TRUSTe Decides Its Own Fate Today 128
Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.
TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.
All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.
If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.
Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.
Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?
Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.
But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.
It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.
So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.
In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.
The organization that wanted to make the FTC obsolete was not off to a good start.
Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.
And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.
TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."
In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.
CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."
Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.
This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.
TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:
"TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."
In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.
Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)
TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.
How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.
That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.
If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.
Is the FTC such a bogeyman that we really need to sell our privacy so cheap?
When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."
Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!
The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.
But, according to some influential people and groups, it has failed.
Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:
"Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.
"Few companies meet key privacy protection principles." About 10%.
"Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.
And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."
(Slashdot has more on this study.)
Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.
Yet, in an October letter to the FTC, the EFF laid down its cards:
"Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."
The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:
"Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."
(McCandlish's personal opinion is even more scathing. Follow the link to read it.)
You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.
If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?
The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.
Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.
(GeoCities has since been purchased by Yahoo.)
Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.
Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?
TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.
And it's making noises like they're actually going to do something this time:
"We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."
For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.
Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?
We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.
Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.
I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.
So far, all we've learned is what fails.
- Jamie McCarthy
He's dead, Jim (Score:2)
It may have been a good idea at the start, but right now their situation would make a good case study titled "The loss of virtue and the disadvantages of being a corporate whore".
Kaa
Privacy Rape and TRUSTe Approval (Score:2)
Kintanon
Change the revenue stream (Score:4)
If this sounds stupid, please excuse...it's pretty early in the morning right now. :-/
--
Interested in XFMail? New XFMail home page [slappy.org]
Regulation (Score:3)
Well, to start with my reading of Gibson and Stephenson is a bit different than yours. The right to privacy as in "He looked at my email! Call the cops and let's file a complaint at the friendly Cybercrimes Court" doesn't exist for sure. However, the privacy in the cyberpunk world is completely in the hands of the individual. Basically, if you care enough about anonymity and have sufficient skills, you will make yourself anonymous. If you don't care or not smart enough, other people, if they care, can look at your data.
That's not so bad a future to live in (it's not that hard to learn to use encryption). I certainly don't want the cops to jump in any time somebody does a port scan.
Yes, Europe has strong consumer protection laws, but all they do is reassert the power of the political structure (government) over private entities. I am much more worried, Gibson's future nonwithstanding about the government power, than about the power of corporations. For example, I am quite confident of my abilities to thwart, mislead and generally disrupt the attempts of corporations to collect personal data about myself, unless I implicitly or explicitly agree (credit history is an intrusion of privacy but is a useful thing to have). However if a goverment, in the name of protecting the consumers, makes it a crime to, say, spoof personal data on the net, or much worse, establishes a registry of net users (mandatory ICQ, anyone?), it will make my life much harder and more unpleasant.
So I do have huge misgivings about the heavy and not particularly bright hand of government messing with the workings of the net.
Kaa
Incentives (Score:2)
Truste was dead earlier this year (Score:1)
Actions speak louder than words, and Trust-e's inaction speaks volumes.
Article link [grohol.com].
TRUSTe and privacy (Score:1)
Trust TRUSTe? Hah! No way! No, seriously, this real flap needs to be resolved, but there also needs to be another privacy service like TRUSTe - something more widespread, that does a large variety of verification services for a varying cost. It's sad to say that TRUSTe did not live up to it's expectations, and the RealNetworks incidents themselves are even more sad. Gov't regulation? Maybe, but keep in mind that these people happen to believe in "Security, er, Privacy through Obscurity", so they'll simply give the illusion of privacy. I think that an organization that lists its members and gives an overview of the privacy measures, sort of like a BBB for internet privacy, would be a Good Thing.
McCarthyism (Score:3)
Any technology that can lead the cops to your door is potentially dangerous technology.
It's this idea that has completely shackled law enforcement when it has come to dealing with computer crimes. The idea that people should be allowed to be completely anonymous in everything that they do is completely unparalleled in the real world. I, for one, am very happy that some method of accountability was unknowingly in Microsoft's products so that they could track down the author of the Melissa virus. People can and should have an identity on the Internet, and while that identity should be protected, it shouldn't be removed because people are afraid that law enforcement will be able to find you.
I also don't think that TRUSTe is as important an organization as it is made out to be in this article. It may shock some members of the Slashdot community, but I had never heard of TRUSTe until the Hotmail debacle, and even then, I didn't stop using Hotmail, nor did I start regulating my product usage by the TRUSTe symbol. I'm sure many others haven't, either.
I really think people are beginning to accept the fact that the growth of the Internet has resulted in a certain lack of online privacy. One may lament it and one may try and fight it, but the idea of a completely open but anonymous society is contradictory. Where there is a data stream, there is a way. People may have a right to certain information privacy, but they don't have a right to anonymity, and the only rights they have to what information a product sends back about itself are market rights. Somehow, I don't think Real Networks is going under because they sent back UIDs from their product. In fact, I'm happy they can track their software.
The constant attacks against companies that engage in marketing devices, information gathering schemes, and content labeling is akin to McCarthy's (Joe, not Jamie) crusade against Communists. Anything that doesn't fit into the ideal is suspect. Guess what? Direct marketers have been using these tools for decades and, *gasp* people have been able to go through your trash for even longer.
I say the Internet needs to start strengthening itself around responsibility. Protecting one's rights is important, but a certain accountability is expected with those rights. So far, I see very little accountability, both on the part of the commercial organizations with their rampant use of undocumented 'features' and with individuals who try to both use and separate their lives from the system. As with all things in life, the middle ground is where I think the answer is. Rampant positioning on either extreme just ruffles feathers and leads to no solutions at all.
Stanton McCandlish, TRUSTe, libel lawsuit threats (Score:3)
I deny it no more, Open Source privacy advocates.. (Score:1)
If the source code to anything isn't available, the program is -- from a securiyt stand point -- suspect.
I paid lip service about this before, but now I'm going to take more closed-source programs seriously before installing them.
Re:Change the revenue stream (Score:1)
But unlike Triple-A, what exactly could this organization do? Presumably they'd spring into action if your privacy was violated? Sue the offending site? I doubt that $25 a year would cover the cost, especially if the site was located in Outer Mongolia or the like. Which court system would you be able to sue them in anyway? Your country of origin, maybe not, depends on your own countries laws. Their country, maybe not, depends on their countries laws. Neither? Possibily! Both? Unlikely!
Self regulation is a bust, companies will always go with the bottom line, and I doubt that a few law suits against the worst offenders would discourage the bulk of them (you can't sue everyone, especially if your using a court system other than the American one).
IMHO the only solution is to pro-active, don't use products or services from companies that don't respect your privacy. If enough people do this, that will affect they're bottom line.
--
Two thoughts (Score:3)
Secondly, negative zero is the same as positive zero, is the same as zero squared, is the same as zero multiplied by infiniy. I understand the point being made, but if a point's worth making, it's worth making without being dressed up to look more than it really is.
TRUSTe badge is a good warning sign (Score:1)
If I read the term TRUSTe, however, I usually can not resist, but opening the firewall's configuration files, and do a quick check if there might be a hole in some rules. I then continue to check if the http/html filters are also in place, and if they do what they are expected to do.
Currently, it is completely up to a user to care about his or her privacy. Everything else is multi-mega-$$$ BS, dumped on us to keep us calm, and prepare us for acting as a good prey when it comes to the next marketing attack. Remember the movie "Mars Attacks!" (no, I don't think Bill G. is an alien :-)). But it's the same mechanism here. Innocently we say hello, and the big guys zap us with their ray guns, say sorry, and are invited for another round "It was just a misunderstanding". Ok, next round, and they zap us again with their ray guns, shouting "Sorry!" afterwards. TRUSTe is earth's equivalent of the martians...
Meaningless Kitemark (Score:1)
On another note, if Mr. bad Hacker puts up an internet site with a large grey box and a popup java/javascript window saying 'you need xyz plugin to make this site rock! get it from here', how many people would actually click through and be presented with a netscape-plugin-lookalike page, maybe even submit some personal details (for updates to this great product) and download a trojan?
And how easy is it to fake one of these icons? If you were a porno site, it would make an ideal badge to those consumers worried about paying $2 for a background check.
The thing is, most people using the Internet are far too trusting, send personal data in the clear, and believe anything. They don't need a TRUSTe badge to help them do that.
The real solution (Score:3)
TRUSTe's main problem is that it's 'service' isn't what people want or even what is implied. The article correctly points out that you can sacn someone's hard drive and sell all the data you mine to the highest bidder and get the TRUSTe seal as long as you bury a description of what you do somewhere in a 10-100 page legalese document that can be downloaded from your site.
What is really needed is a definition of various levels of privacy ranging from active violation to absolute (and protected) anonymity. Then, allow a company to display a simple icon with a rating from 0-10 (10 being the best) which links to a page describing, in plain english (spanish, german, etc) what that means. Naturally, no campany will proudly display a 0, but hopefully, if a site displays a 10, the consumer can feel absolutely confident.
The advantage to that system is that there is a lot less room for weasel words and technicalities. BTW, a 10 should include all logs going directly to /dev/null, ssl, and don't even ask who you are or where you're coming in from. In other words, very rare but possable.
Superbly written article IMO (Score:1)
Re:"the most visible symbol on the internet"? (Score:1)
But if you haven't been around for a long time, its understandable that you wouldn't know about TRUSTe, I had forgotten about them until I saw the article.
Scared little children... (Score:1)
Truste didn't work? Fine, so be it. This doesn't mean I need mommy and daddy to make me feel safe again in this cold cruel world. Grow up! If privacy is a concern to you, change your habits. Truste failed? Then it will pay. It will become more and more meaningless to people. It will wither and die. From its compost something new will arise which may work better, thus evolution continues.
If there is a market for internet privacy authentication services then it will be filled.
Uncle scam can keep his privacy laws and efforts where they are needed, the regulating of himself.
Re:McCarthyism (Score:1)
More than half the users on the internet aren't even aware about their privacy. If you ask your every day joe schome computer user. He's most likely to say "but isn't this private; only my girlfriend can read this letter right?" I don't wanna have to be the one to say no, It isn't private, a major corporation with an idle employee is also reading your email right now. Oh btw if they feel disgruntled and you have a couple credit card numbers in that email expect to be making calls to your credit card company soon.
This is what it all boils down to.
Lets look at it from an everday joe schome user situation. And a joe schome is gonna believe whatever TRUSTe has to say especially if its backed by major corporations.
McCarthyism? I have no clue what it has to do with this at all. Senator Joe McCarthy blamed people in Congress for being communist he didn't blame the actual communist. We aren't blaming the major corporations for doing what we know they will do. We are blaming TRUSTe for being an advocate for it all and pulling the wool over the consumers eye.
Re:Regulation (Score:2)
Microsoft REFUSED audit by TRUSTe (Score:2)
Seriously .. do you actually look at the logo's? (Score:1)
Having said that the first time I noticed TrustE was when the Real Networks hoopla was revealed. Dunno .. perhaps I would be more comfortable if one of the better known non-profit groups took over the role of safeguarding privacy.. the EFF or *shock* ACLU?
Nothing Wrong with the Goal (Score:3)
TRUSTe is not interested in privacy, but that doesn't mean that we should give in to regulation. The government will just be a bigger version of TRUSTe. The membership fees ( bribes | contributions ) will be stiffer, and the process more byzantine and slow, but the end result will be the same.
Re:Change the revenue stream (Score:2)
Gee... I'm Stunned. /sarcasm (Score:1)
And I don't like Gibson.
TRUSTe Watchdog Complaint #2363 (Microsoft/Spam) (Score:1)
I'm still waiting to hear from TRUSTe or Microsoft about my "TRUSTe Watchdog Complaint" filed on Oct. 14.
Earlier in the year I had requested that Microsoft not send email address in question. It took several tries before the email (newswire messages) finally stopped. Months later Microsoft's Y2K message arrived.
This appears to violate Microsoft's stated privacy policy [microsoft.com], specifically principle #2 - Consent:
The text of the email itself seemed to contradict the policy, stating:
In other words, they reserve the right to send important messages even if you have requested not to receive them. Doesn't exactly mesh with the privacy policy, does it?
I have corresponded with TRUSTe about this issue and have had a complaint # (2363) assigned. I have not received any kind of final response, and have had no response from Microsoft.
Great Article (Score:1)
Was it libel? (Score:1)
Secondly, McCandlish asserted that "[y]ou are knowingly or negligiently making provably false statements about TRUSTe with intent to harm their reputation. That's libel." Well, guess what: if that's what you were doing, that is libel, and it's wrong.
Truth is the penultimate defense in libel lawsuits; if what you write is true, then even if it's written with malice it's not libel. If you're acting in good faith, then even if you write is untrue, it's not libel. But if what you write is untrue and you're not acting in good faith, then, brother, you are in trouble and there's no way anyone's going to come to your defense.
Why is it you cited only a few excerpts from McCandlish's EMail, without citing any of your own statements to demonstrate that what you were saying wasn't untrue? The words "provably false" are, if McCandlish is correct in that they are provably false, important in that they demonstrate that what you were saying is false. The words "you are knowingly or negligiently" are, again if McCandlish is correct and you were knowingly or negligiently making these assertions, important in that it shows you don't have a good-faith defense.
You expect a public apology from a man who believes that you were acting libelously? And you expect Slashdot to rally behind you in a "damn the man!" frenzy? It's not going to happen. If you want to demonstrate that what you were saying wasn't false, or that it was based on good-faith information you possessed, then fine -- do it -- then I'll believe that McCandlish was off his rocker.
But until then, brother, all you're doing is getting ticked off because someone told you, "You're screwing up, and TRUSTe could take you to court over this and win".
Wise men pay attention when other people tell them they're screwing up. Fools cling to a tenacious belief that everything they do is right.
Warning: I am not a lawyer, and nothing in here is legal advice.
Re:He's dead, Jim (Score:1)
Check me if I'm wrong, Sandy, but... (Score:2)
TRUSTe has been all but ignored since they came into existence as far as I can tell. It would be nice to see a privacy stamp with credibility - but it's not theirs. Too many 'gotchas" under their watch.
- -Josh Turiel
Re:McCarthyism (Score:3)
I trust your asbestos underwear is in good order...
The idea that people should be allowed to be completely anonymous in everything that they do is completely unparalleled in the real world.
Not everything they do, but some things they do, and that is completely reasonable in the real world. When I walk on a street in a big city, buy myself a cup of coffee, ogle the girls walking by -- I am completely anonymous. And think back to the XIX century -- that's when the basis for all the current laws on privacy and anonymity was being formulated. It was quite easy to be anonymous in those time.
People may have a right to certain information privacy, but they don't have a right to anonymity, and the only rights they have to what information a product sends back about itself are market rights.
Well, we have a serious philosophical disagreement here and it looks to be quite basic (as in, not solvable on Slashdot). I strongly believe in the rights to both privacy and anonymity. I would also argue that in better world, people would have copyright over their own personal info.
Somehow, I don't think Real Networks is going under because they sent back UIDs from their product. In fact, I'm happy they can track their software.
I am glad you are happy. You will probably be even happier to know that RealNetworks tracked not only their own software, but also all the tracks that you've listened to on the RealPlayer, all the music CDs that you've inserted into the CD-ROM drive, and a bunch of other stuff that I don't rememeber right now.
people have been able to go through your trash for even longer.
I don't think you understand the issue. Sure, for a long time anybody who had a lot of time and money was able to collect much info about you. But it was not cost-effective. Now the cost to collect, organize and process massive amounts of personal data is minimal -- it became cost-effective to go through you trash, and much more besides. This is the crucial difference, not whether information gathering was possible in the past.
So far, I see very little accountability
And, pray tell, why should I not separate my life from the system? I, actually, have stong objections to my life being tightly entwined with the system -- see, I don't trust the system at all (and I have my reasons). You have an implicit assumption that the 'system' is beneficial and, for all its warts, is trying to do the right thing. I am unwilling to make this assumption. My goals and values are likely to be different from the system's goal and values. I am perfectly willing to take responsibility for my own actions, but this is not the same thing as being under pressure from the 'system' for being different.
Kaa
Elitism Vs. Egalitarians (Score:1)
If people want privacy, they'll figure out how to get it. If they can't figure it out, tough shit. It's survival of the fittest, and if you can't cut it, then you're not entitled to it. So, let's stop pretending like we're all the same.
While Gibson may be Dystopian to some, his future is at least exciting. I'd much rather live in the setting of Gibson's future than in the world of Vonnegut's Harrison Bergeron.
Re:Was it libel? (Score:1)
You can go read it all in the fight-censorship archives. It wasn't even close to libel, a REAL LAWYER (tm) spoke up and confirmed that. That wasn't e-mail, it was a public posting. The discussion said roughly what is going on right now. I didn't write a treatise, because it would be too long. Anything else?
Junk (Score:1)
crap stupid html formatting (Score:1)
Re:Change the revenue stream (Score:1)
Kaa
BBB online. (Score:1)
The BBB privacy seal [bbbonline.com] looks like it's slightly better than the Truste one, but not by much. They mention a requirement to get consent prior to transferring information for a particular use, but only if that use is NOT mentioned in the privacy policy as a possible use of individually identifiable info. There are also requirements to allow optout from 3rd party transfers, and some other good requirements. It still seems to be mainly a "enforce your privacy policy" requirement.
They've got a BBB child privacy seal, which is basically the same as the adult one, with the addition of requiring a parental consent when acquiring/transferring/using information about a child.
So, it looks like the BBB privacy seal is nearly the same as the truste one. As someone else mentioned, follow the revenue stream to the source, and you'll probably be able to figure out how strong [bbbonline.com] the enforcement procedures are.
In the above "how strong" info, a "respondent" is a business.
As of June 30, 1999, there were 4 complaints, 3 were ineligible for various reasons, and 1 was resolved after the "complainant" contacted the BBB. No cases had been "decided".
The strangest one that was ineligible, was declared ineligible because the business's web-site did not have a privacy policy.
So far, none of the industry-funded "privacy" initiatives seems to have any likelihood to protect consumer privacy. They're still in the "enforce your privacy policy" stage.
There's got to be a consumer-funded privacy initiative somewhere.
Argh, damn enter key. (Score:1)
CPA WebTrust [cpawebtrust.com]
You get audited quarterly and have to pay for the audit. CPA's are expensive.
Sammie's interested... TRUSTme (Score:1)
The first law of bureaucracy states that bureaucratic entities expand their powers to the maximum carrying capacity of the organization they control. By stating this law in the form of a single proposition and applying it to the government of a society by a bureaucratic government, and then taking the limit to infinity, we easily see that entrusting the government with any power eventually results in conceding to them complete power- and thus complete forfeiture of individual control. Thus if you concede to the government the power to protect privacy, you will eventually lose ALL privacy. It may take generations, or at least many years, but it will happen.
I value my privacy, and I am sure that you do as well. Because of this, I think it is safe to assume that this is not a solution any of us would like to see implemented. What, then, is to be done about gross offenders such as Intel and Real Audio? If we don't enact stifling restrictions like the EU 'privacy' laws, who will protect us from these wild beasts, the darker side of capitalism?
I say we can protect ourselves. We are in control here- no matter what the fool propagandists tell you, it is the individual consumers who make the leviathans like Intel able to put id's on their chips. Without a continuous revenue stream, corporations die. No matter how large, no matter how entrenched. The one thing corporations value is your dollar bills. The solution is so incredibly simple... Because capitalism works. Because if Real Audio is really afraid that people will take issue with their inclusion of monitoring software, there is no way in hell that they will include it- unless they receive more net profit through the addition than without it.
I will never buy an Intel processor. I will never own a copy of any Real Networks software. I have already taken steps to ensure that no one at my location will have Real Networks software installed (3000+ seats) because of the security concerns involved; hopefully we will be buying Athlon processors with our future workstations as well. If a few million other people do the same, then every future PHB who looks at a software algorithm for approval will shudder at the thought of infringing upon my privacy and yours.
Scudder
Frankly I don't care... (Score:1)
I looked long and hard and frankly the amount of information they could get off of my machine is minimal. They could get my name, my address and maybe my phone number.
What exactly are they going to do with this? Sell it to other companies? Who cares?
No, I don't like spam. I get all sorts of crap, but its' more of a problem with my regular old mail than it is with my e-mail. I haven't subscribed to a magazine in years just because of this.
If you have information you don't want someone to have access to, don't put it in a place they can get it. I have a cable modem, I'm always connected, so that machine is a public node as far as I'm concerned. I make a point of keeping anything I consider sensitive (don't want people knowing how boring I am) off of that machine. This is the same reason most really sensitive military computers are supposed to be isolated from the public network.
As far a Real Networks goes, this is just one more reason not to install their bloated, crappy software. Yippee!
Re:Regulation (Score:1)
To repeat one of my fav ideas, giving individuals copyright over their personal data would go a looong way towards solving the problem.
I'm in favor of having a government sponsored industry of competing watchdogs. They would get to feed off corporate crime settlement money and compete for government subsidies
I am not sure. They would probably have too much power and would end up blackmailing the industry. "Well, guys, you can plea bargain for some minor infractions and pay only $5m, or we can come in with a full-blown audit which (just the audit) will cost you around $10m. So how about making a reasonable choice?"
I think IRS had a kind of a similar system (people got bonuses for catching tax offenders) and it certainly didn't work very well.
Kaa
Re:Nothing Wrong with the Goal (Score:1)
The problem is not with TRUSTe's goal, but their appearant goal to consumers. Most consumers see them as a privacy watchdog group, who won't give their seal out to sites which will violate their privacy. They don't think of them as a "policy enforcement agency" or some such. That's rather counter-intuitive to begin with.
In fact, even on their website, they don't state that as their goal. They really don't state a specific goal at all, other than "Building a web you can believe in (tm)." How general is that?
Man's unique agony as a species consists in his perpetual conflict between the desire to stand out and the need to blend in.
Re:Change the revenue stream (Score:2)
What I picture as a somewhat effective "International Internet Users Association:"
- Reasonable yearly fees: ~US$25-50/year
- Not primarily legal oriented; more of a "there are a lot of us, so you'd be wise to deal with us fairly" sort of thing
- User fees would fund arbitrators/negotiators who would help resolve conflicts
- Member benefits to encourage membership would probably include an email address and access to the association's database of vendor data
It might not work, but then again, it might be better than what we have.I still don't think legislation is the answer, partially because the Internet is super-national; it exists beyond traditional national boundaries.
--
Interested in XFMail? New XFMail home page [slappy.org]
We lost the war years ago. (Score:1)
TRUSTe does not act in ways that would benefit consumers because that would cost it it's funding. TRUSTe knows this. The EFF knows this. TRUSTe is a dismal failure. Self-regulation in a corporate-driven world is impossible, period. Why?
Because why the hell would you want to give up your biggest source of additional revenue? In today's world, information has a value - especially customer information. If they can send you junkmail till the cows come home that might land them a few extra dollars in business, then you better believe they'll do it. Conversely, they don't want to waste a couple thousand dollars mailing people who don't care either way about their products and will probably just throw it out.
Privacy on the internet? Bah - once you sign up with an untrustworthy ISP, you're already screwed. My ISP back home has very strict policies reguarding privacy. Namely - you get it. They have never sold customer information, they keep minimal customer information, they track no browsing, and send all spammers requesting email lists straight to hell.
A hype-driven company with a couple billion in market cap and no real revenue can't do that. They need money. So they sell out their first customers. So it's just a few at first. But then more and more sign up, and they're getting more and more for customer information. Hey, look, a nice secondary source of revenue. Screw the customer's privacy - we need the operating costs covered.
So, so what if you haven't given a company your personal infromation? You can still be tracked. Cookies. Static IPs. Intel's PSN which really cannot be turned off (independent tests have revealed that the pIII Personal Serial Number can *NOT* be turned off, either by Intel's software or 3rd party software. I recommend NOT buying a pIII.) and is easily obtained and tracked over the web. Gee, Intel's empowering the Internet to watch you and make money off your time. Where's my cut? Oh, wait, I don't get a cut! I'm supposed to just let these people make as much as *$3* *PER* *CUSTOMER* *RECORD* because they're providing me with some service of some sort. Uh. Right.
Of course this is different for every company, yadda yadda, YMMV. But that's how it is, and that's how it's going to stay. The government is driven by interest groups, who's interests lie in making money any way they can generally. It's not in their best interests to protect our privacy. The government doesn't want to protect our privacy - just look at Mosaic[1] - because they don't want "dangerous" people running around. Right. So the government can determine that I'm dangerous because I listen to a lot of industrial and techno.
Privacy was a thing of the past, maybe. Either way, it's a pipe dream. Echelon is real - Iran Contra, Nixon, Jimmy Hoffa, Waco, CIA, NSA, FBI, DOJ! - and privacy simply isn't. And we'll never see real privacy. Why? Because nobody except the end-users want it, and since when have end-users actually gotten what they wanted?
I say we just give up the regulation fight, and start getting hostile. Screw the sites that collect information and resell it. Screw the companies that do the same. Get the laws on our side - violation of privacy is illegal afterall - and take out these scumbags the hard way. That's the only way anything'll ever get done. But rest assured the government will intervene and say that it's perfectly legal, or rush through some legislation that makes it legal... *sigh* nice world we live in, huh? Maybe I should just go back to bed.
[1] Am I the only person on Earth who realizes that Mosaic is a trademark, originally owned by Spry - who was purchased by Compuserve - who was purchased by AOL, and is more than likely still valid? (The trademark was filed in the late 80's or early 90's more than likely, and definitely has been enforced since it's filing.) Of course, this is going off my memory, it's only 10:30, and I didn't get much sleep last night. But my memory generally serves correctly. Somebody wanna pester AOL so we can shaft these 'find the troubled kids' punks?
Re:Regulation (Score:2)
Sounds good- what's the downside- I don't know much about copyright law- isn't that going to be tricky deciding what's yours and what's others? I'm all for me owning everything about me, from DNA to my slashdot comments.
They would probably have too much power and would end up blackmailing the industry.
But since there would be competing watchdog groups, they could easily call each other out on such things. The IRS is so incompetant because there's no alternative- it's their way or the highway. Not so if there'a market that serves people's need for privacy. Unfortunately, it's clear it would be a big enough market to hold enough watchdogs to make it a useful market.
Re:TRUSTe Watchdog Complaint #2363 (Microsoft/Spam (Score:2)
You may be interested in joining a class action suit against microsoft. If so then e-mail Sleffer@home.com
At this moment I have one of the most succesful Class action lawyers in the country looking into my options for a class action against MS, feel free to e-mail me if you wish to join.
Kintanon
If you're going to be pedantic about numbers (Score:1)
"infinity" isn't a number in any system in which people who aren't at least senior math majors do arithmetic, so "zero multiplied by infinity" doesn't have any real meaning unless you specify the number system you're using as one that includes infinity. lim(x->inf) 0*x = 0, sure, but that's not quite what you said. So, if you're going to call someone else on it...
I'm 70 yo, earn $40millions/year and am a woman, (Score:1)
At least that what I claim everytime I have to register to some website.
Let's all be REGISTRATION denizens!
Re:Regulation (Score:1)
Not the government. The legal system. There is a fairly big difference in Western countries.
Kaa
Re:Two thoughts (Score:1)
--
Re:Two thoughts (Score:1)
There is today's offtopic math lesson.
Privacy: No value==No protection (Score:1)
Truste is what people expect, albeit insufficient and the same value as a GreenStamp.
Re:McCarthyism (Score:1)
I think strict guidelines need to be set up as well as a system for punishing corporations that abuse their rights to collect personal information. Surely many of us would agree that the collection of information to provide us with a better service is a positive thing, but I'm also sure that none of us would like it if say your personal medical info was eletronically transmitted without your consent to your employer.
Accountability is good, but the fact of the matter is, you can't trust the industry to police itself, nor can we trust the government to properly regulate it's own use of personal info. Only a set of laws defining what information can be collected and how it can be used, will serve to help the public. It should then be up to the public as to what information they want to release to these organizations. We need privacy, not corporate or government scrutiny of our personal information.
It's interesting you chose to mention telemarketing and the direct marketing industry in general. Are you saying that just because direct marketers have been doing the same thing for years, that it's ok? I don't think so. In fact I believe that this industry needs to be more heavily regulated as well. I believe there was a report on one of the major tv networks just the other night that said direct marketing scams bilked americans out of about $40 billion in the past year alone! Someone needs to put a stop to all of it and soon.
Exposing the Why behind this debacle (Score:3)
The industry can police itself, if it's willing to do so. It merely needs what the government has traditionally provided: Cost.
In economic terms, TrustE could have been predicted to be irrelevant. Consider: Online organizations are almost always desperate for new lines of revenue, due to their ridiculously overstated stock valuations. (In the criminology world, that's called motive.) They're also tied to the hip to advertisers, who are often their primary source of income. (In walks Opportunity.) Aggregation of mass quantities of identifiable information, continually up to date and temporarily difficult to obtain elsewhere, proposes an attractive source of money for companies like RealNetworks.
However, the lack of a direct money trail doesn't immediately, necessarily, or even probably exonerate RealNetworks. It is more than likely that more than a few large media companies agreed to work with RealNetworks in return for "under the table" statistics on the spread(and contraction) of MP3s per Server per State/College/User. Situations like this are perfect for creating plausable deniability, and considering the strength of the Microsoft threat against RealNetworks(nothing short of total annihilation!), it wouldn't be surprising at all if RealNetworks felt blackmailed into violating their customers in such an obscene manner.
But then, Blackmail usually implies risk v. risk calculations--in other words, RealNetworks had to feel that they'd experience some tremendous loss by favoring their corporate partners above the trust of their customers. Thus the genius of sponsoring TrustE. TrustE was practically made-to-order for corporations--whatever the privacy policy happened to say was OK by them, and since they were dependant on the very companies they were supposed to attack for their very existence, the organization was forced to bend over backwards to avoid conflict with their sponsors.
As I argued in this post [slashdot.org], privacy policies can be twisted to say anything, and not obviously at that. Truly an ideal situation for companies like RealNetworks.
Add in the fact that the same companies who would demand privacy violations are those same companies who could get glowing stories of new privacy protections being quickly implemented, which of course had a nice +25% impact on stock price(ooh, even more ridiculous stock valuation!) when it finally happened, took what should have been a blackmail situation and converted it into a beautiful example of a Win/Win, with the public absorbing the cost.
But why? In the covert war against MP3, intelligence and co-option is everything. RealNetworks placing itself as the source for (much lower quality 96kbps) MP3s gives them the ability to control who encodes what, using which standard, and reporting back the ever valuable percentage of the population complying.
After all, knowing when to lower the boom on non-compliant MP3s, mainly by releasing players that suddenly refuse to play the finally-rare noncompliant MP3, is completely tied to knowing how many people are in violation.
So the strategy is exposed. The question is, what could have been done in advance to prevent such a situation? Legislation isn't necessarily the answer; laws aren't really that much more than a societally enforced contract with the government. Weak laws(which we already have in abundance) wouldn't have prevented this plan from going into effect.
The simple answer is that TrustE needs to make money for busting violators. Possibly that means a bounty system, paid by a FTC fund. However it works, right now TrustE makes money by pleasing its sponsors.
That not only has to change--it's going to.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Re:TRUSTe Watchdog Complaint #2363 (Microsoft/Spam (Score:2)
While it wouldn't be worthwhile for an individual to sue, maybe class-action suits against sites that violate their own privacy statements would serve to inject some cluefulness into these corporate behemoths.
You missed one: TrustE and eBay. (Score:1)
They gave a list of "inactive" customers to a third party, and spammed them all with a "look how cool our site is" message.
TrustE has not yanked their logo.
(More details available upon request, or read discussion in news.admin.net-abuse.email.)
Re:McCarthyism (Score:1)
--Laci
Re:Change the revenue stream (Score:2)
We at ompages.com seek to do precisely that. Privacy is essentially a private matter. That means that the person in control of one's privacy is not some corporation with some policy. Rather, it should be the individual internet user.
The software and technology to secure privacy on the internet should be within the physical possession of the person seeking to retain privacy. One cannot give away personal information and expect the recipient to be trusted without some legal privilege to do so.
Privacy vs Anonymity (Score:1)
Privacy and anonymity are two different things. You can have both, neither, or either without the other.
Your medical records are not anonymous, but they are private.
A /. posting by an AC is anonymous, but not private. In this case, the lack of privacy is voluntary (and desired).
Spam-mail is one example of your privacy being invaded by someone who doesn't know (and doesn't even care) who you are.
Your personal privacy can even be violated publically by someone else while retaining your anonymity intact. An example of this is the growing trade in hidden-camera and upskirt videos. See, for example, this article [salon.com] in Salon Magazine.
Relying on anonymity is a poor second-best to having your privacy respected.
First Amendment + Miranda Case = Right to Privacy (Score:1)
Actually, Constitutional Law combined with Case Law (Miranda case) makes a strong argument for the right to privacy.
The First Amendment grants people the freedom of speech.
The Miranda Case grants people the right to remain silent.
It seems to me that:
The right to speak with those you wish to speak
+ The right to remain silent with those you do not wish to speak
= Right to Privacy
Re:The real solution (Score:3)
Folk forget that the original "eTrust" (not "Trusty" as they call it now) was pretty close to that. As I recall:
Part of getting watered down to become the "Trusty" service we know and loathe was removing all levels except the useless one.
What moron thought that was useful for consumers?
The hard issue is that corporations want pure reward, with no responsibility or risk. And they just don't know how to protect data once they've collected it ... and it's too easy for any little team to start collecting that data, and big companies don't have that much control over the hundreds of teams that can represent them on the web by putting a site up. Control would restrict "innovation" (keyword cross-reference: "theft") and that's clearly bad, right?
Given that corporate incentives are exclusively to abuse private data, there is really no way that self-regulation can ever work.
Here's a quick fix to solve Real's snooping (Score:2)
Registrant:
Progressive Networks, Inc (REAL7-DOM)
[...]
$ whois "progressive networks"@arin.net
PROGRESSIVE NETWORKS (NETBLK-CW-204-71-154) CW-204-71-154 204.71.154.0 - 204.71.154.255
PROGRESSIVE NETWORKS (NETBLK-CW-208-147-88) CW-208-147-88 208.147.88.0 - 208.147.88.255
PROGRESSIVE NETWORKS (NETBLK-CW-208-147-89) CW-208-147-89 208.147.89.0 - 208.147.95.255
Progressive Networks (ASN-PROGNET) PROGNET 5054 Progressive Networks, Inc (REAL7-DOM) (NETBLK-ABOVE-REAL) ABOVE-REAL 209.66.98.16 - 209.66.98.23
[...]
$ ipchains -A output -d 204.71.154.0/24 -j DENY
$ ipchains -A output -d 208.147.88.0/24 -j DENY
$ ipchains -A output -d 208.147.89.0/24 -j DENY
$ ipchains -A output -d 209.66.98.16/255.255.255.232 -j DENY
$ echo All is well.
This quietly blocks all packets bound for any of Real's IP subnets. Snooped info about you being fired off to Real's servers is quietly dropped on the floor. No error message. No explicit packet rejections to scare the Real Player. The software will assume simple internet problems are the cause. Although, I assume it wouldn't report an error to the user anyway. I mean, what's it gonna say? "Alert! Unable to spy on you. [RETRY NOW] [TRY AGAIN LATER]"? Yeah, right. If you want to see the snoop attempts show up in /var/log/messages, append a -l to the above commands. This also disables the annoying "you need to upgrade your player now!" messages since it can no longer check. This works for my linux box and for the Win98 machine (since it gateways through the linux box).
Re:TRUSTe badge is a good warning sign (Score:1)
--
It's October 6th. Where's W2K? Over the horizon again, eh?
Re:McCarthyism (Score:1)
No, what has shackled law enforcement is the fact that it has chosen to piss away its own credibility. Most people a generation or two ago had the highest respect for police officers, G-Men, etc -- but not any more, after a long list of dirty deeds (COINTELPRO, MOVE, Ruby Ridge, Waco, Filegate, etc ad nauseam) has come to light.
Attempting to point the spotlight at citizen skepticism toward the government is a blame-the-victim scam.
/.
Who needs Truste? (Score:1)
First of all, if you are asked for a required address, and you're not ordering a product to be mailed to you, your adress is "123 FakeAddress Dr."
If, on the other hand, you are ordering something online, read the freakin' privacy agreement. I've read them, and they aren't that hard to understand. Also, the parts about selling your personal information are almost always clearly labeled.
The simple fact of the matter is that asking the government to step in simply because you are lazy is hypocritical and unfair to others. Government regulation is designed for lazy people, so if you want freedom online, you have to work for it. You can't have your cake and eat it too. Personally, I'm willing to spend an extra five minutes of my time reading an agreement if it means keeping the government out of the one remaining bastion of free speech and capitalism in the world.
Press release is out... Guess what they said? (Score:1)
Here's a quote:
"After an initial inquiry, TRUSTe found that because the transmission of user data through RealNetworks' RealJukebox program did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program," said Lori Fena, TRUSTe's Chairman.
I'm kinda gettin a case of Deja-Vu...
Ok, time to defend M$ for a change (Score:2)
Not a lot of pure Black & White in the real world, and this is one of those grey areas. Now if I had dropped a subscription to their mailing lists and got a pitch for W2K I'd be pissed.
Damn, I feel icky after defending M$... better go take another shower now.
Press Release: TRUSTe and RealNetworks Collaborate (Score:2)
For Immediate Release
Contact Information:
Dave Steer
Director of Communications
TRUSTe
408/342-1943
415.260.9669 (mobile)
TRUSTe & REALNETWORKS COLLABORATE TO CLOSE PRIVACY GAP
Pilot Privacy Seal Program for Software Applications Initiated
Cupertino, CA, November 8, 1999 - TRUSTe, the leading online privacy seal program, today announced that it is expanding its commitment to supporting consumer trust and confidence in a networked environment. The recent incident involving RealNetworks prompted a broad set of solutions for addressing consumer concerns about personally identifiable information.
Today's announcement follows reports that RealNetworks' RealJukebox product transmitted globally unique identifiers (GUID) to RealNetworks via the Internet. In response, TRUSTe immediately sought to uncover the nature of the reported data collection practice and gauge the scope of the RealNetworks situation.
"After an initial inquiry, TRUSTe found that because the transmission of user data through RealNetworks' RealJukebox program did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program," said Lori Fena, TRUSTe's Chairman. "However, because consumer trust is more important than legal technicalities for both TRUSTe and RealNetworks, we have worked together to find a series of appropriate solutions."
"RealNetworks recognizes the importance of protecting consumer privacy, and apologized to its customers for not being clear enough about the data being transmitted by the use of RealJukebox. Issues associated with use of GUIDs in consumer software products should be of concern to the entire Web community," added Bob Lewin, Executive Director of TRUSTe. "That said, TRUSTe recommended a 5-point program to RealNetworks for restoring the trust and confidence of its customers."
RealNetworks, working closely with TRUSTe, will implement a series of changes to its current privacy practices. Beginning immediately, RealNetworks will:
Conduct Third Party Audit - RealNetworks has agreed to conduct an outside audit of its privacy practices to ensure that privacy issues raised regarding RealJukebox have been resolved. In particular, the audit will verify that RealJukebox GUIDs have been disabled and are no longer associated with email or other registration data. TRUSTe and one of the major auditing firms familiar with the fair information requirements of TRUSTe's program will conduct the audit. A report will be issued upon the conclusion of the audit process.
Privacy Statement - The Web privacy statement that has been certified by TRUSTe will be modified to inform consumers that the audit described above is underway.
Opt-In - RealNetworks has already announced that it has disabled GUIDs in RealJukebox, and beginning with today's release of RealPlayer 7, RealNetworks will anonymize GUIDs and require consumers to opt-in to enable the use of this feature.
Privacy Officer - RealNetworks will identify a key privacy officer who is responsible for handling the company's privacy practices and policies, customer privacy complaints, and who will serve as a liaison to TRUSTe.
Consumer Education - RealNetworks will collaborate with TRUSTe to identify consumer education programs relating to Internet privacy. These programs include educational forums, Web sites, and other communications activities aimed at educating consumers about privacy issues on the Internet.
Rob Glaser, Chairman and CEO of RealNetworks, said, "Our customers care a great deal about privacy issues. We want to demonstrate that we value the trust of our customers by playing a leadership role in moving the software industry to the next level of privacy protection for consumers. What we found through this process is that it is imperative for senior management of a company to be active in communicating the importance of consumer privacy and trust through the design and development of their products and services. We are committed to working with TRUSTe to demonstrate a new standard for personal information practices in software applications."
Beginning immediately, RealNetworks will work with TRUSTe to verify the application of fair information practices in its consumer software products that transmit GUIDs and other data via the Internet. Under the direction of TRUSTe, RealNetworks will establish the first-ever software privacy statement, clearly disclosing what personally identifiable information is collected and how that information is used. TRUSTe will also establish a working group comprised of experts from within and outside of the software and Internet industry to advise the organization on how to best extend its privacy seal program.
"As the line between data collected on Web sites and the rest of network software applications has become blurred, TRUSTe recognizes the need to expand its program to the greater network," said Lewin. "Just as we did more than two years ago with our Web site privacy seal program, TRUSTe will begin working to establish a seal program with oversight on software privacy practices that utilize personal data."
About TRUSTe
TRUSTe, the leading privacy seal program, is an independent organization dedicated to building consumer trust and confidence in individual data practices. The TRUSTe network of participating companies include: America Online, Compaq, Ernst & Young, Excite, IBM, Intel, Microsoft, and Novell.
Founded in 1997, TRUSTe is the premier privacy seal program worldwide. The TRUSTe seal is currently displayed on all the Internet's portal sites, 15 of the top 20 sites and approximately half of the top 100 sites. TRUSTe was recently rated the most visible symbol on the Internet by Nielsen//NetRatings.
TRUSTe is based in Cupertino, CA, with an office in Washington, D.C. For more information, please visit the organization's Web site at www.truste.org.
If you really want privacy regulation (Score:1)
Remeber the Thomas hearings? Someone went and dug up his old video store rental records. *Very* shortly after that, it became a crime to release/publish video store records.
How long do you think it would take to get some reasonable privacy regulation if the community started posting the personal e-mail accounts, surfing habits (via some DoubleClick [slashdot.org] info, perhaps?), and online purchasing history of every member of Congress? And their family?
Re:If you really want privacy regulation (Score:1)
start attaching the online privacy
Uh, make that attacking
Remeber the Thomas hearings
Remember, as in "Remember to spell-check those posts!"
Self Regulation... Of What? (Score:1)
So this self regulation experiment failed. But what was regulating itself? Was the internet regulating itself? As I understand it, no. Business was (failing to) regulate itself. This isn't surprising. Witness MS vs DOJ. The involvment of the net isn't significant.
In short, this is just another case requiring government action to force business to treat citizens decently.
sklein
There are legal issues (Score:1)
TRUSTe certifications are backed by accountant's signatures on opinions (there are technical teams that work for these accountants to validate the opinion). If an accountant signs a fraudulent opinion they are guilty of the same crime that a doctor commits if he or she performs the wrong operation: malpractice. That's why "Big 5 accounting firms" are involved in TRUSTe -- because their statements give TRUSTe the weight of authority.
Doctors are certified to perform medicine, lawyers are certified to give opinions and accountants are certified to attest to things. If the quality of these certifications are not legally enforced, then they are pointless. Competant lawyers and accountants are not just filling a "market need", they provide needed infrastructure for the world net junkies like you have come to rely on.
Re:Regulation (Score:2)
I've just moved from Canada to the US, and I'm amazed at how much worse off I am in the US in terms of privacy. There's a lot of tracking of individuals going on in the US, and much of that is driven not by the government (though they do their share, e.g., mandatory placement of SSNs on drivers licenses), but by corporations. The US has slowly been building a national identity system (based on Social Security Numbers) for a couple of decades now, and much of that is driven by corporations. (It's not only perfectly legal, but perfectly usual in the US for a corporation that has no tax-related relationship with you at all to refuse you service unless you supply an SSN.)
Sure, governments can and do abuse their power. But in democracies they are, to some degree, responsible to the people. Corporations never are.
Also, I'd like to note that this fear of government is a particularly American fear. (Perhaps some of it comes from those same Republican party politicians who, during the Regan years, more than doubled the size of the US government.) There are a lot of countries in the world that have had `big govenment' that do quite well, and do a much better job of protecting their citizens' rights and privacy.
cjs
What a load of tripe! (Score:1)
This is first-rate B.S.! TRUSTe has just defaulted on its commitment to privacy!
Re:The real solution (Score:1)
Could perhaps a rating system be made to operate through a browser plug-in. The plug-in would match the URL with a (regualarly updated) database stored on your computer and display the rating on the title bar or status bar. It could also provide a link that you could click on that would bring up a pop up window giving details.
This way, not only would you have assurance that a site has good privacy practices (as opposed to policies) but you would also be warned if a company doesn't and not just assume that it is unrated.
It doesn't matter. (Score:1)
Bzzt. Wrong (Score:1)
With or without Tommy *shiver*
Re:Odd (Score:1)
Re:Ok, time to defend M$ for a change (Score:1)
Sorry, but:
1. You always get to say "go away", and mean it.
2. You never, ever, get to send bulk unsolicited messages.
MS was wrong on two counts, and the first one was a violation of their privacy policy.
Re:Change the revenue stream (Score:1)
list. I'll check out ompages.com now, sounds interesting.)
+++++++++++++++++++++++++++++++++
Nice analysis on Slashdot, Jamie. I'd only add my opinion that
just because TRUSTe has demonstrated over and over they're
not trustworthy does NOT mean that the executive, legislative,
or even judicial branches of the US government have suddenly
become more trustworthy. IMO, it's negative-zero vs negative-
zero.
The problem here is a bad funding-model. Whether it's giant
corporations or suspiciously-wealthy Buddhists, if individual
privacy is desired you're going to see better results if you use
individual funding. The top-rated comment, titled "Change the
revenue stream" by Brian Knotts (bknotts@europa.com) says
it pretty well, IMO. "Follow the money" is at least as true now
as it was in Nixon's day. I agree with Michael that whoever is
reading the info@truste.org mail should update that resume,
and I'm sorry (though not surprised) to hear RealNetworks'
stock (like M$ stock) went up instead of down today.
The advent of instantly-settled bearer payment media should
make individual-funding revenue models easier to implement.
See http://webfunds.org/download/zip_README.html for more
about one bearer payment* method, there are others too.
JMR
* My company is (somewhat tangentially) involved with the
DigiGold folks, although the Webfunds wallet is open-source
and supports any type of payment it can.
TRUSTe and the Big Lie (Score:1)
Folks familiar with the history Jamie recounted knew that TRUSTe was going to weasel out on this one. Still, their audacity is shocking.
TRUSTe declared the privacy violation "did not involve collection of data on the RealNetworks Web site" and so washed their hands of the whole sordid deal. Well, not so fast there, buster. TRUSTe is correct that the GUID -- a unique identifying number -- was transmitted by application software. The most intrusive danger, however, is that Real would correlate the GUID against user registration information. And user registration information is gathered -- you guessed it! -- on the RealNetworks Web site.
TRUSTe cannot be trusted to safeguard our privacy. In fact, TRUSTe may be the largest barrier the industry has created in the fight for consumer privacy.
Re:Sammie's interested... TRUSTme (Score:2)
That gives them 100 million dollars -interest-, as play-money, per year. Easily enough to keep said company afloat, even if they never sold another product to the consumer.
Now, let's say that consumers rebelled, and refused to buy any products from that company. It is STILL making money, though, off it's interest alone, and still makes a lot of money, selling to OEM's.
In the end, if NOBODY on the face of the planet ever used a product from that company, ever again, it could STILL afford to sneer in your face, and STILL have the money to control what software and hardware is produced by who.
Face it. We are peons. Nothings. Insignificant specks of dust, to Microsoft. And even if you gathered all those specks of dust into one place, you'd STILL have nothing more than specks of dust. No great "almighty" power, no Goliath, wielding a +5 Credit Card of Destruction. Bill Gates and Microsoft can affoed to weld the gates to Redmond shut, and Microsoft would still grow faster than any other company in America.
The golden rule of capitalism is that whoever has the gold makes the rules. And Microsoft has all the gold there is. Capitalism cannot fight Capitalism, any more than a fire can put out a fire.
Re:Change the revenue stream (Score:1)
In a hundred years, a united world will look back and remember the birth of the internet as the beginning of the end of the nation-state. Given the massive changes we have seen in the past 12 years, and the massive economic forces involved (the lure of truly global markets, the problems with tax collection from cross-border trades), it's even possible some of us may see this conglomeration happen in our lifetimes.
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Re:The real solution (Score:2)
The plug-in would match the URL with a (regualarly updated) database stored on your computer and display the rating on the title bar or status bar. It could also provide a link that you could click on that would bring up a pop up window giving details.
That's a good idea. As an option, it could also be handled by a proxy (for NCs, set tops, and platforms/browsers that are not yet supported.
Never heard of them (Score:1)
application for Trust-e seal (Score:1)
Dear Trust-e,
I respectfully request the address of the payola point. With said address, I can send you a large donation & gain your little privacy seal without really giving the marks any privacy at all.
If we get caught, I believe that the amount paid to you should be enough that you really would not do anything to the company at all. Agreed?
Re:Great Article (Score:1)
Re:The real solution (Score:2)
It seems that those sponsors who are behaving would resent the devaluation of their rating by those which aren't.
Couldn't the original system work if TRUSTe focused on those who would withdraw if they didn't play hardball, rather those who would withdraw if they did play hardball? Let the cheaters keep their money and lose their certifications -- wouldn't that make the value of the remaining certifications go up?
Or are all of the companies playing it crooked?
--
It's October 6th. Where's W2K? Over the horizon again, eh?
"Got off on a technicality" (Score:2)
Technically correct, but indicative of how worthless the badge is in practice.
We need to start putting a parody badge on our own web pages, TRUSTMe.
--
It's October 6th. Where's W2K? Over the horizon again, eh?
Re:TRUSTe has paved the way for gov't privacy mand (Score:1)
Re:Regulation (Score:1)
TRUSTe Irrelevant; Full Disclosure For All Progs (Score:1)
We're now at the point where internet connections are common enough and alternative payment methods like banner ads in non-browser software are starting to catch on, and that means that every software application really needs to come with a full disclosure of what conditions, if any, will cause it to establish a network connection, what data will be sent, and what will be done with the data after it is uploaded. As much as I normally loathe regulation, this is one that should be enforced by law. For 95% of the software out there, the disclosure would be pretty simple: none. For most of the remainder, the answer is still pretty simple, e.g. "FooMail sends and receives email messages at periodic intervals under control of the user". The remainder is what we need to watch out for, e.g. "InnocentJukeBox scans your hard drive for new, non-copy-protected MP3 files and sends a list of new additions to www.riaa.com every time an internet connection is established."
The disclosure could even be vague, like "Word2002 periodically uploads personal data and usage patterns to microsoft.com" but who in their right mind would consent to use an application like that?
Unfortunately, I doubt that enough people give a damn. Real Networks stock seems to be up following a new web site launch, now that the privacy issue has exceeded the attention span of the media.
Atguard ? (Score:1)
Atguard may have done the job, http://www.atguard.com , but has just been bought by Symantec.
Can anyone help with this ?
Cheers
Re:McCarthyism (Score:2)
There will always be abuses. There have always been abuses. Fortunately, abuse occurs very infrequently, despite what the mass media would like us to think. There's no news like bad news.
I for one trust my local law enforcement implicitely. If they fuck up, I have faith that they will either learn from their mistakes or their own internal reviews will see to it that such a mistake doesn't happen again. I most certainly wouldn't *deny* my law enforcement technology on the basis that it *could* be abused. The system has always worked on compromise. The gains outweigh the drawbacks. If a cop abuses his status and does something wrong, take HIM to court. Don't hamper law enforcement entirely. If we got rid of every power law enforcement had that was theoretically capable of being abused, our law enforcement would have no power at all. Don't fight the technology. Fight those that would abuse it. Request checks and balances and means to make people accountable for their actions.
Re:McCarthyism (Score:1)
If you don't want your Internet activity tracked back to your computer like your telephone activity is tracked back to your telephone number, go somewhere else and use a public terminal like you'd use a public telephone.
Re:I'll start embedding your userid into my Word d (Score:1)
I don't believe this was cause to arrest. I think they questioned him and he confessed to writing the virus.
Information like this wouldn't be classified as hard evidence for precisely the reasons you state, but it DOES help to point law enforcement in the right direction. If it ends up being forged, law enforcement loses nothing except a bit of time following a bad lead.
Re:I'll start embedding your userid into my Word d (Score:1)
I don't believe this was cause to arrest. I think they questioned him and he confessed to writing the virus.
Information like this wouldn't be classified as hard evidence for precisely the reasons you state, but it DOES help to point law enforcement in the right direction. If it ends up being forged, law enforcement loses nothing except a bit of time following a bad lead.
Re:McCarthyism (Score:1)
I happen to agree with the viewpoint of the author of this comment, and I also believe that anonymity, unlike privacy, is not a right. Why does everyone have to equate anonymity to privacy? If one is in the privacy of one's own home, one is not necessarily anonymous.
Public interaction has never been anonymous, and comparing buying a cup of coffee to spouting political opinions is apples and oranges. Sure one can walk down the street and harm no one and no one will take notice, but as soon as others are affected by an anonymous stroll in the park, I assure you that anonymity is out the door. You can go ahead and make your case about how you should be able to steal other's credit card numbers and passwords and pass them around to the world anonymously, but I and every other rational person on this planet is going to want to find out who you are.
One may remain anonymous as long as one is not infringing on others rights, but after the point of infringement, people are going to want an identity to point to. Even if one's name is on a list, with one's address and other such information, one will retain anonymity because no one else will care until they are bothered.
And for all you anonymous cowards out there, you can be sure that no one is going to try to find out who you are, until you do something stupid. As soon as someone posts a threat to kill the President as AC, the Secret Service will be banging down Andover's doors with a warrant insisting to find out who exactly posted the offending message. And they will find out. (please note, all you echelon operators, that this note is in no way, shape or form, a threat upon the President of the United States!
Consumer Reports Magazine (Score:1)