Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detailed Privacy Study Finds Loopholes Galore

Posted by kdawson on from the get-over-it dept.

BrianWCarver writes "The San Francisco Business Times covers a study by student researchers at UC Berkeley's School of Information pointing up the massive holes in privacy policies and protections of which US companies take advantage. The researchers have released a study and launched a Web site, knowprivacy.org, in which they found that Web bugs from Google and its subsidiaries were placed on 92 of the top 100 Web sites and 88 percent of the approximately 394,000 unique domains examined in the study. This larger data set was provided by the maintainer of the Firefox plugin Ghostery, which shows users which Web bugs are on the sites they visit. The study also found that while the privacy policies of many popular Web sites claim that the sites do not share information with third parties, they do allow third parties to place Web bugs on their sites (which collect this information directly, typically without users' knowledge) and share with corporate 'affiliates.' Bank of America, to take one extreme example, has more than 2,300 affiliates — and users cannot learn their identities. The full report and more findings are available from their Web site."

11 of 126 comments (clear)

  1. We need to take care of our privacy. by Krneki · · Score: 5, Informative

    NoScript can stop most of the scripts running in the background when you visit a web page.
    https://addons.mozilla.org/en-US/firefox/addon/722

    --
    Love many, trust a few, do harm to none.
    1. Re:We need to take care of our privacy. by AnalPerfume · · Score: 4, Informative

      A decent cookie policy helps too. CSS Lite along with a "deny all cookies" default works wonders in that regard. Then just like NoScript you van allow them temporarily or permanently on an individual basis when a site you need demands them.

    2. Re:We need to take care of our privacy. by spottedkangaroo · · Score: 3, Informative

      There are three main strikes against noscript though... 1) it's irritating and doesn't necessarily protect against 1x1 pixel or iframe attacks anyway; 2) it sucks and breaks things like OpenID, which are necessarily cross site scripting; 3) the guy's a total fuck head (see adblock).

      --
      Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
    3. Re:We need to take care of our privacy. by drinkypoo · · Score: 4, Informative

      1) Use adblock pro and it will whack most of those 2) You can enable sites one by one if you need OpenID, ReCAPTCHA, etc 3) This part is true :(

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Lie, cheat and steal. Why keep acting surprised? by swb · · Score: 3, Informative

    Why do we keep having studies like this? It's like having more studies to prove that gravity will cause a rock to drop on the ground; it's pretty well understood without having to have yet another study remind us that given even the slightest chance to lie, cheat or steal, corporations will willingly and vigorously lie, cheat and steal.

    While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit. All of it. And I often ask myself why I don't make every attempt to rip them off as often and as completely as I can -- just fuck off being honest, all you get is ripped off anyway. There is no "fair" or "middle ground", it's just "how badly do you want to get lied to/cheated/ripped off?"

    In spite of this and in spite of my equally strong cynicism that government can "fix" this, why don't we treat these corporate fucks properly?

    For so many of these frauds, jail just isn't good enough, or it doesn't provide the right life lesson. These people need to know just exactly what the shit end of the stick feels like. Here's a suitable punishment for corporate malfeasance:

    1) Corporate thief *and* immediate family, including wives divorced after the initiation of fraud, stripped of ALL personal possessions, property, real estate and financial assets. YOU MAY NOT EVER PROFIT FROM YOUR CRIME NOR ENRICH YOUR FAMILY. YOU HAVE LOST EVERYTHING. FOREVER.

    2) Forced to live a residence in a neighborhood with at least 50% of the population at or below the poverty line. POVERTY SUCKS.

    3) All family members required to work at a job which pays no more than 2x the poverty wage for whatever size family they consist. Any money earned over this amount is forfeited. YOU WILL NEVER GET AHEAD OR EVEN CATCH UP.

    4) No financial or material support of any kind from the outside, including support in-kind (free rent, forgiven debt, etc). AND NOBODY WILL HELP.

  3. Even whitehouse.gov has a web bug by karl.auerbach · · Score: 5, Informative

    Even the Whitehouse.gov website has a 1x1 pixel web bug that is in violation of their own privacy policy, not to mention 5 USC 552a.

  4. Re:...and so what? by X0563511 · · Score: 2, Informative

    ... that I couldn't discern from the server logs is where people link in from.

    Hrm, strange. You would think your server would both be able to read and log the Referer request header.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  5. Privacy is Possible by CodeBuster · · Score: 2, Informative

    If people are concerned about their privacy then why don't they use Firefox, AdBlock, Flashblock, and NoScript? The truly paranoid can download and use Tor as well. Do people have a right to complain if they aren't willing to lift a finger to protect themselves?

  6. Re:Lie, cheat and steal. Why keep acting surprised by Jimmy_B · · Score: 2, Informative

    Sorry, but the US Constitution expressly prohibits extending punishment for crimes onto family members. The most you could get is forfeiture of assets which a prosecutor could prove constituted stolen goods, and that wouldn't be nearly everything.

  7. Doubleclick by MrKaos · · Score: 3, Informative

    Ghostery found 1 web bug on Slashdot

    --
    My ism, it's full of beliefs.
  8. Re:Guilty as charged by Aram+Fingal · · Score: 2, Informative

    You're right but storing personal info in the cookie itself isn't the way it's normally done. More often, they store something like visitor#42383645934568125 which is a database key. Your personal info is in their database and not in the cookie. Part of the problem with web beacons is that they effectively allow different sites to share the same database key. This wasn't supposed to happen with cookies which are restricted to being read back only by the same site that set them in the first place. Web beacons get around this limitation by loading a portion of the site which you are visiting, even something as small as a one pixel graphic, from a common advertising agency site. Some of these advertising sites are backed by huge clusters and able to serve a bit of content to a huge percentage of sites on the internet. That's what the graphs about Google's reach are explaining.