What to Do When Company Breaks Privacy Agreement?

Mustang Matt asks: "Earlier this month, I caught ALXNet redhanded in breaking their own agreement in their privacy disclaimer. I've started generating unique email addresses for use in signups that are formed like [domain]@mydomain.com. [ C :"mydomain.com" is just used as an example, here] I just received spam to alxnet@mydomain.com, and here's the kicker: what I received was not even from ALXNet! It was filled with forged headers regarding an online trading newsletter, and this address has never been used anywhere else other than their signup. How can I hold them accountable? All I've done so far is asked Yahoo to close the account they are using." What, if anything, can be done about companies that pay lip service to their privacy agreements? For those SPAM busters out there, an example of the SPAM's headers is included, below. SPAM with full headers:

Return-Path: directaccessus@yahoo.com

Received: from yourwebsite.com (66-108-136-65.nyc.rr.com [66.108.136.65])
by linux.thoughtprocess.net (8.11.0/8.11.2/SuSE Linux 8.11.1-0.5) with SMTP id fB7M8Dv07978
for alxnet@mydomain.com; Fri, 7 Dec 2001 16:08:13 -0600
Message-Id: 200112072208.fB7M8Dv07978@linux.thoughtprocess.net
X-Authentication-Warning: linux.thoughtprocess.net: Host 66-108-136-65.nyc.rr.com [66.108.136.65] claimed to be yourwebsite.com
Reply-To: directaccessus@yahoo.com
From: directaccessus@yahoo.com
To: alxnet@mydomain.com
Subject: Trading Newsletter
Sender: directaccessus@yahoo.com
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Fri, 7 Dec 2001 17:12:38 -0500
X-UIDL: 6cadc61cbcf01cac2a66f167c5416863

Use the power of the free market

[an_mo]

I am afraid most of those privacy statement in the U.S. are unilateral, and can be revoked by anytime by the company that offers them to the customers. Read the fine print: I bet you'll find they stated that they could change their privacy policy anytime; you can argue they did it without notice but if they posted it on some page on their web site they can argue they gave it enough publicity (sure you don't want an email from them anytime they change two words of legalese contracts :-) )

Then your only weapon is to let them know you're pissed and to change company. A little sad, but hopefully if enough people care about this then you'll find a company willing to maintain its reputation.

The situation in some other countries is a little different; in some european countries you have to sign in advance a statement that says you are aware of the privacy policies. Most of the times you have to sign a statement saying you are aware you have no privacy. In the end the outcome is no better and sometimes worse than the american market solution to privacy.

post about it on slashdot

[Phork]

i suggest you make a post to slashdot about how the violated there privacy statement, it should generate lots of negative PR for them, and cost them some cash for the extra bandwidth for their server from the slashdotting. If you cant get the story on the main page, try submitting something about it to askSlashdot, it wont be seen by as many people, but will still be seen by a large amount.

what no lameness filter on the story!!

[DrSkwid]

i'm having to scroll left and right to read the comments, sheesh, don't the editors have a preview (not that it helps me !)

I always sign up as

[Beowulf_Boy]

Root@wherever_im_signing_up_at.com and hope that they run a unix.

Alxnet answers - we know where he got the spam

[Alxnet]

Hi again readers! It's now been confirmed - We have now found that Matt, depsite what he told the readers, did not only use that e-mail address to sign up to the services. Our services provided are guestbooks for homepages, Matt put on on his. In a message on that guestbook: http://pub.alxnet.com/guestbook?id=2249224 He has posted a message with this address in, and that's where a spam harvest bot found it. So, Alxnet has not given out the address, he did himself. Matt's false allegations has as well put us in a bad spot. Some kind of one-man warrior who in thinking he would do justice has after reading this compromised one of our testings server (let's face it, the machine has been running since '98 w/o harm and it was hacked today, we draw our conclusions).. Fortunatly, this is not a mission critical machine, but on the other hand - it's made things hard for thousands of people to send Christmas Wishes. If you who read this feel hit by this as being the one who did this, call us or e-mail us telling us you're sorry we will accept this in the spirit of christmas. LESSON LEARNT: Do not judge people without learning the whole truth. Ask both sides for their view on the story or it will make you blind... With best regards and Merry Christmas! Alx Grepe CEO & Founder Alxnet.com E-mail: alexander.grepe@abc.se Phone: +46-708627783

My apologies to ALXNET

[Mustang+Matt]

I've been conversing back and forth through email with Alx and his team discovered the root of the problem. The address was indeed posted into a guestbook. Not by myself, but that doesn't matter, I know how it got there.

All I can say is that I gave them two weeks to respond, sent them paypal bills per articles discussed here on slashdot, but in the end, this is my fault and I apologize for that.

Now they've contacted paypal, so I imagine my account will get frozen which is unfortunate due to the amount of money I have sitting there.

If they had only responded to any of my emails earlier this all could have been prevented.
It's unfortunate that only after getting publicity for what appeared to be a major flaw on their end were they willing to respond.

Again my apologies. Have a Merry Christmas.
Matt