Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detailed Privacy Study Finds Loopholes Galore

Posted by kdawson on from the get-over-it dept.

BrianWCarver writes "The San Francisco Business Times covers a study by student researchers at UC Berkeley's School of Information pointing up the massive holes in privacy policies and protections of which US companies take advantage. The researchers have released a study and launched a Web site, knowprivacy.org, in which they found that Web bugs from Google and its subsidiaries were placed on 92 of the top 100 Web sites and 88 percent of the approximately 394,000 unique domains examined in the study. This larger data set was provided by the maintainer of the Firefox plugin Ghostery, which shows users which Web bugs are on the sites they visit. The study also found that while the privacy policies of many popular Web sites claim that the sites do not share information with third parties, they do allow third parties to place Web bugs on their sites (which collect this information directly, typically without users' knowledge) and share with corporate 'affiliates.' Bank of America, to take one extreme example, has more than 2,300 affiliates — and users cannot learn their identities. The full report and more findings are available from their Web site."

17 of 126 comments (clear)

  1. Guilty as charged by alain94040 · · Score: 3, Insightful

    Agreed. Trackers such as Google Analytics and more have been around for years. But now it's getting even worse with the flurry of URL shorteners. Not only can't you see what the real URL points to, its main purpose is to track, track, track.

    Personally, I don't believe it makes sense to have a web completely free of "web bugs". I'd rather have some pretty strong laws, along the lines of the presumption of innocence, so that anything collected about you can't possibly be used against you if it was obtained "by chance". That would be a start.

    --
    escape the corporate world, code for fun and profit

    1. Re:Guilty as charged by orngjce223 · · Score: 5, Insightful

      Here's the thing. People don't *want* to be tracked across websites. (Just like they don't *want* to see ads at all... but I digress.) The equivalent is the local store providing a small button-sticker, without your permission, at the door that not only lets their associates direct you to sections you might actually be interested in, but track you via GPS into other stores to see what you buy. And I mean you can take them off later (delete the cookies and all that), but then every other store provides the exact same sticker and some require you to present the sticker at every counter for service. It's something that a paranoid would probably say already happens, but the fact is, that this is turning us *all* paranoid. I don't like being paranoid.

      On the other hand, Mr. President Obama has kept quiet on privacy, so we don't even know what his stances are on this issue...

      --
      Note: I was 13 when I wrote most of this. Take with several grains of salt.
    2. Re:Guilty as charged by lavacano201014 · · Score: 4, Insightful

      Yeah, it's one thing if they stick a cookie on your computer saying "He logs in as lavacano201014, and he gets the password right", or "I've been here before, don't count me as a new visitor". It's like those events where they stamp your hand to show "You've paid, you just went outside for a smoke". It's another thing if they record personal information that you'd rather keep to yourself. It's like forcing them to tattoo your name and Social Security Number to your forehead and both arms. Do you really wanna wander around with "I'm John Johnson, my SSN is 555-55-5555"? That's my stance. Of course, if you really DO want to wander around like that, none of my business.

      --
      A wise man once said, "Where is my other quotation mark?
    3. Re:Guilty as charged by BitZtream · · Score: 3, Insightful

      You do realize this already happens right? And stupid people play into it. Those retarded 'club' cards for every freaking grocery store, sporting goods store, (insert store type here) store. The price you see on the label is always the 'club' price, which you pay more if you don't use their 'club' card. They send you directed advertisements in the mail and design the store displays and advertisements to direct you to the place in the store where they think they can upsell you the most.

      The only people turning paranoid are geeks too stupid to realize they have been able to do this for years and it doesn't just happen on the Internet. 'Web bugs' are nothing new, you've just been too dumb to notice them in the past.

      'People' don't CARE if they are tracked. Slashdotters freak out about it. If people gave a damn they wouldn't be so happy to sign up for those cards. They KNOW they are being tracked cause most of them happily send you reports regularly telling you what you've spent your money on.

      You guys need to pull your eyes off the monitor for a few minutes and stop thinking that everything on the Internet is new. Most of it isn't, not be a long shot, its just a variation on some scam from else where.

      If you actually were worried about being tracked you'd use cash and never buy anything off the Internet.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. Defective by design by Torodung · · Score: 3, Insightful

    The law: this is the thing that really deserves this tag.

    Defective by design, my friends. You have no privacy from the powerful.

    --
    Toro

  3. It's the INTERNET for crying out lud by Anonymous Coward · · Score: 4, Funny

    What the fuck did you expect? If you want "privacy", stay home. Oh, wait.

  4. We need to take care of our privacy. by Krneki · · Score: 5, Informative

    NoScript can stop most of the scripts running in the background when you visit a web page.
    https://addons.mozilla.org/en-US/firefox/addon/722

    --
    Love many, trust a few, do harm to none.
    1. Re:We need to take care of our privacy. by AnalPerfume · · Score: 4, Informative

      A decent cookie policy helps too. CSS Lite along with a "deny all cookies" default works wonders in that regard. Then just like NoScript you van allow them temporarily or permanently on an individual basis when a site you need demands them.

    2. Re:We need to take care of our privacy. by spottedkangaroo · · Score: 3, Informative

      There are three main strikes against noscript though... 1) it's irritating and doesn't necessarily protect against 1x1 pixel or iframe attacks anyway; 2) it sucks and breaks things like OpenID, which are necessarily cross site scripting; 3) the guy's a total fuck head (see adblock).

      --
      Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
    3. Re:We need to take care of our privacy. by drinkypoo · · Score: 4, Informative

      1) Use adblock pro and it will whack most of those 2) You can enable sites one by one if you need OpenID, ReCAPTCHA, etc 3) This part is true :(

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Lie, cheat and steal. Why keep acting surprised? by swb · · Score: 3, Informative

    Why do we keep having studies like this? It's like having more studies to prove that gravity will cause a rock to drop on the ground; it's pretty well understood without having to have yet another study remind us that given even the slightest chance to lie, cheat or steal, corporations will willingly and vigorously lie, cheat and steal.

    While I'm not "old" I am, at 42, at the point where I just tune out anything a corporation tells me. It's all bullshit. All of it. And I often ask myself why I don't make every attempt to rip them off as often and as completely as I can -- just fuck off being honest, all you get is ripped off anyway. There is no "fair" or "middle ground", it's just "how badly do you want to get lied to/cheated/ripped off?"

    In spite of this and in spite of my equally strong cynicism that government can "fix" this, why don't we treat these corporate fucks properly?

    For so many of these frauds, jail just isn't good enough, or it doesn't provide the right life lesson. These people need to know just exactly what the shit end of the stick feels like. Here's a suitable punishment for corporate malfeasance:

    1) Corporate thief *and* immediate family, including wives divorced after the initiation of fraud, stripped of ALL personal possessions, property, real estate and financial assets. YOU MAY NOT EVER PROFIT FROM YOUR CRIME NOR ENRICH YOUR FAMILY. YOU HAVE LOST EVERYTHING. FOREVER.

    2) Forced to live a residence in a neighborhood with at least 50% of the population at or below the poverty line. POVERTY SUCKS.

    3) All family members required to work at a job which pays no more than 2x the poverty wage for whatever size family they consist. Any money earned over this amount is forfeited. YOU WILL NEVER GET AHEAD OR EVEN CATCH UP.

    4) No financial or material support of any kind from the outside, including support in-kind (free rent, forgiven debt, etc). AND NOBODY WILL HELP.

  6. Even whitehouse.gov has a web bug by karl.auerbach · · Score: 5, Informative

    Even the Whitehouse.gov website has a 1x1 pixel web bug that is in violation of their own privacy policy, not to mention 5 USC 552a.

  7. This is new?! by erroneus · · Score: 3, Insightful

    ADVERTISERS are Anti-Privacy People!!! They would create massive databases tracking every single man woman and child on the planet if they could and many are still working on that very thing.

    Google is an advertiser. When you break it down, Google's motivation is making money by selling advertisements in various forms and means.

    Here's other news: Advertising WORKS!!! They wouldn't do all this if it didn't yield results. And that will never change. Our consumer culture is so developed that people can't imagine any other way of seeing the world they live in.

    And here's an interesting aside -- according to my younger brother who recently went through law enforcement training informed the family of an interesting bit of trivia. He told us that the code word for "mentally retarded person" is "CONSUMER." He was not joking. Let that settle in... There are so many different areas where "consumer" is used to describe people and it makes you think doesn't it? We're all the brainless pawns in their business strategies and plans.

  8. Re:...and so what? by Anonymous Coward · · Score: 5, Funny

    Those are excellent points.

    BTW, from your recent purchasing history on one of our affiliate sites we've noticed that you are interested in laxatives. May we suggest "Stool-Max" (tm), the new and improved laxative to provide 24 hours of continuous relief? Many customers who are fans of Bon Jovi like yourself, have benefited from this breakthrough product.

  9. Re:...and so what? by martin-boundary · · Score: 4, Insightful

    Is this an invasion of privacy? I don't think so.

    See, the problem is that my privacy is none of your business. I don't care what you think is acceptable to me. Speak for yourself.

    If a surfer visits your site, they have a certain expectation of viewing your content. Now you've decided to share that two-way communication with a hidden third party, who offers you a service (so far so good) in exchange for access to the visitors (that's the problem). Your visitors have not entered into any relationship with the third party, and are not getting any service from them. So why are you letting them get milked?

    Think of it this way: Do you carry a hidden tape recorder in your pocket so that you can record all your conversations with your friends and colleagues, just because the weird guy down the street is paying you 10 bucks a week to let him listen in on anything he likes? Would you consider that acceptable behaviour from any of your friends and colleagues?

  10. Re:Privacy is Possible by twostix · · Score: 3, Insightful

    "Do people have a right to complain if they aren't willing to lift a finger to protect themselves?"

    Why yes, yes they do.

  11. Doubleclick by MrKaos · · Score: 3, Informative

    Ghostery found 1 web bug on Slashdot

    --
    My ism, it's full of beliefs.