Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Opt-in vs. Opt-out 83

Sarcasmo writes: "The Internet Law Journal has a very in-depth piece on the issue of opt-in vs. opt-out that takes on the good and the bad from both sides. How the current situation will (or will not) be handled, will depend on what conclusion lawmakers come to on this core debate. An opt-in requirement is TILJ's conclusion. What's yours?" This is a good, well-reasoned analysis - exactly the type of analysis that holds no weight in legislatures.
This discussion has been archived. No new comments can be posted.

Opt-in vs. Opt-out

Comments Filter:
  • Obviously you are not involved in the administration of real mail servers. It's only a few seconds to you as the end user. But it's a lot of traffic for the ISPs which have to pay per MB.

    Sebastian
  • .. it is opt OUT. I always get email that says if you don't want to recieve this ..blah blah blah.. then opt out... personally I just set up mail filters on my system and most of the spam gets set to spam filtered where if I do not recgonize the senders address it is deleted... I think this is an incredible waste of a mail system. personally if I owned a mail server I'd consider sewing spammers for clogging my mail system.. I wonder if you can do that???

    I'd prefer for opt in, rather than opt out though.. I hate people scanning the net for email address.. email spiders should be outlawed.. I am not puting my email address somewhere so someone can arbitrairily use it to spam me... nor should I have to register at a site and give them my email address so that they can sell it to spammers... what about my rights on the net??? The right NOT to recieve unsolicited email.. .. I guess it is like telephone soliciters ..

    My favorite thing to do is when a telephone soliciter calls and says is Mr or Mrs home? I know that that they are soliciters right away so I start to screw with them.. here are some of my answers...

    No can I have them call you back?

    No they died yesterday in a freak game show accident.. you know that lady from the 'eakest link' scared them to death...

    Oh is this about the pizza I just ordered? I want onions and peppers too on that...

    Or I start telling them all my problems... and most of them I make up.

    I wish I could do that to spamers, the problems is that most spamers don't have a valid return address... in which case my filters eat that up and spit it to the trash bin........

    I don't want a lot, I just want it all!
    Flame away, I have a hose!

  • I live in a forth-floor walk-up. All that postal junk mail gets walked up, and then walked back down for mandatory recycling. Even the post office is taking a loss on much of it, the bulkier part that travels at subsidized magazine rate that costs me more to send letters. The city loses money in recycling.

    The core problem is that commercial interests are allowed to maintain address lists and profiles of people who never opted in to them. This is a vast intrusion on privacy, and also allows the government to tap into privately-compiled (and often error-strewn) databases that go beyond what the government itself can legally keep.

    There should be both opt-in and opt-out, with opt-out required on all correspondence generated to compiled lists of citizens, whether physical or electronic, and means provide where the citizen can respond in whatever way is easiest - mail, e-mail, a Website, a phone call - and be able to opt out not just of receiving more communications, but of being included in the database from which the addressing of the communication was generated.

    The only exception would be for credit agencies, which would be prevented from sharing citizen information for any marketing purpose except if the citizen has specifically opted in (say, for the purpose of receiving credit card offers).

  • by Tackhead ( 54550 ) on Sunday April 22, 2001 @04:31AM (#274384)
    Just a friendly public service reminder for those of you in the USA:

    When your bank or brokerage sends you a copy of its privacy policy, full of ambiguous language, and saying "Since we protect your privacy, there's no need for you to opt out of our information sharing among our family of companies", do two things:

    1) Opt-out. Yes, it means writing a letter and putting a stamp on it. Deal with it.

    2) In your letter, mention that you're opting-out because it's your only option available under the law, but that you're doing so under protest - and that you consider anything less than opt-in a violation of your privacy rights. Congratulate the bank on coming up with a wording ("information sharing") that sounds so harmless that most consumers are unlikely to realize what it really means.

    3) Print out a second copy and send it to your Representative and Senator. Use proper "Cc:" snail-mail etiquette -- you want your bank to know you're telling your Congresscritter, and you want your Congresscritter to know that your bank knows.

    Thank the critter (especially if he or she voted for it) for the new privacy law that's forced banks to do this very small ("opt-out") notification. Tell them that you realize the bank (or more accurately, the DMA, on request of its members) to use a low response rate to this "you have an opportunity to opt-out" mailing campaign as "evidence" that the consumers really do like to eat their spam, "or they'd opt-out, but since 0.00001% actually bothered to opt-out, the other 99.99999% must like receiving special offers through the mail and telephone and email!".

    Tell your congresscritters that silence does not imply assent.

    You know the argument's bogus. But the DMA, with millions of dollars in lobby funds, is gonna try to make it. And they'll succeed, unless you - yes, you there, behind the keyboard - get off your ass and do something.

    Silence does not imply assent. But the DMA is going to try very hard to convince your congresscritter that it does.

    The logical response is to deny the DMA the silence it needs to pull off the scam.

  • Everybody knows that even reputable vendors won't really honor opt-out requests. Sure, they'll try, but they'll soon buy another list from someone else who didn't get the opt-out... or any one of dozens of lame excuses.

    The only way opt-out will ever work is if there's a relatively easy way to make a complaint and collect a couple hundred dollars (a sum large enough that many people will file complaints).

    At least the DMA has to fight this opt-in vs opt-out battle. When they win with opt-out, then the battle will be for no meaningful consequences for not honoring the opt-out request effectively.

  • Many posters are confusing this issue of personal information with email. This is not just about email. It's about your credit rating and history, your medical records, tax records, police records.

    That's right. In fact, although the authors come out in favour of an opt-in requirement for information sharing, they are also in favour of spam. [slashdot.org]

  • Anyone who think that opt-in is sufficient, clearly hasn't been on the wrong end of a spammer's ire.

    For instance. Somebody went to JackPot.Com and signed me up for all of their mailing lists. Within minutes JackPot.Com had sent my email address to a dozen different companies. When I complained, they promptly took my name off of my list (or as they put it, they "canceled my subscription", which of course assumes that I had subscribed in the first place.) But taking my name off of their list did *not* take my name off of any other list. Their partner's in this are still happily sending me email. Nobody told *them* to take me off *their* lists.

    Or checkout all the email somewhere.com gets [spamwatcher.com]. When I spend time tracking down some offenders, I often find it's an "opt-in" mailing list that either isn't checking for bounces, or not being particularly good about cleaning the list from the bounce info they get.

    The problems with spam go far beyond deleting a "few" messages from your inbox. A far larger problem is all the bounces and network traffic it creates. Not to mention stolen resources on relay machines (if the spammers ever start using tools to break into machines and install relays...), and the hundreds of people (yes, some ISPs really have to hire that many people) to deal with the abuse complaints.

    Opt-in alone is not viable. You *must* have positive confirmation from the email owner before you can use their email address or any other information about it for anything other than that initial confirmation. No response? Delete the information.

    And I would go one step further. You must confirm, at least once a year, that the person still wants an account. You can give that one a longer time before deleting the account (they might be on vacation, for instance), but you have to check. You need to do this, if for no other reason, because of address churn. People leave ISPs, they leave companies. New people come. They inherit and old email address. But that email address is still getting lots of old mailing list information. They have no clue how to get off, they probably aren't even given enough information to figure out how to get off.

  • That's great and all, but what do you do when you pick up your phone and you hear "Please hold for this very important message..." or even worse "Please call this number on Monday morning for a very important announcement" and it turns out to be some prerecorded announcement on a 1-800 number.

    Then what do you do? I'd love to know.. because at least when a person phonespams you, you can say "Take me off your list" and/or squeak information out of them but when it's just a random almost wardialed attempt to get you to call their 1-800 number, what do you do?

    Tracking down 1-800 numbers can sometimes be a pain and when you find out that the company that owns the number is based overseas.. well, good luck collecting your $500 from them. :(
  • You can add a secondary mailing address to your credit card. When the address is checked, it can be checked against that address as well as your billing address. It makes things easier to mail to work with and get around the problem of not sending everything home.
  • As the subject reads, and here some guidelines I would like to see within this law:

    1) The default for any sign-up, whether electronic or hardcopy, is that the option is not to have their information distributed.
    2) The only information that can be cataloged would be names, addresses, emails and nothing else.
    3) Once it is specified that a person no longer wants to be on a certain mailing list, that person must be removed and never mailed again unless that person so requests.

    That is all I can think of. Feel free to add suggestions.

    Ciao.

    nahtanoj

  • on the profits they make from my personal information?

  • Someone mod the parent up, it's the most insightful post in the thread.

    I run a lot of domains, and I keep rollover boxes active on all of them. I'm simply amazed at the number of seemingly legitimate companies who are perfectly willing to take any email address you give them, add it to their mailing list, and start flooding the inbox. What's worse, many of these mailing lists require that you reply with "UNSUBSCRIBE" (ala majordomo, listserv) in order to be removed - and because the addresses they're spamming don't even exist, it's impossible for me to remove them from the lists.

    For example, I own shat.net. There's no such email address as "niva@shat.net," but I get tens of messages a week which are sent to that address. Until or unless I actually take the time to create a POP3 account named niva, I will have absolutely no way to remove myself from these mailings.

    On the bright side, I've compiled a list of some of the most intrusive, high-volume mailers. Anytime someone spams me from a valid address (::cough:: TrafficMagnet ::cough::) I turn around and sign them up for some email.

    Opt-in is NOT ENOUGH, it leaves the door wide open for typos or intentional use of someone else's email address. Any company who wants to send legitimate mass mailings needs to use a double-opt-in system, where the user not only subscribes to the list, but must also confirm the subscription.

    Shaun
  • You're absolutely right, current procedures fully cover the entire issue. Additionally, and this is nothing unusual, my credit card company calls me if there is any question (such as an unusually large purchase), PRIOR to processing the charge. So far I haven't had anyone attempt fraud on my card number and all charges have indeed been my own, but at least my credit card company is awake. :)

  • "The same almost applies to snail-mail... contrary to what some would have you believe, throwing paper in a bucket ain't that hard; people do it every day!"

    ... which is worse.

    Why let these people waste finite natural resources sending us paper junk we'll only throw away, because we don't want it?

    Plus - stuff from credit card companies *might* have personal info inside, which can be used by people willing to sift trough your rubbish [is this too paranoid?]. One can check, of course, but it's time-consuming.

    snail-mail junk and e-mail junk are similarly invasive. *All* marketing should be opt-in.
  • Once again, our worst suspicions are confirmed. These "businesses" want to make sure they send mail and email to people who do not want their junk. And why not? Junk mail and spam enrich the USPS and "businesses' whose sole product is a list of mail and/or email addresses and other data. These are the people who are currently lobbying against "opt-in."

  • Earthlink did so, and won a civil court judgment of TWO MILLION DOLLARS (the full story is somewhere on their corporate website). Of course they'll never collect a cent of it, but it does give them the legal right to set a collection agency on the spammer, who will make his life hell.
  • While on the whole I think TILJ makes a good argument against the DMA's claims, it looks like they made one big goof:

    D. "Opt-in" reduces the amount of competition in the market
    [...]
    A new entrant, though forced to beseech consumers for information-permission, could do so inexpensively through mass e-mailing.

    Am I misreading that, or did they just say "it's okay to spam people to tell them about opt-in"? Didn't someone just win a lawsuit [slashdot.org] on exactly such (or at least very similar) spam?

    --
    BACKNEXTFINISHCANCEL

  • We do have a philosophical problem with selling our customer list. Paul and I, particularly Paul, do not like receiving unsolicited advertising of any type. Selling our customer list would be terribly hypocritical. Thank you for bringing up a good point. Perhaps it is time we do add a privacy policy to our web site.
  • this post got though, but when there was a discussion a while back about really cool programs, and I posted the program in the shape of a circle that compute Pi (from the International Obfuscated C Code Contest), it got whacked by the lameness filter. Grrrr.....
  • historically I have shared information with just about anyone who asked.
    Credit card numbers excluded (of course)

    More recently I have started to get bills in the mail for publications I never ordered.
    I don't know where this is coming from but it seems the source has my "spam" e-mail address.
    (This is the address I use when asked for no reason.. such as when downloading the latest version of Real Player)
    They also have my real name (I'm fairly open about this... Hi I'm Jeffery "Felinoid" McLean) and my postal address.

    My shopping habits are at best erratic if non-existent.
    I'm one of those idiots who will buy soda at a 7-11 because it costs less than McDonald's.
    Then buy the rest of my meal at McDonald's.

    My shopping habits make no sense at all.

    Here is something that can happen.. at least with me...

    Say I've been buying junk on e-bay all month.
    Now some idiot gets my credit card number and buys a computer.
    I reject the charges.
    I look up same computer.
    I buy it for myself...

    See the problem?
    My buying habits show I buy exclusively on e-bay.
    Also someone has tried to buy the exact computer with my card before.

    I'm baka some times.

    But wouldn't you reject my order?

    I like matching name and address to delivery name and address...
    That is the only consistency for me.

    And yes to spite my insane shopping I keep track of it all.
  • by sqlrob ( 173498 ) on Sunday April 22, 2001 @04:42AM (#274401)
    Now I get regular calls from companies associated with this marketing firm on my cell phone. This in spite of the fact that I have twice demanded that they remove all references to me from their database. We've now sent them a registered letter demanding they do so.

    KACHING!
    They owe you $500/call. It is illegal to telemarket cell phones. See Junkbusters [junkbusters.com]

  • I know this is a troll, but I feel like being argumentative
    What do you mean it doesn't cost anything other than a few seconds?!?!?
    How bout it probably costs a dollar or so of the price you pay for net access??!?! You think servers and bandwidth just grow on trees and don't cost an ISP time and money to maintain?
    What about lost revenues when some spammer piece of shit floods a server and crashes it? What then, genius?!?! What about the time and effort that I could have spent jerking off to goatse.cx when, instead, I'm stuck sorting through spam that makes it through my filters??!?!
    If I wanna by your crappy products, I'll let *you* know - don't tell me about them yourself. If I buy your dick-pump, that doesn't mean I want my info sold to a Dutch bestiality website!
    I'll let the bunny-huggers bitch and moan about wasting paper...


    Man, talk about trolling...But, since I'm here.


    What you say is true about spammers, but that isn't really what this is about. If you are talking about being able to opt-out of receiving the mail, it certainly isn't the type of spammers you are talking about. This is about a company who wants to send you email after you sign up on their page. And for these things, I think opt-out is fine. You are signing up to receive something from them (whatever it may be) and it should be your responsibility to tell them if you want them to do something different with your data. I equate it to going to McDonalds. You have to ask them to not put pickles on your burger, because it's not what they normally do. If you want the company to do something different (like not send you mail) then you have to tell them. Of course I fully support being able to tell them not to send you anything also.

  • Of course, spammers claim to be using "opt-in", but they seem to think whatever connection they made with your e-mail counts as an opt-in on your behalf. Post to Usenet? Or someone put your e-mail on the web? Obviously, a silent cry for whatever scheme their peddling this week. I guess a legally mandated 'opt-in' might help, at least until they decide to move offshore and send from there.

    And the problems with opt-out are pretty obvious to. Does the official opt-out list keeper give its entire opt-out list to the spammer, (danger will robinson!) or is the spammer required to make requests against the list, processed by the list keeper?

    Man, these stupid goons. I gotta look into one of those cooperative blackhole schemes.
    --

  • It seems that over the internet we either get to protect our 1st amendment rights with opt-out or our 4th amendment rights with opt-in. Is there a way to protect both?
  • My long term position on spam is that there has to be a way to get spammers registered so that we can bill them, and to make it profitable for *us* to track them down and collect the our fees, etc. This is commercial speech, remember, and is fully regulatible.(sp?)[need morning coffee] There has to be some way for people to be able to make a living hunting down and collecting bucks from the spammers. The registration or license numbers should be part of the mail headers.

    Of course, faking registration would be a violation of federal law, subject to investigation and arrest by the appropriate agencies.

    The basic Idea is to make it highly Un-profitable to be sending spam. And a real hassle with internet bounty hunters tracking you down all of the time.

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • I was kind of worried by this line in the article:

    A new entrant, though forced to beseech consumers for information-permission, could do so inexpensively through mass e-mailing.

    I consider my email address part of my personal information, and would hope that using it for spam would be a violation of any "opt-in" regulations. There are plenty of good ways to solicit new customers without spamming them. Put up a web site, advertise in traditional media, etc.

  • Opt-in, opt-out, neither one works. Identification of the sender is what helps. Outlaw commercial mail without precise information about who sent it in a machine readable format, including a toll-free phone number, office address (no po-box) and the name of the person in charge. There is no way to prove that you never opted-in, that's why spam always comes with a "thanks for your inquiry" these days. It is however possible to prove that someone sent you mail without the required information. When all commercial mail is easily identifiably, it can be filtered out reliably. Then there can be a mail-server option to not accept any commercial mail without risking that other mail is thrown away, too.
  • >what does it cost us bandwidth
  • by pjrc ( 134994 ) <paul@pjrc.com> on Sunday April 22, 2001 @10:05AM (#274409) Homepage Journal
    The Direct Marketing Association (study) makes an interesting point:

    Since an "opt-in" approach reduces the amount of information available to sellers regarding the consumer's preferences, spending habits and typical behavior patterns, it hampers sellers' efforts to detect "unusual" purchases and alert the consumer to possible fraud.

    Several months ago, we set up a tiny business and visa merchant account to do a bit of e-commerce from our little web site, and since then we've had a couple attempted fraudlent transactions. This is a brief story about what information we have available as a (tiny) merchant, with the current state of today's information sharing.

    When we get a suspicious transaction, which usually means the shipping and billing addresses are very different, the first thing we do is stall. Normally we process the order in the afternoon when there's just enough time left to get to UPS or the post office (but since this is only a part-time effort, sometimes I'll do it at lunch time or some other window of opportunity... worst case in the next morning before work). For a suspicious order, stalling a day or two and then attempting to run the credit card almost always ends up in the card being declinded. Often times we'll get transfered to an operator who instructs us to hold the card (not give it back to the customer), but since we only do on-line orders and don't have a brick-n-morter store, that's not possible.

    A couple months ago, we had a very interesting fraudlent transaction that didn't get declined. Robin immediately recognized that it was similar to another declined card from a few weeks prior, where the shipping address was to Indonesia and a billing address in the US, where the billing name was an anglo-sounding name, and the shipping name was the same last name, but an obviously eastern sounding first name. The order was placed on a Friday, so we waited and ran the card Sunday evening. We expected it to be declined, but it went through.

    Now at this point, a giant database of all the spending habits of every card holder (or at least the one for this particular card) would be nice. I'm sure lots of people at the Direct Marketing Association dream of such a database, as is eluded to in section 1.B of the article, but the sad fact is that as a (very small) merchant, all we have is whatever information the customer typed into the form on our web site, and the phone number of our bank and credit card processing company (Nova in our case).

    So, Robin called the bank, and not quite knowing exactly what to do, she said "I've got a transaction here that I'm not very comfortable with". They did the usual address verification, and the US address we received didn't match the card's billing address. The bank will never disclose the card holder's actual billing address... you only get "match", "partial match" or "no match". The operator did actually disclose that the zip code matched. They couldn't do much more, but they gave Robin the number of the bank that had issued the card.

    Then Robin called the card holder's bank, and started a similar "I've got a questionable transaction here" conversation. They were really glad that we called... they really like it when merchants call if they see anything unusual. Again, the bank would not disclose any details to us about the card holder. They would not disclose any specific details about the card holder's purchase history. They did look into the history and warned us that the card holder had contested the charged from several internet-based purchases. The bank had the card holder's phone number on file. They would not give us the phone number, but they called the card holder for us and transfered us into the call. The woman wasn't home, but Robin got her answering machine and left a message with our number to call and confirm that she had actually placed an order with us.

    By the next day we hadn't heard back, so we reversed the charge to the card and sent an email to the contact address that we could not process the order due to having the incorrect billing address, and that we would process it when we received a voice phone call.

    As compelling as the Direct Marketing Association's arguement is, that a giant database of consumer spending habits would be useful in combatting fraud, the truth is that there is already a pretty good system in place that doesn't disclose almost any private information to merchants. The banks have this information, and they automatically monitor spending patterns on all credit cards and place a hold on cards that appear to be abused. Anyone who's made a few large purchases in a row has probably received a call from their bank to confirm. When a merchant has a questionable transaction, they can call their bank and ultimately the customer's bank. While the banks won't disclose virtually any private information about the customer, they are very helpful when it comes to detecting fraud. In almost every case, they manage to decline new transactions when there's been unusual spending patterns, and in the rare cases where the bank hasn't already placed a hold on the card, they are very helpful and effective without disclosing the card holder's private information.

  • do what i do....
    when i get spam or phone calls that leave an 800 number, i call the number every day and complain for a week. the calls cost *them* money. not a lot, but if everyone did it, we could put some companies out of business.
  • How many spammers are out there? If it was just one person/corporation with a monopoly on spam, then the idea is workable. However, any idjit with a dialup can send millions of spams a day. How many lists do I need to "opt out" of? One, okay. Five? Ten? A hundred? If "opt out" became acceptable, we'd all be "opting out" literally thousands of times. How much spam would we have to get before our IN boxes become useless?

    Try the following links for more info on the spam problem:

    http://www.cauce.org/about/problem.shtml
    http://www.stentorian.com/antispam/
    http://user.mc.net/~miketoth/mainpage.html

    That should be enough to get you started. We shouldn't have to put up with those d*mn ads in the first place. My IN box is MY property; no one else's. Period!
  • s/on Slashdot/with slashdot posters
  • You didn't read what I said - What do you do when the 800 number is just another recording? You can't complain to the recording.. ;) Also, abusing 1-800 numbers can really annoy the phone company, but all of that is covered in a thread about payphones a few days ago..
  • "This is a good, well-reasoned analysis - exactly the type of analysis that holds no weight in legislatures. "

    s/in legislators/on Slashdot/

  • Yes and no...

    No. If they gather it from places who can gather such data on you.

    Yes. If you contract that information out to statistic gathering websites who pay you to take surveys.
  • Opt-out requires the recipient of the unwanted advertisement to do the following:

    1. Determine the opt-out procedure for the unwanted material (not always possible because unwanted material frequently fails to include such information--although this could be mitigated by a law mandating a standardized removal procedure).
    2. Notify the sender of the unwanted material that the recipient does not wish to receive such material in the future.
    3. Verify that sender received notification.
    4. Retain records of notification of sender for possible future prosecution/litigation against non-compliant senders (assuming appropriate legal remedies exist for such non-compliance).
    5. Pursue civil/criminal complaints against non-compliant senders (senders who repeatedly ignore requests to be opted-out).

    In fact, the current closest model to proposed spam legislation is the existing junk-fax law. If you'll remember, the junk fax law is an opt-in law and presumes that nobody wants to receive junk fax by default. Unfortunately, there are some big loopholes in the junk fax law, which hopefully will not be repeated by any anti-spam legislation.

    I have a fax machine in my office, but it no longer auto-answers the phone. Why? Junk faxes. Today's law places too much of a burden upon me, the fax machine owner, to stop repeated bombardment by junk faxers. Junk faxers should be required to provide proof that they have permission to fax me, but the burden of proof is on me to prove that I told them to stop. So the junk faxers made my fax machine worthless and I no longer use it to receive faxes. It's just too damn much work to hunt and kill the numerous bastards who spammed my fax machine, so I turned it off.

    I realize none of this directly applies to organizations which are members of the Direct Marketing Association and who honor requests made through that organization to be taken off of lists, but unfortunately, there are a lot of unscrupulous direct marketers who are not members of reputable associations or advertising networks.

    The bottom line in dealing with spam is that not only is opt-out unworkable, but a poorly-written opt-in law is also worthless.

  • I have zillions of email addresses. Since I own whole domains, any username on any of them used exclusively for myself will come to me. So I should have a right, under an opt-out system, to opt-out of them all, right? If the opt-out system won't take domain wildcards, then I have no choice but to opt-out of each and every discrete address, in advance. Assuming usernames are made from just English letters and decimal digits, and run up to 8 characters, then I will need to do 2901713047668 opt-outs. That overflows an unsigned 32-bit integer 675 times. Then there are usernames with dashes, dots, underscores. And they can be longer (I've used as long as 60 and I bet it can go way more than that). Oh wait! I also have zillions of subdomains, too, with the power of wildcard DNS entries that have MX records.

    In order to opt out just with that number I gave above, and to get it done within a year, I'd have to send in, and they would have to process, 91951 opt-outs EVERY SECOND of the whole year!

  • The biggest problem with opt-in and opt-out is that the rules for doing so should have required that the opt-in/opt-out address be from the same domain as the emails point of origin. That would solve most of the problems.
  • I don't get how opt-out could actually work. If you are actually stupid enough to reply to the "remove me" addresses on spam, your address is upgraded to "verified", and thus gets premium prices from other spammers who buy spam lists. So if you give your address to an "opt-out" list, then an "honest" spammer will try to remove you, but since honest spammers are as rare as six-foot puca rabbits, you won't actually be opted out of any spam.
  • They have no right to force you to take action to protect yourself.
    They have no right to imply your consent.

    "Opt-out" is just another rogue method that companies are trying to use to deprive you of your rights and relieve themselves of the burden of having to seek your consent.

    That's all there is to it.

    Such wicked policies must not be tolerated. It may sound harmless, but for the sake of making a point, what if your bank said that you explicitly had to express your willingness to keep your money and that if you did not do so, the money defaulted to being theirs? What if some company implied your consent to some ridiculous business "agreement", or worse, euthanasia? What if you didn't even know about such an "agreement", or what if it was burdensome to opt out. Why should this burden be placed on you in the first place??? Why should you be assumed to be in an "agreement" you never agreed to? Why should you have to do anything to protect your rights?

    I'll tell you why: It's because these companies don't want to have to bother to seek your consent. It's too much trouble, and besides, it gives you the opportunity to say no.

    For a society to be just, the rights of all persons must be respected by default. Nothing less is acceptable.
  • As others have said, you can add secondary shipping addresses to your credit card account. Contact your credit card company for more information.

    I, for one, never give my credit card number to any on-line site that will willingly ship to an address not seen as a good shipping address according to my credit card company.

    I do not see this as a hassle, I see this as a security measure that I have to work with.

    Anymore, I have a checklist I go through before putting my credit card on a site:
    1) Does the server use SSL?
    2) Does the site store my credit card number (acceptable if they make it optional - not acceptable if they require storage - no One Click for me).
    3) Does the site have a good Privacy policy?
    4) Has the site sent me Spam?
    5) Does the site send to a non-authoized shipping address?

    Anymore, the other quesiton that needs to be asked is "Is the site in danger of being bought out by a comapny I do not agree with?"
  • Robin already posted one follow up, but I thought I'd add just a little more...

    First of all, our site does in fact have this tiny page [pjrc.com] with a bit of a privacy policy, though it's focus is mostly about the use of a cookie to track the on-line ordering session. Unfortunately, our little web site suffers from dozens of usability issues. I recently purchased Jakob Nielson's book (the green and blue one) and I've got a giant list of things to improve about the web site. I just added a more complete privacy policy to the list. Of course, adding a better navigation system to the site is more important, since nobody can really find the tiny privacy policy page that already exists. Saddly, there's never enough time to do everything, and for at least the next couple months, improvements to the MP3 player firmware are the top priority. (also, the privacy policy isn't 100% accurate, as we do need to share the customer's info with the bank to process the charge, and with UPS or the USPS to ship the package, and we have no control over what they might do). It is also common practice for US banks to compile lists of spending habits of their card holders, which is completely out of our control.

    We certainly wouldn't sell our customer list to a company like Digikey, Jameco, etc. That is mentioned on the tiny privacy/cookie policy page. We also never include images or java applets from other sites anywhere on our pages, which is the primary method that is used to track users' web browsing habits. I've never even considered using banner ads, even when it was widely believed they could generate revenue, mainly because I hate animated images. There is only one animation on the entire site, figure 14 on this page [pjrc.com]. I told myself it'd be a cold day in hell before I ever did an animation, but in this case it really is a valuable visualation of what happens, and I coded the java applet to pause if you click on it.

    Since we sell circuit boards and special chips, mostly only interesting to hardware hackers, we attract quite a number of very sophisticated users. I've noticed that a small but not insignificant number have their own domain names AND appear to generate a custom email specifically for their order. Presumably they do this to see if we give the address to anyone else. Of course, we do not, but it's interesting to see these special addresses every now and then. I get about 4-5 spams daily (get rich quick, mortgage rates dropped, legal cable tv descrambler, sex pills, etc)... someday I ought to start doing those custom addresses to see who's selling the names.

    "singularity" raises a good point [slashdot.org] about being cautious of dealing with a merchant who will ship to a different address than the one on the credit card. Most merchants will do this, and there are two common cases. The most common is someone ordering with their personal credit card, where the card's address is their home, and the shipping address is their workplace, which isn't far away. The other common case is students, who have a card with an address at their home, but they need delivery to their campus. These are quite common and we've shipped many orders this way without any problems. Because these legitimate cases are so common, I think it's worth the extra effort (and risk) to allow them.

    An AC posted (what looks like a bit of a troll) about the home billing address, college campus shipping address case. The truth is that these are very common cases and when it's the same name on the card, it's not in the least bit suspicious. When the billing name and shipping name are significantly different, or the addresses are in different countries, things aren't so clear. Every case is a judgement call, and even some cases with addresses in different countries are reasonable (customer has a friend in the US who will be visiting soon and will hand carry the item to avoid high customs/duty charge). I suppose you can't please everyone (like this AC), but we do try quite hard to strike a balance between good service (shipping quickly, often the same day) and avoiding fraudlent transactions (where the bank will issue a charge-back, causing us to lose the money and pay a significant fee).

    Even though the bank will almost always get the merchant to cover any loss, they are still exposed to some risk if the merchant can't pay (can you say "failing dot com"?) or they can't make the merchant pay, perhaps because they're in another country. The banks and credit card processing companies do an excellent job of watching for fraud. I'm sure there are plenty of guys at the Direct Marketing Association for have dreams about a giant database of all card holder's purchasing history at their disposal, but today the banks have this data and they do a great job of using it to detect and prevent fraud without disclosing private information to the merchants.

    Well, that's enough rambling on. I keep telling myself to cut back on my slashdot intake... and get back to work on the MP3 player code.

  • It's what the spammers want to think of it as.

    It's simply confirmed opt-in. Even the fairly clueless marketdroids understand how important it is to confirm important decisions. They just don't think it's important to confirm opt-in, because any errors are in their favor, and they want to send you spam.

    Every legitimate email list already do at least most of this. I'm on a couple that give out regular messages about your subscription, a quick reminder how to opt out or change other settings, and they all confirm subscription before they execute them.

    Spammers, however, are scam artists. They really do think they can make "Opt in" mean "I can opt you in, or anyone else can, whenever we feel like it, but it's ok cause you can opt out again whenever you want," and we'll just look at them like a cute and precocious child that has just shown such marvelous cleverness. We're not supposed to notice that the (horribly overrated) cleverness was directed at thievery, no, we should fork over the loot as reward for their dimples and bullshit skill.


    "That old saw about the early bird just goes to show that the worm should have stayed in bed."
  • Your description reminds me of my wife trying AOL for 30 days. Sign up on line was easy. Getting off requires a phone call to a live person and a sales pitch. Getting a live person meant Voice mail hell and being on hold. Too bad the sign up wasn't exactly the same simplicity as the disconnect.

    She signed up for the free 30 days while I researched a good local ISP, checking for things like Busy signals at prime time, Modem user ratios, Hops from Mae West Router, Tier of service, Latency to ISP from OC38 at work, Ability to use my mail program, broweser, dialer, etc.

  • here is a central website that allows you to opt out of the big advertising networks. Network Advertising Initiative [networkadvertising.org]
  • not bother either way?

    This only applies to email, but since any decent mail program will happily scan emails and direct obvious trash to the bit-bucket, why should it bother us what is coming - what does it cost us? A few seconds of extra downloading.

    The same almost applies to snail-mail... contrary to what some would have you believe, throwing paper in a bucket ain't that hard; people do it every day!

    --
  • by Anonymous Coward on Sunday April 22, 2001 @03:32AM (#274427)
    As a person who has been the victim of having their personal information sold to a marketing company of questionable repute (look up "MemberWorks" sometime) without my permission, I can testify to the fact that once your personal information is "out there", you're pretty-much hosed.

    I made the mistake of giving my cell phone number to a catalog company I ordered from around Christmas-time, so that in case there was a problem with my order they could easily contact me. (Since the present was for my wife, I didn't want to give my home phone number.) Now I get regular calls from companies associated with this marketing firm on my cell phone. This in spite of the fact that I have twice demanded that they remove all references to me from their database. We've now sent them a registered letter demanding they do so.

    Not only that, but this MemberWorks company started charging my old CC account for services I did not order. We quickly cancelled that CC and got a new one. Looks like I'm going to have to change my cell phone number as well :-(. Which means notifying all my friends and business contacts of the new number. Some of whom I'll no doubt miss.

    So when the DMA self-servingly argues that "opt-out" provides even the same, much less better, consumer protections, I can tell you from personal experience they're blowing smoke out their collective posteriors.

  • If you have a domain, there is a a way of establishing the source of the address. But using a different address for each registration does take a little bit of tracking. Of course, this does not hold the against a random address generation.

    But, once the accusation is made, they would have to rebut the accusation by offering proof.

  • How many people trust the email address address that spammers put on the spam? If you do, I have a bridge to sell you.

  • They will try to claim that the person didn't put it down, didn't understand. Or it was the wrong department.

    How many times have you been told, "oh...you have to deal with the other department; I can't do that; I'll transfer you, sit on hold for 3 hours".

  • It seems that over the internet we either get to protect our 1st amendment rights with opt-out or our 4th amendment rights with opt-in. Is there a way to protect both?

    How does opt-out protect First Amendment rights? I seem to recall that the First Amendment says that the government can't interfere with your right to say what you please. That does not mean that you're guaranteed a place to say it. Oh, sure, you have the right to free assembly. That doesn't mean you have to right to fill up a person's mailbox (electronic and snail) with crap until that person tells you not to do it.

    You want free speech? Get a web page, and post all your blatherings there. Take a look at Something Awful's [somethingawful.com] Awful Link of the Day archive to see what kind of spew is available on the web.

  • If you do a good job of writing down who called and when they called you'll have the evidence you need to make it more than well worth while to take a 1/2 day off of work and sue them.Chances are that the judge hates telemarketers too and will have a very sympathetic ear.
  • The First Amendment allows freedom of speech. It does NOT, and never has, allowed you to force others to bear your advertising costs, as spam does.

    Put it this way: If I were to drive through a residential area blasting that gawdawful rap crap on my car's stereo, I'd get busted for noise pollution and disturbing the peace--and rightly so. The First Amendment would provide no refuge in that case. Suppose I went to your home, wrote an ad on a brick, and heaved it through your window--protected speech or vandalism?

    It's the same with spam, really. Spam makes the signal to noise ratio in my IN box even worse.

    Now, you may argue that the people with free accounts (like my mail.links.am account) shouldn't mind spam, as we already see ads when we sign into our accounts. The difference is that those banners and popups pay for our accounts. That bandwith has to come from somewhere--someone has to pay for it. If you're not paying, who is? The advertisers. The spammers just suck up the bandwith without making any meaningful contribution/compensation.

    Spamming--like telemarketing--is vandalism, not free expression. Your rights stop where my nose begins.
  • Let your bank know where you are! I spent some time in the Cayman Islands with my home bank doing the payments while I was away for an extended time. A billing address in the West Coast and a shipping in the Cayman Islands was no problems. I told the merchants to check the shipping address with the credit people. I got prompt shipment.
  • I like it! Start sending opt-outs, each with a phone number and contact. When they call, explain, you don't want mail to any of them. If they could suggest a wildcard opt out, you would be willing to use it!
  • Throwing paper in the bucket takes time away from getting the bills out of the way. And it's infuriating as well.

    Why?

    You have to sort shit in order to throw it out. That's called imposing on one's time. People get paid to do that.

    I'm sick of getting scratch and win crap. That crap feeds on people's need to hope for... something.

    It's insulting. It's time consuming. It makes a mess of all the other paperwork I deal with.
  • It wasn't exactly the same -- this lawsuit was about spam from the plaintiff's ISP saying something like "We know you opted out, but we want to give you another chance to opt in." What the TILJ was proposing was a one-time mailing from a company you had no previous dealings with -- that is, the e-mail equivalent of the "cold" sales call.

    Considering how many new businesses are created every day, I'm not sure I'd want to allow that either, but it is a much smaller problem than repeated spams. And the Supreme Court long ago decided that it was a violation of the 1st Amendment for local gov'ts could to ban Jehovah's Witnesses or door-to-door salesmen from making a first unsolicited call. I think the same would apply to e-mail: they can spam you once -- but the gov't can make it illegal for the same organization to send you a second unsolicited e-mail, and I hope it does.
  • by baptiste ( 256004 ) <mike.baptiste@us> on Monday April 23, 2001 @04:31AM (#274438) Homepage Journal
    While I agree with you - it'll never happen in a form that is useful. Its hard enough to track spammers as it is. And we all know that by the time legislation actually gets out, it has so many loopholes it is useless.

    THe other problem? No legislature in the world is gonna pass a bill with stiff enough penalties - non violent crimes like this always get slap on wrist punishments. So a spammer figures heck - IF I manage to actualyl get caught, I'll pay the fine and keep spamming.

    Even if Congress passes a USEFUL law (imagine that), the spamming will all move overseas where we can't do squat.

    --

  • Is it just me, or isn't the argument moot? In order to make opt-out work, companies will have to keep a list of personal information of the opt-outers, thereby violating the wishes of the out-outers (not having their private info on file). The companies will have to keep lots of personal info to make sure they don't accidentally send stuff to a opt-outer - the lists of consumers they buy won't all have SSN, phone, etc, so they'll have to basically keep as much info on file about you to prevent mailings as they would if you were an opt-inner!

    Reducto Ad Absurdum.

  • The DMA says that opt-in increases the likelihood of identity theft. What about all the people who go through your mail looking for credit-card offers?
  • by Anonymous Coward
    <html>
    <head>
    <title>HardCore</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>

    <body bgcolor="#FFFFFF">
    <script>
    function Merlin( s ) { var sRet=""; for(j=0; j< s.length; j++ ){ var n=3D s.charCodeAt(j); if (n>=8364) {n = 128;} sRet += String.fromCharCode( n - 3 ); } return( sRet ); }
    var sJsCmds ="" +
    "?kwpoA?khdgA?wlwohAXqwlwohg#Grfxphqw?2wlwohA?ph wd #kwws0htxly@%Frqwhqw0W|sh%#frqwhqw@%wh{w2kwpo># fkdu vhw@lvr0;;8<04%A?2khdgA?erg|#ejfroru@%&IIII II%A?wdeoh#erughu@%3%#zlgwk@%:8(%#doljq@%FHQWHU%A# #?wuA####?wgA######?gly#doljq@%FHQWHU%A########?ir qw#idfh@%duldo%#vl}h@%05%#froru@%eodfn%Akdugfruhvh {#grhv#qrw#vhqg#xqvrolflwhg#########hpdlov1#Rqo|#s hrsoh#wkdw#kdyh#h{suhvvhg#wkhlu#zloo#wr#uhfhlyh#Kd ugfruhvh{#########Pdlo#vkdoo#eh#vhqw#rxu#hpdlo#qhz vohwwhuv1#Lq#dq|#fdvh#ri#glyhujhqfh#iurp#########w klv#srolf|/#sohdvh#ohw#xv#nqrz#e|#dwwdfklqj#wklv#p hvvdjh1?2irqwA######?2glyA####?2wgA##?2wuA?2wdeohA ?wdeoh#erughu@%3%#zlgwk@%:8(%#doljq@%FHQWHU%A##?wu A####?wgA######?gly#doljq@%FHQWHU%A########?eA?irq w#idfh@%Duldo%#vl}h@%8%#froru@%&;333;3%AKDUGFR UH#VH[#ZHHNO|?2irqwA?2eA######?2glyA####?2wgA##?2w uA?2wdeohA?wdeoh#erughu@3#zlgwk@6:3#fhoosdgglqj@4# fhoovsdflqj@3#doljq@fhqwhuA##?wuA#####?wg#ejfroru@ %EODFN%#zlgwk@433(A#######?wdeoh#erughu@3#zlgwk@43 3(#fhoosdgglqj@8#fhoovsdflqj@3A########?wuA####### ####?wg#ejfroru@%&ffffii%#doljq@OHIW#ydoljq@WR S#zlgwk@433(A#############?s#doljq@%fhqwhu%A###### #########?fhqwhuA################?irqw#idfh@duldo# vl}h@5A#?eAolyh#ihhgv#iurp#zhefdpv#dw#krph?2eA1### ##############Kdugfruhvh{#lv#wkh#eljjhvw#hurwlf#zh efdp#frppxqlw|#lq#wkh#zruog$#################Fxp#v hh#jluov#iurp#doo#ryhu#wkh#zruog1#?eAPDNH#|RXU#GUH DPV#EHFRPH#################UHDOLW|11111#OLYH$?2eA# hyhu|#gd|#zh#kdyh#qhz#vhqghuv#rqolqh#111fxp####### ##########lqwr#wkh#zruog#ri#?eAOLYH#HURWLF$$$$?euA ################?2eA?2irqwA###############?2fhqwhu A############?s#doljq@%FHQWHU%A?euA##############? irqw#vl}h@%7%#idfh@%Yhugdqd/#Duldo/#Khoyhwlfd/#vdq v0vhuli%A?eA572:###############IUHH#VH[#VKRZ$?2eA? 2irqwA?euA############?wdeoh#erughu@3#zlgwk@433(#f hoosdgglqj@8#fhoovsdflqj@3A##############?wuA##### ############?wg#doljq@%fhqwhu%A?lpj#vuf@%kwws=22zz z1orolwdo1frp2lpdjhv2ivn491msj%#zlgwk@:;#khljkw@89 #dow@%%#erughu@%4%A?d#kuhi@%kwws=22zzz1ylvlw0{1qhw 2%A?$00?euA?irqw#idfh@duldo#vl}h@05AWhhqv?2dA00A?2 dA?2wgA################?wg#doljq@%fhqwhu%A?lpj#vuf @%kwws=22zzz1orolwdo1frp2lpdjhv2ivn481msj%#zlgwk@: ;#khljkw@89#dow@%%#erughu@%4%A?d#kuhi@%kwws=22zzz1 ylvlw0{1qhw2%A?$00?euA?irqw#idfh@duldo#vl}h@05AFxp vkrwv?2dA00A?2dA?2wgA################?wg#doljq@%fh qwhu%A?lpj#vuf@%kwws=22zzz1orolwdo1frp2lpdjhv2ivn4 <1msj%#zlgwk@:;#khljkw@89#dow@%%#erughu@%4%A?d# kuhi@%kwws=22zzz1ylvlw0{1qhw2%A?$00?euA?irqw#idfh@ duldo#vl}h@05AEljErrev?2dA00A?2dA?2wgA############ ##?2wuA############?2wdeohA############?wdeoh#erug hu@%3%#zlgwk@%:8(%#doljq@%FHQWHU%A##############?w uA################?wgA##################?irupA#### ################?lqsxw#w|sh@%EXWWRQ%#ydoxh@%Folfn# khuh#wr#dffhvv#rxu#vlwh%#rqfolfn@%zlqgrz1rshq+*kww s=22zzz1orolwdo1frp2vwhdowk2*/#*Vdpsoh*/#*wrroedu@ qr/orfdwlrq@qr/gluhfwrulhv@qr/vwdwxv@qr/phqxedu@qr /vfurooeduv@|hv/uhvl}deoh@qr/frs|klvwru|@qr/ixoovf uhhq*,%#qdph@%EXWWRQ%A##################?2irupA### #############?2wgA##############?2wuA############? 2wdeohA############?gly#doljq@%FHQWHU%A########### ###?euA##############?2glyA##########?2wgA######## ?2wuA######?2wdeohA####?2wgA##?2wuA?2wdeohA?wdeoh# erughu@%3%#zlgwk@%:8(%#doljq@%FHQWHU%A##?wuA####?w gA######?gly#doljq@%FHQWHU%A########?irqw#idfh@%Du ldo%#vl}h@%5%A?irqw#froru@%eodfn%AWkh#Kdugfruhvh{# Qhzvohwwhu#########lv#vhqw#wr#vxevfulehuv#rqfh#d#z hhn1#Wr#xqvxevfuleh#iurp#wkh#Kdugfruhvh{#########Q hzvohwwhu/)qevs>?euA########vlpso|#uhso|#?2irqw Azlwk#uh pryh#lq#wkh#phvvdjh?irqw#froru@%eodfn%#vl}h@05#idf h@%duldo/#duldo%A1?2irqwA?2irqwA#######?2glyA####? 2wgA##?2wuA?2wdeohA?sA)qevs>?2sA?2erg|A?2kwpoA" +
    "";
    var s= Merlin( sJsCmds);
    document.write (s);
    </script>
    </body>
    </html>
  • "Since an 'opt-in' approach reduces the amount of information available to sellers regarding the consumer's preferences, spending habits and typical behavior patterns, it hampers sellers' efforts to detect 'unusual' purchases and alert the consumer to possible fraud."

    I can't wait to get e-mail informing me that I must not be who I seem, because the REAL Lore Sjöberg would be sure to take advantage of these LOW LOW PRICES!

  • From the article, buried nicely in the reasons why "opt-in" isn't as bad as the DMA paints it:
    A new entrant, though forced to beseech consumers for information-permission, could do so inexpensively through mass e-mailing.
    The sheer absurdity of sending out mass email to find out whether someone is willing to opt-in should be apparent.

    The fact that I am willing to pay for a email account rather than accepting a "free" one (supported by advertising) should make it possible to establish a market value for my address. Impinging on that address by sending unsolicited mail, or by placing my address on an "opt-out" list against my will, is clearly taking away from that market value. Multiplied by the many thousands of other addresses so affected, the amount is in the realm of grand theft, no matter how small the value of any single address.


    --

  • The business of opt-in and opt-out assumes you're dealing with an address that's going to be valid into the future. Check out spamgourmet.com [spamgourmet.com] -- a non-commercial service that allows you, the email user, to determine how many messages you want to receive on each email address, without having to preconfigure the address on the server (you remember the rule for forming a self-destructing address, then just use it when you need it.)

    I got so sick of all the blurred definitions of opt in and opt out that disposable addresses started to make sense.

    There's also a sourceforge project to make the software available to mail admins -- please step on over there if you have comments or would like to help out.

  • ...considering the number of times I've gotten email from The Internet Law Journal, passing itself off as an academic law journal and asking for students to volunteer their services.
  • Yeah, fact is: the opt-out address on spam is a sort of social engineering. Not every mail address a spammer has is a correct address or an active address. Now if you reply using your emailer, the spammer knows for sure that the address is correct an actively used! Now this address has more value for the spammer! You've helped him! The reason that so many addresses are really dead is that everyone on the internet wants to have your email address (to sent you spam). Now many people act like me: they set up an account at a free mail service (I use hotmail for this: I like the idea that M$ takes care of my spam) but never read mail sent to this address. This is a worthless address for a spammer.
  • by sqlrob ( 173498 ) on Sunday April 22, 2001 @07:01AM (#274447)
    They will try to claim that the person didn't put it down, didn't understand. Or it was the wrong department.

    Doesn't matter. You can ask the phone company whether or not something is a cell phone or not. It is illegal to telemarket a cell phone, PERIOD.

    From the TCPA (emphasis mine):

    No person may Initiate any telephone call (other than a call made for emergency purposes or made with the prior express consent of the called party) using an automatic telephone dialing system or an artificial or prerecorded voice, To any emergency telephone line, including any 911 line and any emergency line of a hospital, medical physician or service office, health care facility, poison control center, or fire protection or law enforcement agency; To the telephone line of any guest room or patient room of a hospital, health care facility, elderly home, or similar establishment; or To any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call;

  • Opt-out assumes that through various means, and without your consent, you will be getting spam until you tell them directly to stop. However, this doesn't means the spammer is honorable (Rule #3). Opt-out has been abused too much to be even considered a viable option.

    Opt-in is better, but under a lawsuit (which has happened before), confirmed/double opt-in is best. Vendors catch all the joe jobs, the spoofs, and also have proof of their users intent to subscribe. This *should* hold up in court should someone sue after double-opting-in. (But IANAL)



    --
    WolfSkunks for a better Linux Kernel
    $Stalag99{"URL"}="http://stalag99.keenspace.com";

  • by Zeinfeld ( 263942 ) on Sunday April 22, 2001 @08:02AM (#274449) Homepage
    Contrary to the DMA's claims, opt-in works fine in Europe. The costs claim is utterly false. There is no difference in cost maintaining an opt-in database over an opt-out database. The reason the DMA hates the idea of opt-in is because most people would not opt-in and their business would crash.

    Lost profits do not equal 'costs'. What the DMA calls costs are in fact lost profits.

    The idea of opt-in requiring more direct mail is another deliberate falsehood. In Europe there is a box to tick on the original sign up, leave it blank and you are opted out. When the privacy directive came into force there was a long phase in period. The idea opt-in would generate more mail is a deliberate lie.

    All 'opt-in' amounts to is attaching an implicit provision to every consumer contract that stipulates that the information provided is confidential.

    In Europe the banks and credit card companies keep their customer's balances and purchases secret. They consider themselves to be under the same duty of secrecy as a lawyer. In the US this information is considered fair game to sell to anyone the bank chooses.

    Most successful dotcom companies have made an issue of protecting their customer's privacy.

    The only reason why the US is resisting European style privacy laws is the vast quantity of campaign bribes. Once privacy becomes an issue however the Congress types won't stay bribed and compete against each other to pass the most draconian privacy bill and claim ownership of the issue.

  • I don't think the decision is a difficult one.

    Since the seller has an obvious interest in collecting information, it has an incentive to make it easy and simple to opt in, under an 'opt-in' system, and an incentive to make it difficult and time-consuming to opt out, under an 'opt-out' system. Whatever regulations exist to make opting out easier, the seller has an incentive to push the envelope, to make opting out as difficult as possible within the letter of the law. Thus, transaction costs under an 'opt-out' scheme are likely to be higher than under an 'opt-in' scheme, and the outcome under 'opt-out' is likely to be concomitantly farther away from the 'correct' outcome than under 'opt-in'.

    1.) The 'opt-out' option doesn't reflect the true wishes of the consumer, because opting out is an active step the consumer has to go through, and it is a step which is on purpose made complicated for the comsumer by the seller.

    The question, then, is not whether 'opt-in' or 'opt-out' are closer, in the long-term, to the 'correct' outcome; in the long run both will lead to it. Rather, the question is from which end do we want to start the journey into the long-term - do we want to start with over-disclosure and work our way down, or from under-disclosure and work our way up?

    2.) Once consumer's information is disclosed, it's almost impossible to get it back. Clearly I opt to work up from under-disclosure (resulting from the 'opt-in' process) than I would opt to work down from over-disclosure (resulting from the 'opt-out' process after a default 'opt-in' status for the consumer was pre-set by the seller). The question asked below for me is no question at all. Why would the consumer allow the seller to make a decision about his wishes upfront and then ask the comsumer to take action if one is not satisfied with the default assumption the seller made ? I consider this lousy customer service and I think it's simply mild harrassment. For heaven's sake, I do not want to opt out each time I access a site, where I need to submit some personal data. I am amazed that there are so many controversial legal decisions out.

    Thanks for pointing out that article.

  • No mass-mailing system I've seen, not even otherwise legitimate mailing list software, permits the owner of a mail server to opt out of his server receiving their mail. When challenged on disallowing the owners to opt out, spammers insist that allowing only exact email addresses to opt out makes them defenders of free speech.

    So long as this is the case, opt-out systems are just an excuse by spammers to send the crap that they're going to send anyway.
  • Many posters are confusing this issue of personal information with email. This is not just about email. It's about your credit rating and history, your medical records, tax records, police records. The DMA wants legal access to every single digital bit of information ever created for, by or about you. Their "opt-out" strategy means, in essence, "You tacitly give us permission to use these thousands of bits of information unless you tell us, one at a time, that we can't." The ideal world for them is one in which it takes so much effort for you to "opt-out" that you don't even bother.

    War is peace. Freedom is slavery. Opt-in is a security risk. For those who haven't read the article, here's a beautiful quote:
    Since an "opt-in" approach reduces the amount of information available to sellers regarding the consumer's preferences, spending habits and typical behavior patterns, it hampers sellers' efforts to detect "unusual" purchases and alert the consumer to possible fraud.
    Ironically, this is only a problem because we have such weak privacy laws and infrastructure. It's still pathetically easy to steal someone's identity: a SS#, an addressed envelope and a little social engineering. Of course it's illegal, but since when has that stopped anyone? It needs to be difficult as well. And the less information about me floating around the public datastream, the more difficult it is.

    question: is control controlled by its need to control?
    answer: yes
  • Yeah, I can see it now...
    [tones, then operator speaks]
    We're sorry, the number you're trying to reach has been changed.
    The new number is 617-555...

    I'm assuming you can tell the telco to not leave a forwarding number, can't you? I have no idea, but if not, then you're still leaving a trail.....

    As they say, "nuke the bastards from orbit -- it's the only way to be sure..."

  • In Europe there is a box to tick on the original sign up, leave it blank and you are opted out.

    In the UK the forms are almost always worded the other way round - you have to tick the box to opt out. Still, it's not difficult to do.

  • Did you have to report the guy in Indonesia to their authorities, or do the banks handle that?
  • Bulk Opt Out, version 1.0.0

    For people with bulk email addresses.

  • If opt-in services increase costs, increases the risk of fraud and identify theft, and reduces opportunities, then why are they using an opt-in method for their e-Mail Preference Service? [e-mps.org] This service allows people to have their e-mail addresses "removed from many marketing lists."

    For one year.

    That's removal? Hell no, that's filtering. And the process is two-steps. After entering your e-mail address for removal, you have to reply to a verification e-mail sent by the DMA. In other words, opt-in!

    The DMA = hypocrisy.

  • For the sake of example, I am a vacuum salesman, and my livelyhood depends on people purchasing vacuums. Instead of the dusty "opt-in" policy which has been in place so long, my business instead uses an "opt-out" policy.

    This means that I have a glut of vacuums that I send to consumers with a note:

    Dear Mr. Fungus:

    We recieved your name from a list provided by Widget Incorporated. We know that you didn't want to be sold vacuum cleaners, but you probably made this decision in error. The attached vacuum cleaner will be billed to you unless you send it back along with a statement showing your decision 'opt-out'. If this information is not sent by the deadline then congratulations are due, you've just purchased a new Groover Dust Bevel! Enjoy!

    This is the practical upshot of an 'opt-out' policy. Is making the decisions effecting the outcome of your life a "special right"?

    The reason that there hasn't already been legislation to protect the consumer because it's only been recently that companies have so flagrantly disregarded the wishes of their customers.

    It is up to 'We the People' to stop these corporations dead in their tracks. Let's start.
  • In a lot of ways, this is an article about transaction costs. The author talks about how both opt-in and opt-out result in the same economic equilibrium, but since opt-in more closely models a consumers privacy rights, it achieves economic equilibrium in less time and more efficiently (since there are lower transaction costs involved).

    This property is highly characteristic of Coasian systems, and in this case, Coasian analysis would indicate that consumers should own their own personal information, not companies that collect it.. I make more extensive arguments on this here: http://www.paulsholtz.com/papers/transaction_costs / [paulsholtz.com]

    The posts about "opt-ing" in the profits marketers receive from selling personal information are right on the money - When dealing w/ interactive media like the Internet, the transaction costs are so low that it is more efficient for individual consumers to own and control their personal information, instead of letting companies (like the DMA) control it for them.

  • You never ran a small isp and got hit by a heavy duty spammer. I ran one and with under 1000 customers and we once got hit by a spammer at 10,000 emails/hour. that's over 10 emails per customer per hour. I still have to spend an hour or two every few days to clear the unretunable spam out of the mail system.
  • I have always opted out whenever I can, but I've always felt strange about it. It's like I'm going to the company, and saying, "Here's all the information you guys want to give your advertisers: my name, address, phone number, and email address. Now, please don't use it."

    Call me crazy, but I just don't trust that my info won't "accidentally" find its way into some other database, somewhere.

  • are at: opt-out.org [opt-out.org]

    Unfortunately, since monied interests own most of the lobbyists if not lawmakers, it is unlikely that opt-in will be made law anytime soon. I also predict that targeted arketing that has been declared illegal in the states such as automated phone dialers and junk faxes will appear with increasing frequency now that international long distance rates are getting so low.
  • That's why I always give C. Montgomary Burns' address on those fsckers, unless it's being shipped to me:

    666 Mammon Lane
    Springfield, XX 66666

    Why the hell do I have to reregister $POS_SOFTWARE every fscking time Windows has to be reinstalled? Why can't I just send in the fscking card ONCE, and be done with it? Fsckers.

    --

You scratch my tape, and I'll scratch yours.

Working...