----------------------------------------------------------------------
PRIVACYnotes Digest
Protecting Privacy is Good for Business
----------------------------------------------------------------------
Published by: Mike Banks Valentine website101
privacy@website101.com
www.website101.com
----------------------------------------------------------------------
June 13, 2002 Issue # 014
----------------------------------------------------------------------
.....IN THIS DIGEST.....
// -- MODERATOR COMMENT -- //
"What's in YOUR Privacy Policy?" ~ Mike Valentine
// -- NEW DISCUSSION -- //
"Explorer 6 & P3P" ~ Richard Lowe
"Operation Opt-Out" ~ Mike Valentine
// -- CONTINUING DISCUSSION -- //
"Email Appending" ~ Anonymous
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
----------------------------------------------------------------------
// -- MODERATOR COMMENT -- //
What's in YOUR Privacy Policy?
As a privacy advocate, I visit and read more
privacy policy pages on web sites than most. This week I'd like
to point to one I find truly enlightened if, as I say in my note
to them, the language in that policy can be taken at face value.
I'll reproduce my note to them below and would like to ask list
members the stirring question, "What's in YOUR privacy policy.
;-)
My note to 24/7 Real Media follows their privacy
policy link below: http://www.247realmedia.com/privacy.html
----------
I recently visited http://www.247realmedia.com
to opt-out of a promotional list mailing I received today and
reviewed the 24/7 privacy policy. While not ideal, the standards
reflected in that policy appear better than most online media
/ marketing / advertising services if the language used in that
policy can be taken at face value.
Further, that policy reads relatively easily
and encourages visitors to learn more through the linked resources.
The stance openly opposing data aggregation is truly enlightened
for a marketing company.
I must ask one question that has gone unanswered
by most online marketing resource service companies such as yours.
How do you get my address in the first place? I specifically and
vigilantly deny permission for further use of my email address
and contact information whenever I sign up for anything and everything,
online and off.
Does www.247realmedia.com verify the source of
those email addresses it purchases or rents from other companies?
How is it that addresses I specifically give to one single source
only continually end up receiving marketing emails from other
sources when all deny selling that data? (Including 24/7).
I'd be happy to entertain, and publish with your
permission, the answers to the above questions. Come join our
weekly PRIVACYnotes discussion list and contribute some
cogent thought, from your viewpoint, to the conversation. You
can review the archives of the list by visiting the link in my
signature line below.
I look forward to hearing from you.
~ Mike Banks Valentine http://list.privacynotes.com/archives/PRIVACYnotes.html
What's in YOUR privacy policy?
// -- NEW DISCUSSION -- //
===> TOPIC: Explorer 6 and P3P
From: Richard Lowe, Jr. <richlowe@internet-tips.net>
If you downloaded Internet Explorer 6 recently
(or it came pre-installed on your machine) you may have noticed
something a little different. Look under the "Internet Options"
selection of the "Tools" menu. You will see a new tab titled "Privacy".
Click on the tab and you will be able to specify settings which
control the way cookies are handled.
There has been a lot of press about this new
feature. It's been all over the web - some positive comments,
some negative (and, of course, the usual "it's just a Microsoft
plot" type postings and articles.)
Personally, I like the new privacy tab as it
eliminates the need for third party cookie handling products (if
you are using Internet Explorer, of course). I found the controls
very simple and straightforward, and within a short time cookies
have ceased to be a concern.
This is part the first significant implementation
of a new internet standard called P3P (Platform for Privacy Preferences).
P3P is intended to give surfers more complete control of how their
privacy is handled whenever they surf. In theory, at least, P3P
should automate privacy, eliminating the need for surfers to read
complex privacy notices every time they visit a site and want
to enter some information.
The controls actually control much more than
you might think. There is quite a bit of technology behind those
simple radio buttons. You see, webmasters are being asked to supply
a special XML document which defines how their site handles cookies
and other privacy matters. Browsers which understand P3P (Internet
Explorer for one) read this document and compare it to the settings
you entered on the "privacy" tab. This allows the browser to automatically
handle your privacy needs for sites which fulfill your privacy
needs.
This became an issue because, quite frankly,
many companies (both on and off the web) horribly abuse the privacy
of their customers. It's very common for a company to record your
name and other personal data, then resell it dozens or even hundreds
of times. Information is very valuable, and the information which
is gathered from the internet is even more so.
You see, companies can use cookies to track your
surfing habits, then compile a profile to determine which types
of products you normally purchase. This can be further analyzed
to extrapolate which products you are likely to purchase in the
future. And this allows advertisements to be targeted at people
who are likely to purchase, which increases the value of the advertising
campaign.
Other uses, of course, include more, shall we
say, slimy practices. These run the gamut from selling your email
addresses (to other marketers and spammers as well) to outright
crimes such as fraud and identity theft.
Now don't get this wrong. There are valid uses
for cookies, web bugs, and all of the other things used to track
customers. These include shopping carts, personalization and the
memorization of entry fields. All of these uses are to make things
more convenient for the consumer, which thus makes it more likely
for people to return the site.
In fact, many people have no objection to the
tracking of their surfing habits and the maintenance of a profile.
After all, these are used to show highly targeted advertisements,
which means a customer will only, in theory, see ads in which
he has an interest.
Consumers want to know how their personal information
will be used, so companies started creating legal documents called
privacy policies. These explain exactly how any and all information
collected from a surfer or customer will be used.
Unfortunately, these privacy policies have become
extremely complex and virtually unintelligible. I have seen policies
which are over 100k in size (all text), which is ludicrously large.
Thus, P3P was born to make this a little easier for the consumer,
and thus make him more comfortable with surfing and shopping on
line.
P3P is, in my opinion, a good start. I really
do like the privacy feature in Internet Explorer. It does not,
however, go anywhere near far enough. The XML document that must
be created by webmasters is very complicated and extremely difficult
to create and maintain. The XML documents must (at least until
better tools are created) be maintained by webmasters with some
technical competence. This means it is difficult for legal types
to review and validate. In addition, since there must also be
a human-readable document, it is awkward to keep the two policies
saying the same things.
However, a start must be made and P3P is a decent
attempt to do something to manage privacy. It needs to be greatly
expanded to handle such things as web bugs, profile maintenance
and so on. These things may be added in the future. In the meantime,
those surfers who want to control cookies would be well advised
to make the appropriate settings. And webmasters would be well
advised to become knowledgeable about P3P and implement it for
their sites.
Internet Tips And Secrets http://www.internet-tips.net
===> TOPIC: OPERATION OPTOUT
From: Mike Banks Valentine
I've just stumbled across the single most useful
online tool I've seen for easing junk mail and spam! By visiting
the following URL and entering your name and mailing address,
you can auto-generate letters including that information, along
with any additional required stuff form individual companies,
into printable letters directly from your browser that provide
mailing addresses to dozens of marketing, credit reporting and
other organizations preconfigured and merged into a personalized
letter from yourself to those companies and organizations requesting
to opt-out from junkmail! In ten clicks of the "next form" letter,
I was able to request removal from a raft of lists and it's possible
to do more if you like by returning and choosing different companies
from the online form!
The site is a joint project with Center for a
New American Dream, and the Center For Democracy in Technology
cooperatively using technology to better facilitate Operation
Opt-Out. I love it!
If I could generate automated labels to affix
to my envelopes and online postage, I'd call the tool remarkable!
I will stop short of that and say this is extremely useful. ;-)
https://www.newdream.org/junkmail/form.html
// -- CONTINUING DISCUSSION -- //
===> EMAIL APPENDING
From: Anonymous
Mike Valentine said,
>> Each time Java is launched while I'm
reviewing my mail, I almost explode in anger as there is literally
nothing I can do to stop it until it loads the email, pops up
a browser window and I can finally begin to close the rapid fire
group of popup windows attempting to show hardcore porn or the
latest body enhancing pills. <<
Mike, try switching email clients. I use Eudora
Pro, and turned off the "use Microsoft's viewer" button, and I
don't see this kind of crap any more. The spam still comes (300+
per day), but my filters catch 90% of it and I don't have to deal
with "code abuse" because I chose an email client that isn't as
vulnerable as Microsoft Outlook.
FYI, a current list of spam filters is posted
at
http://www.markwelch.com/welch_filters.htm
===> EMAIL APPENDING
From: Anonymous
Mike,
I have the same SPAM-rage that you do, but there's
also an element of danger to it. The company I work for is privately
held, and it is an absolute rule that porno and other offensive
materials are not permitted on company machines. I'm the web developer,
and the bounce mailbox for our 8 websites, so you can imagine
the crap I get every day. I could honestly lose my job, were it
not for a boss who understands why I'm getting this.
One of our office traditions is that mail is
hand-delivered by a secretary (there's only 50 of us in this building,
so it's not that big of a deal), some of whom would be very offended
my such material. On several occasions, my delete key was not
fast enough to keep me from being surprised and one of them from
being shocked at the latest hard core mailings.
The only thing that's going to stop these guys
is when it's unprofitable. I think there are two advances that
need to be made, one technological, and one legal. In PA, all
unsolicited ads must be prefaced with ADV:, and all adult ones
must be prefaced with ADV:Adult, or else. Yeah, that's been working.
Oddly, senders of SPAM faxes in PA can be sued in front of a district
magistrate for $500/fax. Where jobs could be threatened because
of what's in the inbox, we need more than just "ADV:".
Technologically, we need some sort of better
message identifiers. Close our corporate networks to all messages
without the proper identifiers, almost like the trusted authorities
in our digital certificates. It's draconian at first, and the
best hackers could always find a way around these measures. But
it would be far more difficult, and subject to greater civil penalties.
As for list spam, I have half a mind to start
collecting from: addresses, of the spammers, and using those in
my postings.
===> EMAIL APPENDING
From: Anonymous
Hi Everyone,
There sure are a ton of privacy issues, from
spam (I just received a particularly nasty one about 5-10 y/o
girls signed by Harry Potter), to the FBI, etc.
I just found a partial answer. This doesn't resolve
all issues, but quite a few. It only works for some email. I like
it so much I have become an affiliate (blatant plug - use my url
if you sign up http://wetrack.it/familymessage/af.cgi?8
).
This works similar to a BBS. Messages are posted,
and everyone in the group can read and post. It is password protected.
There is no spam, no viruses, and is private. The bots do not
spider. It works great for groups of business associates, friends,
or family. I can for instance have a business group for each project,
and all project members become group member. I post something
that may say for instance, the deadline has changed, and everyone
see it. No fuss, no muss, no multiple or group mails that may
or may not arrive or get lost in between spam mail.
I'm planning on using this often for many different
groups as you can have multiple groups - they are each setup separately
so one does not interfere with another.
// -- PRIVACY NEWS -- //
Moderator note: There are two ways to access
previously listed privacy news stories. One is to visit PRIVACYnotes
archives, the other (simpler) way is to visit
http://privacynotes.com/privacy_news.html
where I also keep a privacy news archive.
Seth Godin argues that privacy and anonymity
lead to bad behavior. Better to be transparent and identifiable
than obscure, opaque and anonymous. He floats a raft of good points
worth serious consideration. Are we ready to be fully visible?
http://www.fastcompany.com/online/51/sgodin.html
The creator of an add-on program for AOL Time
Warner's Instant Messenger plans to eradicate a component that
phones home after critics called the feature "spyware." The recent
decision comes after some users of Big-O Software's AIM+ program--which
adds chat logging, ad removal and other features to AIM--complained
that the program violated their privacy by sending information
about their online identity back to a Big-O server. "The fact
that AIM+ returns information to the Big-O Software servers has
never been hidden from the users," Mark Swiss, beta tester and
community organizer for Big-O Software, said last Friday in a
response to consumers' complaints on the company's online forum.
http://zdnet.com.com/2100-1104-933829.html
Best Buy is changing its online privacy policy,
allowing the company to combine customer information from its
Web site with that collected in its stores. As part of the policy
modification, the company also said it may share with third parties
information collected from surveys or reviews on its site. The
company has begun notifying customers of the changes via e-mail;
the updated policy will go into effect June 9. The shift raised
the eyebrows of some privacy advocates. The changes are only the
latest in a disturbing trend of companies revamping their privacy
policies to the detriment of consumers, advocates say. Companies
usually make such changes themselves, taking little input from
customers and leaving them with little recourse.
http://makeashorterlink.com/?E6D121701
Five owners of a controversial digital video
recorder sued the entertainment world's biggest firms Thursday,
asking a federal judge to uphold consumers' rights to record TV
shows and skip commercials. The owners of the ReplayTV 4000 claim
an entertainment oligopoly of U.S. television networks and movie
studios is trying to label them as criminals. "I'm just trying
to exercise my normal rights in terms of video recording," said
one of them, Craig Newmark, founder of the popular community listings
site Craigslist.org. Features like commercial skipping, he added,
help parents "protect their kids from excessive consumerism."
http://makeashorterlink.com/?N11712501
North Dakota voters on Tuesday will be the first
in the country to make their own choice about how to regulate
financial privacy. A statewide referendum will decide if banks
and other financial institutions can continue to share or sell
data without obtaining customer permission. A disparate coalition
seeking tighter privacy restrictions, reaching from labor and
the American Civil Liberties Union to a small conservative organization,
the Constitution Party, forced the referendum on the ballot. There
are unusual allies on the other side, too: the banks and credit
unions, which often fight each other on financial regulation.
http://www.nytimes.com/2002/06/10/national/10PRIV.html
Mike Banks Valentine is a champion of the true small online business.
He advocates a do-it-yourself approach to e-commerce through online
learning for the small office, home office (SOHO) or emerging entrepreneur
who lacks major venture capital funding or corporate marketing budgets.