Slashdot Mirror

← Back to Stories (view on slashdot.org)

Websites Still Failing Basic Privacy Practices

Posted by kdawson on from the after-all-these-years dept.

DigitAl56K writes "Large companies still can't seem to get the basics of privacy and security on the Web pulled together. Today I went to enter a competition from Duracell to win a Nintendo Wii by filling out an online form. It requires entering your full name, address, and date of birth, and then proceeds to submit it via an unencrypted HTTP POST. The ultimate irony is the message at the bottom of the page that reads: 'Trust is a cornerstone of our corporate mission, and the success of our business depends on it. P&G is committed to maintaining your trust by protecting personal information we collect.' Which websites have you found to be lacking in their basic privacy practices?"

3 of 205 comments (clear)

  1. It's a good thing by XanC · · Score: 5, Insightful

    That Firefox saves the nasty warnings for Web sites that are encrypted!

  2. but realistically by Anonymous Coward · · Score: 5, Insightful

    HTTP is sent unencrypted, but it's not that easy for a random person who wants to steal your address to be on the correct subnet at exactly the right time to sniff it. Also, address and date of birth aren't usually considered confidential, even if you might not want to publish them.

    This isn't a lot different than many of those post-card questionnaires many people fill out and mail in.

    I think in this case, it's more important what they do with the information once they receive it.

    That said, I think there should be default encryption wherever possible automatically.

  3. Re:Nobody considers that import by tokenturtle · · Score: 5, Insightful

    Exactly. The junk mail that's in my mailbox every day has more detailed information on the outside of the envelope. This is really a non-issue.