Slashdot Mirror
Shopping Online While Protecting Your Privacy?
Bart asks: "How can you shop online and protect your privacy?
I have been trying without success for a few weeks to shop at the online site of the bigest supermarket chain here in England. My problem is that either I am not using Internet Explorer or Netscape or that I have set up Junkbuster to return a spurious
user-agent. With this configuration I can visit my bank, transfer money and make payments, I can visit my two stockbrokers and make deals of up to 100,000 USD but I can't go to Tesco and buy cat food." It seems odd that certain places require a bit too much information from you before they will even do business. What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?
"Protracted e-correspondence with Tesco (apart from regular instructions on setting up Internet Explorer) revolves around bypassing the proxy and setting up a direct connection. As shopping online for mundane things like groceries gets more common and less the province of technically aware people, we can expect more and more intrusions like this into our privacy. Can anything be done about it?"
Not a Brit, but been there twice (once in the last few years) to know that there is very little, if any, competition to Tesco for groceries. *Maybe* Marks and Sparks, but since they're mostly a department store with specality food items, I doubt you can 'grocery shop' with them. There's another chain that I saw up in the Kinston-Upon-Hull area (ASDF?) but didn't see anything like that near London, which may be regional constraints.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
There is a cost involved in making buildings and businesses handicapped accessible. The number of handicapped people is low enough that it is not a good profit/loss incentive to make your business accessible. The laws were created because nothing was accessible. Now that the government has prodded things are changing, albeit at a cost to all consumers. Equal access and an end to discrimintation is important enough that it should not be left up to capitalistic moderation.
--
Mike Mangino
Sr. Software Engineer, SubmitOrder.com
Mike Mangino
mmangino@acm.org
This is essentially the same as when you go to the store in person.
Any more than that is information they, themselves, can't use. It's ONLY purpose, then, is to sell to someone else. And, in the UK, under the DPA, that is illegal, without your explicit consent.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
As others have said on this thread, the problem comes into play if you are using browser "z". I understand companies that are unwilling to design a site for anybrowser (as much as I think that is what is really needed), but to not even allow me to try is another story.
I run iCab Pre2.0 on my Mac. It has almost all of the features of a 4.x release. Several times, I have been prevented from entering a web site because my browser does not identify itself as a 4.x brwoser. Luckily, iCab offers the ability to change the User Agent field on the fly. So I change it to Netscape 4.x.
I get in and the site looks fine!
I got into an argument with LL Bean customer service a while back about this and, after a month or so of emailing, they finally gave in.
It is fine if you do not tailor your code so that any browser will work, but do not filter people off and prevent them from seeing your site.
- (c) 2018 Hank Zimmerman
I couldn't use the Tesco Direct site even with Netscape. I send details to their tech support, explaining the problem, and they have completely ignored it. Consequently, I don't go there any more. Annoying, but then life sometime is...
"The invisible and the non-existent look very much alike." -- Delos B. McKown
cat food. £4 a can. click here to buy.
what part of the above requires dhtml/css/etc? barring resume building by "desgin artists."
in fact i can think of a discussion site that supports thousands of people and it doesn't do (much/any) browser detection.
US Citizen living abroad? Register to vote!
I think they probably can (and do) correlate info about credit cards with that from loyalty cards. British law only requires that you provide people with access to information you store about them, and correct any errors, under the data protection act. I don't believe there's any limit on what you're allowed to store, or the sources you can use.
Bear in mind that online purchases are inherently less private than off-line ones: you have to tell them your address for delivery, you have to pay by credit card, and both of these bits of info are already bundled up with your purchases in a single transaction. Its almost as bad as a loyalty card in itself. And they charge you a fiver for the privelege.
I suspect its just bad web design on Tesco's part. They're using a whole bunch of standard shopping cart and "security" tech, which is not only intensive on cookies, but also on things like the referer field.
I, too, am using Junkbuster's 'User Agent' feature to truthfully reflect the use of "Mozilla M17".
I find that infoworld refuses to serve me pages because of this.
I'd say that any on-line store should require only the same information that is required at a real physical store. That is, if I'm paying for groceries with cash, then when paying with an accredited anonymous cyber-cash-like operation, I should need to provide no information at all. If I'm paying with a credit card at a store, then all the online-store needs is my number and signature. What? They can't get my signature over the wire? Okay, then, I guess they need whatever my credit card agreement says they need -- usually, an address.
In many cases, this is going to be up to the financial companies (banks, credit card companies, etc.) to find alternative ways of validating and authenticating transactions, without divulging address, telephone numbers, etc., to online merchants. Not sure this is ever going to happen. 'course, there's stuff like PayPal, but who knows how long until *they* start doing something with their information.
Of course, we have to remember that in many cases, the business model of online companies may actually include revenue from information collected during the transaction. You see this in bricks-and-mortar stores at, say, supermarkets, with the "special discount cards" that they give people. To be very literal about it, a certain loss of some amount of privacy (some shopping/clicking habits, etc.) are the true price we pay for discounted prices, vast inventories, and free overnight shipping. Don't like the loss of anonymity? Go to your local store. Sucks, yeah, but that's the way the internet works.
In this particular instance, as someone else pointed out, it's likely the problem is that they want to auto-generate their pages to match your browser. Here the problem isn't privacy, but a closed-mindedness as to what browsers are out there. This used to be such a nasty problem when I was surfing from my NeXT that I had to pretend I was Netscape (which was a built-in feature of the browser for just this issue!). They really should have some way of providing a general, simple HTML interface that anonymous browsers can read. Or maybe we need new brower identifications that don't ID the brower, but instead define the browser's capabilities.
Why the hell is this marker funny. It is satire, but not funny. Hairy is entirely correct. You do not have absolute privacy in the real world. If you want absolute privacy, set up a fucking unibomber cabin in the woods and hunt for your food.
Then again, if yer hunting most animals, you'd probably need a Hunting License, you yer gonna be stuck with probably a mostly vegitarian and what ever died on my doorstep diet.
Remember folks, living in a civilized society means some amounts of privacy are given away for the common good. If you really care if others know what you buy at the grocery store, ya gots problems. I'm pretty much a vegetarian, and the worst thing I could think of would be the fact that I have to pick up some chicken breasts for my sis. Oh no, I'm contributing to the mass execution of chickens...I'm a collaborator and will be taken hostage when PETA takes over. Given that this is truely unlikely, ya'll just need to fucking get over it.
I swear some people are just too paranoid. Then again, if I lived in my parents basement and watched x-files everyday, I probably would be too.
clif
TESCO ALERT! We can sell you those nipple clamps and that ball gag cheaper.... ;)
yes, www.dotcomforwardslash.com is my real URL.
Why the hell does Radio Shack need my phone number when I'm buying batteries?
So they can dial the mobile that you've got your batteries installed in, and send the batteries a "shutdown" command (ie. leak acid) if they report that you are using them in a phone/brand not permitted by the Battery Shrinkwrap User Licence...
For example, American Express knows your buying habits. On a periodic basis they will view your transactions and look for transactions out of the ordinary. If a red flag appears, they will notify you and ask if all is OK. This happened to a friend of mine when the number (but not card) was stolen for a shopping spree. He was notified before the bill even arrived and all was taken care of.
Some mobile carriers also track your calling paterns (in the days of analog) and look patterns out of the ordinary and notify you immediately if they suspect someone has stolen your ID for analog cell phone. (Which is very easy to do).
In both of these cases, privacy is gone, but the benefits save a lot of time, money and pain for all parties.
What is needed are privacy policies and that is what we are seeing more of. We need to see privacy policies in place so those buying and calling patterns are tracked for our protection and not exploitation.
Pure BS. Using "handicapped web browsing" as an issue to enable private shopping is totally cynical. That you slap yourself on the back and congratulate yourself for having helped out the handicapped in the process just makes it all the more nauseating.
I don't think he's necessarily shafting anyone; just totally misrepresentating the handicapped to further his own goals.
The problem with that approach is that you will have about a hundred else-ifs and you will be out of date within a week or two.
Ah... now I get it. You don't just sell web pages, you make a living from the full-time job of maintaining them, since every couple of weeks they need a few more "else if"s added. Yeah, I guess that's a lot more professional than those clueless people who write pages in the core HTML that all browsers support. Those amateurs will eventually work themselves out of a job, but you found something with long-term viability! Good thinking!
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Guy gets tomorrow's newspaper today and goes out and tries to prevent the bad things from happening (rather than, say, making a killing in the market).
Now that you have tomorrow's Slashdot stories today, how would you improve the world?
I think I'll go let the air out of Shawn Fanning's tires.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
I've noticed the failure is mostly in cookies these days. When running Junkbuster with cookies blocked, sites create errors with no diagnosable cause, and they tend to be stupid about their errors.
Amazon and many other sites use cookies to track a session, plus a bunch of variables. However, you can run this in real time with a postfixed URL containing session information. Since these are usually long, random strings, it makes for ugly browsing. You can't "Get" this data on normal links, because there is no way to tag on arbitrary "get" data. So you have a choice: Store a Cookie (fast easy, but an apparent security risk) sent everything with form buttons and "get" like a normal form, or attach a "?variable_name=gobbletyguck" to evere <a href tag out there.
While this is a design decision, there are other safeguards that can be taken if a cookie doesn't work. You could run the session ID in a postfix, or ask for themy to turn cookies on or they can buzz off.
Some sites never cease to amaze me by the number of cookies they set. Some get up to 14 per screen! Haven't the programmers heard you can use your own datatypes in these things?
When it comes to user Agents, I let my pass through. Concentric needs to know what kind of dynamic menus to run, and a lot of sites with multimedia content won't serve a client not in their browser capability file. Hotmail hit me with this once. While I respect that they want to creat a dynamic environment for modern users, the reason they cite you can't use the site is because you are running a 2.0 browser! Oops, assumptions!
If you go to fugly.net without the "www" in mozilla nightly, their site informs you that your browser is not HTTP 1.1 compliant, otherwise it would re-direct you. Strange indeed.
What is the solution to all this? Backend programmes must READ and EXPERIMENT above all else. Try situations out that you may never ever see, because some of your little tricks may not work out. Stick to W3C specs, and for the most part you are safe. Never assume anything, and stop leaning on cookies so much!
Lowmag.net
Anonymity? Never.
Not until there's some anonymous way of doing electronic payment. As anonymous as cash. So anonymous that the black market, drug trade, prostitution, and mafioso rackets use it instead of cash.
Cashier: And could I get your last name?
Me: No.
Cashier: Ok that'll be $foo.bar...
Also, telling them you don't have a last name is equally effective, but it does make them ponder more.
If they ask whether you're using those parts to build a bomb, answer yes. Every time. Tell them the 555's are for the delay circuit. Never give a location though.
online stores only NEED 1 piece of information you order: a shipping address.
That is true, unless they're worried about actually staying in business. If the store don't profile you, the one down the street will. This store will be able to make better decisions according to what its customers want and will thereby have higher sales. Commodity store have very slim margins and must therefore rely on volume to turn a profit. A few percentage more volume means a lot. A few percentage less shelf time for product means a lot. A few percentage more sales per customer means a lot.
The reason groceries stores are doing more profiling that others is because of the need to move merchandise in higher volumes in order to maintain a profit. The store want to know you so that the can get stock for what you want, and NOTHING else.
I understand how you all feel though. I had a butler once, and dammit if he didn't insist that I tell him how I liked my eggs cooked in the morning. I fired the bastard. I just value my privacy TOO much to just give that information up to anyone.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Obv. the handicapped need access. But if a private business does not serve them, they can just go to the next guy, who will. The first business loses money and the second makes money. What's unfair about that?
They don't. Refuse to give it to them. They don't object.
It seems odd that certain places require a bit too much information from you before they will even do business. What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?
The marketplace will decide what is fair. Enlightened businesses are coming around, and unenlightened businesses are creating opportunities for competitors and new entrants.
My suggestion is simply not to do business with those who require what, in your view, is too much, and instead do business with their competitors -- even if the competitors are slightly more costly with which to deal.
Under the terms of the data protection act, they have to register all the information they hold about you.
This data protection register is online. This is what a search for Tesco turned up.
It wasn't in the phrasing or the marketing. There were two prices posted for every item on the shelf. There was the regular price, and the loyalty card price. But once you go to the checkout stand, they add on an additional 10% if you refuse to fill out a 4 page application for a loyalty card.
Since I only had a few items and was in a bit of a rush, I decided it wasn't worth my time to argue with the teenager running the stand. So I told her exactly that, and walked out.
The manager explained to me they are under pressure from the regional office to get 92% of their customers onto the cards, and to employ every trick in the book to get people signed up. A percentage are audited to keep the stores from faking it. The manager was a fairly decent and sympathetic guy, and he seemed clued in about not wanting to give up privacy but assured me they hadn't started selling their lists, yet. I told him I didn't live in the US, and would seldom ever use their shop again even if I did bother to fill out the loyalty card.
So the store is having problems meeting a stupid quota, and are turning to high-pressure tactics to sign up shoppers. Certainly this is to increase the value of their database of shopper habits, so they can start selling the information.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
allow an "opt out" policy for customers for whom privacy is a concern. After all, it costs them nothing
:-)
/., can spot your post as the troll it is.
Aha! You are the bastard killing e-commerce with your shallow and deceptive advice.
One of the biggest turn-offs for many new users on the internet is the perceived lack of privacy. Although most people haven't a clue about cookie abuse and web bugs, there is a general, low-level feeling that anything they do will end up in the hands of some anonymous black-hats. Black-hats in this case not being hackers, but con artists, high pressure telephone sales scammers, and credit reporting agencies. So they stay away from e-commerce.
We, the more knowledgable users of
There's a lot of hype and FUD around at the moment about privacy, and invasions of it, and falling for it simply limits your options and decreases the enjoyment of your net experiance
Because many of us are professionals in the internet biz, we are well aware of the privacy issue, and we can see through the FUD. There is a huge problem with privacy on the internet and in real life, and people are starting to become aware of it. Because most people have been burned by a scam at some point in their life, they will limit their options and their net experience. They will stay away from sites such as Tesco, because they have been scammed from giving away too much information before, and don't want Tesco selling the fact they own a cat and work too many hours to get to the shop.
Many people, myself included, are limiting our options because the net experience doesn't give us anything better than spending a little extra time in real life just like we have always had to do.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
An even worse invasion of privacy comes when trying to buy cheap flights online.
I've found some amazing deals online which I would love to have jumped on, but the tremendous amount of personal information was too much to give up for a little savings. I have set a price on my personal information, and saving a few hundred quid on a trip is not enough for me to give up my info. If you try to buy an online ticket, the number of "required" fields are too numerous and private just for a cheap ticket.
E-commerce sites have been abusing the information they obtain since the beginning. They commit the worst kinds of direct marketing and spamming, under the guise of "its better for the consumer". And then they wonder why E-commerce hasn't really started to take off, and why consumer confidence isn't there.
When the e-commerce sites gain a reputation for not insisting on private information, and never spamming or selling your info to direct marketers, then consumers will be more willing to use their services. Until then, business to user e-commerce will never take off.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I recently was in the states and ended up walking out of a grocery store when they couldn't seem to sell me some groceries without a loyalty card. The poor girl at the checkout stand had been told by the manager that anyone without a loyalty card had to be forced to sign up for one. When she told me there was a new 10% extra fee added to any bill without a loyalty card, I just walked out. The manager tried to stop me, to check if I was shoplifting. His argument was that all stores have to charge more to people who don't have loyalty cards, and "everyone" was doing it. I went to the next shop down the road, and wasn't even asked for a loyalty card.
Some brick and mortar stores are desperate to skim every last little bit of profit from their customers that they can. Mining personal information is just the latest twist, and there are many stores now trying to sell that information through brokers. But for the moment, there are always alternatives who would rather have your custom than try to mine your data as well.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Yeah, I could probably sue for false advertising. I'm sure there are laws in the US protecting consumers from showing one price for an item, then tacking on an additional charge later just for the hell of it. But its not worth my time to bother suing, I'll leave that up to some rabid grandmother with nothing better to do than go after big, bad shops.
This is stupid, but there doesn't seem to be any enforcement of consumer protection laws in the US. Over here, if a shop were cited for violating the law, they would risk having their business license revoked. It happens occasionally, enough to make shop managers think twice about pulling any major scams.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Yeah, I know, I'm still waiting to buy a UHaul and inordinately large amounts of fertilizer anonymously...
It's 10 PM. Do you know if you're un-American?
Ask your friendly neighbourhood cop to come with you. Or claim you are recovering from being burnt in the face by throwing a full bottle of lighter-fuel on your barbecue.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
just say you want the card, and don't give any info. in the netherlands they are then required by law to give it to you. giving false info can be more fun though. Also, any entity keeping data on you is required to inform you exactly what data they have on you, if you ask about it. Too bad privacy laws in the US suck hairy donkey's balls, so you probably don't have much choice..
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
online stores only NEED 1 piece of information you order: a shipping address. with just a valid address the entire transaction can take place: pay the mailman or courier or whatever they use in cash at the door. In dutch this is called 'onder rembours' but I have no idea what it is in english.
/.): yes, rembours is actually french.
//rdj
P.S.
For all you smartasses out there (and there are some on
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
>The reason groceries stores are doing more profiling that others is because of the need to move merchandise in higher volumes in order to maintain a profit. The store want to know you so that the can get stock for what you want, and NOTHING else.
they don't need my name for that either.. they can easily see: Oh we're selling lots of banana flavoured condoms! maybe people like strawberry and chocolate too..
I still dont see why they would need any data other than the data used for sending the stuff. and from me they wont get any as long as I can still walk to the store myself.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
wow.. I've never seen integrity and company on 1 line. let's face it: 99.9% of all companies have NO integrity.
I would think this of a person who's main motivation is money, and I think this of companies whose entire motivation usually IS money.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
If I go to the shop to buy catfood, they don't get any information from me: i just give them some money and that's it.
...)
Ah, but you're wrong; they have gotten some very important information about you. They now know that you own a cat. (or perhaps you take care of one, or know someone that does, or
But seriously, I've always tried to save money when I can, so when the grocery stores started issuing "preferred customer cards" and I didn't have to clip coupons anymore, I was quite happy for the convenience... until I realized that by using my card, I was giving the store the ability to keep track of all of items I buy (assuming they are so inclined, have the storage space, etc.) But I've decided that I don't care if my store knows I like Diet Coke better than Diet Pepsi, or whatever.
- Mike
My father's a nut. He felt that our cat (Rex) wasn't getting enough mail, and was feeling left out. So he signed my cat up for a subscription to one of the numerous fishing magazines that he used to read. We immediately started getting offers to subscribe to other mags, mostly fishing and hunting. The best was when they would send notices with messages like "Will Rex bring down a big buck this season?" for hunting magazines. We got a call offering our cat credit cards. Finally, he received a free membership in the National Rifle Association, complete with membership card and decals. They would send surveys on our views on gun control, which my mother would fill out in the cat's name and return. We put the decals on his litter box, and to this day I carry the membership card with his name. I sometimes use the story for those irritating "getting to know you" sessions at seminars for work or school- they ask you to tell something interesting about yourself, and everyone talks about their kids or enjoying golf. I tell them my father enrolled my cat in a gun club. People usually remember me.
"Sweet creeping zombie Jesus!"
It is quite likely by the look and feel with Junkbuster on and Off that it relies on HTTP referrer in quite a few places. It is genuinely stupid, but some people see it as a "security measure".
How do you prevent cross-site attacks (such as someone posting to slashdot in your name, using your cookie) without checking http referrers (to make sure the last url you were at was the comments.pl page)? I guess you could include a cookie-like thing in each url, but that's ugly.
The shareholder is always right.
This is probably why a.com doesn't run a server. I think I use a@a.com at least once a day in order to download, preview, login, or register for producst and sites. I know I'm not the only one =)
I like what you do with the myhouse.com thing. Seems appropriate.
Fsck cluebie moderators. I'll say what I want, offtopic or not. And fsck having to qualify every bloody statement just
Is THAT why the batteries in my mobile keep shutting down? I bet they actually last forever and they just keep getting shutdown commands from Radio Shack...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If sites were coded to standards then less time would have to be spent second-guessing the user and more time could be spent on building the real functionality desired (and that's sort of the point of the site, isn't it?) so that they could be usable by anybody. More potential clients/customers is a good thing, right?
Why oh why is it taking the corporate world so long to realize this? Is it going to take a major law suit against a big company to make them open their eyes?
Constitutionally Correct
I try to make everything as browser independent as can, but I certainly see why an online vendor rather adds features for the 97% using a [modern/normal/bloated/standard/evil] browser than bother about the rest. See, if those features makes the 97% buy 4% more thanks to the bells and whistles, he comes out ahead.
Also, if I had a commersial site, financed by ads, I wouldn't spend too much time making my content accessible with junkbuster...
All opinions are my own - until criticized
IANAL but I think the latter would be legal unless they were employed there. There is no general law requiring people to act in a non-discriminatory way.
Tesco are improving their service then. Last time I heard, they weren't even supporting Netscape.
The website you are complaining about is not refusing your user-agent for any privacy reasons but instead is doing so because of Javascript.
Lots of sites that contain javascript have different versions for MSIE and Netscape. Heck, my homepage has the similar browser sniffing code.
Unfortunately poor website developers forget that there exist more browsers than Netscape and MSIE, thus they do not create non-Javascript enabled versions of their site. A quick visit to the website confirms an excessive amount of javascript being used.
This is obviously not a privacy issue but instead one of poor website design. Anyway all your user-agent contains is your browser version and OS version, hardly devastatingly private information.
The Queue Principle
It might be to further his interests but it could still benefit those with disabilities all the same. He wasn't asking for special privileges. He just didn't want to give out as much info. You make it sound like he is trying shaft everyone when that isn't how I took it. If his actions would help those with sight problems then good for him. This is not at all the same as getting handicapped tags as that is a privilege that is reserved for those who have a handicap. And to quote "Real Genius," there are plenty of decaffeinated brands on the market that taste just as good as regular.
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
[We trap for] funny-sounding or celebrity names (almost always fakes), incorrect telephone numbers, hotmail/yahoo e-mail addresses, etc.
I sincerely hope you don't reject shoppers solely for those things, as I have friends whose main e-mail is through Hotmail and who have names similar (within soundex range) to those of celebrities or cartoon characters.
You just lost their business.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
As a Company trading in the UK, Tesco is subject to the Data Protection Act. This means that they have certain obligations wrt any personal data they might collect from you.
As for the particular issue of collecting information about your browser, the DPA says they must discard data as soon as they have finished using it for its legitimate purpose i.e. once the page has been constructed.
As for the fact that the web page only works for two browsers - well that is just bad programming. If I find a page that doesn't work, I always submit a bug report. In software terms, web sites are often very poorly engineered (IMHO) and a little constructive criticism may just possibly improve things a bit.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Last time I tried using their online store it insisted I use IE. At the time, it wasn't very easy to get hold of for Solaris (My only net access), and I certainly couldn't have installed it in my 10 Meg Quota.
Fight Spammers!
But, I will require your SSN, bank account number, credit history, and your digital signature before I can answer that.
Well, if you live in the centre of Manchester, then you've got more options than you make out. There's a Tesco Metro store in the city centre, which is great for me- I get breakfast there on my way to work every day. Admittledly there's not all that much else in the centre itself, but what's stopping you boarding a Magic bus and, for a grand total of 90p getting to Sainsbury's in Fallowfield and back, or going to Salford, where there's an ample array of supermarkets. You could even go somewhere like Rusholme and buy lots of things in different smaller shops.
It sems to me that you're just being lazy- there's ample places to buy food from in Manchester. You just have to be les lazy about it.
--
Said it couldn't last, said it wouldn't last... This is the last stand against tomorrow's world.
That is always my first reaction. Like you, my banking and investing works fine online. I can also shop at several other companies just fine. If Tesco or any other retailer requires too much info or will not give you sufficient answers to your questions, forget about them. And I make sure the company knows it too.
OT - How many times have those of us in the States been asked for our SS# during purchases?
I recently signed up for a new wireless phone and the sales guy needed my SS# for the application. I told him "um, nope, you don't need that, I am only buying a phone". Anyone else?
white it's not the majority, that is certainly a fair number of people.
heh.. sorry. I'm just annoyed when a page is completely unreadable with lynx, because it's usually faster then booting up with Netscape. It's aweful how bad securityfocus is... it even seems to crash any version of Netscape for Linux i use on it (on different systems).
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
We will see lots more of this as compaines that have much smaller margins on their products (groceries, drug stores, etc.) begin to move into the internet space. When you aren't making 24.95 comission on every transaction, you look for other ways to augment your revenue stream, data being a popular one. This will be getting much worse before it gets better.
Could you please enlighten us what do you recommend to your customers in terms of keeping our personal data secure. Do you insist that all data is kept encrypted? Do you suggest that the encrypted data is stored on a separate machine, with audited security?
That's not my area of expertise - I'm an ideas guy rather than an implentation guy. If they want to get these things sorted out then they'll need to hire a security consultant to go over the details and implement a working security policy.
I do recommend that they do it though, its always bad for business when one of your customers gets hacked into and their customer databases stolen.
---
Jon E. Erikson
Jon Erikson, IT guru
Of course most Slashdot readers probably don't opt out, they just fill in absolute rubbish to try and skew your statistics. Or is that just me?
Well, since most /.ers would rather not pay for anything anyway, their contribution to commercial issues is negligible. The false statistics generated by them being "clever" is not something most companies would care about - it can be removed using standard statistical techniques.
---
Jon E. Erikson
Jon Erikson, IT guru
They also seek handy phone numbers. : :-(
I just understood why
My collegues brand-new WAP handy just left him an SMS message : some kind of advertising for a WAP service, it seemed.
If the handy penetration rate is that huge, then it seems the'll touch even more people with SMSpam than with mail-spam.
Hence their need for loads of Handy#...
I happily don't have one, but having used mtnsms.com to send SMS messages to a friend, I am now afraid I may have unvoluntarily given his handy# to potential SMSpammers.
--
Trolling using another account since 2005.
although I like the idea of giving a 9 digit number and expecting people to believe it works.
There has always been a tradeoff between convenience and security.
You want to make your password your daughter "Liz"?
Go ahead. It will be easy to remember and take little time to type. But if anyone does a little bit of research on you, they'll guess your password, and if they brute-force the login it won't take long. You want to be secure? Make that a 10 digit password with numbers and a mix of upper and lower case letters.
You want your machine to stay perpetually logged in as you? It's certainly convenient. But anyone walking up to your machine can pretend to be you.
You want Amazon and Yahoo to remember who you are and what you like? Fine, let them send you cookies.
And if you want to shop online, you've got to give them some info. Any online shopping by its very nature requires at the very least, a method of payment. This will almost always include lots of personal information. Most of them also require an address to physically ship your stuff to.
So if you want extreme security and privacy, its yours. But don't complain about how inconvenient it is, because that should have occurred to you from the beginning, when you chose not to let people know anything about you.
This isn't just a computer thing; it works like this in the real world. If you don't let anyone get to know you, then you don't have to worry about being emotionally hurt. But you won't have any friends either. So suck it up and take a little risk.
We keep hearing this more and more on ./. I think the solution is simple. If privacy on the net is a big issue for you, and you need to buy something at a grocery store...go to the REAL store. When you walk into the store you are not required to sign any of your information away. Its the old adage..you can't get nothing FOR nothing. The only thing that is vaguely making sites profitable right now is Advertising (and p()rn/ebay). Its information that is useful for them in marketing etc. If you don't like it, keep using junkbuster and DON'T visit their site. You could also just email the site and mention the reason why you're not using their site and then find one that doesn't (if possible).
-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Sig it.
Usually, I hate off-topic articles even if they are supposed to be "funny", but this one is excellent. Very good summary of the various /. posters...
By the way, there should be an option to ignore the "+1 Funny" moderation points when sorting articles. That would be helpful when you want to get the facts first without spending too much time on the reading the jokes and silly comments. There could also be an option to double their weight, for those who read /. for fun more than for learning something new (alas, this seems to be the majority of the audience here since about two years ago).
The parent post raises several interesting points.
I don't think the ability to do more data processing on electronic information is a very important reason to conceal more of our on-line activities than our off-line ones. After all, any large organisation (apart from those - like credit agencies - trying to avoid the DPA) enters all its information into its computer systems pretty much in real time, regardless of whether the transactions were on or off line.
Its also interesting to note that arguments about privacy are an element of the age old argument about whether societal or individual interests should take precedence in general, and of course that the best answer is "it depends". This does explain why concern about privacy is most intense amongst libertarians and other individualists, even thought the argument is so new it doesn't appear in any of the classic individualist philosophy.
I tend to agree that the most important concerns center around misuse of information (such as drawing tenous conclusions from purchasing data and then using these to make life-affecting decisions about individuals), but it is arguable whether these problems are best avoided by concealing or revealing information. For instance, is it better to avoid writing hand-written letter to avoid the use of graphology, or to publish more data that disproves graphologists claims ?
http://www.computerweekly.co.uk/cwarchive/news/200 00810/cwcontainer.asp?name=C14.html&ct=s earch
Tesco online snoop plan
Helen Gregory & Sophie Mason
Tesco is considering using artificial intelligence software to alert shoppers on rival Web sites that it can offer better deals.
The supermarket giant is already using the software package to track which products are of interest to its Tesco Direct shoppers and to suggest items they can add to their virtual shopping list. It is now debating whether to press on with plans that would allow it to compete immediately with promotions offered by other supermarket sites.
MyWeb software was introduced free on Tesco Direct CDs three weeks ago. Once loaded, the program stays on the shopper's computer and "reads" text from the screen rather than directly from the Internet, developing an understanding of what the customer is looking at online.
If extended, MyWeb could sit on the user's computer and, whenever they entered a rival grocer's site, a prompt built into the program would see MyWeb flash up a reminder of Tesco's offers.
The system can also create a profile of shoppers' tastes by keeping a record of what they have bought or looked at in the past. It can then use this information to anticipate demand and suggest similar products if the first choice is out of stock.
Simon Fletcher of software supplier Autonomy, which developed the system, said the package provided Tesco Direct with a major marketing tool in the e-commerce battle.
"E-tailing customers will not tolerate having to go and actually search for things for much longer because the whole point of an e-commerce site is to free up time that you would normally spend in the shopping aisles," he said.
MyWeb can also make associations between purchases and cross-sell items. For example, if they buy charcoal and firelighters, MyWeb will suggest a deal on burgers or garden furniture.
Dan Munford, partner with Insight Research, said tailoring e-offers was the "holy grail" for supermarket chains. "It's what the consumer wants," he said.
yes, www.dotcomforwardslash.com is my real URL.
For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?
This is a good question because there are lots of potential answers, and the truth is probably a different mixture for different individuals.
First, the web is still "real life", but I guess you just chose that phrase as a representation of the traditional shop, cinema etc. What's different about putting computers in the transaction mechanism is that the data can be processed way beyond the limits of what could be cheaply done with paper/filing cabinet systems.
Taking this to it's next level, globalisation may mean we have "global person identifiers" (GPIs) instead of credit cards and national passports. There are several countries that already require identity cards, or some form of citizen numbering. In italy all citizens have a Fiscal Code (Codice Fiscale), which must be quoted in every transaction above a certain value -- this is supposed to allow the government to track money laundering etc. All it takes is for all these existing and growing registration systems to merge, and you'll never feel alone again.
The end debate is whether this is good or bad -- ie. ethics and politics. The two classic arguments (AFAICT), are 1) the government needs power to crack crime (Fiscal Code, NSAKEY etc), and 2) that the individual has a right to privacy. Ie. 1) Society is good and it's society that educates the individual to be a good citizen, or 2) The individual is good, and has to be protected from corrupt society --- ie. 1) society oppresses the individual or 2) the individual corrupts society
Needless to say, this is a basic duality that is so fundamental that there will typically always be two political parties, the so called Left and Right. But like all dualities, neither position is the truth... it is an integration of the two, in varying amounts, that is needed to secure the health of both good societies and individuals, and filter out the ill health of bad societies and bad individuals. :-P
But don't ask me how
So back to the "real world", I don't like people getting the wrong impression about me. So I am, for example, against so called "handwriting experts" who profess to be able to say all sorts of things about my character, attitude, personality, performance etc. from just looking at my handwriting. I am against employers who, because they are ill informed and haven't made a proper objective study of their recruitment process, make use of such so called 'experts' --- not just because they may not hire me, but because they may not choose the right person anyway.
I suspect it's really the mis-use of the massive amounts of information that are becoming available that people are objecting to.
Oh flaming heck, I've written too much... $(
Absolutely.
I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.
If they have put in so much effort that they have customised the site for IE and NN, then they should put a tiny bit more effort in and deal with other browsers nicely, even if the site does lose a little bit of functionality. In most cases the bits that change according to which browser you are using have no effect on the functionality at all - those bits are generally the icing on the cake.
Tesco have a badly written site. However, I don't see why giving out your useragent is a problem. So they then know you are using MSIE 2.0 or something - so what? Hardly identifying information is it? If anything a custom useragent is far more identifying, and therefore giving out a fake useragent string means you could be intentionally giving away more privacy.
Here is what you do:
1) Send an email to Tesco saying "I was unable to use your online shopping site, because it asked for XYZ. I will be going to a brick and mortar store.".
2) Go to a brick and mortar store.
Ta-da! You have cat food. Tesco has information on how to fix the problem. If they don't do it you are out of luck but there's nothing else you can do--they don't want you as a customer bad enough to fix their site.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
*sigh* I worked on the second incarnation of the Tesco web site. They gave me 1 month to do the interface and the ASP behind it, and requested that IE4 was the minimum browser, with *no* fall through. They're not the most internet aware of companies, despite me trying to educate them. Looks like it hasn;t improved in the last couple of years
Grocery stores are the worst at profiling. They try the hardest to do consumer profiling and not just with the internet. Up in the Chicago area, the stores almost mandate you have one of their "preferred shopper" cards by posting one price on the shelf for the "preferred shopper" (although they make it look like the normal price - only in very fine print does it say "preferred shopper" price) and in fine print put the price for non-preferred customers (which is much higher). Only when you're at the register do you realize what they did. I found out one day when I was up there visiting my family and made a purchase.
They have been doing this for about 15 years now too. My mother understood the profiling but finaly after many years broke down and got one. But she got it in our cat's name, and it is amazing the junk mail "mega catlin" gets.
The only way to combat profiling is to always give wrong information. If you mess with their statistics, they won't rely on them as much.
I had a friend with a cool wool trenchcoat. I told him I liked his coat, and he said that he got it from U.S. Cavalry for $7. Wow! So I went online and bought one. Two, actually.
Of course, I started getting U.S. Cav catalogs. But then a few months later, I started getting literature and membership offers from the N.R.A.
Then, just last month, I got an offer to join a hunt club -- when I have never hunted anything in my life! Now I have someone called "Buckmasters" calling me on the phone.
All because I bought a trenchcoat.
I think corporate mailing list sharing has become the evil meme of our times.
-Omar
Why the hell does Radio Shack need my phone number when I'm buying batteries? That gives me the creeps.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.
I'm currently working on an online shopping site for a large, well-known IT manufacturing company. The site is already in use, so I had a look at the stats for August so far.
Microsoft and Netscape browsers make up 97.4% of the hits (nearly 6.5 million so far this month). The stats tell me the browser versions too.
Of the Netscape browsers, version 4.x (Communicator) takes 98.4%, 3.x has 1.3%, 5.x has 0.23% and the others much less.
For MS IE, 81.5% were version 5.x, 18.09% version 4.x, and 0.38% for version 3.x. There were negligable hits from previous versions.
This is what people are using. Management look at these figures and then tell me the features must work in NS4.x and IE4.x and 5.x. That covers the vast majority of users; I would imagine that they would probably consider developing/testing for other versions a waste of resources.
It also occurs to me, that (as is the case with Tesco), the internet side of selling is not where most units are shifted. It's an extra distribution channel. Priorities would probably be very different if it was the primary channel.
I don't know about the UK's disablilty laws, but I think Masem's point about disabled persons' usage of the site would not hold much weight. The kit available on our site can also be ordered by phone and bought from lots of different retailers (ie: in shops); with Tesco you can still go to the shop. It's a slightly different kettle of fish to the situation with AOL - their software must be usable by all, but I don't think Tesco is required to put in a ramp at every single entrance to the building.
-- Steve
During your corrispondance with Tesco, did you ever ask them why they want the information?
Is it a horrible conspiricy on their part, or is it just bad HTML?
Syllable : It's an Operating System
Supermarkets love to know as much as possible about their customers so they can 'serve you better' (i.e. sell you more) by targeting you with special promotions, vouchers etc. That's why loyalty cards were invented - not for the benefit of shoppers, but so they can gather all the information about your purchases, how much you buy, how many times you visit, when you visit, how far away from the store you live, your social class (extrapolated from your postcode and what you buy), whether you like brand names or not, whether you are loyal to a brand or not, whether you are susceptible to special offers or not and so on. The amount of data a loyalty card gives a store is staggering and boundless. Tesco and their ilk set up large IT centres to mine this information.
Sending a user agent allows the site to customize content around browsers. Unfortunately, Netscape and Microsoft do not agree on features, especially when you start using CSS/DHTML/etc. The user-agent just provides the site with the browser/version you are using so that they can do something like this:
if ver == "x" then
do this way
else if ver =="y" then
do this way
end if
Without this, you would have some screwed up pages on sites that tried to do dynamic content. Until the major browsers support the same features with the same syntax, you will need this.
As a top flight professional consultant who has worked with many companies attempting to leverage their business onto the net, I generally recommend that companies obtain as much information as they possibly can, but allow an "opt out" policy for customers for whom privacy is a concern. After all, it costs them nothing (well apart from some of my rather expensive time) and satisfies the small number of people paranoid about letting people know which browser they're using.
The information gained by online businesses in this way forms a valuable resource for them to react to what their customers want, even when the customer doesn't realise it. After all, the more information you can obtain the better the service you can provide - personalisation is the key to a happy customer and lots of business when many companies are all offering the same product at very similar prices.
Still, privacy concerns are overrated here and I think your're being overly concerned about what Tesco will do with your information. They're not going to sell it to other people - information like that is valuable to them - and they're not going to spy on the not-so-sordid details of your life with it.
My recommendation - give a little, get a little. Don't worry so much about giving out such inconsequential details online. There's a lot of hype and FUD around at the moment about privacy, and invasions of it, and falling for it simply limits your options and decreases the enjoyment of your net experiance.
---
Jon E. Erikson
Jon Erikson, IT guru
Given that you're going to give Tesco your credit card number anyway, from which they can find out just about anything about you, and if you have a loyalty card they can also correlate this information with your purchases, I really don't see what you gain by using junkbuster etc. If someone already knows what groceries you buy, where you live, your income band and your credit rating, and probably a great deal about your lifestyle, letting them know what web browser your use and what web site you came from seems pretty irrelevant.
Frankly I find this obsession with privacy somewhat bizarre and worrying. For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?
I have gotten into that habit of "making mistakes" with these numbers. Just make them up!
You ask me for my SSN? Sure its 554089652 the clerk writes it down everyone is happy. My phone number 342-980567 Yeah it's a little weird I have a cell phone... They won't tell me what they want with it so I don't feel the need to be truthfull with them either. Nobody makes you PROVE these random numbers do they? They depend on stupidity and truthfulness. Give them neither.
The best piece of misinformation holds a kernel of truth. If you want to be totaly duplicidous just interchange some of the real numbers. Switch a couple of digits now and agian.
-Kensail
I personally have hundreds of aliases that I give to new contacts.
I preferably use really stupid ones whenever I am not sure about my contact ; e.g. I sent one day mirko@garagiste.com to an inoffensive-looking web site while requesting information about data security.
You can't imagine how many sex spams I received under this alias.
Also, whenever requesting for documents to be sent through normal post, I usually give a fake first name (e.g. Baudoin, Ibrahim, Bill, etc.) which then allows me to track the spammers.
At the end, I just set some filters on the spammed accounts so that I can get rid of spams.
Now, if they want your personal data, you can consider they just want to know how they can reach you with public mean (email, mailbox, etc) and then give you some information that'd be just relevant enough but objectively not corresponding to you.
(let's say the website was compusa.com)
(click on submit)
(one week later, the phone rang)
-Allo ? Mr Hiroyoshi ? As a faithful client, we guess you could be interested in our offer : twenty four boxes of (put any soap brand here) for half price if you buy us ten rolls of toilet paper.
-So, compusa also sell toilet paper and soap ?
Anyway, my favourite one was with an old hotmail account that is now closed : a21z.
Before I ever use it publicly (on deja.com), this account got spammed.
The complete recipients list was readable.
To my surprise, all the email addresses (around 2 or 3 hundreds) were containing the string Aziz.
Ah ah ah ah ah ! I can't imagine they have some spams only aimed at guys called Aziz !!!
Conclusion:
--
Trolling using another account since 2005.
Posted by Hemos on Tuesday, Friday 18, @06:38AM
from the damn-those-fascist-capitalist-plutocrat-bastards dept.
Signal 11 writes: "Yahoo! News is reporting that Napster founder Shawn Fanning has been given a speeding ticket. The police claim that Fanning had exceeded the speed limit by over 15 mph, but we all know that he was acting in full compliance of traffic laws.". In a truly free world, there would be no need for speed limits. When will the establishment learn that speeding laws simply can't be enforced? Even if Fanning receives a ticket, thousands of other drivers will continue to speed.
( Read More... | 768 comments | Your Rights Online )
Miniskirt-clad girls save universe
Posted by CmdrTaco on Friday August 18, @08:25AM
from the roketto-ga-sugoi dept.
AnimeNewsNetwork.com is reporting that earlier this morning in Tokyo, five girls in color-coded blouses and miniskirts transformed into scantily-clad superheroes. The five girls then screamed, hurled glowing balls of energy, and screamed some more at a thirty-tentacled monster. Still no word on whether this is connected to the large humanoid robots spotted battling last week in Osaka.
( Read More... | 168 comments )
Slashback: Frisson, Sesquipedalianity, Responsitivitiness
Posted by timothy on Tuesday August 08, @10:45AM
from the beware-the-froomious-bandersnatch dept.
It was a dark and stormy night. In a salutiferous octastyle basement, an ultracrepidarian man was hermtically hunched over a piperaceous desk beneath a ornate mazarine, typing furiously away on an obumbrate keyboard. Meanwhile, in a meandrine corner of the world, several setose seeds were being entrenched in the muculent minds of the hoi polloi.
( Read More... | 9235 bytes in body | 214 comments )
Traffic Cops' "Justice" and Napster
Posted by JonKatz on Friday August 18, @11:30AM
from the post-hellmouth-world dept.
Just as Shadowrun predicted, The Corporate Republic took another step in assailing geeks today by handing Shawn Fanning a $L00 speeding ticket. This narcissism is harmful because it shrinks the creative universe of media workers and disconnects them from the new global conversation taking place online. Hubcaps have sparked a cultural and economic revolution that is just beginning to be understood. Will we see an increase in the number of Chickdrivers receiving "closed" traffic tickets as well, or will the Edge power a paradigm shift to "open" community-based traffic laws?
( Read More... | 598235 bytes in body | 657 flames | Features )
Ask Slashdot: Are Corporations Trying To Make Money?b out dept.
Posted by Cliff on Friday August 18, @1:25PM
from the yet-another-article-from-the-something-to-think-a
www.sorehands.com writes: "Today I visited Yahoo and was shocked to see a banner advertisement - I thought I'd managed to block every form of advertisement possible with Junkbusters. After thinking about it some, I realized Yahoo was probably running advertisement in a crass, commercialized attempt to make money off of my web-surfing habits! Could there be any other corporations out there engaged in similarly devious practices?" An interesting question here: Are some companies attempting to turn a profit, and, if so, what can we do to prevent it?
( Read More... | 3082 bytes in body | 345 comments )
Autospy of a Furby
Posted by michael on Friday August 18, @3:43PM
from the deja-vu dept.
Vladinator writes "Ever wonder what it's like to take apart a Furby? I don't, because I saw this on Slashdot two years ago, but I needed some karma so I submitted it anyway. Fawking trolls!" Those of who you started reading Slashdot this week may not have seen this page yet, so I'm re-running this classic for you three newbies.
( Read More... | 1 FIRST POST! )
Interstate Highway Boycott Planned
Posted by emmett on Friday August 18, @6:25PM
from the fight-the-power dept.
Bowie J. Poag writes: "You guys are idiots and VA sucks, but being the nice guy that I am [Update: 08/18 11:11 AM by CT: Further investigation reveals that he isn't ] I thought I'd let you know that know Wired is reporting that a boycott is being proposed against the interstate highway system for its treatment of Shawn Fanning. The interstate highway sucks almost as much as anime! PROPAGANDA RULES!!!!!" It's good to see that some people are taking the battle for free (as in Willy) highways into their own hands.
( Read More... | 218 comments )
Holland Convenience Store Switches To Linux
Posted by Hemos on Friday August 18, @9:33PM
from the key-victory-for-open-source dept.
Today while visiting my local 7-11 in Holland, MI, I noticed that their inventory computer was running Linux! Best of all, a representative from the store assured me, due to complaints from Bruce Perens, that the store may consider GPLing its inventory "sometime in the future." Looks like another business has finally "got it" and adopted the tenets of the free software movement.
( Read More... | 164 comments )
Napster? Napster Napster
Posted by CmdrTaco on Friday August 18, @11:25PM
from the napster dept.
Napster Napster Napster. Napster, Napster Napster Napster! Napster Napster (Napster) Napster Napster Napster, Napster Napster Napster. "Napster Napster Napster," Napster Napster. Napster Napster, Napster Napster Napster.
( Read More... | 304 comments | Napster!! )
I went into a store wearing a ski-mask (which is unusual in Rochester in August, ski-mask weather doesn't come until Ocotber, here).
I didn't want people to see what kind of groceries I am buying, for then they could make the inference that I have a cat, a dog, a child and a wife, and try to direct mail market to me using that information, and violate my privacy.
Wouldn't you know it, they called the cops, suspecting a robbery.
Do any Slashdot readers know of a grocery chain where I can shop in the northeast US that will let me shop with a mask on, to protect my privacy?
Thanks
The most annoying thing a website can do is refuse to work in such circumstances. The same goes for those shitty websites that refuse to work without a referrer URL.