Miasma in the House of Bite Me

Wednesday, November 27, 2002

While Tom Matrullo raises the issue below, the discussion at the comments on this post go hither and thither on whether the sky is really falling or not. My jury is still out, cuz I tend to like Macromedia, but hate Doubleclick. Still, I was very relieved I have no camera hooked up. I don't believe the reassurances that users will have to click "allow" because we already see the tendencies of interfaces to use default settings and "opt out" clauses that are very hard for newbies to be aware of or even find--these border collie web-style herding exercises online being mostly practiced by Microsoft in setting browser defaults for the helper PLUGINs. Yeah, them again.

Miasma

Informationally Aware Advertising.
This is going to sound perfectly normal or paranoid, depending on where you sit in the Zeitgeist:
You know those ''rich media'' ads on some sites, built in Macromedia's Flash 6? Did you know they can look at you while you're looking at them? Even more, utilizing your computer's cam and microphone, the ads have the technology to broadcast what they see and hear of you to other people, with minimal warnings and safeguards for end users.
Here is how I know this: Last evening, I was reading a Forbes story about AOL, and I hear the sound of a football bouncing inside a DoubleClick ad, promising I can win tickets to the SuperBowl. The ad is for Adiamondisforever.com. Good Bondian name, that.
So I hear and see the ad, made with Flash 6:

"doublead"
Idly, I right click and see "settings." I click on that, and a little screen pops up:

"double settings"
Like photographic dude David Hemmings in Blow Up, I zoom in to read the pop-up, and find this:

"double message"
Curious what is meant by "access," I click on the ? and get sent to Macromedia's privacy page, which says:

What happens if I choose Allow?
If you choose Allow, the application can capture what your camera sees and your microphone hears, until you close the application.
The application may want to broadcast the video and audio to other people who are viewing or hearing the application you are running --for example, during an interactive meeting. The application may also be recording the video and audio for later playback--for example, so someone who can't attend the meeting can review it later.
So the ad with the James Bond name has within it the technology to use our equipment to look at us, listen to us, capture us, and broadcast us to "other people," apparently without having to obtain our express informed consent. And, it's not just this ad. Check any ad made with Macromedia Flash 6 and you'll find the same capability. How is this different from a distributed system of spyware sitting unannounced on the Web?
DoubleClick, which is responsible for the ad, is full of figleaf language, as is Macromedia. (DoubleClick isn't the only firm to use the ads - another is Unicast.com.) According to Macromedia, sites are supposed to tell us about what happens if we happen to have the "allow" setting, but oddly, it is only by a sort of fateful curiosity that I got a clue that this capability is lurking inside this ad. Macromedia has a "settings manager," but how many end users know about it? There appear to be no built-in safeguards or mandatory notification mechanisms (by the way, Macromedia participates in DoubleClick's customer tracking DART program.)
Dare I ask whether this stuff is (a) legal, (b) clearly set forth so that users know what is going on, and (c) the sort of marketing that folks like Forbes want on their sites?
Slightly paranoid afterthoughts: Am I the last person in this age of Total Information Awareness to learn about this? Does John Poindexter know that a web-wide system of spyware is in place? (Probably, since Macromedia has contracts with the Defense Dept. and Air Force) Are there hacks that can turn it on?
Your thoughts welcome.
[Tom Matrullo's Stuff]

12:04:34 AM