Slashdot Mirror

thaJungle was the first to pass along the buzz. "Looks like owning all the bandwidth in America isn't good enough for Verio; they apparently want to own WHOIS as well. In fact, they trademarked it..." Well, not exactly. I talked to Verio PR and legal. They own "whois.net," and when they filed to trademark that, they filed for the standalone name too as a matter of course. Since there's just a bit of prior use, the registration was rejected; aware now of its history, they're dropping the application. Update: 02/05 by J : Brian McWilliams has a more informative and skeptical story at internetnews.com.

Brian writes, "Today InternetNews.com broke a story about a Russian cracker who claims to have stolen 300,000 credit cards from CDuniverse.com. After failing in an attempt to blackmail the company for $100,000 to keep quiet, the cracker posted the cards at his site."

Jason Shindler writes "Looks like Yahoo! is back on the "real" bandwagon -- they will continue offering Real as an option to broadcast.com customers. Slashdot earlier reported that they were switching exclusively to Windows Media Player (yuck!)" Internetnews.com story here. Another quick followup: Fox got lambasted here on Slashdot earlier this month for denying www.fox.com access to people who don't use Windows or Mac operating systems. Later they apologized and said they'd fix the problem. They have kept their word. Thanks, Fox people!

CyberLeader writes "Apparently CDNow has patented the ability to create a custom CD over the Web." Insert appropriate sarcastic comment here. And I've actually patented respiration, so if everyone could send me a small royalty fee whenever they breathe, that'd be great.

After last week's TRUSTe story, I spoke with TRUSTe's Dave Steer about my concerns with the organization. A slightly clearer picture of TRUSTe's role emerged, but few of my concerns were allayed. Click for more.

First, the week's news in brief. There has been a class-action lawsuit filed against RealNetworks. Then there were two lawsuits - no, make that three lawsuits. Their stock faltered, then rallied, and is now about 40% above the day the privacy news broke.

Strangely, TRUSTe removed its press release "TRUSTe and Real Networks Announce A Pilot Software Privacy Program" from its News page on Saturday, along with one other, replacing them with an older one. There's no indication this has anything to do with the bad press of the last week.

Dave Steer had written a rebuttal to last week's story, but it is unfortunately still not available. If and when the rebuttal is published, we'll update this story with a link to it.

Now for the issues at hand. In our conversation, Dave wanted to make two key points. The first is that TRUSTe is not a "consumer advocacy group," the phrase I've been using. The second is that their press release regarding RealNetworks was a landmark decision, a culmination of six months' worth of their realizing that they have to move in a new direction.

If TRUSTe is not a consumer advocacy group, that raises the question of what it is. I didn't get a very clear answer from Dave on this. Its website says:

"The TRUSTe program was designed expressly to ensure that your privacy is protected through open disclosure and to empower you to make informed choices."

The "you" and "your" means you - the consumer. TRUSTe claims it was designed to empower and protect you.

But it's not going to do this by punishing corporations for privacy transgressions. TRUSTe is all carrot and no stick. The carrot is that, after a corporation has been caught breaking the rules, it can restore its damaged reputation by cooperating with TRUSTe: issuing a press release, taking some simple steps to improve the situation, etc.

This is a fault that's built into the way TRUSTe was set up: a design problem. There are some questions of poor implementation as well. After the March 1999 revelation of Microsoft's secret GUIDs (user-tracking technology that can lead the cops to your door), TRUSTe went to them and asked for action. Not punishment of any kind - all they asked for was an audit.

And according to Dave, "Microsoft said no."

How could Microsoft make TRUSTe back down? The poor implementation is that TRUSTe's contract with Microsoft, and with RealNetworks, and presumably with all its 750+ licensees, makes a distinction between privacy violations that take place over the web, and others. Companies that steal consumers' privacy through non-web-related technology are not covered under paragraph 5A of the TRUSTe License Agreement.

Paragraph 5C, however, allows TRUSTe to break the agreement and void the trustmark, for any reason. If it had wanted to pressure Microsoft, this would have been the threat to make: terminating the contract, and going public with a condemnation.

But that wasn't TRUSTe's goal. Although it claims:

"...licensees agree to cooperate with all TRUSTe reviews and inquiries. If we cannot reach a satisfactory resolution ... [this] could result in a Web site compliance review by a CPA firm, revocation of the trustmark, termination from the TRUSTe program, breach of contract proceedings, or referral to the appropriate federal authority."

...it will never take these steps. Microsoft refused to cooperate because the carrot wasn't big enough - so TRUSTe offered them a bigger carrot. RealNetworks scanned its users' hard drives for private personal data, uploaded it to their servers, and blatantly lied about it. Short of actually stealing our credit card numbers and running up a tab at the Sharper Image, it is hard to imagine a more serious violation of privacy. Yet TRUSTe went to them hat in hand, asking to be allowed to collaborate.

Those contracts that give TRUSTe no authority over non-web privacy violations? That's not a bug - that's a feature. Even when it has the right to take serious action, a right TRUSTe grants itself in paragraph 5C, it chooses not to use it. Design problem.

Corporate invasion of personal privacy is not a win-win situation. This is a war in which TRUSTe will often have to take sides. Learning that it backed down from Microsoft and had to haggle over even the audit it wanted to impose was an eye-opener. Chris Larsen, the CEO of E-Loan who revealed the behind-the-scenes haggling, described his company as "very concerned" about TRUSTe's inability to address the issue.

In fact, I never would have heard about that if not for the Slashdot comment where Seth Finkelstein called attention to it. It's not confidence-inspiring that TRUSTe has refused to allow any negative information on its homepage, in its press releases, or in its statements of findings. The constant comforting message leaves me uncomfortable.

Dave's second point was that this collaboration - on a new program which will cover non-web as well as web violations of privacy - heralds an important new direction in TRUSTe's history. Now that they have enough licensees to pay the bills, they are not beholden to any of their sponsors, and can start to take a harder line. And they can renegotiate their contracts to fix the web/non-web distinction.

I'd like to believe that's true. But the heads of TRUSTe surely know that, if they ever started condemning corporations' privacy violations instead of collaborating with them, renewals on their contracts would dry up. Corporations love to enter agreements with organizations which give them good press. Organizations that give bad press get ignored at best.

TRUSTe's reputation for lax enforcement is surely part of the reason they now have 750 licensees. It would be a very different story if the carrot ever got replaced by the stick.

I could be wrong. But TRUSTe's actions support this view even if its words don't. RealNetworks needed to be slapped, hard - but now it's up to the lawsuits to give the company a reality check.

Sure, TRUSTe may have helped RealNetworks figure out the proper reaction in this case. But it has 750 other licensees that all got the message loud and clear: whatever you do, TRUSTe will not chastise you. There is no incentive to do the right thing. By its actions, TRUSTe encourages corporations to violate privacy when they think they can get away with it. This will happen again - and it will be the same story each time.

And it may happen sooner rather than later. The most frightening thing I've heard all week was Dave Steer's offhand comment that programs like RealJukebox are probably more common than we think. That makes it all the more ironic that TRUSTe is unwilling to put consumers' interests first.

EraseMe writes "Sucks. A quick whois shows that a whole slew of offensive domain names are owned by the Central District of California US District Court. Is this an attempt at using our tax dollars towards lucrative purchases, or simply a censorship of our global freedom?" The second, but not in the way that you think. The court holds the domains because there's an ongoing suit which is challenging Network Solutions' refusal to register domains based on the Pacifica "seven dirty words" case. It was covered a few months ago in various news outlets.

Even more interesting is NSI's practice of refusing registrations to some registrants but granting them to others. Various registrants tried to register "nigger.com", and were refused, before NSI permitted the NAACP to register it (although why the NAACP wants to be associated with nigger.com is hard for me to grasp). Why do some organizations get special treatment for registering domain names?

Wired 2000 writes "A news article on InternetNews reports that Network Solutions plans to sell ad space on the WHOIS database, which raises the question whether NSI is allowed to profit off a database which they no longer own, particularly the highly trafficked WHOIS database. "

SEWilco writes "An InternetNews article reports that Joker.Com is offering lower prices for domain registration. About US $43.50 for .com, .net, or .org for the first two years. " Hmmm...I guess I never considered the domain price to be the outrageous part-but declining prices are always nice.

SEWilco writes "An InternetNews article reports that Joker.Com is offering lower prices for domain registration. About US $43.50 for .com, .net, or .org for the first two years. " Hmmm...I guess I never considered the domain price to be the outrageous part-but declining prices are always nice.

Ethan Butterfield writes "Looks like the days of wine and roses are over for @Home subscribers. A global 128k upload rate cap is @Home's solution to their chronic bandwidth problems. Man, I'm glad I have DSL. " Even 128k seems fast to me, but this article will definitely raise your eyebrows.

There's increasing reports coming about the state of US Government's Internet Tax Committee. The committee, which stopped meeting about six months because of squabbling is back talking again about a way to acheive "tax-neutrality", meaning that all those nice tax free sales may be gone in the next few years.

Michael Fischer sent us an interesting story about AOL using trademark leverage on African-America OnLine Search, which had been registered in Sept of 1998 as aolsearch. AOL wanted to use it as the search location for their web site, although it does not seem to be currently in use. The {former} owner of the domain is accusing of Network Solutions of "an arrogant, indifferent attitude" to the problems surrounding the dispute.

webmaven writes "Check out This story in which Esther Dyson accuses NSI of stalling the switchover to ICANN. " What, you mean we have to give the internet back? How's that fair? Poor NSI *cough*.

Mikey writes "An InternetNews article about a decision by a Virginia federal court declaring domain names are property" Why is the courts allowed to decide this? Isn't it really Al Gore's job? (rimshot)

lc writes "There is some kind of macro virus floating around that steals PGP keys off a user's computer and uploads them to a remote FTP site. " So a macro virus is a flaw in PGP? Neat. Methinks if you've got macro virus's running rampant in your machine, you've got bigger problems. Like Word for example.

joem writes "I guess the pentagon has been releasing things like the names and addresses of generals involved in anti-terrorist missle attacks, as well as floorplans to their offices on the www. They are beginning to realize that this may be a Bad Thing. It's kind of funny that they are just clueing in to this fact. "

This link tells of how Hotmail, one of Microsoft's recent acquisitions is taking on spammers. Basically Genesis Networks and a few other naughty companies have been forging spam headers with replies going to hotmail.

Sengan Baring-Gould sent me This Article talking about Netscape, it's roll now that it's code is free, and the business behind it. Not much for the code jockey nerd, but very interesting from the perspective of the web in general.

Leonard Richardson wrote in to tell us about new pressures between the Justice Dept and Microsoft. This new case is all about how Microsoft is using their Operating System Control to gain market share in each new technology as it pops up (Office Applications, DirectX, Internet Applications. The list is huge). Check out this story for more information.

Wesley Lemke wrote in to let us know that Internet News has another article reporting that Apache is still the number one web server on the net, with over 50% of the net using their code to serve up their pages. Both NS and MS both claim to be the leader, but the let the truth be told.