Slashdot Mirror
Internet Privacy a "Joke"
Forrester Research has released a study of the internet which claims that "90% of sites fail to comply with the five basic privacy protection principles" and "most privacy policies are a joke." To read the full report, you need to be a paying client, but the E-Commerce Times reprints some tidbits. Among them: the research firm, contradicting a Georgetown University study accepted by the Federal Trade Commission just two months ago, recommends that the FTC take action because third-party oversight is not proving effective.
Does anybody else think that the title of that article is highly misleading? The point of the article seems to be that privacy on certain (most ?) E-commerce Web sites is a joke, it doesn't adress privacy on other parts of the net (E-mail, non E-commerce sites, etc.). Or is this again the case of a journalist not knowing the difference between the Web and the Internet?
i own a web hosting company, I made a email account, never used it, NEVER EVER signed up to anything with it, i let it set on a non-used server, and after 5 months, it had over 500 spam messages in it. Now how did this happen? This happens to everyone
Or how long before your life-insurance premiums go up as a result of the data stored on that site. Or until you get barred from certain jobs based on that info. This type of information can generate for more natiness than ads if revealed.
i am apart of it, i run the servers for them.
You can't collect any benefits without a SIN. It's the only way for the government to know how much you make, and thus how much UI to pay.
Sean Comeau
I very much agree with most of the writers that
privacy on internet is in a very bad shape,
especially for non-expert users.
I'm currently trying to start-up an E-company
which directs exactly this problem, and is trying
to work on the following principles:
. Full (seamless) control of privacy. In no way
will ever any data be given which can compromise privacy being
. Give the user the possibility to sell privacy
data
. Give the user the possibility to sell his
"attention"
This will be a commercial initiative, but we want
to put users first in everything we do. We also would want to develop some of our products in an
opensource environment to increase the trust from
our customers.
I would be very interested to talk to people who
are working on similar matters, or are interested to help me in any way, or just want to discuss our ideas.
We're still in a very early stage and all help is
welcome! Drop me a mail.
Klaas Naaijkens
nospam.kjn@iol.it.spam!no!
PS: I hope this is not off topic
Having a unique email address for different web sites is a wonderful thing. I have to admit that I really haven't gotten much spam, though. Well, my mp3.com address gets crap from mp3.com, and the address I gave to NSI get crap several times a week, but I think that one is people mining "whois". Oh, and I've gotten one spam from my Usenet address. Wheee!
If you have problems with spam, mail me, and I'll send you a (GPLed) preview of my spam-sorter. I'm in the process of making an `how to avoid spam' page, and I'll see if Slashdot accepts it anytime soon ;-)
/* Steinar */
(This comment is of course GPLed.)
I have found that I have been fairly spam free. I think a major reason for this is that I configure no identity in my web browsers, and accept only cookies that return to the originating server.
:-P It always amuses me when I get "Dear fellow X" (X being something that has zero commonality with the relevant newsgroup) emails on accounts that I create for RPG characters. That'll teach me to post to News with a valid return address.
On the other hand, if you want to get lots of spam, just post regularly to a Usenet newsgroup without munging your identity.
I have a new Yahoo email address that as yet has never been used for anything but private email. I wonder how long it'll take before I get spam to it...
...I made a email account, never used it, NEVER EVER signed up to anything with it, i let it set on a non-used server, and after 5 months, it had over 500 spam messages in it.
Just 'cause YOU never used the account, doesn't mean no one did. Someone else might have used the account name (just happened to pick that name?) specifically to misdirect all their spam to.
If I create (f'rinstance) the account "nospam@hotmail.com", and then never ever use it, should I be surprised that it fills up with spam?
From the "How does freedom work" section:
It seems to be growing more and more popular by the minute, and once it is out of beta I might just consider it. Or will I? How terrible of a thing is it that companies know lots about us? The information has always been there about our grocery buying habits, our eating habits, our salaries, our personal histories...all that is required is a simple check by an unscrupulous soul. The internet is supposed to be the last frontier I suppose. Is anyone really surprised, though, that it's getting so commercial?
Regards,
-efisher
---
this
ZKS' stuff is interesting, and I could see myself purchasing it, but that's not a general solution for everyone. Theoretically, privacy is an inherent freedom, not one that should have to be bought and paid for; some of us are lucky enough to live in our privacy-gated communities, but most people out there aren't.
From looking at my slashdot profile, it appears I'm a geek obsessed with GPL or biology related news. Wouldn't want that to become public knowledge...
At least I can always become an AC if I want to talk about embarrassing topics like IPv6.
I mean, we just don't have one. We've got hundreds of pages, we don't collect data (except counts of pages and domains of visitors), and we don't tell you what our policy is.
Of course, if someone's thinking of hacking it, or doing something else like that, we want them to think we will collect that data. It is in the logs, but we never use it.
So?
Will in Seattle
Zero Knowledge Systems
Check them out, its good stuff.
Gnothe se Auton
> The real problem is that most people just don't care about privacy.
Or the truth. See below...
> Absolutely no company has the right to ask for SINs unless they are employing you.
There is NO law that REQUIRES a person to have a SIN. And yes you CAN legally work without one.
"I am not a number, I am a Sui Juris!"
(With apologies to "The Prisoner")
Cheers
This theory does explain why people in large cities tend to ignore those who need help while those in small communities are more likely to help each other.
The components needed to force cooperation were a relatively equal power distribution, and a good chance of meeting each other again.
Having privacy on both sides limits the urge to cooperate. The problem with the eCommerce site is it's really only one way privacy, the corp has some level of privacy (with respect to what they're doing with the data their collecting, who they're selling it to, etc), while the average user has very little. Additionally, and more importantly, the corp has much more power then any individual user. So there is little incentive for the corp to be cooperative.
It might be interesting to require that the corp to disclose as much information about itself as it collects from users. Though the power imbalence would still exist.
If not that then a consumer review web site where people can post the results of interactions with particular corps. By having some way of maintaing a list of how a company has performed the corp would have to cooperate more fully in order to protect it's reputation, and thus it's continued existance. This would even the playing field between the corp and the users.
Though of course after aguing for this I still really don't want them analyzing my life to figure out the best way to manipulate me--unless they manage to figure out that I've made the personal comittment to refuse any form of push advertising.
I have to wonder sometimes... Slashdot visitors are some of the fiercest, fiery advocates of the GNU line... "information wants to be free". But enter something like this "but only when I decide it's okay" or "but not for The Man"... *sigh*
Open Source. Closed Minds. We are Slashdot.
I get a lot of email, and 40% of it is spam. Sites have posted my email address without my consent. I'm resonably sure that supposedly trustworthy sites are selling my personal information. I routinely block cookies to nearly every site, I use a Windows personal firewall program (AtGuard) to block a lot of network traffic, and surf through a proxy. Yet despite all these efforts information slips out.
So the other day I was reading a book in which a spy had a number of false identities complete with passports, credit cards, Social Security addresses. That got me thinking: "This is what I need." An identity I'd use all the time online that wasn't actually "me" so if information slipped out it wouldn't actually be my personal information.
Seeing how knowledgable some Slashdotters are when it comes to obscure things like numbered swiss bank accounts, etc. I thought I'd ask what you people know about false identities.
How hard would it be to get a credit card / bank account under another name? What are the legal issues involved with doing the above?
- Act as a personal firewall, screening incoming and outgoing packets and connections. Strange to relate, there are script kiddies out there who will try to hack your home PC.
- Block HTTP cookies, referer, browser and email ("From") headers on a site-by-site basis,
- Block adverts (and also tell you how much bandwidth you have saved thereby)
- Fix animated GIFs to play once only instead of repeating
I really like it. The firewall is probably the coolest feature: you can block, permit and log any connection or packet based on remote address, local port number and local executable name.BTW, I have no connection with them other than as a satisfied customer.
Paul.
You are lost in a twisty maze of little standards, all different.
If you want real privacy head over to www.zeroknowledge.com and get the Beta of their privacy-securing product: Freedom(TM).
I think that it is reasonable that in this day and age you have to pay a little something for your privacy. How can people willing to pay x thousand dollars for the swankiest new computer, and 20+$/month for Internet access (please don't reply just to tell me how little you get your internet access for) complain about another couple bucks to keep the corporations and the government from finding out who they are?
In the phone directory you have to pay a little bit extra to not be listed. You can use a false name for no charge (as you can on the internet), but the phone company can trace any old call back to you, with an appropriate court order. The internet is the same way - publicity is the default and privacy will cost you.
Perhaps a better way to think about it is: The amount that you pay to use the Internet is the amount that it costs, discounted by the value of your personal information. If you take back that privacy, you forfeit the subsidy you have gotten from your publicity. The end result is the same, except that the default is cheaper, and encourages more people to enter the media. [This analogy is not technically complete, but is functional]
Those who care CAN reclaim their privacy, but it is not done for them by government regulation. Sounds fair to me.
intensely personal. Have you heard or seen medical-record.com? The basic idea is storing all of your medical information online, having world-wide access, 24/7 to your vital medical info. So you get hurt somewhere in China, a walet card or emergency bracelet notifies the DR. of how to retrieve your info.
Their services are touted as a huge departure for medical services world-wide, and one of the best things to happen to patients. Unfortunately, they do not openly describe what they do with the information they gather -- they are selling compiled data "anonymously" to various research firms etc. But at some point, in order to retrieve your record, there is a cross-reference between your name, and your records.
How long before pharmaceuticals start purchasing targeted ad space? How long before someone breaks in?
basta
The real problem is that most people just don't care about privacy. Whenever some company asks for personal information most people give it up. If Joe Q. Random decided not to do business with a company because he was required to give out private information (that is not really needed anyway) things would change fast.
Credit card numbers should only be requested when it is time to pay for goods and/or services. You don't give your credit card number at the front door of a store. I don't see why you should do so in an e-store. Credit card numbers also shouldn't be stored forever. They should be destroyed when the store receives the funds from the credit card company. (unless there is some other legal reason that required the store to hang on to them... I'm not sure what the rules are.) As far as I know (correct me if I'm wrong, I'm Canadian) Social Security numbers should be shared with the following people: You, Your employer, and the Tax Man. I'm pretty sure they are not for identification. Absoltely no company has the right to ask for SINs (Social Insurance Numbers... Canadian version of Social Security) unless they are employing you.
Don't bother telling corporations to act differently. It's a waste of time. Instead, tell your friends to think about what information they are willing to give up. The bad companies will fix themselves when they start to lose money because they ask for personal information that they don't need to supply the goods and/or services they are selling. On the flipside, companies sometimes do need to know who you are. We can't do business if we are all anonymous. Most stores won't take credit cards or cheques without ID - e-stores are not different. Someone needs to implement a digital wallet to mitigate this problem. If it was possible to "pay with cash" over the net then most places wouldn't even need to ask for your name.
As for protecting the privacy of your favorite colours/songs/foods or whatever, forget it. If you want that stuff to stay secret then keep your mouth shut. OBVIOUSLY companies are going to record this and use the information to market something towards you. I don't see anything unethical about doing so. Anyway, this psychological profile junk is not an issue if the people doing the profiling don't have a clue who you are. If that's the case then the best they can say is "cool_dood235 from ppp-236.someisp.com likes the colour pink, listens to the Back Street Boys and drinks a frap at Starbucks twice a week" Wow. Big deal. I would hardly call that an invasion of ones privacy. Besides, you can always lie. A single mother who's barely making it from month to month can eaily click on "$150,000 or more" in a survey that polls for income.
Sean Comeau
Privacy issues are just one facet of the larger issue, which is the underlying structure of the internet. This is not saying that it is a poor design, but the anonymous nature of the internet works both ways--Actually, it only works one way at a time. The request/response method works well, but eliminates any interpersonal contact such as a customer talking to a merchant. Why aren't there any commerce sites that have customer service people on a chat client? The internet allows corporations to be ananymous by not having to care. The same spam filters we use can be used by a corp to automatically delete any complaint mail. Protests become pointless because you can't sit in front of the business and get your message to the people using that business. Voices matter, but there are so many voices now that it's hard to hear. The mighty /. effect is but a drop in a bucket compared to the traffic sites such as Amazon and Ebay recieve (assuming 100% uptime). Government isn't the answer in a free market or a free world. The underlying problem is that the current way the internet works has eliminated the consumer voice while giving the illusion that it is louder than ever. It's easy to find people on your side (like going to *sucks.org or alt.*.sucks), but it's near impossible to spread the word to the peole that need to hear when the only URL they know is EvilRetailer.com--Unless we resort to spamming.
OK. Ive rambled a bit, but to conclude, what I'm looking for is a more interactive foundation beyond TCP/IP and HTTP where everyone has a true voice.
"I am not a number! I am a free man!"-- The Prisoner