PRIVACY Forum Digest V09 #16

From PRIVACY Forum <>
Date Fri, 26 May 2000 13:22:51 -0700 (PDT)

[: hacktivism :]

PRIVACY Forum Digest      Friday, 26 May 2000      Volume 09 : Issue 16


[: digest preamble snipped :]

Date:    Fri, 26 May 2000 12:15 PDT
From: (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Making DoubleClick Look Good?

Greetings.  No matter how far you dig into a cesspool, it's not always easy
to tell when you've reached bottom.  In the case of Internet technologies
that many persons consider invasive, we may be dealing with a bottomless pit
of slime, a veritable cornucopia of crassness that is breathtaking to behold.

When DoubleClick, Inc. announced plans to link user Web activities with
outside commercial data sources, there was an immediate outcry, and
DoubleClick backed down--for now.  But as many had feared would be the case,
other firms have been plowing ahead into the vast, largely unregulated
frontier of Big Brother, Inc.

One of the newer players is (, a recent
spinoff from Cogit Corporation.  They offer (and have implemented for
various customers) an array of Web user tracking and outside data
personalization "linkage" services.  Their two main products are called
"RealProfile" and "RealTarget" (please note that neither of these have any
relationship to RealNetworks, Inc.  These names are starting to get Real

According to the product and technology description proudly displayed
at Cogit's Web site (

    "RealTarget uses offline behavior indicators such as high-tech
     preferences, automotive history, publications subscribed, and
     mail-order purchases, and relates them to consumer behavior on your
     site to make accurate predictions.  Proven by Fortune 100 companies for
     direct marketing success, RealTarget's Master Models deliver highly
     improved results on the web."


    "RealProfile is a web-based consumer analysis service that helps
     emarketers understand who visits their web site and who drives
     site revenues. Enabled by an exclusive, long-term agreement with
     The Polk Company, RealProfile draws from offline demographic and
     lifestyle characteristics on 110 million US households to create
     in-depth anonymous profiles of your online visitors."

They describe the underlying technology, which involves the usual cast of
nefarious characters, including cookies, invisible one-pixel Web "bugs"--and
other goodies, at and related pages.
Their Web site really does make for some fascinating reading, in the
Orwellian sense, that is.  They also identify some of their
current Web site customers.

Cogit *of course* explains that all of this is not intrusive, since they
say that they remove the personally-identifiable information from the
consumer profiles, and then link the data anonymously.  More on what this
really seems to mean in a moment.  Deja vu all over again--the usual, 
"We consider it anonymous, so you shouldn't care if we track your every move"
sort of argument.  One starts to suspect that most of the folks coming up
with these various ideas must all be attending the same "Invasive
E-Marketing For Fun and Profit" seminars.  (A thought experiment--who would
you choose to keynote such an event?)

So here's what appears to be happening.  Cogit apparently purchases masses
of information about your purchasing habits, magazine subscriptions, and all
sorts of other nifty data regarding your behavior.  This is data that many
firms consider to be their treasure-trove to exploit as they see fit.  Once
Cogit has managed to pick up your identity from a customer site (e.g.,
presumably from an online registration or online purchase), they then can
link your activities on those sites to the external data sources. 
Once this linkage is made, the name/address/etc. information is
apparently deleted.

Then, using cookies and Web bugs (the latter of which are almost impossible
to disable in any normal sense for most Web users) your movements can be
tracked through the related sites, controlling the content displayed based
on the perceived view of what you're all about.  To quote from Cogit's
privacy policy (

    "'s service matches personally identifiable consumer
     information (i.e., name, address, telephone number, etc.) supplied by
     its clients to a file of individual household information that licenses from the Polk Company. Immediately upon completion
     of this matching process and internal quality assurance, all personally
     identifiable information is irreversibly discarded to create anonymous
     user profiles devoid of any personally identifiable information."

Cogit doesn't ask you ahead of time whether you wish to participate in their
data matching extravaganza.  They do offer you a way to opt-out however, as
described at  They're using the same
technique as DoubleClick--you must accept a cookie to stay out of the maws
of the Cogit system.  This presents the usual problems.  First, you must have
your cookies enabled to avail yourself of this opt-out--a privacy gotcha of
the first order.  Secondly, most people using various Cogit client Web sites
are unlikely to ever even learn about this procedure.

So, we end up back at square one once again.  Perhaps you feel that the
tracking, matching, analysis, and manipulation of your Web browsing, based
on the myriad everyday details of your life (reading choices, purchasing
habits, and much more) is a great idea!  If so, you'll just love the system.  Browse away!

However, if you consider such activities to be an invasion of your life and
privacy, regardless of the extent to which Cogit's data is "anonymized" in
the process, then your options are far more limited.  You might want to
express your opinion to Cogit client sites (to the extent that you can
identify them) and of course we can always hope for a saner regulatory
environment concerning the use and abuse of your personal information.  

Don't hold your breath.

Lauren Weinstein or
Co-Founder, PFIR: People for Internet Responsibility -
Moderator, PRIVACY Forum -
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 09.16

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]