Failed Dot-Coms Selling Private Info

goingware writes: "This article at CNet describes how troubled Internet companies are selling off customer data in an effort to pay off creditors or keep themselves afloat, in violation of stated privacy policies. Among the sites that are doing this are Boo.com and Toysmart. These companies were Truste approved sites before their failure. Note that when a company is bankrupt, its assets are divided up and sold off according to what the court orders, and may not have much to do with what the company tried to promise. I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off."

Re:If you extend the situation ...

[imp]

If a video store folded, could they sell the rental records?

This one, at least there's an answer to: no. Those renting Videos are required by law to keep the rental records confidential and not share them with third parties.

Re:Accounting and Goodwill

[jonatha]

From an accounting standpoint, "goodwill" is the excess a company has paid to acquire other companies over the book value of said companies.

It has nothing to do with trust or customer sat.

I don't know how goodwill is handled in a merger (and it probably depends on whether the merger is handled as a purchase or a pooling of interests), but in principle it could disappear entirely (if the buyer paid only the book value of the acquired firm's "hard" assets), increase, or decrease.

Re:My bank did this

[dingbat_hp]

There's a difference though between the TSB situation and Toysmart. For TSB, the bank was absorbed into another, it didn't fold, and so your personal details were still being used for the original purpose, although by a different organisation. IANAL, but one hopes that any original provacy constraints would still be observed (although being a UK bank, they'd do whatever they liked anyway, and they already had your consent for it).

With a situation like Toysmart or Boo though, this is a "fire sale" scenario. The company is not continuing to trade, so anything that isn't bolted down is being sold off. The customer information (probably including that oh-so-tasty demographic of how many product-hungry kids you have) is on offer to anyone who wants it. There's no reason why it should continue to be used for anything resembling the original purpose -- imagine how many organisations like to know lead information on families with kids, and how many products they'd like to pitch.

but of course!

[mini-meme]

selling the info! Just like taco and hemos will need to, some day soon if they've started suing their readership. After all, they've doubtlessly over-extended themselves with mortgages and auto-loans for ferraris. Know what I mean?

you guys have any idea how many email adresses they've collected here at slashdot? nearly ONE QUARTER MILLION!!!

Re:but of course!

[Phroggy]

About 99% of those addresses are from HotMail...

Not necessarily 99%...

--

Sell Informatiom

[smcavoy]

This is insane, how can they justify selling what belongs to me, my identity!!
where's my lawyer!

Re:Sell Informatiom

[Felinoid]

They don't have your identity to sell...
What they have is records of your life. Footprints. They are selling your foot prints you left on them.
Instead of sweeping them away they record them.

The evil part is.. those foot prints don't give a clear or accurate picture...
CDs you got for your kid sister. DVDs for friends.

You know I get junkmail for videos all the time? I can only guess it's due to my old membership card thing to a video rental place. They rent Nintendo cartrages.. or they did when I had a Nintendo.
The place is gone... and so is my Nintendo... My VCR is also dead and I never got a DVD player. But I still have all thies wonderful offers to buy DVDs.

Marketing statistics.. and most of it is all wacked...

Occasionally I get stuff for Unix and Linux.. but most of it is junk...
"Computer.. he has Windows.. let's sell him Windows junk"
"DotCom... he has a busness... let's sell him wealth building garbage"

MeowPawjects is a "hobby busness" not intended to make a proffit just a legalistic nesesity.
I run Linux... and occasionally Dos.

But thats not what they learn from my footfalls.

So no... they don't own your identity... far from it... they own the trail you leave behind...
That trail is not you...

Re:Browsing with Cookies Disabled is Useless

[Alik]

I don't attribute it to direct intention as in "Make rejecting cookies hard, so that the user won't do it." I would say, rather, that the default for any UI is "annoying to use", and that the only deliberate decision went something like:

"Boy, cookies are hard to disable, aren't they? Do you think we should fix it?"

"Well, let's see. The users don't pay us for the software. The cookie-senders have strategic partnerships with us. I don't feel like putting any effort into that feature, do you?"

The current cookie options are easy to code; I'd say that's sufficient explanation.

Re:My bank did this

[OAB]

Well, from a legal point of view, TSB bought out Lloyds, so your data was not transfered. Also, it happened a lot more than a year ago.

Re:Going out of buisness sale

1) By law companies should have attain my informed consent before collecting information from me.

2) The copyright and distrobution rights to my digital biography should remain mine untill I relinquish that right to a 3rd party.

You do realize that meatspace companies don't have to do this? How often do you get phone calls from telemarketers about products you've never heard of? How often do you get junk mail for items related to nothing you've ever bought before? All these companies have enough personal information about you as it is, such as your name birthdate and phone and address.

When it comes to colecting information, think of your digital biography like loading a progresively interlavced GIF or PNG file. With a little information, a vague outline the picture becomes clear. On the next pass, as more data is filled in, some smaller details become understandable. With all the data in place, a complete picture of the persona life comes on-line. It's a picture of your life. You should have at least a little distrobution control.

Your attempt at karma whoring is quite admirable, but you are full of crap on this. All marketers have a complete personal history of you OFFLINE. Who gives a fuck about online? Shut off your cookies already. But oh oh oh I'll have to log into /. everytime all by my lone self Shut the fuck up and quit whining.

Asset or Liability ?

[dingbat_hp]

What's chemical waste ? Asset or liability ?

Imagine an asbestos mill that goes bust. One day their pile of raw asbestos is an asset that's an essential part of their business process, the next it's a liability that requires expensive disposal.

If they can be taken over by another asbestos mill, then the raw material turns back into being an asset, because they're another business entity that can make valuable and legitimate usage of this stuff. The material is still being utilised under the terms of the original conditions that applied to it (don't breathe the dust / don't mis-use the data).

Of course, you could instead sell asbestos fibres instead as a cheap and non-fattening filler for cookie dough -- you might even get a really good price for it, as food is a more profitable business than asbestos these days. Fortunately we have laws against this, that recognise that an asset may have attached conditions to it that prevent its simply sale to whoever offers the best possible price (Sadly some countries don't enforce this, and we do find situations like the Spanish cooking oil poisoning disaster).

Re:Boo.com - no problem

[dingbat_hp]

Boo are selling their whole customer base (both of them), but it's formatted as a 20 minute long Flash animation that opens five browser windows for each customer.

Industry self regulation dies with help

[Felinoid]

The problem is that self regulation isn't ALLOWED to work.
Picture kid trying to do stuff for himself and no one let's him. Then parents who won't let him do anything go around saying "He won't do anything for himself".

The corts not the busness itself are responsable for this.

Moderation is a good thing but don't go trusting "elected organisation"s in areas you can not trust corprate intrests. It's all the same.

With companys you vote with your paycheck with government you vote at the box. They screw you with exactly the same trick. Fool enough people and it dose not matter who you shafted.

It's knowladge not regulation that keeps them both in line.

In this case... regulation is called for... privacy policys should be a binding contract. They are not. As a contract the corts can't ask a company to violate it.

Oh yeah.. and get rid of corprate bankruptcy... Thats just plain silly.

Re:Industry self regulation dies with help

[Captain+Constitution]

Did you eat paint chips when you were a kid? Some businesses do need to be regulated in order to protect the interests of the people at large. Granted, we can't control all aspects of the economy, but I hardly think blaming the courts for business' mistakes is in order. Comparing a major corporation to a little kid is a little off, too. The kid can't bribe his parents to get them to shut up - most kids I know aren't financially independent.

Take a look at these Supreme Court Cases:

Helvering v. Watts 296 U.S. 387

Procter & Gamble v. U.S. 225 U.S. 387

U.S. v. Amer. Bldg. Maint. Industries 422 U.S. 271

The last case quotes Section 7 of the Clayton Act, 15 U.S.C. 18: "No corporation engaged in commerce shall acquire, directly or indirectly, the whole or any part of the stock or other share capital and no corporation subject to the jurisdiction of the Federal Trade Commission shall acquire the whole or any part of the assets of another corporation engaged also in commerce, where in any line of commerce in any section of the country, the effect of such acquisition may be substantially to lessen competition, or to tend to create a monopoly."

The Clayton Act was created for a reason - to protect the American people from the rapacious greed of monolithic corporations. Perhaps your mental image would be better supplanted with an incubus whose parents don't allow him to do anything, and he ends up devouring their souls.

Simple solution, but corperate greed will stop it.

[Lumpy]

Having a sysadmin, on his hast day wiping the database would have done the job... but....
Remember, these companies couldn't give a fart about you. They dont care about you from the beginning, and they dont care at the end, they care if your credit card clears though. Any company that says that they "care about you the customer." is lying through their teeth. Do you think that Andover or VA is going to care about you if financial troubles hit and they can get another $300K from the email/profile databases they have here? If you think they wont sell it/ delete it before it can be sold/etc.. you are fooling yourself..

A business in there TO MAKE MONEY. Slashdot is here TO MAKE MONEY. I doubt that Mr Taco would flit the bill for this server farm if it came out of his pocket every month.

(Weee, I get to be marked as a troll!)

If anyone ever thinks for one moment that anyone will protect them or their data, for free, then that person is pretty damn stupid.

Cover your Own Arse... Expecting others to do it for you, is the typical Lazy american way.

Re:If you extend the situation ...

[juniorbird]

I hate to tell you this, but banks are evil. I used to bank with Bank of America... they got quite a bit of coverage in the LA Times (ya know... newspaper) when it came out that they were selling customers'
-names
-contact info
-account numbers
-account balances
-social security numbers
to just about anyone out there. Needless to say they don't hold my money anymore, but the fact is that anyone could have impersonated me based on that info and gotten car loans, home loans, etc. (in fact, somebody did steal my identity to buy phone service, but I don't know for sure they got the info from BofA)

If you are really that worried about doubleclick

[Ex+Machina]

Under Linux as root this will stop your browser from connecting to doubleclick. You really want to read up on ipchains if you can't get this to work.

# ipchains -A output -d 199.95.207.0/24 -j REJECT
# ipchains -A output -d 199.95.208.0/24 -j REJECT

Re:Ready the opt-out link, captain!

[psaltes]

I actually used to do this, but a number of sites stopped working completely for me - instead of loading a broken image or whatever for the banner, I got a full page error message, and no web page. I think the one that annoyed me most may have been NYT, but I can't remember exactly.

Re: doubleclick, et. al.

[flanker]

> Another thing that would be nice is if you could
> choose which sites are allowed to store cookies
> and which not (and make the browser remember
> what you choose). E.g. I want slashdot to
> remember my settings but CNN.com has no business
> setting cookies in my browser (I hate their
> customized site so i don't use it anyway).

Check out mozilla.org -- this feature is included.

A troll making a valid point? Kill me please...

[Felinoid]

> After all, they've doubtlessly over-extended themselves with mortgages and auto-loans for ferraris. Know what I mean?

Yeah I know what you mean...
They have been living in the same place for a long time now. As far as I know none own fancy transportation (why bother.. Taco hates going places).... and they are making good money... (Saleryed employees... Andover dosn't need to turn a proffit for them to do well...)

The point (made as a Troll obveously) is a good one. (Oh my ghod a Troll accually had a good point... shoot me now).

If a website owned by a larger company (say Andover or Internet.com) shuts down. What happend to the userbase? All those e-mail addresses.

And if BigIPOWebSiteCompany.com is bought out by LargSpammer.com....

Or... what if one of the larg WebSite operating companys (not nessisarly Andover.. there are quite a few) folds and sells the user lists?
Ohhhh spam Spam SPAM SpAm sPaM sSpPaAmM!!

It's a valid point.. Made by a troll...
One of the signs of the end of time no doupt...

Let me check my Y2K bunker... see if it's still operational.

Re:If you extend the situation ...

[warGod3]

Ummmm, then if you signed your application to the bank and the application said that they would NOT sell your information, then they could be in violation of privacy laws. Otherwise, yes they sell your information to anyone who will by it.

Re:how could this be considered as dividing "asset

[benenglish]

>>If this is true, how could any court treat it as such to be broken up and sold to pay creditors Isn't this whole thing more about what's in an original privacy agreement than what a court orders?

A bankruptcy court judge can do anything s/he damn well pleases. More importantly, though, even if their sense of fairness is fully functional (which isn't always a good bet), they aren't going to protect anyone's privacy unless they know about the issue. And that's where things get weird.

If nowbankrupt.com wants to sell off their info, they have to declare it as an asset in filings with the court. In those filings, they have to reveal if anyone has a claim on those assets. Those named parties (claimants) are supposed to receive notice of the bankruptcy action and be afforded an opportunity to file with the court to protect their interests.

Obviously, none of this has happened. The nowbankrupt.coms that are selling this info are clearly telling the court that the assets (iow, the info) is wholly owned by them without any encumbrances.

Is nowbankrupt.com lying when they make this declaration to the court? I don't know. It depends on the agreements that nowbankrupt.com had with folks back in the day. But even if you think you have an agreement with nowbankrupt.com that comprises an encumbrance on your data, the court can't recognize it unless the court is told about it. And since nowbankrupt.com didn't list you as a creditor/claimant/interested party, you didn't even get notification of the bankruptcy action. You never even knew you needed to hire an attorney to file with the court to protect your interests!

These questions can't be settled unless someone:
1. Happens to find out that a .com they've given info to has gone bankrupt,
2. Happens to find out that their info is going to be sold,
3. Believes they have a claim on that info,
4. Gets pissed,
5. Has money,
6. Hires a lawyer and files with the court, and
7. Manages to accomplish all this before the bankruptcy action is concluded. It does little good to find out a year after the fact.

The kicker? For every dotcom that goes under, go back to #1 and start over. (This last is the reason that, much as it pains me to say it, government regulation is needed here.)

No, IANAL, but I've sure been involved in way too many bankruptcies.

Yeah, but by the government?

[Rimbo]

I'd say something about the wolf being an excellent protector of sheep, but I'm not sure which one's the predator, and which one's the prey.

What we need is for a way for consumers to have power...like maybe by not buying everything we're sold.

Re:My bank did this

[grahamsz]

Hmmm shows how often I pay attention to the crap they send me :)

But i did get a letter from llyods and thuoght what-the-friendly

Re:Are those privacy policies legally binding?

[acidrain]

As there is no exchange of money/goods it isn't a binding contract. The "exchange" part is the key bit. They are making a promise, and thats all. You haven't done anything to earn their keeping their end of the deal, so you can't claim damages if they default.

If you were to argue that providing your information was your end of the exchange, then you might be able to get damages equivalent to the value of that information. Somehow, I don't think thats going to pay legal fees.

This is just general contract law though, in regards to the phrase "legally binding agreement". I don't know about special provisions relating to privacy.

As an example, if I say I'll give you $100, but don't you can't take me to court unless you did something in return.

Re:This could be fixed

[blameless]

Then we would have a huge amount of personal data, culled from various sources, under the control of a handful of vendors.

What happens when Steve Case decides Verisign would make a nice addition to AOL's portfolio?

No thanks.

As much as I hate to admit it, we need some sort of legislation here.

Re:Ready the opt-out link, captain!

[Vanders]

Even better, add the following line to your /etc/hosts :

ads.doubleclick.net 127.0.0.1

Even better. Now you don't need to download them at all.

Poisoning the well

[gad_zuki!]

The main problem I see with the government is the obvious conflict of interest that arises when corporations make laws through lobbying and "donations," which of course is a symptom of business having too much power in the first place.

This one's easy...

[fishexe]

Don't let them have any personal information. When they ask for an address (and * it as a "required" field) make one up or fill in somebody else's. Ditto for name. If they need a credit card number use a stolen one, or use one created also with a false identity (I know places you can do this easily). If they try to track your actions simply create a new acount every time you buy something from that company or use their service. As far as they know they will be tracking 15 different people, none of whom will have your name or address or otherwise be identifiable as you, and so your identity will be protected. (If you buy stuff ship it to an out of town P.O. box under a false name paid for w/ a false credit card. then switch boxes for each such purchase from the same company)

Ever get the impression that your life would make a good sitcom?
Ever follow this to its logical conclusion: that your life is a sitcom?

Re:This one's easy...

[blameless]

Gee whiz...

Just go to the mall.

Forget Double Click, Discuss the Article

[Carnage4Life]

I submitted this article three days ago but it was refused for some reason, probably because the story also ran on kuro5hin. So far I have read all the posts in this thread and most of them are focussing on DoubleClick which is incidental to the news story instead of discussing the fact that dotcomms are not only selling dotcomm info but are taking out ads to do so.

From the artricle: Toysmart, meanwhile, advertised the sale of its customer list and database in The Wall Street Journal last month after ceasing operations. The company overseeing the sale of Toysmart's assets, the Recovery Group, said several interested parties have bid on the customer information.

I am very worried at this trend, because I have a lot of personal data at CDNow and considering that they are in serious trouble will my personal data also be sold? I have begun to fear for all the dotcomms I have ever bought anything from because the last thing I'd want is for my address, credit card info and shopping habits to be sold by some failed e-business like some email spam list. The fact that the companies are taking out ads to sell our info and hiring agents to do this shows completely that industry self regulation has failed. I sincerely hope the FTC jumps on this like a porkchop in a dog kennel.

Re:Forget Double Click, Discuss the Article

[Felinoid]

>E-gads, never ever buy anything over the Internet! Told you so, didn't I? Would you trust your CC info to a plywood-and-tin booth selling CDs in the middle of nowhere? I knew you wouldn't. These dotcoms are no different.

Would you trust a random AC? Annon DotComs are no diffrent :)
Sorry to compleatly sillify your comment :)

And yes... I would... and you know why?
Becouse plywood burns.... and I have a lighter...
Just kidding...

On a more sereous note...
DotComs are not anologous to plywood huts...
More to mailorder... I do busness with both plywood huts and mail order BTW..
But thats becouse I have a phisical location. With the plywood I have a face.

We do busness with throw up busnesses all the time. That guy selling stuff at a consert is in one of those plywood huts.
Go to a renfair.. plywood huts.

Go to carnival... and usually the plywood huts ARE cons.

You pay for a domain for 2 to 4 years. The equipment isn't cheap. It may not take much to yank out a DotCom [Meow Pawjects costs me like $25 a month.. It was $40 but I dropped the SQL server] but it's not significantly diffrent from walking into a stripmall. It's all prefab...

The problem with DotComs is this world is totally diffrent and they keep doing things the same old way learning the hard way it don't work.

Selling costummer information is one of the few constents.
So if a mail order busness folds your personal records get sold. If Jims Jumbo Pizza folds his records get sold. If MikoMiko.com folds his records get sold. It's wrong.. it's evil.. It should be stopped. But it's not DotCom it's REALITY.

On the other hand... if that plywood busness closes... No costummer records to sell...
Becouse we know it's temporary... We know he'll be gone soon... We don't know that at the strip mall. We don't know that of a DotCom...

Is it really the same?

No... becouse we know better... we know what we are facing. We know he is temporary. We don't realise they may all be temporary...

Re:This could be fixed

[X]

I properly setup escrow would be protected even in the event of a buyout. Certainly things like pension funds and the like can be setup so they can't be touched even during a takeover. Similar things could be done with data. Also note that expiration terms would make the data less valuable anyway.

Re:boo!

[blameless]

I wouldn't be too sure about that. A company that sends unsolicited email in the first place obviously doesn't care whether you want to be on their mailing list.

By attempting to remove yourself from their list, you've simply comfirmed that you actively use the address.

Re:Privacy and buyouts/mergers

[weave]

I used to buy stuff from musicboulevard.com. I carefully checked the "do not spam me" option was selected as appropriate. They never spammed me. Then they got purchased by cdnow.com, who copied their customer database, but somehow could not copy the spam preference bit (how convenient). I started to get spammed by cdnow.com.

I ended up setting up procmail to return EXITCODE=67 to them and never shopped there again.

Re:Ready the opt-out link, captain! (as if)

[Frodo]

Yeah, yeah - as if they couldn't still identify you by IP - yes, many people do have static IPs and yet more have static IP ranges (like your provider's local modem pool). That's already good enough info.

Re:If you extend the situation ...

[Frodo]

C|Net writes:

Companies on the Internet are not alone in collecting data about customers or turning it over to new owners following bankruptcies or mergers. For example, it is routine for banks and hospitals to transfer intimate consumer or patient data following an acquisition.

And you thought they are screwing you just on Internet? Bah.

Meanwhile, over in Europe...

[Simon+Brooke]

We don't have that problem. Other problems, maybe, but not that one.

Re:Meanwhile, over in Europe...

[titus-g]

I already get offers for 'free DSL'/US only type things here in the UK, I'd imagine most other people here with email addresses also do.

Does the Data Protection Act actually cover the sale of data? Equifax etc. still seem to get on ok here, all you can do is get a copy of what they have on you.

It doesn't apply if you deal with a non EU company anyway, although the US was trying to implement something similar IIRC in order to improve US EU commerce. I think it probably does apply however if you are from the US and buy from the EU.

One thing I used to do (before I got too lazy) was use a different email address for every site I gave my address to, e.g. for Amazon -> amazon@my-domain.com, then if I suddenly start getting spam at that address I know who did it, also that the address is dead and that it's time to put it on a server side autoresponder with a 50M attachment.

Re:Browsing with Cookies Disabled is Useless

[Alik]

I agree with you that a well-hacked Mozilla-like program is one option, but there's another one: proxies. As far as keeping cookies off your drive, JunkBuster seems to do a pretty good job, and offers a much more fine-grained control over what's going on than the current option of "Either block all cookies or allow them all or get nagged every five seconds for each individual cookie." (Yes, there's the "trusted sites" zone in IE, but I don't care to mark any site even temporarily trustable.)

Your more general point of "the only way you'll get a cookie-free web experience is hacking one together yourself" is quite correct, though.

Re:Data is an asset

[Felinoid]

> I have never quite understood those opposing laws and regulations, claiming that "consumer power" and other public pressure will keep companies on the rug.

I do... politicians are far better at exactly the same tricks. Regulation isn't an evil thing in itself but I think the best regulations are in the "full disclosure" area where companys (and government agentcys) must be upfront.

Most consummers don't trust companys to collect data to start with. This is just one example of this. Companys change privacy policys or get bought out.

"We won't share with other companys" "Oh by the way we are now owned by Scam-U-Up" wops your screwed...

It is working... Note the Double Click warnning.. "We are Double Click we won't sell your information..." waiting for Scam-U-Up to do a corprate take-over of Double Click.

But.... that is becouse we KNEW about DC...

We take it on faith alone that CmdrTaco dosn't use his weblogs for anything more than security and admin information.

And then there is me. Where did all this junkmail come from? Not e-spam.. not UCE... postal spam.. Let's see.. I sent in my Commodore 64 and 128 warrenty cards... as well as warrenty cards for half a dosen other products to companys that went away in the early 1990s. My ex-employeer was sued. Oh wait... my employment records.. on cort documents? Ok thats government. Hmm most of this junk for dot coms... like... oh wait... MeowPawjects... oh yeah thats public record.. du...

My personal life is pritty well public knowladge and there isn't much I can say about it.
You really think I'm trusting the agentcy that gave away my work records to protect my surfing habbits? I don't care if you know about my surfing habbits (I do mess with the systems used becouse it's just not right but thats about all I do).

I think self regulation dose work to a degree.
Privacy is an area companys usually DO "go off the rug" so we distrust them in this area at every turn.
But I'm not expecting any agentcy to prevent such records from becomming public when they'll publish it on cort documents.

boo!

[silvwolf]

I know first hand that boo.com sold their information. I got some spam from the company that they sold the info to. At least there was a URL to remove my name from the mailing list, which I promptly did. Hopefully, that'll be the end of it, and none of my other info will get out.

Re:boo!

[silvwolf]

Well, they already knew I used that address since I used it to order stuff from boo.com.

I normally don't reply to those stupid spam messages. This was actually the first one I'd replied to ever. I knew where they got my address from, I had kind of actually expected the (spam) email, so I decided to go to the URL.

But all those other spams that I get, just to to /dev/null. No sense in responding to them, because I'll just 50 more in exchange.

Re:Data is an asset

[Felinoid]

> If onlyyou were listening me when I told you to never buy anything over the Internet... But now it's too late.

You think your buying habbits in the "real"* world are safe?

Thankfully I do most of my electronics shopping at a small electronics shop. They don't keep those sort of records.

On the other hand Radio Shack keeps asking for my name to see if I am on the database....

And those wonderful Luckys rewards cards. Some cashers asked for the card even when there were no "rewards" I would convenently lose the card in my wallet at those points.

* [real in quotes becouse it seems pritty sureal to me]

Re:If you extend the situation ...

[GungaDan]

WRT your first question, your doctor's office may well have already sold certain of your records to contract research organizations (Covance, PPD Pharmaco, PRA Intl., etc.). It is not at all unusual for private practice offices to sell access to patient records to these companies who then seek to turn private patients into gold by enrolling them in experimental research studies. And while the patient-cum-research-subject never knows it, the very same doctor could be getting very rich off of these information sales. Word to the wise - ask your doctor if he or she has any such arrangements with research companies PRIOR to disclosing medical conditions. Otherwise, you should not be surprised to wake up from sedation to find that you've been enrolled in a potentially dangerous research study without knowing it, much less consenting to it. Yet another example of capitalism unfettered, harming the innocent and enriching the shady.

Asbestos cookies

[Felinoid]

Sooo Yummy.. tasy and non-fat...

And try our arsnic cola... It's populare with extreamist groups, Cults , Terrorists and Racists.

So get some for your nabors today :)

You are right however... there needs to be some binding of law to prevent this abuse...

Otherwise... it is both an asset AND a liability... asset to them.. liability to me

Re: "Slashdot should hire us a lawyer."

[Deven]

Slashdot should hire us a lawyer.

You know, that's actually not a bad idea. Andover could conceivably pay an actual attorney to review legal issues as they arise, to avoid too many misunderstandings and misinformation from the vast majority of us who need "IANAL" disclaimers...

Would it be worth the cost? I don't know, but it could certainly be a service to the community...

Re:Ready the opt-out link, captain!

[jackb_guppy]

This link does not opt you out. It only opts out the browser it at using.

I have 8 different machines with different versions of Netscape, IE, and few others to spare. Shot I even have a machine that with a machine inside (VMware). I have a 7 year old, who surfs, she is to opt out too? I believe that she can not even opt in via the COPPA.

So doubleclick thinks that the way that I am to opt out is to opt out each browser? If you read the opt out - it still does not opt you out. You just do not get targetted ads.

the only true opt out 127.0.0.1 Hell assuming your websever at that address port will default a 1x1 gif for a failed lookup.

Re: "Banks sell your information all the time."

[Deven]

I worked for a bank for almost 4 years, and I have news for you: Banks sell your information all the time.

Someone please moderate up the parent post? This is significant, and most people probably don't realize it...

Failed DotComs

[JojoLinkyBob]

Yikes and to think that Amazon, who isn't worth much on paper, maintains a powerhouse of information on its clientle. Will this lead to customized telemarketing? Yuk. "Good day, Mr. Jones. We've monitored the spending habits of other fine consumers like you, and realized you still haven't bought the X Brand vacuum cleaner, which everyone else sharing your buying profile has...."

chmod 400 ~/.netscape/cookies

[pq]

and then delete cookies that you don't want.

Me, I keep my NYT cookie from last year, my ADS and simbad cookies (astronomy work), and my slashdot cookie. The rest can assign me a new, unique, "look, another user!" cookie every time I happen by, and I flush them to the bit bucket every time I exit netscape.

Truste?

[mverrilli]

These companies were Truste approved sites before their failure.

Who here really believes Truste means anything?

Re:Truste?

[Chris+Johnson]

Of course it does. It means the site involved has impure motives and wishes to put up a fake appearance of trustworthiness that doesn't actually mean anything :)

Are those privacy policies legally binding?

[derobert]

I have never visted those sites --- and both seem to be down now (for obvious reasons) --- so I don't know how those sites are, but a lot of the other sites I visit make you click an `I agree' button.

Those agreements usually reference the site's privacy policy. They expect that those agreements are binding on you, and for that to be the case, wouldn't the same agreement be binding on them to?

Further, I've seen sites that display their privacy policy or other promiss to never give away and/or sell the data on the order page, too. Are they not by making the promiss when I order --- and send them money --- forming a contract with me not to sell the data?

Do the consumers of these sites have any recourse? If they don't, then how should a privacy policy be constructed such that it is legally enforceable?

It's hard for me to immagine that the silly little links at the bottom of a page saying that "by using this site you agree to..." could possibly be valid if their privacy policies aren't.

--

If you extend the situation ...

[dustpuppy]

does this mean that:

if your doctor's clinic folded, he could sell your patient info?

if a telco folded, could they sell your phone records?

if a bank collapsed, could they sell your financial transaction history?

if your ISP folded, could they sell your surfing habits?

Re:If you extend the situation ...

[/dev/trash]

One word: HIPPA

Re:If you extend the situation ...

[itachi]

What about the MIB? You can't tell me that an insurance co. will let you sign up without waiving your rights to object to info being shared with the MIB. The fact remains, there are plenty of cases of leaked medical data (political campaign fodder, life insurance/home loans/etc), though not necessarily directly from the medical records. The MIB, or pharmacy companies cross-referencing records with credit card companies, all add up to not enough protection of medical information within the U.S. There may be a penalty on miuse of the file itself, but I'm more concerned about the sum of the data that the source of the data. And as of a year or two ago, about half of the states in the U.S. did NOT have any sort of guarantee that a patient could double check their own records.

itachi

Re:If you extend the situation ...

[acidrain]

• Doctor: No. Thats strictly regulated.
• Telco: Not if it could constitute part of a credit rating. And telephone communication is protected as private communication. So there isn't much they could release there.
• Bank: No. Thats credit/financial information and closely regulated.
• ISP: Again, if it isn't financial info, and they aren't intercepting information that is defined as private then they may be able to there. This part I don't have a clear picture of.

Slashdot should hire us a lawyer.

Re:If you extend the situation ...

[thogard]

Medical records are fair game in the data mining business. The only restrictions are that records only be given to others in the medical profession which basicly involves your doctor, the nurse, the insurance comapny, the insurance companies debt collector, the drug companies, the goverment and their dog. From what I can tell it only limits the data to about 1 in 6 people.

The laws cover giving the data out. They don't cover how the data came in. Insurance compaines will pay top dollar for info on pre-exisiting conditions and drug histories and anything they can use to drop people into a higher risk group.

Check out what the from says the next time you see the doctor. Its been scary stuff for almost two decades. My solution is to cross it out, pay cash and if I have to deal with the insurance company, I'll do that directly.

By the way, insurance compaines can share info freely between themselves. This is also allowed for drug research.

Re:If you extend the situation ...

I worked for a bank for almost 4 years, and I have news for you: Banks sell your information all the time.

Your name, address, and any spending habits that they can accumulate are sold to other companies every day. You have to go to your bank and specify in writing that you do not wish for them to sell your information to make them stop. Banks don't need to go out of business to sell your information, because to the them it's just another revenue stream.

Re:If you extend the situation ...

[acidrain]

What country are you in?

Re:If you extend the situation ...

[jeffry_smith]

As I said in another reply, thank you for playing the game. What you describe is flat out illegal - you cannot be given treatment without your consent (and before anyone says so, yes, in an emergency, where you are unconscuous, or otherwise unable to make a decision, they can provide EMERGENCY, life-preserving treatment). Misuse of medical information is subject to massive fines. As I've actually worked, in this field, I actually have a clue as to how it works. By the way, the law is the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Re:If you extend the situation ...

[Rasputin]

Doctor: No. Thats strictly regulated.

Yes. In the US it is strictly regulated. Most doctors offices however, require you to sign a release to share information with your insurance company. Where does it go from there? What if your employer carries your medical insurance? Remember that your Doctor has information that is more sensitive than your credit rating...

Telco: Not if it could constitute part of a credit rating. And telephone communication is protected as private communication. So there isn't much they could release there.

USWorst Communication (among others) just won a "free speech" lawsuit that allows them to pass your personal information around. For the moment it appears to allow them to share YOUR information with their subsidaries. The future, however, looks wide open.

Re:If you extend the situation ...

[bigdogs]

Banks sell your information all the time.
Well I'll be dipped in shit! You're right!!!
I just cruised over to my bank's web site, and sure enough, they said they do it. They also provided an address to send requests that they don't sell your info. My letter's already printed out.........

Re:If you extend the situation ...

[thogard]

Yes the law is strict about infractions. Its just that the typical wavers let your doctor send that info to about 1/6 of the American population and still be legal. The other 5/6 could involve heavy fines.

Re:If you extend the situation ...

[jeffry_smith]

Thank you for playing the game. The law is extremely strict in terms of medical info. I used to work in that field - the penalty for misuse of medical information is $250K / incident. This includes release of information for whom the patient (i.e. you) has not authorized release (that's why every insurance signup has a statement for you to sign authorizing them to get your medical info). Your sharing for drug research - this is always non-identifiable data (i.e. it cant' be traced back to a particular individual).

Re:If you extend the situation ...

[Shirotae]

does this mean that:

• if your doctor's clinic folded, he could sell your patient info?

There seems to be some protection of patient records in the USA - I found this ABI Testimony before Senate Judiciary Committee which seems to say that you can't just transfer the records to anyone.

I vaguely remember this situation arising a while (at least a year, probably two or more) ago, but I don't remember in which jurisdiction, or what happened. All I can remember is that there was a fuss about patient records being sold to some company that was not another doctor's practice.

Data is an asset

[michael.creasy]

At the end of the day data accumulated by the company is an asset. When they go into recievership they have to sell off all their assets in order to pay what they owe, this includes whatever data they have accumulated on their clinets. IANAL but I doubt there is much you can do about it, if they said they weren't going to pass on your information while they were trading, but then go bankrupt and do pass it on, you can hardly sue a company that no longer exists.

Re:Data is an asset

[skion_filrod]

Hmmm., please tell me more:
I am by now way a legal expert, but if I understand you correctly a company can promise their customers almost anything concerning the handling of their customers information and data, but as soon as they go bankrupt they don't need to follow any agreements made with their customers?

Do you have any references to actual law or practicies in this case? Who decides that the "protected" data is an asset that may be sold - is the company or a legal institution? Is this specific for US law?

Basically, I am not surprised that these things happen - if a company can use a loophole in the laws and make money out of it they will. The only way to make them not do it is to make laws that regulate what companies can do and can not do.

I have never quite understood those opposing laws and regulations, claiming that "consumer power" and other public pressure will keep companies on the rug.

Overview

1. Many sites do not phrase their confidentiality/information use policies as contractual provisions, but as "policies", which they can essentially change at any time.

2. Most sites that do phrase their confidentiality/information use policies in contractual terms also provide that the site can change its contractual terms upon notice.

3. Almost no sites (except perhaps closed B2B networks) would have policies that were contractual and could not be amended w/o user consent.

4. Monetary damages from breach of a confidentiality provision are very difficult to prove. Accordingly, in real confidentiality agreements (for instance, between a VC and a company it might fund -- though even these tend to be quite sloppily worded), the disclosing party is often given the right to "specific performance", that is the right to obtain a court order preventing the disclosure. In the absence of an agreement as to entitlement to the remedy of specific performance, courts are reluctant to grant relief other than monetary damages.

5. Assignment of contracts can happen by execution of an assignment document or via the acquisition by merger of one company by another. Such assignments would not, in general, result in the amendment or waiver of the terms thereof.

6. Real contracts will often contain prohibitions on assignment without the consent of the non-assigning party -- I would doubt that any site terms have non-assignment provisions.

7. In bankruptcy, the ability of creditors and other obligees (persons to whom obligations are owed) to enforce their rights can be temporarily stayed, but I would not think that a bankruptcy court would allow a contractual provision to be avoided in an irreversible manner (for instance, allowing information to be disclosed in violation of a confidentiality provision).

8. I suspect what happened here is that the confidentiality policies were mere policies and not traditional contracts. As such, users were relying on the honor of those running the sites at the time.

9. I believe the eTrust system merely certifies that a site has policies that it follows and does not certify as to the content of those policies. Obviously, what is needed is a substance-based policy certification system -- for instance, requiring any certified site to have confidentiality provisions in true contractual form, specifically enforceable by users. Unfortunately, these certification programs are sold to sites, not to users, so there is little incentive for sites to adopt policies stronger than the eTrust fig leaf.

Ready the opt-out link, captain!

[Oscarfish]

http://www.doubleclick.net/optout/def ault.asp

Follow the link above so that DoubleClick will issue you a cookie with the string id=OPT_OUT. This will prevent DoubleClick from doing its "DoubleClickish" tracking and serving, and rather just serve you banner ads straight out.

And, yes, I'm aware of the irony of me making a post like this when my site is full of DoubleClick code :)

Re:Ready the opt-out link, captain!

[ncc74656]

I actually used to [redirect ad sites to localhost in /etc/hosts], but a number of sites stopped working completely for me - instead of loading a broken image or whatever for the banner, I got a full page error message, and no web page.

I've been using squid for a few months to filter out ads and keep cookies from being set; it's worked really well. It hasn't broken any sites that I can recall, and it's cut out most of the clutter and third-party cookies. You still need to check periodically for third-party cookies as new ad servers are put online, but I've gotten most of the current sites loaded into it. It even strips out the annoying host-navigation frames put up with sites hosted by the likes of Xoom and AOHell.

Here's some info on configuring squid as an ad-blocker. My list of blocked sites is here. (I've tweaked the redirector script to support a NULLHTML tag that causes a file containing "<html></html>" to be returned...it's a simple hack, and I don't know squat about Perl.)

_/_
/ v \
(IIGS( Scott Alfter (remove Voyager's hull # to send mail)
\_^_/

Re:Ready the opt-out link, captain!

[Chalst]

127.0.0.1 is normally the loopback device. So you can configure Apache to do whatever you like with these addresses.

Re:Ready the opt-out link, captain!

[Fist+Prost]

And, yes, I'm aware of the irony of me making a post like this when my site is full of DoubleClick code :)

How 'bout the irony of you posting this onto a site where the submitter of the story warns you about it when *THEIR* site is full of doubleclick code. users.pl?nick=Interiot had a sid about this (sid=doubleclick) a while back, but noone seemed to care too much. Anyway the ad I'm getting at the top of this page is from "focalink" which AFAICT looks to be about as pervasive, if not invasive (I really hate having to browse on public terminals:/).

So what ever happened to Ad-Fu? BTW I'm not blaming Emmet on this, but I found that pretty funny myself. Not funny ha-ha mind you...

Re:Ready the opt-out link, captain!

[gwalla]

They're out to make their business more efficient so clients don't waste thousands on sending ads to people who will never use them.

Wasting thousands? It costs effectively nothing to send bulk email. That's why it's such a big problem compared to physical junk mail, which costs quite a bit to send, even at bulk rate.

---
Zardoz has spoken!

Re:This could be fixed

[blameless]

Why do they need our private info anyway?

When we purchase something online, all the vendor really needs is a credit card # & expiration date. Couldn't the card issuer act as the 'information escrow', since they already have the data on file?

a little late for the warning...

[SethJohnson]

The doubleclick controversy is a little over... The last I remember of it was that you could opt out of their system and then under criticism they vowed to abandon their plans to maintain cross-website tracking data.

Whether this is true or not, it's a little silly to include the doubleclick warning on just this reference while perhaps 80% of the links on slashdot are pointing at external sites using doubleclick.

Seth

Industry self regulation

[Betcour]

Another blow to the "industry self regulation" supporters. Maybe sometimes they'll understand that capitalism without limits is just crap. Some things need to be moderated : when it comes to the economic rules, only an elected organisation should set the rules, not the players of the game themselves (aka corporation).

Re: "Banks sell your information all the time."

That reminds me of the last time I opened an account at the local BofA. I told them I wanted the "don't sell my info form", and they gave me this BS saying they were out of the forms. I then told them that I would not open an account unless they gave me the form. Guess what, they found an extra copy of the form in the back (yeah right). Of course it did not end there, they continued to send me mail asking me to sign another form that said they could do whatever they wanted with my data. They claimed it was so that they could provide "better service".

privacy ineffective, need other legal protections

[jetson123]

While I think this kind of data should be protected (in fact, companies should not be permitted to keep it), I also suspect that protecting privacy is ultimately not going to work. The major worry, I think, is discrimination in insurance and employment.

If, say, medical insurance companies were required to set rates only based on their age, how long they have been insured, and (perhaps) state, and no other information, it wouldn't matter what kind of access they had to your medical records.

That's, in fact, how private medical insurance works in many countries. Insurance companies can still compete in all those areas where companies compete well in the free market: lowering costs, improving service, etc., they simply don't have the information to cherry-pick low-risk customers and leave the high risk customers to the public system.

Accounting and Goodwill

[LL]

If there is a qualified accountant out there, perhaps they can inform us of how "goodwill" is treated during a company liquidation? My reading of the situation is that goodwill is trust and customer satisfaction that has accumulated over time (remember these .con companies have only existed for a few years) and can be priced into the "intangible" value of a company. Thus when a company gets taken over (ie new owner - moral stance open to question), it is written off over a period of time due to fact that they have to reestablish their credibility. Now if a company goes kaput, does this goodwill dissipate immediately and only the hard assets (like name/customer databases) exist? Or can you count on further transactions as in the Amiga fan base with its Lazarus effect? If you discount goodwill by only valuing immediate short-term gains (Flogging off the users for spam listing) then are you in fact destroying whatever residual long-term value there is?

I would really like to know how the bean-counters value "software" or even "internet" plays as it seems a nebulous concept at times.

LL

Re:Accounting and Goodwill

[SEWilco]

Sometimes goodwill is not "written off", as the new company may use the names of the old companies in ways which preserve the goodwill value. Often both names are merged, but sometimes the name with the most value is chosen despite the original names and investments.

You mentioned the eternal Amiga name. You might remember that U.S. Robotics reappeared recently.

Sometimes it's even more obtuse -- some years ago a bank in New York was acquired by a much larger bank. Well, it was attempted. But someone realized that the original charter of the ancient smaller bank had a clause that required it never be sold. So the whole deal was restructured such that the smaller bank "acquired" the larger bank.

Free osm!

[Avian+Chaos]

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? f

You flame Slashdot for posting a story about a Good Cause, rather than something obscure and self-absorbed.
The post's initial score is 1.
Your comment is moderated "Overrated".
Your comment is moderated "Underrated".
The post's final score is 1.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment questioning the sanity of anyone who doesn't open-source their code.
The post's initial score is 1.
Your comment is moderated "Informative".
Your comment is moderated "Interesting".
Your comment is moderated "Informative".
Your comment is moderated "Interesting".
The post's final score is 5.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? t

You post a troll offering free advice on marketing Linux.
The post's initial score is 1.
Your comment is moderated "Informative".
Your comment is moderated "Informative".
Your comment is moderated "Funny".
Your comment is moderated "Insightful".
Your comment is moderated "Troll".
The post's final score is 4.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? s

You submit a story idea about Microsoft's latest legal battle.
Your submission is rejected.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? t

You post a troll which disguises a link to natalieportman.com as information about a database program.
The post's initial score is 1.
Your comment is moderated "Flamebait".
Your comment is moderated "Redundant".
Your comment is moderated "Insightful".
Your comment is moderated "Informative".
Your comment is moderated "Overrated".
The post's final score is 0.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment questioning the sanity of anyone who doesn't open-source their code.
The post's initial score is 1.
Your comment is moderated "Insightful".
Your comment is moderated "Underrated".
Your comment is moderated "Insightful".
Your comment is moderated "Informative".
The post's final score is 5.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? e

You metamoderate 10 random comments.
You metamoderate randomly, without reading the comments.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? u

Your karma is currently 10.
You have posted 5 comments.
Your user bio pretends to accidentally show your four-digit karma.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment that includes moderation buzzwords such as "information" and "insight".
The post's initial score is 1.
Your comment is moderated "Interesting".
Your comment is moderated "Interesting".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? t

You post a troll in which you expound upon various erroneous legal theories.
The post's initial score is 1.
Your comment is moderated "Underrated".
Your comment is moderated "Funny".
Your comment is moderated "Overrated".
Your comment is moderated "Interesting".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? w

You write a story that casts Slashdot moderators as conspiring villains.
The post's initial score is 1.
Your comment is moderated "Overrated".
Your comment is moderated "Overrated".
The post's final score is -1.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? e

You metamoderate 10 random comments.
You rate good moderations "unfair" because you don't like the choice of adjective.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? n

You post an exquisite metaphor in which you relate the topic at hand to a date with Natalie Portman.
The post's initial score is 1.
Your comment is moderated "Redundant".
Your comment is moderated "Offtopic".
Your comment is moderated "Insightful".
The post's final score is 0.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post an on-topic comment within the first 25 of the story.
The post's initial score is 1.
Your comment is moderated "Interesting".
Your comment is moderated "Interesting".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? j

You make a joke about $3 crack.
The post's initial score is 1.
Your comment is moderated "Insightful".
Your comment is moderated "Offtopic".
Your comment is moderated "Insightful".
Your comment is moderated "Underrated".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? e

You metamoderate 10 random comments.
You rate every moderation as "fair".

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? j

You make a joke about $3 crack.
The post's initial score is 1.
Your comment is moderated "Redundant".
Your comment is moderated "Troll".
The post's final score is -1.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? e

You metamoderate 10 random comments.
You overturn valid moderations for first posts and "This link is more informative" posts.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? e

You metamoderate 10 random comments.
You rate good moderations "unfair" because you don't like the choice of adjective.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? t

You post a troll which credits the U.S. for "saving Europe's ass in WWII" and inventing the internet.
The post's initial score is 1.
Your comment is moderated "Informative".
Your comment is moderated "Offtopic".
The post's final score is 1.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? f

You flame someone from another country.
The post's initial score is 1.
Your comment is moderated "Troll".
The post's final score is 0.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? m

You pack a pipe full of $3 crack and kill some hard-earned moderator points.
You suffer the slings and arrows of outrageous metamoderation.
You lose 7 karma.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? n

You post your honest opinion on the MP3 debate.
The post's initial score is 1.
Your comment is moderated "Insightful".
Your comment is moderated "Interesting".
Your comment is moderated "Redundant".
Your comment is moderated "Interesting".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? f

You flame CmdrTaco for a grammar or spelling mistake in a story.
The post's initial score is 1.
Your comment is moderated "Troll".
Your comment is moderated "Overrated".
Your comment is moderated "Funny".
Your comment is moderated "Offtopic".
The post's final score is -1.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment that uses Microsoft as an example of how not to do... well, anything.
The post's initial score is 1.
Your comment is moderated "Funny".
Your comment is moderated "Funny".
Your comment is moderated "Underrated".
Your comment is moderated "Insightful".
The post's final score is 5.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment questioning the sanity of anyone who doesn't open-source their code.
The post's initial score is 1.
Your comment is moderated "Funny".
Your comment is moderated "Funny".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? m

You pack a pipe full of $3 crack and kill some hard-earned moderator points.
You suffer the slings and arrows of outrageous metamoderation.
You lose 6 karma.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment that uses Microsoft as an example of how not to do... well, anything.
The post's initial score is 1.
Your comment is moderated "Underrated".
Your comment is moderated "Insightful".
The post's final score is 3.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? e

You metamoderate 10 random comments.
You rate the moderations according to your personal preferences and beliefs.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? n

You post a calm, rational, insightful analysis of why Linux is not yet ready to be a desktop OS.
The post's initial score is 1.
Your comment is moderated "Offtopic".
Your comment is moderated "Offtopic".
Your comment is moderated "Insightful".
Your comment is moderated "Funny".
Your comment is moderated "Offtopic".
The post's final score is 0.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? k

You post a comment questioning the sanity of anyone who doesn't open-source their code.
The post's initial score is 1.
Your comment is moderated "Informative".
Your comment is moderated "Insightful".
Your comment is moderated "Informative".
The post's final score is 4.

You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
? u

Your karma is currently 9.
You have posted 21 comments.
Your user bio pretends to accidentally show your four-digit karma.

You have been bitchslapped by sengan!
Your days of posting in the sun are now over.
You are forever doomed to post at -1, and your trolls fall on deaf ears.
That is, until you create another account....
Before your bitchslap, your karma was 9.
You posted 21 comments.

This could be fixed

[X]

If personal information was kept in some kind of escrow system with guarunteed expiries and the like.

Ultimately you're always vulnerable to bancrupcies, but presumably a places like Verisign are more likely to exist than Boo.com... ;-)

lets spam them back

[thommw]

How about spamming them back. I have not actually tried it yet, but couldn't you create millions of bogus user ids in their database with a simple perl script. That would make their data worthless.
I already use junkbuster, so there is no problem for me, but there are millions of people who don't have a clue what a cookie is.

Re:lets spam them back

[Malcontent]

That's a good idea how would you go about doing this?

Re:Privacy and laws

[CaptainZapp]

Yeah, but you know, privacy laws hurt the economy and impact the right of major businesses to make money and infringe on free speech and if you have nothing to hide why do you need privacy laws in the first place and lahdidadida...

On second thoughts I'm damn glad to live in a country where laws value the right of an individual higher, then the one of corporate greed freaks to get bigger and richer by violating my privacy.

Exchanging info for services ?

[Phallus]

Could you not argue that you are exchanging your information in return for access to the services the company provides?

tangent - art and creation are a higher purpose

Re:Browsing with Cookies Disabled is Useless

[Effugas]

"Either block all cookies or allow them all or get nagged every five seconds for each individual cookie."

Getting nagged every time is an intentional tactic to make you accept all cookies. What appears to be badly programmed and incompetently designed is actually intentionally annoying--they're spoofing privacy and inconvenience and trackability as ease of use. That's actually interesting.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re: doubleclick, et. al.

[jilles]

Interesting approach, this would really be nice to have in the form of a net nanny like application that block privacy intruding sites rather then porn. I once turned cookie notification (turning off is not an option for me becaus then I loose customization on a lot of sites), but after an hour or so I got fed up clicking OK/Cancel for each site so I turned them on again.

Another thing that would be nice is if you could choose which sites are allowed to store cookies and which not (and make the browser remember what you choose). E.g. I want slashdot to remember my settings but CNN.com has no business setting cookies in my browser (I hate their customized site so i don't use it anyway).

Those two things combined would solve some of the privacy intrusions. Of course, as soon as you fill in forms on e-commerce sites, you have no control so be carefull what information you provide. I generally use the need to know principle: only provide the information that you really have to provide. If you need to fill in three pages of information just to buy a book, buy it somewhere else. Also i use a special email address that I provide when untrusted sites require an email address (sometimes I just provide bla@bla.org if I'm annoyed). This helps preventing spam (works quite well for me).

In any case I think the solution for the problem mentioned in the article is that Truste sues the companies trading information (which I assume is not in line with what Truste allows). This would re-establish them as a good brand and may increase the trustworthyness of their other customers.

A BBS did this to me a few years ago

[pixiepuck]

Yeah, "back in the day" one of the BBS's I had joined folded and they sold their membership database to a bulk mailer. The way I found out was that I started recieving all this junk mail - then AFTER that I got this slimy little apologetic letter.

The one that really made me paranoid was not computer related at all. I was on the mailing list for an 'alternative' mailorder bookstore that sold books of bomb recepies and zines about serial killers and all that other fun stuff. One day I recieved a letter that said they had been raided by the cops because they had a banned issue of Answer Me! and that the cops had taken a copy of the mailing list.

They know where you live maaaannn ......

You're missing the point

[leshert]

The answer is yes. You're looking at this the wrong way. Let's say another bank buys your bank. Are they going to close all the accounts, send your $37.98 back to you, and say, "Hello. Your bank doesn't exist anymore, and we don't own the records to your account. Would you like to open an account with us?" If that were the case, there would be no reason to buy a bank in the first place!

A company "folding" in each of these cases just means they sell to someone else at a discount to their actual value. As I see it, the problem isn't with them selling the accounts/histories/data. It's whether or not the new company is willing to abide by the same ground rules. This could very easily be negotiated into the agreement between the old {.com|doctor|ISP|telco|bank} and the new one.

This has actually happened to me with a doctor's office. The old doc retired and sold out to a new doctor, and included all my records. A good thing, because when I went to the new doctor, there was no break in service. The new doctor was bound by the same legal restrictions on sharing information as the old one, however!

I can see a bigger problem when a business goes under, liquidates, and as part of the liquidation sells customer information to inappropriate parties, with no strings attached. But let's make sure that's what we rail against, not just selling the information to the party who buys the business.

Re:Going out of buisness sale

[Felinoid]

I agree with 1 but not 2.

You BIO should become public knowladge under certen situations. [Running for office.. etc]

Unatherised bios are pritty commen but pritty petty...
and restricting your bio would effect your friends, famalys, assosiats and enemys more than it would effect companys as they know more about you or at least have more to say about you.

"Oh my dear Felinoid.. that wonderful kid.. allways buying techno mags" - Mom
"Playboy, Sluts Inc, Chains and Whips" - Publishers Clearing house
"Chains and Whips IS a tech mag.. I sware" - me...

Accually the above is for illistration.. I only buy busness mags vea publishers clearing house and my mother is totally aware of the kind of stuff I read.

I personally kinda signned off any rights to my bio when I ran for office. I lost I won't run again. But I'm public data now...
So I'm kinda bies :)

Re:doubleclick

[Darguz]

Better yet, install a cookie monitor utility such as Cookie Pal. I've been using it for almost a year, and I love it.


--

Kill your cookies AND log in Slashdot

[Felinoid]

The KDE browser (and some other browsers) allow you to "reject forever" or "accept forever" cookies. So you can select on a case by case basis.

So unless your logging into a website.. "reject forever" and you'll be happy :)

Duh! CookiePal cookie filter

[ChrisCampbell47]

I am routinely amazed that all this cookie crap is still in the press. Cookie filtering via CookiePal has been around for over three years, and yet people still talk of turning off cookies in their browser before going to a particular site. Let CP do the work -- and let the cookies you WANT/trust go through (i.e. SlashDot).

Of course, it's a Windoze-only solution; works with the following browsers according to their web site:

• Microsoft Internet Explorer 3.x, 4.x and 5.x
• Netscape Navigator 3.x and 4.x
• Opera 3.x (Limited support - View and Delete cookies only)
• America Online 3.0, 4.0 and 5.0 for Windows 95/98
• CompuServe WinCIM 3.0.1 and 4.0 and CompuServe 2000.
• Symantec Internet FastFind
• Headliner

.. and can be customized by the user to work with most other 32 bit Internet software which uses cookies, including e-mail programs such as Outlook and Eudora.

Costs a couple bucks after a trial period. To paraphrase JWZ, other solutions are free only only if your time is worthless ...

A Matter Of Trust

[bee]

This is why companies shouldn't gather this kind of information in the first place, and why even the most honest and trustworthy of companies are not to be trusted. Simply put, unless it's absolutely necessary for the company to do business, no company should be collecting data on people.

I'm reminded of the old Cold War scenario where the US has negotiated some critical arms agreement with the USSR, and thanks to the good leader of the USSR at the time, they are abiding by the arms agreement even though it's hurting them drastically-- until one of the top lieutenants puts a bullet in the leader's head, becomes leader himself, and proceeds to shred the arms agreement and launch missiles/build the ultimate bomb/whatever.

---

Re:A Matter Of Trust

[titus-g]

Something similar is happening right now (son of star wars), the only difference is that it is actually the US that is conveniently assuming that the agreement is no longer binding.

This is semi relevant to the privacy thing, small company has privacy agreement, has to stick to it or the publicity would kill it (how long would /. last if they sold our emails?), small company bought by bigger one for whome a few lawsuits are a minor irritation, and can use their marketing to get more new users in a week than they are going to lose in a year through dodgy practises.

hmm now is that a crap analogy or what? basically when you get to a certain size country/company you can write your own rules.

Hmmmm conspericy?

[Felinoid]

Yeah thats kinda scary...

For a silly (yet sereous) note...
After all the weak DotComs sell off colected information....

COM collection copration... we sell databases full of all the information colected by the dot coms...

It is pritty scary....

So who's gona buy your Amazon records?
Who will buy you CD Now data?

Hay... All you people who have my.mp3.com accounts... wouldn't you just LOVE to let some record company buy out a record of YOUR cd collection?

"hay he has lots of punk rock.. and dosn't have any 'Smelly Boot' CDs... let's go sell him some Smelly Boot..."
"But I don't like Smelly Boot..."

or worse... people buying 1970s Disco [Ohh yuck.. ok bad tast to start with] get ads for 1960s Disco [It gose by a diffrent name I just don't know it becouse I was born in 1969].. I heard some of it... Trust me.. even if you LOVE 1970s Disco... you won't like the 1960s counterpart..
(Yes they call it Disco... they didn't back then but they do now.. I guess the lable was stapped by someone who hates both...)

I wonder if the FTC will care...
This is an OLD busness practace...
When my ex-employer was sold they did nothing more than sell the database, the name and the main office. Everything else got sold to other companys. Not a big issue as the information stayed with the name. But for any real sense of being the company no longer exists.

I'm sure you'll find when any given company folds the costumer records are right there for anyone who has the money.

What does TRUSTe matter?

[seebs]

Are you trying to imply that TRUSTe certified sites don't break their policies, change them without notice, and/or have sucky policies anyway?

eBay broke their policy, changed it without notice to allow for what they did, then broke the new policy anyway. They still have a seal. I don't think you can consider TRUSTe to mean anything.

As I understand it, there has been some talk of forming a seal program with a funding source other than the companies reviewed. It might mean something.

Honestly, what would surprise me would be if a company that *didn't* have a TRUSTe seal suddenly turned around and broke its policy. For some reason, I've never had privacy problems with a company that doesn't have one of those seals...

Re:Browsing with Cookies Disabled is Useless

[blakestah]

Mozilla does this just fine.

In fact, I have mine configured to
1) automatically reject off-site cookies
2) Ask me before accepting any cookie
3) Remember which sites are allowed to set cookies.

I only use cookies when they offer some benefit to me, the consumer. 99.99% of all cookies only offer benefits to the server. And that should not be mandatory. Mozilla seems to develop more for the benefits of the consumer.

OK, honor system :)

[hawk]

Don't read my postings in these threads until you send me $1 :)

hawk, esq.

Re:OK, honor system :)

[donutello]

These opinions will not be those of Penn State until it pays my retainer.

Funny, your webpage is on Iowa State's website - I'm guessing you probably work/study both places?

Re:OK, honor system :)

[hawk]

My webpage is still on my former boss's machine at ISU. I had a one-year visiting position last year, so it made more sense to leave it all there while still on the market (that, and ISU's connection is *far* more stable/reliable than UNI'
s).

Sometime in the fall I'll probably move it here, but that probably won't happen unitl I have new content for my classes on my as yet unordered new machine.

Lawyer: who owns what

[hawk]

I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.

There are a number of factors at play here. The bottom line will be that, for the most part this data cannot be sold.

Forming a contract is *very* easy. Put up a message that says, "give me this information, and I promise not to reveal it," and you have an offer. Anyone providing the information accepts the contract, and the recipient is contractually bound not to reveal it. Selling it would be a breach.

Given a breach, the consumers would be entitled to "specific performance," a court order enforcing the terms of the contract.

But then comes bankruptcy, which can do all kinds of strange things to contracts, setting aside large parts of the contract, which *might* allow a sale--but this introduces a new catch, namely that every single person who provided a name becomes a creditor with rights in the bankruptcy.

There's a couple of ways that this could play out. It certainly isn't crystal clear that privacy wins, but my money is on privacy. Given that the expectation of continued privacy covered the gathering of the information, the potential sale of that information could not have been looked upon as an asset by the other creditors. THere's a couple of ways to reach this, the simplest being the contract.

Sale of the *entire* company might be a different matter. If thugs.com branches out from lockpicks to handgus, would they have been allowed to use the information they gathered to promote their new product line? If so, the entire company can probably be sold, and the new parent company can likely use the information in a similar manner. If not, the new parent company would be similarly barred from the information.

hawk, esq.

Re:Lawyer: who owns what

[AndrewD]

I'm a lawyer too. The above is entirely correct, and I endorse it (like hawk, I recommend you see a local lawyer if you want specific legal advice.

A point specific to UK law that Mr. Hawkins has missed, being a US lawyer: the Data Protection Act, and its parent legislation, the EU Data Protection Directive.

At least one of the dot.coms referred to was UK based (boo.com) and had (or ought to have had - I'm too idle to go check www.dpr.gov.uk) a Data Protection Register entry.

What the Act says is (gross over-simplification comin' up) that dealing in any data that can identify a human being without a registration, in breach of the limits to your registration or in breach of the principles of fair data processing is a criminal offence: this applies in the UK and in any part of the EU that has enacted the Data Protection Directive into law.

One of the principles of fair data processing is that the processing of data must be on the terms that were notified to the subject when the data were collected. In other words, in the UK privacy policies are binding.

(There are also civil remedies, but s.11 "Right to Prevent Data Processing for Direct Marketing" isn't in force yet. Damn.)

I much suspect that Action Will Be Taken shortly, albeit that this will amount to bolting the stable door with the horse accelerating toward the horizon.

Card Number, please?

[icing]

Can I buy some Visa/Master Card numbers and expiration dates?
Oh, it's already on eBay. I see...

Privacy and buyouts/mergers

[khym]

From the article:

"CraftShop promised that it wouldn't release the names without approval," Mackey said. "So we just can't take the names and sell them to anyone interested. We couldn't deal them independently. (The company name and customer list) had to go together."

While such a transfer may be perfectly legal, some privacy advocates find that to be little solace.

Such a sale is taking advantage of a loophole, according to Andrew Shen, policy analyst with the Electronic Privacy and Information Center (EPIC), a privacy watchdog group based in Washington, D.C.

"This is why the (Federal Trade Commission) act is not a sufficient manner in which to protect privacy," Shen said. "We need stronger laws to prevent the exchange of customer information when companies merge or are sold."

An area like this can get complicated. If, say, little.com says it won't share it's customer info with anyone, and big.com buys little.com, I don't see any reason why they should just have to throw out little.com's customer info at that point; little.com has just become a part of big.com, so big.com should be able to inhert little.com's customer info (with all the original privacy argreemts on it still legal binding on big.com).

But if, say, marketing.com buys the little.com "name" along with it's customer info, they shouldn't be able to set up a subsidiary "little-marketing.com" which markets to the customers of little.com as little.com; that's violating the spirit of the agreement, if perhaps not the letter of it.

Looks like places like TrustE will have to get some more comprehensive (and, unfortunatly, more complicated) privacy policies for dot-coms to follow.

Suppose you were an idiot. And suppose that you were a member of Congress. But I repeat myself.

how could this be considered as dividing "assets"?

[jesterzog]

Note that when a company is bankrupt, its assets are divided up and sold off according to what the court orders, and may not have much to do with what the company tried to promise.

I'm not a lawyer, but if the company was not legally able to sell someone's private details before it went bankrupt as per a privacy agreement, I can't see how it could be considered an asset. If anything, it's a liability because the information would have to be destroyed or withheld from people who wanted it illegally.

If this is true, how could any court treat it as such to be broken up and sold to pay creditors Isn't this whole thing more about what's in an original privacy agreement than what a court orders?

An ecological perspective

[Shoeboy]

I think we can all agree that advertising is a nuisance and that it's getting worse. The blinking thinkgeek ad at the top of this page is a prime example. The problem is that it's going to keep getting worse.

Companies can be considered as a type of evolving organism. They mutate through policy changes and reorgs. (which in big buisnesses are essentially random :) They reproduce when key personell leave to found (or join) startups. Mergers and spinoffs are a good equivalent for the genetic exchange that parameciums do (I forget the exact term)

The problem is that companies are competing for a scarce resource (our money) and must convince us that they are the best. It's quite similar to sexual selection. We have lekking companies located in malls, territorial harem keepers that brutalize their competitors (Microsoft is like an elephant seal?), and peacock style attention demanding companies (peacocks). These companies are locked in a red queens race against each other and must become more and more agressive to keep up. The first company that stops polluting the airwaves or collecting detailed consumer info loses. We're long past the point of diminishing returns, but no one is slowing down -- it's an arms race. It's going to keep getting worse. privacy will be invaded, senses will be assaulted and every public place will be filled with televisions. The only thing that can make it stop is for customers to be repulsed by these practices and that won't happen since the companies you purchase from impact your social status and chances of reproduction. (I'm not saying designer jeans will get you girls, but homespun hemp will sure as hell limit you to hippies.)
Consider the peacock's tail, it won't get any shorter as long as the peahens prefer long tails, and peahens who settle for short tailed males will have short tailed sons that don't reproduce.
Basically civilization is doomed.
I really shouldn't listen to the Dead Kennedys while reading Dawkins.
--Shoeboy

What is the legal status of a privacy policy?

[seldolivaw]

We know that "privacy policies" are voluntary; they are supposed to be a model of self-regulation -- the industry just has them, it wasn't forced to. But what is their legal status? Are they just empty promises? If you have a privacy policy and you violate it, what happens? If nothing happens, then that's a compelling argument for making privacy policies compulsory or, more sensibly, making violations of them an offence: you don't have to publish a privacy policy, but if you do, you have to stick to it.

doubleclick

[UnrefinedLayman]

The article makes mention of doubleclick and turning cookies off. Simple solution (for those of us able): if you have a firewall, configure it to block all communication with doubleclick.net and 208.211.225.89.

Going out of buisness sale

[Money__]

Been to New York? Times Square? Right around 42nd street there's a bunch of consumer electronics stores with huge banners in their windows that say "Everything must go!" "Going out of buisness".

The amazing thing is these stores and their signs have been there for years and a handfull of owners take turns selling the store to each other thus making it legal to have a propetual going out of buisness sale for the times square tourists who think they're getting a deal.

As users of the internet, we're like a bunch of tourists. We pull into town with our browsers, drop off a little peronal data, and zip off to the next site before we remember the name of the site.

This is why:

1) By law companies should have attain my informed consent before collecting information from me.

2) The copyright and distrobution rights to my digital biography should remain mine untill I relinquish that right to a 3rd party.

When it comes to colecting information, think of your digital biography like loading a progresively interlavced GIF or PNG file. With a little information, a vague outline the picture becomes clear. On the next pass, as more data is filled in, some smaller details become understandable. With all the data in place, a complete picture of the persona life comes on-line. It's a picture of your life. You should have at least a little distrobution control.
___

I think this goes both ways, though

[jesterzog]

I think I can see what it's getting at, but there would still have to be lots of complications. Personally I don't have too much of a problem as long as the information is still used within the entire agreement that it was collected under.

The problem is exactly what the agreement said. How much was actually said against how much was implied? Did the original company actually state that it would not start sending mass spam mail about illegal money making schemes, or did it only imply that it it would only send regular news updates?

That said, as long as the "little-marketing.com" is still bound by the agreement with the customer and is not allowed to sell details to another "mass-spammer.com", it's presumably also bound by everything else in the agreement with the customer to provide all the same services that it was supposed to in exchange for the customers' information.

In other words, the clauses stating that "we will provide all these services that we said we would in exchange for your information", and "we will not send you marketing information unless you check this box" and so on.

Personally I think there should be some sort of law for situations like this where in every exchange, all customers have to be notified about the change of ownership and given the option to opt out.

My bank did this

[grahamsz]

A year or so back one of my banks, the TSB, was bought up by another, and along with this all my personal details were also sent to the other bank... including things like my credit card details!! shock horror :)

Things like this happen all the time in real life and it's perfectly normal for one company to take over another companies customer base after then go bankrupt.

Presumably though if you signed up at a site which said they would not sell your email address on to a third party, then anyone that buys that site up also will have to be bound to not sell your email address.

Re:See, I told you.

[Captain+Constitution]

By the power vested in me by the United States Constitution, I declare you a raging idiot.

The Captain

Re: "Slashdot should hire us a lawyer."

[Anarchofascist]

GOD how I wish I could moderate this up...

Spam them back? Waste of effort

[gwalla]

I don't think this would really work. Sure, you could create a sh!tload of false entries, but they're expecting that. Remember, these are the people who run webcrawlers to find anything that looks like an email address on as many webpages as possible. They're prepared for false positives.

The whole idea is that if they send an email to every person on the net, some sucker is going to respond and take the offer. If a bunch of messages go to waste, big deal. They were just entries on a bcc: line anyway, so the mail routing software takes all of the abuse.

Since most spam addresses aren't real, the spammers don't even see the bounce messages. The bounce messages just bounce back, burning up bandwidth and server time. The spam addresses that are real usually filter bounce messages, or aren't checked (in which case the actual reply address is in the body of the spam, if it isn't just a webpage ad).

You can't win this way.

---
Zardoz has spoken!

You've got to be your own protector

[yibyab]

You don't have to be a wizard to know you never divulge your personal information when you browse the Web. Use an insulating email address (in fact, I'm hooked on the "revokable" email forwarding service at SneakEmail.) Live under a pseudonym, use false demographics if the request bugs you, filter cookies or at least periodical wipe them if you don't want to be tracked or profiled (really, it's just the multi-session/cross site persistent cookies that are a problem). Hide your IP address with a proxy maybe (big list here). Filter or disable Javascript. The only time I'll cross the threshold and divulge my true identity is if I really need to spend money for something which is rare. Otherwise, they can deal with JojoIndianCircusboy, Dirk Diggler, or Art Vandalay. Don't rely on anyone to be your defender...least of all the one's promising to protect your data.

Regarding cookies

[Ancipital]

Have a look at www.junkbusters.com - they have a nice GPLed proxy that you can put between you and your squid (or whatever) that offers regexed banner/ad blocking and privacy features like finely-grained control of cookies.

I use it here, works like a dream.

http://www.mp3.com/tib - be lamer than lame

Re:Browsing with Cookies Disabled is Useless

[Chalst]

lynx has the best behaviour of all: it gives you four choices to each
incoming cookie: accept, reject, accept all from this site, reject all
from this site, plus it is very easy to change your mind about these
choices using the `cookie jar'. I wish there was a graphical browser
out there that duplicated lynx's functionality in this respect.

Re:Browsing with Cookies Disabled is Useless

[ncc74656]

The spasms that Windows goes into when you try to delete a cookie

What "spasms?" Here's a quick check:

• open c:\windows\cookies
• select a cookie to kill...such as jlvadmin@ad[1].txt
• press Shift-Del to delete it (this keeps it from going in the trash first)
• answer "yes" to the question that pops up, which is, "Are you sure you want to delete 'jlvadmin@ad[1].txt'?"

Looks like the normal file delete to me...

_/_
/ v \
(IIGS( Scott Alfter (remove Voyager's hull # to send mail)
\_^_/

Don't tell your computer anything about yourself

[acidrain]

My real name is literally non-existent on my windows partition, and in a few mail archives under debian. This paranoia of course precludes entering any identifying/demographic info into a web browser. The only case where I have given any personal info is buying a book from pre-patent-amazon. I guess that's it: if you don't trust them with your credit card, don't tell them which country you are in. And in that case use gtkcookie or just make a new account on your box. Which leads me to my next question. So what if Double Click pins a cookie on me? (I opted out anyhow) The information that they can get from that is that I read way too much slashdot.

Wonder what profiles there are of me out there online. I'd probably be a 73 year old Albanian woman who runs Linux. (In case you are wondering, I'm not.)

About CNEt and doubleclick

[josepha48]

"I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off." While this may be a good idea it is a little false. Cnet serves its own ads and has what are know as '3rd party ads' that flow through it site. Some of those ads are from doubleclick as well as other companies like adsmart.

On the note of personal information, just think how much info yahoo and slashdot have on you if you have an account on either. Slashdot know what sites you like as well as what authors you don't like, and what your opinions are. Hmm makes you think a bit. If you have yahoo mail, they have all your sent mail if they want to keep it as well as all your recieved mail if they want to keep that too. If you have any of their other services, like calendar or my.yahoo, they know more about you. The www is not an information trading formum. YOu want a service you must give up information on your self. If they hav laws about protecting childrenm why do we not start to implemnet laws to protect the adults as well?

send flames > /dev/null

Browsing with Cookies Disabled is Useless

[Effugas]

Unless you wipe out your cookie folder(yes, the one that says OH MY GOD DEAR GOD NO YOU'RE DELETING A COOKIE NO NO NO YOU REALLY DONT WANT TO DO THIS NOOOO care of Microsoft), cookies still function whether or not they've been "disabled" by the browser.

This behavior occurs in both Netscape and Internet Explorer, and of course completely contradicts expected behavior.

Browsers recently joined Crypto code in my eyes as things that companies have serious trouble being able to do securely once they get too big. Mozilla's hiring(they sent me a letter, not that I'm looking for new work). The thought of a functional browser that I can easily patch to not violate my privacy is more than tempting...we may really need Mozilla more for its security considerations than even for its standards compliance.

The bottom line may just be that browser makers are just be too vulnerable to the demands of unethical marketers. The spasms that Windows goes into when you try to delete a cookie; that cookies are still served even if they're disabled in the browser...these just aren't accidental bugs, and shouldn't be treated as such.

Thoughts?

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:Browsing with Cookies Disabled is Useless

[Effugas]

open c:\windows\cookies
select a cookie to kill...such as jlvadmin@ad[1].txt
press Shift-Del to delete it (this keeps it from going in the trash first)
answer "yes" to the question that pops up, which is, "Are you sure you want to delete 'jlvadmin@ad[1].txt'?"


Go check out IE4. Shift delete or not, the file manager used to scream(yes, exclamation points) "You are trying to delete a Cookie!! Are you sure?" for EVERY file you had selected. You either clicked yes or no for every single cookie; it was a modal dialogue that couldn't be cancelled en masse.

In short, it sucked.

I wasn't aware they had gotten rid of that.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Privacy and laws

[dabadab]

It always surprises me that the US laws has so little about personal privacy and the protection of personal data.
I guess something like this could never happen in Europe because we HAVE laws protecting one's data (to collect data about someone, you need his/her consent or you must have some law backing you (e.g. police, etc)) - and then, you can keep the data only so long as it is needed and you may not pass it on.
Time to wake up, and create some laws those only purpose is not to provide a living for lawyers but actually making the citizen's life better.

re: doubleclick, et. al.

[Gothmolly]

I just keep an eye on the status bar of Netscape, and if there are any hosts I dont recognize, or look sketchy, I put an entry in my hosts file like:
127.0.0.1 ad.doubleclick.net

Gradually you build up a defense to this sort of thing this way.

Filtering at the firewall by IP works well too, but can be trickier, since ad.doubleclick.net resolves to many different hosts.

Proactively "opt out"

[akey]

I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off.

Or use the Internet Junkbuster and selectively filter who you send cookies to. As a general rule, I don't visit sites that require me to accept a cookie unless 1) I really need something there, or 2) it's in my own best interests to accept the cookie. DoubleClick's cookies fall into neither of those two categories.


---