Privacy Warnings about and

Harvey Newstrom (
Fri, 10 Sep 1999 00:29:07 -0400

Here are a couple of privacy warnings I just found in PRIVACY Forum Digest, Volume 08, Issue 12, Friday 27 August 1999.

If you look for books at from work, they will compile your interests in a list and show other customers what kind of books your company's employees are interested in.

If you perform searches on, they will record your search string and send it to DoubleClick so that they can tailor their advertising toward what you are searching for.


Harvey Newstrom <mailto://> <> Author, Consultant, Engineer, Legal Hacker, Researcher, Scientist.

Date: Fri, 27 Aug 99 11:05 PDT
From: (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Aggregated Data *Does* Matter:

Greetings. As you may have heard, has generated surprise and shock in many quarters by posting on their web site the names of popular books ordered by persons located at various companies, listed by company name! So immediately, people started drawing inferences about why so many people at this firm or that firm bought particular books, some of which are of a highly personal nature or related to particular competitive business topics.

What's apparently going on is that Amazon is using their activity log data to
generate these lists--so they're not saying that a particular company *paid* for a given book, just that the people who did so accessed Amazon from that company. Amazon says that this was just supposed to be "fun"--that they don't release the names of individual purchasers. It's not clear to me that this should make you feel a whole lot better...

In response to a tirade of protests, Amazon will now permit individual purchasers to opt-out of these aggregated listings--assuming they notice how to do so, and entire companies supposedly can be completely removed by sending a fax. Obviously the individual opt-out option renders any remaining data about "popular" books at a given company meaningless, since you'd never know how many people at that firm had already chosen to remove their purchasing data from the database. So the stats have even less scientific validity than originally (which wasn't much to start with).

You can read all of the sordid details about this in the mainstream press, but there is one primary point I want to make. Amazon is taking an approach that is increasingly being heard amongst web-based and other firms with access to large amounts of transactional data. They all claim that so long as they only release "aggregate" data, nobody's privacy is impacted. But of course, before you can aggregate data, you have to collect specific data, and as we see, such data *does* matter. It does reveal information that many persons would prefer--and incorrectly assume--is private between them and the entity with whom they're dealing. Most people are shocked when they learn how much transactional data is collected about them in the course of business, and how little control they have over it.

Freedom of speech can not (or at least should not) mean that whenever you provide someone with a piece of personal information, that data then becomes their private property to exploit without limit or recourse. There needs to be a balance struck, but right now the scales are out of kilter, based on 19th Century attitudes towards what can be done with business-related data.


Lauren Weinstein
Moderator, PRIVACY Forum --- Member, ACM Committee on Computers and Public Policy Host, "Vortex Reality Report & Unreality Trivia Quiz"

Date: Mon, 09 Aug 1999 09:45:40 -0400 From: Chris Brenton <> Subject: DoubleClick knows what you are searching for

Greetings all,

Be aware that even if you take precautions to lock down your browser's cookie settings (you can check out for some good info on what can be done with cookies), DoubleClick has come up alternate means of compiling user profile information.

try the following:

  1. Go to
  2. Enter a search string
  3. Sniff your outbound connection

What you will see is your local system creating a connection to:

in order to send the following string:

In other words, Altavista is reporting to DoubleClick the type of information you are searching for on the Web. I have yet to determine what the "ord" value is. It does not appear to be tied to a specific cookie value but I have not done enough investigation work to be sure. If anyone has additional info on this, it would be greatly appreciated.

If you don't have a sniffer, you can do a "netstat" on your local system to see the connection to You have to hit it just right though and this will not show you the info string you are sending them.

If you read through Altavista's privacy statement ( ) it mentions using cookies, but makes no mention that they are submitting user search string data to DoubleClick.

Note that I have not seen this type of activity with any of the other major search engines, but have had people tell me they have seen this with a couple of the major news wires.

The only effective means I've found to prevent all of DoubleClick's profiling attempts is to block all outbound traffic headed for their domain. Obviously this is not an option for many people who connect via dial-up to a local ISP.