Slashdot Mirror
Detailed Privacy Study Finds Loopholes Galore
BrianWCarver writes "The San Francisco Business Times covers a study by student researchers at UC Berkeley's School of Information pointing up the massive holes in privacy policies and protections of which US companies take advantage. The researchers have released a study and launched a Web site, knowprivacy.org, in which they found that Web bugs from Google and its subsidiaries were placed on 92 of the top 100 Web sites and 88 percent of the approximately 394,000 unique domains examined in the study. This larger data set was provided by the maintainer of the Firefox plugin Ghostery, which shows users which Web bugs are on the sites they visit. The study also found that while the privacy policies of many popular Web sites claim that the sites do not share information with third parties, they do allow third parties to place Web bugs on their sites (which collect this information directly, typically without users' knowledge) and share with corporate 'affiliates.' Bank of America, to take one extreme example, has more than 2,300 affiliates — and users cannot learn their identities. The full report and more findings are available from their Web site."
Agreed. Trackers such as Google Analytics and more have been around for years. But now it's getting even worse with the flurry of URL shorteners. Not only can't you see what the real URL points to, its main purpose is to track, track, track.
Personally, I don't believe it makes sense to have a web completely free of "web bugs". I'd rather have some pretty strong laws, along the lines of the presumption of innocence, so that anything collected about you can't possibly be used against you if it was obtained "by chance". That would be a start.
--
escape the corporate world, code for fun and profit
The law: this is the thing that really deserves this tag.
Defective by design, my friends. You have no privacy from the powerful.
--
Toro
What the fuck did you expect? If you want "privacy", stay home. Oh, wait.
NoScript can stop most of the scripts running in the background when you visit a web page.
https://addons.mozilla.org/en-US/firefox/addon/722
Love many, trust a few, do harm to none.
I have Google Analytics on my websites. It gives me lots of useful information about my users in a format that is easy to understand. But, about the only thing it tells me that I couldn't discern from the server logs is where people link in from.
Now, this does mean that Google gets a record of when an IP address visited my server and what page they looked at. Is this an invasion of privacy? I don't think so. What's the worst that is going to happen? Google sells my browsing habits so that companies I already have a business relationship with send me targeted advertising? OH NO!
What we need is legal limits on what can be done with collected information. We already have some - companies can't email me out of the blue unless we have an established relationship. We could perhaps use some additional protection in terms of public release of possibly not-entirely-flattering personal information.
But beyond that, who cares? Privacy isn't, by itself, important. What we care about is negative consequences of our privacy being invaded. I don't want my friends to know about my Enzyte purchases, for example, but if I cancel my Enztye order and place a Capatrex order, what's the big deal if Enzyte sends me an email with a special offer to double my order for the same price?**
(Note: I would never actually use either Enzyte or Capatrex... when I could use both!)
Anyway, if it really bothers you, it's not like anoyne is actually sharing your information with 3rd parties anyway. Those web bugs don't get their information from the websites you visit, they get that information from you - it's YOUR browser on YOUR computer that sends the request to Google Analytics et al. If you don't want your browser to do that, block the sites.
paintball
How ironic that a school without sufficient knowledge to protect its students from identity theft lectures the world on personal privacy.
A number of student Social Security numbers were leaked not too long ago.
Here's the article
Why do we keep having studies like this? It's like having more studies to prove that gravity will cause a rock to drop on the ground; it's pretty well understood without having to have yet another study remind us that given even the slightest chance to lie, cheat or steal, corporations will willingly and vigorously lie, cheat and steal.
While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit. All of it. And I often ask myself why I don't make every attempt to rip them off as often and as completely as I can -- just fuck off being honest, all you get is ripped off anyway. There is no "fair" or "middle ground", it's just "how badly do you want to get lied to/cheated/ripped off?"
In spite of this and in spite of my equally strong cynicism that government can "fix" this, why don't we treat these corporate fucks properly?
For so many of these frauds, jail just isn't good enough, or it doesn't provide the right life lesson. These people need to know just exactly what the shit end of the stick feels like. Here's a suitable punishment for corporate malfeasance:
1) Corporate thief *and* immediate family, including wives divorced after the initiation of fraud, stripped of ALL personal possessions, property, real estate and financial assets. YOU MAY NOT EVER PROFIT FROM YOUR CRIME NOR ENRICH YOUR FAMILY. YOU HAVE LOST EVERYTHING. FOREVER.
2) Forced to live a residence in a neighborhood with at least 50% of the population at or below the poverty line. POVERTY SUCKS.
3) All family members required to work at a job which pays no more than 2x the poverty wage for whatever size family they consist. Any money earned over this amount is forfeited. YOU WILL NEVER GET AHEAD OR EVEN CATCH UP.
4) No financial or material support of any kind from the outside, including support in-kind (free rent, forgiven debt, etc). AND NOBODY WILL HELP.
Even the Whitehouse.gov website has a 1x1 pixel web bug that is in violation of their own privacy policy, not to mention 5 USC 552a.
ADVERTISERS are Anti-Privacy People!!! They would create massive databases tracking every single man woman and child on the planet if they could and many are still working on that very thing.
Google is an advertiser. When you break it down, Google's motivation is making money by selling advertisements in various forms and means.
Here's other news: Advertising WORKS!!! They wouldn't do all this if it didn't yield results. And that will never change. Our consumer culture is so developed that people can't imagine any other way of seeing the world they live in.
And here's an interesting aside -- according to my younger brother who recently went through law enforcement training informed the family of an interesting bit of trivia. He told us that the code word for "mentally retarded person" is "CONSUMER." He was not joking. Let that settle in... There are so many different areas where "consumer" is used to describe people and it makes you think doesn't it? We're all the brainless pawns in their business strategies and plans.
If people are concerned about their privacy then why don't they use Firefox, AdBlock, Flashblock, and NoScript? The truly paranoid can download and use Tor as well. Do people have a right to complain if they aren't willing to lift a finger to protect themselves?
While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit.
Not trying to out-cynical you or anything, but who really tells you anything that isn't bullshit? Politicians and government? Right. Your friends? Doubt it. Scientists? Sometimes, but only because they know if they lie someone else will repeat their experiment and catch their mistake. It happens.
Seriously. You're 42. It's time to grow up, be a man and take responsibility for yourself, not depend on dishonest corporations or dishonest other people to take care of you. In this case, figure out how to block cross-site cookies, or block cookies all together. Learn how to use an anonymizer. Whatever it takes. This is something YOU can do. Stop relying on other people, and other people will stop taking advantage of you.
Qxe4
Sorry, but the US Constitution expressly prohibits extending punishment for crimes onto family members. The most you could get is forfeiture of assets which a prosecutor could prove constituted stolen goods, and that wouldn't be nearly everything.
'People' don't CARE if they are tracked.
You may be right that most people don't. Most non-geeks I know have a hard time figuring how much their groceries are going to cost when our VAT rate goes down (now why is there VAT on groceries in the first place? Don't get me started...) or how much their paycheck is going to grow when the employer withholding tax goes down. They care what reality shows are most popular or who wins Idols or whatever.
But that doesn't change the fact that they should. It's one thing to be a member of a consumer co-op and buy stuff at member prices -- and another thing entirely to be looking for daily news, info about your or your friends' minor or major ailments, and have it all recorded forever in a way they are able to associate with your identity.
So Google has not been caught selling the info yet. They have, however, been forced by the DOJ to submit info about search terms and stuff. If Google's revenue takes a big hit for any reason, what's going to stop them from selling the info about the people who seem to spend a lot of time on Chinese dissident sites to the Chinese government? Or just to the highest bidder for whatever info they can offer?
Furthermore, imagine if a perfectly legal hobby were to be criminalized -- retroactively -- say, by a new government elected in a wave of frenzy about national security (totally hypothetical, I know but bear with me). Now if that had been my hobby, I would be a sitting duck for the newly created national security cop unit. I may be a perfectly law-abiding citizen perfectly willing to forgo a hobby if my government tells me it endangers the national security, but I would already be a criminal.
This is just an oversimplified example of what could happen. Much more complex, and at the same time impossible-to-win situations have happened many times over in different parts of the world since mid-1960s when I started following the news. To mention just one example from U.S. history (well researched, doesn't affect us today other than a warning example of just the kind of circs I describe), check out the Senator Joseph McCarthy crusade (and learn that he was just a front man for a lot of mean bullies, who wanted to do their bullying legally).
P.S. I have RefControl with Firefox, I use redirection for most of my systems that directs requests like web bugs to a dummy address etc. I don't do it for all of my systems all of the time, though.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
Now you've decided to share that two-way communication with a hidden third party,
I did no such thing. I placed a link in my page to the third party. Your web browser, running on your computer, executed the link to the 3rd party and provided the data.
Next time someone complains about legalese, think of this sort of shmuck.
Ghostery found 1 web bug on Slashdot
My ism, it's full of beliefs.