Shopping Online While Protecting Your Privacy?

Bart asks: "How can you shop online and protect your privacy? I have been trying without success for a few weeks to shop at the online site of the bigest supermarket chain here in England. My problem is that either I am not using Internet Explorer or Netscape or that I have set up Junkbuster to return a spurious user-agent. With this configuration I can visit my bank, transfer money and make payments, I can visit my two stockbrokers and make deals of up to 100,000 USD but I can't go to Tesco and buy cat food." It seems odd that certain places require a bit too much information from you before they will even do business. What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?

"Protracted e-correspondence with Tesco (apart from regular instructions on setting up Internet Explorer) revolves around bypassing the proxy and setting up a direct connection. As shopping online for mundane things like groceries gets more common and less the province of technically aware people, we can expect more and more intrusions like this into our privacy. Can anything be done about it?"

Re:What I recommend

Give a little, get a little? How bout, give them a little MONEY, get some cat food, and if they're not happy with that they can blow me.

It's their store!

Throughout this thread I have been seeing things like this:

I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.

If they have put in so much effort that they have customised the site for IE and NN, then they should put a tiny bit more effort in and deal with other browsers nicely, even if the site does lose a little bit of functionality.

Why fundamentally this may be true, as a web designer this "they should have done this" attitude really bothers me.

First, the comment above seems to indicate that the web developers should have spent more time on the project. Yet as pointed out here, this particular company seems to dictate the site requirements to the designers. Not much you can do there.

But even so, and perhaps more importantly, let's not forget that this is *their* store. If they only want to cater to a particular segment of the web population that is their right since they pay the bills related to it.

Just as the NYT, for example, loses lots of potential viewers with their give-us-all-your-info login requirements, this entity is perfectly within its rights to do the same. Just as you are, just as I am.

In other words, this is a non-story, nothing to see, let's get back to something really evil now. Like ummm... Microsoft on Linux. ;-)

Information can be neccesary

I work in an e-commerce business that sells virtual prepaid telephone cards online (i.e. you buy the card, and get the PIN# in your e-mail). When we started doing business 2 years ago, we collected very little information about our customers-- Both out of a respect for their privacy, and out of lack of infrastructure. However, as time went on, we realized that gathering as much information as possible is NECCESARY when conducting business online.

First, the rate of fraud for small and mid-size e-commerce businesses can be astronomical. While I can't give out exact figures, I can say that our percentage of fraudulent credit card transactions was well over 50-times what would be expected in a brick & mortar convenience store. To combat this, we had to develop an internal fraud detection system that uses lots of information to make decisions about customer orders. Some information can be verified against the credit card company's database (zip code, street number), but often this is not enough. If you've ever bought something online, or mail-order, then there are potentially thousands of people who have access to this kind of personal information. In addition to the billing basics, our system also has to look for funny-sounding or celebrity names (almost always fakes), incorrect telephone numbers, hotmail/yahoo e-mail addresses, etc. Even with all of these precautions, some fraudulent orders slip through the cracks, though our fraud-rate is now the lowest in the industry.

Second, in order to successfully grow our business, and to market ourselves correctly, we must know our demographics. This includes everything from web-browser settings to ethnicity. For instance, if we know that 87% of our users use IE4 or above, and 99.5% of our users have JavaScript enabled, it allows us to design our website accordingly. For a mid-sized company, it can be impossible to invest the time and effort required to make our website compatible with every possible combination of settings. If we know that 25% of our customers buy calling cards for Pakistan, we are then able to specialize better products for that market segment, and to improve weaknesses in other areas.

Of course there are some companies that do not require their customers to give this information out online. The example of the stockbroker mentioned in the initial post is not a good one. Any trading account that someone opens requires a mountain of paperwork and personal information. They know your drivers' license number, what banks you do business with, if you have good credit, even your mother's maiden name in some cases.

Gathering personal information in retail e-commerce is not required only if your company 1) knows its demographics very well already, 2) has enough $$$ to address a mass market at once, and 3) has little or no chance of fraud, or likewise little or no consequence of fraud. For instance, a company that sells development software online with virtual delivery. It knows that its demographics are nerdy programmers, if its a company like Adobe or Macromedia, it certainly has enough money to market itself to everyone, and with a software download, there is almost no cost involved if the credit card charge is denied. Of course, these 2 companies that I mentioned gather more personal information than almost any other e-commerce sites that I can think of. They do it because they can, and they do it because that information is valuable-- Not just for their own junk mail, but for reselling to junk mail list companies.

Opensource tesco

Go to http://security.namodro.cz/urlcheck.asp?lang=en

Type in http://www.tesco.com/whatsinstore/default.asp and press Submit

If you know the URL of their ASP pages, you can exploit the null.htw bug in IIS to get at their sources. (I ran this tool against my own site and have since fixed the problem... they obviously haven't). My suggestion is that we opensource Tesco and fix their problems ourselves!

Re:Online grocery shopping

[narf]

Yeah, but the French are too busy taking them apart.

Well in the US...

[bluGill]

Here in the US we would just hit them up with a class action lawsuit for discriminating against all the less used browsers, and enforcing a duopoly.

If Opera was out for linux I'd try that just because they could use some cash flow gained by suing companies preventing their takeover of the world... (Not sure if the Opera company would agree, or how UK laws work)

okay, I'm really not a sue happy american, but sometimes it is fun to play one on /.

Re:Well in the US...

[radja]

try it with lynx :)

//rdj

Re:there is nothing wrong with user-agents

[rlk]

As far as anti-discrimination laws go, there are, I believe, provisions for when a particular disability is material to job performance. That kind of provision doesn't sound too relevant here.

FWIW, Evelyn Glennie (one of the top classical percussionists presently, and one of the rather few such soloists) is deaf.

what does it have to do with 'net awareness?

[marcus]

> ... requested that IE4 was the minimum browser, with *no* fall through.

Did you tell them that they would be turning away business, potential customers? Did you show them competitors' sites and demonstrate multiple browsers? If you did all of this and they still chose to deliberately exclude certain users, so be it. It is their loss. You might bring it up at the next stockholders meeting ;-)

Re:what does it have to do with 'net awareness?

[blowdart]

Ah but what can you do when the customer is always wrong?

Re:I don't see the point

[Phillip+Birmingham]

For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?

I can't speak for all, but basically, in real life, you notice when someone's staring at you, photographing you, or pawing through your wallet/purse. You may not be concealing anything, but you can keep an eye on those who are keeping an eye on you. Online it's much harder to watch the watchers.

This is one of the points of David Brin's "transparent society" idea -- that this is a lot less menacing if you know who's watching, what they're looking at, and that you can watch them, too.

Re:Tesco Privacy Statement?!?!

[cah1]

Go to another online store and see if they require the same information. Repeat until you find one that doesn't. Use it.

Then tell the others why you're not using them. If enough people do this then changes will occur.

They've already got your home address

[Jon+Evans]

They need your home address to deliver the stuff to you anyway. To register on their site you already need to have a valid Tesco storecard. When you got your storecard you gave them your home address. The User Agent thing is nothing. They already know where you live. They could look you up in the local Electoral Roll if they wanted to. My advice is don't be so paranoid.

Re:They've already got your home address

[grahamm]

You do NOT need to already have a storecard to register with Tesco direct. When it first started you may have needed one, but when I registered with them in May this year I did not have a storecard so I was issued with an 'electronic' (ie it is just a number and cannot be used in the bricks & mortar store) storecard when I registered.

Solution.

[juuri]

Cash.

(well for a bit longer anyhoo)

---
Solaris/FreeBSD/Openstep/NeXTSTEP/Linux/ultrix/OSF /...

Re:[OT] Tomorrow's Slashdot healines

[Anonymous+Coed]

That would be helpful when you want to get the facts first without spending too much time on the reading the jokes and silly comments

You are reading slashdot comments to find facts? What's wrong with you?

Re:Online grocery shopping

[grahamm]

I do not buy (or did not until the site stopped working for me) fresh goods. Not having a car, I found it useful for buying frozen, tinned, bottled goods, packets of soap powder etc - all of which are either heavy or awkward to carry.

Doesn't work with Linux Netscape

[grahamm]

The current Tesco site does not even work correctly with Linux Netscape (4.73). It worked OK until the last layout change, but since then the frames are the wrong size and the 'main' frame obscures the bottom of the one containing the selection boxes. So, if the items you wish to purchase have to be selected from the bottom 2 or 3 rows of a menu then you are SOL. I have the same problem both at home and at work. The only response I have had from Tescos has been how to set the screen resolution in Windows.

Compare and Constrast...

[EnglishTim]

You can either let Tescos know what kind of browser you are using, or you can go to a physical Tescos store and be recorded on videotape buying your stuff on their security cameras.

Sure, you may agrue that they don't need to know your browser type, but they may find that they can give the majority of users a better experience if they do, and most of them aren't worried about Tescos getting little bits of information like that.

Anyway, if you're worried, write to Tescos and ask them what information they have stored about you on their computers. As they're a UK company, they're required by law to tell you.

cheers,

Tim

one mistake

[mattc]

All JonKatz posts should have the word 'geek' in them (usually 10 to 20 times).

A pro-privacy web site against grocery cards.

[joetee]

http://www.nocards.com

Re:I don't see the point

[joetee]

Very good site about grocery "loyalty cards".
http://www.nocards.com

But there is something wrong with self-interest

[swb]

If the UK has similar laws, you may want to kindly write Tesco to remind them that said disabled users won't be able to access their site.

Wow, that would be sinking to a new level of self-interest. Would you even feel an iota of guilt in using the legitimate interests of handicapped people to further your own bogus "anonymous shopping" goal? What's next, maybe a set of handicapped tags so you can park for free, which will further your vague notion of sticking it to the parking people? You make me sick.

Re:But there is something wrong with self-interest

[swb]

Pure BS. Using "handicapped web browsing" as an issue to enable private shopping is totally cynical. That you slap yourself on the back and congratulate yourself for having helped out the handicapped in the process just makes it all the more nauseating.

I don't think he's necessarily shafting anyone; just totally misrepresentating the handicapped to further his own goals.

Re:But there is something wrong with self-interest

[molog]

Wow, that would be sinking to a new level of self-interest. Would you even feel an iota of guilt in using the legitimate interests of handicapped people to further your own bogus "anonymous shopping" goal? What's next, maybe a set of handicapped tags so you can park for free, which will further your vague notion of sticking it to the parking people? You make me sick.

It might be to further his interests but it could still benefit those with disabilities all the same. He wasn't asking for special privileges. He just didn't want to give out as much info. You make it sound like he is trying shaft everyone when that isn't how I took it. If his actions would help those with sight problems then good for him. This is not at all the same as getting handicapped tags as that is a privilege that is reserved for those who have a handicap. And to quote "Real Genius," there are plenty of decaffeinated brands on the market that taste just as good as regular.
Molog

So Linus, what are we doing tonight?

Radio Shack

[Sloppy]

Er, maybe different Radio Shack stores act differently, but when they ask me that info, I just say "I don't wanna" and they say "that's fine" and skip it and finish the sale.

Just say No. It's easy.

---

Re:Radio Shack

[Andrewkov]

Maybe Radio Shack stopped doing it .. I boycotted their stores a long time ago after being hassled for my address and phone number.

I never give out any information if I can help it ... People don't realise how valuable their info is, until they find out that it's being sold. (not implying that Radio Shack does this, but many do) ... Besides, my mailbox is full of junk mail every day ... why help to make it worse.

Re:Tesco are really good at this

[Sloppy]

I think our American friends are probably not aware of who Tesco is, and what they represent. Tesco introduced loyalty card and "point" schemes to the UK supermarket industry several years ago, and there has been a great deal of debate as to what they do with the information that they collect about people's shopping habits.

Nah, we Americans have that sort of thing at our supermarkets too. You can present your Big Brother card when you buy your groceries, or you can buy anonymous but pay more. Yep, different prices depending on whether you use the card or not.

I got some cards with fictitious names on 'em, but they can still track habits that way even if they can't tie it to a real person. I keep meaning to trade with friends but haven't gotten around to it.

---

Re:Don't use 'em

[wangi]

Jezz, if you don't know - don't write...

There are plenty of Supermarket chains in the UK:

• Tesco
• Asda
• Safeway
• Somerfield
• Sainsburys
• ...

These are located nationally, and then you've got regional ones (Waitrose, Co-op, ...).

If ypu're really interested see this list.

Re:there is nothing wrong with user-agents

[Griff]

Thus spake sbryant:
[snip stats showing IE and NN are used most]
This is what people are using. Management look at these figures and then tell me the features must work in NS4.x and IE4.x and 5.x. That covers the vast majority of users; I would imagine that they would probably consider developing/testing for other versions a waste of resources.

We all know that the most used browsers are IE4+ and NN4+. Management tell me that these are our target browsers as well. That doesn't mean I have to use all the advanced features of these browsers. It also doesn't mean that I cannot deal gracefully with other browsers.

Where possible I give alternatives to using javascript. (Due to security holes in IE, a significant minority of people have turned javascript off in IE - this completely stuffs the tesco site). I try not to use features which are not standard across every browser.

Basically, if I am not specifically instructed otherwise I try to make my applications work in anything, including lynx, IE, NN, and Mozilla (although I still can't get Mozilla to work using SSL, dammit). I admit that I do not thoroughly test in every browser, though (and not at all in the case of Opera, since I don't have access to a copy).

Re:there is nothing wrong with user-agents

[Griff]

I'm not sure if there are laws like that.

I do know that public opinion has forced people to change the way they do things in the past though. The example that springs to mind is 'Who Wants to be a Millionaire'. As I'm sure you know, the way the contestants get selected is by ringing a (premium rate) phone number and answering a multiple choice question. The thing was that the call cut off if you didn't answer soon enough for the machine on the other end, which caused problems for deaf people who used the minicom service (which uses an operator to translate the spoken word to written word via some clever machine). Some pressure was applied, (via the media) and I believe the service was changed to make it accessible to everyone.

Re:this won't protect you from such abuses...

[NoseyNick]

Remember you definitely CAN'T rely on the "From:" or even "Sender:" headers to be correct. They're trivial to fake.

See SpamCop.net - it's one of the most sensible ones I've seen, checking back "recieved:" headers until it finds the break in the chain, spotting faked headers, etc etc. It also checks websites and email addresses mentionned in the body of the spam. It checks IP addresses with ORBS and MAPS and things, it does various whois lookups and things... Once you're done, it lets you tick the boxes to decide which sysadmins to report the spam to, and whether to submit to SRC, ORBS, etc etc. It keeps track of sysadmins who have already done something about it, and refuses to re-complain after the problem's fixed, etc etc... all in all, it's quite a competent spam complaint thingy.

... and no, you don't need to pay for the full commercial version, just register for the free service and put up with a 5-second nag screen between each complaint.

Re:Security is not what I do

[Seanasy]

I'm an ideas guy

Translation:
I don't know what the f*(k I'm talking about but I say it with such confidence that business people think I'm a genius.

Re:Don't use 'em

[Stephen+Williams]

*Maybe* Marks and Sparks, but since they're mostly a department store with specality food items, I doubt you can 'grocery shop' with them.

Actually, the Marks and Spencer in my town (Reading, Berkshire) has a fairly decent grocery section. Their food is top quality; I do 70-80% of my grocery shopping there.

Don't know if you can buy food from them online, though.

-Stephen

Re:there is nothing wrong with user-agents

[mrzaph0d]

i think that lawsuit was dropped after AOL agreeded to make their stuff more accessible.

"Leave the gun, take the canoli."

Re:Go to brick and mortar

[mrzaph0d]

heheh...a friend of mine only shops at this one place to buy beer (it's just outside the dry area he lives in), and they have those cards which he uses. so the only information they get on him is that every few weeks he goes in, buys beer and maybe some chips, and that's it...

"Leave the gun, take the canoli."

Re:[OT] Tomorrow's Slashdot healines

[Bob+Uhl]

Actually, speed limits are set by the `community'; that is, by the elected representatives of the teeming masses. Said representatives then set low limits in order to make money to pay for the massive programmes the teeming masses want so badly. We're voting ourselves bread and circuses, my friends; somebody has to foot the bill.

Re:Tesco are really good at this

[blowdart]

"Tesco are the only company offering on-line grocery shopping in the UK"

Errr bollocks, Sainsburys

Re:What I recommend

[VP]

Caution: flamable, please handle with care :-)

As a top flight professional consultant who has worked with many companies attempting to leverage their business onto the net, I generally recommend that companies obtain as much information as they possibly can, but allow an "opt out" policy for customers for whom privacy is a concern.

Dear Mr. Top Flight Professional Consultant, Sir!

Could you please enlighten us what do you recommend to your customers in terms of keeping our personal data secure. Do you insist that all data is kept encrypted? Do you suggest that the encrypted data is stored on a separate machine, with audited security?

Because, if you don't do these things, you are little more than a two-bit hack, acting irresponsibly, and giving computer professionals a bad name - script-kiddie with a suit.

Thank you for your ever so valuable time.

Three rules seem to apply...

[thomasj]

There seem to be three rules that seem to spin us all down this spiral:

• The more hassle it is to protest, the less likely is it that people will do it.
• The fewer people that protests, the lesser impact will it have and therefore lesser encouraging to do it again.
• The more times people previously have settled with things, the more likely they are to do it again.

I find it harder and harder to get going on "standing up", but it is not because I have changed my mind, but because the rules above now applies to me -- sadly enough.

The weird thing to me about this

[e-gold]

Is that the user is almost-certainly using plastic at the site he's objecting to here, and I have my doubts as to whether many folks here have read through credit card user agreements. Whether or not the cat food store has it for sale, AFAIK the plastic companies still own and sell the information about you. They're too smart to sell it in a way that leads you to seeing that they sold it, but they sell it still.

Of course, there are many payment alternatives, and my usual offer to slashdot readers of a spot of the filthy yellow metal if they try mine still stands.
JMR

(Go ahead, mod me down as 'spam' -- see if I care!)

Re:User Agent

[Zurk]

the problem is URL rewriting doesnt work reliably on most servlet engines. besides, there are some cases where you cant use URL rewriting, forcing you to use cookies.

Re:[OT] Tomorrow's Slashdot healines

[Pentagram]

That's almost the same idea as abolishing speed limits and letting individual drivers choose what is a safe speed to drive at.

Re:Ask Slashdot is getting exponentially dumber

[timftbf]

M&S are making a song and dance about the fact that they do now accept credit / debit cards. (Sorry, it's one or the other that they never did before, memory fails me). Signs on the door "For your convenience... [blah]" - like every other shop hasn't done it for $DEITY-knows how long.

Even the corner-shop across the road from me will take Switch / VISA et al if you spend more than a fiver.

BTW, it's still four months til the 21st century :-P

Regards,
Tim.

Re:there is nothing wrong with user-agents

[MartinB]

Does the UK have any law similar to the American Disabilities Act?

Yes we do - the 1995 Disability Discrimination Act which came into force last October. In that, providers of public services (shops are specifically mentioned) are required to make 'reasonable adjustments' to make services accessible (ie providing services to the same manner and quality), or suffer unlimited penalties.

More info at http://www.disability.gov.uk/dda/fin alcode.rtf. This is the non-legalese Code of Practise resulting from the Act, rather than the Act itself.

Lawyers are currently interpreting this to mean that minimum compliance is Conformance Level A of the W3C Accessibility Guidelines.

Re:Don't use 'em

[WinDoze]

I LOVE when they ask for a postal code. Sometimes I respond with "90210" and insist I'm serious, but I especially enjoy responding with something like "7". The look on the cashier's face when you respond with one or two digits is damn near priceless.

Re:I tried to shop in real time with privacy

[jovlinger]

Hrm. Reminds me of red meat, possibly the funniest cartoon ever to grace my videocard.

Supermarket

Ted loves his skimask

Ok, so I have a strange sense of humor.

Re:there is nothing wrong with user-agents

[Texodore]

I've got some bad news for you. Getting NN to work well after you've got the page made for IE is pretty darn near impossible in most cases I've seen.

I work for a company where part of the product is web-based report generation. Getting NN to work took about 3 times longer than getting IE to work.

I don't know if Microsoft planned this when they made IE, but they made it friendlier for developers doing advanced stuff. Netscape blows chunks when you try any of the latest browser features.

I think because it's a little easier to develop for (imho), IE has gained acceptance because so many people are developing for IE.

cool

[The+Queen]

thanks :-)
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

tracking spam

[The+Queen]

Do you do it just for the anal edification of seeing where the spam comes from? If it's a site I don't care to hear from, I don't give a real address, a real name, or anything else. yomama@myhouse.com works just fine, and I never see spam. (I think it gets routed to myhome.com, who are themselves an online retailer. Right back at ya!)

The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

Re:tracking spam

[Amokscience]

This is probably why a.com doesn't run a server. I think I use a@a.com at least once a day in order to download, preview, login, or register for producst and sites. I know I'm not the only one =)

I like what you do with the myhouse.com thing. Seems appropriate.

Re:this won't protect you from such abuses...

[bungalow]

Why make it so complicated?

What is your Email address?

<i>Abuse@isp.com</i>

Re:Should use same standards as Brick and Mortar

[bungalow]

Moderate post #43 up.

to quote:
Or maybe we need new brower identifications that don't ID the brower, but instead define the browser's capabilities

I won't pretend to know the standards - proposal - review process, and I'm too lazy to study up on it, but this is an excellent idea, or would be, if browsers followed published standards.

Re:Necessary info

[bungalow]

They used to call this COD in the states, and it went the way of Commodore64 before Commodore64 went that way.

Seems to be a great loss potential in delivering items when people have a less than 100% availability with cash onhand.

Re:I tried to shop in real time with privacy

[mercy]

Do any Slashdot readers know of a grocery chain where I can shop in the northeast US that will let me shop with a mask on, to protect my privacy?

Try the Star Market in Porter Square, Cambridge, USA. I went in there this morning to pick up some lunch supplies and wore my ski mask. Only one customer stared and no employees did anything out of the ordinary.

YMMV.

(A more appropriate anaology would be "I went to buy cat food, but they wouldn't sell it to me unless I gave them a DNA sample first.")

Tesco Privacy Statement?!?!

[Yousef]

How much information are they requesting, and if you feel that it is intrusive, why don't ask for some justification/explanation, or just ask them to stop!?
Do they have a privacy statement?
The serivice inside their shops (The local Superstores) is pretty good, so I'm sure they'd be responsive.

I'd like to know Tescos position on this before I go ahead and discuss it.

Re:this won't protect you from such abuses...

[deblau]

Here are some suggestions for email addresses to hand out when you don't want annoying spam:

• root@127.0.0.1. This way, they spam themselves.
• abuse@favorite isp/portal. I like this one even more, since they turn themselves in.
• known_spammer@other.spammer.com. That way, they bring down each other's servers.
• rbl@mail-abuse.org. Let them put themselves on the MAPS RBL.

-- Dave

Re:Don't use 'em

[lizrd]

I usually have fun with people who ask for the postal code. Over the past several years I have been maintaining several addresses, one at school and one with my parents 1000+ miles away. I always give the wrong ZIP code to the clerk. The way I figure every slick, glossy, advertising flyer that they send to New Jersey is one that they don't send to me in Iowa.
________________
They're - They are
Their - Belonging to them

I think there is clearly something that we can do

[schnooze]

Firstly, in terms of an amendment to the Data Protection Act, the companies gathering info about you have to disclose it to you.

Armed with that, perhaps the responsibility of letting the coporate b***ards know that we are on to them and will not stand for thier dirty tricks lies with the more technologically enabled, before this ever gets down to consumer level (where things will never change).

IMHO, you shouldn't have to use wierd and wonderful configurations just to buy cat food. They should leave you alone.

Re:Huh

[schnooze]

b***ards is a polite way of removing unfreindly terms in a public forum. In this particular case, I removed the "arse", so I got one spare. Here, you can have it.

Re:there is nothing wrong with user-agents

[dvduijn]

The only problem is, that there are more browsers than "x" and "y", if in this example you use browser "z" you will probably not be able to use the site.

Re:^^ Good One ^^

[gadders]

Top post.

Dammit...

[TheShadow]

Would you people just get over the fact that if you are on the Internet you are going to lose privacy. As simple as that. If you leave your house in anyway you are going to lose your privacy... so you should probably just stay home, turn off all your phones, close all your blinds and turn on a white noise machine really loud so that no one can eavesdrop on your conversations.

Jeeze, get the fsck over it.

Re:there is nothing wrong with user-agents

[Hippie-Artist]

If browsers were coded to standards (cough*Netscape*cough) then none of this would matter.
The beauty of CSS is the idea that if a browser doesn't support it, it's okay, the web page is still functional. The problem arises when evil browsers like Netscape 4.x don't simply not-support CSS, but actively break it. In order to use CSS, and make truly cross browser sites, you have to use javascript and say, If (netscape 4.x) { use 4 year old html tech because the browser is evil }

Re:Supermarket cards

[devjoe]

They're obviously tired of people filling out the little form with names and addresses like:

Cy Pherpunk
42 Hitchhikers Lane
Ankh-Morpork, PA 31337

Re:[OT] Tomorrow's Slashdot healines

[god_of_the_machine]

power a paradigm shift to "open" community-based traffic laws?

Actually, that might be a good idea -- let the community decide what a "safe" speed of driving is in an area. Instead of having the cops set the speed, in what is often a blatant attempt to collect speeding fines.

-rt-

Re:there is nothing wrong with user-agents

[ChristTrekker]

Wouldn't least common denominator make more sense? That's what I'm advocating here.

Use HTML to do logical markup - all browsers can understand this with no hassles, and the document will make sense no matter where it's read. You don't need JavaScript or server-side client sniffers. Use CSS to apply formatting - if it's ignored in old browsers the default presentation still makes sense, and it's easier to maintain besides. I'll leave you with a quote.

The font size chosen by the user as a comfortable default (1 em) provides more truly useful information about the rendering environment than all the resolution-sniffing, window-querying, "open-this-wide" logic you can throw at the problem.

How can it be less cost-effective to take a simpler yet more widely-applicable approach?

Of course it sounds like you're a convert already, I just felt I had to respond because I'm dumbfounded that companies keep choosing to waste their money by taking the more difficult route.

And I really don't care if some old browser is borked by my valid HTML+CSS either.

Re:Don't use 'em

[ChristTrekker]

How many times have those of us in the States been asked for our SS# during purchases? I recently signed up for a new wireless phone and the sales guy needed my SS# for the application. I told him "um, nope, you don't need that, I am only buying a phone". Anyone else?

Amen to that. If I can't see that they need information, and they can't explain to me why they need the information, I don't supply the information. I'm trying to train my wife the same way, but, like most other people I know, she just gives whatever they ask for without a second thought.

We filled an app for a "buying power" card at the local grocery the other day and they wanted SS#. My wife pushed the form toward me, saying it needed my number, but I just pushed it back and said they didn't need it. No one made a stink about it.

Re:Don't use 'em

[sbryant]

There's another chain that I saw up in the Kinston-Upon-Hull area (ASDF?)...

That would be ASDA, I guess. Don't like 'em myself so much. Don't know why - maybe it's the silly music... or the silly commercials.

Anyway - weren't there any Sainsbury's near where you were?

-- Steve

Re:Go to brick and mortar

[bader]

No privacy at a store huh? all of your groceries are right there on the counter where everyone can see it! Condoms, latex rubber gloves, vaciline. You name it!

more privacy

[vapour]

More privacy, privacy, privacy.
Maybe we should request that slashdot is renamed
News For Nerds, Stuff about Privacy

It's so dull. I really don't care that Real got to learn that I have a Pentium II CPU.
Or what taste in music I have.

So some Corporation gets my IP address, hmmn, big deal, seeing as I'm probably interested
in that site in the first place.

These stories get hundreds of posts, but I don't see demonstrations on the street
demanding that Tesco stop using loyalty cards.

And why is that ?

Well if I get £30 off my next bill for shopping there and letting them know that I like
Heinz baked beans and buy 4 every week, so be it.

Well here's my thought : No one here really gives a shit. They like to pretend they do.
Just in the same way that everyone pretends that they give a shit about eating GM food, when all GM
experiments are carried out in the open anyway and everythings cross polinated.

Re:I don't see the point

[apb]

It isn't just loyalty cards that are abused. Way back in 1993, I visited a "Sports and Automotive" store in the northwest U.S. I was going on a camping trip with friend who had a .22 rifle, so I picked up some targets and a few boxes of ammunition. I paid for this, along with a lot of other items, with my recently acquired debit card. Two months later, I got a membership application from the National Rifle Association with the salutation, "Dear Gun Owner". Should I have gone after the store, the bank, or the NRA? I still like the store, but I have paid in cash there for the last 7 years.

What a world....

[soulsteal]

If you don't like the privacy concerns of some sites (Tesco for example), then don't use them. Get off your lazy ass and walk to get your catfood like most normal people or use the services available online. Bitching about it won't keep your cats from starving.

Re:What a world....

[zoonie]

Fair comment, but what about those who can't get to the store, for whatever reason? Aren't they still entitled to privacy?

Re:What a world....

[zoonie]

OK. But what if none of those options are available? The online store is the only option. Besides, isn't that waht the futurologists are touting? That we will all be buying online?? I still like to talk to the sales assisstant if s'thing goes pear shaped....

Re:What a world....

[AbbyNormal]

Meals on wheels. nough said. (or you could ask/buy off a friend/relative/neighbor).


-*-*-*-*-*-*-*-*-*-*-*-*-*-*

What the site should be allowed to know

[cecil36]

I'm an Internet business owner, and this is one issue that people take me seriously about. What I tell people is that I do not spam, and I do not sell e-mail addresses to any third parties. I will also ask permission from that person if they don't mind someone else having their e-mail address.

As for what should be collected from websites, this is what should be collected at the most

Name
Shipping Address (where to send the item)
Billing Address (in case the item is a gift to be directly sent to the recipient)
Phone (for calls regarding orders)
E-mail address (only to be used to send receipts, unless user requests updates on promotions)
Credit Card # (for processing the order)

Most sites I've seen have privacy policies posted, stating what they do and do not do with your information.

Other than this, the only other major issue behind privacy and e-commerce is personal integrity, both of the company, and of the employees who handle your information.

Re:What the site should be allowed to know

[radja]

wow.. I've never seen integrity and company on 1 line. let's face it: 99.9% of all companies have NO integrity.
I would think this of a person who's main motivation is money, and I think this of companies whose entire motivation usually IS money.

//rdj

Re:Let me tell ya a little story. . .

[codemonkey_uk]

omarius wrote:

I had a friend with a cool wool trenchcoat. I told him I liked his coat, and he said that he got it from U.S. Cavalry for $7. Wow! So I went online and bought one. Two, actually.

Wow indead. Until they ask for $42.95 shipping!

Damnit.

Thad

Re:What I recommend

[andyo]

I must emphatically disagree:

They're not going to sell it to other people - information like that is valuable to them

Businesses get quite tidy sums of money by selling information on customers to other businesses. Many plan on it as part of their income. Precisely because it is valuable, other companies want to buy it.

One of the ways Tesco is backward is that, unlike an increasing number of sites, it posts no privacy policy. (At least, I can't find one.) Sites with such privacy policies often promise not to sell your data unless you give permission. Having a privacy policy is no guarantee, though. In the U.S., one has to hope that the FTC can catch and prosecute violations of such policies, which is by no means certain.

The stores & credit card companies already know!

[BetaRelease]

If you are that paranoid, you can always just delete all your cookies at the end of the session.

But in the US, most regular grocery store goers will have a "card" that you give to the cashier while checking out. The purpose of the card is to ensure that all discounts are given to you -- without the need for paper coupons.

So just like the credit card companies, they already know what you buy, where you buy and when you buy.

We make such a big thing about privacy on the web but in the offline world, we already have given up much!

Who cares if the online store knows how many condoms I buy every day?

Re:SMSpam

[SirGeek]

I always give the number of my VoiceData/Fax machine when they ask for a phone number. ITs priceless to hear the modem pickup and less that 10 seconds later they hang up. I'm gonna change the message at some point to "you were given this number because we DON'T want calls from you. Go Away !"

Thats some high quality ASP...

[tinla]

A Price Check on "Coke" give "No Matches". A check on "Cola" spewed out this beauty:

Microsoft OLE DB Provider for ODBC Drivers error '80040e4e'
Operation was canceled.

/whatsinstore/browse.asp, line 25

So where do I enter my credit card number? :)

Re:Thats some high quality ASP...

[fatphil]

I tried the same as you three times.
One crashed on line 25.
One crashed on line 30.
One gave me a whole table of prices of choCOLAte comestibles with two entries for Coke and Pepsi hidden in the middle.
So how do I make the regexp match only whole words?

FatPhil

Re:there is nothing wrong with user-agents

[ekidder]

>>
More potential clients/customers is a good thing, right?
>>
Only so long as the revenue achieved by supporting the new clients/customers is not greater than the cost to support them. I'll wager most sites take a 'greatest common denominator' approach and don't worry about the rest, because it wouldn't be cost-worthy. One of my web pages uses CSS (*cuddle cuddle*) and I've been informed that Netscape is totally borked with it. I really don't care :)
Eric ze Kidder

Re:[OT] Tomorrow's Slashdot healines

[Fred+Ferrigno]

Pshaw. Every surface street would be 60mph, and you know it, then would go down to 5mph the first time a cute little girl was injured there. We humans are particularly inept at properly identifying our own failings and their degrees. We need experienced and knowledgable to decide these things because they are so important.

Then again, if you were just trolling, I applaud you with a job well done. Count me trolled.

--

(OT)The name of the LORD

[yerricde]

Jesus fucking christ

But because Jesus is Christ, this means "Jesus f*cking himself" == "Jesus masturbating."

<O
( \
XGNOME vs. KDE: the game!

Re:I think there is clearly something that we can

[hiryuu]

There is actually a world outside of your computer. hehehe.

As per the old Bradbury tale, if I can't see it, it doesn't exist. The universe is composed of the limits of the cubicle/office/trashed apartment.

(Of course, by that logic, reading at +1 means that most trolls don't exist - hey, I like that thinking.:P)

Nothing

[jeroenb]

If I go to the shop to buy catfood, they don't get any information from me: i just give them some money and that's it.

So that's all they should need: information vital to be able to make the payment and nothing else.

Re:Nothing

[funkman]

Unfortunately, when you shop on-line, you are not paying cash. You are paying with either credit cards, or paying upon delivery. A mess up on either account is costly for all. That is why privacy is being invaded so much, so the seller can be more certain they are selling to the correct person AND and that the correct person is paying. Losing privacy is a horrible thing but this gethering of information has actually helped in fraud protection.

For example, American Express knows your buying habits. On a periodic basis they will view your transactions and look for transactions out of the ordinary. If a red flag appears, they will notify you and ask if all is OK. This happened to a friend of mine when the number (but not card) was stolen for a shopping spree. He was notified before the bill even arrived and all was taken care of.

Some mobile carriers also track your calling paterns (in the days of analog) and look patterns out of the ordinary and notify you immediately if they suspect someone has stolen your ID for analog cell phone. (Which is very easy to do).

In both of these cases, privacy is gone, but the benefits save a lot of time, money and pain for all parties.

What is needed are privacy policies and that is what we are seeing more of. We need to see privacy policies in place so those buying and calling patterns are tracked for our protection and not exploitation.

Re:Nothing

[Snard]

If I go to the shop to buy catfood, they don't get any information from me: i just give them some money and that's it.

Ah, but you're wrong; they have gotten some very important information about you. They now know that you own a cat. (or perhaps you take care of one, or know someone that does, or ...)

But seriously, I've always tried to save money when I can, so when the grocery stores started issuing "preferred customer cards" and I didn't have to clip coupons anymore, I was quite happy for the convenience... until I realized that by using my card, I was giving the store the ability to keep track of all of items I buy (assuming they are so inclined, have the storage space, etc.) But I've decided that I don't care if my store knows I like Diet Coke better than Diet Pepsi, or whatever.

Re:Referrer-required web sites

[DrXym]

They don't have to be linked together. Depending on the browser, the refferer contains the *last* site the visitor went to, irrespective of whether there's a link to the current site.

Re:Referrer-required web sites

[DrXym]

Yes, there are legitimate reasons to use referrers, but not in the majority of cases. Mostly it's sites more interested in knowing where you're coming from to place advertising and so on.

If someone is worried about lamers stealing their content, then there are several ways to combat it:

1. Strongly brand your site. Put big notices up telling people that your service is free and they're being ripped off if they're paying for it.
2. Use cookies. Issue a cookie from the home page. If people don't have the cookie redirect them through an "about our site" page before letting them go to the link.
3. Embed session ids into the URL. Lamers can't link to a URL if it changes all the time.
4. If the lamer is loading your content into a subframe, use Javascript to force your content to the whole window.

If you really want to see how referrers are an invasion of privacy, try putting a sophisticated web counter into your homepage and read the statistics that it gathers about your friends when they visit. Next time you're out on the town you'll be able to ask which of them was visiting www.xxxgaybondage.com before they went to your site.

Online grocery shopping

[DrXym]

Why the fuck would anyone do online grocery shopping? I don't know about others, but when I go looking for meat, vegetables, fruit or anything else, I carefully inspect the selection and choose the freshest items there. I fastidiously avoid nearly out-of-date produce, bruised/unripe fruit/vegetables, dented tins, fatty meat, squashed packets and so on.

Does anyone think that the poor sod having to walk around Tesco or one of the warehouses to fulfill your online order will do that to? Of course not, they'll grab whatever's at the front of the shelf whether it's had manky or not.

So consider yourself lucky that their silly website doesn't work through junkbuster.

They should be able to get whatever you give them

[gabe7319]

if you don't want to give them info then don't buy from them!! There are ways to buy catfood with total privacy, it just may cost a little more...the choice is yours, don't try to take away my choices, I like the fact that I can get cat food a little cheaper by trading some of my information. Don' tbe a statist, totalitarian busybody who tries to tell everybody else what to do! Gabe Harris

Comcast@home sending info automatically

[russ-smith]

Read about trying to "opt-out" of having your personal info released by comcast@home to their marketing partners
privacy.net/diary

Re:User Agent

[chrischow]

we use tesco, its pretty browser specific, it works in netscape 4.7 but IE5 is a bit flakey and iCab doesn't work at all, which is unfortunate given how unstable 'Scape is...

Re:Go to brick and mortar

[chrischow]

being able to buy your milk and rice online is a great help, especially to ppl who don't own cars. its worth having to let the vendor know what browser you are running. sometimes this security paranoia can just get in the way

Re:Simple... just don't go there

[chrischow]

strange, when we have trouble with the site they usually reply to e-mails quite quickly. they even called us up once a few minutes after the e-mail was sent asking for more details

Re:A small step forward for Tesco

[chrischow]

they'll be supporting Lynx from september

Re:I think there is clearly something that we can

[luckykaa]

Many people seem to believe that shopping online is a RIGHT by law. Its not...its a convience.

Well, thats true. I still don't feel that it should be totally biased to how the big corporations want it to be though. If there's something the customers don't like I think its perfectly reasonable to ask that they change it.

Also, its inconvenient if there's a choice of having to drive the 100 yards to the supermarket, and pay with cash or shopping online but telling them all they want to know about you. I think what people would like is an inbetween option of maximum possible privacy and convenience. Not too much to ask after all.

The merchant really does need info about you

[pjrc]

It's easy to worry about what will become of your private data, shopping on the net, and judging from this massive discussion, I'd guess there are very few merchants here who can speak for the other side of the transaction.

Robin and I recently started running a small on-line store at our website. The website (URL should be above in my user info) is mostly a bunch of technical resources for developing electronic projects with low-end microtrollers. We sell electronic components to people who want to build some of the things shown on the website, but they need the parts. ...it's darn difficult to stay on-topic and avoid going on about our stuff... We're a very small operation, neither of us are going to quite our day jobs anytime soon, but it's turned out to be fun. Maybe someday we'll recoup all the initial expenses, but for a long time it seems we'll be as unprofitable as all the other dot coms!

The main point this message is that a merchant, even a very small one like us, must collect your basic info. You're taking a very small "risk" by sending this, but consider the risk the merchant is taking. If you pay with a credit card (as nearly everybody does), the merchant gets the money before the order is shipped, minus a fee from the bank.... but there is still considerable risk for the merchant. If the customer is unhappy with the product, or the shipping company fails to deliver, or if the visa card was stolen, the card holder can call their bank and file a dispute. In fact, it seems a consumer can initiate a dispute for nearly any reason, and if they're dishonest and smart, they could make up a good reason. If the merchant didn't swipe the physical card and obtain a signature, they will almost certainly end up losing the dispute, even if the consumer keeps the goods! Even if the good are returned, the merchant will still end up losing money, as the bank will usually make the merchant pay for all the shipping, and a heaft chargeback processing fee. Most consumers are honest, but there are still many circumstances outside of the merchant's control where the consumer (rightly I believe) will be refunded by the bank and the merchant will end up losing their product, and have to pay for the shipping and substantial fees from the bank for their trouble.

Robin set up a visa merchant account with our bank, and most of the ordered we've shipped were paid on a credit card. We must collect quite a bit of basic information to be able to process the visa payment and to ship the package. We ask for your phone number, mainly because UPS wants it, mostly for international delivery I think, so that can call you if there's a problem with customs. Also, if you use Western Union to send money instead of a credit card, they are a lot easier to deal with having the phone number.

We must collect the basic info to be able to receive payment and ship a box, and what the bank and UPS do with the info is completely out of our hands. Even if they promised us it would remain confidential, we would have no way to know if they changed their policy or just lied.

Even if you trust Robin and I, maybe because we distribute code and electronic designs as open-source, or perhaps because of the look-and-feel of the website, the truth of the matter is that it isn't possible for even the best internet merchant to receive your payment and send you a package without collecting quite a bit of info, and giving that info to at least the bank and shipping company.

Now we don't require a user agent string. Our website uses only standard html, and it's got a more or less minimal graphic look, partly because we don't have a lot of bandwidth to waste on unnecessary images, and I want the pages to load as fast as possible for people with a slow modem. I can see how a designer would add lots of graphics if they were hosted from a T3 line, and didn't have a modem to test their pages... and then lots of fancy features leads to browser specific hacks. I don't think it's an invasion of privacy, so much as short sighted design.

Anyways, the main point in this long-winded post is that when a consumer buys a product on-line, using a credit card, there is a substantial system in place that is designed to protect the consumer. That protection is (IMHO) a really Good Thing, but for an honest merchant, it translates into a risk. That risk is just a "fact of life" or a "cost of doing business".

The point is that while the consumer is taking a risk that their private information will be disclosed to others, which may cost them some additional annoyance from ads, the merchant is taking a very real risk, where the result will be losing money, a pissed-off customer, and perhaps damage to their reputation. There isn't a lot that internet merchants can do to prevent fraud, and the limited protections, like address verification, require the customer's personal/private info.

Re:[OT] Tomorrow's Slashdot healines

[darkwhite]

Yeah, and there should also be an option to just view the funny comments when you DON'T want the facts and the intelligent chit-chat - you just want to lighten up.

Karma Police, arrest this man, he talks in maths

Privacy & ecommerce

[zoonie]

We had this problem at my last company. Proxy set up so to not let out any info, inc headers. User complains that http://msn.co.uk doesn't work. Tried it and it was true. However http://msn.com *did* work. Sorted headers, hey presto.... Guess that the browser you're using doesn't really matter that much, but from little acorns do mighty oaks grow....

Re:Don't use 'em

[Andrewkov]

I was in Walmart a few weeks ago, and the check-out clerk asked for my postal code ... I asked her why, and she didn't have an answer. Presumably, they will be sending glossy paper-based snail-mail spam to those areas, so I refused to give it. The clerk was surprised, and the people behind me in-line thought I was nuts. Actually, the clerk even argued with me: "It's *only* your postal code!" ... Well, I live in an apartment building, and my postal code consists of only that building.

Anyway, Radio Shack is the worst .. they want your address, phone number, DOB, mothers maiden name, et al, just to buy batteries. I don't shop there any more.

Re:Speaking of which

[AlphaInsight]

Not only is it your telephone number, they want your name and address too. I know, I used to work there. If we didn't get over 75% N&A (I think that's the right number, it's been a while.) we could get terminated. Now granted the good side to it is the fact that if you needed to return something, or have warranty work done, it's all in the computer listed under your name, and if you're not in the system as having bought x-item, and you don't have a hardcopy receipt you're SOL. But definitely, if you're in the system, and you're in the top 3% of purchasers, you'll get junkmail.

User Agent

[Lozzer]

Do you really care so much if they know which browser you are using? Or are there other bits of information that they are requiring...

Re:User Agent

[Lozzer]

If you in JSP and Servlet land there is support for URL rewriting if cookies are turned off. Its still a fairly sizable chunk of work as every URL has to be pushed through the correct method, though there's definite scope for scripting this as there's a fairly limited number of places that hrefs appear.

Re:User Agent

[ChiaBen]

I am in the midst of building an "e-commerce" site. What I've discovered is that I can leave the majority of the users anonymity intact, and still be able to process their order. One thing I can't(within reason) live without is using cookies.

As we all know there are good and bad uses for cookies, and we realize they are hard to get around with an e-commerce site.

That said, I agree that a site should work, regardless.
As for giving out user info(be it selling, or just for garbage mail), I am against it, but then I was reading an article(Aug, 7th 2000 CRN) where a Gov't agancy was looking for an ASP, and 30 of 30 tested (despite their security policy to the contrary) gave out info in one form or another!!

I'm not sure I would trust anyone without having a prior business relationship with them...

Re:User Agent

[streetlawyer]

Look up into the stars, gaze upon our infinite glittering universe and reflect that, it is just possible, that somebody cares.

Re:User Agent

[blowdart]

*sigh* I worked on the second incarnation of the Tesco web site. They gave me 1 month to do the interface and the ASP behind it, and requested that IE4 was the minimum browser, with *no* fall through. They're not the most internet aware of companies, despite me trying to educate them. Looks like it hasn;t improved in the last couple of years

Re:User Agent

[DrXym]

Some websites use the user agent to deliver "enhanced" (i.e. browser proprietary) content. For example, if a site knows you use IE it might draw the shopping basket as a fixed element instead of a frame etc. It sounds like Tesco is doing this too, though at the very least it should drop down to HTML 3.2 if it can't figure out what you're using.

The most annoying thing a website can do is refuse to work in such circumstances. The same goes for those shitty websites that refuse to work without a referrer URL.

Re:/. readers don't like to pay anyway

[Lozzer]

<rant> Thats right, we work so we can be theives who squat (thats living in an otherwise unoccupied home in the UK). We just keep our money under a stolen mattress as we have no use for it. I personally have salvaged all my computer equipment from skips. And if my data is being removed by standard statistical techniques then its a win-win situation, though how you can tell the address I have entered is not where I live or the name I have entered is not my real name is beyond me... </rant>

Re:/. readers don't like to pay anyway

[Lozzer]

Ah, very clever, you're trying to get me to reveal my income band as well as the type of mattress I use so you can offer me some interesting cross sales opportunities for potted plants.

And I nearly fell for it too.

Re:What I recommend

[Lozzer]

Of course most Slashdot readers probably don't opt out, they just fill in absolute rubbish to try and skew your statistics. Or is that just me?

On a slightly related note I got junk mail from my own credit card people the other day, offering a much better rate if I switch to their card, Unfortunately I'm to lazy to try and chase it up to see if I can switch from their card to their card...

Re:[OT] Tomorrow's Slashdot healines

[SenshiNeko]

> Miniskirt-clad girls save universe
> Posted by CmdrTaco on Friday August 18, @08:25AM
> from the roketto-ga-sugoi dept.

Arrrrrgh! Now I'm going to have the Chu Chu Rocket commercial jingle going through my head for the rest of the day. I swear, that is the most insidiously addicting little song... 'chu chu roketto ga sugoi... neko no kowai... TSUBABABA!' ^_^

Tesco are really good at this

[DrWiggy]

I think our American friends are probably not aware of who Tesco is, and what they represent. Tesco introduced loyalty card and "point" schemes to the UK supermarket industry several years ago, and there has been a great deal of debate as to what they do with the information that they collect about people's shopping habits. There have even been guides as to how to disrupt this shopping behaviour in the past along the lines of swapping cards with the next person in the queue, applying for multiple cards, etc. in order to get the discounts offered but to also disrupt the data mining conducted on the data.

You may also not be aware that Tesco are the only company offering on-line grocery shopping in the UK. There is another company (Iceland) that offer on-line frozen food shopping, but if you want anything else, you have to use Tesco. Myself, I work 12 hour days and live in a city center where the local supermarket is small and doesn't stock all the things I need. Therefore, I have no choice but to use Tesco on-line. If it wasn't there, my diet would consist 90% of take away food and I would be dead by the time I'm 40.

The issue of privacy in this context is a big one. I can't swap my card with the next person in the queue, and it is even easier for them to track my shopping habits on-line than off-line ("Aahhh, he went to the frozen food section first, then to the fresh fruit section, and then...."), and to be honest, I don't really like it. I'm not saying that Tesco don't have the right to make a profit, and perhaps understand overall trends of shopping, but the fact that they are able to produce a highly detailed dossier on me, my diet, how I shop, how many pets I'm likely to own (pet food), whether I'm vegetarian (Quorn rather than beef), whether I have a female partner living with me (sanitary products), am sexually active (condoms), etc. and that it is all directly targetted towards me and may be held for many years, is a little disconcerting.

Like I said, if I want a reasonable diet in the UK living in the center of Manchester, I have no real choice. It also annoys me that I have to move to the Windows machine to use the service, but I can live with that. I agree with the poster - why is it I can do my banking on-line without hassle but not my shopping?

Re:Tesco are really good at this

[aliastnb]

Well, if you live in the centre of Manchester, then you've got more options than you make out. There's a Tesco Metro store in the city centre, which is great for me- I get breakfast there on my way to work every day. Admittledly there's not all that much else in the centre itself, but what's stopping you boarding a Magic bus and, for a grand total of 90p getting to Sainsbury's in Fallowfield and back, or going to Salford, where there's an ample array of supermarkets. You could even go somewhere like Rusholme and buy lots of things in different smaller shops.

It sems to me that you're just being lazy- there's ample places to buy food from in Manchester. You just have to be les lazy about it.

--

Re:Grocery stores are the worst

[gauron23]

You can simply give them false names or start swapping cards with your friends. See this article.

Re:Don't use 'em

[iainf]

Yes, Tesco are curfently number one, but that doesn't mean they ahve the field to themselves. There is a good deal of competition: Tesco are top, but are chased very close by Sainsbury and Asda.

And now that Asda is owned Walmart, I expect the competion will get even hotter. There are in no position to be complacent, or abuse a dominant position.

Re:Tell'm whatever you want

[peccary]

HEY! Damnit! that's MY number!

postal code to use:

[AndyChrist]

What zip codes do they use in Redmond?

Not a privacy issue

[fm6]

This doesn't sound like an issue with privacy per se. I examined Tesco's cookies, and there's a lot of bureaucratic stuff there -- user id, branch #, and, yes, the user agent string. If they feel the need to cache browser info, they must use it a lot to customize "the web experience". Combine that with frames and ASP, and you have a lot of complicated web logic that will likley choke if it encounters something it doesn't expect. "Let's see, he says he's using the Black Flag browser, but he's got frames enabled, he supports Javascript but doesn't have it enabled, index(len("")-1)=TILT "

Re:Go to brick and mortar

[andr0meda]

Hi there Jawsy boy :)

I don't mean to annoy you but even though they don't exactly care about him as a person, Datamining is exactly the art of classifying people as detailed as possible, while still maintaining a high level of efficiency in information retrieval afterwards.

Basicly, if he's odd, they'll put him in his own new category (wheeee!). If he's not, then he'll allready be categorized. The point is, even if they don't know the guy personally, they still know exactly what he likes or dislikes, in what sort of suburbs he lives, how much miles he drives to work and back, how many condoms he buys every friday, how long he has been married..

So you're "average consumer" is actually a pretty detailed picture.

Not to say you're wrong ofcourse, as you're often not wrong about many things... some condoms are more sensitive than others I guess ;)

bankers and brokers, and a butcher-browser?

[table+and+chair]

With this configuration I can visit my bank, transfer money and make payments, I can visit my two stockbrokers and make deals of up to 100,000 USD but I can't go to Tesco and buy cat food.

Of course, Bart's bank and his two stockbrokers already have a bountious and terrifying amount of information about Bart, far beyond the type of browser he uses. While I can appreciate a certain reservation about allowing "personal" information to be extracted unwillingly, this particular contrast isn't very useful.

Perhaps, "I can buy things without user agents at Grocery Store X but not at Tesco," would make more sense, since neither Grocery Store X nor Tesco knows anything at all about Bart to begin with, while his financial history and records are an integral part of his online banking and brokering experiences, even if those records aren't being pulled from his client machine.

Re:[OT] Tomorrow's Slashdot healines

[Spudley]

Are some companies attempting to turn a profit online, and if so, what can we do to prevent it?

Of course not. Everyone knows that's impossible. ;-)

Re:You Are Barking Up The Wrong Tree...

[plumby]

It's not really 'poor' web site design. Between them IE and Netscape make up 90-95% of the hits on the average web site (based on stats that I have seen on several commercial web site logs, and on industry research stats). Opera makes up most of the rest. All of these support Javascript (admittedly not consistantly, but nor do they support html consistantly).

When designing a site, people will tend to spend most of their time making the site look nice on the majority of browsers. There is little cost-justification to spending time redesigning your site to work with the small amount of browsers that it won't work with. There are plenty of badly designed sites out there, but just because the site doesn't work on (insert chosen minority browser name here) doesn't make it 'bad'. I'm reasonably sure that there isn't a site of any great complexity out there that doesn't break at least one browser.

Re:Supermarket cards

[enrico_suave]

usually an ID is required to use the "check cashing" & "Check writing feature at most supermarkets that they tie in to their "Discount card" ... I.e. you can only write a check for your purchases if you join the discount club, you can only join the discount club if you have proven your identity and forked over some personal stats... Besides the data mining, they can have decent enough log of info to go after check bouncers... I'm not saying it's right or wrong or whatnot..just the rational for needing an ID when signing up for one of those cards... *shrug* E.

Re:Ask Slashdot is getting exponentially dumber

[fatphil]

Not quite. Explicitly tell them that you won't be shopping at Tescos. Let them know that they might be losing a customer (with enough disposable income to be mucking around on the internet).

How much good will this do?

About as much good as me walking out of John Lewis' a few months ago when I found out that even in the 21st century they still don't take credit cards.

FatPhil

Re:www.NEATO.com wont even let you browse anon

[sonnerbob]

It looks like the failure is just a function of javascript filtering. If you use a proxy that allows javascript, the page renders fine. The C.O.T.S.E. proxy has a switch for enabling/disabling javascript. Try it on www.neato.com and see what I mean. We maintain a pretty extensive list of anonymous surfing services at WebVeil. Check it out.

Re:there is nothing wrong with user-agents

[jabuzz]

There will be soon, some time in October, it's either part of the Human Rights act or a Disability Discrimination act comming in to force.

Re:Supermarket cards

[logiceight]

No they will want something like an anal prode. A DNA sample is just not violating enough.

Accessability is cheaper on the web

[driptray]

There is a cost involved in making buildings and businesses handicapped accessible.

And on the web that situation is reversed - it is more costly to exclude the handicapped, and cheaper to accomodate them.

Its cheap and easy to make a site accessible to any browser, even a speaking browser. This is what HTML was designed for - its a feature! Yet most shopping sites spend a lot of time and money incorporating browser detection and a bunch of other tactics in order to fight the general accessability that HTML has built-in. Its just ignorance, and a mind-set that demands that the look of the site be under the control of the designer rather than the user.

Browser diversity is increasing

[driptray]

Microsoft and Netscape browsers make up 97.4% of the hits (nearly 6.5 million so far this month). The stats tell me the browser versions too.

If the site is unfriendly to users of other browsers they won't return to it. Your statistics may be telling you that your site is driving away users of other browsers, not that those users don't exist.

AND, browser diversity is increasing, despite reports of IE's domination. Here in Japan it is very common for people to use their cellphones to access the web. My site works great in cellphones, and in the big bloated desktop browsers. Its easier to achieve this than it is to write browser detection scripts and incorporating a bunch of features that force users into using a particular user agent.

If you don't want to be left behind by the increasing diversity of user-agents then you'd better stop worrying about IE and NN, and start thinking about standards and universal accessability.

Slightly OT: benefits of collecting information

[GlassUser]

I too have to agree with this. Although, in the US, you're limited to US$50 liability if your card is stolen (an incentive in itself, to the companies, to profile your spending habits), it's still helpful to have people watching out for you. As scary as it might be, here's what happened to me:

I was at work one day, and left my wallet in my desk (I was cleaning swimming pools, didn't want it wet). Apparently, one of my coworkers filched the wallet out of my desk and went to the local walmart on a spending spree. Because my account was actively monitored, and since I NEVER bought anything by CC at walmart (and rarely in person, I prefer debit), they immediately noticed, tracked me down, and called me at work to ask if everything was okay. This was in the space of a few hours before I had noticed my wallet missing at all. Talk about custoner service.

Sure you're going to say that I really didn't benefit from allowing them to profile me. My liability was limited to US$50, and I actually didn't lose anything out of the deal. But that's only the short picture. Consider the disgustingly low interest rate I was offered for signing up for their online banking program, freebies I got, etc. They were also responsible about not referring me to "business partners" etc. At any rate, this is EXACTLY why collecting information can directly benefit you as a consumer. It also gets MBNA a plug.

Understandable, though, about the cat food, it appears to be an issue of poor implementation of standards (or lack thereof) than anything else.

Re:Go to brick and mortar

[ichimunki]

I'm plenty paranoid, and I've come to the conclusion that I prefer stores that don't require loyalty programs to obtain discounts or rewards. I feel this is an underhanded way to obtain information about me and my buying habits.

On the other hand, a store can easily use the account numbers from your checks, debit, and credit cards as tracking symbols for you and your household, if they are interested in aggregating your purchase data. These same vehicles allow them to gather other information about you, like name and address. It is then trivial to link these various account symbols into a fairly complete picture of you and your household. But you can always pay cash for, um, sensitive purchases like alcohol, condoms, or excessive amounts of corn chips, if you are worried about either tracking method.

Convenience and privacy do not go well together. What I really don't understand is why the original poster cares at all whether they can attach the correct browser version to him/her, since they are going to have so much other information about him/her anyway.

Re:Go to brick and mortar

[ichimunki]

I'm sorry. I forgot to mention that I try to limit my paranoia to things worth worrying about, like flagrant Constitutional violations by the police, or home security, or public safety. The idea that some database geek would have the time or inclination to try and use purchase data for anything other than increasing the profitability of their store is odd to me. I mean, look at the line! That's way too many customers for any back office person to care much about any one of them distinctly. Most of the gathered information is likely to have identifiers like name and address mostly for the purpose of correctly aggregating and assigning third party data to it.

Re:/. readers don't like to pay anyway

[Jon+Erikson]

We just keep our money under a stolen mattress as we have no use for it.

Since wages are so low in the UK and taxes so high, I very much doubt that anyone has enough money to hide under matresses, stolen or not. Luckily I'm earning good money being here, but I suppose that's because I'm on contract work for an American company...

---
Jon E. Erikson

Re:Go to brick and mortar

[jawtheshark]

Well I surely hope you don't use a fidelity card at your local Brick&Mortar store. They track your buying habits that way too you know.

Besides you are going to find me a lamer, but *I* do click on the banners of the sites that I like. The day that advertisers get the clue that internet advertising isn't that effective, we will lose a lot of great sites because of lack of funding. I could be wrong of course.

Re:Go to brick and mortar

[jawtheshark]

:-) If you're so paranoid, why do you have a homepage? Okay, I admit you're very consequent: you don't divulge much about yourself. (No real name, password protection on the interesting stuff....good job)

I can understand your concern with companies that track you by your purchases with plastic money. But then I wonder: what value does it have to them to know what you do personally. To the companies you are just Joe Sixpack, a stupid drone, a number. I may be too trusting, but all the records are just ditched in one big database and conclusions are drawn about the average consumer. It's the average consumer that is important to them, not *you* as a person. I may be wrong of course: I'm often wrong.

As for alcohol and condoms? Why are those sensitive?!? Hey, hello everyone...yesterday I bought a bottle of Rum! See, nobody even stirs ;-) As for condoms,...errr...it's a good thing to protect oneself no? The corn-chips part is really not clear to me, I don't know corn-chips, sorry.

About the original poster: I think he was just pissed because his browser/particular setup was not supported. I can understand his anger, but it really has not much to do with privacy. Besides, what difference does it make to the online-shop if you're running Lynx, Opera, Neoplanet, Mozilla M17, Netscape or Explorer...it's just a matter of rendering.

Re:Go to brick and mortar

[jawtheshark]

Don't misunderstand me, I don't care either and I do use those cards too. I'm probably not paranoid enough ^_^
It's just that most people tend to forget the *use* of the fidelity cards and would bitch about giving away personal info online, but would be happily using their discount cards.
As a real nerd I pay nearly everything with creditcard and shun the use of that impractical thing called "cash". Especially coins...so heavy and clumsy: it's only good for paying parking because there is no plastic alternative there.

Re:Go to brick and mortar

[jawtheshark]

Yow, andr0-man

Datamining is exactly the art of classifying people as detailed as possible, while still maintaining a high level of efficiency in information retrieval afterwards.

Yes, I know...but then consider: if they used the data correctly I won't get those annoying commercials about tampons anymore...but only about beer and computers. If datamining is done correctly (and morally, now that gets tricky) it could be a good thing for consumers and producers.

About the condoms: you damn very well I didn't use any in my whole life so... I just don't care ;-)

Tell them they're losing customers

[Autonomous+Crowhard]

I use Opera. Like you, I have run into many sites that demand that I sell my soul to Micros~1. I refuse to do this to the point of giving up on things that I really, really want rather commit this sin.

I've found that the best way to deal with this is to send a letter like the following to their webmaster:

Hi,

I've tried to do business through your web site, but was stopped because the site demands that I use [whatever they're whored to]. Surveys have shown that over 90%[From Wired, I think. Finding the direct reference is an execise that is left to the reader] of people who are asked to upgrade/change their browsers cancel their transactions.

I wonder if your advertisers or management know how much business you are turning away.

Believe it or not I've gotten some fairly large companies (Fox Sports, SpaceRef) to change their ways slightly.

Necessary info

[theluckman]

What information do you think is fair for Web sites to posess on an individual

I think that it is logical to say that they shouldn't be able to force you to give up any information that they couldn't get from you if you were at the store in person. So, credit card number, name, expiration date is all they really need. But that opens another can of worms. What information (besides the obvious billing address for confirmation) should they ask for to be sure that you are really you (and someone else isn't using your credit card)?

luckman

Re:Necessary info

[Shotgun]

online stores only NEED 1 piece of information you order: a shipping address.

That is true, unless they're worried about actually staying in business. If the store don't profile you, the one down the street will. This store will be able to make better decisions according to what its customers want and will thereby have higher sales. Commodity store have very slim margins and must therefore rely on volume to turn a profit. A few percentage more volume means a lot. A few percentage less shelf time for product means a lot. A few percentage more sales per customer means a lot.

The reason groceries stores are doing more profiling that others is because of the need to move merchandise in higher volumes in order to maintain a profit. The store want to know you so that the can get stock for what you want, and NOTHING else.

I understand how you all feel though. I had a butler once, and dammit if he didn't insist that I tell him how I liked my eggs cooked in the morning. I fired the bastard. I just value my privacy TOO much to just give that information up to anyone.

Re:Necessary info

[radja]

online stores only NEED 1 piece of information you order: a shipping address. with just a valid address the entire transaction can take place: pay the mailman or courier or whatever they use in cash at the door. In dutch this is called 'onder rembours' but I have no idea what it is in english.

//rdj
P.S.
For all you smartasses out there (and there are some on /.): yes, rembours is actually french.

Re:Necessary info

[radja]

>The reason groceries stores are doing more profiling that others is because of the need to move merchandise in higher volumes in order to maintain a profit. The store want to know you so that the can get stock for what you want, and NOTHING else.

they don't need my name for that either.. they can easily see: Oh we're selling lots of banana flavoured condoms! maybe people like strawberry and chocolate too..

I still dont see why they would need any data other than the data used for sending the stuff. and from me they wont get any as long as I can still walk to the store myself.

//rdj

Re:[OT] Tomorrow's Slashdot healines

[Quietust]

Autospy of a Furby
Posted by michael on Friday August 18, @3:43PM
from the deja-vu dept.

Vladinator writes "Ever wonder what it's like to take apart a Furby? I don't, because I saw this on Slashdot two years ago, but I needed some karma so I submitted it anyway. Fawking trolls!" Those of who you started reading Slashdot this week may not have seen this page yet, so I'm re-running this classic for you three newbies.

( Read More... | 1 FIRST POST! )

Only 1 first post? I'd have expected atleast 15. :)

-- Sig (120 chars) --
Your friendly neighborhood mIRC scripter.

Re:Don't use 'em

[91degrees]

No, give a UK postal code. 2 letters + a number a space then a number + 2 letters. Could screw up their database. Put on a fake English accent as well. And give an international number for telephone calls. There's got to be somewhere in Russia that would cost them a lot of money to call, just to get someone who doesn't speak english.

Re:Don't use 'em

[91degrees]

Just make sure that if they try to use your telephone number for nefarious purposes they get into trouble. I tend to give 11 267 37. (If I'm right, 112 is the international emergency service number). Could always look over their shoulder to see if there's a shop telephone number of course.

Could always give your address as 10 Downing Street, London, England or whtaever the White House address is.

Re:Ask Slashdot is getting exponentially dumber

[91degrees]

John Lewis is like that. On the plus side, they did sell a friend of mine a TV with a free DVD player offer, and still agreed to price match another shop who were selling just the TV at a lower price.

Re:Go to brick and mortar

[Ketzer]

Actually, that store isn't any worse than the others, except their publicity.

All the stores I know of that have "loyalty cards" give a discount for using them.

The difference between discounting loyalty cards and charging a fee for people without loyalty cards is only one of phrasing.

If that store jacked up all their prices by 10% and gave you a discount for the loyalty card, you probably wouldn't have cared. But since they called it a fee, instead of a discount that you were turning down, you got pissed.

It's all about how you market it.

Re:Go to brick and mortar

[Ketzer]

There were two prices posted for every item on the shelf. There was the regular price, and the loyalty card price. But once you go to the checkout stand, they add on an additional 10% if you refuse to fill out a 4 page application for a loyalty card.

Well ignoring for a moment the absurdity of a four page card app, this is still stupid, probably to the extent that you could sue for false advertising. If they list a price for people with the card and a price for people without it, then they can't charge you more for not having it. That's like saying "Yeah, this costs $2. But there's a $10 'not giving me $5' fee." They are misrepresenting their prices for economic gain.

Re:this won't protect you from such abuses...

[KevinMS]

You can use SneakeMail exactly the same way.

Re:What I recommend

[ste4void]

Don't worry so much about giving out such inconsequential details online ? But I do worry, and so, increasingly do many people. We're giving out information about ourselves all over the place online, and I'm much less than 100% confident that someone, somewhere won't use that information for something I'd rather they didn't. Tesco don't need a lot of information about me to sell me cat food. They don't even (technically speaking) need a credit card number that links them directly to me (allowing them to check credit history etc. etc.). Sooner or later someone will come out with a secure CC system that allows me to protect myself. Putting personal details out on the web gives them up - who knows what people will use them for. And there are plenty documented cases of 'blue chip' companies having their CC database hacked. I work as a web developer and a client recently (illegally) sent me a database of 300,000 emails and personal details to use as test data for a system. This data was given under the terms of the data protection act and ended up on my hard drive. There is no technical reason we can't have full online privacy (where we decide who gets what and when). Because of that, it will happen eventually, because people (not just paranoid geeks) understandably and justifiably want it.

Re:I don't see the point

[CACondor]

It is less an issue of what the original poster gained by using junkbuster. It is more of an issue of what Tesco loses by requiring only a certain (small?) number of recognized browsers, and by preventing access to their on-line store for people who use a proxy. That's all junkbuster is, a proxy with certain filtering rules. (It is possible that Tesco's may use a cookie not from the original domain, and junkbuster blocks it.) If you don't work as a web site with a proxy, you don't work as a web site.

Re:I think there is clearly something that we can

[AbbyNormal]

Or as mentioned many times before...just don't buy from them. Many people seem to believe that shopping online is a RIGHT by law. Its not...its a convience. There are plenty of b&m stores out there that you can buy from...its nice to get out of the house once and a while. There is actually a world outside of your computer. hehehe.

You are a unique individual...just like everyone else


-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Re:Go to brick and mortar

[AbbyNormal]

I do use one of those cards because I dont *care* about what they see I buy. Its a pet store. If you charge your purchase via credit card, it will be your credit card that will be noticing. I *choose* to disregard this for the convience of using both is much greater. I don't need to carry cash and I get rake-offs on my purchases (and I don't get mugged for carrying around a buttload of cash!).


-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Re:I tried to shop in real time with privacy

[Hairy_Potter]

Not only do they not have your address when you walk in the store and get photographed (unless you're foolish enough to get a 'discount card'), the logistics of storing, sorting, and weeding out duplicates from a database of photos makes it pretty much impossible to use the photos in the same way as the information that people are actually worried about the store misusing.

So you think, but if you were to search Slashdot on facial recognition software, you would find this, and this.

The current level of facial recognition software and hardware may be too expensive and reliable to implement in a grocery store now, but would you bet against it 2 years from now?

Re:I want your babies.

[Hairy_Potter]

Hmm, well, give me a day or two to build up my sperm count, and we can talk.

Whereabouts are you?

But surely you have to give your address anyway...

[rabc]

I thought you would have to give your address anyway to get the groceries delivered to your door.

And this virtually knocks out any privacy you have... I suppose you can expect Clubcard mailings etc. after you give them your details.

Unless you can collect from the store?

Bob

You folks amaze me

[Xdfenstrate]

OOOOooohhh no, some e-commerce site wants to know too much about me. Like where to ship what I order, and enough info to filter out some fraudulent transactions. Please, give it a rest. If you want anonymity, go to a physical store and pay cash. I swear they won't care what kind of browser you use. It might be good for you to get out of your office once in a while.

Re:I don't see the point

[E_Lizardo]

"Loyalty cards", "discount cards", and the like are my current hot button where stores are concerned. Randall's, one of the larger local chains in Texas, adopted what they call "Remarkable Cards" to provide "discounts" on various items in the store. In reality, they mark selected items up by 50-100%, then if you have the card, you can get the item for about what you'd pay at any other grocery store. They're not even a little bit subtle about it. They'll have corn for $1/ear without the card, or 3 for $1 with the card. The store a block down the street will be selling the same kind of corn at 4 ears for $1 with no cards required. I stopped shopping at Randall's when they instituted the program, but now the chain I was using (Kroger's) has started doing the exact same thing. I ended up going back to Randall's simply because they're the only store in my area that carries some items, but it feels like extortion every time they ask me for my card.

Re:Don't use 'em

[Masem]

Not a Brit, but been there twice (once in the last few years) to know that there is very little, if any, competition to Tesco for groceries. *Maybe* Marks and Sparks, but since they're mostly a department store with specality food items, I doubt you can 'grocery shop' with them. There's another chain that I saw up in the Kinston-Upon-Hull area (ASDF?) but didn't see anything like that near London, which may be regional constraints.

Re:there is nothing wrong with user-agents

[mangino]

There is a cost involved in making buildings and businesses handicapped accessible. The number of handicapped people is low enough that it is not a good profit/loss incentive to make your business accessible. The laws were created because nothing was accessible. Now that the government has prodded things are changing, albeit at a cost to all consumers. Equal access and an end to discrimintation is important enough that it should not be left up to capitalistic moderation.
--
Mike Mangino
Sr. Software Engineer, SubmitOrder.com

Fair Game

[jd]

What is legitamate? IMHO, a store has the right to know who to go to, if the transaction fails, and the right to know where to send stuff if it doesn't.

This is essentially the same as when you go to the store in person.

Any more than that is information they, themselves, can't use. It's ONLY purpose, then, is to sell to someone else. And, in the UK, under the DPA, that is illegal, without your explicit consent.

Re:there is nothing wrong with user-agents

[singularity]

As others have said on this thread, the problem comes into play if you are using browser "z". I understand companies that are unwilling to design a site for anybrowser (as much as I think that is what is really needed), but to not even allow me to try is another story.

I run iCab Pre2.0 on my Mac. It has almost all of the features of a 4.x release. Several times, I have been prevented from entering a web site because my browser does not identify itself as a 4.x brwoser. Luckily, iCab offers the ability to change the User Agent field on the fly. So I change it to Netscape 4.x.

I get in and the site looks fine!

I got into an argument with LL Bean customer service a while back about this and, after a month or so of emailing, they finally gave in.

It is fine if you do not tailor your code so that any browser will work, but do not filter people off and prevent them from seeing your site.

Simple... just don't go there

[Tet]

I couldn't use the Tesco Direct site even with Netscape. I send details to their tech support, explaining the problem, and they have completely ignored it. Consequently, I don't go there any more. Annoying, but then life sometime is...

Re:there is nothing wrong with user-agents

[kevin+lyda]

cat food. £4 a can. click here to buy.

what part of the above requires dhtml/css/etc? barring resume building by "desgin artists."

in fact i can think of a discussion site that supports thousands of people and it doesn't do (much/any) browser detection.

Re:I don't see the point

[SimonK]

I think they probably can (and do) correlate info about credit cards with that from loyalty cards. British law only requires that you provide people with access to information you store about them, and correct any errors, under the data protection act. I don't believe there's any limit on what you're allowed to store, or the sources you can use.

Bear in mind that online purchases are inherently less private than off-line ones: you have to tell them your address for delivery, you have to pay by credit card, and both of these bits of info are already bundled up with your purchases in a single transaction. Its almost as bad as a loyalty card in itself. And they charge you a fiver for the privelege.

Re:I don't see the point

[SimonK]

I suspect its just bad web design on Tesco's part. They're using a whole bunch of standard shopping cart and "security" tech, which is not only intensive on cookies, but also on things like the referer field.

User Agent

[Dave+Walker]

I, too, am using Junkbuster's 'User Agent' feature to truthfully reflect the use of "Mozilla M17".

I find that infoworld refuses to serve me pages because of this.

Should use same standards as Brick and Mortar

[dschuetz]

What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?

I'd say that any on-line store should require only the same information that is required at a real physical store. That is, if I'm paying for groceries with cash, then when paying with an accredited anonymous cyber-cash-like operation, I should need to provide no information at all. If I'm paying with a credit card at a store, then all the online-store needs is my number and signature. What? They can't get my signature over the wire? Okay, then, I guess they need whatever my credit card agreement says they need -- usually, an address.

In many cases, this is going to be up to the financial companies (banks, credit card companies, etc.) to find alternative ways of validating and authenticating transactions, without divulging address, telephone numbers, etc., to online merchants. Not sure this is ever going to happen. 'course, there's stuff like PayPal, but who knows how long until *they* start doing something with their information.

Of course, we have to remember that in many cases, the business model of online companies may actually include revenue from information collected during the transaction. You see this in bricks-and-mortar stores at, say, supermarkets, with the "special discount cards" that they give people. To be very literal about it, a certain loss of some amount of privacy (some shopping/clicking habits, etc.) are the true price we pay for discounted prices, vast inventories, and free overnight shipping. Don't like the loss of anonymity? Go to your local store. Sucks, yeah, but that's the way the internet works.

In this particular instance, as someone else pointed out, it's likely the problem is that they want to auto-generate their pages to match your browser. Here the problem isn't privacy, but a closed-mindedness as to what browsers are out there. This used to be such a nasty problem when I was surfing from my NeXT that I had to pretend I was Netscape (which was a built-in feature of the browser for just this issue!). They really should have some way of providing a general, simple HTML interface that anonymous browsers can read. Or maybe we need new brower identifications that don't ID the brower, but instead define the browser's capabilities.

Re:I tried to shop in real time with privacy

[clifyt]

Why the hell is this marker funny. It is satire, but not funny. Hairy is entirely correct. You do not have absolute privacy in the real world. If you want absolute privacy, set up a fucking unibomber cabin in the woods and hunt for your food.

Then again, if yer hunting most animals, you'd probably need a Hunting License, you yer gonna be stuck with probably a mostly vegitarian and what ever died on my doorstep diet.

Remember folks, living in a civilized society means some amounts of privacy are given away for the common good. If you really care if others know what you buy at the grocery store, ya gots problems. I'm pretty much a vegetarian, and the worst thing I could think of would be the fact that I have to pick up some chicken breasts for my sis. Oh no, I'm contributing to the mass execution of chickens...I'm a collaborator and will be taken hostage when PETA takes over. Given that this is truely unlikely, ya'll just need to fucking get over it.

I swear some people are just too paranoid. Then again, if I lived in my parents basement and watched x-files everyday, I probably would be too.

clif

Re:Perhaps sir would like to read this...

[Bowdie]

TESCO ALERT! We can sell you those nipple clamps and that ball gag cheaper.... ;)

Re:Speaking of which

[Bongo]

Why the hell does Radio Shack need my phone number when I'm buying batteries?

So they can dial the mobile that you've got your batteries installed in, and send the batteries a "shutdown" command (ie. leak acid) if they report that you are using them in a phone/brand not permitted by the Battery Shrinkwrap User Licence...

I guess it's all about ethics

[Sloppy]

if ver == "x" then
do this way
else if ver =="y" then
do this way
end if

The problem with that approach is that you will have about a hundred else-ifs and you will be out of date within a week or two.

Ah... now I get it. You don't just sell web pages, you make a living from the full-time job of maintaining them, since every couple of weeks they need a few more "else if"s added. Yeah, I guess that's a lot more professional than those clueless people who write pages in the core HTML that all browsers support. Those amateurs will eventually work themselves out of a job, but you found something with long-term viability! Good thinking!

---

Ever See Early Edition?

[Royster]

Guy gets tomorrow's newspaper today and goes out and tries to prevent the bad things from happening (rather than, say, making a killing in the market).

Now that you have tomorrow's Slashdot stories today, how would you improve the world?

I think I'll go let the air out of Shawn Fanning's tires.

Never shopped with Tesco but..

[angelo]

I've noticed the failure is mostly in cookies these days. When running Junkbuster with cookies blocked, sites create errors with no diagnosable cause, and they tend to be stupid about their errors.

Amazon and many other sites use cookies to track a session, plus a bunch of variables. However, you can run this in real time with a postfixed URL containing session information. Since these are usually long, random strings, it makes for ugly browsing. You can't "Get" this data on normal links, because there is no way to tag on arbitrary "get" data. So you have a choice: Store a Cookie (fast easy, but an apparent security risk) sent everything with form buttons and "get" like a normal form, or attach a "?variable_name=gobbletyguck" to evere <a href tag out there.

While this is a design decision, there are other safeguards that can be taken if a cookie doesn't work. You could run the session ID in a postfix, or ask for themy to turn cookies on or they can buzz off.

Some sites never cease to amaze me by the number of cookies they set. Some get up to 14 per screen! Haven't the programmers heard you can use your own datatypes in these things?

When it comes to user Agents, I let my pass through. Concentric needs to know what kind of dynamic menus to run, and a lot of sites with multimedia content won't serve a client not in their browser capability file. Hotmail hit me with this once. While I respect that they want to creat a dynamic environment for modern users, the reason they cite you can't use the site is because you are running a 2.0 browser! Oops, assumptions!

If you go to fugly.net without the "www" in mozilla nightly, their site informs you that your browser is not HTTP 1.1 compliant, otherwise it would re-direct you. Strange indeed.

What is the solution to all this? Backend programmes must READ and EXPERIMENT above all else. Try situations out that you may never ever see, because some of your little tricks may not work out. Stick to W3C specs, and for the most part you are safe. Never assume anything, and stop leaning on cookies so much!

Until you can pay with cash -- NEVER

[scotpurl]

Anonymity? Never.

Not until there's some anonymous way of doing electronic payment. As anonymous as cash. So anonymous that the black market, drug trade, prostitution, and mafioso rackets use it instead of cash.

Re:Speaking of which

[rcw-work]

My conversations with the cashier at a Radio Shack usually go like this:

Cashier: And could I get your last name?

Me: No.

Cashier: Ok that'll be $foo.bar...

Also, telling them you don't have a last name is equally effective, but it does make them ponder more.

If they ask whether you're using those parts to build a bomb, answer yes. Every time. Tell them the 555's are for the delay circuit. Never give a location though.

Re:there is nothing wrong with user-agents

[Bob+Uhl]

In the US we have all sorts of laws which do exactly that. It's one of the reasons that we always have a large number of empty handicapped spots in front of stores--I believe that reasoning is that a handicapped convention may decide to descend upon the local drycleaner's any day now;-P

Obv. the handicapped need access. But if a private business does not serve them, they can just go to the next guy, who will. The first business loses money and the second makes money. What's unfair about that?

Re:Speaking of which

[gorilla]

They don't. Refuse to give it to them. They don't object.

The Market Decides What is Fair

[werdna]

It seems odd that certain places require a bit too much information from you before they will even do business. What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?

The marketplace will decide what is fair. Enlightened businesses are coming around, and unenlightened businesses are creating opportunities for competitors and new entrants.

My suggestion is simply not to do business with those who require what, in your view, is too much, and instead do business with their competitors -- even if the competitors are slightly more costly with which to deal.

Re:Data Protection Act

[Pentagram]

Under the terms of the data protection act, they have to register all the information they hold about you.

This data protection register is online. This is what a search for Tesco turned up.

Re:Go to brick and mortar

[anticypher]

It wasn't in the phrasing or the marketing. There were two prices posted for every item on the shelf. There was the regular price, and the loyalty card price. But once you go to the checkout stand, they add on an additional 10% if you refuse to fill out a 4 page application for a loyalty card.

Since I only had a few items and was in a bit of a rush, I decided it wasn't worth my time to argue with the teenager running the stand. So I told her exactly that, and walked out.

The manager explained to me they are under pressure from the regional office to get 92% of their customers onto the cards, and to employ every trick in the book to get people signed up. A percentage are audited to keep the stores from faking it. The manager was a fairly decent and sympathetic guy, and he seemed clued in about not wanting to give up privacy but assured me they hadn't started selling their lists, yet. I told him I didn't live in the US, and would seldom ever use their shop again even if I did bother to fill out the loyalty card.

So the store is having problems meeting a stupid quota, and are turning to high-pressure tactics to sign up shoppers. Certainly this is to increase the value of their database of shopper habits, so they can start selling the information.

the AC

Re:What I recommend

[anticypher]

allow an "opt out" policy for customers for whom privacy is a concern. After all, it costs them nothing

Aha! You are the bastard killing e-commerce with your shallow and deceptive advice. :-)

One of the biggest turn-offs for many new users on the internet is the perceived lack of privacy. Although most people haven't a clue about cookie abuse and web bugs, there is a general, low-level feeling that anything they do will end up in the hands of some anonymous black-hats. Black-hats in this case not being hackers, but con artists, high pressure telephone sales scammers, and credit reporting agencies. So they stay away from e-commerce.

We, the more knowledgable users of /., can spot your post as the troll it is.

There's a lot of hype and FUD around at the moment about privacy, and invasions of it, and falling for it simply limits your options and decreases the enjoyment of your net experiance

Because many of us are professionals in the internet biz, we are well aware of the privacy issue, and we can see through the FUD. There is a huge problem with privacy on the internet and in real life, and people are starting to become aware of it. Because most people have been burned by a scam at some point in their life, they will limit their options and their net experience. They will stay away from sites such as Tesco, because they have been scammed from giving away too much information before, and don't want Tesco selling the fact they own a cat and work too many hours to get to the shop.

Many people, myself included, are limiting our options because the net experience doesn't give us anything better than spending a little extra time in real life just like we have always had to do.

the AC

Not just Tesco, but online airfare sites as well

[anticypher]

An even worse invasion of privacy comes when trying to buy cheap flights online.

I've found some amazing deals online which I would love to have jumped on, but the tremendous amount of personal information was too much to give up for a little savings. I have set a price on my personal information, and saving a few hundred quid on a trip is not enough for me to give up my info. If you try to buy an online ticket, the number of "required" fields are too numerous and private just for a cheap ticket.

E-commerce sites have been abusing the information they obtain since the beginning. They commit the worst kinds of direct marketing and spamming, under the guise of "its better for the consumer". And then they wonder why E-commerce hasn't really started to take off, and why consumer confidence isn't there.

When the e-commerce sites gain a reputation for not insisting on private information, and never spamming or selling your info to direct marketers, then consumers will be more willing to use their services. Until then, business to user e-commerce will never take off.

the AC

Re:Go to brick and mortar

[anticypher]

I recently was in the states and ended up walking out of a grocery store when they couldn't seem to sell me some groceries without a loyalty card. The poor girl at the checkout stand had been told by the manager that anyone without a loyalty card had to be forced to sign up for one. When she told me there was a new 10% extra fee added to any bill without a loyalty card, I just walked out. The manager tried to stop me, to check if I was shoplifting. His argument was that all stores have to charge more to people who don't have loyalty cards, and "everyone" was doing it. I went to the next shop down the road, and wasn't even asked for a loyalty card.

Some brick and mortar stores are desperate to skim every last little bit of profit from their customers that they can. Mining personal information is just the latest twist, and there are many stores now trying to sell that information through brokers. But for the moment, there are always alternatives who would rather have your custom than try to mine your data as well.

the AC

Re:Go to brick and mortar

[anticypher]

Yeah, I could probably sue for false advertising. I'm sure there are laws in the US protecting consumers from showing one price for an item, then tacking on an additional charge later just for the hell of it. But its not worth my time to bother suing, I'll leave that up to some rabid grandmother with nothing better to do than go after big, bad shops.

This is stupid, but there doesn't seem to be any enforcement of consumer protection laws in the US. Over here, if a shop were cited for violating the law, they would risk having their business license revoked. It happens occasionally, enough to make shop managers think twice about pulling any major scams.

the AC

Anonymity

[Hard_Code]

Yeah, I know, I'm still waiting to buy a UHaul and inordinately large amounts of fertilizer anonymously...

Re:I tried to shop in real time with privacy

[radja]

Ask your friendly neighbourhood cop to come with you. Or claim you are recovering from being burnt in the face by throwing a full bottle of lighter-fuel on your barbecue.

//rdj

Re:Grocery stores are the worst

[radja]

just say you want the card, and don't give any info. in the netherlands they are then required by law to give it to you. giving false info can be more fun though. Also, any entity keeping data on you is required to inform you exactly what data they have on you, if you ask about it. Too bad privacy laws in the US suck hairy donkey's balls, so you probably don't have much choice..

//rdj

I can top that. . .

[Spasemunki]

My father's a nut. He felt that our cat (Rex) wasn't getting enough mail, and was feeling left out. So he signed my cat up for a subscription to one of the numerous fishing magazines that he used to read. We immediately started getting offers to subscribe to other mags, mostly fishing and hunting. The best was when they would send notices with messages like "Will Rex bring down a big buck this season?" for hunting magazines. We got a call offering our cat credit cards. Finally, he received a free membership in the National Rifle Association, complete with membership card and decals. They would send surveys on our views on gun control, which my mother would fill out in the cat's name and return. We put the decals on his litter box, and to this day I carry the membership card with his name. I sometimes use the story for those irritating "getting to know you" sessions at seminars for work or school- they ask you to tell something interesting about yourself, and everyone talks about their kids or enjoying golf. I tell them my father enrolled my cat in a gun club. People usually remember me.

"Sweet creeping zombie Jesus!"

Re:I can top that. . .

[mOdQuArK!]

It was a pretty common joke at our college dorm to respond to subscription requests & other such forms by filling them out with information about "Lucifer, the Lord of Darkness" and other such fairly obvious non-names.

When I went back 5 years later, Lucifer had quite a stack of mail waiting for him...

Re:Ask?

[jesser]

It is quite likely by the look and feel with Junkbuster on and Off that it relies on HTTP referrer in quite a few places. It is genuinely stupid, but some people see it as a "security measure".

How do you prevent cross-site attacks (such as someone posting to slashdot in your name, using your cookie) without checking http referrers (to make sure the last url you were at was the comments.pl page)? I guess you could include a cookie-like thing in each url, but that's ugly.

Daaaaamn!

[Greyfox]

Is THAT why the batteries in my mobile keep shutting down? I bet they actually last forever and they just keep getting shutdown commands from Radio Shack...

Re:there is nothing wrong with user-agents

[ChristTrekker]

If sites were coded to standards then less time would have to be spent second-guessing the user and more time could be spent on building the real functionality desired (and that's sort of the point of the site, isn't it?) so that they could be usable by anybody. More potential clients/customers is a good thing, right?

Why oh why is it taking the corporate world so long to realize this? Is it going to take a major law suit against a big company to make them open their eyes?

Re:there is nothing wrong with user-agents

[guran]

Yup, nothing more evil than common economic sense at work here.

I try to make everything as browser independent as can, but I certainly see why an online vendor rather adds features for the 97% using a [modern/normal/bloated/standard/evil] browser than bother about the rest. See, if those features makes the 97% buy 4% more thanks to the bells and whistles, he comes out ahead.

Also, if I had a commersial site, financed by ads, I wouldn't spend too much time making my content accessible with junkbuster...

Re:there is nothing wrong with user-agents

[Shimbo]

Most readers for sight-impared people don't broadcast themselves as NN or IE, and therefore would be unable to use this site. Which is practically the same as not providing ramps to get into a brick and mortar store.

IANAL but I think the latter would be legal unless they were employed there. There is no general law requiring people to act in a non-discriminatory way.

A small step forward for Tesco

[Shimbo]

Tesco are improving their service then. Last time I heard, they weren't even supporting Netscape.

You Are Barking Up The Wrong Tree...

[Carnage4Life]

The website you are complaining about is not refusing your user-agent for any privacy reasons but instead is doing so because of Javascript.

Lots of sites that contain javascript have different versions for MSIE and Netscape. Heck, my homepage has the similar browser sniffing code.
Unfortunately poor website developers forget that there exist more browsers than Netscape and MSIE, thus they do not create non-Javascript enabled versions of their site. A quick visit to the website confirms an excessive amount of javascript being used.

This is obviously not a privacy issue but instead one of poor website design. Anyway all your user-agent contains is your browser version and OS version, hardly devastatingly private information.
The Queue Principle

Losing business can be neccesary [sic]

[yerricde]

[We trap for] funny-sounding or celebrity names (almost always fakes), incorrect telephone numbers, hotmail/yahoo e-mail addresses, etc.

I sincerely hope you don't reject shoppers solely for those things, as I have friends whose main e-mail is through Hotmail and who have names similar (within soundex range) to those of celebrities or cartoon characters.

You just lost their business.

<O
( \
XGNOME vs. KDE: the game!

Data Protection Act

[jeremyp]

As a Company trading in the UK, Tesco is subject to the Data Protection Act. This means that they have certain obligations wrt any personal data they might collect from you.

As for the particular issue of collecting information about your browser, the DPA says they must discard data as soon as they have finished using it for its legitimate purpose i.e. once the page has been constructed.

As for the fact that the web page only works for two browsers - well that is just bad programming. If I find a page that doesn't work, I always submit a bug report. In software terms, web sites are often very poorly engineered (IMHO) and a little constructive criticism may just possibly improve things a bit.

Horay! Tesco is improving in leaps and bounds

[luckykaa]

Last time I tried using their online store it insisted I use IE. At the time, it wasn't very easy to get hold of for Solaris (My only net access), and I certainly couldn't have installed it in my 10 Meg Quota.

Supermarket cards

[www.sorehands.com]

At one of the supermarkets in the Los Angeles area, they require a photo idlicense to get one of their cards. Next thing you know, they will want a DNA sample.

I know the answer!

[uslinux.net]

But, I will require your SSN, bank account number, credit history, and your digital signature before I can answer that.

Don't use 'em

[thesparkle]

That is always my first reaction. Like you, my banking and investing works fine online. I can also shop at several other companies just fine. If Tesco or any other retailer requires too much info or will not give you sufficient answers to your questions, forget about them. And I make sure the company knows it too.

OT - How many times have those of us in the States been asked for our SS# during purchases?
I recently signed up for a new wireless phone and the sales guy needed my SS# for the application. I told him "um, nope, you don't need that, I am only buying a phone". Anyone else?

Re:Don't use 'em

[rc-flyer]

I've been asked my SS# many times. Also, Radio Shack is infamous for asking and sometimes insisting on my phone number, even though I pay in cash!
I finally broke my local store of that habit. I had fun doing it, I was looking for a new stereo, and decided to see what they had. I was ready to plunk down about $600, the sales guy was writing up a ticket and asked me my phone number. When I asked why he said it was store policy. I asked for the manager, when he showed up I waved my cash under his face, and told him that they just lost a big sale because they insisted on my phone number; then I walked out. Next time I went in there was a sign posted prominately that the phone numbers were optional. But the look on their faces when I walked out was priceless!

Re:there is nothing wrong with user-agents

[Legolas-Greenleaf]

hmph... but 97.4% still means that out of every 100, 3 or so would be not using Netscape or IE. That means out of 1000, 26, and so on and so on...

white it's not the majority, that is certainly a fair number of people.

heh.. sorry. I'm just annoyed when a page is completely unreadable with lynx, because it's usually faster then booting up with Netscape. It's aweful how bad securityfocus is... it even seems to crash any version of Netscape for Linux i use on it (on different systems).

-legolas

i've looked at love from both sides now. from win and lose, and still somehow...

Its all about margin

[jon323456]

We will see lots more of this as compaines that have much smaller margins on their products (groceries, drug stores, etc.) begin to move into the internet space. When you aren't making 24.95 comission on every transaction, you look for other ways to augment your revenue stream, data being a popular one. This will be getting much worse before it gets better.

Security is not what I do

[Jon+Erikson]

Could you please enlighten us what do you recommend to your customers in terms of keeping our personal data secure. Do you insist that all data is kept encrypted? Do you suggest that the encrypted data is stored on a separate machine, with audited security?

That's not my area of expertise - I'm an ideas guy rather than an implentation guy. If they want to get these things sorted out then they'll need to hire a security consultant to go over the details and implement a working security policy.

I do recommend that they do it though, its always bad for business when one of your customers gets hacked into and their customer databases stolen.

---
Jon E. Erikson

/. readers don't like to pay anyway

[Jon+Erikson]

Of course most Slashdot readers probably don't opt out, they just fill in absolute rubbish to try and skew your statistics. Or is that just me?

Well, since most /.ers would rather not pay for anything anyway, their contribution to commercial issues is negligible. The false statistics generated by them being "clever" is not something most companies would care about - it can be removed using standard statistical techniques.

---
Jon E. Erikson

SMSpam

[mirko]

They also seek handy phone numbers.
I just understood why :
My collegues brand-new WAP handy just left him an SMS message : some kind of advertising for a WAP service, it seemed.
If the handy penetration rate is that huge, then it seems the'll touch even more people with SMSpam than with mail-spam.
Hence their need for loads of Handy#...
I happily don't have one, but having used mtnsms.com to send SMS messages to a friend, I am now afraid I may have unvoluntarily given his handy# to potential SMSpammers. :-(
--

Re:Tell'm whatever you want

[pucker+up]

Auugh! It's because of people like you that I get 2-3 calls a week asking for some guy named "Scott" who "gave me this number to call him about..." everything from taking his shift at some restaraunt to discussing insurance.

although I like the idea of giving a 9 digit number and expecting people to believe it works.

Re:Go to brick and mortar

[Ketzer]

There has always been a tradeoff between convenience and security.

You want to make your password your daughter "Liz"?
Go ahead. It will be easy to remember and take little time to type. But if anyone does a little bit of research on you, they'll guess your password, and if they brute-force the login it won't take long. You want to be secure? Make that a 10 digit password with numbers and a mix of upper and lower case letters.

You want your machine to stay perpetually logged in as you? It's certainly convenient. But anyone walking up to your machine can pretend to be you.

You want Amazon and Yahoo to remember who you are and what you like? Fine, let them send you cookies.

And if you want to shop online, you've got to give them some info. Any online shopping by its very nature requires at the very least, a method of payment. This will almost always include lots of personal information. Most of them also require an address to physically ship your stuff to.

So if you want extreme security and privacy, its yours. But don't complain about how inconvenient it is, because that should have occurred to you from the beginning, when you chose not to let people know anything about you.

This isn't just a computer thing; it works like this in the real world. If you don't let anyone get to know you, then you don't have to worry about being emotionally hurt. But you won't have any friends either. So suck it up and take a little risk.

Go to brick and mortar

[AbbyNormal]

We keep hearing this more and more on ./. I think the solution is simple. If privacy on the net is a big issue for you, and you need to buy something at a grocery store...go to the REAL store. When you walk into the store you are not required to sign any of your information away. Its the old adage..you can't get nothing FOR nothing. The only thing that is vaguely making sites profitable right now is Advertising (and p()rn/ebay). Its information that is useful for them in marketing etc. If you don't like it, keep using junkbuster and DON'T visit their site. You could also just email the site and mention the reason why you're not using their site and then find one that doesn't (if possible).


-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Re:[OT] Tomorrow's Slashdot healines

Usually, I hate off-topic articles even if they are supposed to be "funny", but this one is excellent. Very good summary of the various /. posters...

By the way, there should be an option to ignore the "+1 Funny" moderation points when sorting articles. That would be helpful when you want to get the facts first without spending too much time on the reading the jokes and silly comments. There could also be an option to double their weight, for those who read /. for fun more than for learning something new (alas, this seems to be the majority of the audience here since about two years ago).

Re:I don't see the point

[SimonK]

The parent post raises several interesting points.

I don't think the ability to do more data processing on electronic information is a very important reason to conceal more of our on-line activities than our off-line ones. After all, any large organisation (apart from those - like credit agencies - trying to avoid the DPA) enters all its information into its computer systems pretty much in real time, regardless of whether the transactions were on or off line.

Its also interesting to note that arguments about privacy are an element of the age old argument about whether societal or individual interests should take precedence in general, and of course that the best answer is "it depends". This does explain why concern about privacy is most intense amongst libertarians and other individualists, even thought the argument is so new it doesn't appear in any of the classic individualist philosophy.

I tend to agree that the most important concerns center around misuse of information (such as drawing tenous conclusions from purchasing data and then using these to make life-affecting decisions about individuals), but it is arguable whether these problems are best avoided by concealing or revealing information. For instance, is it better to avoid writing hand-written letter to avoid the use of graphology, or to publish more data that disproves graphologists claims ?

Perhaps sir would like to read this...

[Bowdie]

http://www.computerweekly.co.uk/cwarchive/news/200 00810/cwcontainer.asp?name=C14.html&ct=s earch

Tesco online snoop plan
Helen Gregory & Sophie Mason

Tesco is considering using artificial intelligence software to alert shoppers on rival Web sites that it can offer better deals.

The supermarket giant is already using the software package to track which products are of interest to its Tesco Direct shoppers and to suggest items they can add to their virtual shopping list. It is now debating whether to press on with plans that would allow it to compete immediately with promotions offered by other supermarket sites.

MyWeb software was introduced free on Tesco Direct CDs three weeks ago. Once loaded, the program stays on the shopper's computer and "reads" text from the screen rather than directly from the Internet, developing an understanding of what the customer is looking at online.

If extended, MyWeb could sit on the user's computer and, whenever they entered a rival grocer's site, a prompt built into the program would see MyWeb flash up a reminder of Tesco's offers.

The system can also create a profile of shoppers' tastes by keeping a record of what they have bought or looked at in the past. It can then use this information to anticipate demand and suggest similar products if the first choice is out of stock.

Simon Fletcher of software supplier Autonomy, which developed the system, said the package provided Tesco Direct with a major marketing tool in the e-commerce battle.

"E-tailing customers will not tolerate having to go and actually search for things for much longer because the whole point of an e-commerce site is to free up time that you would normally spend in the shopping aisles," he said.

MyWeb can also make associations between purchases and cross-sell items. For example, if they buy charcoal and firelighters, MyWeb will suggest a deal on burgers or garden furniture.

Dan Munford, partner with Insight Research, said tailoring e-offers was the "holy grail" for supermarket chains. "It's what the consumer wants," he said.

Re:I don't see the point

[Bongo]

For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?

This is a good question because there are lots of potential answers, and the truth is probably a different mixture for different individuals.

First, the web is still "real life", but I guess you just chose that phrase as a representation of the traditional shop, cinema etc. What's different about putting computers in the transaction mechanism is that the data can be processed way beyond the limits of what could be cheaply done with paper/filing cabinet systems.

Taking this to it's next level, globalisation may mean we have "global person identifiers" (GPIs) instead of credit cards and national passports. There are several countries that already require identity cards, or some form of citizen numbering. In italy all citizens have a Fiscal Code (Codice Fiscale), which must be quoted in every transaction above a certain value -- this is supposed to allow the government to track money laundering etc. All it takes is for all these existing and growing registration systems to merge, and you'll never feel alone again.

The end debate is whether this is good or bad -- ie. ethics and politics. The two classic arguments (AFAICT), are 1) the government needs power to crack crime (Fiscal Code, NSAKEY etc), and 2) that the individual has a right to privacy. Ie. 1) Society is good and it's society that educates the individual to be a good citizen, or 2) The individual is good, and has to be protected from corrupt society --- ie. 1) society oppresses the individual or 2) the individual corrupts society

Needless to say, this is a basic duality that is so fundamental that there will typically always be two political parties, the so called Left and Right. But like all dualities, neither position is the truth... it is an integration of the two, in varying amounts, that is needed to secure the health of both good societies and individuals, and filter out the ill health of bad societies and bad individuals.
But don't ask me how :-P

So back to the "real world", I don't like people getting the wrong impression about me. So I am, for example, against so called "handwriting experts" who profess to be able to say all sorts of things about my character, attitude, personality, performance etc. from just looking at my handwriting. I am against employers who, because they are ill informed and haven't made a proper objective study of their recruitment process, make use of such so called 'experts' --- not just because they may not hire me, but because they may not choose the right person anyway.

I suspect it's really the mis-use of the massive amounts of information that are becoming available that people are objecting to.
Oh flaming heck, I've written too much... $(

Re:there is nothing wrong with user-agents

[Griff]

Absolutely.

I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.

If they have put in so much effort that they have customised the site for IE and NN, then they should put a tiny bit more effort in and deal with other browsers nicely, even if the site does lose a little bit of functionality. In most cases the bits that change according to which browser you are using have no effect on the functionality at all - those bits are generally the icing on the cake.

Tesco have a badly written site. However, I don't see why giving out your useragent is a problem. So they then know you are using MSIE 2.0 or something - so what? Hardly identifying information is it? If anything a custom useragent is far more identifying, and therefore giving out a fake useragent string means you could be intentionally giving away more privacy.

Ask Slashdot is getting exponentially dumber

[FascDot+Killed+My+Pr]

Here is what you do:

1) Send an email to Tesco saying "I was unable to use your online shopping site, because it asked for XYZ. I will be going to a brick and mortar store.".
2) Go to a brick and mortar store.

Ta-da! You have cat food. Tesco has information on how to fix the problem. If they don't do it you are out of luck but there's nothing else you can do--they don't want you as a customer bad enough to fix their site.
--

Grocery stores are the worst

[Joe_NoOne]

Grocery stores are the worst at profiling. They try the hardest to do consumer profiling and not just with the internet. Up in the Chicago area, the stores almost mandate you have one of their "preferred shopper" cards by posting one price on the shelf for the "preferred shopper" (although they make it look like the normal price - only in very fine print does it say "preferred shopper" price) and in fine print put the price for non-preferred customers (which is much higher). Only when you're at the register do you realize what they did. I found out one day when I was up there visiting my family and made a purchase.

They have been doing this for about 15 years now too. My mother understood the profiling but finaly after many years broke down and got one. But she got it in our cat's name, and it is amazing the junk mail "mega catlin" gets.

The only way to combat profiling is to always give wrong information. If you mess with their statistics, they won't rely on them as much.

Let me tell ya a little story. . .

[omarius]

I am on so many mailing lists that I can actually track the passage of one to the next. The most humorous one I have had so far goes a little like this:

I had a friend with a cool wool trenchcoat. I told him I liked his coat, and he said that he got it from U.S. Cavalry for $7. Wow! So I went online and bought one. Two, actually.

Of course, I started getting U.S. Cav catalogs. But then a few months later, I started getting literature and membership offers from the N.R.A.

Then, just last month, I got an offer to join a hunt club -- when I have never hunted anything in my life! Now I have someone called "Buckmasters" calling me on the phone.

All because I bought a trenchcoat.

I think corporate mailing list sharing has become the evil meme of our times.

-Omar

Speaking of which

[Greyfox]

Why the hell does Radio Shack need my phone number when I'm buying batteries? That gives me the creeps.

Re:there is nothing wrong with user-agents

[sbryant]

I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.

I'm currently working on an online shopping site for a large, well-known IT manufacturing company. The site is already in use, so I had a look at the stats for August so far.

Microsoft and Netscape browsers make up 97.4% of the hits (nearly 6.5 million so far this month). The stats tell me the browser versions too.

Of the Netscape browsers, version 4.x (Communicator) takes 98.4%, 3.x has 1.3%, 5.x has 0.23% and the others much less.

For MS IE, 81.5% were version 5.x, 18.09% version 4.x, and 0.38% for version 3.x. There were negligable hits from previous versions.

This is what people are using. Management look at these figures and then tell me the features must work in NS4.x and IE4.x and 5.x. That covers the vast majority of users; I would imagine that they would probably consider developing/testing for other versions a waste of resources.

It also occurs to me, that (as is the case with Tesco), the internet side of selling is not where most units are shifted. It's an extra distribution channel. Priorities would probably be very different if it was the primary channel.

I don't know about the UK's disablilty laws, but I think Masem's point about disabled persons' usage of the site would not hold much weight. The kit available on our site can also be ordered by phone and bought from lots of different retailers (ie: in shops); with Tesco you can still go to the shop. It's a slightly different kettle of fish to the situation with AOL - their software must be usable by all, but I don't think Tesco is required to put in a ramp at every single entrance to the building.

-- Steve

Ask?

[Vanders]

During your corrispondance with Tesco, did you ever ask them why they want the information?

Is it a horrible conspiricy on their part, or is it just bad HTML?

Re:Ask?

[skoda]

Yep - once they have your credit card, they've got all your financial info if they want it.

And since you have the products shipped to you, you must give them your address. Now they know where you live.

Currently, online shopping is fundamentally un-private.

This could change, with two developments:
1) Using a secondary payment service, that you pay anonymously via cashier's check. Thus, your name is not connected at all to the payment of a product.

2) BestBuy.com allows you to order an item online and then pick it up at a local store, using a confirmation # emailed to you. Using a Yahoo-like email, and picking it up at the store, they don't have your "real" email address nor your home address.

But realistically, online shopping will always be un-private.

Re:Ask?

[arivanov]

Is it a horrible conspiricy on their part, or is it just bad HTML?

When stupidity is a sufficient explanation there is no need to resort to any other:

• The secure mode looks like operating with the same cursed Micro... like Barkleys not just standard SSL. So it is least likely to work properly with Netscape in first place.
• Cookies look like standard ASP session library and standard shopping basket implementation.
• As you are going to be leaving there you credit card information anyway there is not much you will keep private anyway. They know your name, address, date of birth and can actually even request a credit reference for you and learn about your income band from there. So you may let them cookie your arse off anyway. Just use an editor to check them after that.
• It is quite likely by the look and feel with Junkbuster on and Off that it relies on HTTP referrer in quite a few places. It is genuinely stupid, but some people see it as a "security measure". Quite popular lately. I wish they were watching more on unique session IDs and where and how they store data instead. See the recent Barkley and other cases

Conclusion: I guess you will have to use insecure browsing and junkbuster off you want to shop with netscape on this site. Or use vmware and shop with a Windoze having vmware in the mode when it does not keep the disk updated. After powering off all they have managed to stuff your machine with will go on holiday. And they will have wrong preference info on you anyway Standard disclaimer:

• I do not shop at tesco online
• I had a look at it for 2 mins at most

Re:I don't see the point

[DrXym]

Credit cards are extremely limited in what the can tell a supermarket, even assuming they are legally allowed to correlate card numbers to purchases. For example a credit card doesn't say the age, sex (not all the time), income, address of the person doing the purchasing. Some people pay with cash too so the store knows very little about them though they can gather some data.

Supermarkets love to know as much as possible about their customers so they can 'serve you better' (i.e. sell you more) by targeting you with special promotions, vouchers etc. That's why loyalty cards were invented - not for the benefit of shoppers, but so they can gather all the information about your purchases, how much you buy, how many times you visit, when you visit, how far away from the store you live, your social class (extrapolated from your postcode and what you buy), whether you like brand names or not, whether you are loyal to a brand or not, whether you are susceptible to special offers or not and so on. The amount of data a loyalty card gives a store is staggering and boundless. Tesco and their ilk set up large IT centres to mine this information.

there is nothing wrong with user-agents

[bwalling]

Sending a user agent allows the site to customize content around browsers. Unfortunately, Netscape and Microsoft do not agree on features, especially when you start using CSS/DHTML/etc. The user-agent just provides the site with the browser/version you are using so that they can do something like this:

if ver == "x" then
do this way
else if ver =="y" then
do this way
end if

Without this, you would have some screwed up pages on sites that tried to do dynamic content. Until the major browsers support the same features with the same syntax, you will need this.

Re:there is nothing wrong with user-agents

[Masem]

Does the UK have any law similar to the American Disabilities Act? Most readers for sight-impared people don't broadcast themselves as NN or IE, and therefore would be unable to use this site. Which is practically the same as not providing ramps to get into a brick and mortar store.

And remember, there *are* pending lawsuits by disabled people against AOL and others for just this reason.

If the UK has similar laws, you may want to kindly write Tesco to remind them that said disabled users won't be able to access their site.

What I recommend

[Jon+Erikson]

As a top flight professional consultant who has worked with many companies attempting to leverage their business onto the net, I generally recommend that companies obtain as much information as they possibly can, but allow an "opt out" policy for customers for whom privacy is a concern. After all, it costs them nothing (well apart from some of my rather expensive time) and satisfies the small number of people paranoid about letting people know which browser they're using.

The information gained by online businesses in this way forms a valuable resource for them to react to what their customers want, even when the customer doesn't realise it. After all, the more information you can obtain the better the service you can provide - personalisation is the key to a happy customer and lots of business when many companies are all offering the same product at very similar prices.

Still, privacy concerns are overrated here and I think your're being overly concerned about what Tesco will do with your information. They're not going to sell it to other people - information like that is valuable to them - and they're not going to spy on the not-so-sordid details of your life with it.

My recommendation - give a little, get a little. Don't worry so much about giving out such inconsequential details online. There's a lot of hype and FUD around at the moment about privacy, and invasions of it, and falling for it simply limits your options and decreases the enjoyment of your net experiance.

---
Jon E. Erikson

I don't see the point

[SimonK]

Given that you're going to give Tesco your credit card number anyway, from which they can find out just about anything about you, and if you have a loyalty card they can also correlate this information with your purchases, I really don't see what you gain by using junkbuster etc. If someone already knows what groceries you buy, where you live, your income band and your credit rating, and probably a great deal about your lifestyle, letting them know what web browser your use and what web site you came from seems pretty irrelevant.

Frankly I find this obsession with privacy somewhat bizarre and worrying. For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?

Tell'm whatever you want

[kensail]

I have gotten into that habit of "making mistakes" with these numbers. Just make them up!
You ask me for my SSN? Sure its 554089652 the clerk writes it down everyone is happy. My phone number 342-980567 Yeah it's a little weird I have a cell phone... They won't tell me what they want with it so I don't feel the need to be truthfull with them either. Nobody makes you PROVE these random numbers do they? They depend on stupidity and truthfulness. Give them neither.

The best piece of misinformation holds a kernel of truth. If you want to be totaly duplicidous just interchange some of the real numbers. Switch a couple of digits now and agian.

-Kensail

this won't protect you from such abuses...

[mirko]

...but just let you know about indelicate persons :
I personally have hundreds of aliases that I give to new contacts.
I preferably use really stupid ones whenever I am not sure about my contact ; e.g. I sent one day mirko@garagiste.com to an inoffensive-looking web site while requesting information about data security.
You can't imagine how many sex spams I received under this alias.
Also, whenever requesting for documents to be sent through normal post, I usually give a fake first name (e.g. Baudoin, Ibrahim, Bill, etc.) which then allows me to track the spammers.
At the end, I just set some filters on the spammed accounts so that I can get rid of spams.
Now, if they want your personal data, you can consider they just want to know how they can reach you with public mean (email, mailbox, etc) and then give you some information that'd be just relevant enough but objectively not corresponding to you.

(let's say the website was compusa.com)
... My phone number (why the hell do you need it ?) is blah (real one). my Family name is blahh (real one too) and my first name is Hiroyoshi.
(click on submit)
(one week later, the phone rang)
-Allo ? Mr Hiroyoshi ? As a faithful client, we guess you could be interested in our offer : twenty four boxes of (put any soap brand here) for half price if you buy us ten rolls of toilet paper.
-So, compusa also sell toilet paper and soap ?

Anyway, my favourite one was with an old hotmail account that is now closed : a21z.
Before I ever use it publicly (on deja.com), this account got spammed.
The complete recipients list was readable.
To my surprise, all the email addresses (around 2 or 3 hundreds) were containing the string Aziz.
Ah ah ah ah ah ! I can't imagine they have some spams only aimed at guys called Aziz !!!

Conclusion:

• Whatever information you give, they will guess the rest.
• Maybe they'll just ask you elements that they already know in order to compare them.
• don't forget to mail abuse@ and postmaster@ after each spam. I am currently writing a mailer that will do this automatically as well as blacklisting the spammers (not to download their mail from a pop server).

--

[OT] Tomorrow's Slashdot healines

[vertical-limit]

Your Rights Online: Shawn Fanning Receives Speeding Ticket
Posted by Hemos on Tuesday, Friday 18, @06:38AM
from the damn-those-fascist-capitalist-plutocrat-bastards dept.
Signal 11 writes: "Yahoo! News is reporting that Napster founder Shawn Fanning has been given a speeding ticket. The police claim that Fanning had exceeded the speed limit by over 15 mph, but we all know that he was acting in full compliance of traffic laws.". In a truly free world, there would be no need for speed limits. When will the establishment learn that speeding laws simply can't be enforced? Even if Fanning receives a ticket, thousands of other drivers will continue to speed.

( Read More... | 768 comments | Your Rights Online )

Miniskirt-clad girls save universe
Posted by CmdrTaco on Friday August 18, @08:25AM
from the roketto-ga-sugoi dept.
AnimeNewsNetwork.com is reporting that earlier this morning in Tokyo, five girls in color-coded blouses and miniskirts transformed into scantily-clad superheroes. The five girls then screamed, hurled glowing balls of energy, and screamed some more at a thirty-tentacled monster. Still no word on whether this is connected to the large humanoid robots spotted battling last week in Osaka.

( Read More... | 168 comments )

Slashback: Frisson, Sesquipedalianity, Responsitivitiness
Posted by timothy on Tuesday August 08, @10:45AM
from the beware-the-froomious-bandersnatch dept.
It was a dark and stormy night. In a salutiferous octastyle basement, an ultracrepidarian man was hermtically hunched over a piperaceous desk beneath a ornate mazarine, typing furiously away on an obumbrate keyboard. Meanwhile, in a meandrine corner of the world, several setose seeds were being entrenched in the muculent minds of the hoi polloi.

( Read More... | 9235 bytes in body | 214 comments )

Traffic Cops' "Justice" and Napster
Posted by JonKatz on Friday August 18, @11:30AM
from the post-hellmouth-world dept.
Just as Shadowrun predicted, The Corporate Republic took another step in assailing geeks today by handing Shawn Fanning a $L00 speeding ticket. This narcissism is harmful because it shrinks the creative universe of media workers and disconnects them from the new global conversation taking place online. Hubcaps have sparked a cultural and economic revolution that is just beginning to be understood. Will we see an increase in the number of Chickdrivers receiving "closed" traffic tickets as well, or will the Edge power a paradigm shift to "open" community-based traffic laws?

( Read More... | 598235 bytes in body | 657 flames | Features )

Ask Slashdot: Are Corporations Trying To Make Money?
Posted by Cliff on Friday August 18, @1:25PM
from the yet-another-article-from-the-something-to-think-ab out dept.
www.sorehands.com writes: "Today I visited Yahoo and was shocked to see a banner advertisement - I thought I'd managed to block every form of advertisement possible with Junkbusters. After thinking about it some, I realized Yahoo was probably running advertisement in a crass, commercialized attempt to make money off of my web-surfing habits! Could there be any other corporations out there engaged in similarly devious practices?" An interesting question here: Are some companies attempting to turn a profit, and, if so, what can we do to prevent it?

( Read More... | 3082 bytes in body | 345 comments )

Autospy of a Furby
Posted by michael on Friday August 18, @3:43PM
from the deja-vu dept.

Vladinator writes "Ever wonder what it's like to take apart a Furby? I don't, because I saw this on Slashdot two years ago, but I needed some karma so I submitted it anyway. Fawking trolls!" Those of who you started reading Slashdot this week may not have seen this page yet, so I'm re-running this classic for you three newbies.

( Read More... | 1 FIRST POST! )

Interstate Highway Boycott Planned
Posted by emmett on Friday August 18, @6:25PM
from the fight-the-power dept.
Bowie J. Poag writes: "You guys are idiots and VA sucks, but being the nice guy that I am [Update: 08/18 11:11 AM by CT: Further investigation reveals that he isn't ] I thought I'd let you know that know Wired is reporting that a boycott is being proposed against the interstate highway system for its treatment of Shawn Fanning. The interstate highway sucks almost as much as anime! PROPAGANDA RULES!!!!!" It's good to see that some people are taking the battle for free (as in Willy) highways into their own hands.

( Read More... | 218 comments )

Holland Convenience Store Switches To Linux
Posted by Hemos on Friday August 18, @9:33PM
from the key-victory-for-open-source dept.
Today while visiting my local 7-11 in Holland, MI, I noticed that their inventory computer was running Linux! Best of all, a representative from the store assured me, due to complaints from Bruce Perens, that the store may consider GPLing its inventory "sometime in the future." Looks like another business has finally "got it" and adopted the tenets of the free software movement.

( Read More... | 164 comments )

Napster? Napster Napster
Posted by CmdrTaco on Friday August 18, @11:25PM
from the napster dept.
Napster Napster Napster. Napster, Napster Napster Napster! Napster Napster (Napster) Napster Napster Napster, Napster Napster Napster. "Napster Napster Napster," Napster Napster. Napster Napster, Napster Napster Napster.

( Read More... | 304 comments | Napster!! )

I tried to shop in real time with privacy

[Hairy_Potter]

I went into a store wearing a ski-mask (which is unusual in Rochester in August, ski-mask weather doesn't come until Ocotber, here).

I didn't want people to see what kind of groceries I am buying, for then they could make the inference that I have a cat, a dog, a child and a wife, and try to direct mail market to me using that information, and violate my privacy.

Wouldn't you know it, they called the cops, suspecting a robbery.

Do any Slashdot readers know of a grocery chain where I can shop in the northeast US that will let me shop with a mask on, to protect my privacy?

Thanks