Here's a current 'privacy' issue, having to do with what a server to which you connect can know about you, and how it's done. You can find out more and still more about cookies if you're curious.
July 22, 1996 (Vol. 18, Issue 30) [Image] THE GRIPE LINE [Image] BY ED FOSTER [Image] Can mixing `cookies' with online marketing be a recipe for heartburn? [Image] Fighting potential abuses of the Internet often seems to take [Image] on elements of shadowboxing -- you can't always tell whether there's a real enemy or not. Our recent discussions about junk [Image] e-mail and other questionable marketing practices on the 'net prompted one reader to alert The Gripe Line to a company [Image] called DoubleClick. "DoubleClick is targeting advertising based on a user's demographic profile," the reader wrote. "There's nothing wrong with that; in fact, that seems to be a step in the right direction. The catch is that they are using Netscape cookies to collect and store this data without the user being aware it's happening." I visited DoubleClick's Web site (http://www.doubleclick.net), and it did seem fairly ominous. DoubleClick sells advertising through a variety of Web sites that include USA Today Online, Quicken Financial, Travelocity, and more than 30 others. "When a user accesses a doubleclick.net member Web site, the user's browser makes a request [transparent to the user] to double click.net for an ad banner," read one of DoubleClick's Web pages. "DoubleClick retrieves information about the user, based on their IP address and cookie ID [if running Netscape], from the Internet Profiles Database." The DoubleClick software uses the information to decide which ad banner is most appropriate to display to that user. What kind of information do they have in that database? "DoubleClick has created the largest and most complete user and organization database on the Internet," another Web document explained. "DoubleClick is able to tell an incredible amount of information about a user, such as operating system, location, organization name, type, revenue, and size." My reader objected to the use of the Netscape cookie to apparently collect this data on Web surfers who may not know that either DoubleClick or the cookie file exists. "Here we have a clear situation where information is being gathered about a particular user without that user's knowledge," the reader wrote. "Even the target marketing cards that masquerade as warranty registrations in every appliance or electronic device known to mankind give the user a choice to check a box to deny the right to share or sell the information provided. This check has been removed in the rush to the online world. I am concerned about where this tacit assumption that we give up our rights to our privacy as we head into an online world will lead us." I was concerned, too. Now that I had been on DoubleClick's Web site, my own cookie file sported a DoubleClick cookie, ready to identify me to any other DoubleClick-enabled site. It didn't bother me that it would use that information to decide which ad to show me, but it did seem wrong that a file on my own system would be used to collect and pass on information about me. I decided to contact the company CEO and president, Kevin O'Connor. "There are a lot of misperceptions about the cookie file and what it can do," O'Connor said. "All we're using it for is to keep track of which ads we've shown you so you don't keep seeing the same one." Information about the user's geographical location and company affiliation is derived from the IP address, not the cookie file, O'Connor said, and the user's browser identifies itself and the operating system it's running under. In spite of the company's claims about its user database, O'Connor said that DoubleClick does not use information about other sites the user has accessed when choosing the ad banner to display, and the company does not try to identify the user's name. "Without question there is potential to misuse information, but that's always been there," O'Connor said. "The potential for abuse on the Web is great, because it is so powerful. But it really has little to do with cookies." From what I've been able to gather from Netscape and from Brett Glass' column last week, it looks like O'Connor is right about the dangers of the cookie file being greatly exaggerated. (See Help Desk, July 15, page 54.) Still, I'm going to keep an eye on it. After all, telling friend from foe on the Internet is still a tricky business. Ed Foster's Gripe Line examines issues raised by readers concerning product quality, customer service, and sales practices. Send gripes to gripe@infoworld.com or call (800) 227-8365, Ext. 710. Join his New Gripes forum on InfoWorld Electric at http://www.infoworld.com. Copyright (c) InfoWorld Publishing Company 1996