Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detailed Privacy Study Finds Loopholes Galore

Posted by kdawson on from the get-over-it dept.

BrianWCarver writes "The San Francisco Business Times covers a study by student researchers at UC Berkeley's School of Information pointing up the massive holes in privacy policies and protections of which US companies take advantage. The researchers have released a study and launched a Web site, knowprivacy.org, in which they found that Web bugs from Google and its subsidiaries were placed on 92 of the top 100 Web sites and 88 percent of the approximately 394,000 unique domains examined in the study. This larger data set was provided by the maintainer of the Firefox plugin Ghostery, which shows users which Web bugs are on the sites they visit. The study also found that while the privacy policies of many popular Web sites claim that the sites do not share information with third parties, they do allow third parties to place Web bugs on their sites (which collect this information directly, typically without users' knowledge) and share with corporate 'affiliates.' Bank of America, to take one extreme example, has more than 2,300 affiliates — and users cannot learn their identities. The full report and more findings are available from their Web site."

15 of 126 comments (clear)

  1. Guilty as charged by alain94040 · · Score: 3, Insightful

    Agreed. Trackers such as Google Analytics and more have been around for years. But now it's getting even worse with the flurry of URL shorteners. Not only can't you see what the real URL points to, its main purpose is to track, track, track.

    Personally, I don't believe it makes sense to have a web completely free of "web bugs". I'd rather have some pretty strong laws, along the lines of the presumption of innocence, so that anything collected about you can't possibly be used against you if it was obtained "by chance". That would be a start.

    --
    escape the corporate world, code for fun and profit

    1. Re:Guilty as charged by orngjce223 · · Score: 5, Insightful

      Here's the thing. People don't *want* to be tracked across websites. (Just like they don't *want* to see ads at all... but I digress.) The equivalent is the local store providing a small button-sticker, without your permission, at the door that not only lets their associates direct you to sections you might actually be interested in, but track you via GPS into other stores to see what you buy. And I mean you can take them off later (delete the cookies and all that), but then every other store provides the exact same sticker and some require you to present the sticker at every counter for service. It's something that a paranoid would probably say already happens, but the fact is, that this is turning us *all* paranoid. I don't like being paranoid.

      On the other hand, Mr. President Obama has kept quiet on privacy, so we don't even know what his stances are on this issue...

      --
      Note: I was 13 when I wrote most of this. Take with several grains of salt.
    2. Re:Guilty as charged by lavacano201014 · · Score: 4, Insightful

      Yeah, it's one thing if they stick a cookie on your computer saying "He logs in as lavacano201014, and he gets the password right", or "I've been here before, don't count me as a new visitor". It's like those events where they stamp your hand to show "You've paid, you just went outside for a smoke". It's another thing if they record personal information that you'd rather keep to yourself. It's like forcing them to tattoo your name and Social Security Number to your forehead and both arms. Do you really wanna wander around with "I'm John Johnson, my SSN is 555-55-5555"? That's my stance. Of course, if you really DO want to wander around like that, none of my business.

      --
      A wise man once said, "Where is my other quotation mark?
    3. Re:Guilty as charged by BitZtream · · Score: 3, Insightful

      You do realize this already happens right? And stupid people play into it. Those retarded 'club' cards for every freaking grocery store, sporting goods store, (insert store type here) store. The price you see on the label is always the 'club' price, which you pay more if you don't use their 'club' card. They send you directed advertisements in the mail and design the store displays and advertisements to direct you to the place in the store where they think they can upsell you the most.

      The only people turning paranoid are geeks too stupid to realize they have been able to do this for years and it doesn't just happen on the Internet. 'Web bugs' are nothing new, you've just been too dumb to notice them in the past.

      'People' don't CARE if they are tracked. Slashdotters freak out about it. If people gave a damn they wouldn't be so happy to sign up for those cards. They KNOW they are being tracked cause most of them happily send you reports regularly telling you what you've spent your money on.

      You guys need to pull your eyes off the monitor for a few minutes and stop thinking that everything on the Internet is new. Most of it isn't, not be a long shot, its just a variation on some scam from else where.

      If you actually were worried about being tracked you'd use cash and never buy anything off the Internet.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    4. Re:Guilty as charged by Aram+Fingal · · Score: 2, Insightful

      Personally, I don't believe it makes sense to have a web completely free of "web bugs"...

      Why? Why can't advertising work on the web without tracking? Advertising in newspapers, television and radio doesn't track people and that has worked just fine for many many years.

  2. Defective by design by Torodung · · Score: 3, Insightful

    The law: this is the thing that really deserves this tag.

    Defective by design, my friends. You have no privacy from the powerful.

    --
    Toro

  3. ...and so what? by raehl · · Score: 2, Insightful

    I have Google Analytics on my websites. It gives me lots of useful information about my users in a format that is easy to understand. But, about the only thing it tells me that I couldn't discern from the server logs is where people link in from.

    Now, this does mean that Google gets a record of when an IP address visited my server and what page they looked at. Is this an invasion of privacy? I don't think so. What's the worst that is going to happen? Google sells my browsing habits so that companies I already have a business relationship with send me targeted advertising? OH NO!

    What we need is legal limits on what can be done with collected information. We already have some - companies can't email me out of the blue unless we have an established relationship. We could perhaps use some additional protection in terms of public release of possibly not-entirely-flattering personal information.

    But beyond that, who cares? Privacy isn't, by itself, important. What we care about is negative consequences of our privacy being invaded. I don't want my friends to know about my Enzyte purchases, for example, but if I cancel my Enztye order and place a Capatrex order, what's the big deal if Enzyte sends me an email with a special offer to double my order for the same price?**

    (Note: I would never actually use either Enzyte or Capatrex... when I could use both!)

    Anyway, if it really bothers you, it's not like anoyne is actually sharing your information with 3rd parties anyway. Those web bugs don't get their information from the websites you visit, they get that information from you - it's YOUR browser on YOUR computer that sends the request to Google Analytics et al. If you don't want your browser to do that, block the sites.

    --
    paintball
    1. Re:...and so what? by jimmyswimmy · · Score: 2, Insightful

      In my mind it's enough that Google is able to understand how my thought processes develop by tracking search queries - which is an overt and expectable result when I tell them what I'm looking for. And since they present the results to me, they also get to see which ones are appealing, both by me clicking on the result link (and thereby telling them which one I have clicked) as well as by whether I return for a similar search, or a search which takes me down a related tangent.

      But I don't care for the idea that Google or any other company can know which other sites I visit, either as a result of (omg) Yahoo searches or whatever MS calls their search engine these days. Or even sites whose names I know, like facebook or various company sites whose names are typically companyname.com or similar. In other words, if I didn't ask them for it, it's not their business to know. In fact, I see it as my business alone. The fact that there is value to tracking that information, or appending that data (where I surf) to some customer record that contains my real name and address - I should have some level of control over that information. My (sadly unrealistic) opinion is that Choicepoint should be paying me a percentage of their revenue when they sell information about me. I don't care that it's aggregated - there is value to that data, it should not be theirs to sell with no restrictions.

      --

      Just my $0.55 (US inflation, 1774-2008, for $0.02)
    2. Re:...and so what? by martin-boundary · · Score: 4, Insightful

      Is this an invasion of privacy? I don't think so.

      See, the problem is that my privacy is none of your business. I don't care what you think is acceptable to me. Speak for yourself.

      If a surfer visits your site, they have a certain expectation of viewing your content. Now you've decided to share that two-way communication with a hidden third party, who offers you a service (so far so good) in exchange for access to the visitors (that's the problem). Your visitors have not entered into any relationship with the third party, and are not getting any service from them. So why are you letting them get milked?

      Think of it this way: Do you carry a hidden tape recorder in your pocket so that you can record all your conversations with your friends and colleagues, just because the weird guy down the street is paying you 10 bucks a week to let him listen in on anything he likes? Would you consider that acceptable behaviour from any of your friends and colleagues?

    3. Re:...and so what? by nitroyogi · · Score: 2, Insightful

      Google doesn't sell that info.

      Thus far they haven't done anything nefarious with the info they collect. They even refused to turn tons of it over to the government.

      Can you prove what you say? As authoritatively as you say it?

      Google has brainwashed many people with its strangely inscrutable "Don't be evil" campaign. So much so that those folks start dreaming divine fantasies about Google's impeccable loyalty to its dear beta customers' rights online. And start making statements that make remote business sense but none too practical. Keep an open eye on both sides of Google. Its not a saintly or charitable venture. Its just lesser of the evils.

  4. This is new?! by erroneus · · Score: 3, Insightful

    ADVERTISERS are Anti-Privacy People!!! They would create massive databases tracking every single man woman and child on the planet if they could and many are still working on that very thing.

    Google is an advertiser. When you break it down, Google's motivation is making money by selling advertisements in various forms and means.

    Here's other news: Advertising WORKS!!! They wouldn't do all this if it didn't yield results. And that will never change. Our consumer culture is so developed that people can't imagine any other way of seeing the world they live in.

    And here's an interesting aside -- according to my younger brother who recently went through law enforcement training informed the family of an interesting bit of trivia. He told us that the code word for "mentally retarded person" is "CONSUMER." He was not joking. Let that settle in... There are so many different areas where "consumer" is used to describe people and it makes you think doesn't it? We're all the brainless pawns in their business strategies and plans.

  5. Re:Lie, cheat and steal. Why keep acting surprised by phantomfive · · Score: 2, Insightful

    While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit.

    Not trying to out-cynical you or anything, but who really tells you anything that isn't bullshit? Politicians and government? Right. Your friends? Doubt it. Scientists? Sometimes, but only because they know if they lie someone else will repeat their experiment and catch their mistake. It happens.

    Seriously. You're 42. It's time to grow up, be a man and take responsibility for yourself, not depend on dishonest corporations or dishonest other people to take care of you. In this case, figure out how to block cross-site cookies, or block cookies all together. Learn how to use an anonymizer. Whatever it takes. This is something YOU can do. Stop relying on other people, and other people will stop taking advantage of you.

    --
    Qxe4
  6. Re:Privacy is Possible by twostix · · Score: 3, Insightful

    "Do people have a right to complain if they aren't willing to lift a finger to protect themselves?"

    Why yes, yes they do.

  7. Stupidity... by Velska1 · · Score: 2, Insightful

    'People' don't CARE if they are tracked.

    You may be right that most people don't. Most non-geeks I know have a hard time figuring how much their groceries are going to cost when our VAT rate goes down (now why is there VAT on groceries in the first place? Don't get me started...) or how much their paycheck is going to grow when the employer withholding tax goes down. They care what reality shows are most popular or who wins Idols or whatever.

    But that doesn't change the fact that they should. It's one thing to be a member of a consumer co-op and buy stuff at member prices -- and another thing entirely to be looking for daily news, info about your or your friends' minor or major ailments, and have it all recorded forever in a way they are able to associate with your identity.

    So Google has not been caught selling the info yet. They have, however, been forced by the DOJ to submit info about search terms and stuff. If Google's revenue takes a big hit for any reason, what's going to stop them from selling the info about the people who seem to spend a lot of time on Chinese dissident sites to the Chinese government? Or just to the highest bidder for whatever info they can offer?

    Furthermore, imagine if a perfectly legal hobby were to be criminalized -- retroactively -- say, by a new government elected in a wave of frenzy about national security (totally hypothetical, I know but bear with me). Now if that had been my hobby, I would be a sitting duck for the newly created national security cop unit. I may be a perfectly law-abiding citizen perfectly willing to forgo a hobby if my government tells me it endangers the national security, but I would already be a criminal.

    This is just an oversimplified example of what could happen. Much more complex, and at the same time impossible-to-win situations have happened many times over in different parts of the world since mid-1960s when I started following the news. To mention just one example from U.S. history (well researched, doesn't affect us today other than a warning example of just the kind of circs I describe), check out the Senator Joseph McCarthy crusade (and learn that he was just a front man for a lot of mean bullies, who wanted to do their bullying legally).

    P.S. I have RefControl with Firefox, I use redirection for most of my systems that directs requests like web bugs to a dummy address etc. I don't do it for all of my systems all of the time, though.

    --
    Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
  8. Re:Exactly! by xouumalperxe · · Score: 2, Insightful

    Now you've decided to share that two-way communication with a hidden third party,

    I did no such thing. I placed a link in my page to the third party. Your web browser, running on your computer, executed the link to the 3rd party and provided the data.

    Next time someone complains about legalese, think of this sort of shmuck.