Home/red-rock-eater/Red Rock Eater Digest - it just gets worse and worse

Red Rock Eater Digest - it just gets worse and worsewriting

militarymediaenvironmentsurveillanceprivacycryptographycommerce
2001-05-12 · 6 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/2000/RRE.it.just.gets.worse.a.html

Content

| | | | --- | --- | | Red Rock Eater Digest | Most Recent Article: Sat, 12 May 2001 |

``` [Both messages have been heavily reformatted.]

---

This message was forwarded through the Red Rock Eater News Service (RRE). You are welcome to send the message along to others but please do not use the "redirect" option. For information about RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html

---

Date: Fri, 26 May 2000 13:23:25 -0700 (PDT) From: PRIVACY Forum

PRIVACY Forum Digest Friday, 26 May 2000 Volume 09 : Issue 16

(http://www.vortex.com/privacy/priv.09.16)

Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM =====

---

Date: Fri, 26 May 2000 12:15 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Cogit.com: Making DoubleClick Look Good?

Greetings. No matter how far you dig into a cesspool, it's not always easy to tell when you've reached bottom. In the case of Internet technologies that many persons consider invasive, we may be dealing with a bottomless pit of slime, a veritable cornucopia of crassness that is breathtaking to behold.

When DoubleClick, Inc. announced plans to link user Web activities with outside commercial data sources, there was an immediate outcry, and DoubleClick backed down--for now. But as many had feared would be the case, other firms have been plowing ahead into the vast, largely unregulated frontier of Big Brother, Inc.

One of the newer players is Cogit.com (http://www.cogit.com), a recent spinoff from Cogit Corporation. They offer (and have implemented for various customers) an array of Web user tracking and outside data personalization "linkage" services. Their two main products are called "RealProfile" and "RealTarget" (please note that neither of these have any relationship to RealNetworks, Inc. These names are starting to get Real confusing...)

According to the product and technology description proudly displayed at Cogit's Web site (http://www.cogit.com/services.htm):

"RealTarget uses offline behavior indicators such as high-tech preferences, automotive history, publications subscribed, and mail-order purchases, and relates them to consumer behavior on your site to make accurate predictions. Proven by Fortune 100 companies for direct marketing success, RealTarget's Master Models deliver highly improved results on the web."

and:

"RealProfile is a web-based consumer analysis service that helps emarketers understand who visits their web site and who drives site revenues. Enabled by an exclusive, long-term agreement with The Polk Company, RealProfile draws from offline demographic and lifestyle characteristics on 110 million US households to create in-depth anonymous profiles of your online visitors."

They describe the underlying technology, which involves the usual cast of nefarious characters, including cookies, invisible one-pixel Web "bugs"--and other goodies, at http://www.cogit.com/technology.htm and related pages. Their Web site really does make for some fascinating reading, in the Orwellian sense, that is. They also identify some of their current Web site customers.

Cogit of course explains that all of this is not intrusive, since they say that they remove the personally-identifiable information from the consumer profiles, and then link the data anonymously. More on what this really seems to mean in a moment. Deja vu all over again -- the usual, "We consider it anonymous, so you shouldn't care if we track your every move" sort of argument. One starts to suspect that most of the folks coming up with these various ideas must all be attending the same "Invasive E-Marketing For Fun and Profit" seminars. (A thought experiment--who would you choose to keynote such an event?)

So here's what appears to be happening. Cogit apparently purchases masses of information about your purchasing habits, magazine subscriptions, and all sorts of other nifty data regarding your behavior. This is data that many firms consider to be their treasure-trove to exploit as they see fit. Once Cogit has managed to pick up your identity from a customer site (e.g., presumably from an online registration or online purchase), they then can link your activities on those sites to the external data sources. Once this linkage is made, the name/address/etc. information is apparently deleted.

Then, using cookies and Web bugs (the latter of which are almost impossible to disable in any normal sense for most Web users) your movements can be tracked through the related sites, controlling the content displayed based on the perceived view of what you're all about. To quote from Cogit's privacy policy (http://www.cogit.com/policy.htm):

"Cogit.com's service matches personally identifiable consumer information (i.e., name, address, telephone number, etc.) supplied by its clients to a file of individual household information that Cogit.com licenses from the Polk Company. Immediately upon completion of this matching process and internal quality assurance, all personally identifiable information is irreversibly discarded to create anonymous user profiles devoid of any personally identifiable information."

Cogit doesn't ask you ahead of time whether you wish to participate in their data matching extravaganza. They do offer you a way to opt-out however, as described at http://www.cogit.com/opt_info.htm. They're using the same technique as DoubleClick--you must accept a cookie to stay out of the maws of the Cogit system. This presents the usual problems. First, you must have your cookies enabled to avail yourself of this opt-out--a privacy gotcha of the first order. Secondly, most people using various Cogit client Web sites are unlikely to ever even learn about this procedure.

So, we end up back at square one once again. Perhaps you feel that the tracking, matching, analysis, and manipulation of your Web browsing, based on the myriad everyday details of your life (reading choices, purchasing habits, and much more) is a great idea! If so, you'll just love the Cogit.com system. Browse away!

However, if you consider such activities to be an invasion of your life and privacy, regardless of the extent to which Cogit's data is "anonymized" in the process, then your options are far more limited. You might want to express your opinion to Cogit client sites (to the extent that you can identify them) and of course we can always hope for a saner regulatory environment concerning the use and abuse of your personal information.

Don't hold your breath.

--Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy

---

End of PRIVACY Forum Digest 09.16

---

Date: Sat, 27 May 2000 11:39:06 -0700 (PDT) From: PRIVACY Forum

PRIVACY Forum Bulletin ---------------------- 5/27/00

Important warning regarding COGIT.COM "opt-out" procedures!

-----------------------------

Greetings. I apologize for this message outside of the normal flow of PRIVACY Forum Digests, but I felt that this was important enough to warrant it.

In yesterday's Digest (http://www.vortex.com/privacy/priv.09.16) I reported on "Cogit.com" and their system for taking information about your routine purchasing habits, lifestyle, and other similar data, then combining it to control and modify your Web browsing activities at their client sites.

In that report, I referenced Cogit's page that (supposedly) allowed you to "opt-out" by accepting a special opt-out Web cookie (http://www.cogit.com/opt_info.htm). It has now been discovered that the operations on that page will only work if you have both cookies and javascript enabled. If you have disabled javascript due to any number of reasonable security concerns, the pages will tell you that an opt-out cookie has been set and that you will not be profiled. Again, this is not the case unless you had javascript and cookies enabled. Then you would have to leave cookies enabled for the opt-out to have any chance of being effective. As I've pointed out in the past, it is my recommendation that cookies be left disabled at all times except when you're browsing specific sites that need them--and they should be re-disabled immediately afterwards.

It is unfortunate that many persons, apparently assuming that Cogit's display of TRUSTe certification on those pages actually meant that the opt-out would always function, may be greatly surprised by the reality.

It's bad enough that you need to opt-out of such marketing schemes in the first place, instead of being able to choose opting-in if you were interested. It's dismal that both cookies and javascript are required to exercise the opt-out. It's abysmal that there are common conditions under which you'll be told that you've opted-out when you really haven't. But frankly, this is all pretty much along the lines of what we've come to expect in so many of these dismal situations.

I'll be adding a note to yesterday's archived Digest reflecting this new information. Again, sorry for the interruption.

--Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy ```

| | | --- | | ProcessTree Network TM For-pay Internet distributed processing. | | Advertising helps support hosting Red Rock Eater Digest @ The Commons. Advertisers are not associated with the list owner. If you have any comments about the advertising, please direct them to the Webmaster @ The Commons. |