Security Now: Breaking news on information sharing in PayPal-DoubleClick/Google relationship
If you missed Security Now 119: Third Party Cookies last week because it was released on Thankgiving, take another look.
During this show, Steve Gibson goes into depth about how the close business association of PayPal and DoubleClick may be giving DoubleClick (and possibly their suiting acquirer, Google) significant access to PayPal account holders' information. Steve describes something that seems to have been previously unknown or unnoticed -- that PayPal apparently makes it mandatory that its users be tracked by DoubleClick, going significantly beyond the third-party cookies that usually track DoubleClick ads (this applies even to those who turn off third-party cookies).
Security Now mostly caters to IT professionals, and it often has a bit of jargon, but in this episode, Steve goes into great depth during the first 45 minutes to decribe what cookies are and how users can shut off third-party cookies to protect their privacy. However, at 45 minutes into the show, he begins to detail how the PayPal/DoubleClick relationship makes it mandatory (on many key pages) that people be tracked on PayPal even if they specifically turn off third party cookies.
To get to the meat of the matter, fast forward and begin listening at 45 minutes into the show, then go back to the beginning to get the background on the problem. You can also read the transcript of the show at http://www.grc.com/sn/SN-119.htm.
Note: Both TWiT and Steve Gibson's GRC are customers of PayPal.
Update: Here's what one listener responded in an open letter to Steve.
