PRIVACY Forum Bulletin

From PRIVACY Forum <>
Date Sat, 27 May 2000 11:38:01 -0700 (PDT)

[: hacktivism :]

[: this is a followup to the last message, what do the list
   members think of these systems?  :]
			PRIVACY Forum Bulletin

       Important warning regarding COGIT.COM "opt-out" procedures!


Greetings.  I apologize for this message outside of the normal flow
of PRIVACY Forum Digests, but I felt that this was important enough
to warrant it.

In yesterday's Digest ( I reported
on "" and their system for taking information about your routine
purchasing habits, lifestyle, and other similar data, then combining it to
control and modify your Web browsing activities at their client sites.

In that report, I referenced Cogit's page that (supposedly) allowed you to
"opt-out" by accepting a special opt-out Web cookie
(  It has now been discovered that the
operations on that page will only work if you have both cookies *and*
javascript enabled.  If you have disabled javascript due to any number of
reasonable security concerns, the pages will tell you that an opt-out cookie
has been set and that you will not be profiled.  Again, this is *not* the
case unless you had javascript *and* cookies enabled.  Then you would have
to leave cookies enabled for the opt-out to have any chance of being
effective.  As I've pointed out in the past, it is my recommendation that
cookies be left disabled at all times except when you're browsing specific
sites that need them--and they should be re-disabled immediately afterwards.

It is unfortunate that many persons, apparently assuming that Cogit's
display of TRUSTe certification on those pages actually meant that the
opt-out would always function, may be greatly surprised by the reality.

It's bad enough that you need to opt-out of such marketing schemes in the
first place, instead of being able to choose opting-in if you were
interested.  It's dismal that both cookies and javascript are required to
exercise the opt-out.  It's abysmal that there are common conditions under
which you'll be told that you've opted-out when you really haven't.  But
frankly, this is all pretty much along the lines of what we've come to
expect in so many of these dismal situations.

I'll be adding a note to yesterday's archived Digest reflecting
this new information.  Again, sorry for the interruption.

Lauren Weinstein or
Co-Founder, PFIR: People for Internet Responsibility -
Moderator, PRIVACY Forum -
Member, ACM Committee on Computers and Public Policy

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]