Internet Privacy a "Joke"

Forrester Research has released a study of the internet which claims that "90% of sites fail to comply with the five basic privacy protection principles" and "most privacy policies are a joke." To read the full report, you need to be a paying client, but the E-Commerce Times reprints some tidbits. Among them: the research firm, contradicting a Georgetown University study accepted by the Federal Trade Commission just two months ago, recommends that the FTC take action because third-party oversight is not proving effective.

Policies That Suit You

[Robert+S+Gormley]

I have to wonder sometimes... Slashdot visitors are some of the fiercest, fiery advocates of the GNU line... "information wants to be free". But enter something like this "but only when I decide it's okay" or "but not for The Man"... *sigh*

False Identity

[Merk]

I get a lot of email, and 40% of it is spam. Sites have posted my email address without my consent. I'm resonably sure that supposedly trustworthy sites are selling my personal information. I routinely block cookies to nearly every site, I use a Windows personal firewall program (AtGuard) to block a lot of network traffic, and surf through a proxy. Yet despite all these efforts information slips out.

So the other day I was reading a book in which a spy had a number of false identities complete with passports, credit cards, Social Security addresses. That got me thinking: "This is what I need." An identity I'd use all the time online that wasn't actually "me" so if information slipped out it wouldn't actually be my personal information.

Seeing how knowledgable some Slashdotters are when it comes to obscure things like numbered swiss bank accounts, etc. I thought I'd ask what you people know about false identities.

How hard would it be to get a credit card / bank account under another name? What are the legal issues involved with doing the above?

I use AtGuard to protect my privacy

[Paul+Johnson]

Try using AtGuard. It will:

• Act as a personal firewall, screening incoming and outgoing packets and connections. Strange to relate, there are script kiddies out there who will try to hack your home PC.
• Block HTTP cookies, referer, browser and email ("From") headers on a site-by-site basis,
• Block adverts (and also tell you how much bandwidth you have saved thereby)
• Fix animated GIFs to play once only instead of repeating

I really like it. The firewall is probably the coolest feature: you can block, permit and log any connection or packet based on remote address, local port number and local executable name.

BTW, I have no connection with them other than as a satisfied customer.

Paul.

The "Right" To Privacy

[CleverMonkey]

If you want real privacy head over to www.zeroknowledge.com and get the Beta of their privacy-securing product: Freedom(TM).

I think that it is reasonable that in this day and age you have to pay a little something for your privacy. How can people willing to pay x thousand dollars for the swankiest new computer, and 20+$/month for Internet access (please don't reply just to tell me how little you get your internet access for) complain about another couple bucks to keep the corporations and the government from finding out who they are?

In the phone directory you have to pay a little bit extra to not be listed. You can use a false name for no charge (as you can on the internet), but the phone company can trace any old call back to you, with an appropriate court order. The internet is the same way - publicity is the default and privacy will cost you.

Perhaps a better way to think about it is: The amount that you pay to use the Internet is the amount that it costs, discounted by the value of your personal information. If you take back that privacy, you forfeit the subsidy you have gotten from your publicity. The end result is the same, except that the default is cheaper, and encourages more people to enter the media. [This analogy is not technically complete, but is functional]

Those who care CAN reclaim their privacy, but it is not done for them by government regulation. Sounds fair to me.

info submitted online is becoming

[fawce]

intensely personal. Have you heard or seen medical-record.com? The basic idea is storing all of your medical information online, having world-wide access, 24/7 to your vital medical info. So you get hurt somewhere in China, a walet card or emergency bracelet notifies the DR. of how to retrieve your info.

Their services are touted as a huge departure for medical services world-wide, and one of the best things to happen to patients. Unfortunately, they do not openly describe what they do with the information they gather -- they are selling compiled data "anonymously" to various research firms etc. But at some point, in order to retrieve your record, there is a cross-reference between your name, and your records.

How long before pharmaceuticals start purchasing targeted ad space? How long before someone breaks in?

The consumer needs to demand privacy

The real problem is that most people just don't care about privacy. Whenever some company asks for personal information most people give it up. If Joe Q. Random decided not to do business with a company because he was required to give out private information (that is not really needed anyway) things would change fast.

Credit card numbers should only be requested when it is time to pay for goods and/or services. You don't give your credit card number at the front door of a store. I don't see why you should do so in an e-store. Credit card numbers also shouldn't be stored forever. They should be destroyed when the store receives the funds from the credit card company. (unless there is some other legal reason that required the store to hang on to them... I'm not sure what the rules are.) As far as I know (correct me if I'm wrong, I'm Canadian) Social Security numbers should be shared with the following people: You, Your employer, and the Tax Man. I'm pretty sure they are not for identification. Absoltely no company has the right to ask for SINs (Social Insurance Numbers... Canadian version of Social Security) unless they are employing you.

Don't bother telling corporations to act differently. It's a waste of time. Instead, tell your friends to think about what information they are willing to give up. The bad companies will fix themselves when they start to lose money because they ask for personal information that they don't need to supply the goods and/or services they are selling. On the flipside, companies sometimes do need to know who you are. We can't do business if we are all anonymous. Most stores won't take credit cards or cheques without ID - e-stores are not different. Someone needs to implement a digital wallet to mitigate this problem. If it was possible to "pay with cash" over the net then most places wouldn't even need to ask for your name.

As for protecting the privacy of your favorite colours/songs/foods or whatever, forget it. If you want that stuff to stay secret then keep your mouth shut. OBVIOUSLY companies are going to record this and use the information to market something towards you. I don't see anything unethical about doing so. Anyway, this psychological profile junk is not an issue if the people doing the profiling don't have a clue who you are. If that's the case then the best they can say is "cool_dood235 from ppp-236.someisp.com likes the colour pink, listens to the Back Street Boys and drinks a frap at Starbucks twice a week" Wow. Big deal. I would hardly call that an invasion of ones privacy. Besides, you can always lie. A single mother who's barely making it from month to month can eaily click on "$150,000 or more" in a survey that polls for income.

Sean Comeau

The Bigger Picture

[Octos]

Privacy issues are just one facet of the larger issue, which is the underlying structure of the internet. This is not saying that it is a poor design, but the anonymous nature of the internet works both ways--Actually, it only works one way at a time. The request/response method works well, but eliminates any interpersonal contact such as a customer talking to a merchant. Why aren't there any commerce sites that have customer service people on a chat client? The internet allows corporations to be ananymous by not having to care. The same spam filters we use can be used by a corp to automatically delete any complaint mail. Protests become pointless because you can't sit in front of the business and get your message to the people using that business. Voices matter, but there are so many voices now that it's hard to hear. The mighty /. effect is but a drop in a bucket compared to the traffic sites such as Amazon and Ebay recieve (assuming 100% uptime). Government isn't the answer in a free market or a free world. The underlying problem is that the current way the internet works has eliminated the consumer voice while giving the illusion that it is louder than ever. It's easy to find people on your side (like going to *sucks.org or alt.*.sucks), but it's near impossible to spread the word to the peole that need to hear when the only URL they know is EvilRetailer.com--Unless we resort to spamming.

OK. Ive rambled a bit, but to conclude, what I'm looking for is a more interactive foundation beyond TCP/IP and HTTP where everyone has a true voice.