imagine that. For example, read this:
> The Power of Targeting the Individual, Not the Content
> Send your message to consumers based on where they live or access the Web.
> By targeting based on exact location, you distinguish residents from
> tourists and segment messages for advertisers accordingly. Targeting by
> geography and user-defined content category enables you to reach a local
> audience with interests specifically attuned to your particular product
> or service. Geographic targeting offers the versatility to target by
> city, state or region.
If you can get the fact that someone has an uncommon interest, and the
fact that they're in a certain place, you've got them -- PII or no PII.
Possible next level privacy measures ("Chaff"):
1. Read-only cookie file with a doubleclick.net "id" of "A" -- forcing
them to issue a new "id" every session. (My duplicate id mistake
and Doubleclick's rapid response has helped convince me that issuing
a new "id" is relatively expensive for them, compared to just serving
2. Use a Junkbuster "wafer" to send id=A on every request, and trash
or store the cookie that comes with the response. Could get a lot
of ids very quickly.
3. Generate a valid-looking "id" (they look like they're just 16-digit
hex numbers, in order) and visit a bunch of "erotic" sites that
Doubleclick tracks with Web Bugs.
Since the HTTP response from ad.doubleclick.net is a redirect (to
another server at doubleclick.net) you could still block the actual
ad by blocking the destination of the redirect.
Don Marti No haiku patents
email@example.com means I've no incentive to
whois DM683 Software patent reform now: http://burnallgifs.org/
More information about the linux-elitists