Cookies are small text files stored on Internet browsers that assign unique numbers to individual users. These cookies are usually placed on Internet users’ computers by web-sites without their knowledge. Every time that a user returns to the site that placed a cookie on their browser, the cookie is sent back from the user to the original web-site, providing a way to remember over time particular individuals. Furthermore, cookies are often simultaneously placed by third parties. The most common third-party cookies are placed by the various companies that serve banner ads that appear across many web-sites. Top companies in this business category include DoubleClick and Engage. Third-party cookie placement has been a hot target for electronic privacy advocates because it is a mechanism through which the third party may build a cookie-based profile of the sites a user visits.
What users can do to protect themselves against Cookies?
Microsoft has recently released a browser add-on intended to provide users with greater control over the browser-tracking cookies handed out by websites. The new features in the updated browser give you a clearer understanding of different types of cookies and where they originate, as well as an easier way to manage and delete them,” according to Microsoft’s download site. Microsoft’s latest browser update has generated applause from privacy advocates — and the hesitant acceptance of online advertising firms, which worried that rejected cookies could limit the effectiveness of targeted ads on the Web. Privacy advocates consider the dangers of the often-invisible user tracking that takes place on the Web to be tied in large part to third-party cookies. The latest update of Microsoft’s Internet Explorer differentiates between first- and third-party cookies. The browser will then let the user refuse third-party cookies. Microsoft said it made its decision to offer the software after its own research showed that the use of third-party cookies, even though anonymous, was a matter of great consumer concern. Microsoft’s feature goes the extra step of explaining, in each cookie-blocking dialog with the user, how the cookie’s placement enables the third party to recognize them as they browse among different sites.
A Web bug is a graphic on a Web page or in an Email message that is designed to monitor who is reading the Web page or Email message. Web bugs are often invisible because they are typically “only 1-by-1 pixel in size”. They are often represented as HTML/IMG tags. Ad networks can use Web bugs to add information to a personal profile of what sites a person is visiting. The personal profile is identified by the browser cookie of an ad network. At some later time, this personal profile which is stored in a data base server belonging to the ad network, determines what banner ad one is shown. Another use of Web bugs is to provide an independent accounting of how many people have visited a particular Web site and to gather statistics about Web browser usage at different places on the Internet. The types of information being sent to the server when the Web bug is viewed are the IP address of the computer that fetched the Web bug, the URL of the page that the Web bug is located on the URL of the Web bug image, the time the Web bug was viewed, and the type of browser that fetched the Web bug image.
Web bugs in Word Documents
They discovered it was possible to place privacy-sensitive document-tracking code in Word documents, email messages, and other HTML-aware applications. The code makes it possible to track where a Word document goes when it leaves the author’s hands. “A word-processing
At the present time there is no is no method of removing Web bugs from HTML pages. The reason for this is that there is no method of distinguishing Web bugs from “spacer GIFs” which are used on Web pages for alignment purposes.
DoubleClick Case Study
The information practices of DoubleClick, the leading Internet advertising firm, have moved online privacy issues to the forefront of public attention. Complaints against Double Click alleged that the company was unlawfully tracking the online activities of Internet users and combining surfing records with detailed personal profiles contained in a national marketing database. DoubleClick uses cookie technology to learn about the behavior of Internet users. DoubleClick’s banner advertisements appear across the Internet on thousands of different kinds of sites. Whenever one views a DoubleClick banner ad — this does not require clicking on an ad — you are downloading an image from DoubleClick. With the download, DoubleClick also places a cookie on users’ browsers. If, like the majority of Internet users worldwide, you already have a cookie on your browser, then DoubleClick knows where you downloaded one of their ads. By keeping track of users, DoubleClick is keeping a detailed record, often referred to as a profile, about what sites you visit. The most recent estimates indicate that DoubleClick serves ads and tracks users on more than 11,000 websites. In the four years of its existence, DoubleClick has collected roughly 100 million profiles of Internet users. According to Media Metrix, 45.8% of Internet users in the United States visited DoubleClick Network web sites in a single month (December 1998).
In November 1999, DoubleClick completed a merger with market research firm Abacus Direct. Through the merger DoubleClick hoped to find out more about all Internet users in order to provide targeted one-to-one advertising. Prior to the merger, DoubleClick had been learning about Internet users through the use of cookie technology to collect personal information. Now DoubleClick has the be ability to correlate the existing information it has already accumulated from Internet users with the data in the Abacus database to personally identify information such as a names and addresses. For that reason, DoubleClick formed the Abacus Alliance — an unnamed group of Internet websites that will pass on personal information to advertisers. On January 28 2000, attorneys in California filed a lawsuit alleging that DoubleClick had unlawfully represented that it was only collecting non-personally identifying information. DoubleClick also recently revealed in February that the FTC had notified the firm that it was “conducting an informal inquiry into their business practices to determine whether, in collecting and maintaining information concerning Internet users, they engaged in unfair or deceptive practices.”
Many of the privacy problems with the recent merger stem from the inability of the vast majority of consumers to either control the collection of information concerning Internet user behavior or the linking of profiles with real identities. These personally identified profiles are currently used for the delivery of targeted online advertising. The nature of DoubleClick’s profiling will also fundamentally change the online experience for the growing number of Internet users. In the current environment, single websites collect information about their customers behavior after they have established a business to customer relationship. DoubleClick’s reach and scope allows them to use information collected about you without your knowledge on any of the thousands of websites on which they operate. DoubleClick could end the presumption of anonymity that most Internet users currently enjoy.
In March of 2000 DoubleClick released a statement vowing not to join online profiles to real-life identities, However, concerns about the company’s tracking of Internet users have not ended. DoubleClick continues to use invisible images embedded in web pages, also referred to as “web bugs,” to track users. The advertising company also continues to maintain two separate websites — the Internet Address Finder (www.iaf.net) and the Get Away From It All Sweepstakes site (www.netdeals.com) — both of which collect personal information.
DoubleClick’s privacy practices are neither an isolated incident nor will it likely be the last. Online profiling of unknown users may be acceptable if there is a technology that maintains anonymity and a legal framework that supports anonymity. Without such a legal framework, there are no reassurances that profiles that are collected under the promise of anonymity will stay that way.