PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page

PRIVACY Forum Digest      Thursday, 27 January 2000      Volume 09 : Issue 06


            Moderated by Lauren Weinstein (         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable & Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        You've Been Drafted--Welcome to the Cookie Wars!
           (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "I'd hate to wake up some morning and find out 
         that you weren't you!"

            -- Dr. Miles J. Binnell (Kevin McCarthy)
               "Invasion of the Body Snatchers" (Allied Artists; 1956)


Date:    Wed, 26 Jan 2000 19:39 PST
From: (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: You've Been Drafted--Welcome to the Cookie Wars!

Greetings.  Who the blazes is that guy?  Have you noticed him?  As you drive
around town he follows you, noting everywhere you go.  When you're out
shopping, he lurks around the corner, madly scribbling down notes about what
you bought, and even regarding what you just happened to glance at on the
store shelves.  When you head over to the library to do some research, he
records everything you looked up.  Then he calls around to the stores you
frequent, and tries to convince them to give him all of your purchasing and
registration history data.  He watches you almost all day, every day,
building up a dossier that might have impressed Stalin.

In our everyday "physical" world, such a skulking character following us
around would not be acceptable to most of us, and would result in a public
outcry like few seen before.  But in the misty "cyberspace" world, where the
business plan so often seems to read "get away with whatever we damn well
can," it's a different story.  And the electronic equivalent of the spying
lurker exists right now.  Recent events indicate that the time for
polite complaints has passed, and that we've now been forced into the arena
of genuine war.  Not maybe, not tomorrow, but right now.  Today.  And most of
the power is in your hands, if you choose to use it.

For years, many Web sites have treated us to benign descriptions of
"cookies"--the little files that are dropped onto your hard drive that
maintain information between Web sessions.  We're told how useful they are,
how they're "our friends"--nothing to fear.  And true, it is possible to
use cookies in benign ways, for simple state and authentication control
such as in "shopping cart" applications, for example.

But the dark side of cookies is very dark indeed.  There have been warnings
for ages, including here in the PRIVACY Forum, about the ways in which
cookies could be abused to virtually track your life both on and off the
Web, by tying together information from vast numbers of disparate
sources--Web browsing, on and off-Web purchases, even voter registration and
other "public record" data.  The purveyors of these systems have constantly
insisted that our concerns were merely theoretical.  This is now no longer
the case.

Enter stage right--our old "chums" at DoubleClick, Inc.!  No strangers to
this digest--they've been the topic both of articles and interviews here in
the Forum in the past.  They're the kings of Web activity tracking supreme.
When they bought Abacus Direct recently, it was predicted that the urge to
combine their massive Web tracking database (fed from innumerable Web sites
including such popular search engines as AltaVista) with Abacus' gigantic
database would prove irresistible.  And in fact, it is now being reported
that DoubleClick has done exactly as predicted, and is tying together your
Web movement data with Abacus' 90+ million household database.  DoubleClick
used to make a lot of hay out of saying that they never identified
individual users.  With the Abacus identification tie-in, that has now
changed.  Name, address, buying histories, Web movements, the whole
enchilada.  No need for paranoia, you are being watched--it's a fact.
DoubleClick isn't the only commercial entity tracking your life in this way,
but they appear to be the biggest.  And of course, there are no effective
laws that directly prohibit such activities.  Remember, you have virtually
no rights when it comes to the commercial use of your own information.
DoubleClick makes the usual noises about how you can take it upon yourself to
"opt-out" of their system--assuming you knew it existed in the first place
and understood the ramifications.  However, to be effective, this requires
that you accept their special "opt-out" cookie, and leave cookies enabled in
your browser at all times--not really a solution at all!

If you have some time to kill and a serious masochistic streak, take a look
at for the full fun details.  Be
sure to pay particular attention to the part about the "Abacus Alliance"
--the really amusing stuff is in there.

I said earlier that you have the power to deal with these sorts of
practices yourself.  Right now.  It's basically very simple:

  !!! Keep cookies turned OFF whenever possible !!!

Keep cookies off in your browser.  Warn your friends, your relatives, your
associates!  While some new rather underhanded techniques for recording user
activity have been appearing in some quarters, DoubleClick's network depends
heavily on cookies being enabled in Web browsers for their tracking 
and data matching actions, as do most similar systems. 

I've found that I can leave cookies completely disabled 99.9% of the time
with no ill effects on the Web Experience.  Don't bother with the "notify me
when a cookie is requested" settings--they'll drive you bats--just turn
cookies completely OFF.  If there's a particular site that requires
cookies that you simply must visit, turn cookies on (ideally in "only accept
cookies that get sent back to the originating server" mode) for that visit,
then turn them completely off immediately afterwards (and delete your cookie
files afterwards as well if you know the procedure).

There's a lot more to this than targeted advertising.  Web users in
commercial, industrial, military, or government environments should be
concerned about the level of activity tracking such cookie networks could
facilitate, and what impact they could have on the security of their routine

If most Web users would turn off their cookies and leave them off most of the
time, the ability of companies to monitor and manipulate their Web activities
would be significantly limited, instantly.  

Here's how to do it:

In Netscape Navigator, 4.0 and later, go to Edit->Preferences->Advanced
and choose "Disable Cookies".

In IE, 4.0 and later, go to View->Internet Options->Advanced->Security
->Cookies->Disable all cookie use.

Users of other browsers will need to consult their documentation.
Also, note that there is apparently no existing way to disable cookies
in WebTV.  Surprise!

To paraphrase Howard Beale (played by Peter Finch) from the 1976 film 

   "I want you to go to your Web browser now.  Disable the cookies.
    Then go to the window, and yell, 'I'm as mad as hell, and I'm
    not going to take those cookies anymore!' ... "

You'll feel a lot better.  Welcome to the cookie wars, soldier.

Lauren Weinstein
Moderator, PRIVACY Forum -
Co-Founder, PFIR: People For Internet Responsibility -
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 09.06

PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.