Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shopping Online While Protecting Your Privacy?

Posted by Cliff on from the there's-gotta-be-a-better-way dept.

Bart asks: "How can you shop online and protect your privacy? I have been trying without success for a few weeks to shop at the online site of the bigest supermarket chain here in England. My problem is that either I am not using Internet Explorer or Netscape or that I have set up Junkbuster to return a spurious user-agent. With this configuration I can visit my bank, transfer money and make payments, I can visit my two stockbrokers and make deals of up to 100,000 USD but I can't go to Tesco and buy cat food." It seems odd that certain places require a bit too much information from you before they will even do business. What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?

"Protracted e-correspondence with Tesco (apart from regular instructions on setting up Internet Explorer) revolves around bypassing the proxy and setting up a direct connection. As shopping online for mundane things like groceries gets more common and less the province of technically aware people, we can expect more and more intrusions like this into our privacy. Can anything be done about it?"

9 of 239 comments (clear)

  1. Re:there is nothing wrong with user-agents by Masem · · Score: 4
    Does the UK have any law similar to the American Disabilities Act? Most readers for sight-impared people don't broadcast themselves as NN or IE, and therefore would be unable to use this site. Which is practically the same as not providing ramps to get into a brick and mortar store.

    And remember, there *are* pending lawsuits by disabled people against AOL and others for just this reason.

    If the UK has similar laws, you may want to kindly write Tesco to remind them that said disabled users won't be able to access their site.

    --
    "Pinky, you've left the lens cap of your mind on again." - P&TB
    "I can see my house from here!" - ST:
  2. I don't see the point by SimonK · · Score: 4

    Given that you're going to give Tesco your credit card number anyway, from which they can find out just about anything about you, and if you have a loyalty card they can also correlate this information with your purchases, I really don't see what you gain by using junkbuster etc. If someone already knows what groceries you buy, where you live, your income band and your credit rating, and probably a great deal about your lifestyle, letting them know what web browser your use and what web site you came from seems pretty irrelevant.

    Frankly I find this obsession with privacy somewhat bizarre and worrying. For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?

  3. Re:Ask? by arivanov · · Score: 4
    Is it a horrible conspiricy on their part, or is it just bad HTML?

    When stupidity is a sufficient explanation there is no need to resort to any other:

    • The secure mode looks like operating with the same cursed Micro... like Barkleys not just standard SSL. So it is least likely to work properly with Netscape in first place.
    • Cookies look like standard ASP session library and standard shopping basket implementation.
    • As you are going to be leaving there you credit card information anyway there is not much you will keep private anyway. They know your name, address, date of birth and can actually even request a credit reference for you and learn about your income band from there. So you may let them cookie your arse off anyway. Just use an editor to check them after that.
    • It is quite likely by the look and feel with Junkbuster on and Off that it relies on HTTP referrer in quite a few places. It is genuinely stupid, but some people see it as a "security measure". Quite popular lately. I wish they were watching more on unique session IDs and where and how they store data instead. See the recent Barkley and other cases
    Conclusion: I guess you will have to use insecure browsing and junkbuster off you want to shop with netscape on this site. Or use vmware and shop with a Windoze having vmware in the mode when it does not keep the disk updated. After powering off all they have managed to stuff your machine with will go on holiday. And they will have wrong preference info on you anyway Standard disclaimer:
    • I do not shop at tesco online
    • I had a look at it for 2 mins at most
    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  4. Re:Don't use 'em by rc-flyer · · Score: 4

    I've been asked my SS# many times. Also, Radio Shack is infamous for asking and sometimes insisting on my phone number, even though I pay in cash!
    I finally broke my local store of that habit. I had fun doing it, I was looking for a new stereo, and decided to see what they had. I was ready to plunk down about $600, the sales guy was writing up a ticket and asked me my phone number. When I asked why he said it was store policy. I asked for the manager, when he showed up I waved my cash under his face, and told him that they just lost a big sale because they insisted on my phone number; then I walked out. Next time I went in there was a sign posted prominately that the phone numbers were optional. But the look on their faces when I walked out was priceless!

    --
    -- Error: Cannot find file REALITY.SYS - Universe halted, please reboot!
  5. Tell'm whatever you want by kensail · · Score: 4

    I have gotten into that habit of "making mistakes" with these numbers. Just make them up!
    You ask me for my SSN? Sure its 554089652 the clerk writes it down everyone is happy. My phone number 342-980567 Yeah it's a little weird I have a cell phone... They won't tell me what they want with it so I don't feel the need to be truthfull with them either. Nobody makes you PROVE these random numbers do they? They depend on stupidity and truthfulness. Give them neither.

    The best piece of misinformation holds a kernel of truth. If you want to be totaly duplicidous just interchange some of the real numbers. Switch a couple of digits now and agian.

    -Kensail

  6. this won't protect you from such abuses... by mirko · · Score: 4
    ...but just let you know about indelicate persons :
    I personally have hundreds of aliases that I give to new contacts.
    I preferably use really stupid ones whenever I am not sure about my contact ; e.g. I sent one day mirko@garagiste.com to an inoffensive-looking web site while requesting information about data security.
    You can't imagine how many sex spams I received under this alias.
    Also, whenever requesting for documents to be sent through normal post, I usually give a fake first name (e.g. Baudoin, Ibrahim, Bill, etc.) which then allows me to track the spammers.
    At the end, I just set some filters on the spammed accounts so that I can get rid of spams.
    Now, if they want your personal data, you can consider they just want to know how they can reach you with public mean (email, mailbox, etc) and then give you some information that'd be just relevant enough but objectively not corresponding to you.

    (let's say the website was compusa.com)
    ... My phone number (why the hell do you need it ?) is blah (real one). my Family name is blahh (real one too) and my first name is Hiroyoshi.
    (click on submit)
    (one week later, the phone rang)
    -Allo ? Mr Hiroyoshi ? As a faithful client, we guess you could be interested in our offer : twenty four boxes of (put any soap brand here) for half price if you buy us ten rolls of toilet paper.
    -So, compusa also sell toilet paper and soap ?
    Anyway, my favourite one was with an old hotmail account that is now closed : a21z.
    Before I ever use it publicly (on deja.com), this account got spammed.
    The complete recipients list was readable.
    To my surprise, all the email addresses (around 2 or 3 hundreds) were containing the string Aziz.
    Ah ah ah ah ah ! I can't imagine they have some spams only aimed at guys called Aziz !!!

    Conclusion:
    • Whatever information you give, they will guess the rest.
    • Maybe they'll just ask you elements that they already know in order to compare them.
    • don't forget to mail abuse@ and postmaster@ after each spam. I am currently writing a mailer that will do this automatically as well as blacklisting the spammers (not to download their mail from a pop server).

    --
    --
    Trolling using another account since 2005.
  7. [OT] Tomorrow's Slashdot healines by vertical-limit · · Score: 4
    Your Rights Online: Shawn Fanning Receives Speeding Ticket
    Posted by Hemos on Tuesday, Friday 18, @06:38AM
    from the damn-those-fascist-capitalist-plutocrat-bastards dept.
    Signal 11 writes: "Yahoo! News is reporting that Napster founder Shawn Fanning has been given a speeding ticket. The police claim that Fanning had exceeded the speed limit by over 15 mph, but we all know that he was acting in full compliance of traffic laws.". In a truly free world, there would be no need for speed limits. When will the establishment learn that speeding laws simply can't be enforced? Even if Fanning receives a ticket, thousands of other drivers will continue to speed.

    ( Read More... | 768 comments | Your Rights Online )

    Miniskirt-clad girls save universe
    Posted by CmdrTaco on Friday August 18, @08:25AM
    from the roketto-ga-sugoi dept.
    AnimeNewsNetwork.com is reporting that earlier this morning in Tokyo, five girls in color-coded blouses and miniskirts transformed into scantily-clad superheroes. The five girls then screamed, hurled glowing balls of energy, and screamed some more at a thirty-tentacled monster. Still no word on whether this is connected to the large humanoid robots spotted battling last week in Osaka.

    ( Read More... | 168 comments )

    Slashback: Frisson, Sesquipedalianity, Responsitivitiness
    Posted by timothy on Tuesday August 08, @10:45AM
    from the beware-the-froomious-bandersnatch dept.
    It was a dark and stormy night. In a salutiferous octastyle basement, an ultracrepidarian man was hermtically hunched over a piperaceous desk beneath a ornate mazarine, typing furiously away on an obumbrate keyboard. Meanwhile, in a meandrine corner of the world, several setose seeds were being entrenched in the muculent minds of the hoi polloi.

    ( Read More... | 9235 bytes in body | 214 comments )

    Traffic Cops' "Justice" and Napster
    Posted by JonKatz on Friday August 18, @11:30AM
    from the post-hellmouth-world dept.
    Just as Shadowrun predicted, The Corporate Republic took another step in assailing geeks today by handing Shawn Fanning a $L00 speeding ticket. This narcissism is harmful because it shrinks the creative universe of media workers and disconnects them from the new global conversation taking place online. Hubcaps have sparked a cultural and economic revolution that is just beginning to be understood. Will we see an increase in the number of Chickdrivers receiving "closed" traffic tickets as well, or will the Edge power a paradigm shift to "open" community-based traffic laws?

    ( Read More... | 598235 bytes in body | 657 flames | Features )

    Ask Slashdot: Are Corporations Trying To Make Money?
    Posted by Cliff on Friday August 18, @1:25PM
    from the yet-another-article-from-the-something-to-think-ab out dept.
    www.sorehands.com writes: "Today I visited Yahoo and was shocked to see a banner advertisement - I thought I'd managed to block every form of advertisement possible with Junkbusters. After thinking about it some, I realized Yahoo was probably running advertisement in a crass, commercialized attempt to make money off of my web-surfing habits! Could there be any other corporations out there engaged in similarly devious practices?" An interesting question here: Are some companies attempting to turn a profit, and, if so, what can we do to prevent it?

    ( Read More... | 3082 bytes in body | 345 comments )

    Autospy of a Furby
    Posted by michael on Friday August 18, @3:43PM
    from the deja-vu dept.

    Vladinator writes "Ever wonder what it's like to take apart a Furby? I don't, because I saw this on Slashdot two years ago, but I needed some karma so I submitted it anyway. Fawking trolls!" Those of who you started reading Slashdot this week may not have seen this page yet, so I'm re-running this classic for you three newbies.

    ( Read More... | 1 FIRST POST! )

    Interstate Highway Boycott Planned
    Posted by emmett on Friday August 18, @6:25PM
    from the fight-the-power dept.
    Bowie J. Poag writes: "You guys are idiots and VA sucks, but being the nice guy that I am [Update: 08/18 11:11 AM by CT: Further investigation reveals that he isn't ] I thought I'd let you know that know Wired is reporting that a boycott is being proposed against the interstate highway system for its treatment of Shawn Fanning. The interstate highway sucks almost as much as anime! PROPAGANDA RULES!!!!!" It's good to see that some people are taking the battle for free (as in Willy) highways into their own hands.

    ( Read More... | 218 comments )

    Holland Convenience Store Switches To Linux
    Posted by Hemos on Friday August 18, @9:33PM
    from the key-victory-for-open-source dept.
    Today while visiting my local 7-11 in Holland, MI, I noticed that their inventory computer was running Linux! Best of all, a representative from the store assured me, due to complaints from Bruce Perens, that the store may consider GPLing its inventory "sometime in the future." Looks like another business has finally "got it" and adopted the tenets of the free software movement.

    ( Read More... | 164 comments )

    Napster? Napster Napster
    Posted by CmdrTaco on Friday August 18, @11:25PM
    from the napster dept.
    Napster Napster Napster. Napster, Napster Napster Napster! Napster Napster (Napster) Napster Napster Napster, Napster Napster Napster. "Napster Napster Napster," Napster Napster. Napster Napster, Napster Napster Napster.

    ( Read More... | 304 comments | Napster!! )

  8. I tried to shop in real time with privacy by Hairy_Potter · · Score: 4

    I went into a store wearing a ski-mask (which is unusual in Rochester in August, ski-mask weather doesn't come until Ocotber, here).

    I didn't want people to see what kind of groceries I am buying, for then they could make the inference that I have a cat, a dog, a child and a wife, and try to direct mail market to me using that information, and violate my privacy.

    Wouldn't you know it, they called the cops, suspecting a robbery.

    Do any Slashdot readers know of a grocery chain where I can shop in the northeast US that will let me shop with a mask on, to protect my privacy?

    Thanks

  9. Re:User Agent by DrXym · · Score: 5
    Some websites use the user agent to deliver "enhanced" (i.e. browser proprietary) content. For example, if a site knows you use IE it might draw the shopping basket as a fixed element instead of a frame etc. It sounds like Tesco is doing this too, though at the very least it should drop down to HTML 3.2 if it can't figure out what you're using.

    The most annoying thing a website can do is refuse to work in such circumstances. The same goes for those shitty websites that refuse to work without a referrer URL.