Slashdot Mirror
FTC Petitioned on Data Profiling
Mephistopholies sent /. a link to an AP article about this Washington hearing, but I prefer the more complete NY Times story about it. The Federal Trade Commission is being asked to examine web profiling and tracking technology as used by the likes of Doubleclick to track users across multiple sites. The article also notes that it is likely some sort of bill to facilitate taking away individuals' domain names (you may have heard this spun as an "anti-cybersquatting" bill) will pass this year.
A side note: slashdot readers who like YRO stories should realize that we will posting an increasing number of them in the YRO section only - they won't ever appear on the main page of slashdot.org, but will be accessible via the Sections link on the left side of the page, and there's a YRO slashbox now, too, so you can see the headlines for YRO on the home page if you so desire (and are minimally competent at setting your user preferences).
Posted by NJViking:
Junkbuster can stop web redirectors from tracking where you've been. I think more and more people should be running this type of software in order to avoid being tracked by direct marketers.
-= NJV =-
How bout this: our elected officials use a little bit of common sense? We don't need a legal definition of a "rider", combined with some legalistic prohibition against them. We simply need for politicians to change the rules of congress to forbid them and stick by that promise.
Why does our society always feel the need to check its common sense at the door?
-- Slashdot sucks.
Granted on the CDA. I am very grateful that it was found unconstitutional. But the CDA would almost certainly not have been applied to the sites in question. The thing is that limiting sales of pornography is not the same thing as book burning. And yet that is the dichotomy we are eternally presented with. Society tries to assert that "an inch is as good as a mile" and if you are for something in its mildest, most attenuated form, then you must also support its most outrageous excesses.
/not/ the same thing as NSA line-eater code in every router. I think that the government regulating privacy on the net has the potential to be a Good Thing. In fact, I would like to see them do more regulation of Privacy off the net too.
If you're against total freedom for smut on the Internet (I am), its assumed that you are against the free distribution of (for example) Howl by Ginsburg (I'm not). If you're against allowing lesbian and gay households to adopt children (I am) you are assumed to be a homophobic asshole (I'm not). If you're a Christian (I am), you must be either a Fundamentalist (I'm not. On an aside, I wonder how many people who scream about the "Fundies" could define Fundamentalism as a movement? Not many from what I've seen.) or a Liberal Socialist Universalist (I'm not). If you think that Jews need Christ (I do) then you are considered to be a raging anti-semite (I'm not -- In fact, if I had been a German I would have qualified for the death camps, and I loved my Jewish grandfather dearly.)
Our society tries to condense everything into sound bites, reduce all issues to black and white caricatures. This is a Really Bad Thing! In the end, the only safe position is to have no opinions at all.
But back to the point. A little bit of censorship is not the same thing as a lot. And a little bit of government interference in the net is
-- Slashdot sucks.
What you say is true, so long as the information forbidden is totally forbidden. In order for it to be totally forbidden, it must be totally unknown.
/danger/ is when something is forbidden and totally hidden. I'm far more worried about the NSA than about the CDA -- the CDA cannot go too far beyond the realm of reasonable and proper without public knowledge, especially as /none/ of its prohibitions applied to adults so long as you confirmed they were adults. (It was still bad law, but my point is that it was not as black as you paint it).
Anti-pornography laws do not qualify. The material to be forbidden is well known and understood, and is generally not totally forbidden, only made more difficult to acquire. I realize that the "well-known and understood" is a value judgement, but at the very least there is ample opportunity for oversight as to what is being forbidden.
The
-- Slashdot sucks.
I've just come away from giving a presentation about web tracking.
It's difficult to weigh up the benefits and disadvantages for the companies and the users - on the one hand companies can really improve their site (layout, usability, quality of information) based on that information. Being able to track people across multiple sites will be enable companies to really cater for those that are coming to their site.
However, users, understandably, don't want every move of theirs tracked - presumably with the worry that they will in the end, be held accountable for that time they typed in www.pr0n4u.com.
Balancing the wants of the company and of the individual is always difficult. In the end, is the individual willing to pay the price of less privacy for a 'better' (i.e. targetted to get the most visits/$$'s from you) browsing experience? Without these measures are unscrupulous people going to join your browsing records with your browsing information?
This area is going to get very complex, legislative-wise, with products such as Novell's DigitalMe campaign to store user profiles 'for your convenience'. This is put forward as a great enabler, but in fact mostly, it is an enabler for companies to get information about you, or aggregate information about you and others, and helps you very little.
With the introduction of the W3C's P3P platform, it will be easier for users to keep track of where their personal details are going, but this kind of collaborative tracking really is a bit difficult. Obviously, DoubleClick will have a privacy policy. When they change it in the case of legislation, will they chuck away your data?
thenerd
The camels are coming.
The camels are coming. I'm in love.
This may be out of character in light of my posting history on the subject of Slashdot registration (which, relevantly enough, you can look up if interested), but I don't mind Slashdot's posting-history. I figure everything I say on Slashdot is completely public; if I didn't want people to know what I think, I wouldn't post it in a public forum, or at least not under my own name. The users.pl page just collects all the comments into a handy location, which I find very useful for keeping track of replies to my comments, etc. I just wish it went further back, keeping links into the archived stories. If someone wants to keep track of what I say, he could just as well do it by scanning all the stories for my name.
The reason I don't mind this is that it is not required. I choose to post under my real name because I consider what I say here to be public, and I choose what to say with that in mind. If I wanted to say something that I didn't want my name attached to, I'd post it anonymously (and, being paranoid, I'd probably log out and zap my cookie instead of just using this little "Post Anonymously" checkbox).
I believe it's very important for people to be able to post anonymously if they so choose, for, among other, the same reasons that concern you, but I don't insist on doing so myself. I also am very much against the discrimination that people get when they do so: defaulting to a lower score is arguable, but insulting them by labelling them as "cowards" is unnecessarily confrontational and much of the hostility that is directed toward them is unwarranted -- a lot of people seem to think "anonymous posts" and "bad posts" are the same thing, when I see only (at best) a weak correlation.
I am definitely bothered by the "to serve you better, we track you" thing that so many sites do, especially when they don't offer any special services that inherently depend on tracking, but just collect the data, presumably to improve their own operations through some sort of decision-support database, or else to sell it to other marketers. In the first case, that information is mine, dammit, and if they ask nicely, I might be willing to sell it to them, but they can't have it for free. Improving the overall quality of service that they can offer does not count as paying me. The second case is even worse -- they have no right to do that without my permission, which they will never get.
About the NYT registration thing, I just never read any story of theirs, as a matter of policy, because the privilege of reading a story (and looking at an ad banner) is not something for which I'm willing to sell my information. I used "cypherpunks/cypherpunks" a couple of times (way back), but then I decided that I don't like that. I'm just not interested enough in anything they have to say to register, or to resort to trickery, which would be supporting them with the ad banner anyway.
As for Slashdot posting links to the NYT, I don't have a problem with that -- people who don't mind it can use it, and people who feel as I do can decline to do so. There's no need for Slashdot to boycott them, even if some of us decide to do so. What I don't like is when it's the only link given for a story. I guess, sometimes at least, it's the only one available, but it's better when another link can be provided, like this time. Before long, someone usually finds the same story on another site and posts the link in a comment, anyway.
David Gould
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
There is, of course, nothing wrong with a profit motive, ...
Yes there is, if it's to the exclusion of all else. I think it's fair to blame many of the world's problems on the blind profit motive. It has corrupted government, news media, schools, our justice system, and other crucial elements of a free society. We'll be lucky if we can recover from it.
with men like Al Gore still holding elected office, many people doubt that governments can understand the basic issues (technical and otherwise) required for passing reasonable laws.
(Kind of a stretch to get political here. Any excuse to bash Democrats, Thrush?) Actually, Gore is ahead of the pack. He was more cognizant of Internet issues in 1992 than most politicians are today; he promoted it loudly and, FWIW, coined the term "information superhighway". Granted, he hasn't done much with it lately.
Just so you know, Bush would be worse. Here's a great example of his political doublespeak from his hi-tech plan, regarding encryption export restrictions:
News flash to Bush: You can't have it both ways. This is ignorant doublespeak written by a well-paid political consultant. He's NOT on our side, if you watch him closely (which many people are happy to avoid doing). It's classic Bush-- he winks in every direction, so all sides say "HE'S our man!" But in truth, he's pro-business, because that's who gives him money. And in the matter at hand, pro-business means pro-data-profiling.But I do agree with you that a) less Internet regulation is better, and b) we may need some, unfortunately, if private industry keeps abusing personal data.
Yes, you can install ipchains on your Linux box if you are using kernel 2.2.x. If you using 2.0.x then you need ipfwadm and if you are using 2.3.x you need netfilter/iptables.
Wow, I'm not going to touch any of those specific issues with a ten foot pole.
However, isn't it nice that you have the freedom to draw your own boundaries between the different "I am's" and "I'm not's"?
A little bit of censorship is very much the same as alot if you use your definition of little and my definition of alot. And that's really the point. All of these things are really grey issues and I'd rather not have someone else arbitrarily decide which is black and which is white. Especially when a particular issue really falls at both ends of the scale.
When in doubt, I say opt for more freedom not less. We really need to start making people responsible for their own actions again. Freedom comes with responsibilities.
Oh, and about the meat analogy, it just doesn't work. Meat != information. Bad meat can make you sick or kill you. Bad information is just useless at best or misleading at worst. Consumers of information have a responsibility to use that information appropriately. If we do not have the freedom to read whatever material we choose then we will end up being a bunch of sheep led around by whatever moral majority happens to be in power. No thank you.
-Paul
Edu. sig-line: Choose rhymes with lose. Chose rhymes with goes. Loose rhymes with goose.
Comparing? THEN use THAN.
Please don't post whining complaints when you could be out searching for an actual link -*gasp*- all by yourself.
I think netscape has officially hit the crack pot. 4.7 128 bit for linux is showing all the colors funny. check it out here
/., but this is fugly. Please try again.
No, I think this is just the new color to let you know that you are in the YRO section.
Nice try,
Any excuse to bash Democrats, Thrush?
Not my real name, BTW.
I won't try to hide my right wing tendencies, but I honestly wasn't trying to pick on any one party. Al Gore is this nation's political Alpha Geek, and that is exactly my point. If Al can't get a clue, what about Strom "Bevis and Bunghole" Thurmond or Jesse Helms.
Politicians only know what lobbyists tell them. I have one vote and no lobbyist. The companies who stand to lose the most will make sure they have the most lobbyists.
The Internet is still the wild west, but - if I may mix metaphors - no one is warning the consumer that it is "surfer beware".
I wonder if, like the meat industry, we aren't really motivated by short term profit at any cost? Our privacy, our dignity as humans, anything for money.
There is, of course, nothing wrong with a profit motive, but I think this last statement is a bit cynical.
Most libertarian netizens have valid fears of government regulation. The Internet has done just fine without Congress passing any laws. The government often functions as a third party with interests and agendas separate from either the consumer or provider. Government regulation isn't always rational laws from a disinterested party, sometimes it is motiviated by greed and profit.
In addition, with men like Al Gore still holding elected office, many people doubt that governments can understand the basic issues (technical and otherwise) required for passing reasonable laws.
To use your analogy, the Internet is not meat packing, if it were, Bill Clinton would have all the answers. Still, innocent users are being misled. Some kind of protection is needed and the private sector is doing a miserable job of filling that role.
Cookies aren't the only issue. They can track the http referer header (not SUCH a bad thing as cookies) and other information about you from jsut connecting to them at all. Didn't anonymizer have a link somewhere on the page to show just how much information a website can gather from the client connecting?
By the way..am I the only person showing slashdot colors funny right now?
"We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
In addition, with men like Al Gore still holding elected office, many people doubt that governments can understand the basic issues (technical and
otherwise) required for passing reasonable laws.
I find this to be the scariest part of the whole issue. I don't WANT people who have no understanding of the internet to pass laws. Chances are they will screw things up and make it worse. You've seen how the government has already handled encryption and related export laws. People fear what they don't understand for the most part. Thus making laws to restrict what they don't understand makesi t more difficult for those of us who do get it
I think netscape has officially hit the crack pot. 4.7 128 bit for linux is showing all the colors funny. check it out here
"We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
Well I'll be damned. You think I would have noticed this before now. heheheh
"We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
I find this to be the scariest part of the whole issue. I don't WANT people who have no understanding of the internet to pass laws. Chances are they will screw things up and make it worse.
Completely agree. However, consider another scenario, at least as frightening, and probably more: passing of laws by people who DO understand the internet, but want it to look very different from what it is. The three-letter agencies are a prime example.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
heh
DO NOT LEAVE IT IS NOT REAL
I recently worked for a large retailer who also did a lot of catalog business, and they did (and certainly still do) quite a bit to collect info on their customers. I just figured I'd throw out some of the whys so that people could see it from their point of view. This isn't about anything online, but I'm sure that the same rules apply.
They send out a huge number of catalogs every year, and those catalogs cost them a fair amount to produce. At least $1 a pop. So obviously it is in their best interest to only send catalogs to those who actually want them. And in a very real sense, if they were able to do this perfectly, it would be good for the consumer as well. No one would be bothered with junk mail they didn't want. In theory, it would be a win-win situation.
But to go about this requires collecting a lot of data, some of it that would bother a privacy expert, and likely even a normal customer. For example, they want to track whether or not you go to the store after receiving a catalog. This tells them that, even though you didn't order through the catalog, it still brought you to the store and therefore wasn't a wasted mailing. Of course, to do this, they have to somehow get your address when you buy from the store.
I was in the unfortunate position of doing some of the programming at the front end, and it bothered me because we quite literally were doing things behind our customer's backs. For instance, store personel would ask for a customer's zip-code "for marketting purposes". Now, I'm sure nearly everyone thinks this is for some sort of demographic info. It is not. Instead, they take the zip code, and your name, and use the combination to figure out your entire address. In other words, they say, "Aha, this credit card number belongs to the John Smith at zipcode 12345. Since there is only one, this means that he's the one that lives at 555, mockingbird lane. let's send him a catalog".
We used check readers for similar purposes. Customers assume that their checks are being authorized. They are not. Instead, the bank account number is captured, and then sent to a nice little service that returns a name and address when given a bank account number.
But again, this is all just to figure out who to send catalogs to. Which creates an interesting situation. The company ends up with all this data on you, your name, credit card number, bank account. Data that I'm sure makes everyone here a little (or a lot) queasy to see in someone's hands. Yet it isn't captured for any real nefarious purpose. It is, at least in theory, captured to help you, at least from the company's point of view.
This is why companies can act so schizophrenic about privacy. They truly do what they do to help "serve you better". Unfortunately, the end result is not necessarily in your best interest.
I completely understand the whole situation at "Real". I'm sure that the people who invaded the privacy of all of their users truly believed that they were doing what they were doing to help serve their customers better. That is what makes the corporate invasion of privacy so insidious. The people who do it don't think they are doing anything to hurt anyone. And they really aren't, in their own little world. But the net effect of a thousand companies "better serving" their customers is a complete and utter destruction of any notion of privacy.
The cake is a pie
cypherpunks is gone, but slashdoted/slashdot works. Remember to nuke your cookie after doing your reading.
--
Advertisers: If you attach cookies to your banner ads,
Time is Nature's way of keeping everything from happening at once... the bitch.
(Drat, page won't reload right now - can't see if this has been posted already. I hate being redundant.)
--
Advertisers: If you attach cookies to your banner ads,
Time is Nature's way of keeping everything from happening at once... the bitch.
Want to guess where newton.com points to now? Click on it and weep. Note, this is *after* the demise of the Newton.
The "trademarks and popular names" clause is just going to mean that small businesses, who do not have the exposure to justify going to the PTO to register names, are going to be shoved out of cyberspace by the big guys. And that's just wrong. This cybersquatting bill needs to have a safe-harbor clause for "natives" like Newton, and hefty statutory damages for name-grabs like Apple's. Without that, it should be scrapped.
--
Advertisers: If you attach cookies to your banner ads,
Time is Nature's way of keeping everything from happening at once... the bitch.
This got me thinking about just blocking anything from doubleclick. Here's my ipchains-save:
-A output -s 0.0.0.0/0.0.0.0 -d 208.211.225.89/255.255.255.255 -j REJECT
-A output -s 0.0.0.0/0.0.0.0 -d 199.95.207.0/255.255.255.0 -j REJECT
-A output -s 0.0.0.0/0.0.0.0 -d 199.95.208.0/255.255.255.0 -j REJECT
-A output -s 0.0.0.0/0.0.0.0 -d 204.253.104.80/255.255.255.255 -j REJECT
Use 'em, abuse 'em, let me know if there's more IPs.
ipchains-restore (file with above text)
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
P3P is a great idea, and I'm all in favour of it.
OTOH, P3P is not a solution to this type of tracking, nor will it ever be. What P3P does is usually misunderstood, even by the nerderati, so please let me point out something significant.
P3P is a protocol for a site to tell a browser what the privacy policy of the site is. Note the direction the information flows in -- only one way. There's no scope in P3P for your browser to be configured to suppress privacy information, nor for it to request a site to not log particular information. The best a full P3P implementation could achieve, even assuming full and honest cooperation of the site operator, is for it to connect to a site and then disable access to the pages with a "Lets not go there" message.
I might still wish to shop at Badgers 'R Us, even though they have a loathsome default logging policy, but only providing they want my business enough to turn logs off on request. Click trails are very low value individually - sites can't afford to lose real trade in favour of them, so we do have the economic advantage here.
P3P can only tell me not to go in, it can't allow me to still shop there without leaving the log trail behind. What we need is a negotiated mechanism for a privacy / logging compromise -- if somewhere like Skylighter (a pyrotechnics vendor) wants to bar users from the shop unless there's reasonable logging in effect, then that's fair and reasonable. OTOH, if World Of Fish request logs, then my browser should tell them to get stuffed and they should either accept this, or lose my business to Piece O' Pike a few blocks down.
A major failing of the UK DPA (Data Protection Act) is that it's too much like P3P. It's good at telling you who has your data, but it's bad at controlling them getting it in the first place. You can't re-bottle the genie.
Personally, I don't object to cookies that aren't maintained over a certain period of time. If I'm shopping at bn.com, for example, I understand that a cookie would be useful. I object to cookies that have an expiration date that is longer that, say, tonight at midnight. However, I realize that there are some ways to profile a user that don't require my computer to do anything (store a cookie, send a referer header). My machine has an IP address, and it doesn't change ever. Even in cases where multiple people use the same IP address, this does fairly well (a network lab in a school -> all everyone in same school -> similar interests). Even in AOL's case, I would think that same IP -> same location -> quasi-similar interests. Of course, my guess is not so many people would object to profiling 'all the users coming from University of Southern Elbonia,' as that's conglomerated data. However, in many cases, this method (IP addresses) works perfectly, and in all cases (well, done properly) this is undetectable.
"I have never ever heard of one case of misuse of collected consumer information. Ad companies could care less about that, that's like selling porno to kids, it's not ethical AND there's no money in it." There are several companies whose sole business is to sell addresses and phone numbers of consumers. How far do you have to stretch your imagination to see the worth of a list of people with a known interest. The concern here, I think is that this data is indeed valuable, and *WILL* be sold. There are benign uses like selling this data to companies who will be nice and give you discounts, but there are also malignant uses like selling this information to private investigation services or to companies or organizations with questionable agendas.