Forgot your password?
typodupeerror
The Internet Your Rights Online

FTC Petitioned on Data Profiling 76

Posted by michael
from the not-as-anonymous-as-you-think dept.
Mephistopholies sent /. a link to an AP article about this Washington hearing, but I prefer the more complete NY Times story about it. The Federal Trade Commission is being asked to examine web profiling and tracking technology as used by the likes of Doubleclick to track users across multiple sites. The article also notes that it is likely some sort of bill to facilitate taking away individuals' domain names (you may have heard this spun as an "anti-cybersquatting" bill) will pass this year.

A side note: slashdot readers who like YRO stories should realize that we will posting an increasing number of them in the YRO section only - they won't ever appear on the main page of slashdot.org, but will be accessible via the Sections link on the left side of the page, and there's a YRO slashbox now, too, so you can see the headlines for YRO on the home page if you so desire (and are minimally competent at setting your user preferences).

This discussion has been archived. No new comments can be posted.

FTC Petitioned on Data Profiling

Comments Filter:
  • by Anonymous Coward
    As much as most /.'ers like for the net to be free from government regulation, I think the time for that is soon coming to an end. It seems to me that the net could be free from regulation only so long as nothing of any importance passed on it. Now that more and more business is being done on the net, and it is being filled with children and little old ladies rather than college students, I don't think that is tenable. A wonderful example of how this is the case is the whole cyber-squatting issue.

    The assumption of many in the net community is that having a little bit of government, a little bit of restraint, a little bit of regulation is like being "a little bit pregnant". I don't think this is true. You see, the irony in the phrase "a little bit pregnant" arises from the inevitability of pregnancy. Once you are "a little bit" pregnant, you will soon be /very/ pregnant. In nine months, you are going to have a child unless drastic measures are taken. It is as inevitable as a stone rolling downhill.

    I don't think that regulation is like this. In fact, there is ample empirical evidence that it is not. Consider the meat-packing industry. For almost 100 years, it has been subject to federal and state regulation. Yet today, it is far from dominated by the federal government. You could argue that the regulation has been ineffectual: tyrranical it is not. Regulation has not grown to the extremes of communist control of industry that were predicted.

    I guess that's my only point: many on the net are so afraid of the government that they fail to recognize the positive work that government can do. Like the meat industry in the 1890's, we are so afraid that the government will "take over" that we don't mind letting a few kids die of e. coli poisoning.

    I wonder if, like the meat industry, we aren't really motivated by short term profit at any cost? Our privacy, our dignity as humans, anything for money.

  • by Anonymous Coward
    If you don't want to be tracked just turn off your cookies. In the newer browsers you'll also be able to choose certain sites you don't want to use cookies on. However, what's the big deal that people are seeing what banner ad's you've seen? As long as they don't call you during dinner time what's the big deal?

    I have never ever heard of one case of misuse of collected consumer information. Ad companies could care less about that, that's like selling porno to kids, it's not ethical AND there's no money in it. The only people interested in gathering information about you for sinister reasons is the NSA and the FBI.

    It's ridiculous that people are worried about this. Ooooh they are going to know that you buy 19th century british history books at amazon or that you've looked up asian sports bras on yahoo. Big deal! If I were going to be worried about ANYTHING I would worry about whether my web-based email service is snooping around in my online email. Now that's a serious privacy threat but nobody seems to worry about that one. It's just those dirty advertising companies who know what banner ads you've seen.

    What is the WORST thing that can happen if a web site tracks your movements? They show you banner ads that are more to your liking? Oh NO, The sky is falling! They offer you discounts on products they think you might like. OH NO! Why are people so freaked out about this?

  • by Anonymous Coward
    ...they are tracking you surfing habits and spending habits, if you buy things. They are going to send you banners based on these surfing and spending habits. Now that's not so great, but this has nothing to do with pr0n or mp3's or warez or whatever.

    This has to do with any site that runs doubleclick ad-banners, and some that don't. A /.er in a previous conversation found a 1x1 pixel gif on the FED-EX site that was trying to implant a doubleclick cookie. I don't know what the fact that I ship things has to do anything with what my spending habits are, and I don't care. As far as I'm concerned it's not their business. And I'm sure Fedex isn't the only place out there doing this.

    If you are a lynx only guy then I'm sorry I don't really know what to tell you. I like the pretty pictures I guess.

    I would say that there isn't much difference, as Lynx handles cookies like any other browser.

    Get junkbuster and make all your freinds get it too. Let the companies figure it out for themselves. Of course there are always plenty of sheep tucked away in Doubleclicks databases.
  • Posted by NJViking:

    Does the cypherpunks/cypherpunks login still work at NY Times? IIRC, last time I tried getting in, it didn't work, so perhaps NYT has removed that.

    -= NJV =-
  • Posted by NJViking:

    Junkbuster can stop web redirectors from tracking where you've been. I think more and more people should be running this type of software in order to avoid being tracked by direct marketers.

    -= NJV =-
  • How bout this: our elected officials use a little bit of common sense? We don't need a legal definition of a "rider", combined with some legalistic prohibition against them. We simply need for politicians to change the rules of congress to forbid them and stick by that promise.

    Why does our society always feel the need to check its common sense at the door?
  • Granted on the CDA. I am very grateful that it was found unconstitutional. But the CDA would almost certainly not have been applied to the sites in question. The thing is that limiting sales of pornography is not the same thing as book burning. And yet that is the dichotomy we are eternally presented with. Society tries to assert that "an inch is as good as a mile" and if you are for something in its mildest, most attenuated form, then you must also support its most outrageous excesses.

    If you're against total freedom for smut on the Internet (I am), its assumed that you are against the free distribution of (for example) Howl by Ginsburg (I'm not). If you're against allowing lesbian and gay households to adopt children (I am) you are assumed to be a homophobic asshole (I'm not). If you're a Christian (I am), you must be either a Fundamentalist (I'm not. On an aside, I wonder how many people who scream about the "Fundies" could define Fundamentalism as a movement? Not many from what I've seen.) or a Liberal Socialist Universalist (I'm not). If you think that Jews need Christ (I do) then you are considered to be a raging anti-semite (I'm not -- In fact, if I had been a German I would have qualified for the death camps, and I loved my Jewish grandfather dearly.)

    Our society tries to condense everything into sound bites, reduce all issues to black and white caricatures. This is a Really Bad Thing! In the end, the only safe position is to have no opinions at all.

    But back to the point. A little bit of censorship is not the same thing as a lot. And a little bit of government interference in the net is /not/ the same thing as NSA line-eater code in every router. I think that the government regulating privacy on the net has the potential to be a Good Thing. In fact, I would like to see them do more regulation of Privacy off the net too.
  • What you say is true, so long as the information forbidden is totally forbidden. In order for it to be totally forbidden, it must be totally unknown.

    Anti-pornography laws do not qualify. The material to be forbidden is well known and understood, and is generally not totally forbidden, only made more difficult to acquire. I realize that the "well-known and understood" is a value judgement, but at the very least there is ample opportunity for oversight as to what is being forbidden.

    The /danger/ is when something is forbidden and totally hidden. I'm far more worried about the NSA than about the CDA -- the CDA cannot go too far beyond the realm of reasonable and proper without public knowledge, especially as /none/ of its prohibitions applied to adults so long as you confirmed they were adults. (It was still bad law, but my point is that it was not as black as you paint it).
  • However, I don't want companies looking around at my web browsing patterns... why? It's none of their god damned bussiness how, when, why or where I browse the web.


    My comment about pr0n was not so indicative, my bad. When I talked of pr0n, it was as an example - I'm with you with your point. It's difficult though isn't it - you go into a shop - is it the business of that shop to find out what you buy? Is it their business which route you take around it? Is it their business if they can change their shop by looking at how people go around shops in general?

    Maybe you'd like their shop more if they did look and acted upon it.

    I'm with you though. I'd like to be able to look at sites without doubleclick knowing about them. I'd like legislation to make it impossible for them to join these usage databases with user registration details. Why? I'm not entirely sure. I'm not sure whether I care so much about what is 'my business', I just don't like it, and that should be enough. It looks like it will be, with possible legislation. But from the companies' point of view, they want to see how they can gear their site towards you more, so they can get more money from you. They don't see that as so bad. But it looks like we might win to an extent. Hopefully!

    thenerd.
    The camels are coming.
  • I've just come away from giving a presentation about web tracking.

    It's difficult to weigh up the benefits and disadvantages for the companies and the users - on the one hand companies can really improve their site (layout, usability, quality of information) based on that information. Being able to track people across multiple sites will be enable companies to really cater for those that are coming to their site.

    However, users, understandably, don't want every move of theirs tracked - presumably with the worry that they will in the end, be held accountable for that time they typed in www.pr0n4u.com.

    Balancing the wants of the company and of the individual is always difficult. In the end, is the individual willing to pay the price of less privacy for a 'better' (i.e. targetted to get the most visits/$$'s from you) browsing experience? Without these measures are unscrupulous people going to join your browsing records with your browsing information?

    This area is going to get very complex, legislative-wise, with products such as Novell's DigitalMe [digitalme.com] campaign to store user profiles 'for your convenience'. This is put forward as a great enabler, but in fact mostly, it is an enabler for companies to get information about you, or aggregate information about you and others, and helps you very little.

    With the introduction of the W3C's P3P [w3.org] platform, it will be easier for users to keep track of where their personal details are going, but this kind of collaborative tracking really is a bit difficult. Obviously, DoubleClick will have a privacy policy. When they change it in the case of legislation, will they chuck away your data?

    thenerd
    The camels are coming.

  • On the last "Geeks in Space" page, someone asked about the colors [slashdot.org], and I hazarded a guess [slashdot.org] that it was to distinguish the different Slashdot "sections".

    I also commented that black was not a good color to use, and I suggested orange, like "#bb4400". I was joking! I thought they should change it, but I didn't actually mean for them to use orange! Now I see this page in an orange/brown "#663300", which is pretty close to what I said. Actually, it turns out that "#bb4400" is not a "web color", the closest one looks worse, and "#663300" is the next one down, according to Apple's HTML color picker. If this is my fault, I'm sorry.

    Actually, on second thought, it doesn't look so bad. I even kind of like it, and I definitely think color-coding the sections like this is a good idea. However, I see that the "Geeks in Space" section is still in black, and the Slashdot logo images are still in the standard "#006666" Slashdot green. Especially here in YRO, I think the logos should be changed to match, since the brown and green look kind of painful together.


    David Gould

  • This may be out of character in light of my posting history on the subject of Slashdot registration (which, relevantly enough, you can look up if interested), but I don't mind Slashdot's posting-history. I figure everything I say on Slashdot is completely public; if I didn't want people to know what I think, I wouldn't post it in a public forum, or at least not under my own name. The users.pl page just collects all the comments into a handy location, which I find very useful for keeping track of replies to my comments, etc. I just wish it went further back, keeping links into the archived stories. If someone wants to keep track of what I say, he could just as well do it by scanning all the stories for my name.

    The reason I don't mind this is that it is not required. I choose to post under my real name because I consider what I say here to be public, and I choose what to say with that in mind. If I wanted to say something that I didn't want my name attached to, I'd post it anonymously (and, being paranoid, I'd probably log out and zap my cookie instead of just using this little "Post Anonymously" checkbox).

    I believe it's very important for people to be able to post anonymously if they so choose, for, among other, the same reasons that concern you, but I don't insist on doing so myself. I also am very much against the discrimination that people get when they do so: defaulting to a lower score is arguable, but insulting them by labelling them as "cowards" is unnecessarily confrontational and much of the hostility that is directed toward them is unwarranted -- a lot of people seem to think "anonymous posts" and "bad posts" are the same thing, when I see only (at best) a weak correlation.

    I am definitely bothered by the "to serve you better, we track you" thing that so many sites do, especially when they don't offer any special services that inherently depend on tracking, but just collect the data, presumably to improve their own operations through some sort of decision-support database, or else to sell it to other marketers. In the first case, that information is mine, dammit, and if they ask nicely, I might be willing to sell it to them, but they can't have it for free. Improving the overall quality of service that they can offer does not count as paying me. The second case is even worse -- they have no right to do that without my permission, which they will never get.

    About the NYT registration thing, I just never read any story of theirs, as a matter of policy, because the privilege of reading a story (and looking at an ad banner) is not something for which I'm willing to sell my information. I used "cypherpunks/cypherpunks" a couple of times (way back), but then I decided that I don't like that. I'm just not interested enough in anything they have to say to register, or to resort to trickery, which would be supporting them with the ad banner anyway.

    As for Slashdot posting links to the NYT, I don't have a problem with that -- people who don't mind it can use it, and people who feel as I do can decline to do so. There's no need for Slashdot to boycott them, even if some of us decide to do so. What I don't like is when it's the only link given for a story. I guess, sometimes at least, it's the only one available, but it's better when another link can be provided, like this time. Before long, someone usually finds the same story on another site and posts the link in a comment, anyway.


    David Gould
  • by jsm (5728)
    A few corrections:

    There is, of course, nothing wrong with a profit motive, ...

    Yes there is, if it's to the exclusion of all else. I think it's fair to blame many of the world's problems on the blind profit motive. It has corrupted government, news media, schools, our justice system, and other crucial elements of a free society. We'll be lucky if we can recover from it.

    with men like Al Gore still holding elected office, many people doubt that governments can understand the basic issues (technical and otherwise) required for passing reasonable laws.

    (Kind of a stretch to get political here. Any excuse to bash Democrats, Thrush?) Actually, Gore is ahead of the pack. He was more cognizant of Internet issues in 1992 than most politicians are today; he promoted it loudly and, FWIW, coined the term "information superhighway". Granted, he hasn't done much with it lately.

    Just so you know, Bush would be worse. Here's a great example of his political doublespeak from his hi-tech plan [georgewbush.com], regarding encryption export restrictions:

    "Second, we must allow American companies to sell products in the international marketplace when those products are readily available from their foreign competitors. That means easing export controls on computers and encryption products that can already be purchased on the open market. At the same time, as the use of encryption programs increases, American law enforcement must always have the resources to stay ahead of the criminal use of that technology."
    News flash to Bush: You can't have it both ways. This is ignorant doublespeak written by a well-paid political consultant. He's NOT on our side, if you watch him closely (which many people are happy to avoid doing). It's classic Bush-- he winks in every direction, so all sides say "HE'S our man!" But in truth, he's pro-business, because that's who gives him money. And in the matter at hand, pro-business means pro-data-profiling.

    But I do agree with you that a) less Internet regulation is better, and b) we may need some, unfortunately, if private industry keeps abusing personal data.

  • Yes, you can install ipchains on your Linux box if you are using kernel 2.2.x. If you using 2.0.x then you need ipfwadm and if you are using 2.3.x you need netfilter/iptables.
  • Now my fine feathered /.ers, I may have this completely wrong. The way I understand it is that these ad companies are using cookies to collect this information. Couldn't we just set our browser to manually accept cookies, and avoid this whole thing?
  • Somewhat unrelated, and not really an abuse, but last night I was called by MCI, who wanted me to switch long distance from AT&T. They knew I had an account with Blockbuster and offered me 4 free rentals with Blockbuster if I switched. I wonder what other info MCI has about me.
  • You've still got the analogy wrong.

    Bubblekick pays the stores so they can stand around in various places. The store decides where they are allowed to stand, but in the end it might be based on how much Bubblekick is willing to pay.

    The Bubblekick representative does indeed ask every customer that walks by if they would like to carry an ID badge. Most customers say yes. Some even just reach out and grab the badge without being asked.

    Now, this badge is basically nothing but a number. The other Bubblekick representatives have scanners that read the number and associate it with a location.

    So, does this sound particularly bad? Not really. If someone asked me if I wanted to carry a badge around the store then I'd probably just say no. However, if based on where I had been they held up signs telling me about other things I might want to look at... well, I'm not so sure... I might say yes.

    If I decide to dump that tracking information then all I have to do is throw the badge away. Suddenly the trail ends.

    Now, where the breach of privacy comes in is when Bubblekick, without asking me, associates that number with my real name. Suddenly I no longer have control of the trail. And that's bad.

    -Paul
  • Wow, I'm not going to touch any of those specific issues with a ten foot pole.

    However, isn't it nice that you have the freedom to draw your own boundaries between the different "I am's" and "I'm not's"?

    A little bit of censorship is very much the same as alot if you use your definition of little and my definition of alot. And that's really the point. All of these things are really grey issues and I'd rather not have someone else arbitrarily decide which is black and which is white. Especially when a particular issue really falls at both ends of the scale.

    When in doubt, I say opt for more freedom not less. We really need to start making people responsible for their own actions again. Freedom comes with responsibilities.

    Oh, and about the meat analogy, it just doesn't work. Meat != information. Bad meat can make you sick or kill you. Bad information is just useless at best or misleading at worst. Consumers of information have a responsibility to use that information appropriately. If we do not have the freedom to read whatever material we choose then we will end up being a bunch of sheep led around by whatever moral majority happens to be in power. No thank you.

    -Paul
  • Please don't post whining complaints when you could be out searching for an actual link -*gasp*- all by yourself.
  • I think netscape has officially hit the crack pot. 4.7 128 bit for linux is showing all the colors funny. check it out here

    No, I think this is just the new color to let you know that you are in the YRO section.

    Nice try, /., but this is fugly. Please try again.
  • Any excuse to bash Democrats, Thrush?

    Not my real name, BTW.

    I won't try to hide my right wing tendencies, but I honestly wasn't trying to pick on any one party. Al Gore is this nation's political Alpha Geek, and that is exactly my point. If Al can't get a clue, what about Strom "Bevis and Bunghole" Thurmond or Jesse Helms.

    Politicians only know what lobbyists tell them. I have one vote and no lobbyist. The companies who stand to lose the most will make sure they have the most lobbyists.

    The Internet is still the wild west, but - if I may mix metaphors - no one is warning the consumer that it is "surfer beware".
  • by A Big Gnu Thrush (12795) on Tuesday November 09, 1999 @05:45AM (#1549386)
    I wonder if, like the meat industry, we aren't really motivated by short term profit at any cost? Our privacy, our dignity as humans, anything for money.

    There is, of course, nothing wrong with a profit motive, but I think this last statement is a bit cynical.

    Most libertarian netizens have valid fears of government regulation. The Internet has done just fine without Congress passing any laws. The government often functions as a third party with interests and agendas separate from either the consumer or provider. Government regulation isn't always rational laws from a disinterested party, sometimes it is motiviated by greed and profit.

    In addition, with men like Al Gore still holding elected office, many people doubt that governments can understand the basic issues (technical and otherwise) required for passing reasonable laws.

    To use your analogy, the Internet is not meat packing, if it were, Bill Clinton would have all the answers. Still, innocent users are being misled. Some kind of protection is needed and the private sector is doing a miserable job of filling that role.
  • On a somewhat similar note, how exactly will this bill facilitate taking away individuals' domain names? As opposed to taking away domain names from businesses which make their money from cyber-squatting, for example. According to the NY Times article, the bill affects only those who buy domain names (which are registered trademarks or "popular names" (meaning what?)) only for the purpose of resale to others who might have an interest in such a domain.

    My opinion: I'm not sure I agree with the inclusion of "popular names" - that seems a little arbitrary - but squatting on registered trademarks solely for the purpose of scalping them to the trademark holders is probably a bad thing. Of course, intent is tough to prove as well, not to mention enforcement in foreign countries.

    My point is that /. describing this as a "bill to facilitate taking away individuals' domain names" is fairly inflammatory language, and I'd like to hear the basis for this claim.

    [ObOnTopic] Unrelated riders do suck - when was the last time an unrelated rider turned out to be a good thing, or even turned out to be a better thing than passing the rider legislation as its own bill?

  • I don't agree with the "popular names" clause, as I stated before. However, from your description it doesn't sound like the Newton situation would fall under the new law anyway. I'm not familiar with the background on this, but it sounds like newton.com wasn't held by Mr. Newton solely to squeeze a lot of money out of Apple computer. This case sounds like the same old "big corp. unleashes lawyers and dollars to grab by intimidation what they can't take by law" story. See veronica.org [veronica.org], ajax.org [ajax.org], etc. If newton.com wasn't a business with interests in the same arena as the trademark holder, then it should have been safe from Apple's actions.

    Of course things didn't work out that way. But the course of events in the newton.com situation would not have been altered by the proposed cyber-squatting bill. The real problems were:

    • NSI's trademark dispute resolution policy, which assumes that the accuser is correct and puts the burden of proof on the shoulders of the accused
    • The disparity between the financial and legal resources of your normal big business and the resources of a small domain owner
    • The legal system, which allows the disparity in resources to play a deciding role in many of these cases

    I'll be the first person to agree with you that the current legal situation involving domain name disputes favors big business considerably at the expense of the individual domain owner. I just want to see the real issues are being addressed, rather than the usual /. railing against everything the government does. Removing the popular names clause and adding some protection for the individual domain owner (loser pays legal costs in trademark disputes?) would be a welcome addition to this bill, but I don't see how prohibitions specifically against "cybersquatting with intent to resell to the registered trademark owner" can be used to take away an individual's personal domain, like newton.com, veronica.org, or ajax.org.

  • Cookies aren't the only issue. They can track the http referer header (not SUCH a bad thing as cookies) and other information about you from jsut connecting to them at all. Didn't anonymizer have a link somewhere on the page to show just how much information a website can gather from the client connecting?

    By the way..am I the only person showing slashdot colors funny right now?
    "We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
  • In addition, with men like Al Gore still holding elected office, many people doubt that governments can understand the basic issues (technical and
    otherwise) required for passing reasonable laws.


    I find this to be the scariest part of the whole issue. I don't WANT people who have no understanding of the internet to pass laws. Chances are they will screw things up and make it worse. You've seen how the government has already handled encryption and related export laws. People fear what they don't understand for the most part. Thus making laws to restrict what they don't understand makesi t more difficult for those of us who do get it

    I think netscape has officially hit the crack pot. 4.7 128 bit for linux is showing all the colors funny. check it out here [lusis.org]
    "We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
  • Well I'll be damned. You think I would have noticed this before now. heheheh
    "We hope you find fun and laughter in the new millenium" - Top half of fastfood gamepiece
  • by Kaa (21510)
    I find this to be the scariest part of the whole issue. I don't WANT people who have no understanding of the internet to pass laws. Chances are they will screw things up and make it worse.

    Completely agree. However, consider another scenario, at least as frightening, and probably more: passing of laws by people who DO understand the internet, but want it to look very different from what it is. The three-letter agencies are a prime example.

    Kaa
  • The first and only piece of commercial software I have purchased since 1992 was Intermute... http://www.intermute.com

    Its similar to Junkbuster, but is java based, easier to configure, and works on NT as well.

    --Mark

  • I agree, I've searched for the article elsewhere
    and couldn't find it.

    The NY Times login sucks!




  • Here are a few:
    194.237.107.11 (no,se,dk,es)
    193.128.61.168 (uk)
    195.154.216.201 (fr)
    212.172.60.10 (de)
    210.150.23.240 (jp)


    How do I use IP chains, is this a program I can install on my Linux box?

  • The issue of ads is a double edged sword. In theory, sites get revenue as a result of click throughs, but published numbers are hard to come by. As a result, I'm tempted to allow ads to be displayed, and I click through if something is interesting. My rational is that I'm supporting a site.

    However, there are a lot of bogus ads out there. For example, there is an ad cycling though /. for a vendor "giving away" an alpha linux system. Yet when you click to their site, no mention of it anywhere. Then there are ads like the incredably annoying "Punch the Monkey". There are a couple of sites which regularly have this ad running (Infoseek being one of them) which I no longer visit... at all.

    The end result of all this? I've been using WRQ's AtGuard [atguard.com] so I don't have to deal with ads, and in theory the privacy involving refers and cookies from sites which I don't want to give cookies to. Of course this doesn't help me on all systems I have access to, but it keeps a lid on my primary systems.

    Does this harm the revenue stream to sites that I wish to support because I no longer click through? Probably. How much? Who knows. Do I like the added privacy protection? Definately!

  • A side note: slashdot readers who like YRO stories should realize that we will posting an increasing number of them in the YRO section only - they won't ever appear on the main page of slashdot.org, but will be accessible via the Sections link on the left side of the page, and there's a YRO slashbox now, too, so you can see the headlines for YRO on the home page if you so desire (and are minimally competent at setting your user preferences).

    not only is this a long sentence, but i think it might have something to do with the colors

    perhaps they are using the colors to distinguish the different secitons?
    just a thought
    gimpboy
  • Riders should be outlawed, pure and simple.
    Sounds good to me, but how do you set an objective standard for what constitues a rider as opposed to a legitimate amendment?
  • I think the main reaction to Gov't regs is that regulation is a catch-all solution that tends to be heavy handed. That's where the meat-industry analogy falls apart.

    by comparing to the meat-industry, you assume that you are dealing with a certain demographic; meat-producers. But the net's so diverse. You have college students, kids playing games, minority groups sharing resources. when my grandfather had ALS, the net was one of the ways that he stayed in touch w/ the world, and other ppl w/ als. So, a solution that works for one group is most-likely out of touch w/ another group.

    I'm sure we all remember the imfamous Comm. Decency Act. On the cover, it sounds reasonable; get rid of the smut that pervades the net. The problem was, a) it amounted to censorship, contradicting one of gov't's other "regulations", and b) it went too far. Breast cancer discussions, homo-sexual group forums. All of this would have been banned, because it contained "sexual content".

    Westerners have a funny habit of condemning countries like Russia and China for "infringing on basic rights", and yet, they'll allow their own government to do so, in the name of "protecting democracy". Don't think that /.'ers are anarchists and want to "overthrow" the establishment. Bah. Some other fool'd just dupe everyone and start all over again. Rather, these "watchdogs" are just trying to make sure that our democracy doesn't just happen once every four years.

    Still pretty fly for a GwaiJai.

    I only take a drink on two occasions - when I'm thirsty and when I'm not.
  • However, users, understandably, don't want every move of theirs tracked - presumably with the worry that they will in the end, be held accountable for that time they typed in www.pr0n4u.com.

    No No No No NO No

    It has absolutely NOTHING to do with people finding out we go to porn sites. This is like saying "Your against illegal search and seziure, you must have something to hide."

    I don't go to p0rn sites. I'm recently married (in July) and haven't had the desire to view such material for the last 2 years. However, I don't want companies looking around at my web browsing patterns... why? It's none of their god damned bussiness how, when, why or where I browse the web.

    I have no problem with them tracking people who don't mind giving out personal information to companies that may or may not be ethical, but give me to option to not give out this info. It's that simple.

  • Look can we get one thing straight from the giddy up? Please complain about companies like doubleclick tracking you across their network. But let's just be specific about what is going on.
    They are not tracking you from the minute you open a browser untill you log out. They are only tracking you while you are going from one of their sites to another one. So unless they start advertising on sites that have illegal or morally questionable content (ok conventionally morally questionable) they are tracking you surfing habits
    and spending habits, if you buy things. They are going to send you banners based on these surfing and spending habits. Now that's not so great, but this has nothing to do with pr0n or mp3's or warez or whatever. This is not going to be used to convict you of anything. Now I don't want to be tracked, but I also know that someone needs to pay for all the content at some point (I know alot of you don't think so, but I find that too simplistic, I like the explosion of the web if only because in amoungst all the junk there is still a higher rate of interesting content, I also find it silly that you are all posting on a site that runs banners) If you are a lynx only guy then I'm sorry I don't really know what to tell you. I like the pretty pictures I guess.

    My personal oppinion is that there is going to have to be some kind of accord where the limits of what can be tracked are set, probably by a series of lawsuits. Probably spurred in part by the improper use of tracking information, and that we are going to have to comprimise on the use of traacking technology to really target ads. But until that time comes it is important to stay informed and remember that saying "I just don't want to be tracked" is not a convincing arguement it leads to being labled as a parnoiac, unjustly sure (i've been giving fake names and phone numbers at radio sack since forever) Be more informed if you don't like this kind of thing.
  • Dunno if you're still reading this, but I caught your sig. What's that supposed to be and should it be in Cyrillic?
    --The Curious Russian Enthusiast
  • SMERSH?
    smjert' shpionam. It just didn't look right to me. (Of course Cyrillic doesn't look right at all in the roman character set.)
  • Oh it isn't just me? Slashdot has really gone from all puke green to a medley of puke green, shit brown, and piss yellow? How charming. I wonder what this says about the demographics of Slashdot's. An inclination towards scatological humor perhaps, or fecalphilia? Yay. Sounds good to me.

    heh



  • by ucblockhead (63650) on Tuesday November 09, 1999 @07:01AM (#1549406) Homepage Journal
    I recently worked for a large retailer who also did a lot of catalog business, and they did (and certainly still do) quite a bit to collect info on their customers. I just figured I'd throw out some of the whys so that people could see it from their point of view. This isn't about anything online, but I'm sure that the same rules apply.

    They send out a huge number of catalogs every year, and those catalogs cost them a fair amount to produce. At least $1 a pop. So obviously it is in their best interest to only send catalogs to those who actually want them. And in a very real sense, if they were able to do this perfectly, it would be good for the consumer as well. No one would be bothered with junk mail they didn't want. In theory, it would be a win-win situation.

    But to go about this requires collecting a lot of data, some of it that would bother a privacy expert, and likely even a normal customer. For example, they want to track whether or not you go to the store after receiving a catalog. This tells them that, even though you didn't order through the catalog, it still brought you to the store and therefore wasn't a wasted mailing. Of course, to do this, they have to somehow get your address when you buy from the store.

    I was in the unfortunate position of doing some of the programming at the front end, and it bothered me because we quite literally were doing things behind our customer's backs. For instance, store personel would ask for a customer's zip-code "for marketting purposes". Now, I'm sure nearly everyone thinks this is for some sort of demographic info. It is not. Instead, they take the zip code, and your name, and use the combination to figure out your entire address. In other words, they say, "Aha, this credit card number belongs to the John Smith at zipcode 12345. Since there is only one, this means that he's the one that lives at 555, mockingbird lane. let's send him a catalog".

    We used check readers for similar purposes. Customers assume that their checks are being authorized. They are not. Instead, the bank account number is captured, and then sent to a nice little service that returns a name and address when given a bank account number.

    But again, this is all just to figure out who to send catalogs to. Which creates an interesting situation. The company ends up with all this data on you, your name, credit card number, bank account. Data that I'm sure makes everyone here a little (or a lot) queasy to see in someone's hands. Yet it isn't captured for any real nefarious purpose. It is, at least in theory, captured to help you, at least from the company's point of view.

    This is why companies can act so schizophrenic about privacy. They truly do what they do to help "serve you better". Unfortunately, the end result is not necessarily in your best interest.

    I completely understand the whole situation at "Real". I'm sure that the people who invaded the privacy of all of their users truly believed that they were doing what they were doing to help serve their customers better. That is what makes the corporate invasion of privacy so insidious. The people who do it don't think they are doing anything to hurt anyone. And they really aren't, in their own little world. But the net effect of a thousand companies "better serving" their customers is a complete and utter destruction of any notion of privacy.
  • cypherpunks is gone, but slashdoted/slashdot works. Remember to nuke your cookie after doing your reading.
    --
    Advertisers: If you attach cookies to your banner ads,
  • (Drat, page won't reload right now - can't see if this has been posted already. I hate being redundant.)
    --
    Advertisers: If you attach cookies to your banner ads,
  • My point is that /. describing this as a "bill to facilitate taking away individuals' domain names" is fairly inflammatory language, and I'd like to hear the basis for this claim.
    Remember the guy, name of Newton, who did business on a web site under his own surname? Then Apple decided their hand-held was going to be called the Newton, and pushed NSI to take the domain name away from the little guy. I believe he went to court to try to stop it. Of course, Apple had a lot more money than he did.

    Want to guess where newton.com [newton.com] points to now? Click on it and weep. Note, this is *after* the demise of the Newton.

    The "trademarks and popular names" clause is just going to mean that small businesses, who do not have the exposure to justify going to the PTO to register names, are going to be shoved out of cyberspace by the big guys. And that's just wrong. This cybersquatting bill needs to have a safe-harbor clause for "natives" like Newton, and hefty statutory damages for name-grabs like Apple's. Without that, it should be scrapped.
    --
    Advertisers: If you attach cookies to your banner ads,

  • I'm not disagreeing with anything you said; I know that treading too close to a trademark with intent to mislead is infringement. However, two entities can trademark (or incorporate under) the same name/phrase if they are in different areas of business, or different geographical zones (the latter being irrelevant on the Internet, I know). My point is, strengthening the hand of trademark owners allows them to grab names already being used by others in non-infringing ways -- and this was already a problem before this legislation. Done wrong (and I expect it to be done wrong, because it's in the interest of the big-money lobbies to do it that way) the little guy gets screwed even more.
    --
    Advertisers: If you attach cookies to your banner ads,
  • Here is an example of what this can mean. It seems that until recently Slashdot used Focalink to serve some of their ads. Focalink is also used by Dejanews. Slashdot requries your email address to register, and they use that to send your password, probably to ensure that you give them correct info. Your email account can be easily matched to your name, and probably also to your real address. (Check the email white pages such as the Lycos people search to see if you're listed.)


    What this means is that if Slashdot were to cooporate with Focalink, your name can now be matched to all your Dejanews searches. Focallink is also used by at least a few search engines. etc. etc.

    Think about it, all the times you searched for porn, info on specific medical conditions, or anything else...no matter where you searched, it could have all, at least in theory, been recorded, and could be matched to your name and address.

    ps. Slashdot would have to confirm if they used focallink, but once when I erased all my cookies and accessed slashdot, a focalink cookie appeared in my Cookies directory, so I'm assuming that they did.

  • I found this on the Wired News site - gives some more information on the subject: Your Rights Online: FTC Petitioned on Data Profiling [wired.com]
  • It's difficult though isn't it - you go into a shop - is it the business of that shop to find out what you buy? Is it their business which route you take around it? Is it their business if they can change their shop by looking at how people go around shops in general?

    That's a very good analogy, and I think to extend it to the online world, imagine that when you went into any shop, there was a representative from "Bubblekick" who snapped a little GPS-like transciever onto your belt which would send signals to the special "Bubblekick" receiver in this store and recorded how you walked around the store and what products you picked up and looked at.

    BUT, you don't get asked if you want to wear the transciever, it simply gets strapped onto you *unless* you go through some kind of annoying processes to let them know you DON'T want it.

    Worse yet, it seems that more and more, that "Bubblekick" rep is in EVERY store you go in and now you have to tell the guy for EVERY store you walk into that you don't want to have their stupid little adapter stuck to you if you don't already have one on your belt.

    And then, as if that weren't bad enough, you find out that, even though your favorite store has this "Bubblekick" guy standing by the front door ready to track your movements, your store owner doesn't directly get that data at all - it all gets downloaded directly to "Bubblekick" HQ along with all the "Bubblekick" data from every other store (which includes the "Global ID" for your particular "Bubblekick" box) - and the owner of your favorite store has to request to have the data for his/her store sent back so they can make some use of it.

    Meanwhile, the "Bubblekick" guys have all the data you have collected for them for EVERY store you've been into and are busy trying to sell it to stores like that place down the street that you don't like because the guy behind the counter is a jerk. So even though you won't give him your business, he's getting a benefit from your own shopping experience, and "Bubblekick" is making a profit from incliuding your shopping experience in the profiles they are selling - all without your permission.

    It sounds a lot worse if you take your analogy and translate it into Real Life... People just don't see the invasiveness when it's all done digitally.

    Maybe you'd like their shop more if they did look and acted upon it.

    It would be more acceptible (and these all semm plainly obvious if you look at them in context of "Real Life" shopping) if:

    A) *NOT* having that transceiver strapped onto me was the "default action" taken by the "Bubblekick" representative,

    B) I could say that only my favorite store received the data gathered by my browsing there - and that means "Bubblekick" DOES NOT get even a single bit of the data collected at that store- because yes, having a good personal relationship with little "Mom-n-Pop" type stores is a good thing in this world of Megamarts and Supermalls,

    C) I had some kind of recourse to tell the "Bubblekick" guy, "You know, I've been thinking, I don't like that you have my shopping experiences recorded. Delete anything related to my profile. Here's the number on that little box, which you have fortunately made very easy for me to find so I can easily have you delete all my profile information."

    It's just a shame that it looks like we have to resort to legislation to enforce what in "Real Life" would be simple courtesy, simply because companies think (or know) they can get away with a lot more when it's all just happening over the wire.

    -=-=-=-=-

  • by Mark F. Komarinski (97174) on Tuesday November 09, 1999 @05:48AM (#1549414) Homepage
    This got me thinking about just blocking anything from doubleclick. Here's my ipchains-save:

    -A output -s 0.0.0.0/0.0.0.0 -d 208.211.225.89/255.255.255.255 -j REJECT
    -A output -s 0.0.0.0/0.0.0.0 -d 199.95.207.0/255.255.255.0 -j REJECT
    -A output -s 0.0.0.0/0.0.0.0 -d 199.95.208.0/255.255.255.0 -j REJECT
    -A output -s 0.0.0.0/0.0.0.0 -d 204.253.104.80/255.255.255.255 -j REJECT


    Use 'em, abuse 'em, let me know if there's more IPs.

    ipchains-restore (file with above text)
  • P3P is a great idea, and I'm all in favour of it.

    OTOH, P3P is not a solution to this type of tracking, nor will it ever be. What P3P does is usually misunderstood, even by the nerderati, so please let me point out something significant.

    P3P is a protocol for a site to tell a browser what the privacy policy of the site is. Note the direction the information flows in -- only one way. There's no scope in P3P for your browser to be configured to suppress privacy information, nor for it to request a site to not log particular information. The best a full P3P implementation could achieve, even assuming full and honest cooperation of the site operator, is for it to connect to a site and then disable access to the pages with a "Lets not go there" message.

    I might still wish to shop at Badgers 'R Us, even though they have a loathsome default logging policy, but only providing they want my business enough to turn logs off on request. Click trails are very low value individually - sites can't afford to lose real trade in favour of them, so we do have the economic advantage here.

    P3P can only tell me not to go in, it can't allow me to still shop there without leaving the log trail behind. What we need is a negotiated mechanism for a privacy / logging compromise -- if somewhere like Skylighter (a pyrotechnics vendor) wants to bar users from the shop unless there's reasonable logging in effect, then that's fair and reasonable. OTOH, if World Of Fish request logs, then my browser should tell them to get stuffed and they should either accept this, or lose my business to Piece O' Pike a few blocks down.

    A major failing of the UK DPA (Data Protection Act) is that it's too much like P3P. It's good at telling you who has your data, but it's bad at controlling them getting it in the first place. You can't re-bottle the genie.

  • Personally, I don't object to cookies that aren't maintained over a certain period of time. If I'm shopping at bn.com, for example, I understand that a cookie would be useful. I object to cookies that have an expiration date that is longer that, say, tonight at midnight. However, I realize that there are some ways to profile a user that don't require my computer to do anything (store a cookie, send a referer header). My machine has an IP address, and it doesn't change ever. Even in cases where multiple people use the same IP address, this does fairly well (a network lab in a school -> all everyone in same school -> similar interests). Even in AOL's case, I would think that same IP -> same location -> quasi-similar interests. Of course, my guess is not so many people would object to profiling 'all the users coming from University of Southern Elbonia,' as that's conglomerated data. However, in many cases, this method (IP addresses) works perfectly, and in all cases (well, done properly) this is undetectable.
  • it isn't just about running tons of layers of protection and firewalls. No point in that when those idiot companies can simply quit violating our privacy rights.

    And now we ask for net-connected fridge and toasters? Same problem is gonna happen, with stupid companies gathering your eating habits and grocery list.
  • There's nothing wrong with posting a link to NY Times just 'cause you don't like 'em dumb ass. Slashdot doesn't exist to serve you exclusively.
  • Yeah, I agree, that a thousand companies "better serving" their customers net effect is a destruction of privacy.

    This is why it is so difficult to get some companies to realise that sometimes privacy is more important than service. Some companies fall back on the argument that "we only collect this info to better serve the customer", instead of figuring out some way of serving the customer that doesn't involve tracking them for years. As someone else once mentioned, there is no concept of forgiveness in most computer systems. In some cases, there's no such thing as forgiveness on the net. Cantor (sp?) and Siegel's Green Card Lottery messages will probably never be forgotten entirely, even after the law firm folds up.

    Even those companies that offer to stop tracking someone who requests it, tend to request much more information about the person than is strictly necessary to stop tracking. Try to get off one of Microsoft's mailing lists. I think it's gotten easier than it was, but the original required a large number of forms to be filled out before you ever got to the "stop sending me email" checkbox.

    I know I've said this before, but sometimes I think it just doesn't sink in...

    If you work for a company that sends email to a big list of addresses, and someone asks to be removed from your emailing lists, please don't ask them for physical address as well. The only data you need to have, in order to remove an email address from a list, is that email address.
  • Right, insults will work.

    Seriously, why is it a bad thing for someone to mention that they don't like the NY Times registration requirements? Especially on a Your-rights-online posting involving profiling based on computer-based tracking? When you register for the NYT, you allow tracking, whether or not you agree with it.

    This is another case of "to serve you better, we track you". Whether it's good or bad, legal or illegal, I still don't want them to do it.

    In fact, I'm not even in favor of Slashdot's registration requirements. I was in the midst of doing a book review for slashdot when they implemented the "track what person 'X' has said for the past few weeks" feature, and stopped doing the review. A lot of what Slashdot does to serve me better, removes some of the privacy I might otherwise have had.

    Welcome to the brave new world ;-)
  • Isn't it lovely when the goverment actually works in accordance with the constitution rather than against it.
  • "I have never ever heard of one case of misuse of collected consumer information. Ad companies could care less about that, that's like selling porno to kids, it's not ethical AND there's no money in it." There are several companies whose sole business is to sell addresses and phone numbers of consumers. How far do you have to stretch your imagination to see the worth of a list of people with a known interest. The concern here, I think is that this data is indeed valuable, and *WILL* be sold. There are benign uses like selling this data to companies who will be nice and give you discounts, but there are also malignant uses like selling this information to private investigation services or to companies or organizations with questionable agendas.
  • I haven't seen the proposed legislation or anything - but the proposed "anti-cybersquatting" bit seems to just be a codification of present US law dealing with trademarks, copyright and domain names and the US Federal Trademark Dilution Act 1996 and the Lanham Act.

    The current law is designed to protect famous or well known domain names from 'cybersqatters' who purchase the site merely to extort from the big companies (see the Toppen cases) or for the purpose of ridiculing the company (see the micros0ft.com case) whilst attempting to keep the first-come first-served nature of the system alive for 'legitimate claims'.

    Putting aside for the moment the justice of this - problems arise as big companies intimidate small companies who got in first and have 'legitimate claims'

    For the current law - see Cyber-squatters - Examples of Abuse of Domain Names

    A. Trafficing in Names
    eg. windows95.com and McDonalds.com

    UK: British Telecommunications plc, Virgin Enterprises Ltd, Sainsbury plc, Ladbroke Group plc, Marks & Spencer plc v One in a Million Ltd & Others, Court of Appeal, 23 July
    1998.
    US: Intermatic Inc v Dennis Toepppen No 96 C 1982 ND 1II (3 October 1996)
    US: Panavision International v Toeppen 40 USPQ 2d 1908 (CD Cal 1996) (21 November 1996)
    (http://www.jmls.edu/cyber/cases/panavis.html))

    B. Exploit the Goodwill of the Name
    eg. Tuebner.com (trademark owner: Teubner & Associates)and www.whitehouse.com (pornography)

    US: Hasbro Inc v Internet Entertainment Group Inc Case C96 130 WD
    US: Planned Parenthood v Bucci 1997 US Dist Lexis 3338, 1997 WL 133313
    US: Cardservice International Inc v Webster R McGee (unreported, US District Court of Virginia, Calvitt J, 16 January 1997)

    domain names present a unique circumstance in determining trade mark infringement over the Internet, as customers were likely to assume that 'cardservices.com' belonged to Cardserice International and even when they realised it was not Cardserice International they were still likely to take adavantage of M's services

    US: Maritz Inc v Cybergold 1996 US Dist Lexis 14977 29 August 1996

    ---

  • I agree with you entirely.

    Up until now, except for the fact that big companies have been able to threaten little companies into handing over domains, when these cases have actually come to court, domains wouldn't be handed over unless there was a good reason (according to the court) - using them to extort money, ridiculing brands or if the domains are really famous (ie. McDonalds, Panavision etc - I know this isn't fair but since when did fairness have anything to do with the law ;) )

    This is compounded by jurisdictional problems - If I am in Australia for example (which I am) what if I register xyz.com which is famous in Australia but not in the US (who have a famous xyz company of their own).

    Should the US company get it? Should it depend on who registers the trademark first (note the US and Australia have reciprocal trademark agreemets)? should the fact that a xyz.com.au domain is available effect the argument (as xyz.com is more lucrative - especially if xyz Australia is an international company)? etc.

    These are hard questions, but at present, the Courts (notably the US, UK and Australian Courts) have delt relatively sensibly with these issues - As you suggest legislators just blundering in without looking at all the issues (especially with tacked-on legislation such as this) can only create problems and, as you say, will probably benifit big businesses over small.


    ---

All life evolves by the differential survival of replicating entities. -- Dawkins

Working...