Slashdot Mirror
Web Firms Choose Profit Over Privacy
An anonymous reader writes "Web Firms Choose Profit Over Privacy details the tactics of retailers and marketers to sell customer data. Examples include promising not to sell consumer data, but then 'renting' the data, and the use of shopping cart software with different privacy policies than the merchant."
No.
But they will rent it for a nice price.
I think of the Cheshire Cat.
Let's face it, the Internet is just not private. The Internet was conceived in a semi-private environment, absolutely bereft of retail commercial incentive, when the primary concern was sharing information.
I work in information privacy in health care. We are faced with the competing interests of sharing information and protecting confidences. It is a zero sum game between the two, to get one you have to give on the other.
I shop quite a lot on the Internet, but I do it as a special user on my systems so that my e-mail address, browser caches and cookie stores are distinct from those I use when otherwise communicating with people for non-commercial endeavors. I always lie about my gender, income, region and interests to web forms seeking demographic information. I use a special
credit card for Internet purchases which always go to my work address.
Does this give me absolute privacy? No, but it keeps me from being low-hanging fruit. I realize not everyone has the opportunities I do, but there are some things anyone can do.
We aren't entirely powerless in this game. Like all other technological challenges, you just have to keep ahead and don't let your predilection for convenience and free stuff lead you into stupid disclosures.
The best way to do is to be.
When you sign up for a service or whatever takes your email, use the webaddress of the site as the mailbox (EX. for /. www.slashdot.org@dugnet.com).
Makes it real easy to find out who's selling your "information".
I know I have real media to thank for a large portion of my spam (collect from not-me@dugnet.com addresses to filter automatically into the spam filter).
Needless to say, makes spam filtering a little easier and makes sorting a breeze.
Ignore the "p2p is theft" trolls, they're just uninformed
No, the biggest problem is that 1) there are no laws against selling your personal information, 2) if businesses violate their own policies there is usually little or no recourse, 3) standard business philosophy is that if it isn't specifically illegal then it's fair game, and 4) many businesses will still do illegal things if they think they can get away with it (before getting busted or going out of business).
If my email address is that damn valuable, it seems to me that I should be the one making money from it.
Why couldn't I create a licensing program for my personal info to sell licenses to marketers for, say, $10 million US per contact attempt.
It's my f***'n email address, after all, so I should be able to set the price. They should be at least as responsible with my information as other businesses are with their inventory.
"Lawyers are for sucks."
- Doug McKenzie
This is why a California Financial Privacy Initiative is going to have to go before the voters. All the attempts to get a financial privacy measure thru the corrupt California legislature have failed due to opposition of big financial institutions and insurers, who are big contributors to the Democrats who run the place. We need something like this at a national level as well, but I'm not going to hold my breath till we get one through a Congress that lives with its hand out continually. A measure like this at the state level is better than nothing, at least.
Is there any way that I could make my personal information (legally) into intellectually property? That way I could sue people who miss-use or sell this information for profit.
-makoffee
Q: What do you call a company that doesn't make a profit?
A: Fucked.
The main reason that most companies exist is to profit from their customers. Without making money from their customers, companies cannot pay their staff, their suppliers, their rent or their other bills and soon fold.
No matter how well-intentioned or altruistic the principles of the company may be, any company that fails to generate revenue is doomed to failure - that's a fact that's pretty obvious to most of us but one that seems to have only just become clear to the management teams of a lot of dotcoms.
Besides selling me something (or, better still, getting me to sell it for them on their behalf), there's only one way that a company can profit from me and that's by selling what it knows about me, my lifestyle and my shopping habits.
I'm sure a lot of people would rather the online bookstore that they use went bust rather than even sharing one tiny shred of personal data but that's just not going to happen. After all, when it talk to its advertisers, a company will always give a generic breakdown of its customers, their typical spends and their buying patterns, and that's just as true of etailers as it is of retailers.
Clearly, a company that will sell every last personal detail is not the kind of company that you want to deal with. But one that just describes you as customer a, living in country b, buying c items a month and spending an average of d on them isn't doing your privacy too much harm when it aggregates that data with that of 100,000 others before passing it on to a third party.
That being said, I'll say what I've said countless times before: companies will always put profit before people.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
...some people will do it. It's money, and it's more money than a lot of people realize.
For example, I run a site that's pretty damn big, something like 300,000 accounts so far. I've already gotten several "business inquries" from direct marketing companies asking if I'd like to "rent" my customer data to them -- and some of these people are offering upward of 5 cents per user. And I don't have to tell you that a nickel here and a nickel adds up.
I haven't sold my user lists and never will, but rest assured that if I wanted to there is a huge market of companies that would be willing to let me name my own price.
And that is why companies do it.
Hilary Rosen's speech was about her love of money and her desire to roll around naked in a pile of money.
While I don't condone what Hooked on Phonics does, I wonder if they do something similar if you call their 1-800 number and you give them your mailing/shipping address. One of the big rationales behind store credit card offers and discount cards is obtaining customer information.
Anyone notice an irksome trend amongst retailers? "Sure, we sold you down the river, but we're not evil, we're just dumber than squirrels. Tough break, but I'm sure none of the five hundred spamhausen we sold your kid's details to will be as unscrupulous or idiotic as us!"
Since when did "We screwed up, but, meh." become an acceptable excuse?
Oh, wait, since Enron and Worldcomm. I forgot. Sorry, my bad. :(
If you were blocking sigs, you wouldn't have to read this.
Or whatever you call it in this case..
They say everything is private. So you give them the info. Then later, they want to change their policy, so they just notify everyone they are going to give away the info unless they are told not to.
The thing is.. My deal with them is ALREADY DONE, and it was under the agreement that the info not be shared. I should not have to do maintenance to keep it that way.. THEY should have to get my express permission to share that information at a later date.. nut just send me a note and make me, again, state I don't want it released.. because we already agreed to that.
I guess it's not marketing.. but it's like how some cable companies would give everyone the new, upgraded package of shows, then expect anyone who didn't want to pay extra once the trial period was up to notify them, or else get billed. I know in BC the courts ruled it an illegal practice. People already agreed to a package.. you can't start changing it. Of course, the cable company caved anyway before the courts were done when a thousand or so people called in to cancel their cable immediately in protest. That gets their attention.
Changing a policy regarding that information should be clearly illegal.
Well .. that works for awhile, but not long.
Part of the business is not just "selling" lists, but cleaning them. Generally this is done by taking company XYZ's list and matching it against something like the Experian Data. So what is the wrong phone number would probably get purged out and replaced with the working one.
Even mispelling your name in hopes to throw things off is not effective. Changed zip codes, weird street names, etc, generally all get caught in a weighed score. Using Soundex and NYSIIS (just to name a few), your entry will be matched up and corrected.
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
If you're going to include a link in a slashdot story, link to the page with ads. It's not free to put content on the web, and the producers of content deserve compensation.
Linking to a page where the newspaper, who has expended capital to report the story, will get no ad revenue is wrong!
My other sig is extremely clever...
One year when I took the SAT I accidentally bubbled in my name incorrectly by filling in a "D" instead of a "C". I didn't realize this until I got my results back.
The interesting part is the College Board (the guys who run the SATs) sell student's addresses to colleges so the colleges can send the students brochures, pamphlets, etc. It was fun to "track" where my address had been sold to due to the misspelling of my name "Dhris" on a lot of the material I received.
Well, at least, the more difficult cleaning the data is the more expensive address marketing gets...
Something that should work quite well is using different first names. Once it happened by accident, and then I could see who gave the address to whom. Both the snail mail service and the marketeers probably assume that it's another member of the same family.
I use the usual system of one-per-company addresses, all aliased to my normal address, with the ability to divert them to the bit-bucket if they become a problem. I've had this address for about five years, and I buy a lot of stuff on the Web, but I have no, as in zero, spam. I've never yet had to devnull any of the addresses (there are currently 90), but I've yet to have offers to enlarge portions of my anatomy or bank balance. I've not used any of the addresses on Usenet, but other than that I've not taken any precautions. Am I alone in this?
Spam should obviously be illegal, and the spammer should be fined. Allow the guilty spammer to sue the person who provided him with the email list for contribution (i.e. make everyone down the chain jointly and severally liable) and this bullshit will stop real fucking quickly. Whenever someone gets an unsolicited advertisement, everyone down the chain is strictly liable.
Example: Company X sells its customer data to company Y, who compiles the data on CDROMs and sells it to spammer Z. Spammer Z is fined $10,000 per email he sends (in my perfect world). Spammer Z, after being sued and found liable for a large sum of money, should be able to sue the company Y for contribution, and Co. Y should be able to sue Co. X, so that each guilty party pays their pro rata share of the fine(s). It's just like strict products liability; improperly using customer data is like putting a defective product into the stream of commerce.
And like with defective products, liability shouldn't be allowed to be waived, as that's against public policy. No "you give us permission to use your data any way we want" disclaimers--they should all be void. Selling customer data (or "renting it") for any marketing purpose is per se improper usage. Kinda like how Ford can't make you sign something saying you won't sue them if your car's tires blow out. If it's really Firestone's fault, then once you sue Ford, Ford can sue Firestone.
Stupid people make stupid things profitable.
Just try to find out where a company got your address from... you can't do it. Ask which companies they sell or rent your address to, and they won't tell.
They really mean it. They respect the privacy of their customers, but not consumers.
frob
//TODO: Think of witty sig statement
We should be asking ourselves "why do spammers continue to spam?"
the answer could be anything from, "because they can," to "because they're the scum of the earth," but most likely the answer is simpler..
BECAUSE IT WORKS....
If spam didn't work, they wouldn't do it.
We need to encourage people, n00bs and eggspurts alike, to NOT RESPOND or purchase anything from spammers.
ISPs should inform new users that this is a good idea... quite simply:
NEVER BUY ANYTHING, NOR RESPOND TO ANY SALESMEN VIA EMAIL UNLESS YOU HAVE SOLICITED THE COMMUNICATION.
simple. it'll slowly sink in, and spammers will fade away because no immoral company will want to pay them for something that has a 0% success rate.
as long as that success rate is at least 0.1%, then people will continue to send out spam in the millions.
Recently, for example, the Christopher Reeve Paralysis Foundation advertised that its list of donors, including postal addresses, was for rent.
Charities are often the worst privacy whores. They also have no qualms about hiring mercenaries (i.e., telemarketing firms) to do their dirty work. I have recieve several calls, where some sappy loser tries to make me feel guilty for not supporting the goldfish at Wal-Mart or something, and they quickly blurt out that they are actually some sort of telemarketing company when I tell them to take me off their list and never call back.
I hate to say it, but charities often give charity a bad name.
Vote in November. You won't regret it.