Alarming Privacy Violation
I'm sure I must not be the only one here who invests in Vanguard Funds; they have a reputation for low overhead.
Their website is clearly geared towards IE, the only browser they guarantee to work. Mozilla under Linux usually works though, and that's what I usually do. To do a buy transaction you're shepherded through a series of scrollbar-less windows. They offer you the option to print a record of the final transaction, but you're not supposed to save the html, as evidenced by this bit of javascript:
document.onmousedown=noRight; document.onmouseup=noRight;
function noRight(e) { if (event.button > 1) { alert("Sorry, the right click has been disabled for this application."); return false; } }
Of course, I saved the html: I wanted to store a record on my computer and the above code presented no restriction to me.
Just now I was looking at the html source so I could enter my data into Gnucash, when I saw something that made a chill run up my spine:
<div class="gh"><img SRC="https://ad.doubleclick.net/activity;src=9999;type=vangu99;cat=mfbuy9999;qty=1; cost=999;ord=99999999999;u=99999|Individual|prd;tran=9999999999?" WIDTH=1 HEIGHT=1 BORDER=0></div>
I changed all the numbers to random strings of 9s to obscure my personal financial information (and added a newline to make the formatting less obnoxious), but from the original content it's clear that information about my transaction was sent. To ad.doubleclick.net.
I feel violated. I'd feel really violated if ad.doubleclick.net didn't resolve to 127.0.0.1 on my system.
I guess I'd better go re-read their privacy policy with a fine-tooth comb.
P.S. I know I've read some things before about why Doubleclick in particular is a very dubious entity to trust with one's personal information. I know I can google for it, but if anyone can help me out by pointing me to the best articles to reference in my upcoming complaint to Vanguard, that'd be great.