tip off

Fairfax’s hypocritical web ‘spying devices’ beat-up

Politicians are letting foreign-owned companies covertly gather information about voters” screeched the  Nicky Phillips “EXCLUSIVE” in Fairfaxland today. “The websites of Barry O’Farrell, Kristina Keneally, Tony Abbott and the Greens plant spying devices on visitors’ computers, which can track them as they browse the internet.”

Pot. Kettle. Black.

Fairfax’s own websites, from smh.com.au and theage.com.au to Essential Baby TradingRoom.com.au and personals site RSVP, all use these “spying devices”. They’re called cookies, and they’ve been a common part of the commercial web since the mid-1990s.

A cookie is nothing more than a piece of data that a website leaves on your computer. It might contain a unique session ID that’s used, say, by a shopping website to ensure you see the contents of your shopping cart rather than someone else’s. A cookie can remain on your computer between browsing sessions. A unique user ID can for example, ensure that any customisation you made to your “browsing experience” is preserved for next time without you having to log in. So far so innocuous.

But consider “third-party” or “tracking cookies”. They’re placed on your computer by another website whose content is included in the web page you’re visiting — such as the advertising inserted into the page by an advertising network. Every time you visit a website in that network, the advertiser knows because they see the same cookie with your unique ID.

Information gathered about a user’s online behaviour can be used to build detailed profiles to help target advertisements — a practice many believe is a threat to privacy,” writes Phillips. True. This is precisely what tracking cookies are for.

But none of this is news. And for Fairfax to criticise anyone for using tracking cookies is the height of hypocrisy. Fairfax’s own sites are riddled with the damn things — almost all of them from “foreign-owned companies”.

A single visit to the smh.com.au home page this morning placed no less than 21 cookies from seven third-part sites on my computer.

Among them was a cookie for Google subsidiary DoubleClick, one of the biggest online advertising networks and a foreign-owned company. There was one for IMR Worldwide, part of the foreign-owned Nielsen audience-measurement empire. For 2o7.net, a website analytics tool operated by Utah-based Omniture. They’re owned by Adobe, a foreign-owned company. Scorecard Research, another website analytics company. Guess what? Foreign-owned.

While Phillips tried to scare us with the news that Tony Abbott’s website installed “a tracking device, owned by Yahoo! and dated to expire in 2037”, Phillips’ own story at smh.com.au installed “tracking devices” from amgdgt.com (Google’s advertising manager, foreign-owned) set to expire in 2020 and serving-sys.com (another advertising network, Eyeblaster, foreign-owned) expiring in 2038.

The last third-party cookie was from atdmt.com. As Crikey’s deadline approached I ran out of time to look it up, but I wouldn’t put money on it having anything to do with an Australian-owned company.

The ad networks will tell you that their cookies don’t contain any personal information. Perhaps. But if you provide any personal details to any website in the network, it can be cross-matched. Log into your Google Gmail account and your personal data can be correlated with everything collected from networks using DoubleClick’s advertising. If you have a profile at RSVP, Fairfax can cross-match that with your news viewing.

Now the response from Tony Abbott’s office — that any inquiries about third-party cookies on his website should be directed to those third parties — is lame. His office should be taking responsibility for the privacy implications of the technology they use. And if politicians aren’t mentioning this tracking in their website privacy policies then they’re behaving very badly indeed.

However, the mere fact that someone uses tracking cookies isn’t news. Even Crikey uses them, for the DoubleClick ad network, and for analytics by IMR Worldwide and Effective Measure analytics.

Phillips’ story, with its scary-sounding foreign-owned spying devices, is nothing but a beat-up.

35
  • 1
    Shermozle
    Posted Monday, 8 November 2010 at 1:50 pm | Permalink

    atdmt.com is Atlas, Microsoft’s advertising network/software.

    PS: IMR Worldwide == Nielsen. You mentioned this when describing Fairfax’s cookies, but not at the bottom of the article when talking about Crikey’s use.

  • 2
    Shermozle
    Posted Monday, 8 November 2010 at 1:57 pm | Permalink

    There is, of course, a story in the privacy implications of all this stuff. For those of us who work in the field, it’s sometimes downright scary how much personal data is sprayed around. (The astute will note I don’t have a Facebook account.)

    But that story is probably a bit complicated for the Smage’s broadloid target audience.

  • 3
    The Pav
    Posted Monday, 8 November 2010 at 1:59 pm | Permalink

    I’m a bit of a computer duffer ( actually a complete Bozo)

    For example on the Crikey Comment section there’s this line “Some HTML is OK”

    I’ve always wondered what ius HTML & why is some OK but since I don’t really care I’ve never bothered to find out.

    I’ve heard of cookies but didn’t realise they were so widespread and sneaky.

    You said you identified 21 cookies from one visit. How did you do this & how do I blow them up on my system or whatever you do to stuff them

  • 4
    Meski
    Posted Monday, 8 November 2010 at 2:28 pm | Permalink

    @Pav: Stopping cookies depends on the browser you use. Some sites you’ll have to allow, if you want to use them (eg net banking), and some browsers will let you ban all sites but those that you set exceptions for. (Chrome for instance[1])

    [1] Well, possibly, I’m using the dev version of Chrome, not sure if this feature is on release. The much handier script blocker for instance, is not.

  • 5
    Posted Monday, 8 November 2010 at 2:34 pm | Permalink

    @Shermozle: Well, I figured mentioning the IMR Worldwide / Nielsen link once was enough, given I was already over length. There is indeed a wider story about the privacy implications of tracking cookies, and of the massively detailed profiles being constructed by the advertising networks. Another tale for another time, perhaps.

    @The Pav: HTML is the “hypertext markup language”, the codes out of which web pages are built. You can use a limited subset of them in the comment form to add formatting, such as the one to make text in italics like this. You’re only allowed to use the ones that won’t have security implications, for example embedding piece of another website or malicious stuff into the comments.

    You can see what cookies you’ve collected in the privacy controls of your web browser. The exact technique difference for each browser, but it’s often under “preferences” and drill down to privacy. You’d be able to delete them there, but they come straight back the next time you visit the website.

    Third-party cookies can be blocked by selecting the right privacy settings. You can get more control using some of the third-party security software. All of the major security software vendors have something that can help, usually sold as privacy protection.

    Alas the details get a bit complicated for here, but whoever you normally turn to for help with computer stuff should be able to help.

  • 6
    The Pav
    Posted Monday, 8 November 2010 at 2:44 pm | Permalink

    Thanks for the info people.

    Much obliged

  • 7
    amy c
    Posted Monday, 8 November 2010 at 3:01 pm | Permalink

    This article is a beat-up itself. Nicky Phillips has previously done a whole feature on cookies in the SMH in which she explained fairfax uses them.

  • 8
    David Sanderson
    Posted Monday, 8 November 2010 at 3:04 pm | Permalink

    I was amazed the SMH ran this as their front page story and bylined it as an “EXCLUSIVE” from their technology reporter. It then continued to say that “BIG BROTHER IS WATCHING”.

    If there is much more of this sort of stuff then readers will have to conclude that the dumbing down of the stately old dame has accelerated alarmingly. It is the sort of thing you might find in the commuter MX throwaway. It is certainly not something you would pay for.

  • 9
    Shermozle
    Posted Monday, 8 November 2010 at 3:10 pm | Permalink

    Amy C, you mean the non-beat up “Inside the cookie monster - trading your online data for profits” where the “number of tracking devices” table conflated all the cookies across the news.com.au, bigpond.com and ninemsn networks, but Fairfax only got “smh.com.au? No beat up there.

    http://www.stuff.co.nz/technology/digital-living/4198158/Inside-the-cookie-monster-trading-your-online-data-for-profits

  • 10
    Posted Monday, 8 November 2010 at 3:21 pm | Permalink

    @Amy C: Will you be disclosing in your comments here the fact that you’re Amy Corderoy, a journalist at the Sydney Morning Herald? And where in today’s story was the link to this previous feature? Or do you imagine that readers will search every previous story by a journalist to see if it’ll help them understand the current one?

    Sorry, but criticising someone else for something you do yourself is hypocrisy, no ifs or buts.

    Nice to see you coming to the defence of your fellow employees, though. Even if the excuse is, in my opinion, thoroughly lame.

  • 11
    splurkles
    Posted Monday, 8 November 2010 at 3:23 pm | Permalink

    imagine her horror when she discovers the thing called “facebook”

  • 12
    Cameron Manning
    Posted Monday, 8 November 2010 at 3:39 pm | Permalink

    Watch out, they may sick Annabel Crabb onto you..

  • 13
    amy c
    Posted Monday, 8 November 2010 at 3:45 pm | Permalink

    No Stilgherrian, I wasn’t going to, because I like to be able to comment on Crikey stories in general without doing so in my capacity as a Herald journo. But thanks for outing me. It’s not as if it was a secret who I was, since I made that comment within minutes of commenting directly to you on twitter.

    I don’t imagine readers will search every previous story. But I do imagine a journalist - for whom the whole point of their article is that something wasn’t disclosed - might do a quick google search to see what else has been written.

    And furthermore, I don’t think Nicky’s article was actively criticising politicians as you make out. It was critical, but it was also just about raising the issue and letting people know it was happening, which, while it may be widely known in internet-nerd land (and I use the term with affection) is not actually widely known among most people.

    But I also think it is certainly legitimate for a journalist in a company that collects cookies to highlight the fact that political parties (or government agencies) collect them. There are potentially serious privacy concerns there (for example, what if centrelink were to use cookies to follow me online if I’m receiving payments from them etc etc)

  • 14
    Elan
    Posted Monday, 8 November 2010 at 3:59 pm | Permalink

    No Stilgherrian, I wasn’t going to, because I like to be able to comment on Crikey stories in general without doing so in my capacity as a Herald journo.”

    Righty ho ducky! That clarifies that.

    (Oooooo you meany, meany thing, Stillers!)

  • 15
    Meski
    Posted Monday, 8 November 2010 at 4:08 pm | Permalink

    @Amy: unfortunately, the perceptions of readers when you get outed by someone else, rather than admitting it up front, outweigh the benefits of commenting privately. The story still sounds like a beat-up, but that may be because I’m fairly aware of how cookies work.

  • 16
    amy c
    Posted Monday, 8 November 2010 at 4:12 pm | Permalink

    @ Meski, yes it is a shame. What a pitty I need to be attacked instead of the substance of my argument!

  • 17
    Posted Monday, 8 November 2010 at 4:15 pm | Permalink

    @Amy C: I’d contend that the number of people following this discussion on both Twitter and in the Crikey comment stream would be vanishingly small. And while I reckon it’s perfectly fine and proper for you to comment as yourself and not with an official Fairfax hat — none of us are the puppets of our employers, or shouldn’t be — I also reckon that your employment by Fairfax is a relevant fact to disclose when joining this particular discussion.

    My view is that it’d be more ethical to use a pseudonym and disclose the relationship than to use half your real name and not disclose.

    That said, if “Amy C” is a persistent identifier that you use when commenting at Crikey and elsewhere, it’d be reasonable to continue using it.

    I think we’ll have to agree to disagree about the intent of the story. From where I sit, it looks like the story was intended to invoke fear.

    I reckon if the story’s aim was to inform then it would have explained more accurately what utility politicians get from using an analytics firm — discovering the location, age, gender and other demographics of the website visitors and correlating that to the pages they read — and explained how easy it is to disable third-party cookies or install privacy-protection software. It might also have refrained from loaded language like “spying devices” and just called them “tracking cookies” which is, after all, the name of the things.

  • 18
    Posted Monday, 8 November 2010 at 4:20 pm | Permalink

    Further to my statement:

    Log into your Google Gmail account and your personal data can be correlated with everything collected from networks using DoubleClick’s advertising.

    A Google spokesperson writes:

    When a user visits websites that display ads provided by Google’s AdSense program, or watches a video on YouTube, Google stores a random, unique number in the user’s browser (the DoubleClick cookie) to remember the browser’s visits. Only these visits — and not searches on Google or Google account information — are associated with the DoubleClick cookie.

  • 19
    Infoholic
    Posted Monday, 8 November 2010 at 4:23 pm | Permalink

    @AmyC

    Nicky Phillips chose to use hyperbolic rhetoric (e.g. “spy devices” and “tracking device, owned by Yahoo! and dated to expire in 2037”) in a story that was aimed at the non “internet-nerd”. She chose to only mention web-sites of key politicians and political parties. She conveniently forgot to mention (even though she, according to your previous comment, knows all about cookies) that these third party cookies are created by almost every commercial web site on the planet (even the SMH site). Given that Ms. Philips and the SMH editors are smart people, this can only mean one thing. Ms Phillips wrote and the SMH editors published a story that strictly followed standard beat-up creation guidelines.

    Just accept your colleague wrote a poor story and your employer published it.

  • 20
    GlenTurner1
    Posted Monday, 8 November 2010 at 4:47 pm | Permalink

    AdBlockPro, NoScript, BugMeNot, Firefox’s setting “Accept cookies, keep until I close Firefox” and disabling Flash’s Local Storage Objects. You know you should.

  • 21
    amy c
    Posted Monday, 8 November 2010 at 4:49 pm | Permalink

    @stilgherrain yeah I comment on Crikey stories quite often which is why I only use Amy C. I would have felt silly adding a ‘by the way’ at the end as I figured it would be obvious to you from my twitter comments. Point taken though!

  • 22
    John Bennetts
    Posted Monday, 8 November 2010 at 4:58 pm | Permalink

    @AmyC:

    Time to stop squealing. A fair cop it was and still is.

    Must say, though - loyalty to one’s employer and work associate is touching and, unfortunately, quite rare.

    Time for a new subject. This one’s worn out.

  • 23
    amy c
    Posted Monday, 8 November 2010 at 5:03 pm | Permalink

    Thank you for your extremely patronising response @John Bennetts. Actually, my opinions are my own and have nothing to do with my employer. I don’t know how many times I have to say that it is astonishing that you choose to comment on me and my motivations rather than anything of substance I said in my very long response to Stilgherrain.

  • 24
    The Pav
    Posted Monday, 8 November 2010 at 5:27 pm | Permalink

    Quite frankly Amy C , I’m more than disappointed that you commented without declaring your interest.

    Well may you say it was obvious to anyone in the know & on Twitter but as an innocent abroad who doesen’t use Twitter I assumed that you were unrelated to the article.

    It may be a valid personal opinion but it is about your employer & therefore common decency requires to to state the relationship.

    Would you write to the Letters Editor of a paper without declaring your interest?

    I alsways assume there is no relationship unless it is stated. Should I have an interest in something I comment on then I would state it.

    Simple really. I maybe simple but I was mislead

  • 25
    John Bennetts
    Posted Monday, 8 November 2010 at 6:57 pm | Permalink

    @AmyC:
    Patronising, my a_se! More pot kettle black stuff.

    You come to Crikey with an undeclared self interest and expect to be able to just tough it out. What a wank! Not ony did you not understand it then, you not get it now and have resolutely closed your mind. Not a good look for a paid journalist, from my perspective. Thought of a job at Limited News? Lots of similar company over there. Your efforts on this thread aren’t helping Fairfax much either.

    Keep digging.

  • 26
    Elan
    Posted Monday, 8 November 2010 at 7:01 pm | Permalink

    What a pity I need to be attacked instead of the substance of my argument!”

    Don’t be so bloody silly!

    JB is right. As is PAV. Have the dignity to just admit that it would have been wiser to just declare your position.

    All this protestation about the ‘message is ignored’, is arrant nonsense. The message has a direct connection to your job-and if it did NOT, then you could easily have made that clear by stating your position when you made your post.

    Instead you bluster about, having a shot at those who can see that clearly.

    You are pretty thin-skinned for a journo Amy- you will need to toughen up. Just cop it sweet, because that IS warranted.

  • 27
    Davo
    Posted Monday, 8 November 2010 at 10:31 pm | Permalink

    /i Do italics work like this /i I hope so…

  • 28
    Davo
    Posted Monday, 8 November 2010 at 10:32 pm | Permalink

    Apparently not… \i or maybe like this \i

  • 29
    Davo
    Posted Monday, 8 November 2010 at 10:32 pm | Permalink

    no…

  • 30
    John Bennetts
    Posted Tuesday, 9 November 2010 at 12:38 am | Permalink

    Davo, try message .

    That is: before the italicised text.

    After the ilaticised text, do the same, except that the turn off command inside the angle brackets is /i

    jb

  • 31
    John Bennetts
    Posted Tuesday, 9 November 2010 at 12:42 am | Permalink

    Davo, sorry - some of that didn’t display.

    Look above the , key and the . key. You will find angle brackets.

    The format of the command to start italics is:
    OPEN ANGLE BRACKETS i CLOSE ANGLE BRACKETS.

    To end italics, repeat the brackets stuff, inside which put /i (that is, LOWER CASE QUESTION MARK foloowed by i.

    Give that a whirl.

    Other commands include b for bold, etc.

  • 32
    Posted Tuesday, 9 November 2010 at 9:26 am | Permalink

    Folks, if you roll your cursor over the text that says “Some HTML is OK” and leave it there for a moment, most web browsers will pop up a list of what’s allowed.

  • 33
    Elan
    Posted Tuesday, 9 November 2010 at 11:55 am | Permalink

    I’m trying to get the text below to print, so I’ve used multiple letters symbols.

    Use just ONE symbol and letter!!

    1) <<<<<<<<<<>>>>>>>>>>>>> Opens italics

    2) Now put your word or sentence. Then put:

    3)<<<<<<<<<<>>>>>>>>Closes italics.
    _____

    1)<<<<<<<<<<<>>>>>>>>>Opens bold

    2) Word/sentence. Then put:

    3)<<<<<<<<<>>>>>>>>

    I wonder if it comes up OK??

  • 34
    Elan
    Posted Tuesday, 9 November 2010 at 12:06 pm | Permalink

    Ach!! yer wee bugger!!

    In the middle there, where those chevrons change and go the opposite way you put an i (italics) or b (bold) TO OPEN.

    TO CLOSE: Do exactly the same, BUT put a forward slash BEFORE the i or b.

    SO: one left pointing chevron i or b then one right pointing chevron.OPEN.

    Word or sentence..THEN

    One left pointing chevron- then a forward slash-then i or b-and then a right pointing chevron.CLOSE

    Letter i or b for italics or bold. And the forward slash added to close procedure.

    ___________________________________

    This is the complete novices’ way of describing this facility!!

  • 35
    Meski
    Posted Tuesday, 9 November 2010 at 3:31 pm | Permalink

    Or for a lesson on how to escape html symbols:)

    google following, look at top hit.
    escape angle brackets in html

    <i> </i>

    to type this (remove spaces)

    & l t ; = <
    & g t ; = >

Womens Agenda

loading...

Smart Company

loading...

StartupSmart

loading...

Property Observer

loading...