Slashdot Mirror

So Facebook should be allowed to host videos of child rape?

Well, in this particular case no rape was involved. I haven't seen the video, but apparently it depicted a drunk girl in some state of disrepair. We also know that it was used to further haunt that girl.

I chose an extreme example to illustrate the point but the issue remains that the publisher (in this case facebook with the 'authors' being the minors who uploaded the videos) must be responsible for what they publish. If a newspaper or television station publishes something they shouldn't they are expected to publish a retraction (and possibly pay reparations, depending on what it is).

The issue for me isn't so much this girl in particular, as that Facebook is not following a law specifying that there can be no contracts with minors - which they are ignoring (for all intents and purposes) to make money.

But to answer your original question... I think nobody can be "allowed" to host illegal materials. The one that you threw in as an example would classify as illegal. Providers are immune from prosecution as long as they don't have a positive censorship system. Some forums are moderated, and therefore have such a system. The provider of an unmoderated forum has to remove the illegal material as soon as they are informed about its existence. The poster may be prosecuted for distribution of an illegal material.

One question to ask would be what FB people knew, and when they knew it, about this video. Did the girl complain to FB? If she did, and FB people did nothing, that would be bad. If the girl did not complain (didn't know that she can, for example) then FB had no way to know that a certain video, one out of millions that are uploaded daily, is causing problems.

I don't disagree with you on this. It isn't relevant to the general issue of whether minors can have accounts without their parents' permission though (the contract thus being with the parents and not with the minors).

Facebook has every way to verify the age of someone who wants an account - they just don't want to bother because there's a cost associated with it.

Most likely because they do only what the law requires.

Depends on whether having an account which requires signing terms & conditions (even electronically constitutes a contract. If it does, and I believe it does, then they are not doing what the law requires.

Gaming sites, for example, just ask to enter your birth date. You can enter whatever you want. Is the law insufficient? Perhaps. But that's the best law money can buy.

Just because that's the way they do it does not mean that it is following the law to the extent required by the law. The law does not say "You must ask the age of someone before you enter into a contract with them". It says (paraphrasing and generalizing) "You must not have contracts with minors".

We could equate the selling of alcohol or cigarettes to minors. The vendor must do more than just ask the age and take the buyer's word for it- it must not sell to minors. And if the vendor makes an error, it's the vendor that pays the fine.

In most cases the age cannot be verified without an interview where government-issued documents are checked. Can you imagine how much *that* would cost? Can Slashdot afford that, for example? For a registration from Central Africa? You'd have to send an expedition to conduct that interview. Will the civilization be better off if Web sites refuse to accept registrations from 3rd world? Or, perhaps, the society as a whole benefits from free access to information; and if that information is too much for some - that's sad, but we won't keep millions of adults in diapers. Don't hold millions of responsible children hostage just because one or two, somewhere, were not responsible. Make sure

So Facebook should be allowed to host videos of child rape?

Well, in this particular case no rape was involved. I haven't seen the video, but apparently it depicted a drunk girl in some state of disrepair. We also know that it was used to further haunt that girl.

But to answer your original question... I think nobody can be "allowed" to host illegal materials. The one that you threw in as an example would classify as illegal. Providers are immune from prosecution as long as they don't have a positive censorship system. Some forums are moderated, and therefore have such a system. The provider of an unmoderated forum has to remove the illegal material as soon as they are informed about its existence. The poster may be prosecuted for distribution of an illegal material.

One question to ask would be what FB people knew, and when they knew it, about this video. Did the girl complain to FB? If she did, and FB people did nothing, that would be bad. If the girl did not complain (didn't know that she can, for example) then FB had no way to know that a certain video, one out of millions that are uploaded daily, is causing problems.

Facebook has every way to verify the age of someone who wants an account - they just don't want to bother because there's a cost associated with it.

Most likely because they do only what the law requires. Gaming sites, for example, just ask to enter your birth date. You can enter whatever you want. Is the law insufficient? Perhaps. But that's the best law money can buy.

In most cases the age cannot be verified without an interview where government-issued documents are checked. Can you imagine how much *that* would cost? Can Slashdot afford that, for example? For a registration from Central Africa? You'd have to send an expedition to conduct that interview. Will the civilization be better off if Web sites refuse to accept registrations from 3rd world? Or, perhaps, the society as a whole benefits from free access to information; and if that information is too much for some - that's sad, but we won't keep millions of adults in diapers. Don't hold millions of responsible children hostage just because one or two, somewhere, were not responsible. Make sure it's they who are punished, not thousands of innocent users.

There is yet another reason to that. You cannot, technically and physically, protect everyone from everything. Once you achieve some level of protection, another idiot discovers how to bypass that protection, and you are back to square one. If idiots are not fought against, you will get more of them. It's far more advantageous to not let idiots run free. Idiots must be contained, and punished as a lesson to others. In the end you will get fewer fools, and you don't need to infringe on rights of honest and careful people.

If the company takes reasonable efforts to simply block users from the states implementing these laws, they most likely can't be held responsible for any of it.

First, block IP ranges known to be entirely within the states.

Secondly, employ something similar to the "bump out" trick that's used to avoid COPPA liability: offer in your registration form the ability for people to select one of these proscribed states, but when they do, inform them the site is unavailable to them (only after they make a selection and submit a completed form), and set a cookie on their computer preventing them from trying to fill out the form again.

From a technological standpoint, the above is ludicrous and trivial to work around, but legally it's sufficient. (The law is often ludicrous and trivial to work around; this is a good thing.) Employing the "bump out" trick places the legal onus on the user, not on the site -- the site made a good faith effort at compliance, and if the user is trying to get around it, it is he who is breaking the law, not the site. Hear no evil, see no evil.

In addition to the above, on the "Sorry, we're not available in your state" page, make it clear to the user that the only reason it's not available is because the state has a law preventing the site from operating in its jurisdiction. This would raise awareness of the law and hopefully put pressure on the state to repeal it.

Of course, as was already pointed out, MySpace is owned by Rupert Murdoch, so the company is probably complicit in this whole thing. Expect to see a lot of self-righteous noise emanating from MySpace spokesmen (like the quotes in the article), and then watch as they "reluctantly" concede and go along with it.

StopBadware has standards that are tougher than the usual "it's OK if the EULA says it is". That's been the problem with TrustE's Trusted Download Program, which is a whitelist for supposedly "good" badware. Then there was the Microsoft/Claria debacle.

Unfortunately, StopBadware thus far has a very short list of "badware". They need to be listing perhaps a few hundred items. So start sending in those reports. They need technical info on "badware".

What StopBadware has is legal support. They're backed by the law schools of Harvard University and Oxford University, and by Consumer's Union. They're not likely to cave just because some company sends they a threatening letter. In fact, for a company to sue StopBadware when they have a weak case could be disasterous for the company. It would open the company to discovery to determine exactly what their "badware" did, with executives and programmers forced to testify under oath.

Yes, but what legal agreements are in place between facebook and it's users? (I personally do not know, don't use facebook, if someone knows buzz in anytime). One should be able to trust facebook's privacy controls since it states that they are a licensee of the TRUSTe organization. The service provided is a supposedly private place to collaborate with classmates on a social level, where privacy is restricted by the user. It seems pretty clear to me, based on facebook's own policies, that a user should have every expectation of privacy.

We may be required to disclose user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We do not reveal information until we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. Additionally, we may share account or other information when we believe it is necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Facebook service or using the Facebook name, or to prevent imminent bodily harm. This may include sharing information with other companies, lawyers, agents or government agencies.

There are Conspiracy Theories claiming that Facebook's initial funding was from DOD connected venture capital, and that it is a remenant of Total Information Awareness.

Facebook links to eTrust from their privacy policy. Would it be effective if all of slashdot lodged complaints using the eTrust form? https://www.truste.org/pvr.php?page=complaint

Also check:
http://wiki.apache.org/spamassassin/AvoidingFpsFor Senders
http://www.senderbase.org/
http://www.truste.org/
http://www.bondedsender.org/

The article was a little vague about the exact process for getting certified. Since it's going to be run by TRUSTe, I imagine that this won't be for free...

Well, at least this certification only affects the software that gets distributed by AOL, Yahoo!, CNet, etc. I just wonder if this isn't the start of some sort of "trusted computing".

The players here already have blood on their hands. Yahoo's Overture division is the primary source of revenue for Claria Corporation, one of the biggest offenders out there. TRUSTe makes big money to certify web sites and basically takes the company's word about their answers to a form.

It's not just about spying or offering an uninstall link. For example, the Ask Jeeves folks make a toolbar that is bundled with a cute little utility named Smiley Central that is heavily advertised on game and kids sites. When you install it, it reconfigures your search setup to funnel all searches to Ask Jeeves. It also tacks little advertisements for itself onto your outgoing emails. But remember, you agreed to all that in the EULA, or at least your 10-year-old must have. Sure it has an uninstall, although the average computer user doesn't even know Add/Remove Programs exists much less what should be removed.

The players here already have blood on their hands. Yahoo's Overture division is the primary source of revenue for Claria Corporation, one of the biggest offenders out there. TRUSTe makes big money to certify web sites and basically takes the company's word about their answers to a form.

It's not just about spying or offering an uninstall link. For example, the Ask Jeeves folks make a toolbar that is bundled with a cute little utility named Smiley Central that is heavily advertised on game and kids sites. When you install it, it reconfigures your search setup to funnel all searches to Ask Jeeves. It also tacks little advertisements for itself onto your outgoing emails. But remember, you agreed to all that in the EULA, or at least your 10-year-old must have. Sure it has an uninstall, although the average computer user doesn't even know Add/Remove Programs exists much less what should be removed.

I think any one reading this post that disagrees with that privacy policy should goto: https://www.truste.org/consumers/watchdog_complain t.php and express your feelings. It doesn't do any good just complaining on a Slashdot post without then complaining to those who actually have some weight in the privacy market.

"Richard Purcell, Chief Executive Officer, Corporate Privacy Group, Nordland, WA"

This guy is apparently Chairman of the board of TRUSTe which doesn't exactly have a stellar privacy record with Slashdot in the past as shown here and here though these transgressions were a while ago.

"Michael Turner, President and Senior Scholar, Information Policy Institute, New York, NY"

I think this is another think tank. Not sure where they stand politically. They are spot on with the Republican's on tort reform, have interests in oursourcing, credit reporting among others things.

TrustE's Watchdog Reports invariably results in a decision of "Issue Handled with no changes necessary to the Privacy Statement nor the Site". They get about a hundred complaints per month, but don't do anything. The last time TrustE made a site change anything was in 2002.

In the early days of TrustE, their seal actually meant something. But they've totally sold out.

There's also the Commerce Department's "Safe Harbor" list. No enforcement action has ever been taken under that.

So don't believe any "privacy certifications" associated with RFID tag use. They're meaningless.

In its early days, TrustE meant something, but they've sold out completely. Now they're even running ads for Bonded Spammer, er Sender.

Read TrustE's own "Watchdog Reports". In the last six months, TrustE never took any enforcement action whatsoever based on a complaint. They get 100-200 complaints every month, and do nothing. Over the past five years, according to their own figures, they've requested that a web site operator make some change about once a year. All other complaints are described, in their words, as "Issue Handles with no changes necessary to the Privacy Statement nor the Site".

Acxiom warned TRUSTe members in late 2002 that "conditions look right for the 'Perfect Storm' of privacy legislation next year." Yeah, scary, the government might insist that customers have some privacy.

I wish I could have seen the look on their faces when the government called them up to let them know their own employee had stolen their customers' private data.

The TrustE program is rooted in the ideology of anarcho-Capitalism, the idea that a free society can come about through the abolition of all government, and the aggressive privatization of everything, including courts and militaries. (Less aggressive Libertarians are generally minarchist, and believe that it's probably best to let government have the courts and the military, in order to best protect property.)

The anarcho-capitalist argument usually goes something like that: Government intervention is not only bad for business (and thus, you and me), but it's also immoral. But people do not need government to be safe; They can rely on the market for protection. It is beneficial to the market to protect you, since there is obviously a demand for protection.

There are many problems with these notions, but anarcho-Capitalists, generally intelligent people have an affinity for axiomatic theories (in this cased, based in the notion of contracts).

How does the theory fail? It's not too difficult to find out, if you aren't an anarcho-capitalist yourself. All you need to do is look at a failing of the market to protect people, and trace it to its source.

For example, Yahoo just recently changed their privacy policy, for the worst. Let's accept as fact that the majority of people don't like this, since its hit Slashdot and most people are bitter about it. How did Yahoo do that? According to the New York Times article, they have played on the exact lettering of their contract. Yahoo pledged that it would not email its users, but did they say they would not telephone? No, they never said they would not do that.

How has anarcho-capitalism failed here? Anarcho-capitalists would have said that we are kept safe by the competition of privacy policies. There would have been, say, 5 yahoo's, all slightly different, and one would have had a better privacy policy. I don't know how the anarcho-capitalist would respond to the complaint that we want to use services, not read contracts and theorize about them all day (for example, "They say they won't contact me by email, but they might call me by telephone! I better inform Yahoo that their contract needs work before I'm willing to sign it..!").

Note Esther Dyson's complaint, supporting this notion:

On that note, Dyson doesn't think the blame lies solely at the feet of Truste or its clients.

"I've also been disappointed in consumers," she said, "in that they've not been proactive in protecting their own data. You do a survey and consumers say they are very concerned about their privacy. Then you offer them a discount on a book and they'll tell you everything." (Wired story, page 2)

In other words, it's our fault, because we don't think about contracts in full. The problem is that contracts do not accurately reflect what we want. We are irrational beings, which chops at the root of anarcho-capitalist thinking. But rather than ammend their philosophy to take into account consumer behavior (which companies are eager to take advantage of; Look at any college textbook on the subject), they insist that consumer behavior is wrong, and that absolute contract-based theory is right.

Going back to Anarcho-capitalists believing in a competition of privacy policies: Unfortunately, there are not 5 yahoo's. (If there are, we don't know about it.) Why is that? That's probably very complicated to answer, but my guess is that it has to do with branding. And when you have advertising/branding strategies in place to get people to use your business, there is almost always room for only 1, 2, maybe 3 companies in people's heads. But very rarely do I ever see the role of advertising and people's ability to recall brands appearing in anarcho-capitalist literature. In anarcho-capitalist literature, we are all perfectly rational beings who have all the time in the world to investigate every contract and extrapolate it's meaning in purely legalistic terms.

Web surfers, [Esther Dyson's] reasoning went, would read the various companies' policies themselves and make their own choices, letting companies use privacy policies as a competitive differentiator. Truste's seal would simply ensure that the policy was being followed, so that "between two sites I've never heard of, I'd rather pick the one that has the Truste logo," she explained.

--Wired (Notice the implicit necessity for competition, and the assumed assumption of TrustE actually working.)

But we're not even at the main story here, which is about TrustE. TrustE is born almost completely out of anarcho-capitalist theory. Indeed, when I worked at a dot-com (now failed), the owner of the company (and big-time Madrona investor) told us how excited he was to participate in TrustE, which was going to show to the world how anarcho-capitalist protections work for everybody. What is the program?

TrustE fills the role in the anarcho-capitalist dream of a market response to the demand for safety. It works like this: Companies pay TrustE in order to have a seal that proves that they are going to play nice. TrustE in turn watches over the company, and makes sure that they are doing right by what they said they would do. The moment the company tries to do anything wrong, TrustE slaps them by removing their brand from the Company.

Systems like these are proposed by anarcho-capitalists in order to remove the entire government. For example: The justice system. There would be a number of competing courts, and the ones with a good reputation and contract would be utilized by people to try their cases. The military and police forces- if one wasn't nice to people, we'll all just hire another to protect us. To be fair, Libertarians don't go quite as far as the anarcho-Capitalists in this respect, the Libertarians just want to have no government/military regulation except of military force. (I find it likely though, that the government would act in the interest of the corporate interests, and not in the public interests; It is said that "Property is 9/10's of the Law". Undoubtably, people crushed by non-violent anarcho-capitalist market rule would want to / need to violate some property laws, and thus have the weight of the establishment upon them, in full military force.)

How do these systems fail? In precisely the ways that critics say that they will fail. Obviously TrustE wants people's money, so it is already biased to certify companies. I suspect that more importantly, it wants to be seen as actually meaning something (lest everyone stop using them), and thus it doesn't want to de-list its most famous clients. Should Yahoo be delisted, Amazon might feel like delisting. Should the big names fall, everyone would fall.

Anarcho-Capitalists need to learn this method. It's not based in axiomatic derivation, which is clean, but rather, in analysis of real world situations. Anarcho-capitalists extrapolate all kinds of things from their initial set of perfectly rational contract-analyzing citizens. Unfortunately, when we look at real world systems, we find that anarcho-capitalist theory has no value.

Anarcho-Capitalists need to think about this very carefully, and act accordingly. Again, in brief, the method is this: Take a limited set of clear ideas. Extrapolate from them. Then check those ideas against reality around you. How do the ideas fail? Is it reasonable to expect that the failing will reoccur, or is this just a fluke? If they will reoccur, revise the ideas to match reality.

In closing, some choice quotes:

L IKE MANY Internet activists, Dyson is an unapologetic libertarian. For her, the true importance of the Internet is its potential to empower individuals against the forces of government. The dispersed nature of the World Wide Web enables individuals (and businesses) to avoid physical jurisdiction, and the ability of users to communicate freely can foster a kind of free-market democracy that leans on the side of citizens, not legislators.

--MetroActive on Esther Dyson

(Esther Dyson, we can at least vote against the government. How will we protect ourselves from companies..? Dollar votes have proven not to work, the companies research our behaviors too well. You have seen yourself that it does not work. Shall we just be screwed; Are we getting our just deserts for being human?)

Another interesting quote is on the TrustE web page:

. The core of this initiative was the TRUSTe Privacy Seal, a visual symbol that could be displayed by Web sites that met the program?s requirements for data gathering and dissemination practices, and agreed to participate in its dispute resolution process. TRUSTe?s goal was to establish a seal that would send a clear signal to consumers that they could expect companies to adhere to certain requirements about the way Web sites handled data, and that an independent, third-party would hear and respond to their complaints and resolve their disputes.

It's interesting to study where the words come from. Unfortunately, I won't take the time to back up this claim, but "...independent, third-party would hear and respond to their complaints and resolve their disputes." comes straight out of the anarcho-capitalist literature on how to run a justice system by third-party companies, without a government..!

Well, young John Gaults of the world, TrustE has failed. This is a great opportunity for you to come forward with your own competing TrustE systems that will have better morals, and certify to the world the successes of your anarcho-capitalist philosophy.

First, many of us are paying for Yahoo! services. I am using their Bill Paying service, so they have possession of my most valuable personal and financial information. I entrusted them with that information for the purposes stated in the user agreement. Now, they are planning to use that information for other purposes, and contrary to my expressed desires.

Second, this is a strawman argument. Whether or not I've paid for service is irrelvant. What matters is what information was collected, for what purposes, and how is it being used. The problem is that Yahoo collected information for one purpose and is now planning to use it for another. That's not just rude, it's fraud.

Not that it will do any good, but I'd encourage people who are upset by this policy to file a TrustE complaint.

If the company can find that fine line it can retain you as a customer for years to come while making extra money off your information. Why should the company choose between "creating a loyal customer" and "making a one-time buck" when it can have both?

Welcome to the world of "privacy policies." A marketing team researches its customers' worst fears and creates a document that states it is the company's policy not to do any of those things. Web sites wear these like police badges, and customers feel reassured because they believe the company is bound to adhere to the policy by some government regulations. However, neither you nor the government (nor Trust-E or BBB Online for that matter) have any way of knowing whether the company is following that policy.

My homepage gets maybe 10 hits per day and has nothing offensive, so the possibility of people suing me because of it seems remote. On the other hand, the TI-89 section of my webpage gets 200 hits per day. I was recently thinking about this and the fact that it had no Terms of Service or Privacy Policy. Thus, I did a little research and wrote a temporary one. I sort of "borrowed" a bit of the disclaimer from various sites and shifted the wording. This shouldn't matter much, however, since some of the wording is likely standard in many site's policies. For the Privacy Policy, I went to Micro$oft BCentral's page, which had a wizard that automatically creates a privacy policy. Thus, my disclaimer and privacy policy were born. I think that they will be temporary, however, as you can just bet that M$ set up some hole inside of its policy generator in order to let it sue anyone (although TRUSTe was a sponsor of the generator); plus, the modifications might not be worded correctly and could have created loopholes. Anyway, for the long term, TRUSTe has a lot of information about what you need in a privacy policy and it will certify your site for you. Plus, I think that the disclaimer at GNU might be able to be adapted for a disclaimer or a terms of service. "Borrowing" a policy from another site might not be entirely legal but it is ok to borrow GNU's license. I think that creating your own policies is a good idea but you shouldn't have to hire professionals if you just have a site as a hobby and writing your own might create holes in it if you miss certain things. Also, as for avoiding lawsuits, you can put a clause on your site forcing people to pay for your lawyers in any lawsuit that occurs due because of their improper use of your site as dictated by your policy. Then if they lose, which they likely will in a lawsuit of this type, they can pay for your lawyers.

According to them, it's OK if sites violate their privacy policy and collect personal information as long as they don't use the web to do it...

--

Toysmart is TRUSTe certified. Why am I not surprised?

wether or not the freedom of the Internet jeopardizes the freedom to USE the Internet "

Very eloquent and accurate.

On the other hand, your flame was rather insulting,

Whenever someone moans about "the Feds", I have to ask what the hell are YOU (yes, you) doing about it? Are you expecting someone else to step in and solve these problems?

Who the hell am I? Well for starters I'm an over 40 PHB who lives in the US and has been on the net since the old days, pre 1980. My entire career for the last 20+ years has been the internet, starting long before GUIs.
What the hell am I doing about it? Plenty, you should be as well. All of us should, not just because it's our livelyhood, because it's our privacy and our basic freedoms as well. Personally, I have regular dialog with many elected officials on many different levels. I'm no stranger to the telecom lobbists or in my Representetive or Senators offices on capital hill and my state capital. I support the Electronic Frontier Foundation , Global Internet Liberty Campaign (GILC), Internet Free Expression Alliance (IFEA), Digital Future Coalition (DFC), and the TRUSTe Privacy Policy Certification Program as well as several others both monetarily and with my time. Do you?

Am I expecting someone else to step in and solve these problems? No, I am involved, are you?

Although you had a good point in your post, I feel the impact of it got lost in the flames, instead of flaming posters on /., try using some of that effort to get the laws and the policy changed, you might be surprised at what one person can do.

Now that we've done all the complaining about the law and the DCMA, next step is to get involved.Here's how, Constructive communication to the folks who can make a difference beats whining every time.

Electronic Frontier Foundation
US House of Representatives
US Senate
Global Internet Liberty Campaign (GILC)
Internet Free Expression Alliance (IFEA)
Digital Future Coalition (DFC)
TRUSTe Privacy Policy Certification Program

Electronic Frontier Foundation
US House of Representatives
US Senate
Global Internet Liberty Campaign (GILC)
Internet Free Expression Alliance (IFEA)
Digital Future Coalition (DFC)
TRUSTe Privacy Policy Certification Program

TRUSTe not necessarily limited to web sites (Score:1)
by TrentC (trentc@dev.null) on Tuesday November 16, @03:11PM EST (#48)

Some of the comments made by TRUSTe about the RealNetworks incident (not to mention the Microsoft GUID) were to the effect of "well, it doesn't involve their web site, so it's outside our jurisdiction".

But that's not necessarily true.

From Schedule A of the TRUSTe license agreement, rev 5.0 (I wonder what the history of changes are):

"1. TRUSTe Program. The TRUSTe Program (the "Program") is intended to promote fair information practices with regard to the collection of Personally Identifiable Information and Third Party Personally Identifiable Information at Web sites in order to promote the Internet as a trustworthy environment for conducting business, education, communication and entertainment activities. [emphasis mine] Without detracting from the foregoing, the Program may be made applicable to online facilities and services that are similar to an Internet Web site."

Now, one could make an argument that this may not apply to MS Word's GUID (although it's internet-enabled, the GUID is not necessarily a byproduct of that functionality) it would, in my opinion, most definitely apply to RealPlayer.

TRUSTe appears to reserve for itself a broader mandate than "just verifying web sites". But apparently it chooses not to pursue it.

Jay (=

Some of the comments made by TRUSTe about the RealNetworks incident (not to mention the Microsoft GUID) were to the effect of "well, it doesn't involve their web site, so it's outside our jurisdiction".

But that's not necessarily true.

From Schedule A of the TRUSTe license agreement, rev 5.0 (I wonder what the history of changes are):

"1. TRUSTe Program. The TRUSTe Program (the "Program") is intended to promote fair information practices with regard to the collection of Personally Identifiable Information and Third Party Personally Identifiable Information at Web sites in order to promote the Internet as a trustworthy environment for conducting business, education, communication and entertainment activities. [emphasis mine] Without detracting from the foregoing, the Program may be made applicable to online facilities and services that are similar to an Internet Web site. "

Now, one could make an argument that this may not apply to MS Word's GUID (although it's internet-enabled, the GUID is not necessarily a byproduct of that functionality) it would, in my opinion, most definitely apply to RealPlayer.

TRUSTe appears to reserve for itself a broader mandate than "just verifying web sites". But apparently it chooses not to pursue it.

Jay (=

I followed the instructions on the TRUSTe site and filed a complaint. If enough people do this, then *maybe* they'll start taking themselves seriously. The ball is in their court. They need to take their mission seriously before they'll get any respect from the public or their licensees.

What I think Sterno meant is that we need an organization which will not be beholden to the very organizations it's supposed to be watching. I don't know that the EFF would be a good fit to fill these shoes, or EPIC, or the ACLU, but TRUSTe certainly doesn't seem to be cutting the mustard.

The EFF did start up the TrustE program! See here.

Regards, Ralph.

Seriously, if TrustE is not going to be biting the hands that feed them, then why are we listening to them? Because they spent much of their money building "brand recognition" on the web (making them the "most visible symbol on the internet"?)

What we need is a real consumer-privacy watchdog. Not one that says "we make sure that if companies violate you privacy, they tell you first", but one that conducts active research -- if I can catch violations of a privacy statement by using a Hotmail account created solely for online registrations, so can an advocacy group.

I'm talking about the online-privacy equivalent of the Web Standards Project. They publish a credo of "thou shalt nots" and rate everything an "internet business" does.

For example:

If they have a website that requires registration, what do they do with that information?

If they produce "internet-enabled" products, what exactly does the product transmit over the network? How is that information used? (Yet another good reason reverse engineering needs to remain legal, and not just for "interoperability".)

In the case of GUIDs, do their products create any kind of identifier that can trace a created file or document back to the originating product?

If any kind of authentication is used to allow users access to the product (like a personal-finances program), how easy is it to circumvent the authentication? Is the information accessible without authentication?

This group should also put some work into informing people as to what their rights should be online, and helping them fight for it. ("If you use RealNetworks products, write to them at this address and tell them how you feel about the GUID issue"...)

Jay (=
(The question is, who pays the bills for a group like this?)

Here's a quote:
"After an initial inquiry, TRUSTe found that because the transmission of user data through RealNetworks' RealJukebox program did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program," said Lori Fena, TRUSTe's Chairman.

I'm kinda gettin a case of Deja-Vu...

Me neither.

-- R.