Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

TRUSTe Caught in Privacy SNAFU 8

ptbrown writes:\w"An investigation by Interhack revealed cookies, Web bugs, and other methods that were tracking visitors to TRUSTe's Web site in violation of their own privacy standards. TRUSTe's David Steer said the tracking was done by thecounter.com, part of Internet.com. After being contacted by a reporter on Thursday, the tracking code was removed. "If we find that Internet.com is fraudulently breaking this agreement, then we're going to come down hard on them...&quot says Steer. Original AP story" Somehow I'm not surprised. Although honestly TrustE's sin here - tracking users with temporary cookies rather than long-lived ones - does not seem especially bad. But TrustE's whole point is that sites should tell users what they're doing, and even TrustE can't do it correctly.
This discussion has been archived. No new comments can be posted.

TRUSTe Caught in Privacy SNAFU

Comments Filter:
  • by gorilla ( 36491 ) on Friday August 25, 2000 @02:56AM (#828278)
    I was going to say this will make confidence in eTrust even lower, but then I realised that's not possible. There isn't anything lower than 0.

    If you want a real organization looking after our privacy, then EPIC [epic.org] is the one to look at.

  • Sure you can trust TRUSTe. They can be trusted to sell every scrap of info they have on you, they can be trusted to ignore what the consumer want. They can be trusted. just not on anything that would actually make a difference.

    //rdj
  • by Masem ( 1171 ) on Friday August 25, 2000 @03:31AM (#828280)
    I don't argue that ecommerce sites want to collect data, though what kind of data that they collect is questionable. But I do see advantages of directed advertizing, so tracking users to some extent is not that unethical. However, it's too easy to fall into hole of collecting every last bit of data then selling it.

    So, the easy solution to ensure user privacy is this: Require all sites use opt-in methods as opposed to opt-out methods. Failure to do so will encure stiff fines. Make sure the user knows exactly what actions (which need to be explicit actions such as filling in a form as opposed to just clicking on a link) will opt them into the system.

    Not only would this help with privacy on online sites, it would make spamming illegal unless the person requested it. Maintaining a user state across the site even if they don't opt in can still be done using session IDs as opposed to cookies but most are too lazy to use that.

    Of course, it would be nice that if at this time, all databases that were collected by ecommerce were forced to be erased prior to the start of this requirement such that everyone had their clean slate, but that ain't going to happen.

    (But with our DMCA-passing friends in Congress, this will never happen).

  • Well, not to be a math nazi, but you can go lower than zero, you just can't go smaller than zero.
  • Boy, was that article an exercise in finger-pointing! TrustE says, "Harumph! That is completely contrary to what we do here, and we're going to get the Bad Guys! It's all our web-traffic company's fault!" And that company of course says, "Harumph! That is completely contrary to what we do here, and we're going to get the Bad Guys! It's all thecounter.com's fault!" I guess when they find the two guys who run thecounter.com they'll say "Harumph! No, not us! We hired this high-school kid to do some coding for us for just one afternoon and he did all this..." Way to go on taking responsibility, guys.

    Honestly, how could this have gone unnoticed??

  • Well, well. TRUSTe is at it again. How many times do they have to behave immorally, unethically, or just simply irresponsibly before companies stop touting "TRUSTe certified!!!" Apparently too damned many times.

    This is the same company that said, "oh, sure they're violating their own policies, but um...we can't do anything about that. We only check to see if companies are violating their own policies and, um....can we get back to you on that?"

    They're sleazy, irresponsible, and incompetent.

    I hope everyone else is doing the same as me--Every time I see a company asking for registration or some sort of personal information, and I see that TRUSTe cockroach on the web page, I send them a polite email saying that I don't do any business (shopping or anything else) with a company that uses TRUSTe.

  • Yup, TrustE is going to come down hard on another privacy violator. Yup, there going to issue a press release explaining why there was really no violation of trust, how any violation of trust was outside of their license agreement, and how it is very important to let the violator go so they will be encouraged to correct and improve their privacy practices.

    TrustE is an organization that protects those companies that dimish our privacy. Check out EPIC instead.

  • For a defender of consumer privacy, I'm going to risk my neck and suggest that all this cookie paranoia is missing the mark. The Web developers for the WhiteHouse Office on Drug Control made a poor decision to employ Doubleclick, using cookies that did not benefit the Web surfer and did nothing but generate distrust and suspicion. ToysRUs.Com, Lucy.Com, et.al. simply goofed by not declaring that they were out-sourcing what Amazon does so well in house. The fact that Coremetrics is a third-party should have been considered in their privacy statement, but the fact that it wasn't is not because ToyRUs.Com was trying to pull a fast one.

    I publish a privacy information site. I installed some affiliate code that include some 1x1 GIFs. I thought I'd checked them for cookies...even highlighted them with a border to illustrate the concept to my audience. I was shocked to discover that they had started serving cookies. So I yanked them. Was I guilty of anything other than carelessness. Did I scar my privacy-conscious audience. I certainly hope not, because cookies aren't virii. They aren't little demons that get inside your circuits. They were simple impression trackers, but I removed them out of principle since they offered no advantage to the visitor.

    The point is that we needn't go around fearing crap like this. There are much more important privacy issues pending. Users have, and are gaining, greater control all the time. All it takes is education, not fomenting irrational fears about an innocuous and easily defeated cookie. (Believe it or not, many people who are aware of cookies value them, and actually try to preserve them by including them in their backup routines.)

    The whole industry is trying to come to grips with these technologies, as are the consumers themselves. Readers of Slashdot are light years beyond where the bulk of the 'Net population is in terms of knowledge and understanding. I think we shouldn't be contributing to the hysteria.

    More of my views if you care to read [themestream.com]

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...