Get Fiddler that monitors HTTP requests and then go to one of them free email sites like Mail.com and you will see that these sites rotate the add servers and are using 7-12 servers per single page including all the normal ones like DoubleClick but others like Rover.Eay.com are also collecting data but not showing any adverts.

Now comes the good bit.

As soon as you type in your password and usernasme in these free mail accounts and a SSL sesion is started then your browsers gets hit with loads of requests from these servers as you are sent from one server to another and then back to a normal HTTP page on port 80 to view your email.

Why you may ask would these adware servers want to track you since no one gets the time to view any adverts in these few seconds whilst login on?

then answer is clear to me and that is these servers want the referer string that shows the URL of the browser and this includes internal IDs ues by the mails email website and from this information they know each time a person logs in to get mail.

eTags are even better than cookies for tracking and even if you delete all you cookies and history but leave flash cookies intact then your pinned back down within seconds as soon as you go back on-line but even if you know to delete these flash cookies then you are still trapped because any unique ID’s generated in any sites you visted in the past was recorded at the time and the next time this unique ID pops up again then your old tracking id is assigned back to you again.

between ebay, google and Youtube they have you trapped and half the internet trafic is nothing to do with adverts or web pages but is about tracking you.

i could show a few HTTP hedder request here to make the case but it would scroll off the page so take my word for it or have a play with Fiddler and see for yourself.

You are correct – the wording of the ammendments refers to placing or reading of “files” on end user’s terminal equipment not cookies. The purpose of the ammendment was not just about cookies, it was also about drive by malware/spyware via activex, Local Stored Objects (such as Flash Cookies and Silverlight Cookies) and rogue javascript/cross site scripting. So your interpretation that using Flash and eTags will not circumvent the regulations is spot on.

But let me add here that this is actually the fault of the industry not overzealous legislators. The ad industry has been given the freedom to self regulate for decades and they have failed to behave appropriately. Had they followed the rules in the first place – such as obtaining informed consent via opt-in mechanisms in the past instead of burying clauses in terms and conditions to try and circumvent data protection and privacy laws – then they would not be in the situation they are now in and frankly IAB haven’t helped at all.

The current IAB “Best Practise Guidelines” basically stick their fingers up at the law and at the public – which was a dangerous position for them to take. So you can’t blame Commissioner Reding and Kuneva for taking the action they have.

I should remind you also that the UK is already subject to infringement action by the EU commission for failing to enforce EU privacy regulations and I will tell you right now, if the UK fail to transpose the new EU Telecoms Reform Package into UK law appropriately, I will be pushing for the Commission to take further infringement action.

So I would recommend the industry start to behave in accordance with the law instead of trying to circumvent it, because the more they do the latter, the tighter the laws will become and more people like me will campaign for the same.

Alexander Hanff
Head of Ethical Networks,
Privacy International.
Founder of NoDPI.Org