What are banner ads saying about us?

Richard M. Smith has written an excellent piece on what companies can learn about you from banner ads. He writes:

I have been tracking over the last couple of months, what information is being sent from my own computer to DoubleClick ad servers. I chose to focus on DoubleClick because they are largest provider of banner ads
on the Internet. Their servers currently send out more than a billion banner ads every day according to a recent company press release.
I used a packet sniffer to do
the monitoring. I found more than a dozen examples from different Web sites of information being transmitted to DoubleClick that most people who consider rather
sensitive. All this information can be tied to me, because all transmissions to the DoubleClick ad servers also include the same unique ID number in a DoubleClick
cookie. I found both personally identifiable information and transactional data being sent to DoubleClick servers.


Personal data I saw being sent to DoubleClick servers included:


My Email address
My full name
My mailing address (street, city, state, and Zip code)
My phone number

Read on, it\'s scary...Transactional data that was sent to DoubleClick included:

Names of VHS movies I am interesting in buying
Details of a plane trip
Search phrases used at search engines
Health conditions

In some cases, this information was explicitly being transmitted by Web sites to DoubleClick encoded in the URLs of banner ads. In other cases, the data is encoded
in the URLs of the Web page themselves. The Web page URLs are sent to DoubleClick servers as referring URLs when banner ads are fetched.

Except for one banner ad from LifeMinders, all of the data is sent to DoubleClick when I viewed the Web pages. It was not necessary for me to click on the banner
ads for information to be sent to DoubleClick servers.

At some Web sites, I found that personal data is accidentally being leaked in referring URLs. I reported these problems to the sites and they have fixed the leaks
either by removing the banner ads from Web pages or removing the personal data from URLs.

The following tables provide details of the information I saw going to DoubleClick. Personal data and transactional data is color-coded in the URLs.

Personal identifable data sent to DoubleClick

AltaVista Yellow Pages -- Complete home address (Fixed January 2000)Banner ad URL: http://live.av.com/scripts/search.dll?ep=7&gca=address&orderby=distance&sstreet=172+mason+terr&scity=brookline&sstate=MA&szip=02446&scountry=USA&query=sinsa&qname=&sic=&ck=&userid=130782922&userpw=.&uh=130782922,0,&ccity=brookline&cstate=MA&ver=hb1.2.2Referring URL: http://ad.doubleclick.net/ad/my.av.com/findanything;sz=468x60;ord=8089440000RealNetworks -- Registration information (Fixed December 1999)Banner ad URL: http://ad.doubleclick.net/ad/real.networks/banner;sect=download;sz=468x60;ord=4296?Referring URL: http://proforma.real.com/real/player/player.html?RApromo=&language=English&s=1&dc=161514&src=000103realhome%2Cnav%2C991228choice&first_name=Richard&last_name=Smith&email=smiths@tiac.net&country=US&product=&platform=Windows+98&speed=Pentium&connection=256+kbps+xDSL%2FCable&notices=YesHealthCentral -- Email addressBanner ad URL: http://ad.doubleclick.net/adi/www.healthcentral.com/newsletters/main;cat=healthcat=health;;ord=13065Referring URL: http://www.healthcentral.com/newsletters/newsletters.cfm?primaryemail=smiths@tiac.net&NewsLetterType=Specific&Subscription=Dr.+Dean+Digest&x=37&y=12Amazon/Internet Moive Database (IMDb) -- BirthdayBanner ad URL: http://ad.doubleclick.net/ad/www.imdb.com/OnThisDay;p=OnThisDay;sz=468x60;ord=142577Referring URL: http://us.imdb.com/OnThisDay?day=28&month=NovemberTravelocity -- Email addressBanner ad URL: http://m.doubleclick.net/viewad/59705-295964options_old.gifReferring URL: http://dps1.travelocity.com/promoptout.ctl?email=smiths@TIAC.NETLifeMinders -- Email addressBanner ad URL: http://ad.doubleclick.net/click;857127;0-8388608;0;321977;1-468|60;0|0|0;;%3fhttp%3a%2f%2fwww.lifeminders.com/lifeminder30/banner/SignUpDAT.asp?MktgSourceCD=LLQA1943&Email=smiths@tiac.net&image.x=11&image.y=7Referring URL: http://ad.doubleclick.net/adi/altavista.digital.com/result_front;kw=Aureate;cat=stext;ord=3373783

Transaction information sent to DoubleClick

AltaVista -- Search stringBanner ad URL: http://ad.doubleclick.net/adi/altavista.digital.com/result_front;kw=sports+cars;cat=stext;ord=203730346Referring URL: http://www.altavista.com/cgi-bin/query?pg=q&sc=on&hl=on&q=sports+cars&kl=XX&stype=stext&search.x=39&search.y=11Lycos -- Search stringBanner ad URL: http://ad.doubleclick.net/ad/ly.ln/r;kw=sports+cars;cat=;sz=468x60;ord=7088991092?Referring URL: http://www.lycos.com/srch/?lpv=1&loc=searchhp&query=sports+carsTravelocity -- Plane trip informationBanner ad URL: http://ad.doubleclick.net/ad/travelocity.TRAVELOCITY.com/aircairline;orig=BOS;dest=LASReferring URL: http://dps1.travelocity.com:80/lognguest.ctl?SEQ=950480201958005Buy.com -- Movie titleBanner ad URL: http://ad.doubleclick.net/ad/buy.videos.sm/videos-search;kw=enemy+of+the+state;cat=videos-search;sz=120x90;title=1;num=123456?Referring URL: http://www.buy.com/videos/searchresults.asp?searchtype=1&format=1&qu=enemy+of+the+statedrkoop.com -- Health condition informationBanner ad URL: http://ad.doubleclick.net/ad/dr.koop.dart/diabetes;sz=120x60;ord=870204?Referring URL: http://www.drkoop.com/conditions/diabetes/Amazon/Internet Moive Database (IMDb) -- Movie SKUBanner ad URL: http://ad.doubleclick.net/ad/www.imdb.com/Title;p=Title;sz=468x60;kw=76759;g=Sci;g=Act;g=Adv;ord=145171Referring URL: http://us.imdb.com/Title?0076759

Syndicate content