Four Missed Opportunities for Privacy 67
The NY Times has a blog posting on the occasion of the Internet advertising industry's release (PDF) of what it describes as tough new standards governing the collection and use of data about users' behavior. The Times' Saul Hansell describes these "new" standards as more of the same old status quo, and outlines four privacy-enhancing ideas, being discussed by Google, Yahoo, the FTC, and Congress, that the IAB has completely ignored. These principles are: every ad should explain itself; users should be able to see data collected about them; browsers should help enforce user choices about tracking; and some information (medical and financial) is simply too sensitive to track.
I'm completely shocked... (Score:5, Informative)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
[...] such as my full name, [...]
I have to disagree with this one... Unless you're very careful in the real world too, you'll end up with your name somewhere on the internet before long. I know I did long before I started identifying what I do with my name - welcome to the internet-enabled world. Name in a local paper? Good chance it's online too. Ever did well in school? If you won any awards, it'll be listed somewhere as well. The rest, I'm with you 100%. Unless I'm purchasing something, in which case phone number and credit card number
Re: (Score:2)
Gah. I think I just missed a couple words in your initial post that caused me to miss the point.
"without me putting it in first"...
Sorry, carry on. I agree completely with you - and probably more. I don't want my e-mail divulged anywhere I haven't put it myself and checked the "make this public" box, for instance!
Re: (Score:2)
Today I got yet another invitation to "Come join the amazing new social network, SomeUnheardOfName.tld and meet with your friend Jimmy!", said Jimmy of course having helpfully entered my address at that site (or, more likely, clicked a Facebook button that automatically invited all his friends).
Things like that mean that it's just plain futile to try to claim any kind of ownership of your email address. I used to be really p*ssed about these occurrences, but realised that:
(a) half the globe are dumber than
Re: (Score:2)
Re: (Score:2)
I have a whitelist of websites that are allowed to set cookies - the places I visit regularly where I want them to remember who I am. Everywhere else is blocked, although if it makes something stop working then I'll consider putting it on "allow for session" just to get around some piece of bullshit that requires cookies. NoScript is the same - whitelist based protection, so that after you've been using it for a while you'll find that the things you use are automatically allowed, whereas random attack sites
Re:I'm completely shocked... (Score:4, Insightful)
People now expect government to do everything for them including protection against their own stupidity.
It would be quite simple to organize boycotts against products and companies that don't give you adequate information. However, people have forgotten that they have much more power than a beaurocrat ever will. What they get in return for their lost vigilence are corrupt politicians who sell them out and then they wonder how things went bad.
This is just another example of "my people suffer for lack of knowledge." If you think the government will do everything for you, then you'll end up like the Obsolete Man (a great Twilight Zone episode).
Re:I'm completely shocked... (Score:5, Insightful)
Re: (Score:2)
Hmm. I've never though of Ayn Rand as a "utopian". Anyway. You say "People are not going to realize or want to use their powers as individuals."
I think you've got that wrong. Each of us make cost/benefit decisions all the time. Not surprisingly, most people have less stringent standards of privacy than full-time "privacy advocates" would prefer us to have.
No one can require people to make the same decisions or share the same priorities. When faced with this reality some people respond by feeling entitled, m
Re: (Score:2)
So, people should protect themselves from their own stupidity. But apparently, creating a government that bars others within their society from taking advantage of their stupidity is not a permissible mechanism to protect themselves?
Now I suppose you'll tell me that since everyone should ensure that they can defend themselves, they should not create an organization of defense specialists tasked with securing the defense of the society.
Re: (Score:2)
Now I suppose you'll tell me that since everyone should ensure that they can defend themselves, they should not create an organization of defense specialists tasked with securing the defense of the society.
Really, government was designed for this sole purpos
Re: (Score:3, Interesting)
No. Because that leads to a state-run economy.
Right. Because if you're not black, you're white. There's no such thing as grey or even orange, and there's never been such a thing as a mixed-model economy. You know. Like ours. Either either fiscal anarchy or totalitarian socialism.
Now I suppose you'll tell me that since everyone should ensure that they can defend themselves, they should not create an organization of defense specialists tasked with securing the defense of the society.
Really, government was designed for this sole purpose.
Really, government wasn't originally designed at all. It just happens as soon as someone gains power over another person. The first formal state occurred when someone rounded up enough people to enforce their will over a populace.
I find it funny when libertarians accept
Re: (Score:2)
Small-l libertarians have been aware of and opposed the EPA allowing companies to pollute downstream property owners based on grandfathered "regulations" and other nonsense.
And I'd bet dollars to donuts that the solution isn't "fix the hole the EPA's scheme" but "scrap the EPA's authority to regulate entirely."
As far as "predatory" lending, that is people making money deflating our currency and hard-earned dollars courtesy of the Federal Reserve and Uncle Sam. Finance has not been a free market in a long, long time - if ever. The theory that government can fix it is flawed. You should find better examples upon which to harp your nonsense.
Maybe you should study the history of why financial systems are regulated and what kind of economic devastation used to happen before we had the Federal Reserve system. The theory that removing the government from the equation entirely is far more flawed and historically ignorant.
Re: (Score:2)
It would be quite simple to organize boycotts against products and companies that don't give you adequate information.
The reality of boycotts is that they're a fairly extraordinary measure and not easy to organize on a scale that has an effect. The purpose of laws includes allowing even a single person to get justice in a case where he is the only person who has been wronged.
And should we say, "Hey, no point in having child labor laws. People can just boycott companies who use child labor if they don't like it"? Or "Screw the FDA. If someone is selling ineffective drugs and enough people die from treatable disease as
Re: (Score:3, Insightful)
People now expect government to do everything for them including protection against their own stupidity.
I see that you're under the delusion that it's possible to not be "stupid" about every important transaction you engage in. Unfortunately, there's simply far, far, far too much information in the real world for any citizen to properly protect themselves in every transaction. You can't know everything, even in transactions where the seller isn't deliberately hiding information from you, and time is not an infinite resource.
This is what government is good for. We need specialists that can drill down and ma
Re: (Score:2)
If it were "so simple" why doesn't anyone do it?
Becasue it would require you to give up your day job and devote yourself to it full time for months to get anywhere. And then, very likely have zero effect.
Re: (Score:2)
It would be nice if the government would pass regulations with teeth, regulations that would say in effect "your data are yours and cannot be transferred to a third party without your express written consent".
A pony would be nice, too.
Re: (Score:2)
You don't encrypt to protect yourself from the NSA. If you're interesting to the NSA, they'll spend the resources to get the information they desire. And they'll get it one way or another involving a back door.
Re: (Score:2)
including applying a cattle-prod to your anus.
Title sounds like (Score:2)
Mostly not going to happen (Score:5, Interesting)
Ads will never "explain themselves" and companies will never reveal how much information they harvest from you (outside of lengthy, dull, usage terms written in Jargon.) Either case would make users skittish, and there's too much money involved for either them or congress to want to do anything about it.
As for medical and financial information, it's incredibly sensitive, yes, but having it tracked is incredibly convenient for both lay people and companies (if inconvenient for the IT staff who have to secure them.) Either way, these records have to be kept somewhere and somehow and be accessible in some way to people who need them (doctors and banks.)
The only change I see possible is improvement in the browsers. If any privacy change does occur, you can bet that it will start with either Firefox, Opera, or some non-mainstream browser, and then be eventually adopted by IE. Don't expect the end-users to know how to enable any privacy features though.
Re: (Score:1)
Re: (Score:2)
It's things like XSS protection, security alerts and self-signed certificate warnings (though they can be annoying) that REALLY protect your data.
Valid but not simple? (Score:4, Interesting)
One thing that caught my attention in the summary:
users should be able to see data collected about them
Seems like a very valid sort of thing to want. If your company has information about me, I should be able to know what information you have. Common sense, right?
On the other hand, if you're going to talk about something like this, don't you also have to talk about other increases in security to go along with the additional transparency? If you're going to make it increasingly easy for me to see information about me, it should go hand in hand with making it increasingly difficult for someone who is not-me to access that information about me.
I really think it's time that we talk about improving our security models. SSL on everything would be a good start.
Re:Valid but not simple? (Score:4, Informative)
Re: (Score:2)
Yeah, if you can write to the company and they're required to tell you what information they have on you, then that's good. If anyone can write to that company and have all the information that they have on you, that's bad. So what's the security there?
I mean, isn't that always the problem with security? If everything could always be accessible to everyone, security would be easy. If nothing ever needed to be accessed by anyone, then security would be easy. It's making things easily accessible to the
Re: (Score:1)
Also, its possible that data is being stored in various ways/stats, for example I may have come up with a single number to represent a user's political preferences (left, right and such) by consolidation of many other
Re: (Score:2)
Also, its possible that data is being stored in various ways/stats, for example I may have come up with a single number to represent a user's political preferences (left, right and such) by consolidation of many other 'simple' stats. Disclosing this opens my 'better' algorithm to the rest of the industry.
Well it seems like it would be valid for a law to require that companies show you any raw data they collect on you, but not require that those companies show information that the company derives from that data. Even if you allow people to demand that specific data be deleted, you could just require that the company delete any derivative data (or recalculate based on remaining data) without disclosing the original derivative data to anyone else.
So, given your example, the company would have to disclose all
Re: (Score:2)
Re: (Score:2)
It depends. If I buy from NewEgg on a regular basis, I might be fine with them keeping my address and purchase history on file, and I would like to be able to view that information myself. That doesn't mean I want them making that information publicly available to anyone who asks for it.
Re: (Score:2)
Cue the Testosterone (Score:2)
Re: Ads explaining themselves.
-- Sacrifical Lamb to give so they can deny the other three. I have no problem *understanding*
THE HUGE AD FOR SAVE ENDANGERED GM!!!!!!!!!!!!!
It's the EXCITING INTERACTIVE PAGE-EATING DYNAMIC MULTIPLEXED SCRIPTS AND FRIENDS that suk here.
The others fall under "1984 is too sexy to give up."
Solution (Score:5, Informative)
Install adblock extension, disable 3rd party cookie files, use software that ads advertising domains to your hosts file.
As far as I can tell the internet doesn't even have banner ads anymore.
Re: (Score:2)
mod parent up. I never have points when I want them
Re: (Score:1)
Re: (Score:1)
Won't work (Score:3, Interesting)
These principles are: every ad should explain itself, users should be able to see data collected about them, browsers should help enforce user choices about tracking, and some information (medical and financial) is simply too sensitive to track.
This fails in many aspects. Every ad should explain itself? How are you going to do that on something that takes up 1/6th of a normal computer screen. If you click it for more info, that kinda kills the entire point of the ad to begin with. Users should be able to see the data collected about them? Oh no theres no potential for abuse for this one. Theres no way this can be used to create a very good phishing attack especially if you have physical access to the computer. As for browsers helping enforcing user choices, how do you do that? Have a box where you check "block tracking cookies?" I'm sure theres no potential for abuse for that either. Theres no way that MS or another company will "conveniently" "mislabel" legitimate cookies as tracking cookies. Plus, this can very well lead to a ton of censorship.
Re: (Score:2)
This fails in many aspects. Every ad should explain itself? How are you going to do that on something that takes up 1/6th of a normal computer screen.
Alt text?
As for browsers helping enforcing user choices, how do you do that? Have a box where you check "block tracking cookies?"
Seems to be working just fine for Firefox. I have my Firefox browser set up to ask me whenever a site wants to set a cookie. I may say yes, but at least then I'm aware of the tracking. Cookies from advertisers' sites get the middle-finger treatment.
Re: (Score:2)
Alt text?
Either the alt text isn't descriptive enough, or it ends up being much more of an annoyance then the ad itself was. Plus, I'm not sure if Flash can have alt text in the traditional sense.
Seems to be working just fine for Firefox. I have my Firefox browser set up to ask me whenever a site wants to set a cookie. I may say yes, but at least then I'm aware of the tracking. Cookies from advertisers' sites get the middle-finger treatment.
But this I'm assuming would make that be the default (because all browsers I know of allow you to do that) which is quite annoying. Or would silently block tracking cookies.
Re: (Score:2)
Every ad should explain itself? How are you going to do that on something that takes up 1/6th of a normal computer screen.
This depends on how you define "explain itself". My hope is that this would make illegal the ads that say "punch the monkey and win a prize" or "your internet connection is not secure" or any of a number of ridiculous things, and force ads to advertise the product they are selling. that way you know what you're clicking on before you do? I know these ads aren't a problem for experienced users, but there are still a LOT of people who fall for this garbage.
Re: (Score:1)
You can actually use a relatively simple heuristic to not click on ads that you don't understand sufficiently to justify a click.
Defining it is left as an exercise for the reader.
"Cookies" (Score:2, Funny)
There's a grain of truth here. Cookies have a nice cutesy name to them that makes them seem innocent. It's "just" an edible text file, that's all!
Why not call them something else? Take a page out of PETA's book; call them turds or something!
Re: (Score:2)
There's a grain of truth here. Cookies have a nice cutesy name to them that makes them seem innocent. It's "just" an edible text file, that's all!
Why not call them something else? Take a page out of PETA's book; call them turds or something!
Internet Kittens
Meh (Score:5, Informative)
Re: (Score:2)
the problem is, that none of these issues have been addressed since 1999 so they are still there to worry about.
Privacy fails even when you BUY services (Score:2)