Slashdot Mirror
Detailed Privacy Study Finds Loopholes Galore
BrianWCarver writes "The San Francisco Business Times covers a study by student researchers at UC Berkeley's School of Information pointing up the massive holes in privacy policies and protections of which US companies take advantage. The researchers have released a study and launched a Web site, knowprivacy.org, in which they found that Web bugs from Google and its subsidiaries were placed on 92 of the top 100 Web sites and 88 percent of the approximately 394,000 unique domains examined in the study. This larger data set was provided by the maintainer of the Firefox plugin Ghostery, which shows users which Web bugs are on the sites they visit. The study also found that while the privacy policies of many popular Web sites claim that the sites do not share information with third parties, they do allow third parties to place Web bugs on their sites (which collect this information directly, typically without users' knowledge) and share with corporate 'affiliates.' Bank of America, to take one extreme example, has more than 2,300 affiliates — and users cannot learn their identities. The full report and more findings are available from their Web site."
Agreed. Trackers such as Google Analytics and more have been around for years. But now it's getting even worse with the flurry of URL shorteners. Not only can't you see what the real URL points to, its main purpose is to track, track, track.
Personally, I don't believe it makes sense to have a web completely free of "web bugs". I'd rather have some pretty strong laws, along the lines of the presumption of innocence, so that anything collected about you can't possibly be used against you if it was obtained "by chance". That would be a start.
--
escape the corporate world, code for fun and profit
The law: this is the thing that really deserves this tag.
Defective by design, my friends. You have no privacy from the powerful.
--
Toro
What the fuck did you expect? If you want "privacy", stay home. Oh, wait.
NoScript can stop most of the scripts running in the background when you visit a web page.
https://addons.mozilla.org/en-US/firefox/addon/722
Love many, trust a few, do harm to none.
duh
very public spirited of them.
I have Google Analytics on my websites. It gives me lots of useful information about my users in a format that is easy to understand. But, about the only thing it tells me that I couldn't discern from the server logs is where people link in from.
Now, this does mean that Google gets a record of when an IP address visited my server and what page they looked at. Is this an invasion of privacy? I don't think so. What's the worst that is going to happen? Google sells my browsing habits so that companies I already have a business relationship with send me targeted advertising? OH NO!
What we need is legal limits on what can be done with collected information. We already have some - companies can't email me out of the blue unless we have an established relationship. We could perhaps use some additional protection in terms of public release of possibly not-entirely-flattering personal information.
But beyond that, who cares? Privacy isn't, by itself, important. What we care about is negative consequences of our privacy being invaded. I don't want my friends to know about my Enzyte purchases, for example, but if I cancel my Enztye order and place a Capatrex order, what's the big deal if Enzyte sends me an email with a special offer to double my order for the same price?**
(Note: I would never actually use either Enzyte or Capatrex... when I could use both!)
Anyway, if it really bothers you, it's not like anoyne is actually sharing your information with 3rd parties anyway. Those web bugs don't get their information from the websites you visit, they get that information from you - it's YOUR browser on YOUR computer that sends the request to Google Analytics et al. If you don't want your browser to do that, block the sites.
paintball
How ironic that a school without sufficient knowledge to protect its students from identity theft lectures the world on personal privacy.
A number of student Social Security numbers were leaked not too long ago.
Here's the article
Why do we keep having studies like this? It's like having more studies to prove that gravity will cause a rock to drop on the ground; it's pretty well understood without having to have yet another study remind us that given even the slightest chance to lie, cheat or steal, corporations will willingly and vigorously lie, cheat and steal.
While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit. All of it. And I often ask myself why I don't make every attempt to rip them off as often and as completely as I can -- just fuck off being honest, all you get is ripped off anyway. There is no "fair" or "middle ground", it's just "how badly do you want to get lied to/cheated/ripped off?"
In spite of this and in spite of my equally strong cynicism that government can "fix" this, why don't we treat these corporate fucks properly?
For so many of these frauds, jail just isn't good enough, or it doesn't provide the right life lesson. These people need to know just exactly what the shit end of the stick feels like. Here's a suitable punishment for corporate malfeasance:
1) Corporate thief *and* immediate family, including wives divorced after the initiation of fraud, stripped of ALL personal possessions, property, real estate and financial assets. YOU MAY NOT EVER PROFIT FROM YOUR CRIME NOR ENRICH YOUR FAMILY. YOU HAVE LOST EVERYTHING. FOREVER.
2) Forced to live a residence in a neighborhood with at least 50% of the population at or below the poverty line. POVERTY SUCKS.
3) All family members required to work at a job which pays no more than 2x the poverty wage for whatever size family they consist. Any money earned over this amount is forfeited. YOU WILL NEVER GET AHEAD OR EVEN CATCH UP.
4) No financial or material support of any kind from the outside, including support in-kind (free rent, forgiven debt, etc). AND NOBODY WILL HELP.
Even the Whitehouse.gov website has a 1x1 pixel web bug that is in violation of their own privacy policy, not to mention 5 USC 552a.
....of the anonymous coward?!!!?!!
ADVERTISERS are Anti-Privacy People!!! They would create massive databases tracking every single man woman and child on the planet if they could and many are still working on that very thing.
Google is an advertiser. When you break it down, Google's motivation is making money by selling advertisements in various forms and means.
Here's other news: Advertising WORKS!!! They wouldn't do all this if it didn't yield results. And that will never change. Our consumer culture is so developed that people can't imagine any other way of seeing the world they live in.
And here's an interesting aside -- according to my younger brother who recently went through law enforcement training informed the family of an interesting bit of trivia. He told us that the code word for "mentally retarded person" is "CONSUMER." He was not joking. Let that settle in... There are so many different areas where "consumer" is used to describe people and it makes you think doesn't it? We're all the brainless pawns in their business strategies and plans.
So the hooker has a second customer behind the oneway mirror, and she's not "sharing" information about you because she doesn't supply notes with the second customer later?
Would this stand in court in the US? Presumably the lawyers who draft these statements base them on some sort of defensible argument.
If people are concerned about their privacy then why don't they use Firefox, AdBlock, Flashblock, and NoScript? The truly paranoid can download and use Tor as well. Do people have a right to complain if they aren't willing to lift a finger to protect themselves?
While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit.
Not trying to out-cynical you or anything, but who really tells you anything that isn't bullshit? Politicians and government? Right. Your friends? Doubt it. Scientists? Sometimes, but only because they know if they lie someone else will repeat their experiment and catch their mistake. It happens.
Seriously. You're 42. It's time to grow up, be a man and take responsibility for yourself, not depend on dishonest corporations or dishonest other people to take care of you. In this case, figure out how to block cross-site cookies, or block cookies all together. Learn how to use an anonymizer. Whatever it takes. This is something YOU can do. Stop relying on other people, and other people will stop taking advantage of you.
Qxe4
Sorry, but the US Constitution expressly prohibits extending punishment for crimes onto family members. The most you could get is forfeiture of assets which a prosecutor could prove constituted stolen goods, and that wouldn't be nearly everything.
... the punishment that you talk of.
Only the ignorant continue cheating, because tomorrow is your day of getting cheated.
Maybe someone mentioned this. But I didn't see it in the threads yet.
This last week our very host SLASH_dot started REQUIRING JS for slashdot.org and fsdn.com in order to see any threads posted. AND fsdn "transfers information" from Google-Analytics while loading even the headlines page.
Obviously those of you who protest the slimiest of tactics are giving this site a pass when they do NOT deserve it. Slash-dot must be getting something including $ fro Google for the information they are stealing from us.
And Slash doesn't even say JS needed. All you get is a message "Error from upstream server" Unless you allow JS.
Disappointingly even adding google-analytics to my firewall block list does not seem to stop the "transfer of information" from google by fsdn. :(
"We won't do anything illegal... except when we feel like it". There - boiled 99.9% of all privacy policies on the (US part of the) web down to one simple sentence.
________
Entranced by anime since late summer 2001 and loving it ^_^
Hrm, strange. You would think your server would both be able to read and log the Referer request header.
It would, if the client is kind enough to send it, which it may not be. But if a web bug exists on the referring and target pages, that data is obtained regardless of whether the client sends it.
Regardless, you can only count on your server logs to present you accurate data if it's server-generated data. Number of hits in a given time-frame from a particular IP, yes. Website referrals? No.
paintball
24 hours of continuous relief
But hold on a second... exactly how continuous is the relief?
Is there an intermittent-relief version? Maybe every 60 minutes or so?
paintball
You're exactly right, your privacy is none of my business. So don't expect me to take care of your privacy!
If a surfer visits your site, they have a certain expectation of viewing your content.
Indeed. And they will get the content.
Now you've decided to share that two-way communication with a hidden third party,
I did no such thing. I placed a link in my page to the third party. Your web browser, running on your computer, executed the link to the 3rd party and provided the data.
who offers you a service (so far so good) in exchange for access to the visitors (that's the problem). Your visitors have not entered into any relationship with the third party, and are not getting any service from them. So why are you letting them get milked?
I'm asking them to provide their information to the 3rd party so that I can acquire valuable information (i.e., some idea who is using my website, and in what manner they are using it.) Whether they actually provide their information is entirely up to them and their web client.
And personally,
paintball
not depend on dishonest corporations or dishonest other people to take care of you
Wait. Are you suggesting there are HONEST corporations?
Wow!
You are green, a bright flourescent green.
"Doing what i can, with what i have." ~ Burt Gummer
Have you tried a user-agent switching extension? I switch the user-agent to IE6 and /. seems to work fine now in Iceweasel 2.0.0.18.
Prior, I could not click on the story link only the comment total (which would not let me see the "Read more..." story portions). There is a lot of crappy shit that goes on here and if you are login-less like myself, it is worse. It seems every 6 months there is a new set of hoops to jump to make the site work marginally OK. Oh well - at least I don't feel guilty about using adblock : )?
Just as many as there are honest people. Have no idea what you mean by green, though.
Qxe4
"'People' don't CARE if they are tracked. Slashdotters freak out about it." - by BitZtream (692029) on Wednesday June 03, @12:26AM (#28191817)
That's NOT true, and yes, even in YOUR individual case... why?
Well, since you are a "registered user" here, you are FAR MORE EASILY TRACKED than I am in my using an "A/C" account (clicking on your username alone yields me an incredible wealth of information about you alone on this website in your post comments history & more, for instance).
APK
P.S.=> That's the ONLY reason(s) I do not become a registered user here in fact, but it is what I feel is a very good reason not to become one in fact... apk
'People' don't CARE if they are tracked.
You may be right that most people don't. Most non-geeks I know have a hard time figuring how much their groceries are going to cost when our VAT rate goes down (now why is there VAT on groceries in the first place? Don't get me started...) or how much their paycheck is going to grow when the employer withholding tax goes down. They care what reality shows are most popular or who wins Idols or whatever.
But that doesn't change the fact that they should. It's one thing to be a member of a consumer co-op and buy stuff at member prices -- and another thing entirely to be looking for daily news, info about your or your friends' minor or major ailments, and have it all recorded forever in a way they are able to associate with your identity.
So Google has not been caught selling the info yet. They have, however, been forced by the DOJ to submit info about search terms and stuff. If Google's revenue takes a big hit for any reason, what's going to stop them from selling the info about the people who seem to spend a lot of time on Chinese dissident sites to the Chinese government? Or just to the highest bidder for whatever info they can offer?
Furthermore, imagine if a perfectly legal hobby were to be criminalized -- retroactively -- say, by a new government elected in a wave of frenzy about national security (totally hypothetical, I know but bear with me). Now if that had been my hobby, I would be a sitting duck for the newly created national security cop unit. I may be a perfectly law-abiding citizen perfectly willing to forgo a hobby if my government tells me it endangers the national security, but I would already be a criminal.
This is just an oversimplified example of what could happen. Much more complex, and at the same time impossible-to-win situations have happened many times over in different parts of the world since mid-1960s when I started following the news. To mention just one example from U.S. history (well researched, doesn't affect us today other than a warning example of just the kind of circs I describe), check out the Senator Joseph McCarthy crusade (and learn that he was just a front man for a lot of mean bullies, who wanted to do their bullying legally).
P.S. I have RefControl with Firefox, I use redirection for most of my systems that directs requests like web bugs to a dummy address etc. I don't do it for all of my systems all of the time, though.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
How in hell did you know so well what my life was like for 15 years? Well, still is, but #4 isn't true for us now...
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
OK. Corporations are not human beings. Yes, of course, the law states they are people, blah, blah, but ultimately they are NOT human beings.
A psychological analysis of a Corporation as revealed in the book by same name states they are pathological liars, cheats and worse criminals who have no sense of honor, truthfulness, and honesty.
I don't blame them for it. Its their nature.
Why else would AIG want the money it donated to charity back to pay bonuses to its management?
Why else would Monsanto try to override local laws that prevent GMO foods from being grown locally?
Why does Exxon STILL fight paying compensation for the Valdez disaster and get it overturned even after all these years?
Why do you think Time-Warner and others want to overturn municipalities from providing broadband to their cities and towns where Corporates have refused to set up shop?
Am not paranoid or crazy, and am not part of the left-wing alliance stating ALL corporations are evil, etc.
Am just saying this is their nature: Selfish, Loathsome, cheat, liar and a thief if they can get away with it.
"Doing what i can, with what i have." ~ Burt Gummer
You seem to have a pretty strong anti-corporation bias there. Have you thought of looking for any good things corporations have done? The things you've said could be said for basically any type of group of people.
As long as Americans are dishonest, you're going to have dishonest corporations. When was the last time you saw an honest person?
Qxe4
You are, unfortunately, right in your assertion. Corporate behavior is a reflection of the values of the people with controlling interests in the corporation.
In addition, a corporation -- especially a big, successful one -- has often been built by people, who are especially willing and able to turn the trust other people place in them -- or the urgent need they have for their services -- to their own benefit. And this does not necessarily mean that they have been dishonest.
Combine this with the fact, that a corporation lacks a "human" face. You can't get in a heated argument with a corporation -- let alone have a reasonable discussion with it. You may meet service personnel, who are willing to engage in either, but the corporation? No. They dispatch an army of consultants, marketers or lawyers, who almost never treat you as a human being.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
In addition, a corporation -- especially a big, successful one -- has often been built by people, who are especially willing and able to turn the trust other people place in them -- or the urgent need they have for their services -- to their own benefit. And this does not necessarily mean that they have been dishonest.
You know it's weird, you're the second person this week who suggested that rich powerful people are more corrupt. I really don't think it's true. They are more powerful, so their crimes are able to affect more people, but then poor people do things like steal my geranium off my porch. Dishonesty is pretty far reaching, throughout all the social spectrum.
Qxe4
As twostix said, yes, we do have the right to complain. It may not help, but we can complain.
I look at it this way: I do what I can, and then complain with the idea that I may not be the only one, who has noticed the problem. And there is an outside chance that someone will do something if enough people speak up.
To stay on the subject of doing something, we can add a filter [http://www.google-analytics.com/*] (the square brackets are here just to stop /. from treating that as a link) to Adblock Plus, and the browser won't be telling google that we're looking at this page.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
Google has a very simple mission. They want to know what you and your IP are doing. That's all. Give them that, and they own you and your activity on the internets.
To get at this simple little piece of info, web sites get cool stuff like googleanalytics (info already available via other tools). You say "Nice". Google says thank you very much for your kind words, we do this because we want to give back to the community. Yeah right.
Users get to use cool stuff like gmail (unfortunately very good, but lots of alternatives), and all the other freebies, search and all the rest. All brought together under that simple little cookie at google.com. Google: "we love building cool stuff. We call it giving back."
The real killer for me, the one that almost makes me wonder about mozilla and the supposed superstar salaries some of them get paid, is that firefox's "safebrowsing" is driven by ... yep, go take a look for yourself.
What do they say about hiring the fox to guard the chicken coop? Every request you put out gets checked out before you get there - Is it really safe for this dumb schmuck to go there?
Have you ever tried to disable safebrowsing? Are you mad?!
I could start getting paranoid about all of this, but actually I'm a trusting sort of person, after all, these are the guys that promised to do no evil.
I'm sorry for picking a nit, but I specifically stated that "...this does not necessarily mean that they have been dishonest."
The fact still remains, that beyond a great fortune there quite often is a well-hidden crime or at least unethical behavior. Not always; often.
Likewise, you are right that poverty is no guarantee of honesty, either. It's not about whether you're rich or poor, but how honestly you acquired what you have.
But there are volumes of examples of people, who are more willing to cut corners (for their own and their friends' benefit), rising to the top of any structure of power. Some are sociopaths, who are especially good at fooling people into thinking they are gaining their power or wealth unselfishly. And most people have a "default" trust for the wealthy and powerful.
And, again, that does not mean that all powerful, rich people are corrupt. I didn't suggest that, and now I'm spelling it out. And it has a corollary that poor people are not necessarily people of integrity (although my current poverty has at least something to do with my unwillingness to pull the trigger on a guy with a gun on his temple).
With all that, I try to give everyone a fair chance with me. It has hurt me as often as delighted me, but my life is better, if I'm not cynical.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
As i said earlier, i do NOT have a bias against corporations. Iam just saying as it is as an impartial, disinterested, unemotional observer.
What am trying to say here is people a.k.a human beings try to evaluate a Corporation based on their own sense of what's right and wrong.
That IS wrong when you are trying to evaluate a Corporation.
Its like trying to evaluate a shark on whether it is good or evil. Its meaningless and hell, it is wrong on many, many counts.
To understand and to evaluate a corporation, you need to understand its beginings and roots. Much like you evaluate Hitler and Stalin and Gandhi based on their roots.
A corporation is governed by a strict set of laws and regulations: these laws and subsequent judgements force a corporation to act in a certain way: maximising profit in any way possible; for its stock holders.
That is what the law states and that is the ONLY course of permitted action for a corporation.
Remember when Ford tried to make his Corporation do something altruistic? He was sued by stock holders and subsequently lost the case.
Why? Because it was interfering with the primary purpose of a corporation: Profits.
That is why Milton Friedman said that if Corporate Social Responsibility is really genuine, then the corporation is breaking the law.
To us, it may look cheap, and even downright disgusting if AIG wants to take back the money it donated to charities. From AIG's legal perspective, it is a sound decision: otherwise the company may be sued for donating public money to charities or worse.
Unless the law is changed, which changes the operating environment and rules for a corporation to make it more human, you cannot and should not blame a corporation for being "evil" or a thief. Because the thing they do is perfectly valid and if they don't do it, they will be sued.
"Doing what i can, with what i have." ~ Burt Gummer
Ghostery found 1 web bug on Slashdot
My ism, it's full of beliefs.
For a related discussion of topics of Privacy on the web, including all original research, please see:
The Privacy Log: http://privacylog.blogspot.com/
-- I was raised on the command line, bitch
Does using noscript and/or adblock to block the web bug html and associated scripting effectively stop the tracking?
Seriously. You're 42. It's time to grow up, be a man and take responsibility for yourself, not depend on dishonest corporations or dishonest other people to take care of you. In this case, figure out how to block cross-site cookies, or block cookies all together. Learn how to use an anonymizer.
Only on Slashdot does blocking cross-site cookies and using an anonymizer make you a man.
australian project gutenberg is better than the original.
Oh well, that's called Web 2.0
australian project gutenberg is better than the original.
Blah blah blah. Are either of you being honest?
Web sites ... allow third parties to place Web bugs on their sites ... and share with corporate 'affiliates.' ... Bank of America ... has more than 2,300 affiliates â" and users cannot learn their identities.
So quit using their web site and go back to paper bill-paying.
Remember the reason you started paying bills via the web? It was fast and easy. Is it still?
Great. A wonderful, in-depth analytical piece. But so what? Not like anything's going to come of it. Anyone who has ever gotten "legitimate" spam (i.e. not Viagra, etc. but from real businesses) or junk snail mail knows this is going on. Hell, politicians know it's going on. But it's not going to change. This isn't an Upton Sinclair piece that will change the meat-packing industry. Let's face facts: This crap won't ever change. And even if, through some magic means, it does, the damage has been done - All your data are belong to them already. Sorry. I'm a giant cynic. But I think I'm also a realist.
Bark less. Wag more.
What is scarier is that http://knowprivacy.org/ is doing this to "Recommendations for policymakers to protect consumers and for website operators to avoid stricter regulation." Personally I liked how free the internet was. I like using "Know Privacy" to find these companies and boycott them if need be. I understand that they are trying to help make "good" policy, but isn't any policy a bad one? Can't consumers protect themselves?
To be honest, the way you write doesn't sound disinterested and unemotional at all. It sounds like you've been reading Noam Chomsky (who is a great guy, but a little too one sided sometimes) and picking up his disdain for corporations or something. He is definitely not an unbiased, unemotional observer.
Then you bring Hitler, Stalin, and Gandhi into the picture, saying we need to evaluate them based on their roots. Not sure what that means, usually people are evaluated by what they did (started a world war, killed millions of his own people, liberated his country), not based on how they started. Sure it can help you to understand some of their quirks or something, but I don't think it's a very good basis for judging a person.
Then you said a corporation MUST have as its goal to maximize profits. While often this is the case, it is up the stated purpose of the corporation as defined in their corporate charter. Thus you can have a non-profit corporation. A corporation is nothing more than a legal abstraction for a group of people to do business (or otherwise manage money) together. If a corporation states in its corporate charter that it's primary purpose is to make money, then its a sort of a contract, and those who invest in the company will have that expectation. It is up to the founders.
I still don't know what you meant by green. That I was jealous?
Qxe4
Green means naive. -:)
No, i haven't read Chomsky. He is a nut case who hates everything that is progressive.
Non-profits does not mean no profits. Its just that their surplus is not profit in traditional sense.
Not many commercial corporates are non-profits.
95% of the corporates are for-profits.
As you said correctly, a for-profit corporate has a contract with owners. Generating profit.
Anything less and it can be sued.
Which is exactly why they behave as they do: taking money back from charities, etc.
Why i brought the background of Stalin and Hitler is that research into their backgrounds have shown parental abuse can lead to dictators. Hence, the child laws as of today which prevent us from spanking or kicking our child.
Similarly a research into backgrounds of modern corporations shows us that people wanted to separate risk from profit so that they don't lose their personal wealth in their pursuit of profits.
The fictional entity came into being during the railroad barons which resulted in many judgements and we came to treat corporates as persons.
Coming back to my original point, we should stop thinking corporates are human beings. They are not, even though in eyes of law they are.
"Doing what i can, with what i have." ~ Burt Gummer