Has anyone heard of this before?

For the past few weeks I have noticed every once in a while (about 1 out of 10 times) when I go into my web site a doubleclick pop up banner comes up in a new browser advertising a competitors site! I have no other programs or browsers open when it happens and there is no code whatsoever on my page that would trigger it. I do not sell advertising on my site nor do I have any relationship with Doubleclick. This is really starting to piss me off, not only are they stealing customers and sending thrm to competitors but they are making $$ from showing ads from my site! I cannot figure out how they are doing it but as far as I'm concerned this has to be completely illegal. If anyone has heard of this before or has any idea how they are doing it I would be very interested as I fully intend to go after doubleclick once I figure this out.

It could be a "leaving" popup. If you've surfed to your website from another website, then that can be it. If you are visiting your website first, in a new browser window, then something is fishy.

Steve33,

Are you on a virtual account or dedicated?

Yupp, there can be only 2 things.

1. As teck said, it is a "leaving" popup that opens when you leave a site and enter yours.

2. If you can not find anything in your HTML, then your host is using mod_rewrite to add advertising to your page.

I would look into the first option though, make sure that you open a new browser window with no pages loaded when you type in your sites URL and then see if you still get the popups. Try closing and opening a new browser and repeating the same steps a few times to make sure. Also empty you cookies and history files since some advertisements use cookies to make sure they don't show same add to same person more than once.

Let us know how it turns out.

The pop up is coming from somewhere. They do not just apear if you don't have some kind of code on your site to pull them. It's either a pop up from another site your leaving or you have a banner from somewhere on you site that is also pulling the pop up Such ast Burst or Engage.

The mod_rewrite thing is possible but I have never heard of a host doing such a thing.

Originally posted by zolbian
Yupp, there can be only 2 things.

1. As teck said, it is a "leaving" popup that opens when you leave a site and enter yours.

The first time it happened thats pretty much what I attributed it to, even though it seemed strange because the pop up didnt load until after my site loaded. But my site is set as my default for when my browser opens and the last two times it happened when I opened my browser, in other words I didnt come from any other sites. Whats bad about it is I cannot re-create it, it seems to happen at random.

Originally posted by zolbian


2. If you can not find anything in your HTML, then your host is using mod_rewrite to add advertising to your page.

Highly unlikely since I am on a dedicated server and have been on the same server for over 3 years now. I believe doubleclick has the technology to do this and they are probably using cookies that track habits of surfers. I do recall about 6 months ago receiving an email from an ad agency (don't think it was doubleclick though) telling me they had the capability to show pop ups on competing sites.

Originally posted by zolbian
Yupp, there can be only 2 things.

1. As teck said, it is a "leaving" popup that opens when you leave a site and enter yours.

The first time it happened thats pretty much what I attributed it to, even though it seemed strange because the pop up didnt load until after my site loaded. But my site is set as my default for when my browser opens and the last two times it happened when I opened my browser, in other words I didnt come from any other sites. Whats bad about it is I cannot re-create it, it seems to happen at random.

Originally posted by zolbian


2. If you can not find anything in your HTML, then your host is using mod_rewrite to add advertising to your page.

Highly unlikely since I am on a dedicated server and have been on the same server for over 3 years now. I believe doubleclick has the technology to do this and they are probably using cookies that track habits of surfers. I do recall about 6 months ago receiving an email from an ad agency (don't think it was doubleclick though) telling me they had the capability to show pop ups on competing sites.

Also, I have no banners whatsover showing on my site, and no code at all pulling any URL's outside of my server.

Doubleclick does not, nor does any one else have the technology to put a popup on your site without having some sort of code there. It's simply impossible.

Originally posted by tubedogg
Doubleclick does not, nor does any one else have the technology to put a popup on your site without having some sort of code there. It's simply impossible.

I wouldnt be too sure about this.
Check out http://www.doubleclick.net:80/us/advertisers/media/targeting/intelligent/default.asp?asp_object_1=&?asp_object_1=&

Steve,

They can not put ads on your website without having access to it. Unless your site loads in a hidden frame or something.

What is the URL to your website? Maybe we can take a look and see if this happens to us as well, and if it does maybe we can find the source.

If you don't want to give the URL in public, then feel free to private message me or email me.

I'm going to bed now though, can look at it when I wake up.

Why dont you look at your source code and see if there are any hidden java scripts that should not be there.
Engage media uses pop up banners along with their regular sized banners so watch out for that too.
Some ISPs add pop up to their clients browser too.

Double Click can not and will not hack anyones site to insert their code. They will get busted so fast they cant even click once let alone double click :D

Originally posted by Steve33
I wouldnt be too sure about this.
Check out http://www.doubleclick.net:80/us/advertisers/media/targeting/intelligent/default.asp?asp_object_1=&?asp_object_1=& There's no connection between that and the kind of thing you're talking about. Their "Intelligent Targeting" just tracks which sites you visit that have existing doubleclick banners. Then, they feed you particular advertisers' ads based on that history. There's nothing mysterious or even especially technologically advanced about it.

As an aside, though, it's why I have doubleclick aliased to 127.0.0.1 in my hosts file -- they're not tracking me!

Aloha
I ran a site that did a lot of advertising and we ran through a network that would sometimes do pop up ads the only line that would effect this was a link to the JS on there site so look for that
they would tell us a bout it though so it was OK for some places

def something double click has in your ad code you are using

Originally posted by JayC


As an aside, though, it's why I have doubleclick aliased to 127.0.0.1 in my hosts file -- they're not tracking me!

Hosts File? I am on OS X. How do I do that? These ad places are scaring me Sh*tless. I am getting to the point that if I had to start all over on the Itnernet, that I would have a dedicated computef ro surfing only. Then I am somewhat safe.

I recently ran into an issue like this on my own system. While surfing the web, and sometimes while not surfing the web, I would get random popup ad boxes. They differed from the normal popup in that there was no title and the bar with the 'x' was very small.

After installing ZoneAlarm, I noticed some unknown program trying to access the Internet. After further investigation, it turned out that this program was installed with another application without my consent and was designed to run in the background and randomly connect to some web server to pop up an ad.

Since I removed that program, I haven't had a single ad pop up on my screen. The only two programs I had installed on my workstation that I didn't have on my laptop (which didn't get the popups) were BearShare and WeatherBug, so I suspect this was installed with one of those.

Unfortunately, I don't remember now what the program itself was called, but it had its own directory in Program Files with only a couple files in it. You may want to investigate and see if this might be causing the problems you describe.

Hope this helps.

Aloha

yeah Iknow the program you are talking about can not remember it this second
but try here for some links to find out about it
http://grc.com/su-reading.htm

http://65.108.0.105/cgi-bin/ikonboard/forums.cgi?forum=1

http://www.lavasoftusa.com

Originally posted by Mac Write

Hosts File? I am on OS X. How do I do that? I've never done it on a Mac, but you'd use a file called Hosts, placed in the Preferences folder.

More info (for every OS) is at http://www.ecst.csuchico.edu/~atman/spam/adblock.shtml

Originally posted by Steve33
I wouldnt be too sure about this.
Check out http://www.doubleclick.net:80/us/advertisers/media/targeting/intelligent/default.asp?asp_object_1=&?asp_object_1=&Quote from that site:Your target audience will see your marketing message on any DoubleClick Network site (Brand and/or Audience)(emphasis mine) That clearly says that they put it on their network, not on just anybody's site. I have no idea where you're getting the idea they can put popups no your site without you knowing about it from that page.

Originally posted by tubedogg
Quote from that site:(emphasis mine) That clearly says that they put it on their network, not on just anybody's site....


A minor clarification... there are many sites that use DoubleClick to place the banner ads, and you would not associate DoubleClick with those sites. For example, www.foodtv.com

Whenever DoubleClick places a banner ad on a site, then your PC has a connection to DoubleClick and that site is a "DoubleClick site". Some of the sites that DoubleClick partners with pass info about the users back to DoubleClick so that DoubleClick can build up a demographic database on people who surf the web and their surfing habits. DoubleClick is also in the process of tying that info into a database they recently purchased that contains names, addresses and phone numbers.


My firewall (AtGuard) used to pop up a window whenever my browser tried to access DoubleClick, but that became so annoying that I just configured it to block the host ad.doubleclick.net 100% of the time.

Originally posted by tubedogg
I have no idea where you're getting the idea they can put popups no your site without you knowing about it from that page.

Simple, because IT IS happening to my site. I know it sounds crazy but I have no reason to make this up, and I have ran websites and servers for over 7 years and although I am by no means any type of expert I think I know enough to know that something screwy is going on. I would not have started this thread if there was any doubt about it. I may be nuts but I'm not stupid :D

What I believe is happening is doubleclick places a cookie on a users computer that tracks the sites you go to, and when you visit certain type of site enough times it recognizes that you fit that type of audience and thus targets you with that type of ad. Thats the best I can come up with. My friend went on my site and no pop up came up and he thought I was losing it, but then he was over here yesterday and saw it for himself. Doubleclick has the technology to do this, they did not get sued by the Govt for tracking users for nothing.

Let us see your site's URL. Probably you just have some adware which is always running and pops up ads every once in a while. I dunno. But a popup cannot appear out of thin air. It just can't.

There isn't some sort of Doubleclick conspiracy here, they can't alter your site's contents to show their ads or anything.

Well if it's only happening to your computer that could be a clue that there's something on your computer doing it. The cookies store info, they don't run anything themselves. You might want to try out zonealarm and adaware (the lava link stated above). Doubleclick does track you from sites that have their ads put in by the webmasters, but beyond that you'd have to have had another program put onto your computer.

Originally posted by Steve33
Simple, because IT IS happening to my site.I didn't say it wasn't. I asked how you gathered that they have the technology to do this based on the page you linked to which has nothing to do with what you're describing.
What I believe is happening is doubleclick places a cookie on a users computer that tracks the sites you go to, and when you visit certain type of site enough times it recognizes that you fit that type of audience and thus targets you with that type of ad.Doubleclick cannot launch popups without one of two things happening: A) you put code on your site, or B) You download a program that pops ads up. They cannot pop an ad up via cookies; trust me, it is technologically impossible.Doubleclick has the technology to do this, they did not get sued by the Govt for tracking users for nothing.They got sued because they were tracking users which does not in and of itself allow them to launch popups, and it might have been part of that merger where they were going to marry their data with an offline database of customer info form like 90 million people. Cookies, despite what everyone says, are benign. They cannot start programs, they cannot take over your computer, all they can do is store bits of information (up to about 4KB IIRC). Unless you installed a program (or put code on your site or in your browser) that allows them to pop up windows whenever they feel like it, there is another explanation for this besides yours.

One other thing. They also cannot read the cookie unless there is code that reads it and sends the info back to their server somewhere on the page or in your browsers' code. How exactly are they supposed to read the cookie if there is no code to send it to their server? If you are on your site and do not have any code from DC on your site, then they cannot read your cookies out of thin air. There has to be a direct link from some code somewhere to them for them to read your cookies and do anything about it (which does not include popups without code, btw).

To prevent any further confusion or paranoia about cookies, as tubedogg said himself, they are harmless. Cookies and tracking via cookies doesn't do anything and can't. You don't have personal information in your cookies file. No one can get your name, address or phone number from a cookie. The only way they could, is if you went to a site, submitted information and that wrote the information to your cookies file. However, the way cookies work, is that only the site (well, the domain) can read the cookies. If you submit your name, password, phone number, CC number, or whatever to members.xyz.com, then there's no way doubleclick.com or any other such company can grab this information. All they can do, is track what IP address hit what site their banner happens to be on.

If your cookies file says you've been there before, then is can use that information -- but only what it written to and read from their own site -- which is what the banner is calling from. I don't know why people worry about cookies at all, unless you actually went and submitted some information to an ad company, they don't have any information, know who you are or anything. They just know that someone from a certain IP accessed a site and can know if you've been there before. I fail to understand why they'd be sued over that. There's _nothing_ in there that can be harmful. They can't launch or execute anything, other than on the site in question -- if the site has a program that does something if you've had a cookie written before (or not) -- and that will only do something dynamic on the site in question, not you or your site or your computer. The only thing that makes cookies a risk are a few things;

#1: Storing information on a public computer in the cookies file with clear text or poor encryption.

#2: If a site is something.whatever.com and that site writes a cookie to your browser as .whatever.com, then if you visit someoneelse.whatever.com, that site can grab your information from your cookie file, just as the something.whatever.com can. To avoid this, of course, is up to the site by writing the cookie as subdomain.domain.com, instead of just domain.com. Of course, if there's a site called somethingelse.something.whatever.com, they too could read the cookies. However, that is up to the site and how they assign sub domains and to whom. This is a possible problem, but rare.

Other than that, there's no worry or risk and any site that will store important information, isn't going to have someone else with a subdomain on their tld domain anyway. Cookies are not the issue or problem, or cause. They are basically pointless and harmless and they just keep track of completely meaningless information for the sites that want to use them and remember information for you. I've seen a lot of people disable cookies for years and claim all sorts of things, yet they are completely pointless and are the cause of no worries at all. You can, of course, simply disable cookies, and there's also an option on some browser's (Netscape, for example) that allows you to say "Accept all cookies", "Accept cookies only if they are from the originating server" and "Disable cookies". If you choose the second one, I believe that if you visit xyz.com and they write a cookie to your browser, it will be normal, but if xzy.com serves banner ads and that ad company tries to write a cookie from your browser, it won't let them, since they are trying to do so in a manner that is basically embedding their server call within a banner that isn't from the server in question. I might be wrong about that exactly, but I wouldn't worry anyway.

There's no way anyone can get or track any information about you personally, unless you submit it or are a victim of some program on your system that locally grabs and sends this information somewhere ... and cookies can't and don't do that. Cookies are simply a text file and only accessible from the server that wrote the cookie in the first place. It provides nothing you don't provide yourself, willingly. If the site you submit information to writes a cookie without you wanting it to, then I wouldn't worry too much anyway, since the fact you're submitting that information to a site anyway, means they already do (or can if they want) have it anyway. Of course, I'm not saying that anyone said they were worried or that anyone can, would or could happen like any of what I mentioned people worry about, but I got the impression by a few posts, that people were, and it's ridiculous to think cookies are any threat or mean anything at all.

For once I agree with Mr. Greer. :D

Originally posted by tubedogg
For once I agree with Mr. Greer. :D

For once? ONCE!? OOONNNCCEEEEEEEE!???.. I... I.. *pause*.. *...quietly sobbing in the corner...*

::hands Tim a slice of homemade 7-up bread and a lollipop::


Steve, what software did you install around when this all started to happen?

7-up bread??? :shudder: What, may I ask, is that (not entirely sure I want to know)?

*pats Tim on the head* I'm not sure if you're upset cause I only agreed with you once or cause I did agree with you but either way I promise I'll never do it again. ;)

Originally posted by Tim_Greer
To prevent any further confusion or paranoia about cookies, as tubedogg said himself, they are harmless. Cookies and tracking via cookies doesn't do anything and can't. You don't have personal information in your cookies file. No one can get your name, address or phone number from a cookie. The only way they could, is if you went to a site, submitted information and that wrote the information to your cookies file...


There is one crucial point that you have missed in your otherwise excellent explanation. The site that has the DoubleClick banner ad (or the 1x1 pixel DoubleClick web bug) can share info they have about you with DoubleClick. If you read the details of the so-called privacy agreements on most sites, you will see that the site is allowed to share info about you with third-party business affiliates (i.e., DoubleClick).

Now Doubleclick is starting to build a raft of personal info about you because of this information sharing. And soon they will be tying it with things like phone directories because of a database they have purchased. So what used to be tied to a cookie on your PC will soon be tied to your name, address and phone number.

Give us your URL, and let us figure out if it's just your computer, or if something else is happening to your site.

It does no good to bash doubleclick(although I will agree they can always use a good bashing), if they're not the ones responsible.

Most simply:

No further conversation should happen about this until more people than just you can say they have seen the offending ad.

Well give'em a chance to respond, be it a day or a week. Not everyone lurks over the boards every 3 minutes like some of us. :)

7-up bread is a poundcake that uses 7up to make it rise. Got the recipe from my grandma... it's a lemony flavor, but it's got a cocaine-like addiction (and no, the white powder in it isn't nor has it ever been cocaine).

Originally posted by tubedogg
7-up bread??? :shudder: What, may I ask, is that (not entirely sure I want to know)?

*pats Tim on the head* I'm not sure if you're upset cause I only agreed with you once or cause I did agree with you but either way I promise I'll never do it again. ;)

To be honest, I didn't know what you were talking about, but I just had to choose some type of emotion... :-)

Originally posted by Mike the newbie



There is one crucial point that you have missed in your otherwise excellent explanation. The site that has the DoubleClick banner ad (or the 1x1 pixel DoubleClick web bug) can share info they have about you with DoubleClick. If you read the details of the so-called privacy agreements on most sites, you will see that the site is allowed to share info about you with third-party business affiliates (i.e., DoubleClick).

Now Doubleclick is starting to build a raft of personal info about you because of this information sharing. And soon they will be tying it with things like phone directories because of a database they have purchased. So what used to be tied to a cookie on your PC will soon be tied to your name, address and phone number.

I guess I should read next time, before I open my mouth. I wasn't aware they were doing that. How did they implement it (if you know how they did) to allow doubleclick to grab this user's cookie written from the site that had doubleclick's image? or, are you simply saying that the site just gives doubleclick the information, having nothing really to do with cookies? Or, finally, are they allowing (somehow) doubleclick to have information sent from their site when it does read a cookie -- or simply allowing doubleclick to have the cookie written, instead of from the site hosting their banner/image? I hope that wasn't too confusing. Still, it does come down to what information you submit yourself in the first place, but I can see the issues with people wondering if they should use a shopping cart or something at some site that they aren't even aware is affiliated. Well, that sucks.

STOP!

Tell us how to make 7-up bread!
We want it now!

Thanks!
Domenico ;)

Originally posted by Tim_Greer
I guess I should read next time, before I open my mouth. I wasn't aware they were doing that. How did they implement it (if you know how they did) to allow doubleclick to grab this user's cookie written from the site that had doubleclick's image?

When you contract with DoubleClick to have them place banner ads on your site, they give you a chunk of html (some times JavaScript) to place on your page. Each time you page is viewed, the DoubleClick code that is on it runs. That makes a connection to the DoubleClick server (usually ad.doubleclick.net or ln.doubleclick.net) to download the banner ad's image and to place/update/retrieve the cookie on your PC. It does not matter what site you are on, so long as the site has a DoubleClick banner ad then DoubleClick can place/update/retrieve the cookie on your PC. To see for yourself, look go to www.lycos.com and then look at the source for that page. You'll more than likely see the like to a DoubleClick server.
or, are you simply saying that the site just gives doubleclick the information, having nothing really to do with cookies?
This is correct. Part of the info given allows DoubleClick to associate the site's user with the cookie.

Still, it does come down to what information you submit yourself in the first place, but I can see the issues with people wondering if they should use a shopping cart or something at some site that they aren't even aware is affiliated. Well, that sucks.

When I signed up for Lycos and Yahoo "membership", I gave them wack-o demographic information. If they would not let me leave the form until they got my ZIP code, well, they got a ZIP code. I have no idea where that ZIP code is, but they got one for me. :)


If you want to see something really onerous, go to www.webtrendslive.com, and let the page load. Then look at the source code for the page. Down near the bottom you'll see that they have captured the following info about you are are sending it back to their servers:
[list=1]
browser name
browser version
referrer name
user langauge
cookies enabled?
operating system
screen resolution (e.g., 1024x768)
color depth (e.g., 16-bit color)
java enabled?
a list of all the plug-ins that your browser has installed
[/list=1]

WebtrendsLive was a service that www.news.com (a popular computing news site owned by cnet.com) was using.

And yes, it does suck that this is going on.


__________________
Now, where's that recipe
for 7-Up bread? :D

Well, I'm glad that there wasn't something really nuts going on that I wasn't aware of. Okay, it sucks they are sharing information, but it's good that it's not some deal where they are working with sites to grab important cookie information. As for any information that sites get from me. They'll get my OS, browser type and IP. Everything else will be blank or disabled. I don't disable it for privacy reasons or anything, but simply to not wait for things like images, Java applets and the like to load. I want content (text) via text or HTML. I don't care for anything else, nor do I care to go about having me browser crash either.

If I want to see something, I'll enable the relevant options and reload the page. So, I miss out on all the fun, it seems. I'm about to just go with Lynx exclusively -- of course, Lynx has supported cookies for a while now too and I don't care to be prompted all the time. Well, back to command-line for me! :-)

Aloha
I guess all that info can be good for designers
like the program browser hawk
also you ever check out everest ?
http://www.zdnet.com/devhead/static/rick_scott/everest2/ev2demo.html

we were grabbing all this and sticking it in a mail to us about users tha thit our tech page ??
helped us out a lot

Originally posted by Tim_Greer
Well, I'm glad that there wasn't something really nuts going on that I wasn't aware of. Okay, it sucks they are sharing information, but it's good that it's not some deal where they are working with sites to grab important cookie information. ...


As you mentioned, cookie information is not all that important by itself. It is the tying of that information across the sites that you visit and with other personal information available, and the tracking of the sites that you visit that start to concern me. Also of concern is what Amazon recently did, they unilaterally changed their privacy policy (making it much less protective of my personal info) without giving anyone the opportunity to remove their personal information from Amazon's databases.

While the information garnered by Doubleclick and WebTrendsLive (and others) may be good for the marketeers or the developers, the fact remains that my information is taken without my explicit OK to do so. And WebTrendsLive could harvest far more info via JavaScript if they desire.


Like you, I disallow active stuff from loading when I browse sites. My firewall software (AtGuard) allows me to specify on a site-by-site basis whether or not to allow cookies, activeX, java and/or javascript. My default is to disallow, with overrides to allow as needed.

I also use the Opera browser, which is far better than MS Internet Exploiter regarding privacy issues.

I am working to protect my users of my sites privacy. I have gone away from using Listbot, then Bravenet for my sites mailing list, cuase I felt that they were probably selling the e-mail addresses.

So this week, I finally found a good FREE PHP/MySQL mailing list, and am now using it.

My site also has No Ads on it. The only 2 banners. are for banner exchanges. Now that I think about it, I am scared to know what info BCentral collecteds.

The only think that is not internal on the site, is Web Trends Live for tracking site traffic.

What's wrong with knowing peoples platform, OS, Resolution, and country of origin. And also who refered them?

Is that info too personal? It's generic. The only thing I really need to know, is there refering URL.

So if WebTrendsLive is not good, then what traffic tracking place is that is free? I am on Raq, and it's logs aren't good. I need consistent tracking info, and that why I have used WebTrendsLive since the site opened.

http://www.macwrite.com

Apropos article from my local newspaper...

http://www.newstimes.com/cgi-bin/dbs.cgi?db=news&view_records=1&id=10156

Originally posted by Mac Write


Hosts File? I am on OS X. How do I do that? These ad places are scaring me Sh*tless. I am getting to the point that if I had to start all over on the Itnernet, that I would have a dedicated computef ro surfing only. Then I am somewhat safe.

NetInfo Manager can be used if you're not using Mac OS X in "single user mode". The easiest way is to use a browser call "iCab" (http://www.icab.de). iCab has an excellent image and inscript filter to block banner ads (the ALT text still appears) and kill those nasty popup windows. Even though it's beta and has some flaws (like crashing during some SSL connections) it's still a great browser. I use it for 95% of my web browsing.

pherris