TRUSTe Caught in Privacy SNAFU

ptbrown writes:\w"An investigation by Interhack revealed cookies, Web bugs, and other methods that were tracking visitors to TRUSTe's Web site in violation of their own privacy standards. TRUSTe's David Steer said the tracking was done by thecounter.com, part of Internet.com. After being contacted by a reporter on Thursday, the tracking code was removed. "If we find that Internet.com is fraudulently breaking this agreement, then we're going to come down hard on them...&quot says Steer. Original AP story" Somehow I'm not surprised. Although honestly TrustE's sin here - tracking users with temporary cookies rather than long-lived ones - does not seem especially bad. But TrustE's whole point is that sites should tell users what they're doing, and even TrustE can't do it correctly.

Lower than 0

[gorilla]

I was going to say this will make confidence in eTrust even lower, but then I realised that's not possible. There isn't anything lower than 0.

If you want a real organization looking after our privacy, then EPIC is the one to look at.

Re:Lower than 0

[Zan+Thrax]

Well, not to be a math nazi, but you can go lower than zero, you just can't go smaller than zero.

The best solution to ecommerce tracking

[Masem]

I don't argue that ecommerce sites want to collect data, though what kind of data that they collect is questionable. But I do see advantages of directed advertizing, so tracking users to some extent is not that unethical. However, it's too easy to fall into hole of collecting every last bit of data then selling it.

So, the easy solution to ensure user privacy is this: Require all sites use opt-in methods as opposed to opt-out methods. Failure to do so will encure stiff fines. Make sure the user knows exactly what actions (which need to be explicit actions such as filling in a form as opposed to just clicking on a link) will opt them into the system.

Not only would this help with privacy on online sites, it would make spamming illegal unless the person requested it. Maintaining a user state across the site even if they don't opt in can still be done using session IDs as opposed to cookies but most are too lazy to use that.

Of course, it would be nice that if at this time, all databases that were collected by ecommerce were forced to be erased prior to the start of this requirement such that everyone had their clean slate, but that ain't going to happen.

(But with our DMCA-passing friends in Congress, this will never happen).

BIG surprise there!

[swordgeek]

Well, well. TRUSTe is at it again. How many times do they have to behave immorally, unethically, or just simply irresponsibly before companies stop touting "TRUSTe certified!!!" Apparently too damned many times.

This is the same company that said, "oh, sure they're violating their own policies, but um...we can't do anything about that. We only check to see if companies are violating their own policies and, um....can we get back to you on that?"

They're sleazy, irresponsible, and incompetent.

I hope everyone else is doing the same as me--Every time I see a company asking for registration or some sort of personal information, and I see that TRUSTe cockroach on the web page, I send them a polite email saying that I don't do any business (shopping or anything else) with a company that uses TRUSTe.