Forget DoS attacks! It's time to start a distributed DoBBS attack on the Web. Agent C528 gives you the scoop on ridding your Web trousers of privacy-leeches.

I used to think that intrusive tracking by Web advertisers didn't affect me. "Let the little users get herded like sheep. They're dumber than me, so they deserve to have their pricacy violated. I've got my super-elite Junkbuster and cookie blocking set up. Let the web advertisers do their worst, but I'm safe because I have the technical solution."

That was before the DVD case. The movie industry is attempting to prevent me from using the technical solution that lets me take control of my legal use of recorded media. I used to think, "I don't have to buy proprietary software to watch movies, and I don't have to watch unskippable commercials. I'll just get software that lets me have control."

Hackers will win the DVD case, but it will be a long, hard fight -- because we thought too highly of technical measures, and ignored the economic power of the motion picture industry.

So, how does all the DVD case relate to your right not to be "pushed, filed, indexed, stamped, briefed, debriefed or numbered" by Web advertising agencies? After all, the Web advertising industry isn't powerful enough to make Junkbuster illegal yet. They can't afford the big, powerful members of Congress that the movie industry can. If they're buying any members of Congress at all, they're settling for the B list. As a matter of fact, the Federal Trade Commission is actually investigating the biggest web advertiser, doubleclick.net, right now. That wouldn't be happening if the web advertising industry had any political power.

But we're not safe for long. Look at the market capitalizations of the major Web advertisers. Their stock prices are very high in relation to earnings, which means that investors expect them to get bigger. When they get big enough, they can buy Congress and get Web ad filtering for privacy banned. Just like the movie industry is trying to ban the enabling technology for viewing DVD movies on the OS of your choice, the Web ad industry will be able to buy a law to prohibit the distribution of software to prevent them from tracking you. This might even include a ban on open-source Web browsers.

If you really think they won't try to ban ad-blocking software, you're fooling yourself. They'd be the first American industry in history NOT to try to buy itself some kind of unfair economic advantage. From sugar to passenger aircraft, every industry tries it, and most of them succeed.

But the success of Web advertising as an industry is not inevitable. Now is the time to kill the baby snake before it grows up. The FTC investigation of doubleclick.net has created an awareness of web advertising abuses for the first time. Regular people understand what doubleclick.net is doing to them. Now is the time to put them out of business before they get enough money to buy a mandatory tracking law. Once the biggest Web advertiser is gone, the others will clean up their act or fall one by one.

While doubleclick.net is snarled up with the FTC, take steps to block their ads for all users, not just yourself. Nobody can complain now. doubleclick.net can't send you a lawyer letter -- you're just blocking their advertising because they're violating the law. You can laugh at them now. Even protecting 10% of the Internet's users from doubleclick.net would cost doubleclick.net many customers.

And you don't have to do any fancy Junkbuster stuff if you don't want. Just make your nameservers authoritative for doubleclick.net. Take one of your existing zone files, copy it over and take out all the A and MX records, and add doubleclick.net to the config file. As far as your network goes, doubleclick.net just vanished, and it took you less than five minutes.

People who tolerate Web advertising often say that it provides money for sites with useful content, and that if sites didn't carry advertising, they would have to charge for subscriptions or not offer content on the web at all. Fine. But large companies that serve ads on many sites and track users across sites are an abuse of privacy any way you look at it. If companies were't allowed to buy laws from Congress, it would be OK to let doubleclick.net live. But our political system creates the necessity for freedom-loving Internet users to bring down all such companies.

I can hear some of you thinking, "But can't doubleclick.net just start using IP addresses instead of a hostname for its banners?" Or "Can't doubleclick.net just ask its customer Web sites to create a doubleclick.example.com subdomain and delegate it? That way people will still see ads." Read the cookie specification. If they do that, we win. They lose the ability to track users across sites, and they cease to be a problem. After all, doubleclick.net isn't about showing you an ad -- the ad is just a vehicle for tracking.

One more possible objection. "What about the doubleclick.net opt-out program?" If you want to trust your privacy to the goodwill of an advertising weasel, go ahead. There's no promise that doubleclick.net will continue the opt-out program, and they can end it at any time without your knowledge. All they have to do is send a new tracking cookie to replace the blank opt-out cookie, and they're tracking you again. I don't see any legally binding promise from doubleclick.net to continue the opt-out program. If we let them get big enough to buy laws, they'll be sure not to force themselves to offer opt-out any more.

So, the best way to stop the Web advertising privacy invasion is to go on the attack. Start spreading awareness of the problem, and give people an idea of what technical solutions are available.

ISPs -- start with this Sample letter to users:

Dear Customers:

By now you may have heard of the Federal Trade Commission investigation of doubleclick.net, one of the largest Web advertising agencies. As providers of quality Internet service, we are concerned about this company's apparent violations of the Internet's usual expectations of privacy.

Therefore, while the investigation is in progress, we have taken technical measures to prevent doubleclick.net from tracking your Internet use. As a side effect, you may begin to see "broken images" for some banner advertisements, and web pages may load more quickly.

If for some reason you prefer to be tracked and listed in doubleclick.net's database, please send mail to [ support address ].

Sincerely, Network Operations Department

System administrators -- here's mail for management.

Bob,

By now you may have already seen the news reports on the Federal Trade Commission investigation of doubleclick.net. Because our people use the Internet for business purposes, I and the rest of the IS staff are concerned that doubleclick.net's tracking system, which now tracks individual users instead of demographic groups, may place our confidentiality at risk when our people visit business-related sites.

Therefore, I have taken immediate and effective technical steps to prevent our users from being tracked by doubleclick.net. As a side effect, users may see "broken images" where some banner ads originally appeared, and pages may load more quickly.

Please let me know if you would like me to pursue further steps to help protect our company's confidentiality when our people use the web.

Alice

Or, just send mail to all users.

Dear Everyone,

You may have seen the recent news stories about the Federal Trade Commission investigation of the online advertising agency doubleclick.net. In violation of their previously stated privacy policy, they are now tracking individual users.

Because we are concerned with protecting our company's confidentiality when our people use the World Wide Web, we have taken immediate steps to stop this tracking. As a side effect, you may see "broken images" where some banner ads once appeared, and pages may load more quickly.

If you have any questions, please send mail to [support address].

Alice Network Operations Department

If you are an ISP customer, send this letter to the CEO:

Dear Bob,

I am very concerned about the Federal Trade Commission investigation of doubleclick.net. Without letting web users know, this company has begun to track individuals by name and address across many different web sites, even those where the user had a reasonable expectation of privacy.

I have already enrolled in the doubleclick.net opt-out program, but on further investigation I notice that they are capable of cancelling opt-out at any time simply by sending a different web cookie! This does not provide adequate protection, especially considering the huge database resource that doubleclick.net has available to them.

Please implement a technical solution to this grave privacy issue. The simplest is to make your name server authoritative for doubleclick.net, and use a zonefile without MX or A records. Other technical measures for preventing tracking, such as Junkbuster, are also useful.

Please let me know if you need any further information. I am looking forward to hearing from you.

vwbugger@pigdog.org