Jeff Bachtel wrote:
>
> Just a thought, but doublclick.net _does_ have an opt-out cookie you
> can send to help keep information from being correlated to your
> company.
IMHO this takes care of the personal privacy issue but does not address
the corporate. The search criteria submission does not use cookies, so
even if you have this setting disabled you are going to submit info back
to DoubleClick. If you could get a look at a DoubleClick log entry on
one of the ad.doubleclick.net servers, it would look like this:
[Thu Feb 6 13:31:22 2000] [client 10.25.60.50]
/home/httpd/html/adi/altavista.digital.com/result_front;kw=Vanessa+Paradis;cat=stext;ord=25034863
Note the source IP is clearly identified. A quick whois can tie this
back to the source organization. So while you may be able to "opt out"
of the cookie setting, the info submission tied to your IP address still
takes place.
> Combined with a single caching proxy server (ie squid) (hey,
Your still passing cookies, your still tied to the organization's IP.
You are absolutely on the right track though. Add JunkBuster to the mix
as it can be tweaked to not forward this info.
> you want to reduce the amount you transfer from the internet anyway),
> it provides a certain degree of anonymity.
Actually, this is an annoying side effect of the whole ad thing. TTL
values are set so that you have to reload each time you hit the page.
This kills the efficiency of a proxy and thus sucks up additional
bandwidth. I've noticed my cache hit rating has slowly dropped over the
last year or so. :(
> The idea of a sort of ORBS is interesting (and may have merit). If,
> for instance, ads.doubleclick.net.relays.worbs.net returns a valid ip
> (loopback), then have your proxy server transparently handle traffic
> to that site.
Agreed. This is pretty much how I run my honeypot.
> However, and automated ORBS would be fairly difficult to
> implement, as verification of information relaying is not as easy as
> it is for open relays of email.
Agreed here as well. I've noticed many sites pass back a blank "kw="
string so its not like you can even key in on that. Still, it would be
nice to send a clear message that many Internet users take exception to
this kind of practice.
Thanks!
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
