Forget DoS attacks! It's time to start a distributed DoBBS
attack on the Web. Agent C528 gives you the scoop on
ridding your Web trousers of privacy-leeches.
I used to think that intrusive tracking by Web advertisers didn't affect me.
"Let the little users get herded like sheep. They're dumber than me, so they
deserve to have their pricacy violated. I've got my super-elite Junkbuster and
cookie blocking set up. Let the web advertisers do their worst, but I'm safe
because I have the technical solution."
That was before the DVD case. The movie industry is attempting to prevent me
from using the technical solution that lets me take control of my legal use of
recorded media. I used to think, "I don't have to buy proprietary software to
watch movies, and I don't have to watch unskippable commercials. I'll just get
software that lets me have control."
Hackers will win the DVD case, but it will be a long, hard fight -- because we
thought too highly of technical measures, and ignored the economic power of the
motion picture industry.
So, how does all the DVD case relate to your right not to be "pushed, filed,
indexed, stamped, briefed, debriefed or numbered" by Web advertising agencies?
After all, the Web advertising industry isn't powerful enough to make
Junkbuster illegal yet. They can't afford the big, powerful members of Congress
that the movie industry can. If they're buying any members of Congress at all,
they're settling for the B list. As a matter of fact, the Federal Trade
Commission is actually investigating the biggest web advertiser, doubleclick.net, right now. That
wouldn't be happening if the web advertising industry had any political power.
But we're not safe for long. Look at the market capitalizations of the major
Web advertisers. Their stock prices are very high in relation to earnings,
which means that investors expect them to get bigger. When they get big enough,
they can buy Congress and get Web ad filtering for privacy banned. Just like
the movie industry is trying to ban the enabling technology for viewing DVD
movies on the OS of your choice, the Web ad industry will be able to buy a law
to prohibit the distribution of software to prevent them from tracking you.
This might even include a ban on open-source Web browsers.
If you really think they won't try to ban ad-blocking software, you're fooling
yourself. They'd be the first American industry in history NOT to try to buy
itself some kind of unfair economic advantage. From sugar to passenger
aircraft, every industry tries it, and most of them succeed.
But the success of Web advertising as an industry is not inevitable. Now is the
time to kill the baby snake before it grows up. The FTC investigation of
doubleclick.net has created an awareness of web advertising abuses for the
first time. Regular people understand what doubleclick.net is doing to them.
Now is the time to put them out of business before they get enough money to buy
a mandatory tracking law. Once the biggest Web advertiser is gone, the others
will clean up their act or fall one by one.
While doubleclick.net is snarled up with the FTC, take steps to block their ads
for all users, not just yourself. Nobody can complain now. doubleclick.net
can't send you a lawyer letter -- you're just blocking their advertising
because they're violating the law. You can laugh at them now. Even protecting
10% of the Internet's users from doubleclick.net would cost doubleclick.net
And you don't have to do any fancy Junkbuster stuff if you don't want. Just
make your nameservers authoritative for doubleclick.net. Take one of your
existing zone files, copy it over and take out all the A and MX records, and
add doubleclick.net to the config file. As far as your network goes,
doubleclick.net just vanished, and it took you less than five minutes.
People who tolerate Web advertising often say that it provides money for sites
with useful content, and that if sites didn't carry advertising, they would
have to charge for subscriptions or not offer content on the web at all. Fine.
But large companies that serve ads on many sites and track users across sites
are an abuse of privacy any way you look at it. If companies were't allowed to
buy laws from Congress, it would be OK to let doubleclick.net live. But our
political system creates the necessity for freedom-loving Internet users to
bring down all such companies.
I can hear some of you thinking, "But can't doubleclick.net just start using IP
addresses instead of a hostname for its banners?" Or "Can't doubleclick.net
just ask its customer Web sites to create a doubleclick.example.com subdomain
and delegate it? That way people will still see ads." Read the cookie
specification. If they do that, we win. They lose the ability to track users
across sites, and they cease to be a problem. After all, doubleclick.net isn't
about showing you an ad -- the ad is just a vehicle for tracking.
One more possible objection. "What about the doubleclick.net opt-out program?" If you want to trust your privacy
to the goodwill of an advertising weasel, go ahead. There's no promise that
doubleclick.net will continue the opt-out program, and they can end it at any
time without your knowledge. All they have to do is send a new tracking cookie
to replace the blank opt-out cookie, and they're tracking you again. I don't
see any legally binding promise from doubleclick.net to continue the opt-out
program. If we let them get big enough to buy laws, they'll be sure not to
force themselves to offer opt-out any more.
So, the best way to stop the Web advertising privacy invasion is to go on the
attack. Start spreading awareness of the problem, and give people an idea of
what technical solutions are available.
ISPs -- start with this Sample letter to users:
By now you may have heard of the Federal
Trade Commission investigation of doubleclick.net, one of the largest Web
advertising agencies. As providers of quality Internet service, we are
concerned about this company's apparent violations of the Internet's usual
expectations of privacy.
Therefore, while the investigation is in
progress, we have taken technical measures to prevent doubleclick.net from
tracking your Internet use. As a side effect, you may begin to see "broken
images" for some banner advertisements, and web pages may load more
If for some reason you prefer to be tracked and listed in
doubleclick.net's database, please send mail to [ support address ].
Sincerely, Network Operations Department
System administrators -- here's mail for management.
By now you may have already seen the news reports on
the Federal Trade Commission investigation of doubleclick.net. Because our
people use the Internet for business purposes, I and the rest of the IS staff
are concerned that doubleclick.net's tracking system, which now tracks
individual users instead of demographic groups, may place our confidentiality
at risk when our people visit business-related sites.
have taken immediate and effective technical steps to prevent our users from
being tracked by doubleclick.net. As a side effect, users may see "broken
images" where some banner ads originally appeared, and pages may load more
Please let me know if you would like me to pursue further
steps to help protect our company's confidentiality when our people use the
Or, just send mail to all users.
You may have seen the recent news stories
about the Federal Trade Commission investigation of the online advertising
they are now tracking individual users.
Because we are concerned with
protecting our company's confidentiality when our people use the World Wide
Web, we have taken immediate steps to stop this tracking. As a side effect, you
may see "broken images" where some banner ads once appeared, and pages may load
If you have any questions, please send mail to [support
Alice Network Operations Department
If you are an ISP customer, send this letter to the CEO:
I am very concerned about the Federal Trade
Commission investigation of doubleclick.net. Without letting web users know,
this company has begun to track individuals by name and address across many
different web sites, even those where the user had a reasonable expectation of
I have already enrolled in the doubleclick.net opt-out
program, but on further investigation I notice that they are capable of
cancelling opt-out at any time simply by sending a different web cookie! This
does not provide adequate protection, especially considering the huge database
resource that doubleclick.net has available to them.
a technical solution to this grave privacy issue. The simplest is to make your
name server authoritative for doubleclick.net, and use a zonefile without MX or
A records. Other technical measures for preventing tracking, such as
Junkbuster, are also useful.
Please let me know if you need any
further information. I am looking forward to hearing from you.