World Privacy Forum's Top Ten Opt-Outs 162
Ant writes in to mention the World Privacy Forum's top ten information collector/user list, which shows opt-out instructions (or at least a starting point): "As privacy experts, we are frequently asked about 'opting out,' and which opt outs we think are the most important. This list is a distillation of ideas for opting out that the World Privacy Forum has developed over the years from responding to those questions. ... Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTC's Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative (NAI) opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out. In this list, some opt outs can be done by phone, some have to be sent in a letter via postal mail, and some can be accomplished online. Some opt outs last forever, some have time limits, and others can be changed at will. If an opt out is on this list, it is because we thought it might be important enough to be worth whatever annoyance it may pose. "
The Wrong Approach (Score:5, Insightful)
How about making everything in the world an opt-in by default?
For example, I don't recall announcing that I want telemarketers to call me, so why should I have to opt-out?
Telemarketing is a good opt-out but... (Score:5, Insightful)
Face it, the types of emails that you want to opt out from are exactly the ones that do not honor opt-out lists.
Remember when you first tried to ride a bike and your dad pushed you so hard that you fell over and skinned your knees and bloodied your nose? This is like taking that swing at him that you always wanted to. Unfortunately at that age, no matter what you do, he wasn't ever affected by your little attacks and rants.
Re:The Wrong Approach (Score:5, Insightful)
well that's simple, it's because the telemarketers automatically opt-in'd you into their call 24/7 list.
Advertisers do not respect their targets (Score:5, Insightful)
The disrespect that advertisers pay to their targets works well for them as it is believed that it boosts their viewership and of course the viewers who are most likely to buy and spend are unaware of or don't care that they are being disrespected.
I have little doubt that if people could get sales by knocking on your door and punching you in the face to make a sale, they would do exactly that. They don't care about the harm they cause.
World? (Score:5, Insightful)
For something from the World Privacy Forum it didn't really give much info for people that don't live in the US.
By 'World Privacy' you mean 'American Privacy'? (Score:2, Insightful)
FERPA and multiple levels of opt-out (Score:3, Insightful)
Most schools interpret/implement FERPA-related opt-outs in such a way that if a student's information is restricted, teachers are not allowed to post that student's photo on the web, or in the yearbook, or in the school newspaper, etc.
In the school district I work for, we are not allowed to take a child's picture if they have opted out. That means that, at every event I go take photos at, I have to find 'homeroom' teachers for each student and verify whether any students have opted out, then take photos around them. Before I post pictures, I have to verify again. Before I give those photos to the teachers and students for their own use and enjoyment, I have to remove photos of those students.
Privacy is good, privacy is important. I think FERPA-type rules are very important because I've seen various employers do some horrible things with employee and customer data without realizing the problem. Implementations at the school level definitely need to be improved -- I'm tired of seeing how bad kids feel about being the only person in their class not in pictures.
The solution is easy: allow parents to opt-out of sharing textual directory information with anyone outside the district, but still allow student participation in district activities, teacher web postings on official sites, and district photography.
If your school or your child's school only provides all or nothing opt-out, you need to spend 30 minutes one night and go voice your opinion to the school board at a school board meeting. The board should appreciate your input and it's the only way to really be heard -- contacting anyone else and your question will just get buried by someone who doesn't want to do the extra work to make it happen. (read: my boss)
Re:Advertisers do not respect their targets (Score:3, Insightful)
If consumers where smart individuals marketers would not exist.
Re:The Wrong Approach (Score:4, Insightful)
For an email address I give them a disposable address. It's good to have a few of these. That way if one of your retailers is selling info to Spammers you can probably narrow it down.
More importantly you can just not read that inbox since you never gave the address to anyone you want to hear from.
Re:Telemarketing is a good opt-out but... (Score:3, Insightful)
"a telemarketer might have usefull information on a new product."
Huh? Telemarketers never have good products. Telemarketers only ever sell products that need to be sold via "the numbers game" (ie. You throw enough mud at a wall and some of it will stick).
The simple answer is to get yourself a domain, then when "bigcorp" asks you for an email address you tell them "bigcorp@yourdomain.com". That makes it real easy to see who's abusing and who to block.
As for a phone...get caller ID. If it's not a number you recognize and you're not expecting a call then don't answer. They'll soon get bored and/or mark you as somebody who's not home during the day.
OTOH, yes, everything should be opt-in and there should be a national list of numbers which advertisers are not allowed to call.
Re:The Wrong Approach (Score:3, Insightful)
That would be way too easy, now wouldn't it?
On the other hand, the question might arise where to draw the line.
In Switzerland, as an example, you can put a sticker on your mailbox that you do not want to receive ads. Technically, people are required by law to honour that wish. Of course, depending where you are, they couldn't care less.
Now political propaganda, on the other hand, has been deemed important enough to warrant exemption from that rule. The post office is required to deliver those to ALL mailboxes. The fact that I consider this stuff to be just as bothersome as ads is of no importance.
So who gets to decide what is important enough to warrant an exemption? And I'm sure there are things that do make sense to be an automatic opt-in.
sidewalks (Score:4, Insightful)
Part of me wants to agree with you.
But another part of me tells me making opt-in the defualt by laws with teeth in them is not going to be a good thing.
Think about your sidewalk. It's there for a purpose.
Block off your sidewalk with a 3 meter wall and a moat full of crocodiles and you get no solicitors. But the firemen and the EMTs also have a problem getting in when you're home alone, passed out, with the house burning down around you.
The problem is that no-call lists are not No-solicitors signs. They're more like attractive nuisances. Train wrecks in progress.
No-solicitors signs can't be enforced on people who are not from your country until the Internet starts having laws, and we don't want the Internet to have laws.
Which means the ultimate solution is a stratified (balkanized) Internet, and we don't want that, either.
At least, we don't want stratification until the ISPs get their hands out of the cookie jar so that every home, family, and/or user gets a full domain name and the ISPs either provide mail service to that domain or provide the hooks for the domain owner (not renter) to run his or her own server.
And before that, we need better standard OSses. (That means we have to get Microsoft, Apple, and Oracle out of the way. IBM, too, since getting the others out of the way would leave them with no real competitors. Sun being bought by Oracle worries me.)
And we need better standards for e-mail, file sharing, web-site publishing, etc., standards that transparently support simple forms of encryption. Not perfect encryption, but good enough to eliminate casual eavesdropping just by putting an pwn3d bot's interface in promiscuous mode.
That's a lot of work, and we're hiding from it.
Until then, RFC 5233 addresses can help a lot, if used wisely.
How to use the RFC 5233 addresses wisely?
First, assume that your base address will soon be harvested. Thus, your base address of user@isp.example is essentially an alias for user+spam@isp.example . Pre-filter it that way.
Second, set up a suffix for bulk purposes, such as user+bulk_nnnnn@isp.example . "bulk" is okay, but you might prefer something a little more original to yourself, like "klub", or "hanbai". The serial number could also come before or in the middle, like bunnnnnlk, and you might want to use pseudo-random serial numbers instead of just cycling through from bu00000lk to bu99999lk.
Hmm. bu23645lk would be harder to filter than bulk23645 with the simple non-RE filters that are most common.
Third, set up suffixes for mail lists. user+list_nnnnn@isp.example or user+listname@isp@example .
By setting up suffixes, I mean that you outline a system of filter rules.
Fourth through n-1-th, plan out the patterns you'll use for friends, family, church, school, club (hmm. klub. woops.), etc.
All these can be white-list controlled, because you have an idea who and where mail addressed that way should be coming from. Two or three sets of filters for each system, one that white-lists known senders, one that diverts unknown senders to a "probably-junk" folder, and maybe one that (temporarily or permanently) black-holes known offender senders who have latched onto that group of suffixes.
Finally, you have a set of doorbell or knock addresses that you give out at business meetings and other parties: ackr_nnnnn@isp.example . (At this point, I assume that the use of the knock address is obvious?)
Now, I'm going to polish that up a bit and publish it on my blog.
Of course, with a little time, you can actually set up a domain of your own for cheap with a little help from a place like google.com and a place like dyndns.org. (Google will run your mail server for you if you have a web server and a domain name pointed to it. Of course, there's that thing about letting Google spool your mail, but it is possible.)
Re:The Wrong Approach (Score:3, Insightful)
Actually, that's the whole idea of the mailinator.com site. I realize you were trying to be funny, but the joke falls pretty flat.
In other words, somegobbledygook doesn't hate Drantin (and arguably is Drantin), and the server admins could care less (or are amused that someone is using their free service).
Re:The Wrong Approach (Score:3, Insightful)
Amusing, but antiquated.
In todays world of botnets and forged SMTP headers, the spammers won't care . You'll just cause a whole bunch of extra junk to be sent to both the truly innocent and they quasi innocent. (You'd be surprised how many servers don't implement SPF, and that's only a decent minimum.)
Re:Opt-in actually makes more business sense. (Score:3, Insightful)
As far as I'm concerned, the moment you call my private number to try and sell me something, you ARE a fly-by-night or otherwise shady venture.
"most people WANT to be marketed to. Don't believe me? Purchase some Experian demo data"
Nice try, now I know who you work for... lol. But no, I don't believe you, I believe a lot of people miss that little box in the small print marked "no, I don't want your junk for ever more".
Re:What annoys me (Score:3, Insightful)
Of course, the "accept" button IS visible already on the page.
world privacy forum? (Score:2, Insightful)
For a supposedly worldwide organisation they're suspiciously specific to a single "country".