Slashdot Mirror
World Privacy Forum's Top Ten Opt-Outs
Ant writes in to mention the World Privacy Forum's top ten information collector/user list, which shows opt-out instructions (or at least a starting point): "As privacy experts, we are frequently asked about 'opting out,' and which opt outs we think are the most important. This list is a distillation of ideas for opting out that the World Privacy Forum has developed over the years from responding to those questions. ... Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTC's Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative (NAI) opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out. In this list, some opt outs can be done by phone, some have to be sent in a letter via postal mail, and some can be accomplished online. Some opt outs last forever, some have time limits, and others can be changed at will. If an opt out is on this list, it is because we thought it might be important enough to be worth whatever annoyance it may pose. "
How about making everything in the world an opt-in by default?
For example, I don't recall announcing that I want telemarketers to call me, so why should I have to opt-out?
Advice: on VPS providers
Face it, the types of emails that you want to opt out from are exactly the ones that do not honor opt-out lists.
Remember when you first tried to ride a bike and your dad pushed you so hard that you fell over and skinned your knees and bloodied your nose? This is like taking that swing at him that you always wanted to. Unfortunately at that age, no matter what you do, he wasn't ever affected by your little attacks and rants.
How do I opt-out of opt-out lists?
The disrespect that advertisers pay to their targets works well for them as it is believed that it boosts their viewership and of course the viewers who are most likely to buy and spend are unaware of or don't care that they are being disrespected.
I have little doubt that if people could get sales by knocking on your door and punching you in the face to make a sale, they would do exactly that. They don't care about the harm they cause.
For something from the World Privacy Forum it didn't really give much info for people that don't live in the US.
There's only one true opt-out... and it's at the receiver's end.
This is really possible only if I created a unique, unguessable email address each time I gave my email out.
This is not as impossible as you think. For instance, Gmail supports the "+arbitrary_tag" convention. So email sent to:
example+listserv1@gmail.com
example+bank1@gmail.com
example+dad@gmail.com
-- all shows up in the Gmail inbox of 'example@gmail.com'.
If you started getting spam at one of the 'example+...@gmail.com', you can guess who gave your address out.
See: http://alblue.blogspot.com/2007/05/multiple-addresses-with-gmail.html
Note, Gmail's convention leaves out the 'unguessable' bit of this idea out - so spammers can easily build rules to harvest real addresses from gmail addresses containing a '+' sign.
I used to get catalogs from a marketing company despite opting out via dmachoice.org, as they were a member of the Direct Marketing Association.
I would get at least 2 catalogs a week from these people despite letters and phone calls asking them to stop. Well, After that didn't work, I collected all the catalogs over a 3 month period, stuffed them in a large envelope and sent them back to the company postage due. I never received another catalog from them.
An easy solution for me is to change my phone number often. Problem solved.
Most of that seems pretty specific to US to me.
...are websites when you register have the "subscribe me to your stupid newsletter" option checked by default. Get something wrong on the reg form? We'll re-populate all the info, but we'll re-check the subscribe option, despite you unchecking it. Assholes.
Most schools interpret/implement FERPA-related opt-outs in such a way that if a student's information is restricted, teachers are not allowed to post that student's photo on the web, or in the yearbook, or in the school newspaper, etc.
In the school district I work for, we are not allowed to take a child's picture if they have opted out. That means that, at every event I go take photos at, I have to find 'homeroom' teachers for each student and verify whether any students have opted out, then take photos around them. Before I post pictures, I have to verify again. Before I give those photos to the teachers and students for their own use and enjoyment, I have to remove photos of those students.
Privacy is good, privacy is important. I think FERPA-type rules are very important because I've seen various employers do some horrible things with employee and customer data without realizing the problem. Implementations at the school level definitely need to be improved -- I'm tired of seeing how bad kids feel about being the only person in their class not in pictures.
The solution is easy: allow parents to opt-out of sharing textual directory information with anyone outside the district, but still allow student participation in district activities, teacher web postings on official sites, and district photography.
If your school or your child's school only provides all or nothing opt-out, you need to spend 30 minutes one night and go voice your opinion to the school board at a school board meeting. The board should appreciate your input and it's the only way to really be heard -- contacting anyone else and your question will just get buried by someone who doesn't want to do the extra work to make it happen. (read: my boss)
Using opt-in saves you the cost of marketing to people who don't want your stuff, saves you the cost of storing data about them, and saves you from the negative word-of-mouth opt-out causes.
I've run opt-in marketing campaigns, and have converted multiple employers from opt-out to opt-in. Before the switch, every mailout would result in an inbox full of complaints and threats. After the switch to opt-in, people would actually mail us asking where the ads were, if we were late.
I'll take opt-in over opt-out any day.
Village idiot in some extremely smart villages.
Always think that privacy law is stupid. Not because privacy is not important, but those law mostly built on top of the old legals assumptions, trying to contain the new technologies to protect the benefits people have during the old times. That's silly! Digitalization does not put a hole into the law, it only magnifies the law's discrepancies and insufficiencies. It is non-sense to build fences and bridges over these holes, making exception over exception, instead of actually fixing them.
1. Get your name added to an opt-out list, such as the Do not Call list.
2. Unscrupulous individual obtains opt-out list with your contact info and sells it to Nigerian spammers or other foreign group.
3. You wind up getting more BS than your friend who didn't sign up for that opt-out list.
Precisely this happened with Canada's do not call registry. I didn't have my name added to it, thankfully. However, in today's information market, opt-out lists would have to be highly secure to have even a remote chance of working as intended. However, unscrupulous spammers have to be able to access the opt-out list to tell if you've opted out! That's a pretty huge gaping security hole built in.
Bottom line, the more opt-out lists you sign up for, the more spam you're opting in for.
Spam is a 1990's problem. There is no reason for 98% of people to get spams any more.
Simply use indirection. Make one addy to give to trusted friends. When ordering things online, make a scratch address and forward it to your real one. Delete this scratch address later. There are services to manage that for you, if you wish.
I have been spam free for 15 years. Spam is only a problem because people *let* it be a problem. It's entirely a problem we (collectively) inflict on ourselves. But there is no reason for it and it doesn't have to exist at all. I don't understand why there is so much energy around this topic. Just act in a manner consistent with not getting spam. If almost everyone did this, spam would disappear. If spammers do not have your address, and you have not chosen a simple to guess address (e.g, a short name @ a common domain) then you will not get spams.
Take back your privacy, and spam will fade into a distant memory.
Opt out of everything! Encrypt everything! Privacy is supreme! Oh wait...except you make yourself a bit of a target by being part of that tiny percent that actually gives a shit about that kind of stuff. I agree that privacy is important. I agree that some things should not be so easily made public information. I agree that advertising is irritating as hell. However, making yourself relatively unique by fighting so hard to stay "under the radar" actually makes you stand out as one of the few that actually are totally concerned about it. The unfortunate reality is MANY people believe "If you have nothing to hide then you have nothing to fear" and the "they" rely on that behavior to find the "suspect" people.
.5g per serving? Who the fuck eats 1 cookie as a serving? Eat 2 cookies and you get ~1g of trans fat...5g of which per week increases your heart attack risk by ~25%). I am more than happy to provide that information to the marketeers because I want them to know I don't want that bullshit in my cupboards! How else do you plan to send a strong message with your dollar? Make sure they pay attention to your dollar!
Let us break this down in a way that I suspect all "geeks" and whatnot can understand. Do you spend much time investigating the events/items that meet your expectations of "normal"? Or are you more interested in the "odd" result? How much time do you really dedicate to fixing a Windows glitch vs how many time you just write it off to "Yeah, typical Windows behavior". Compare that to how many times you investigate into a *nix type glitch where the norm is to behave in exactly the same fashion every time unless some odd and relatively easily discoverable condition occurs...
The very act of struggling so hard to make yourself completely anonymous and "off the radar" makes you a high visibility target. I often see people go on about how they refuse to use discount cards and so on... WHY?! Seriously...is your hot dog and milk buying patterns so fucking important to your privacy? If you are really buying something "suspect" or "interesting" then don't use the card. Fuck, I actively check costs and ingredients in shit because I am concerned about what I am paying and what I am eating. What better way to "vote with your dollar" then to send a nice "I am not buying this fucking garbage" message every time you check out? I don't buy shit with aspertame, I don't buy shit with partially hydroginated bullshit (did you know they can legally claim 0 trans fat by making it less than
Put yourself in "their" shoes. Who stands out more...the guy trying to mind his own business in the large crowd of other people who are generally just trying to mind their own business or the guy who is sneaking with sticks strapped on all over trying to look like a shrub. "They" employ a great number of very intelligent people more interested in solving puzzles than being "bad guys" to weed out those strange responses. It is an interesting challenge in human behavior.
Seriously...hiding every aspect of your life makes you more suspect. I think the notion of making every aspect of your life public voluntarily through myspace/facebook/twitter/whatever is absolutely moronic in the extreme, but trying to hide every aspect is the same thing. Unless you are looking for pedophilia, necrophilia, beastiality, or some other pretty universally questionable porn...you probably stand out more as "I don't ever look at porn" rather than "I like *XYZ* kind of porn".
The biggest violators of "privacy" are in it to make money, not to be evil dictators. They are going to dig into your information whether you like it or not. Provide them information that sends a clear message of what you want and they will most certainly meet your demands to continue making money! Every time some telemarketer calls me with some survey I am HAPPY to spend 5-10 minutes of my day answering their questions. You cannot even begin to imagine my amusement when they start asking about how much TV I
The only change I can believe in is what I find in my couch cushions.
The rest of the world doesn't want to have your privacy issues, U.S. - can you keep it national please? After all, the list is National List this, and National Register that...
KTHXBAI
It really should be the way the internet works, but too many people during the boom days thought that setting up your own server was too hard. And too many ISPs were willing to make money catering to that attitude.
The ISPs don't want to help people get their own domains now because they think they'll lose a revenue stream.
That's the reason RFC 5233 addressing can be useful, if you do it right.
But running your own domain does work best, and would work even better if everyone did.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Part of me wants to agree with you.
But another part of me tells me making opt-in the defualt by laws with teeth in them is not going to be a good thing.
Think about your sidewalk. It's there for a purpose.
Block off your sidewalk with a 3 meter wall and a moat full of crocodiles and you get no solicitors. But the firemen and the EMTs also have a problem getting in when you're home alone, passed out, with the house burning down around you.
The problem is that no-call lists are not No-solicitors signs. They're more like attractive nuisances. Train wrecks in progress.
No-solicitors signs can't be enforced on people who are not from your country until the Internet starts having laws, and we don't want the Internet to have laws.
Which means the ultimate solution is a stratified (balkanized) Internet, and we don't want that, either.
At least, we don't want stratification until the ISPs get their hands out of the cookie jar so that every home, family, and/or user gets a full domain name and the ISPs either provide mail service to that domain or provide the hooks for the domain owner (not renter) to run his or her own server.
And before that, we need better standard OSses. (That means we have to get Microsoft, Apple, and Oracle out of the way. IBM, too, since getting the others out of the way would leave them with no real competitors. Sun being bought by Oracle worries me.)
And we need better standards for e-mail, file sharing, web-site publishing, etc., standards that transparently support simple forms of encryption. Not perfect encryption, but good enough to eliminate casual eavesdropping just by putting an pwn3d bot's interface in promiscuous mode.
That's a lot of work, and we're hiding from it.
Until then, RFC 5233 addresses can help a lot, if used wisely.
How to use the RFC 5233 addresses wisely?
First, assume that your base address will soon be harvested. Thus, your base address of user@isp.example is essentially an alias for user+spam@isp.example . Pre-filter it that way.
Second, set up a suffix for bulk purposes, such as user+bulk_nnnnn@isp.example . "bulk" is okay, but you might prefer something a little more original to yourself, like "klub", or "hanbai". The serial number could also come before or in the middle, like bunnnnnlk, and you might want to use pseudo-random serial numbers instead of just cycling through from bu00000lk to bu99999lk.
Hmm. bu23645lk would be harder to filter than bulk23645 with the simple non-RE filters that are most common.
Third, set up suffixes for mail lists. user+list_nnnnn@isp.example or user+listname@isp@example .
By setting up suffixes, I mean that you outline a system of filter rules.
Fourth through n-1-th, plan out the patterns you'll use for friends, family, church, school, club (hmm. klub. woops.), etc.
All these can be white-list controlled, because you have an idea who and where mail addressed that way should be coming from. Two or three sets of filters for each system, one that white-lists known senders, one that diverts unknown senders to a "probably-junk" folder, and maybe one that (temporarily or permanently) black-holes known offender senders who have latched onto that group of suffixes.
Finally, you have a set of doorbell or knock addresses that you give out at business meetings and other parties: ackr_nnnnn@isp.example . (At this point, I assume that the use of the knock address is obvious?)
Now, I'm going to polish that up a bit and publish it on my blog.
Of course, with a little time, you can actually set up a domain of your own for cheap with a little help from a place like google.com and a place like dyndns.org. (Google will run your mail server for you if you have a web server and a domain name pointed to it. Of course, there's that thing about letting Google spool your mail, but it is possible.)
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Tags that are part of the address they're sending to you at are one more tool in your toolbox of filters.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Why not write to your local member of parliament? Or better still, let the marketeers write to your local member of parliament.
It's not just google's idea, it's a full-fledged RFC since a year and several months back.
Until ISPs at least start giving their users domains at a reasonable cost, it's a very useful tool. So any ISP stripping the sub-address is just being a pig and contributing to the mess.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
In your email profile, add instructions for prospective email senders to public-key encrypt their message. Filter all plaintext except that from mailing lists you legitimately signed up for. No spammer will ever bother to take these steps just to get to you.
If we all just stop buying things maybe they will leave us alone. Aggressive advertisers isn't a problem in a communist society, we should dump this capitalism stuff for that reason alone.
“Common sense is not so common.” — Voltaire
Sub addresses give you a little more control over how your whitelists work. That's the whole point, I think.
In the case of your mom, you give her something like stonewallred+mom7734@yourisp.example. Then you filter that To: address with your mom's sender address for your "mom" folder. And, if you care to talk with your mom's friends sometimes, dump the senders that don't match in a "friendsofmom" folder instead of the black hole.
A little more flexibility.
Your own personal domain, of course, is even more flexible.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
(ok non-UK readers should probably stop here though in the spirit of slashdot I should assume everybody in the world lives in my country ;-) )
I've signed up for the Telephone Preference Service - but still get junk calls from overseas telemarketing: anybody know how to get rid of them?
Also I've noticed that telephone numbers get handed on by BT to other people. Not sure how to get round that one. I moved into a house a year ago and the number I was given was changed from the previous owners number to a new one, and it had some sort of bad credit history, I got a lot of phone calls from people urgently needing to speak to a Mr or Mrs so-and-so. Clearly they'd not lived at my address because the previous owner (a little old lady) had lived there for many years. So I think I inherited a "bad" number and got so fed up of the calls I had to ask BT to change me to a new number which mostly seemed to sort things out.
Alas another useful opt-out alas appears to ask BT to make you ex-(telephone) directory. I've resisted this for years believing telephone directories to be a good idea but my impression is they are getting harvested by junk callers these days and indeed when I went ex-directory for the new number the volume of junk calls dropped significantly.
For a supposedly worldwide organisation they're suspiciously specific to a single "country".
"(c) No person or entity shall initiate any telephone solicitation,
as defined in paragraph (f)(12) of this section, to:
(1) Any residential telephone subscriber before the hour of 8 a.m.
or after 9 p.m. (local time at the called party's location), or
"
http://frwebgate.access.gpo.gov/cgi-bin/get-cfr.cgi?TITLE=47&PART=64&SECTION=1200&TYPE=TEXT
chapter and verse for you (assuming a US location) or as formally titled
TITLE 47--TELECOMMUNICATION CHAPTER I--FEDERAL COMMUNICATIONS COMMISSION (CONTINUED)
PART 64_MISCELLANEOUS RULES RELATING TO COMMON CARRIERS-- Subpart L_Restrictions on Telemarketing, Telephone Solicitation, and Facsimile Advertising Sec. 64.1200 Delivery restrictions.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Using opt-in saves you the cost of marketing to people who don't want your stuff
Those are EXACTLY the people marketers want to reach. The others already want your stuff, there is no point in harassing them, what marketers want is to change your mind, they want those who have no interest in the product to BECOME interested.
Those already interested will expend their own energy to find the product.
That's how my old boss explained it to me.
You can't take the sky from me...
Number two on the list in the article is the prescreened credit card offers. I can't figure out HOW to opt-out of this - I don't have a home phone, or even any phone numbers registered to my name (my cell is on a family plan and I'm not the account holder). Anyone else have this problem?
Does anyone else have a problem giving OptOutPrescreen.com their SSN? Why should I have to do that? What if I don't have a listed phone number? It's a required field. Is this a trustworthy site?
Opt-in or out list are nice in theory but those list can be sold and re-sold. One they are outside they can never be contained. The best policy is to hid under a rock and give no personnel information out every... and change your cell phone number (and email) every 3 months.
As a reader from the UK, I'd like to thank the World Privacy Forum for living up to their name and not just listing information pertaining to just one country.
Now, back to watching the World Series Baseball.