Internet cookies leave bad taste in private lives

Security: A company that taps into your PC to record Web use plans to keep your name, too.

February 28, 2000|By Peter Lewis | Peter Lewis,N.Y. Times News Service

In my neighborhood in the physical world, it is customary to welcome new neighbors with a housewarming gift, perhaps a plate of cookies. It never occurred to me, however, to implant surveillance equipment in the cookies so I can monitor my neighbors' habits and sell that information to advertisers.

Maybe that's why I'll never be as rich as the folks at DoubleClick Inc., who have attracted billions of dollars from investors, advertisers and Web sites in part by using software cookies - small computer files that Web sites insert into your computer to gather information about the online habits of tens of millions of Internet users, often without their knowledge or informed consent.

But with a little knowledge, a computer user can block this information gathering by refusing cookies or using software to create online anonymity. Or, the user can visit a Web site set up by the company to opt out of the information circus.

DoubleClick, which describes itself as the world's largest Internet advertising company, is not the only cookie pusher on the Web, and it is certainly not the worst. And online cookie pushers are benign and well-behaved compared to direct marketers who begin building consumer dossiers on children from their birth announcements and school records, who know within 24 hours from your credit card records that you bought underwear at Bloomingdale's and who will sell that information to almost anyone.

Most commercial Web sites use some form of tracking mechanism to gather information about visitors: when they log on, where they come from, how long they stay, what they see, what they click, where they go when they leave. The information is supposed to be anonymous, just the recorded actions of a computer, not of a person with a name.

It is the potential to combine online information gathered by DoubleClick and its fellow Web weasels with off-line personal information gathered by the direct-marketing pack rats that gives some people the creeps.

Although it once promised that it would never do such a thing, DoubleClick plans to match the supposedly anonymous information gathered from cookies in your computer with your name, address, telephone number, age, sex, income level and history of purchases at retail, catalog and online stores. All that personal information is contained in a vast direct-marketing database that DoubleClick bought last year. (Asked about the apparent double-cross, a spokesman for DoubleClick said last week that the company "never said never.")

As a result of its plans, DoubleClick is being investigated by the Federal Trade Commission and the attorneys general of New York and Michigan, and it is the defendant in several class-action lawsuits accusing it of unfairly and deceptively gathering and selling personal information about consumers.

DoubleClick denies any wrongdoing.

Here's how it works. DoubleClick feeds your computer a welcome cookie the first time you click on an advertisement on one of about 1,800 popular Web sites where it provides the advertisements. It does so automatically, unless you reconfigure your browser to reject cookies.

If you use a recent version of Internet Explorer, go to the Tools menu, click Internet Options, then the Security tab. Setting security on "high" will block cookies. From Netscape Navigator's Edit menu, choose Preferences, then Advanced, and then set your cookie options.

Once the cookie is in your computer, it allows DoubleClick to track everything your browser software does or sees on a DoubleClick-affiliated site. If you go to a site that uses one of DoubleClick's competitors, such as RealMedia, which is used by The New York Times on the Web, another cookie takes over.

What The New York Times Web site does with this information is outlined in a privacy statement at the bottom of the Web page. RealMedia does not allow consumers to opt out of its tracking program, and it says it does not target consumers based on personally identifiable information, but the company says it will "inform you of how to opt out if our policy changes."

Theoretically, the cookie file itself does not gather or store any personal information about the user. But in real life, some sites record user-names and e-mail addresses in the cookie file. Most do not.

To view the cookie files on your computer, search your hard disk for files named "cookie" and open them with a word processor. You will see an assortment of digital tags that let the Web site identify your computer as a unique visitor. At the other end of the connection, the Web site uses the tags to create a record of what advertisements, articles and services your browser has seen. The tags by themselves are supposed to be anonymous.

The sticky part would come if DoubleClick were to link your name routinely with your browsing habits and to provide that information, even indirectly, to other companies. That is exactly what it plans to do, but, it says, only with your permission.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.