|
|
 |
|||||||||
|
|||||||||||
|
 |
|
|||||||||
|
This piece also appeared at TomPaine.com Britannica's Cookies by Ken Sanes On March 8, Britannica.com acknowledged that it had used other people's web sites to send out cookies. But it said it wasn't intentional. The column below and the updates describe the events that led up to Britannica's acknowledgement and its decision to correct the problem. March 3, 2000: Recently, I had a reason to change the settings on my browser so instead of automatically rejecting cookies, it asked me whether I was willing to accept them. The change opened up a new world to me in which web sites are constantly trying to place these little bits of data on my computer to track how people are using the Internet. But I wasn't prepared for one of the things I learned after I made the change -- without my knowledge my own web site was sending cookies to people who visited it. To say that I greeted this fact with shock would be an understatement. When I first discovered it, I responded with disbelief. It happened, perhaps, ten days ago. I went to the home page for Transparency, one of two sites I own that contain essays on media and culture. And there, on my screen, as the Transparency home page was opening, was a request from the site to place a cookie on my computer. Since I was opening a number of pages from different web sites at the same time, I mistakenly told myself this had to be coming from another site. I quickly clicked "no" to the request and went about what I was doing. The next time I went to my web site with my browser set to ask if I wanted to accept cookies, I received the same request to place one on my computer. This time I had an instantaneous experience of recognition: my own web site was trying to put a cookie on my -- and undoubtedly other visitors' -- computers to engage in some kind of tracking. My first inclination was to blame the web hosting company whose job it is to feed my pages to your computer when you ask to see them. But the company seemed too professional to engage in a tactic such as this. Then I realized I had recently made a change to my home page by adding an award image from one of the most widely respected sites on the Internet -- Britannica.com. "Britannica.com is contacting you because our editors have selected your site as one of the best on the Internet when reviewed for quality, accuracy of content, presentation and usability," Britannica's Jan. 31 email letter to me had said. As a result of my site's excellence, it informed me, I would be allowed to add a Britannica search box and/or an award to my page. I went with both in the foolish hope that Britannica would respond by prominently placing my site in its lists of links. To add the items to my page, I followed Britannica's simple directions for copying and pasting HTML code from its site to my own. But it seems I got more than I bargained for -- an idea that was confirmed when I accepted the cookies and saw they were indeed from Britannica. I had accepted Britannica's invitation to add these items in the hopes of using its reputation to improve my site. Now I couldn't help but wonder if I was the one who got used. An examination of my home page as it was downloading revealed at least some of what is going on. It turns out that while the Britannica award image and the image in the search box appear on my page, they aren't part of my site at all, at least not in the sense that most of the rest of the text and images on my pages are. Instead, they are being fed directly from Britannica's site to my home page. That means every time someone opens my home page, they are actually being fed information from at least two locations -- the computer with my site on it, and Britannica's computer. And Britannica is obviously sending the cookies connected with the downloading of those images. What does Britannica have to say about all this? Some days ago, a representative said they weren't sending out cookies via other people's sites. When informed they are, the representative said they apologize if they unintentionally gave out incorrect information. But an official spokesperson would only say they are checking to determine what is happening. Of course, I don't have any reason to believe Britannica is using these cookies in an inappropriate way (which is to say I don't have any reason to believe these cookies are being used to track anyone by name). You can go to Britannica's privacy statement yourself and see if you can figure out what they are telling you. So that's where it stands, as I wait for Britannica to produce a response. Meanwhile, someone who works for an organization that deals with Internet and privacy issues points out that many things that look like conspiracies turn out to be screw ups. But if this is happening to my web site, it is probably happening to others that accepted Britannica's invitation and placed these items on their pages, as well. If so, that could turn out to be a pretty big screw up. ----------------- March 4, 2000: Since I posted this column, Richard Smith, an Internet consultant in the metro Boston area, checked Alta Vista and found 243 other sites with the Britannica images on them. A check by me of about 15 sites revealed that all were sending out a Britannica cookie. Those sites were told by email they are doing so. I also noticed that, for a period of time, the home pages of those sites wouldn't fully download because they were having a problem opening the images from Britannica's site. Between the cookies and the difficulties getting these pages to open, I think it is a good bet that some sites suffered a reduction in traffic and use. I believe mine did. To correct that, I have removed the Britannica code and saved a copy of the award image directly to the computer with the rest of my site on it, so it will no longer cause cookies to be sent. Britannica said Friday it would be okay to do so. (Site owners with the Britannica award are welcome to copy and paste this image onto their sites, which they will find at the bottom of Transparency.) But the larger solution is for Britannica, on Monday (March 6), to stop the cookies and notify all relevant sites of what they have been doing. They also need to explain what, if any, information was collected and whether this was intentional. Certainly, no site should be added to the program until these issues are resolved. It is a good bet that this was caught at an early stage. Britannica's award program undoubtedly would have grown considerably (and may still) so the 244 sites might easily have numbered several thousand in the near future. It has also been suggested that there is another, far more numerous, banner by another company that also sends out cookies, and some web site owners that have it on their sites may not realize it is doing so. This is one of numerous issues that reveal the way the Internet has become a maze of misleading information. We need new laws and genuine enforcement to protect the public. So-called self-regulation is just a way of letting things get out of control. -------------------- After I contacted a site that had the Britannica search box on it, the webmaster sent the following letter to Britannica: A few months back, we received an offer to place a search box for Britannica.com on our site.... As we consider Britannica.com an excellent resource, we were glad to do so. We have now been informed that visitors to our site receive a Britannica cookie. This concerns us greatly, especially with the recent news about DoubleClick and other organizations and their privacy violations. One astute visitor, who is BCC'd on this notice, informed us about this situation. We have removed the Britannica search box from our site. We would be pleased to restore the link if there is an option to not place your cookies on visitors to our site. We consider this action a violation of trust with us, and are concerned about the possible negative influence this may have had on traffic to our site. -------------------- The following letter was sent to me by the creator and editor of another web site, after the site was informed it was sending the cookies: I just became aware of that fact, and we will pull off the box and link. We don't send cookies from our page, and we don't want other media doing that either. Britannica does not tell you that fact when they send you their award. (It) seems that the award is a thinly disguised Trojan horse doesn't it. In short, I'll pull it off tonight. Thanks for confirming my suspicion. ----------------- March 9, 2000: Britannica.com has now acknowledged that it is sending out cookies through other people's web sites, although it said it wasn't intentional. It also said it will send out a notice to all the sites in question. But a spokesperson could not say if Britannica.com would send out the notice this week. Here is an image capture of the cookie request -------------------- July 12, 2000 Update: The entries above are a record of my efforts to get Britannica to stop what it was doing (with a few minor editing changes to improve the text). The item dated March 9 was the last entry. I never received a notice from Britannica after that and assumed none was sent out. But in a recent email communication between Britannica and me, Britannica said that it had indeed sent an email notice to sites that were transmitting its cookies. The message told the sites what was taking place and provided instructions on how to stop the cookies from being sent. "We have recently discovered that because of the way the Britannica.com
images are delivered from our site to yours, some of your visitors may get cookies on their hard drives from Britannica.com when they visit
your Web site," Britannica wrote in the email to these sites. "Since it was not our intention to cookie your customers,
we would like to propose a solution that will prevent this from
happening." As part of an email communication between Britannica and me, a Britannica spokesperson also asserted that it only uses the cookies to "distinguish between repeat visitors and first-time visitors". "Therefore, not only do we not have any use for cookies that are inadvertently written to the computers of visitors of other sites, but it's against our interests to create such information," he wrote (with one misspelling corrected). "Under these circumstances, a person who has never been to our site before might come and be coded incorrectly as a repeat visitor. We certainly don't want that." So did Britannica finally send out a notice and correct the problem, as it says? A check of a number of sites revealed four webmasters who didn't remember receiving a notice, but two who did. Perhaps some didn't receive it because they had already stopped drawing the images from Britannica's site. Or perhaps, as a Britannica spokesman suggested, some just don't remember it. More importantly, I was unable to find any sites still sending out the cookies. Assuming that Britannica has stopped what it was doing, this turns out to be a demonstration of how private individuals can have an effect on corporate practices. By writing this column and the updates, and contacting a number of other people with the Britannica award on their pages, it seems that I was able to get Britannica to cease doing something that invaded people's web pages and their computers. The lesson is that citizen action can make a difference. But citizens have to act for that to be so.
|
|
|||||||||
 |
|||||||||||
