AltaVista sprouts a hole ...
rah at shipwright.com
Tue Jan 28 17:26:25 PST 1997
--- begin forwarded text
Reply-To: Russell Stuart <R.Stuart at rsm.com.au>
Date: Wed, 29 Jan 1997 08:07:27 +1000
From: Russell Stuart <R.Stuart at rsm.com.au>
To: Multiple recipients of <firstname.lastname@example.org>
Subject: AltaVista sprouts a hole ...
From: risko at csl.sri.com (RISKS List Owner)
Subject: RISKS DIGEST 18.77
Message-ID: <CMM.0.90.1.853810937.risko at chiron.csl.sri.com>
RISKS-LIST: Risks-Forum Digest Monday 20 January 1997 Volume 18 :
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann,
***** See last item for further information, disclaimers, caveats, etc.
Date: Fri, 3 Jan 97 23:52:00 +0100
From: Anders Andersson <andersa at Mizar.DoCS.UU.SE>
Subject: Leaking WWW surfer interest profiles
I notice that AltaVista's inline advertisements link to a server outside
Digital, "ad.doubleclick.net", and that the URL includes the user's list
keywords being searched. I'm concerned that these URL's may
leak information about the user's interests and inclinations to third
parties, information which the user may prefer to keep private.
This is not a new problem that appeared with the inline ads, since also
Referer: field of the HTTP protocol discloses to a target server exactly
what AltaVista index page led the user to it. However, this requires
the user willfully follows that link.
If sensitive information being leaked via the Referer: field is a
the user may obtain client software that withholds Referer: data, either
conditionally or unconditionally. Also, a user who has asked AltaVista
"gay" pages is probably not too concerned about accidentally disclosing
fact to the maintainer of said "gay" pages.
However, the doubleclick.net ads appear to bear no relationship to the
keywords being searched, and they appear not only in the URL for the
hyperlink to follow, but also in the IMG SRC URL. This means that in
to avoid disclosing my keyword lists to doubleclick.net, I have to
automatic loading of inline images when using AltaVista!
Why is it that when I perform a search for, say, "gay OR nazi AND
scientology", AltaVista tricks my browser to give this very search
away to an advertising company by means of an inline image (the contents
which has nothing to do with my search)? I think I can trust the
maintainers not to save my keyword lists for future analysis, but what
an advertising company?
It's kind of serendipity reversed. When you open a book to look up
information on a specific subject, the book scans your mind to find out
other interests and hobbies you have.
Anders Andersson, Dept. of Computer Systems, Uppsala University
Box 325, S-751 05 UPPSALA, Sweden +46 18 183170 andersa at DoCS.UU.SE
Software Development Manager
RSM Technology PTY LTD
Phone: +61 7 3844 9631
Fax: +61 7 3844 9522
Email: R.Stuart at rsm.com.au
--- end forwarded text
Robert Hettinga (rah at shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.shipwright.com/rah/
FC97: Anguilla, anyone? http://www.ai/fc97/
"If *you* don't go to FC97, *I* don't go to FC97"
More information about the cypherpunks-legacy