Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal Trade Commission Wants More Online Privacy

Posted by Hemos on from the pushing-for-it dept.

orpheus writes: "According to this article, The U.S. Federal Trade Commission has completed a review of Web site privacy policies, and voted 3-2 to seek Congressional legislation to improve user privacy on the Web. According to Jason Catlett, president of Junkbusters Corp, the grading was "very easy", but most Web sites flunked anyway. "

7 of 88 comments (clear)

  1. Its about time! by chompz · · Score: 4
    This is something I have pleaded for personally for quite some time at my university. Here the unix admin keeps logs of everyone's network usage, not just how much bandwidth we use, but what websites we are going to and things like that. What they did is they hired a student worker to wade through the pile of data stored on this daily and throw out 99% of the stuff. Not only is this an invasion of privacy if they did not know who owned what IP address, but they log who owns ethernet cards with what MAC address. No privacy at all, one time I was running an FTP server with all kinds of OSS on it, and they called me on the phone and accused me of distributing copyrighted material. The next time someone tried logging into my ftp server from thier I called his office within two minutes and asked what he was doing. It scared him that I noticed him right away, even though he was invading my privacy. What was also bad was he used a named account, not anonymous. I've never given him an account nor have I allowed more than a few individuals named accounts. I was pretty pissed, but I have been unable to do anything because of the overwhelming support from the administration the computing center has. The admins decided that I must have been doing something wrong, and because of that the unix admins were in the right to be searching around my computer.

    On a side note, I only use SSH now because of them, SSH for almost everything. Before I usually used SSH, but if I needed to I would use telnet. Now if a computer doesn't have SSHD running, I don't login to it.

    --
    Spring is here. Don't believe me, look outside!
    1. Re:Its about time! by sjames · · Score: 5

      Since you're using THEIR network to operate over, they have every right to monitor and log ANY traffic over that network, including MAC addresses, IP addresses,

      So your recommendation for privacy would be: 'buy the entire internet or shut up'? He is paying to use their network the same way you are (presumably) paying to use your ISP's network and your phone company's resources. Is it OK if your phone company pipes your conversations into the breakroom for the enjoyment of all?

  2. Beware the small print in privacy policies by jsm · · Score: 4
    Just in case anyone doesn't know--

    Many privacy policies sound good, and give you that comfortable warm feeling that makes you trust them. HOWEVER, somewhere in the small print is a line like

    "Any info we collect about you will only be used by Foo Inc. or its carefully selected business partners."

    Yeah, carefully selected to give Foo Inc. the most money per demographic datum.

    Such a privacy policy can be worse than nothing, because it gives the user a false sense of security (much like bad encryption). These days, I simply don't trust any privacy policy; I figure there's always some loophole I missed.

    I'm not saying that every company means to deceive; I know for a fact that some companies truly value consumer privacy. Clauses like the one above may be needed to allow for outside contractors, etc. (but they should be more specific in that case). All I'm saying is that most privacy policies look a lot stronger than they really are, and that you could be screwed if you count on their protection.

  3. I just don't understand. by Hrunting · · Score: 5

    When I read the summary of this article and then the article itself, I thought, "Damn, it's about time," and I was pretty sure that the majority of Slashdotters would feel the same. It seems that one of the things that most people here agree on is that corporations are eroding the privacy of online participants and there's really nothing anyone can seemingly do about it. Along comes a government with the ability to affect at least some change in these corporations and Slashdotters are like, "No! Government regulation will be the death of the Internet. Down with government. Boo. Hiss." What the hell do people want here?

    I think it's naive of Slashdot to think that geeks alone are going to be able to convince corporations that they need to maintain the privacy of their customers. I think government intervention on an even more massive scale than the US government (read: international) is going to be required to safely ensure that we have access to what information is being collected, what is going to be done with that information, and who has the right to restrict that information. Corporations just won't do it on their own. I have never been to a corporate web site that would've passed the tests that the FTC used, and the tests were basic. They didn't cover anything about what was done with the information, only about how it's collected.

    But Slashdot plays this out like there is no good side. We say, "Oo, corporations are evil," but when someone (read: the government) tries to help us out agains the evil corporations, we say, "Oo, governments are evil," and turn our back on one of our potentially greatest resources. How do you expect to reform the corporate world? By going around door-to-door like some geek Jehovah's Witnesses? The fact that Congress is controlled rather strongly by corporatist lobbiers means that these FTC recommendations have an uphill climb. We should backing them if we want to see any of these suggestions come to bear (and from the slant of past Slashdot stories and posts, I'd say that most in the online community do).

    But what do I see when I finally read the posts? I see basically mistrust of the government and a refusal to take help from those who are offering it. Personally, I'll throw my support behind the FTC. I'd rather have a organization that is supposed to work for the people working towards my privacy goals than a corporation with absolutely no ties to me whatsover.

  4. Some things just don't go together. by Money__ · · Score: 4

    1) My name is ESR and I'm voting republican.
    2) My name is Hemos and I've never been in a /. poll.
    3) I'm from the government and here to help.
    ;)
    ___

  5. YOU are the protector of your own privacy by Lumpy · · Score: 4

    if you didn't turn off java and javascript, or all that other client side crap we have shoveled into our borwsers now, use usenet with a fake email address, and munge every email address that your browser keeps, oh and turn off ALL cookies, then you are willinly giving this information out. you do not NEED any of these "features" to get what you want off the web. you do not NEED to have a slashdot login, you do not NEED to give any information to any website- period. Now, if you shop at a site, and you do NOT include in the notes that they cannot circulate you name/number/ets or use your info outside of that transaction, then you gave them the right to do it. They have avery right to use the information they have just as we all scream "let information be free!" YOU are responsible to make your information ride with a EULA.

    Buy online? post your information EULA, stating that if they do not agree to keep your info private and not use it then to cancel your order,and destroy all information about you. that way they are legally bound (as we are legally bound by EULA's) to use your information as you requested. - and dont trust "geek" friendly sites...you set the terms sof your information, and if they dont agree, they must destroy your data. Or sue their butts off.. It's time we used their tools against them!!

    EULA's for our personal Information!

    --
    Do not look at laser with remaining good eye.
  6. Before you point fingers.... by god_of_the_machine · · Score: 4

    ... look at slashdot.org. Does it pass the test?? Lets see, from the article: "offer consumers the four types of privacy protection the agency deems essential: a notice defining privacy policies, a choice as to how data collected by the site is used, access to that data and assurances that the data is secure. "

    1) a notice defining privacy policies.
    YES, at http://andover.net/privacy.html (link on the left of the page)

    2) a choice as to how data collected by the site is used.
    NO, though the editors have talked about adding an option for opting-out of book publishing deals.

    3) access to that data.
    NO, correct me if I'm wrong here...

    4) assurances that the data is secure.
    NO, at least not that I can find in the FAQ or the about sections.

    My point is that the criteria were pretty strict, as #2 and #3 are not readily available on most sites. I am really surpised that ANY sites offer #3. As for #4, it's pretty useless so I don't really care about it.

    So before you get all upset about all those sites failing... remember that privacy-respecting firms like Andover.net (I hope) fail too.

    -rt-

    --

    -rt-
    ** Evil Canadians are taking over the world. Learn about the conspiracy