Slashdot Mirror
RapLeaf Is Back and Bad As Ever
itwbennett writes "Privacy blogger Dan Tynan opted out of data aggregator RapLeaf back in 2010 — and wrote about it. At the time, opting out seemed to work well enough. But fast forward a couple of years and ... they're baaaack. While testing a privacy service called Safe Shepherd, Tynan discovered that 'not only [is he] not opted out of RapLeaf's database, they've also gathered far more information about [him] than they had before.' And it's a pretty good bet some of the data came from Facebook apps, which is a practice that the company was slapped for in 2010 and claimed to no longer do."
Back in the time ad companies like DoubleClick existed on a broad swath of Web sites, so they were in a unique position to get a 30,000 foot view of your Web surfing habits. All they had to do was drop a cookie file on your hard drive. Whenever you visited a site containing a DoubleClick ad, it checked your hard drive for that cookie, and added that web site and any information associated with it to its profile of you.
But Doubleclick couldn’t actually identify you personally; it identified your browser, which could be used by anyone in your household. And (after a lot of pressure from privacy wonks who were also not your mother) it and other ad companies like it offered you the opportunity to opt out of being tracked, though it never really worked all that well.
Fast forward ten years. Doubleclick is now owned by Google. So-called “behavioral marketing” is all the rage in Net advertising. People are now sharing information about themselves on social networks like it’s going out of style. And companies like Rapleaf and Google are there vacuuming it all up and spitting it out to advertisers – supposedly anonymously, though now we know better.
Opt-out policy
This company provides a cookie based opt-out. An "opt-out cookie" is set by the browser. This provides a request that ads should not be customized through your web browsing activities and preferences. You will continue to receive ads but this company will not use this information to select behavioral ads you see online. You must opt-out again if cookies are deleted and required for each browser type and new computer. Third party cookies must be accepted for opt-out to work.
So, if you wipe your cookies, you "opt back in".
The whole thing states previous facts, but when it comes time for you to actually say that rapleaf is back and doing their business again you use the phrase "pretty good bet".
So unless you have real proof of something, real facts and first hand knowledge don't make claims you cant back up.
This behavior not going away until it becomes to expensive, in terms of bad PR as well as fines, for dishonest practices. You either honor your customers' request/expectation of privacy or you don't. If you don't it should cost you. Currently it simply doesn't, so the so-called free market being what it is, we see rampant abuse like this. Mind you, the clueless legions who so blithely bend over to have their privacy raped by Facebook et al deserve a fair share of the blame here, but it is not realistic to expect most of them to fully understand just how bad an idea it is to let some of these go on. For that reason, regulation is in order, and I mean real regulation, with teeth and a budget to enforce it. I will not hold my breath.
Wikileaks showed us the way. The only thing left to talk about is public access to data, especially data on people in privileged positions.
Nothing can really be done to control black and gray market data. And, little or no actual control can be exerted on the "legal" companies and practices as well. Even if you manage to hide your own data through various means, it complicates and restricts life, and does nothing about the data of the rest of the population, which affects and includes your data.
The only real secrets are those of people who can afford the expenses of keeping secrets - corporations, governments, and their associated criminals.
No, the path is now to acquire public access to data on these people.
Build your own energy sources from scratch. http://otherpower.com/
I find it ironic yet unsurprising that the 'opt out' link doesn't work. https://www.rapleaf.com/opt_out
Remember kids: What's right isn't as important as what's profitable.
So, you don't trust the company (which is a given), but somehow we're supposed to trust that opting-out actually does anything or causes them to delete anything?
If anything, it sounds like the fact that you opted out gave them more information about you and more reason to find more.
Opting out of this kind of shit is like "click here to unsubscribe" which comes with spam to make it look compliant -- they're not going to do it.
I mean, he's talking about logging into his account on their server to see what information they have about him -- I sure wouldn't sign up for this in the first place.
Laws need to change so the default position isn't "company can do whatever it wants without telling you". Of course, they'd scream and howl that it was cutting into their "freedom of speech" or corporate profits, but I don't see why it should be something which they decide how it gets used.
Lost at C:>. Found at C.
Please tell me I'm not the only one who had to read the title three times to realize it's not called "RapeLeaf."
Hey guys, I'm Ben, a developer at Safe Shepherd. Data brokers and people search sites like Rapleaf have a bad habit of blocking or flat out ignoring opt out requests. Recently we implement a system of verified removals whereby we check whether the opted out record actually still appears on the data broker's website. This allows us to identify whether they're being generally honest and whether another opt-out needs to be sent on a case-by-case basis. I set up the verified removals to run as a daily cron task, so we can identify whether records re-appear even after they've been removed (yes, data brokers do this). Also fwiw we've written up some manual opt-out guides for all the major data brokers and people search sites in case you want to do the removals yourself rather than through our service: http://blog.safeshepherd.com/how-to-block/
How is it illegal?
What someone should build is a system that completely fucks up their data. Makes it wildly inaccurate.
Should be available in at least Chrome. I'm sure there are firefox variants as well.
"Isn't ghostery owned by Evidon, who also owns Rapleaf? I wouldn't trust either of them.
However, I wouldn't trust Safe Shepherd either as they are aggregating info as well."
Nice bit of homework there. Is there a more free/open plugin that does the same kind of thing that Ghostery does by providing lists of blocked trackers? I'd be happy to use that instead.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
RequestPolicy will block all third party requests by default, which will block the cookies that come with it. (They do allow, by default, links between a site and it's CDN domain though.)
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
AdblockPlus + easylist + easyprivacy + noscript (for the extra careful). Kind of hard for doubleclick to track me if I don't load resource from them and don't run their scripts!
I'm sure there are some items that slip through, but implementing them requires more significantly more coordination between the trackers and the site itself. I'd wager this gets rid of nearly all of it.
(and advertisements in general, which I -do-not-want- anyway. I know that's how sites get paid, frankly I don't care. Friendly fire. You all ruined that party yourselves - had you not been stupid assholes about it for so long, I might not block you like I do now.)
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I think all companies should be required to disclose all their public facing IP addresses, and business parters that they share data with. This way we can create a web spider that can completely block all of one's traffic between yourself and the company. Think about it. The problem is that we don't know where our browsers are connecting to -- The browser does, but users typically don't know except for the address bar (which is only a small percentage of the connections made on a typical page). Seriously, if your browser popped up "Would you like me to send a request to 'DoubleClick.Net'? [y/N] [x] remember this choice" Would ANYONE actually say yes?
I got half way there - I have been using adblock for years. However, however flawed it might be, Ghostery at least pointed out those lists of cookie-whatever tracker companies that aren't actually serving ads.
I haven't heard about easyprivacy before, so I might look into that. I think I tried and abandoned noscript a few times because it's a bit too fierce and it became a lot of work to add-in the sites I wanted to run stuff (yahoo mail, monster jobs site, but a surprising number of others now escaping me.)
Elsewhere someone mentioned requestpolicy.
However, I was particularly interested in finding one of these services that doesn't just block stuff, but produces the ordered list in realtime of what in fact it did block. For example, besides Google, that SafeShepherd site uses "Mix Panel" and "Perfect Audience". So that's why these "privacy companies" make me giggle grumpily - "hmm, so you're a company that wants to offer to remove tracking info, so why do you have those enabled and what do they track?" This is something like the third of these "privacy services" showing up this year, each with little wiggly angles they are playing.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Message received and decoded. Operation Pastry Badger is go.
Just a note: I'm sure some of those trackers are actually from the advertisements, which are loaded from third-party systems that the site does not have immediate control over.
Did/does the site have any kind of advertisements on it that you noticed?
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Hi there.
I didn't do any extensive analysis, which in some ways is my point - the data to do the analysis with on these kinds of questions eventually buries into "company proprietary info". To clarify, the other half of my point is that I am used to and sorta don't care that the top "newsrags" have a huge collection of stuff going on. Let's say that Ghostery works, and blocks them, and then Evidon does whatever they want later. In the modern age, I expect many sites to deploy stuff.
But I hold "privacy companies" to far higher standards because of the specific nature of the services that they purport to sell. So as a consumer, it's absolutely not my job to be wondering why those elements are on a privacy site's page.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Sadly, what you have done is not enough.
You missed Google fonts. Practically EVERY Wordpress template contains them as it's one of the few resources available to create a better design without having to license fonts for download. Google doesn't do that out of the gentleness of their non-existing hearts: every time you load a Wordpress page which uses Google fonts you create a hit on their fonts API.
Granted, if you nuke cookies they will not have a fully accurate lock on you as a person, but that's where geolocation comes in - Google does not HAVE to be accurate, all they need is a reasonable approximation. In principle we should ALL use the web via proxy, but it's ridiculous that I have to defend what is my RIGHT because setups like Google are allowed to break the law with impunity (at least in Europe)?
Insert