Slashdot Mirror
Web Firms Choose Profit Over Privacy
An anonymous reader writes "Web Firms Choose Profit Over Privacy details the tactics of retailers and marketers to sell customer data. Examples include promising not to sell consumer data, but then 'renting' the data, and the use of shopping cart software with different privacy policies than the merchant."
The biggest problem with internet privacy issues in the past has been the lack of ability to track sources of information for advertisers - one had no idea whether advertiser XYZ got your address from Amazon.com or Bobscomputers.biz. Although there are several new pay and free e-mail systems now for identifying individual sources, such systems are hardly ubiquitous and none exist as-yet for truly identifying sources of telephone numbers, snail-mail addresses, and other sensitive personal information. For this reason, consumers often find it extremely difficult to police these firms and take their business elsewhere and the first alternative to self- and consumer-policing to come to mind is actual legal enforcement with actual investigative action against firms - something beyond the consumer-helping-consumer nature of the Better Business Bureau. It is here that the complaint about lack of privacy in online transactions, while very valid, is in part hypocritical coming from the Slashdot community, one which - with the interests of protecting the freedom of the internet and keeping any one nation from declaring some kind of jurisdiction over the Internet - is always mixed in its views of governmental 'net policing. Perhaps an easy compromise can be found in this case, or maybe an entirely new approach must be taken altogether...
Piracy over profit!
"People choose privacy over web firms"
I'm _so_ glad I have my own domain, and can create and destroy email addresses willy-nilly. I haven't seen a piece of spam in about a year, now, and that's with_out_ any spam filtering methods at all.
If it's not already illegal, this should be, especially if there is no notice of any particular size informing the user that the change is present. If a shopping cart is linked from the primary site, such that the users of the primary site must use the shopping cart, the terms of service should propagate with it too. This could set some interesting legal precedents if it's explored.
Do not look into laser with remaining eye.
What next?
Businesses choose profit over customer safety?
Businesses choose profit over employee safety?
What about the obvious?
Businesses choose profit over anything else!?!
I am glad the Washington Post is on top of this. I doubt I would have ever figured this out on my own.
ACK
No.
But they will rent it for a nice price.
I think of the Cheshire Cat.
...don't buy anything advertised to you by spammers.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
"Recently, for example, the Christopher Reeve Paralysis Foundation advertised that its list of donors, including postal addresses, was for rent"
He gets free fetuses AND the ability to sell people's personal info! Come on!!!!
Thank you, anonymous submitter, for linking to the printer-friendly version. While the Post might get peeved for the loss of ad revenue, reading the story like this is much easier on the eyes.
I don't know of too many companies that have the following business plan:
...
1. Make product
2.
3. Privacy!
All humor aside, I think it's time we just start over. We need an Internet2 (wait... already taken -- Internet3!) that only allows individuals and well-behaved companies onto it... Either that, or we could just move back to Gopher...
Slashdot's first reaction to VMware
To parents interested in buying the popular Hooked on Phonics learn-to-read programs, the company made a firm promise on its Web site: It would never sell or rent their personal information to other marketers. But that pledge was empty.
The children are Hooked on Phonics, and now the parents are Hooked on Phony Emails.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I'll pay $5 for the name of that anonymous submitter.
Why did he say psycho ex-boyfriends and not ex-girlfriends? Is Chris hinting at something here? Or am I drawing conclusions where they don't exist.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Let's face it, the Internet is just not private. The Internet was conceived in a semi-private environment, absolutely bereft of retail commercial incentive, when the primary concern was sharing information.
I work in information privacy in health care. We are faced with the competing interests of sharing information and protecting confidences. It is a zero sum game between the two, to get one you have to give on the other.
I shop quite a lot on the Internet, but I do it as a special user on my systems so that my e-mail address, browser caches and cookie stores are distinct from those I use when otherwise communicating with people for non-commercial endeavors. I always lie about my gender, income, region and interests to web forms seeking demographic information. I use a special
credit card for Internet purchases which always go to my work address.
Does this give me absolute privacy? No, but it keeps me from being low-hanging fruit. I realize not everyone has the opportunities I do, but there are some things anyone can do.
We aren't entirely powerless in this game. Like all other technological challenges, you just have to keep ahead and don't let your predilection for convenience and free stuff lead you into stupid disclosures.
The best way to do is to be.
When you sign up for a service or whatever takes your email, use the webaddress of the site as the mailbox (EX. for /. www.slashdot.org@dugnet.com).
Makes it real easy to find out who's selling your "information".
I know I have real media to thank for a large portion of my spam (collect from not-me@dugnet.com addresses to filter automatically into the spam filter).
Needless to say, makes spam filtering a little easier and makes sorting a breeze.
Ignore the "p2p is theft" trolls, they're just uninformed
the 257th Rule of Acquisition says "Sell to your customers first, then sell your customers!"
JOHN Q. SPAMMER: Hey, can I buy about 100,000 email addresses from your database?
ONLINE RETAILER: Sorry, we have a strict privacy policy that says we don't sell customer information.
JQS: C'mon, I'll give you a penny per ten. That's $100.
OLR: Our users are not for sale.
JQS: $250. I'm cutting my own throat here.
OLR: Well... our bandwidth bills were $360 last year....
JQS: $350, then. Final offer.
OLR: But, our privacy policy....
JQS: Yeah, yeah. Tell you what, I'll give you the list back in a month. And I won't keep any backup copies. Promise.
OLR: Whew, glad that clears my conscience.
You sign a contract saying that you will not use the data when the rental is over. If you do, you might get away with it, but you stand a good chance of being sued into oblivion.
If someone wants to rent it for 999 years, they just sign a 999-year contract, I imagine.
--
the strongest word is still the word "free"
"Now I'm going to show you this list of customers, but you have to promise that after a month you will forget about it, ok? Promise?"
Mother, do you think they'll like this sig?
Companies choose profit over privacy? Well no ****.
Companies choose profit over everything.
Note: this is said about companies as a whole. Similarly, even though you can have a ton of smart individuals in the world, people will always remain stupid as a whole.
I assert that my comment is only my opinion, not that of any employer, past, present or future.
Am I the only one who read this as
Web Firms Choose Profit Over Piracy
Now that would've been worthy news.
Must-not-watch TV!
If my email address is that damn valuable, it seems to me that I should be the one making money from it.
Why couldn't I create a licensing program for my personal info to sell licenses to marketers for, say, $10 million US per contact attempt.
It's my f***'n email address, after all, so I should be able to set the price. They should be at least as responsible with my information as other businesses are with their inventory.
"Lawyers are for sucks."
- Doug McKenzie
Isn't that the whole point of capitalism?
0 1 - just my two bits
This is why a California Financial Privacy Initiative is going to have to go before the voters. All the attempts to get a financial privacy measure thru the corrupt California legislature have failed due to opposition of big financial institutions and insurers, who are big contributors to the Democrats who run the place. We need something like this at a national level as well, but I'm not going to hold my breath till we get one through a Congress that lives with its hand out continually. A measure like this at the state level is better than nothing, at least.
...to learn that the Hooked on Phonics company was promising not to sell or rent customer's information while advertising it for sale in a trade magazine. Until I read the reason - "A company spokeswoman said the firm was simply slow to update its policy."
That's a big relief, because I was a little slow in updating my checkbook, and now that I think about it, I simply forgot that the account I wrote their check on was closed in 1996.
666-607: 6th floor apartment of the beast
Is there any way that I could make my personal information (legally) into intellectually property? That way I could sue people who miss-use or sell this information for profit.
-makoffee
Q: What do you call a company that doesn't make a profit?
A: Fucked.
The main reason that most companies exist is to profit from their customers. Without making money from their customers, companies cannot pay their staff, their suppliers, their rent or their other bills and soon fold.
No matter how well-intentioned or altruistic the principles of the company may be, any company that fails to generate revenue is doomed to failure - that's a fact that's pretty obvious to most of us but one that seems to have only just become clear to the management teams of a lot of dotcoms.
Besides selling me something (or, better still, getting me to sell it for them on their behalf), there's only one way that a company can profit from me and that's by selling what it knows about me, my lifestyle and my shopping habits.
I'm sure a lot of people would rather the online bookstore that they use went bust rather than even sharing one tiny shred of personal data but that's just not going to happen. After all, when it talk to its advertisers, a company will always give a generic breakdown of its customers, their typical spends and their buying patterns, and that's just as true of etailers as it is of retailers.
Clearly, a company that will sell every last personal detail is not the kind of company that you want to deal with. But one that just describes you as customer a, living in country b, buying c items a month and spending an average of d on them isn't doing your privacy too much harm when it aggregates that data with that of 100,000 others before passing it on to a third party.
That being said, I'll say what I've said countless times before: companies will always put profit before people.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Especially with small vendors, I bet it never even occurred to the people who run many of their sites that their shopping cart operator is collecting and selling information on their own. It's just a service they bought.
What I'm listening to now on Pandora...
...some people will do it. It's money, and it's more money than a lot of people realize.
For example, I run a site that's pretty damn big, something like 300,000 accounts so far. I've already gotten several "business inquries" from direct marketing companies asking if I'd like to "rent" my customer data to them -- and some of these people are offering upward of 5 cents per user. And I don't have to tell you that a nickel here and a nickel adds up.
I haven't sold my user lists and never will, but rest assured that if I wanted to there is a huge market of companies that would be willing to let me name my own price.
And that is why companies do it.
Hilary Rosen's speech was about her love of money and her desire to roll around naked in a pile of money.
While I don't condone what Hooked on Phonics does, I wonder if they do something similar if you call their 1-800 number and you give them your mailing/shipping address. One of the big rationales behind store credit card offers and discount cards is obtaining customer information.
Anyone notice an irksome trend amongst retailers? "Sure, we sold you down the river, but we're not evil, we're just dumber than squirrels. Tough break, but I'm sure none of the five hundred spamhausen we sold your kid's details to will be as unscrupulous or idiotic as us!"
Since when did "We screwed up, but, meh." become an acceptable excuse?
Oh, wait, since Enron and Worldcomm. I forgot. Sorry, my bad. :(
If you were blocking sigs, you wouldn't have to read this.
Or whatever you call it in this case..
They say everything is private. So you give them the info. Then later, they want to change their policy, so they just notify everyone they are going to give away the info unless they are told not to.
The thing is.. My deal with them is ALREADY DONE, and it was under the agreement that the info not be shared. I should not have to do maintenance to keep it that way.. THEY should have to get my express permission to share that information at a later date.. nut just send me a note and make me, again, state I don't want it released.. because we already agreed to that.
I guess it's not marketing.. but it's like how some cable companies would give everyone the new, upgraded package of shows, then expect anyone who didn't want to pay extra once the trial period was up to notify them, or else get billed. I know in BC the courts ruled it an illegal practice. People already agreed to a package.. you can't start changing it. Of course, the cable company caved anyway before the courts were done when a thousand or so people called in to cancel their cable immediately in protest. That gets their attention.
Changing a policy regarding that information should be clearly illegal.
Why not just use Spam Gourmet? It allows you to make disposable email addresses that forward to your main address. The addresses are unique based on a key word which helps you know where your spam came from.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Hooked on Phonics customers never read it anyway.
paintball
I keep just about everything on my PC encrypted; I was hacked once and the prospect of some anonymous joe having not only my name and address, but my complete work history (aka my resume) and being able to pin that to all the other crap on my computer (ie old porn) made me uncomfortable enough to take the initiative of encrypting all my user data so if I were hacked again about all they would find is a desktop with lots of programs installed and lots of MP3s. Being hacked worries me because that presents a real life security issue; doubleclick having my tastes in TV and clothing does not present a real life security issue.
Does bob's baby world knowing the age of my child present a real life security issue? No. And if I don't want bob's baby world knowing my name and address there's no one twisting my arm to give them that info - and there are already laws on the books preventing "Hooked on Phonics" from giving bob that info. And if I should decide to let bob have my name and address, I think it's safe to say "bob" could easily discern the age and sex of my child simply by looking at what I purchased from him.
If you value your privacy and you shop using credit cards, you have some issues you need to resolve. It doesn't matter whether you shop online or not - do you really think a Sears or a JC Whitney doesn't share it's list with others? A few years back this became clear even in our small town - when everyone in this town of 200+ who subscribed to JC Whitney catalogs suddenly found Adam & Eve catalogs in their mailbox. This was way back when "the internet" was pretty much the exclusive domain of universities - before Playboy had even gone online. Merchants trading mailing lists is nothing new; the only difference is now they can "see" where you windowshop as well as where you buy. If that makes you uncomfortable then buy another computer and use it exclusively for all your shopping; Get a numnbered Swiss account and a debit card drawn against it. Or better still: support the small merchants in your community instead of heading to Amazon.com for every damn thing.
I wrote this in a fit of pique some years back. I've never tried actually putting into practice, though.
If, using nothing more than a, "license," these companies can absolve themselves of social responsibility with the stroke of a pen -- or the tap of a key -- then surely you can drag them back to civilized behavior using the same methods.
Schwab
Editor, A1-AAA AmeriCaptions
Whoever thinks this is news either has never worked for a web firm, or has never gotten to know their friendly marketing department.
-j
If you're going to include a link in a slashdot story, link to the page with ads. It's not free to put content on the web, and the producers of content deserve compensation.
Linking to a page where the newspaper, who has expended capital to report the story, will get no ad revenue is wrong!
My other sig is extremely clever...
If you "rent" my list from me, it means that I don't give you my list, but instead send the mail on your behalf.
This means that you don't get to keep, or even see my data, but every one on my list still gets spammed.
FTC sues Toysmart.com
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
... Water is discovered to be wet
still no cure for cancer.
The mistakes of a clever man are equal to the mistakes of a thousand fools.
Seriously, though, I don't think we should have to resign ourselves to the obligatory "guess who's not surprised" comment every time we hear about this. The free market is based upon the theory that people make rational decisions based on a full knowledge of the exchange. When an online company deliberately conceals their ability to profit from my transaction without my knowledge, that's kind of like me giving you $10 for that old coffee table and then taking your daughter's virginity to boot. It's doubtful that the $10 I originally offered would have sufficed as payment for the coffee table and the additional service taken.
The point: I should be informed how my information will profit the company and be given full value for the exchange. If my information can be sold or rented for $10, then I should receive an in-kind discount on the product or service I am getting. Or alternatively, if I find the practice repugnant, I can take my business to someone who offers a comprehensive privacy policy that is worth paying the extra $10 for.
Under capitalism man exploits man. Under communism it's the other way around.
Duh. Here's how you rent a list: you set up a mail list server and your clients who "rent" your list know they can reach your customers by sending mail to that list.
You DO NOT "rent" data by giving it away. Even the RIAA (now) knows this... it's amazing so many allegedly techincally literate souls at /. apparently do not.
I use the usual system of one-per-company addresses, all aliased to my normal address, with the ability to divert them to the bit-bucket if they become a problem. I've had this address for about five years, and I buy a lot of stuff on the Web, but I have no, as in zero, spam. I've never yet had to devnull any of the addresses (there are currently 90), but I've yet to have offers to enlarge portions of my anatomy or bank balance. I've not used any of the addresses on Usenet, but other than that I've not taken any precautions. Am I alone in this?
Spam should obviously be illegal, and the spammer should be fined. Allow the guilty spammer to sue the person who provided him with the email list for contribution (i.e. make everyone down the chain jointly and severally liable) and this bullshit will stop real fucking quickly. Whenever someone gets an unsolicited advertisement, everyone down the chain is strictly liable.
Example: Company X sells its customer data to company Y, who compiles the data on CDROMs and sells it to spammer Z. Spammer Z is fined $10,000 per email he sends (in my perfect world). Spammer Z, after being sued and found liable for a large sum of money, should be able to sue the company Y for contribution, and Co. Y should be able to sue Co. X, so that each guilty party pays their pro rata share of the fine(s). It's just like strict products liability; improperly using customer data is like putting a defective product into the stream of commerce.
And like with defective products, liability shouldn't be allowed to be waived, as that's against public policy. No "you give us permission to use your data any way we want" disclaimers--they should all be void. Selling customer data (or "renting it") for any marketing purpose is per se improper usage. Kinda like how Ford can't make you sign something saying you won't sue them if your car's tires blow out. If it's really Firestone's fault, then once you sue Ford, Ford can sue Firestone.
Stupid people make stupid things profitable.
Just try to find out where a company got your address from... you can't do it. Ask which companies they sell or rent your address to, and they won't tell.
They really mean it. They respect the privacy of their customers, but not consumers.
frob
//TODO: Think of witty sig statement
not plane, nor bird, nor even frog...
I did this in Exim, with a rewrite rule on the incoming message. You can then filter or shitcan with procmail.
/etc/exim/exim.conf (Exim 3.35-1 (Debian)):
From my
# rewrite incoming addresses foo+bar@domain.net => foo@domain.net
^([^+]+)\+(.*)@domain.net$ $1@domain.net T
Be sure to replace the @domain.net part.
-molo
Using your sig line to advertise for friends is lame.
Recently, for example, the Christopher Reeve Paralysis Foundation advertised that its list of donors, including postal addresses, was for rent.
Charities are often the worst privacy whores. They also have no qualms about hiring mercenaries (i.e., telemarketing firms) to do their dirty work. I have recieve several calls, where some sappy loser tries to make me feel guilty for not supporting the goldfish at Wal-Mart or something, and they quickly blurt out that they are actually some sort of telemarketing company when I tell them to take me off their list and never call back.
I hate to say it, but charities often give charity a bad name.
Vote in November. You won't regret it.
I wouldn't have modded this a troll, but that's just me. I know far too many people with this attitude.
You have obviously never been a victim of identity theft. You've never had to spend endless hours with credit card companies you've never been a customer of. You've never had to deal with the slime that call themselves "credit reporting agencies" who have your fiscal future in the palm of their hands (unless you're already well-to-do). You've obviously never been hounded by creditors at all hours looking for their pound of flesh. You've never been informed that you have a warrant for your arrest in Texas when you've never been to Texas. You've obviously never attempted to change you SSN. You've obviously never been informed that you drowned in a river while attempting to evade capture and had to prove that you were neither dead nor evasive.
I know people and read about new occurances on a daily basis. It's not fun, it's not funny and you don't get to shrug it off. You either have to deal with it, or face harsh consequences.
There's a reason that the FBI and local law enforcement are dealing with more of this type of crime than ever before. It's easy to do because people don't take the simple precautions to make it difficult. I can tell you that only through bitching at insurance companies and having other people do the same can you get your SSN+1 policy id changed to something else. That only through bitching at the legislature can you make it easy to have you SSN taken of you Driver's License, rather than an ordeal.
Anyone profitting off of personal identifiable information without recourse of some sort for the people whose privacy is being violated should be sued, beaten, incarcerated and/or put of off business.
Problem is most sheeple don't really know what is being done with their information. They don't know that it's being used to get people across borders illegally. They don't know how many billions of dollars are lost each year to businesses and private people. They don't know that they're being abused, because, at least with spam, they don't know that it isn't the norm. They don't know that the reason they're getting the Credit Card solicitations is because they've been rated a good risk by the Credit Reporting Agencies and sold out. They don't know how to get out from under the thumb of business because they think they're supposed to be there.
I applaud any outlet that informs people of their options and that something they have become innured to is actually deviant and underhanded.
Companies choose profit because without it, they fail. Iff companies see their profits fall in such a way that they know it is due to their policies, or lack thereof, will they amend their ways. However that is rarely the case. I know lots of people who go around saying that they will never shop at this place or that because of foo, but I rarely hear that they gave a manager whatfor or wrote a letter to corporate. And there are enough B-to-B aggregators out there who could care less if the people they sell your info to are profitable, as long as they, the aggregators, are profittable.