Internet Privacy a "Joke"

Forrester Research has released a study of the internet which claims that "90% of sites fail to comply with the five basic privacy protection principles" and "most privacy policies are a joke." To read the full report, you need to be a paying client, but the E-Commerce Times reprints some tidbits. Among them: the research firm, contradicting a Georgetown University study accepted by the Federal Trade Commission just two months ago, recommends that the FTC take action because third-party oversight is not proving effective.

Re: Spam

[Sesse]

If you have problems with spam, mail me, and I'll send you a (GPLed) preview of my spam-sorter. I'm in the process of making an `how to avoid spam' page, and I'll see if Slashdot accepts it anytime soon ;-)

/* Steinar */

Privacy and spam

[Weasel Boy]

I have found that I have been fairly spam free. I think a major reason for this is that I configure no identity in my web browsers, and accept only cookies that return to the originating server.

On the other hand, if you want to get lots of spam, just post regularly to a Usenet newsgroup without munging your identity. :-P It always amuses me when I get "Dear fellow X" (X being something that has zero commonality with the relevant newsgroup) emails on accounts that I create for RPG characters. That'll teach me to post to News with a valid return address.

I have a new Yahoo email address that as yet has never been used for anything but private email. I wonder how long it'll take before I get spam to it...

One way it might have happened...

[drox]

...I made a email account, never used it, NEVER EVER signed up to anything with it, i let it set on a non-used server, and after 5 months, it had over 500 spam messages in it.

Just 'cause YOU never used the account, doesn't mean no one did. Someone else might have used the account name (just happened to pick that name?) specifically to misdirect all their spam to.

If I create (f'rinstance) the account "nospam@hotmail.com", and then never ever use it, should I be surprised that it fills up with spam?

Freedom 1.0

[gleam]

Has anyone here been following Freedom, a program from zero knowledge, inc.? It supposedly gives you complete anonymity while online, by using an extensive encryption and hiding of IP addresses, etc. You can find more info at Zeroknowledge's website [zeroknowledge.com].

From the "How does freedom work" section:

Freedom(TM) wraps your computer's outgoing Internet traffic in several layers of powerful encryption and sends it through a series of detours (called the Freedom Network), so that the message, its sender and its destination remain completely private - even to computers in the Freedom Network. It's as if you were putting a scrambled letter into three or more envelopes, each with a different forwarding and return address.

It seems to be growing more and more popular by the minute, and once it is out of beta I might just consider it. Or will I? How terrible of a thing is it that companies know lots about us? The information has always been there about our grocery buying habits, our eating habits, our salaries, our personal histories...all that is required is a simple check by an unscrupulous soul. The internet is supposed to be the last frontier I suppose. Is anyone really surprised, though, that it's getting so commercial?

Regards,
-efisher
---

Re:The "Right" To Privacy

[anirvan]

ZKS' stuff is interesting, and I could see myself purchasing it, but that's not a general solution for everyone. Theoretically, privacy is an inherent freedom, not one that should have to be bought and paid for; some of us are lucky enough to live in our privacy-gated communities, but most people out there aren't.

Privacy on Slashdot?

[chandoni]

The study critisizes sites that give out "highly intrusive psychographic data that individuals would rarely provide on a standard registration form."

From looking at my slashdot profile [slashdot.org], it appears I'm a geek obsessed with GPL or biology related news. Wouldn't want that to become public knowledge...

At least I can always become an AC if I want to talk about embarrassing topics like IPv6.

Re:Privacy on Slashdot?

[PigleT]

Fair enough.

It's not as though one has to be so stupid as to give out *real* data all the time - it's fun what you can do with a town of Nowheresville and postcode of S0D 0FF ;)

Re:Privacy and spam

[Kyrrin]

> On the other hand, if you want to get lots of spam, just post regularly
> to a Usenet newsgroup without munging your identity. :-P It always amuses
> me when I get "Dear fellow X" (X being something that has zero commonality with
> the relevant newsgroup) emails on accounts that I create for RPG characters.
> That'll teach me to post to News with a valid return address.

I actually post to Usenet with a valid address, because I don't believe in munging; I think it defeats the purpose of the Internet. I mean, isn't this medium for *communication*? I'm not going to make it at all harder for people to communicate with me. I don't condemn others for munging, because not everyone has the same ideals, but I won't do it myself.

But yet, I don't get much spam at all; maybe once a month, tops. My server is using the RBL [vix.com], and I've been having good luck with it.

We don't have a privacy policy page

[WillAffleck]

I mean, we just don't have one. We've got hundreds of pages, we don't collect data (except counts of pages and domains of visitors), and we don't tell you what our policy is.

Of course, if someone's thinking of hacking it, or doing something else like that, we want them to think we will collect that data. It is in the logs, but we never use it.

So?

I have three words for you people

[BlakStone]

Zero Knowledge Systems [zks.net]

Check them out, its good stuff.

Re:Freedom 1.0

[DrNO]

The bummer is that the current beta (according to what they sent me as a potential beta tester) doesn't work on any "real" OS (e.g. Linux or even NT). Flame away for my implication that NT is somehow "real".

Re:Freedom 1.0

[UnknownSoldier]

I think most /.'s would agree NT is a "real" OS. Its Winblows95/98 that is the joke OS.
(And yes, I use all 3. Four if you count BeOS. See my sig :)

--
"BeOS is in practise, what in theory NT should of been." - UnknownSoldier

Re:The consumer needs to demand privacy

[UnknownSoldier]

> The real problem is that most people just don't care about privacy.
Or the truth. See below...

> Absolutely no company has the right to ask for SINs unless they are employing you.
There is NO law that REQUIRES a person to have a SIN. And yes you CAN legally work without one.

"I am not a number, I am a Sui Juris!"
(With apologies to "The Prisoner")

Cheers

Accountibility might be more important

[Diane k4.5]

My usual reaction is stick it to the Man, don't let them have any access to anything about me. But then I remembed a book I'd read recently "The evolution of cooperation" which argued that in a situation where the players have a reasonable probability of interacting again in the future the optimal strategy (At least for the prisoners dillema) is to assume to be nice, and then respond in kind. (Tit-for-tat)

This theory does explain why people in large cities tend to ignore those who need help while those in small communities are more likely to help each other.

The components needed to force cooperation were a relatively equal power distribution, and a good chance of meeting each other again.

Having privacy on both sides limits the urge to cooperate. The problem with the eCommerce site is it's really only one way privacy, the corp has some level of privacy (with respect to what they're doing with the data their collecting, who they're selling it to, etc), while the average user has very little. Additionally, and more importantly, the corp has much more power then any individual user. So there is little incentive for the corp to be cooperative.

It might be interesting to require that the corp to disclose as much information about itself as it collects from users. Though the power imbalence would still exist.

If not that then a consumer review web site where people can post the results of interactions with particular corps. By having some way of maintaing a list of how a company has performed the corp would have to cooperate more fully in order to protect it's reputation, and thus it's continued existance. This would even the playing field between the corp and the users.

Though of course after aguing for this I still really don't want them analyzing my life to figure out the best way to manipulate me--unless they manage to figure out that I've made the personal comittment to refuse any form of push advertising.

Policies That Suit You

[Robert S Gormley]

I have to wonder sometimes... Slashdot visitors are some of the fiercest, fiery advocates of the GNU line... "information wants to be free". But enter something like this "but only when I decide it's okay" or "but not for The Man"... *sigh*

False Identity

[Merk]

I get a lot of email, and 40% of it is spam. Sites have posted my email address without my consent. I'm resonably sure that supposedly trustworthy sites are selling my personal information. I routinely block cookies to nearly every site, I use a Windows personal firewall program (AtGuard) to block a lot of network traffic, and surf through a proxy. Yet despite all these efforts information slips out.

So the other day I was reading a book in which a spy had a number of false identities complete with passports, credit cards, Social Security addresses. That got me thinking: "This is what I need." An identity I'd use all the time online that wasn't actually "me" so if information slipped out it wouldn't actually be my personal information.

Seeing how knowledgable some Slashdotters are when it comes to obscure things like numbered swiss bank accounts, etc. I thought I'd ask what you people know about false identities.

How hard would it be to get a credit card / bank account under another name? What are the legal issues involved with doing the above?

I use AtGuard to protect my privacy

[Paul Johnson]

Try using AtGuard [atguard.com]. It will:

• Act as a personal firewall, screening incoming and outgoing packets and connections. Strange to relate, there are script kiddies out there who will try to hack your home PC.
• Block HTTP cookies, referer, browser and email ("From") headers on a site-by-site basis,
• Block adverts (and also tell you how much bandwidth you have saved thereby)
• Fix animated GIFs to play once only instead of repeating

I really like it. The firewall is probably the coolest feature: you can block, permit and log any connection or packet based on remote address, local port number and local executable name.

BTW, I have no connection with them other than as a satisfied customer.

Paul.

The "Right" To Privacy

[CleverMonkey]

If you want real privacy head over to www.zeroknowledge.com and get the Beta of their privacy-securing product: Freedom(TM).

I think that it is reasonable that in this day and age you have to pay a little something for your privacy. How can people willing to pay x thousand dollars for the swankiest new computer, and 20+$/month for Internet access (please don't reply just to tell me how little you get your internet access for) complain about another couple bucks to keep the corporations and the government from finding out who they are?

In the phone directory you have to pay a little bit extra to not be listed. You can use a false name for no charge (as you can on the internet), but the phone company can trace any old call back to you, with an appropriate court order. The internet is the same way - publicity is the default and privacy will cost you.

Perhaps a better way to think about it is: The amount that you pay to use the Internet is the amount that it costs, discounted by the value of your personal information. If you take back that privacy, you forfeit the subsidy you have gotten from your publicity. The end result is the same, except that the default is cheaper, and encourages more people to enter the media. [This analogy is not technically complete, but is functional]

Those who care CAN reclaim their privacy, but it is not done for them by government regulation. Sounds fair to me.

info submitted online is becoming

[fawce]

intensely personal. Have you heard or seen medical-record.com? The basic idea is storing all of your medical information online, having world-wide access, 24/7 to your vital medical info. So you get hurt somewhere in China, a walet card or emergency bracelet notifies the DR. of how to retrieve your info.

Their services are touted as a huge departure for medical services world-wide, and one of the best things to happen to patients. Unfortunately, they do not openly describe what they do with the information they gather -- they are selling compiled data "anonymously" to various research firms etc. But at some point, in order to retrieve your record, there is a cross-reference between your name, and your records.

How long before pharmaceuticals start purchasing targeted ad space? How long before someone breaks in?

The consumer needs to demand privacy

[Anonymous Coward]

The real problem is that most people just don't care about privacy. Whenever some company asks for personal information most people give it up. If Joe Q. Random decided not to do business with a company because he was required to give out private information (that is not really needed anyway) things would change fast.

Credit card numbers should only be requested when it is time to pay for goods and/or services. You don't give your credit card number at the front door of a store. I don't see why you should do so in an e-store. Credit card numbers also shouldn't be stored forever. They should be destroyed when the store receives the funds from the credit card company. (unless there is some other legal reason that required the store to hang on to them... I'm not sure what the rules are.) As far as I know (correct me if I'm wrong, I'm Canadian) Social Security numbers should be shared with the following people: You, Your employer, and the Tax Man. I'm pretty sure they are not for identification. Absoltely no company has the right to ask for SINs (Social Insurance Numbers... Canadian version of Social Security) unless they are employing you.

Don't bother telling corporations to act differently. It's a waste of time. Instead, tell your friends to think about what information they are willing to give up. The bad companies will fix themselves when they start to lose money because they ask for personal information that they don't need to supply the goods and/or services they are selling. On the flipside, companies sometimes do need to know who you are. We can't do business if we are all anonymous. Most stores won't take credit cards or cheques without ID - e-stores are not different. Someone needs to implement a digital wallet to mitigate this problem. If it was possible to "pay with cash" over the net then most places wouldn't even need to ask for your name.

As for protecting the privacy of your favorite colours/songs/foods or whatever, forget it. If you want that stuff to stay secret then keep your mouth shut. OBVIOUSLY companies are going to record this and use the information to market something towards you. I don't see anything unethical about doing so. Anyway, this psychological profile junk is not an issue if the people doing the profiling don't have a clue who you are. If that's the case then the best they can say is "cool_dood235 from ppp-236.someisp.com likes the colour pink, listens to the Back Street Boys and drinks a frap at Starbucks twice a week" Wow. Big deal. I would hardly call that an invasion of ones privacy. Besides, you can always lie. A single mother who's barely making it from month to month can eaily click on "$150,000 or more" in a survey that polls for income.

Sean Comeau

The Bigger Picture

[Octos]

Privacy issues are just one facet of the larger issue, which is the underlying structure of the internet. This is not saying that it is a poor design, but the anonymous nature of the internet works both ways--Actually, it only works one way at a time. The request/response method works well, but eliminates any interpersonal contact such as a customer talking to a merchant. Why aren't there any commerce sites that have customer service people on a chat client? The internet allows corporations to be ananymous by not having to care. The same spam filters we use can be used by a corp to automatically delete any complaint mail. Protests become pointless because you can't sit in front of the business and get your message to the people using that business. Voices matter, but there are so many voices now that it's hard to hear. The mighty /. effect is but a drop in a bucket compared to the traffic sites such as Amazon and Ebay recieve (assuming 100% uptime). Government isn't the answer in a free market or a free world. The underlying problem is that the current way the internet works has eliminated the consumer voice while giving the illusion that it is louder than ever. It's easy to find people on your side (like going to *sucks.org or alt.*.sucks), but it's near impossible to spread the word to the peole that need to hear when the only URL they know is EvilRetailer.com--Unless we resort to spamming.

OK. Ive rambled a bit, but to conclude, what I'm looking for is a more interactive foundation beyond TCP/IP and HTTP where everyone has a true voice.