Dear Steve Gibson: PayPal and DoubleClick

November 26, 2007

Vista busy cursor In Episode #119 of the award winning tech podcast “Security Now!Steve Gibson went into great detail about PayPal’s disturbing relationship with the on-line ad business, DoubleClick.

Navigating around PayPal takes users via the DoubleClick domain so the latter can establish a first party cookie relationship with PayPal customers. This enables DoubleClick to track and collect information from the public even if they have opted to disable third-party cookies.

This is the text of my email to Steve today by way of feedback on the episode:


The recent episode on PayPal and DoubleClick got me wondering why the two of them bothered to concoct that convoluted arrangement. The one where PayPal links to DoubleClick so the latter can set up a first party cookie relationship with the user.

They are obviously in bed with each other and snuggled up tight for PayPal to build explicit links to DoubleClick in their website programming. If DoubleClick are that pally with PayPal (is there a term “paypally”?) why do they not just ask PayPal to send them a periodic snapshot of relevant data extracted from their customer shopping history database?

After all, if the terms of their privacy disclosure already allow them to make this data available to DoubleClick through that messy first party cookie mechanism, surely those same terms would cover direct handover of the data behind the scenes. It’s the same data, just a different collection mechanism.

If they had done that, it would not have been traceable and would never have been damaging to their brand, being discussed in negative terms on Security Now!

Finally, if PayPal can get away with privacy terms which permit them to share our data with advertisers in this way, by whatever route, might there not be other on-line vendors who share customer data with advertisers behind the scenes?

If I get a reply I’ll report it on this blog.

AddThis Social Bookmark Button


One comment

  1. great letter, I agree. 🙂

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: