When Vinny Met Sally (Lexis-Nexis' Data Breach And Organized Crime)
Experian Informs Maryland Consumers Of Data Breach

Documenting Opt-out Driven Ad Network Failures

Over at his blog, Christopher Soghoian has documented some major failures of advertising networks that employ the opt-out method. These are targeted advertising programs that automatically include consumers, and place the burden on consumers who don't want to be tracked to opt-out of the program. Some of Chris' findings:

"In the 100+ online advertising firms whose opt-outs I have requested, this is the only one that I've found that requires a CAPTCHA in order to opt-out. By itself, this would merely be an annoyance. However, the CAPTCHA code on their opt-out page is broken, and thus even correctly entered answers are rejected as invalid. Thus, it is impossible to ever successfully receive an opt-out cookie from their site."

And there is another gem:

"Their privacy page makes all kinds of bold promises, such as the fact that their cookies comply with the Platform for Privacy Preferences (P3P). The buttons to opt-in and opt-out are fairly easy to discover, and clearly labeled. Unfortunately, both the opt-in and opt-out buttons link to non-existent pages on their website. Anyone wishing to opt-out is thus met with a 404 error."

Excellent analysis Chris! He rightly concludes:

"... the industry is not doing a good job of policing itself, companies are not performing the most basic form of quality assurance and testing, and it is clear that they are not hiring outside auditors to independently verify that the opt-outs are working properly. This industry is big enough, and profitable enough to not need to depend upon a single motivated graduate student to discover and police its broken opt-outs."

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.