Forgot your password?
typodupeerror
Privacy Communications Google Social Networks The Internet Your Rights Online

Why Online Privacy Is Broken 220

Posted by Soulskill
from the too-many-people-who-don't-care dept.
Trailrunner7 writes "One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."
This discussion has been archived. No new comments can be posted.

Why Online Privacy Is Broken

Comments Filter:
  • by alexandre (53) * on Monday May 24, 2010 @03:55PM (#32327776) Homepage Journal

    If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...

    • by BuR4N (512430) on Monday May 24, 2010 @04:21PM (#32328158) Homepage Journal
      No, we would be in IT support hell, maintaining our dads and moms P2P servers......
      • Re: (Score:3, Funny)

        Just like right now, we have IT support hell, maintaining our parents' web browsers and operating systems.

        Seriously, you think that there is something special about P2P that makes it particularly harder to maintain?
        • by TerranFury (726743) on Monday May 24, 2010 @04:41PM (#32328448)

          A big problem is simply NAT. Non-technical people are not going to set up port forwarding. This basically broke the Internet, and pushed its development in undemocratic directions.

          UPnP partially fixes this, but opens up a whole bunch of other problems, which are even worse.

          IPv6 is supposed to fix this for real, but I don't count on it because IPv4 is "good enough," and I bet that it'll be easier for people to keep throwing NAT and subdomains at the problem. E.g., companies don't need to bother maintaining their own webservers and having their own public IPs; the way things are going they'll just point people to "facebook.com/companyName" (I heard an ad do this on the radio yesterday, in fact).

          • Really though, it is possible to connect to existing P2P networks through NAT without any extra configuration. Why should a P2P social network suddenly make the exist solutions to the problem infeasible or more difficult to support?
          • by VTI9600 (1143169)

            the way things are going they'll just point people to "facebook.com/companyName"

            At least that's more professional than the ad I recently heard advertising a company's @gmail.com email address. I mean, they let you use your own domain with Google Apps and it's completely free (basic edition anyway). How do people who use Gmail in their businesses not realize this?

            • Re: (Score:3, Interesting)

              by TerranFury (726743)
              This wasn't a user page though; it was literally "facebook.com/companyName," and the company was actually a big one -- something like "Verizon" or the like. I sensed it was less a "we're too poor to have a website" move and more a "all the cool kids are on facebook so we should be there" move.
      • Re: (Score:3, Informative)

        by Ephemeriis (315124)

        No, we would be in IT support hell, maintaining our dads and moms P2P servers......

        I do maintain computers/routers for my family members. I've done it for years. The lack(?) of P2P hasn't changed that at all.

        But, supposing that P2P was some kind of nightmare to deal with... Why couldn't we make it work better? Build protocols that played nicer with NAT tables... Or build UPnP that works better... Or just throw out the whole IPv4 thing and go to v6?

    • by eldavojohn (898314) * <eldavojohn.gmail@com> on Monday May 24, 2010 @04:32PM (#32328316) Journal

      If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...

      Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this. Peer to peer implies that by owning my own personal data, it is on my home computer or laptop. Some people only have a laptop and some people like to power down their machines when they're away. So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline. On top of that if you're disseminating photos or videos, this could get crazy for upload speed. So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff. Can you trust their node anymore than Facebook? Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force. So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.

      So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.

      • by betterunixthanunix (980855) on Monday May 24, 2010 @04:40PM (#32328416)
        There are a few ways P2P would solve the problem. The first that comes to mind is that it would reduce the incentive to undermine privacy, since the social network would not be funded by the sale of personal data (or data derived from personal data). It would also increase the cost of undermining privacy, since people would not just be throwing their data at a single centralized datacenter.

        As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.
        • by eldavojohn (898314) * <eldavojohn.gmail@com> on Monday May 24, 2010 @04:55PM (#32328686) Journal

          As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

          The difference there is that your relatively small key holds the potential for everything on your page. If someone copies and mails a few pics of me, big deal. But that key could be easily copied and sent covertly with the copier taking their sweet time to look at all my stuff -- and for how long before I catch on? And how long before key collecting viruses run rampant and phone home to a black market provider's server where all Diaspora data is cached? The killer there is that you'd never even know and two if you had to change your key then you need to refriend everyone to get the key out. I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends? Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.

          And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...

          I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ... there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage. My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening. People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.

          • by alexandre (53) * on Monday May 24, 2010 @05:08PM (#32328868) Homepage Journal

            The difference there is that your relatively small key holds the potential for everything on your page.

            Why does it have to be a global key?

            I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends?

            Why not, it's cheap? You don't have 1M friend either...

            Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.

            It's not so much about encryption solution (that could be worked out anyway) as it is about access control.

            The main question is actually how are update going to be disseminated and validated chronologically... beyond that it's already an improvement on the current situation.

            And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...

            FreeNet integration?
            Popular files get spread more...

            I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ...

            Nothing is, just much better socially than what we currently have, let's talk about its weaknesses and improve on them :-)

            there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage.

            Oh, like everyone's hard drive is not on average 70% empty or such?

            My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening.

            The concept of being offline is not really trendy these days and is going away very rapidly in any case, you should really think about running a small home server like Eben Moglen suggested in that case to solve the issue.

            People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.

            Some people also don't upload on Bittorrent cause they are selfish fools. If we want this to work, just like FOSS, we need to have enough people willing to share bandwidth for the model to work.

            And it seems like P2P and FOSS has proven to work up till now quiet well in that respect despite the morons... And in a social case you'd be dealing with your friends who are much more willing to share with/for you.

        • Re: (Score:3, Insightful)

          In theory, if your friends are about as technologically inclined as most people, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

          FTFY

      • by alexandre (53) * on Monday May 24, 2010 @04:56PM (#32328694) Homepage Journal

        Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this.

        Among other projects wit different aims like I2P, FreeNet, bittorent, aMule, OpenID and many more that could interact together in very interesting ways:

        http://groups.fsf.org/wiki/Group:GNU_Social/Project_Comparison [fsf.org]

        So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline.

        Yep, and you could have close friend in your circle mirror your files / profiles and share them as needed... Or an encrypted fast repository (think, maybe, Firefox weave?) to which you lend a key to those you want to read it.

        On top of that if you're disseminating photos or videos, this could get crazy for upload speed.

        Well, Bittorent totally solved that issue and with friend mirroring you it'd be awesome.
        Also, this would help weed out asymmetrical connection in the long run, giving back citizens the expressive voice they deserve.
        (Fiber to the home is the only viable way forward...)

        So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff.

        They have what you allowed them to have, you won't backup your sex life on your ex's computer if you don't want to... ;-)
        They can hack all they want, a well thought out system with crypto will solve any such issue.

        Can you trust their node anymore than Facebook?

        Definitively, why would you trust the middle man more than the person with whom you want to share your data?
        Who are you afraid is going to spy on you, the person who you are sending the data to anyway or the middle man?

        Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force.

        As discussed, don't share what you don't want where you don't want it and use proper encryption.

        So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.

        see above ...

        So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.

        dial up are really on the way out but even with that, their initial upload is akin to sharing it with someone else that might help afterward with spreading the file to whoever else you'd want it shared.

        Also, at some point, you can't control the information you release to someone, trying to build a social-DRM system is not going to work anymore than it did for bluray, DVD, music and whatnot ...

  • by Striek (1811980) on Monday May 24, 2010 @03:58PM (#32327810)

    I would think (and hope) that customers aren't asking for it because they're not aware of the risks, not because they don't care. Like when people stop using debit cards everywhere only after their card gets duplicated.

    • I would think (and hope) that customers aren't asking for it because they're not aware of the risks, not because they don't care. Like when people stop using debit cards everywhere only after their card gets duplicated.

      This.

      Two things are necessary for privacy to really become important to the number crunchers. The first is a direct, measurable impact on individual privacy, which is arguably already happening. Whereas there was an implicit agreement of trust before, you now have essentially no privacy on

    • by mcgrew (92797) * on Monday May 24, 2010 @04:22PM (#32328166) Homepage Journal

      Apathy is blamed for a lot of things that people really aren't apathetic about at all. One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.

      As TFA notes, security is another one. People complain about their virus-infested computers so they aren't apathetic, they're simply ignorant; they don't know HOW to not get viruses, and they bitch loudly because they bought NcAffee and Norton and turned Windows firewall on and STILL get viruses because they DLed Metallica-FreeSpeechForTheDumb.MP3.exe and played it by clicking the file. They have no clue that the file is an executable, because Microsoft hides the file extension by default.

      The same goes for privacy. As TFA (again) mentions, most users want both privacy AND social networking. As the article summarises: "Blame the user? Here's a better idea: Listen to the user."

      Fat chance of that happening though. The user isn't the customer.

      • by betterunixthanunix (980855) on Monday May 24, 2010 @04:34PM (#32328336)
        The problem is that social networking websites make their money by undermining user privacy; there is simply no incentive to actually listen to the users' complaints about privacy, and for a company that must answer to its investors, there is actually a disincentive to listen to the users. Users want privacy and social networking and social networking websites, and they do not want to pay for those websites -- it is just not possible to meet all of those demands at the same time. Privacy is the easiest thing to drop from the list of user demands you actually meet, since it is not the first thing most people will notice.
        • Re: (Score:3, Insightful)

          The problem is that social networking websites make their money by undermining user privacy;

          Since the only exposure that I have had to Facebook and the like is comments on Slashdot and I have never knowingly visited the Facebook website, your comment here strikes me as very odd.

          Isn't the POINT of Facebook to get yourself "out there" and be-your-own-celebrity? If so, isn't it contradictory to say "OMG they are stealingj/invading my privacy!" since that's the point of the website in the firs

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        You overestimate how much the average person cares -- yes, some people skip voting, as a (seriously misguided, IMO) protest boycott. Most of the people who don't vote, however,do so out of apathy, not principle. There's always a third party candidate (at least in the presidential race, and surprisingly often in lesser races) so you can make your voice heard as being in opposition to those parties, and if there were _really_ anything like 50% of people so disgusted with the two parties we currently have, and

      • Re: (Score:3, Insightful)

        by phantomfive (622387)

        One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.

        You're doing it wrong. If you actually care, but don't want to vote for any of the candidates, then you should vote for a third party candidate, write in a vote, or leave the response blank. That shows you are actually willing to do something. Not to mention, a boycott of the voting system doesn't do anything but give more power to the remaining few who do actually vote. Those people aren't going to feel very motivated to push you to vote.

        Otherwise you just get lumped in with the people who are apatheti

    • customers aren't asking for it

      Why should they have to ask for it?

      Why isn't our private information considered intellectual property? Corporations try to make every aspect of their business protected, why should consumers do the same? I guess it would require a Supreme Court that not only are corporations considered "people" but that people are considered people.

      A corporation can distribute data on a DVD or CD and yet claim that it should be illegal for me to copy and pass that data along. Why shouldn't I

    • Re: (Score:3, Insightful)

      by Darinbob (1142669)
      Another silly analogy. Imagine that these people made houses. They could say "we're focused on features and functionality that customers are asking for in houses. They inquire about square footage, number of bathrooms and bedrooms, proximity to schools, and so forth. None of them have ever asked about what types of doors or locks they houses have. We will start including doors when customers start asking for them."

      Of course, the very first customer will say "what the hell, where's the door?" Or if the
  • by MobyDisk (75490) * on Monday May 24, 2010 @03:58PM (#32327814) Homepage

    The actions made by these companies, right or wrong, are legal. You can't expect companies (or governments... or individuals) to stop doing this if it is convenient, profitable, and legal. We need some legislation that basically says that they can't publish, transmit, or sell personal information without prior consent. And that any such release - intentional or accidental - must be reported to the individual.

    In the US, we have such legislation but it only applies to medical information. That is silly - there's just no reason for companies to be giving this stuff out.

    Actually, let me go a step further -- they shouldn't even store this information. I walked into Target and returned some merchandise. It was really simple -- because they kept my credit card on file. I never told them they could do that. As I walked away, they said "Thank you [my name]" so they knew that too. Why is it okay for a store clerk to have this? Why did my credit card company give out the credit card number and name? They don't need that. They need to know "User 81234756897 authorized purchase for $57.34 to vendor 9234857 on 2010/05/23 17:24 with authorization #239485768934." That's it. It should have been illegal for my credit card company to even give the information. Then for Target to store it. As a nice side-benefit, this also prevents fraud since no one in the chain can use my credit card.

    • by selven (1556643) on Monday May 24, 2010 @04:04PM (#32327892)

      Has it ever occurred to you that some customers actually like that kind of customer service? That's why you can't just ban everything and make everyone happy - some infringements of privacy have good uses, and some people actually prefer convenience to privacy. Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.

      • And then whichever is less popular will die out as the other reaches critical mass. Either that, or people's data will be fragmented between two very different camps that likely will not be able to interface with one another as one service lacks privacy and the other does not. You'll end up in a situation where half your friends are on one social network and half your friends are on another--you'd be forced to use both services to keep in touch with one group of friends.
        • that's why i never installed a half dozen different IM clients. ICQ, AIM, Yahoo, MSN, blah blah blah. Anybody not on the one I used must not want to talk to me that much, so email can suffice for them.

          Now of course I get all the networks under one communicator, so I do have multiple IM network accounts, but that just reinforces the original point.

        • by natehoy (1608657)

          "Social Network" and "Privacy" are diametric opposites. They are the modern equivalent of bulletin boards (not electronic ones, I mean the cork thingies you still find at the entrances to many supermarkets) except everyone has fingerprint readers and knows who has posted what.

          Social networks exist, as a business model, so you may sell aspects of your privacy in return for the convenience of keeping in touch with your friends. Large-scale sites need money in order to survive, and if you aren't paying them

      • by clarkkent09 (1104833) * on Monday May 24, 2010 @04:16PM (#32328064)
        I agree, if online privacy was really as important to the majority of people as it is to some /. posters there would be companies advertising "guaranteed" privacy the same way they advertise lower prices or whatever other advantage they claim over their competitors. The reason companies don't care is that their customers don't care. Those of us who do just need to be more careful about who we do business with but IMHO it's a losing battle as long as the public awareness of the importance of privacy is nonexistent.
        • by LandruBek (792512)

          it's a losing battle as long as the public awareness of the importance of privacy is nonexistent.

          Well, I hope you are wrong. One good thing about Facebook's recent spastic blunders is that at a few, at least, have realized that privacy is something fragile that deserves some protection. If those of us who care will beat the drum from time to time, others just might wake up. In other words, I'm not yet willing to call it a hopeless battle.

          • by clarkkent09 (1104833) * on Monday May 24, 2010 @04:52PM (#32328626)
            Well take slashdot. It is owned by a for-profit publicly traded corporation. True we don't give our names and addresses but many of do give our personal readily identifiable email address and of course IP and probably 1000s of us can be identified if somebody choose to do so and linked to quite detailed overview of our political and other opinions - valuable data for advertisers, political parties, potential employers and who knows who else. This data will still be there years from now and who knows what can happen with it, the financial incentive is certainly there to sell it. Now, I tend to trust slashdot (famous last words?) but I am just trying to illustrate how difficult it is to truly guard your online privacy unless you are a kind of person who only ever communicates through encrypted messages or something like that.
        • by MobyDisk (75490) *

          The reason companies don't care is that their customers don't care.

          From my experience, they do. When credit cards first came out, people were afraid to use them because of fraud concerns. Same with the internet. It was only 10 years ago that my grandfather would not enter his credit card into a web site. But today, people take the technology for granted and no longer think it through.

          But if you talk to someone, and educate them on the issues, they respond like "what can you do?" And when I explain that a simple change to the credit system, such as generating disposabl

      • by LandruBek (792512) on Monday May 24, 2010 @04:29PM (#32328266)

        "Making everyone happy" was never on my to-do list. "Not get reamed by the corporatocracy" is on my list and remains there. As much as others might enjoy the familiarity of having complete strangers call them by name, and the convenience of having merchandise instantly charged to their accounts, *I* am selfish enough to sacrifice all those pleasures just so that I might exert a little bit of control over what others know about me.

        This is a job for government regulation. We don't trust the free market with important things like ensuring food safety, protecting the environment, or verifying whether pharmaceuticals are effective. Why should we trust the free market with personal privacy?

      • by MobyDisk (75490) * on Monday May 24, 2010 @04:42PM (#32328456) Homepage

        Has it ever occurred to you that some customers actually like that kind of customer service?

        Nothing I've said decreases the level of customer service. The return could have been done without them saving the credit card number.

        Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.

        I always prefer free market solutions, but I don't see how to make one work here. The free market only works when the buyer is aware. Companies don't tell me what information they disclose about me. I only find out when I suddenly get charges on my credit card because the store clerk got all my credit information, or because some hacker broke into the stores and took it. I would be open to laws that require them to disclose it to me, but I don't want to read a 25-page legal document to buy something from a store. Since there is no benefit to me from them keeping the information (see the first paragraph for the explanation of why) the restrictive solution is the best one.

      • Re: (Score:2, Insightful)

        That's what OPT IN is for.
    • by Todd Knarr (15451) on Monday May 24, 2010 @04:07PM (#32327944) Homepage

      Actually they probably didn't record your credit-card number. What they probably recorded was the sale number (basically a receipt serial number), the receipt information (what was bought), and the type of credit card and the authorization number. They knew your name because it was recorded off your credit card at the time of sale. To handle the refund they just use the authorization number, which the credit-card company can match to your card (but they won't tell the store the card number, they'll just give out another authorization number for the refund).

      Now, the store probably doesn't need to store your name at the time of sale. But if you're paying with a credit card, you know you're leaving a connection between you and that sale anyway so IMO it's not a major thing. If you really want no connection, pay in cash and don't give them any identifying information, not even a phone number.

      • by MobyDisk (75490) *

        I think they *could* do it from the authorization number, but I am skeptical that they actually did it that way. I find that places that use the authorization number ask me for my credit card and punch that number in when doing the return. So I think they just store it. Considering that all the online stores do this too, I don't find it unlikely that retail chains are starting that practice.

    • Did you return the merchandise with your receipt or credit card?

      If the purchase was made with a credit card, store policy is usually to issue an offsetting credit on the same card (though I suppose some might issue other store credit or a corporate cheque when the card charge clears, which is somewhat inconvenient).

      If you provided your credit card so the charge could be reversed, they could issue a query to the credit card company by number and amount -- no need to store your card for this (though they prob

    • by Anon-Admin (443764) on Monday May 24, 2010 @04:18PM (#32328098) Homepage Journal

      The problem is that all the companies are data gorging. The CC Merchants are the worst. They insist that you send them not only the total but a list of what the person is buying. They also monitor your advertising and who links to you on the internet. I use to run a lab supply company. We had a affiliate link when we first went online. The merchant account found two sites that linked to us, these sites were in other countries and were drug related. Well drug related in the US but they appeared to be legal in there country. They killed our account with no warning. $3000 a day in sales through the web site gone. They would not turn it back on and added us to a black list. We were unable to continue selling online. We still have the brick and mortar but the online store it gone. We broke no laws and there was no published list of what not to do.

      All in all, not only do they collect all the information on every one and there sales, they spend a lot of time monitoring and collecting information on the stores. They need to be dinged on this, some Merchant accounts go as far as to tell you what products you can and can not carry. The second one we had would not let us carry or sell any pipettes, agar-agar or 10cc syringes that had 1.5" 18 gauge needles on them. They considered them "Drug paraphernalia"

      • Re: (Score:2, Offtopic)

        by Abcd1234 (188840)

        I use to

        Random grammar tip: It's "used to"... "use" is present tense, "used" is past tense.

      • Re: (Score:3, Insightful)

        by MobyDisk (75490) *

        They insist that you send them not only the total but a list of what the person is buying.

        Part of that is for their fraud detection algorithm. (Which would not be as necessary if they didn't give out the information).

        As for the other stuff - sounds like you should have sued them.

        • by blair1q (305137)

          I can think of a lot of reasons for demanding itemizations, but it's probably to keep them from becoming the market-maker for money-laundering schemes.

          If all they got from your company were reams of $4999 charges for "merchandise" they'd have no way to fend off the FBI.

      • by blair1q (305137)

        would not let us carry or sell any pipettes, agar-agar or 10cc syringes that had 1.5" 18 gauge needles on them

        You mean "eye droppers, jell-o, and glue applicators."

        At least, next time you apply for a merchant account from them, that's what you mean.

    • You contradict yourself:

      [...]there's just no reason for companies to be giving this stuff out.

      ...right after saying:

      [...]it is convenient, profitable, and legal.

      It's also nothing new. Do you think that never before the interwebs was data collected about demographics and metrics? That supply and demand occurred randomly? The internet makes it easier, but fundamental economic relationships have existed as long as economies themselves. Businesses have kept ledgers of their clients and transactions for as long as there has been writing. It was generally in the interests of these businesses to keep such ledgers private, and

      • by MobyDisk (75490) *

        You contradict yourself:

        Granted. The contradiction was because of my wording. I should have said "There is no benefit to the consumer for companies to be giving this stuff out."

        It's also nothing new...

        I never said it was. It is just much more dangerous now, due to the scale of it.

        hate to break it to you, but your credit card # is your 'user #'

        Exactly. That is the part that needs to be changed. Automatically generated numbers, smart cards, etc. solve that problem. But common-sense when handling transactions can minimize it. The store only needs to keep the authorization number, not the credit card number.

        ...they must know your name because presumably you carry ID against which they could verify that you are who you claim you are.

        Actua

    • Re: (Score:2, Insightful)

      by xednieht (1117791)
      No we don't. We need the government to get involved like Andy Rooney needs another eyebrow!!!

      Let innovation take it's course.
      • by MobyDisk (75490) *

        What innovation is going to fix this? You can't just blithely say that innovation, or technology, or the free market will solve whatever problem is happening. That's the same as those who say that the government will solve it. Just pushing responsibility to someone else.

        I made a proposal. You obviously prefer a free market solution. I'm open, let me know what it is.

    • Re: (Score:3, Insightful)

      by palegray.net (1195047)

      It should have been illegal for my credit card company to even give the information.

      You know, I've got a story on this topic. A couple of months ago I bought a piece of furniture (Ikea, got a nice dresser for a nice price). Upon unpacking it, I discovered it was broken. Given that the store is 60 miles away, I waited awhile before taking it back for an exchange. My wife and I finally made it out to Philadelphia with the broken item in tow, only to realize that while my wife thought she had the receipt on her, she didn't.

      Their official return/exchange policy requires a receipt, but they

  • by h4rr4r (612664) on Monday May 24, 2010 @03:58PM (#32327818)

    There is no online privacy, anything you do online is public. If you would not say it in public do not say it online.

    • people want their sacred cows. reality need not interfere.

      Instead of asking "is what I'm doing keeping my identity private", it's far more useful to ask "is anybody likely to pay attention to what i'm doing."

      The information is out there, the question is what is going to be done with it. The answer, for the vast majority of things, is "not a whole lot"

    • by Hatta (162192)

      Sure there is. Send a GPG encrypted email, and that's private. Or chat over Pidgin-Encryption, that's private too. The internet defaults to public, but it's easy enough to secure your privacy when it matters.

      • by Abcd1234 (188840)

        Sure there is. Send a GPG encrypted email, and that's private.

        By doing that, you are implicitly conceding the OPs point. There would be no need for email encryption if it weren't for the simple fact that sending data over the Internet is a public action.

    • ...Statements of Privacy Policy do. When a site gives explicit guidelines, to which you agree, and THEN they erode or drop the wall that THEY TOLD YOU was there, THAT is evil.

      I'm looking at you, Facebook.
    • by e2d2 (115622)

      So email isn't private and I should consider it public? No thanks. I'll take the "yes this is my private data" instead. Just because someone can read it doesn't mean it's not private. Just like snail mail is private, yet it's in the open, anyone can open it and read it. But no one would consider that public information.

      As for public posting, this is why you create pseudonyms. Even if all the data is accurate except for your name. Just don't give them that. So now they know Nigel Weisnewski from Buffalo NY l

  • by jkinney3 (535278) on Monday May 24, 2010 @03:59PM (#32327824)
    Use the same arguments as Intellectual Property proponents. Everything I say and write belongs to me. You have to ask permission to hear it.
  • by eldavojohn (898314) * <eldavojohn.gmail@com> on Monday May 24, 2010 @03:59PM (#32327830) Journal

    One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it.

    Let me counter that with one the more trie and oft-repeated maxims from businessmen in the 80s: Don't you worry about security, let me worry about blank.

    Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects.

    And yet Facebook thrives and not until last week did Google offer secure searching and they're a giant. Sounds to me like companies that don't worry about privacy are doing pretty well -- maybe even the industry leaders. Maybe they're on to something about it being unimportant to the consumer?

    A quick search of recent news on the privacy front reveals that just about all of it is bad.

    Oh give me a break. Ninety percent of news stories are negative. Because it sells eyeballs. Really, do you expect a news article about the really great privacy that Slashdot offers Anonymous Cowards to appear? When privacy works, it's not news. Hell, when privacy is kept intact people don't even know. Your reasoning here is severely flawed.

    Facebook is exposing users' live chat sessions and other data to third parties.

    Yep, marketing's a bitch, ain't it? But then again, we're getting Facebook for free and I don't think there's been any case of someone suffering serious harm from Facebook dumping a chat to marketing. Certainly unsettling but has there been any sort of actual case of abuse and harm to the user? I use Facebook and I don't care much. I'm putting my data on their servers and they had me agree to some BS impossible to read ToS so I just mitigate that by keeping anything sensitive off it. If Diaspora takes off -- hey, great -- but until I can communicate with all my friends and family on it who are half a continent away no thanks.

    Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well.

    "Caught?" That's funny. If you don't want to "catch" people "recording" your shit, stop broadcasting it and put some encryption on it and use a hidden SSID. You know, like the hundred or so Slashdot posts have pointed out.

    But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'

    "Prevailing?" So prevailing that you need to reference a half a year old quote that is about all we have of that attitude. That's the predominant force out there? Care to come up with more companies using that sentiment? Care to put that quote into context for me [slashdot.org]? Put the pressure on them and the companies will change. Fact is that nobody's putting any pressure on them so why should they stop doing something which allows them to better market to you with ads and make more money?

    If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that.

    [citation needed] Prosecutor is leading the witness. Seriously, you're putting words into their mouths. Evil, yes they are. Saying that they claim your data is now theirs by way of their actions is ridiculous. Then from there y

    • by joelsanda (619660)

      "Caught?" That's funny. If you don't want to "catch" people "recording" your shit, stop broadcasting it and put some encryption on it and use a hidden SSID. You know, like the hundred or so Slashdot posts have pointed out.

      It is amazing how people scramble to have them fix their security so my data (which I give them, because it's spelled out in the TOS) is 'secure.' I would have agreed with Schmidt's statement if he instead had said:

      'If you have something that you don't want anyone to know, maybe you should

  • anyone vs everyone (Score:5, Insightful)

    by xs650 (741277) on Monday May 24, 2010 @04:02PM (#32327870)

    Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

    There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.

    • Re: (Score:3, Funny)

      by starglider29a (719559)

      There are very few things that I don't want anyone to know

      Gimme a 'fer instance'..

      • Suppose I'm seeing another girl on the side. My friends probably know. I'd rather my main girlfriend didn't know.

        It's not against my moral code nor the laws of my community to be seeing more than one woman at once.

        However, out of courtesy, I'd rather be discreet about the second relationship.

        (To you fiends who will surely scoff at a basement dweller like me having two women: He said "fer instance". He didn't say it had to be true. I know it's a he, because girls don't say "gimme" and "fer instance", the

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.

      Takes a single trusted 'someone' to disclose your info to everyone. It's a sad, losing battle. People can say 'happy birthday' or 'sorry that your wife died', 'sorry you got fired,' etc and the damage would be done before you could delete the comment and have a chat about what is too sensitive to disclose freely to your other friends.

    • by Bigjeff5 (1143585)

      I think Schmidt flubbed it, what he should have said was: "If you have something that you don't want everyone to know, maybe you shouldn't be broadcasting it in the first place."

      Google wasn't hacking into anything, they were connecting to open WiFi networks and collecting information that is necessary to connect to the network . The only thing that was a potential booboo here was they didn't dump the information, instead they chose to save it.

      If you don't want the whole world to know it, don't broadcast it

    • by Deosyne (92713)

      That's why I keep the 'anyone' material in an offline format, typically not even on paper. Not 100% effective, as was hammered home one Monday that I decided to take as a personal day and wander through Sears while countless busybody housewives babbled incessantly to one another about shit that they regarded as scandalous all around me. I now know more about the sex lives of random strangers than I do my own. But keeping it offline is still an improvement over posting the material to the world's first globa

  • You know it's funny. These guys spin the word privacy so much that the idea of sharing becomes twisted. Yes I want to share; But with friends, not with faceless businesses so they can solicit me. The idea that these two things are inseparable is idiotic. I share my personal pictures with friends. That doesn't mean I want them beamed to the world.

    All of these sites need to stop playing stupid. They know wtf is going on and they know what people want. The problem is their customers are not their users, so the

  • I call TROLL (Score:5, Insightful)

    by Gorimek (61128) on Monday May 24, 2010 @04:06PM (#32327918) Homepage

    Both the Facebook chat bug and the Google recordings are unintentional mistakes. If they show anything, it's that completely bug free engineering is hard to do. I think we knew that already.

    The Schmidt quote is just a statement about how this flawed world is, not how it should be.

    The concept of privacy in these times and the future is a very interesting topic, but this post is just a whiny mini rant, not a serious attempt to understand the real issues.

  • by mbone (558574) on Monday May 24, 2010 @04:07PM (#32327938)

    I can remember very vividly GM and Ford (and Chrysler and even Packard) saying basically the same things about cars - they could put in safety features, but they didn't because there was no customer demand for it. This was, mind, when cars had metal dashboards and spear-your-heart driving wheels. This went on until the Federal Government started forcing changes, and until Volvo and other foreign manufacturers started making sales touting safety. I expect to see a similar story arc about piracy on-line.

    • by Bigjeff5 (1143585) on Monday May 24, 2010 @04:36PM (#32328370)

      Federal safety standards are pitiful compared to insurance company standards.

      Federal standards mandate airbags, but only for the driver, not the passenger or side airbags they've been putting in. All of that is coming from the insurance industry - and except for the fact that all drivers must have insurance, it's completely free market. Things like better crumple zones and such are all designed to boost their ratings with insurance companies, because people look at how much the insurance is going to cost them when they think about buying a car.

  • by dominion (3153) on Monday May 24, 2010 @04:07PM (#32327940) Homepage

    The whole idea of "if you don't want it public, don't put it on the internet" always reminds me of this Onion video:

    Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village
    http://www.theonion.com/video/google-opt-out-feature-lets-users-protect-privacy,14358/ [theonion.com]

    There's no reason that we can't have a reasonable expectation of privacy, even in our online lives. Especially from a technical standpoint. If I share some photos with 10 people, and one of those people decides to copy that photo into an email and send it off to 100 people, then that's a social failure, not a technical one. People I trusted betrayed my trust, on a social level.

    But on a technical level, I should be able to share videos or photos or journal posts with a small group of trusted people, and be reasonably secure in the idea that only they will see them. That advertisers won't have access to that photo, that an api won't be able to pull the data without permission, etc. There's nothing extraordinary about that requirement, and that it's treated as absurd and unreasonable shows how far we've fallen from a basic perspective on internet privacy.

    Open source can fill the gap. Our incentive, as open source software developers, is to provide the best software possible, and to not skimp on important features like privacy and security. We aren't trying to cater to advertisers, or to build empires based on fads and hype. I've been working on an open source, distributed social networking alternative to Facebook (and Myspace and other "walled gardens") that called Appleseed that focuses on strong privacy.

    http://opensource.appleseedproject.org/ [appleseedproject.org]

    But most of all, by distributing these services, and allowing users to cancel their profile on one site, sign up for another site, and plug right back into the network they lost, it creates a level of competition so that social networking sites *have* to listen to the concerns of their users. They can't take them for granted. Not just in social networking, if we can continue push for open standards, open protocols, open platforms, etc., it means we have some leverage when a popular service decides to privilege it's revenue stream over the privacy of it's users.

  • But not on Slashdot, right? Right?
  • There's no technical way to guarantee privacy and anonymity... quite the opposite: technology should be used to increase transparency.

    Privacy is to be respected. If someone doesn't respect your privacy, then by all means take socio-political-legal action. But you sort of have to implicitly trust your infrastructure provider - be it your ISP, your phone company, your email provider, etc. to not abuse your trust. And by all means don't use that infrastructure to transmit anything you don't trust them wit

  • by Hatta (162192) on Monday May 24, 2010 @04:10PM (#32327990) Journal

    There's no identifiable information in your MAC or SSID. So big deal there. If you don't want your packets sniffed, it's easy enough to enable encryption. If you don't want your emails shared with marketers, no one is forcing you to use GMail. No one is forcing you to use Facebook for that matter either. These companies provide a service that's free to you, but in exchange for your privacy. If you don't know that's the deal, you have no one to complain to but yourself.

    It's really quite trivial to maintain your privacy on the internet. Use encryption whenever possible, and don't use services from companies who's business model is selling your information. Problem solved.

  • When? (Score:3, Insightful)

    by WillyWanker (1502057) on Monday May 24, 2010 @04:14PM (#32328032)
    When are we going to start taking responsibility for our own privacy? If it's a concern to you then do what's necessary to protect yourself.

    I just don't get why this is suddenly such a big deal. What exactly did Google do that other's couldn't have? If you leave your wi-fi unencrypted and someone accesses it it's somehow THEIR fault???

    If you don't want people to know your business start by not announcing everything you do in a public forum.
  • The blame game (Score:2, Interesting)

    by masterwit (1800118) *
    Finger-pointing should be reserved to politics while those not necessary to blame mitigate and/or find a solution to the problem.

    Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."

    I am all for the world deserves more privacy, privacy laws should exist, etc..."trust" me! But jokes aside, there will always be entities that operate outside what we consider the ideal privacy as long as they are allowed to do so. The problem is not that of each company's policy: since when did we decide that each respective business should and would always hold itself to a hig

  • You ARE to blame (Score:5, Insightful)

    by ADRA (37398) on Monday May 24, 2010 @04:24PM (#32328190)

    Sorry, but please take some responsibility for yourself. If in fact there is something so important that you don't want anyone to know, then don't do it online, PERIOD. This is nothing new and there are very few if any technological measures that can ever be deployed that will guarantee that your privacy / security will ever be secure. The level of hassle involved with making really improbable-to-break security is really hard and requires diligence on the part of the individual. If Vista taught us anything, it is that users do NOT want real security. They want to do what they want and not worry about how the system does it. Well guess what? The system isn't perfect and neither is the security. We live with the imperfection for the sake of simplicity.

    "Facebook is exposing users' live chat sessions"
    This was a defect in their IM system. This could happen in EVERY SINGLE store and forward based messaging system (AKA basically all of them).
    If you expect each facebook user to generate their own Public/Private key then you're diluted (plus it breaks the online chat thing unless you're sharing your private key with facebook which would defeat the purpose).
    If you expect software to be perfect then you're an idiot.

    "and other data to third parties"
    You agree to this when you clicked through their EULA (which is your fault).

    "MAC address and SSID information from public Wi-Fi hotspots ..."
    Data was wide open (which is your fault) and the company erroneously captured it.

    • Re: (Score:3, Interesting)

      by ACS Solver (1068112)

      "and other data to third parties"
      You agree to this when you clicked through their EULA (which is your fault).

      This is something I've been wondering about for a while, I'd love if anyone can enlighten me.

      My country has a constitutional provision saying everyone has the right to know their rights. I don't believe the US constitution has such a provision but I'm sure there's something similar in the legal system. Anyway, I'm wondering about the highly complex legal language used in EULAs and the like. Does

  • by erroneus (253617) on Monday May 24, 2010 @04:30PM (#32328274) Homepage

    Google is an advertising/marketing company. Their motives and actions are consistent with advertising/marketing companies. They seem to be more "generous" than many other advertising/marketing companies in that they give away better "swag" but they are still an advertising/marketing company... and a very successful one at that.

    Within their motives you can determine your expectations of them... and altruism isn't one of them.

  • The news is that it's not new news, but rather a trend that's been apparent for nearly a decade..

      http://www.softxs.ch/alan/essays/googlebomb.html [softxs.ch]

  • by shish (588640)

    Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'

    Less famous than the quote was the context: "All online services hold some amount of data, and the Patriot Act allows the government to access this data, so it's best for you to keep it offline"; but of course reasonable and helpful suggestions don't make good headlines...

God made machine language; all the rest is the work of man.

Working...