Slashdot Mirror

← Back to Stories (view on slashdot.org)

RapLeaf Is Back and Bad As Ever

Posted by timothy on from the making-a-list-checking-it-an-infinite-number-of-times dept.

itwbennett writes "Privacy blogger Dan Tynan opted out of data aggregator RapLeaf back in 2010 — and wrote about it. At the time, opting out seemed to work well enough. But fast forward a couple of years and ... they're baaaack. While testing a privacy service called Safe Shepherd, Tynan discovered that 'not only [is he] not opted out of RapLeaf's database, they've also gathered far more information about [him] than they had before.' And it's a pretty good bet some of the data came from Facebook apps, which is a practice that the company was slapped for in 2010 and claimed to no longer do."

17 of 78 comments (clear)

  1. Cookie based opt-out by Anonymous Coward · · Score: 4, Informative

    Opt-out policy

    This company provides a cookie based opt-out. An "opt-out cookie" is set by the browser. This provides a request that ads should not be customized through your web browsing activities and preferences. You will continue to receive ads but this company will not use this information to select behavioral ads you see online. You must opt-out again if cookies are deleted and required for each browser type and new computer. Third party cookies must be accepted for opt-out to work.

    So, if you wipe your cookies, you "opt back in".

    1. Re:Cookie based opt-out by Anonymous Coward · · Score: 4, Informative

      There are Firefox add-ons (and probably Chromium equivalents) that automatically give you opt-out cookies, and make sure they won't be deleted. Beef Taco comes to mind.

    2. Re:Cookie based opt-out by ben_shepherd · · Score: 5, Informative

      There are two types of ways to opt out of Rapleaf that should be distinguished here. The more robust way (assuming they respect it) is to go through their "permanent opt-out" form (http://www.rapleaf.com/opt-out/), which removes you from their database. What the cookie opt-out does is disable their third party tracking of you as you browse the web. If you're interested in removing yourself from all of the major data broker and people search sites check out our manual opt out guides: http://blog.safeshepherd.com/how-to-block/ . Or better yet, give our service a try.. guarantee you it will save you a lot of time and worry if you care about these sites selling your personal information.

    3. Re:Cookie based opt-out by gandhi_2 · · Score: 3, Funny

      just a bit paranoid

      Is that a twitter bird next you your id?

      --
      THL phish sticks
  2. Follow the money by Jawnn · · Score: 4, Insightful

    This behavior not going away until it becomes to expensive, in terms of bad PR as well as fines, for dishonest practices. You either honor your customers' request/expectation of privacy or you don't. If you don't it should cost you. Currently it simply doesn't, so the so-called free market being what it is, we see rampant abuse like this. Mind you, the clueless legions who so blithely bend over to have their privacy raped by Facebook et al deserve a fair share of the blame here, but it is not realistic to expect most of them to fully understand just how bad an idea it is to let some of these go on. For that reason, regulation is in order, and I mean real regulation, with teeth and a budget to enforce it. I will not hold my breath.

    1. Re:Follow the money by Joce640k · · Score: 2

      Yep.

      Earnings - fines = profit.

      If earnings are bigger than fines then profit is a positive number. The fines are just operational overheads.

      --
      No sig today...
    2. Re:Follow the money by tlhIngan · · Score: 2

      This behavior not going away until it becomes to expensive, in terms of bad PR as well as fines, for dishonest practices. You either honor your customers' request/expectation of privacy or you don't. If you don't it should cost you. Currently it simply doesn't, so the so-called free market being what it is, we see rampant abuse like this. Mind you, the clueless legions who so blithely bend over to have their privacy raped by Facebook et al deserve a fair share of the blame here, but it is not realistic to expect most of them to fully understand just how bad an idea it is to let some of these go on. For that reason, regulation is in order, and I mean real regulation, with teeth and a budget to enforce it. I will not hold my breath.

      Hint: You're not their customer. You're their product.

      RapLeaf, Facebook, Google's customers are not who we normally consider the users. They're advertisers ,marketers, etc, the ones who pay these companies money in exchange for information collected.

      Contrast this with say, buying an iPhone, in which case you're Apple's customer and Apple strives to satisfy the people who pay for it. For Microsoft, things are more blurry because you're their customer sometimes (e.g., buy Windows, Office, Xbox, etc), and sometimes you're the product (e.g., Bing, Hotmail/Outlook.com, etc).

  3. Re:Opt Out? by frootcakeuk · · Score: 2

    Sorry, typo in the OP's provided link. It does work.

    --
    Remember kids: What's right isn't as important as what's profitable.
  4. Re:Opt Out? by preaction · · Score: 2

    The opt-out link I found was https://www.rapleaf.com/opt-out and it seems to work fine. Disclaimer: I hold no opinion on this site and what it does, I am interested only in well-reasoned arguments based on facts.

  5. Hmmm ... by gstoddart · · Score: 3, Insightful

    So, you don't trust the company (which is a given), but somehow we're supposed to trust that opting-out actually does anything or causes them to delete anything?

    If anything, it sounds like the fact that you opted out gave them more information about you and more reason to find more.

    Opting out of this kind of shit is like "click here to unsubscribe" which comes with spam to make it look compliant -- they're not going to do it.

    I mean, he's talking about logging into his account on their server to see what information they have about him -- I sure wouldn't sign up for this in the first place.

    Laws need to change so the default position isn't "company can do whatever it wants without telling you". Of course, they'd scream and howl that it was cutting into their "freedom of speech" or corporate profits, but I don't see why it should be something which they decide how it gets used.

    --
    Lost at C:>. Found at C.
  6. Re:Opt Out? by macraig · · Score: 4, Interesting

    And BTW, that page relies on no less than 10 external "trackers", according to Ghostery:

    AppNexus
    DoubleClick
    Google +1
    Google AdWords Conversion
    Google Analytics
    HubSpot
    MixPanel
    Outbrain
    ScoreCard Research Beacon
    SnapEngage

    People are quite likely collecting data on your choice to opt out....

  7. How we verify opt-outs at Safe Shepherd by ben_shepherd · · Score: 5, Informative

    Hey guys, I'm Ben, a developer at Safe Shepherd. Data brokers and people search sites like Rapleaf have a bad habit of blocking or flat out ignoring opt out requests. Recently we implement a system of verified removals whereby we check whether the opted out record actually still appears on the data broker's website. This allows us to identify whether they're being generally honest and whether another opt-out needs to be sent on a case-by-case basis. I set up the verified removals to run as a daily cron task, so we can identify whether records re-appear even after they've been removed (yes, data brokers do this). Also fwiw we've written up some manual opt-out guides for all the major data brokers and people search sites in case you want to do the removals yourself rather than through our service: http://blog.safeshepherd.com/how-to-block/

    1. Re:How we verify opt-outs at Safe Shepherd by ben_shepherd · · Score: 2

      methods users might try that either block the trackers' ability to collect data in the first place

      1. 1. Avoid publicly accessible pages on social sites like LinkedIn, OkCupid, Facebook. People search sites crawl these to build up their data sets. We recently added a social monitoring feature which will show you a snapshot of your social profiles from a non-logged in user perspective which can help with that.
      2. 2. Practice safer browsing habits. Lots of plugins like Ghostery that can help with this.
      3. 3. You're never going to completely prevent them from getting data as long as you're living a normal 21st century life. Most people have real estate records, voting records, retail stores selling their info, etc. That's why removals are a must if you care about people being able to buy your info online. I wrote a blog post about your question here: http://blog.safeshepherd.com/resources/steps-to-privacy-controlling-your-personal-information/

      When we do opt outs we try to send the bare minimum amount of info.. But the data brokers and people search sites go out of their way to require ridiculous things such as faxes of photo IDs. We automate the process, though believe me we don't like having to ask our users for this info. We also go to extra measures to use encryption wherever possible. For example we literally can't view the photo IDs of our users even if we wanted to.

    2. Re:How we verify opt-outs at Safe Shepherd by ben_shepherd · · Score: 2

      Hey, sorry if that wasn't clear. Our app servers lack the SSH keys required to view the IDs under any circumstance, but our fax servers are capable of sending them as unencrypted images. This is setup so that a Rails glitch or console error can't result in the viewing of IDs.

  8. Re:Opt Out? by Sporkinum · · Score: 2

    Isn't ghostery owned by Evidon, who also owns Rapleaf? I wouldn't trust either of them.
    However, I wouldn't trust Safe Shepherd either as they are aggregating info as well.

    Seem like best bet for yourself is to stop scripts from running and cookies from storing.
    Also, most of that technology is rendered useless if you are blocking ads because you never see what their magic mojo is throwing at you.

    --
    "He's lost in a 'floyd hole"
  9. Re:...Evidon, who also owns Rapleaf? by X0563511 · · Score: 2

    AdblockPlus + easylist + easyprivacy + noscript (for the extra careful). Kind of hard for doubleclick to track me if I don't load resource from them and don't run their scripts!

    I'm sure there are some items that slip through, but implementing them requires more significantly more coordination between the trackers and the site itself. I'd wager this gets rid of nearly all of it.

    (and advertisements in general, which I -do-not-want- anyway. I know that's how sites get paid, frankly I don't care. Friendly fire. You all ruined that party yourselves - had you not been stupid assholes about it for so long, I might not block you like I do now.)

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  10. Disclose Your IPs by VortexCortex · · Score: 2

    I think all companies should be required to disclose all their public facing IP addresses, and business parters that they share data with. This way we can create a web spider that can completely block all of one's traffic between yourself and the company. Think about it. The problem is that we don't know where our browsers are connecting to -- The browser does, but users typically don't know except for the address bar (which is only a small percentage of the connections made on a typical page). Seriously, if your browser popped up "Would you like me to send a request to 'DoubleClick.Net'? [y/N] [x] remember this choice" Would ANYONE actually say yes?