Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
The Internet Your Rights Online

Failed Dot-Coms Selling Private Info 129

Posted by emmett from the why-lookee-here dept.
goingware writes: "This article at CNet describes how troubled Internet companies are selling off customer data in an effort to pay off creditors or keep themselves afloat, in violation of stated privacy policies. Among the sites that are doing this are Boo.com and Toysmart. These companies were Truste approved sites before their failure. Note that when a company is bankrupt, its assets are divided up and sold off according to what the court orders, and may not have much to do with what the company tried to promise. I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off."
This discussion has been archived. No new comments can be posted.

Failed Dot-Coms Selling Private Info More

Failed Dot-Coms Selling Private Info

Comments Filter:
  • If a video store folded, could they sell the rental records?

    This one, at least there's an answer to: no. Those renting Videos are required by law to keep the rental records confidential and not share them with third parties.
  • From an accounting standpoint, "goodwill" is the excess a company has paid to acquire other companies over the book value of said companies.

    It has nothing to do with trust or customer sat.

    I don't know how goodwill is handled in a merger (and it probably depends on whether the merger is handled as a purchase or a pooling of interests), but in principle it could disappear entirely (if the buyer paid only the book value of the acquired firm's "hard" assets), increase, or decrease.

  • There's a difference though between the TSB situation and Toysmart. For TSB, the bank was absorbed into another, it didn't fold, and so your personal details were still being used for the original purpose, although by a different organisation. IANAL, but one hopes that any original provacy constraints would still be observed (although being a UK bank, they'd do whatever they liked anyway, and they already had your consent for it).

    With a situation like Toysmart or Boo though, this is a "fire sale" scenario. The company is not continuing to trade, so anything that isn't bolted down is being sold off. The customer information (probably including that oh-so-tasty demographic of how many product-hungry kids you have) is on offer to anyone who wants it. There's no reason why it should continue to be used for anything resembling the original purpose -- imagine how many organisations like to know lead information on families with kids, and how many products they'd like to pitch.

  • selling the info! Just like taco and hemos will need to, some day soon if they've started suing their readership. After all, they've doubtlessly over-extended themselves with mortgages and auto-loans for ferraris. Know what I mean?

    you guys have any idea how many email adresses they've collected here at slashdot? nearly ONE QUARTER MILLION!!!
  • This is insane, how can they justify selling what belongs to me, my identity!!
    where's my lawyer!

  • Re:Browsing with Cookies Disabled is Useless (Score:3)

    by Alik ( 81811 ) on Monday July 03, 2000 @03:07AM (#962219)
    I don't attribute it to direct intention as in "Make rejecting cookies hard, so that the user won't do it." I would say, rather, that the default for any UI is "annoying to use", and that the only deliberate decision went something like:

    "Boy, cookies are hard to disable, aren't they? Do you think we should fix it?"

    "Well, let's see. The users don't pay us for the software. The cookie-senders have strategic partnerships with us. I don't feel like putting any effort into that feature, do you?"

    The current cookie options are easy to code; I'd say that's sufficient explanation.
  • Well, from a legal point of view, TSB bought out Lloyds, so your data was not transfered. Also, it happened a lot more than a year ago.

  • Re:Going out of buisness sale (Score:1)

    by Anonymous Coward
    1) By law companies should have attain my informed consent before collecting information from me.

    2) The copyright and distrobution rights to my digital biography should remain mine untill I relinquish that right to a 3rd party.

    You do realize that meatspace companies don't have to do this? How often do you get phone calls from telemarketers about products you've never heard of? How often do you get junk mail for items related to nothing you've ever bought before? All these companies have enough personal information about you as it is, such as your name birthdate and phone and address.

    When it comes to colecting information, think of your digital biography like loading a progresively interlavced GIF or PNG file. With a little information, a vague outline the picture becomes clear. On the next pass, as more data is filled in, some smaller details become understandable. With all the data in place, a complete picture of the persona life comes on-line. It's a picture of your life. You should have at least a little distrobution control.

    Your attempt at karma whoring is quite admirable, but you are full of crap on this. All marketers have a complete personal history of you OFFLINE. Who gives a fuck about online? Shut off your cookies already. But oh oh oh I'll have to log into /. everytime all by my lone self Shut the fuck up and quit whining.

  • What's chemical waste ? Asset or liability ?

    Imagine an asbestos mill that goes bust. One day their pile of raw asbestos is an asset that's an essential part of their business process, the next it's a liability that requires expensive disposal.

    If they can be taken over by another asbestos mill, then the raw material turns back into being an asset, because they're another business entity that can make valuable and legitimate usage of this stuff. The material is still being utilised under the terms of the original conditions that applied to it (don't breathe the dust / don't mis-use the data).

    Of course, you could instead sell asbestos fibres instead as a cheap and non-fattening filler for cookie dough -- you might even get a really good price for it, as food is a more profitable business than asbestos these days. Fortunately we have laws against this, that recognise that an asset may have attached conditions to it that prevent its simply sale to whoever offers the best possible price (Sadly some countries don't enforce this, and we do find situations like the Spanish cooking oil poisoning disaster).

  • Re:Boo.com - no problem (Score:3)

    by dingbat_hp ( 98241 ) on Monday July 03, 2000 @01:36AM (#962223) Homepage
    Boo are selling their whole customer base (both of them), but it's formatted as a 20 minute long Flash animation that opens five browser windows for each customer.
  • The problem is that self regulation isn't ALLOWED to work.
    Picture kid trying to do stuff for himself and no one let's him. Then parents who won't let him do anything go around saying "He won't do anything for himself".

    The corts not the busness itself are responsable for this.

    Moderation is a good thing but don't go trusting "elected organisation"s in areas you can not trust corprate intrests. It's all the same.

    With companys you vote with your paycheck with government you vote at the box. They screw you with exactly the same trick. Fool enough people and it dose not matter who you shafted.

    It's knowladge not regulation that keeps them both in line.

    In this case... regulation is called for... privacy policys should be a binding contract. They are not. As a contract the corts can't ask a company to violate it.

    Oh yeah.. and get rid of corprate bankruptcy... Thats just plain silly.
  • Having a sysadmin, on his hast day wiping the database would have done the job... but....
    Remember, these companies couldn't give a fart about you. They dont care about you from the beginning, and they dont care at the end, they care if your credit card clears though. Any company that says that they "care about you the customer." is lying through their teeth. Do you think that Andover or VA is going to care about you if financial troubles hit and they can get another $300K from the email/profile databases they have here? If you think they wont sell it/ delete it before it can be sold/etc.. you are fooling yourself..

    A business in there TO MAKE MONEY. Slashdot is here TO MAKE MONEY. I doubt that Mr Taco would flit the bill for this server farm if it came out of his pocket every month.

    (Weee, I get to be marked as a troll!)

    If anyone ever thinks for one moment that anyone will protect them or their data, for free, then that person is pretty damn stupid.

    Cover your Own Arse... Expecting others to do it for you, is the typical Lazy american way.
  • I hate to tell you this, but banks are evil. I used to bank with Bank of America... they got quite a bit of coverage in the LA Times (ya know... newspaper) when it came out that they were selling customers'
    -names
    -contact info
    -account numbers
    -account balances
    -social security numbers
    to just about anyone out there. Needless to say they don't hold my money anymore, but the fact is that anyone could have impersonated me based on that info and gotten car loans, home loans, etc. (in fact, somebody did steal my identity to buy phone service, but I don't know for sure they got the info from BofA)
  • Under Linux as root this will stop your browser from connecting to doubleclick. You really want to read up on ipchains if you can't get this to work.
    # ipchains -A output -d 199.95.207.0/24 -j REJECT

    # ipchains -A output -d 199.95.208.0/24 -j REJECT
  • I actually used to do this, but a number of sites stopped working completely for me - instead of loading a broken image or whatever for the banner, I got a full page error message, and no web page. I think the one that annoyed me most may have been NYT, but I can't remember exactly.
  • About 99% of those addresses are from HotMail...

    Not necessarily 99%... [slashdot.org]

    --

  • They don't have your identity to sell...
    What they have is records of your life. Footprints. They are selling your foot prints you left on them.
    Instead of sweeping them away they record them.

    The evil part is.. those foot prints don't give a clear or accurate picture...
    CDs you got for your kid sister. DVDs for friends.

    You know I get junkmail for videos all the time? I can only guess it's due to my old membership card thing to a video rental place. They rent Nintendo cartrages.. or they did when I had a Nintendo.
    The place is gone... and so is my Nintendo... My VCR is also dead and I never got a DVD player. But I still have all thies wonderful offers to buy DVDs.

    Marketing statistics.. and most of it is all wacked...

    Occasionally I get stuff for Unix and Linux.. but most of it is junk...
    "Computer.. he has Windows.. let's sell him Windows junk"
    "DotCom... he has a busness... let's sell him wealth building garbage"

    MeowPawjects is a "hobby busness" not intended to make a proffit just a legalistic nesesity.
    I run Linux... and occasionally Dos.

    But thats not what they learn from my footfalls.

    So no... they don't own your identity... far from it... they own the trail you leave behind...
    That trail is not you...
  • > Another thing that would be nice is if you could
    > choose which sites are allowed to store cookies
    > and which not (and make the browser remember
    > what you choose). E.g. I want slashdot to
    > remember my settings but CNN.com has no business
    > setting cookies in my browser (I hate their
    > customized site so i don't use it anyway).

    Check out mozilla.org -- this feature is included.

  • > After all, they've doubtlessly over-extended themselves with mortgages and auto-loans for ferraris. Know what I mean?

    Yeah I know what you mean...
    They have been living in the same place for a long time now. As far as I know none own fancy transportation (why bother.. Taco hates going places).... and they are making good money... (Saleryed employees... Andover dosn't need to turn a proffit for them to do well...)

    The point (made as a Troll obveously) is a good one. (Oh my ghod a Troll accually had a good point... shoot me now).

    If a website owned by a larger company (say Andover or Internet.com) shuts down. What happend to the userbase? All those e-mail addresses.

    And if BigIPOWebSiteCompany.com is bought out by LargSpammer.com....

    Or... what if one of the larg WebSite operating companys (not nessisarly Andover.. there are quite a few) folds and sells the user lists?
    Ohhhh spam Spam SPAM SpAm sPaM sSpPaAmM!!

    It's a valid point.. Made by a troll...
    One of the signs of the end of time no doupt...

    Let me check my Y2K bunker... see if it's still operational.
  • Ummmm, then if you signed your application to the bank and the application said that they would NOT sell your information, then they could be in violation of privacy laws. Otherwise, yes they sell your information to anyone who will by it.
  • >>If this is true, how could any court treat it as such to be broken up and sold to pay creditors Isn't this whole thing more about what's in an original privacy agreement than what a court orders?

    A bankruptcy court judge can do anything s/he damn well pleases. More importantly, though, even if their sense of fairness is fully functional (which isn't always a good bet), they aren't going to protect anyone's privacy unless they know about the issue. And that's where things get weird.

    If nowbankrupt.com wants to sell off their info, they have to declare it as an asset in filings with the court. In those filings, they have to reveal if anyone has a claim on those assets. Those named parties (claimants) are supposed to receive notice of the bankruptcy action and be afforded an opportunity to file with the court to protect their interests.

    Obviously, none of this has happened. The nowbankrupt.coms that are selling this info are clearly telling the court that the assets (iow, the info) is wholly owned by them without any encumbrances.

    Is nowbankrupt.com lying when they make this declaration to the court? I don't know. It depends on the agreements that nowbankrupt.com had with folks back in the day. But even if you think you have an agreement with nowbankrupt.com that comprises an encumbrance on your data, the court can't recognize it unless the court is told about it. And since nowbankrupt.com didn't list you as a creditor/claimant/interested party, you didn't even get notification of the bankruptcy action. You never even knew you needed to hire an attorney to file with the court to protect your interests!

    These questions can't be settled unless someone:
    1. Happens to find out that a .com they've given info to has gone bankrupt,
    2. Happens to find out that their info is going to be sold,
    3. Believes they have a claim on that info,
    4. Gets pissed,
    5. Has money,
    6. Hires a lawyer and files with the court, and
    7. Manages to accomplish all this before the bankruptcy action is concluded. It does little good to find out a year after the fact.

    The kicker? For every dotcom that goes under, go back to #1 and start over. (This last is the reason that, much as it pains me to say it, government regulation is needed here.)

    No, IANAL, but I've sure been involved in way too many bankruptcies.
  • I'd say something about the wolf being an excellent protector of sheep, but I'm not sure which one's the predator, and which one's the prey.

    What we need is for a way for consumers to have power...like maybe by not buying everything we're sold.

  • Hmmm shows how often I pay attention to the crap they send me :)

    But i did get a letter from llyods and thuoght what-the-friendly
  • As there is no exchange of money/goods it isn't a binding contract. The "exchange" part is the key bit. They are making a promise, and thats all. You haven't done anything to earn their keeping their end of the deal, so you can't claim damages if they default.

    If you were to argue that providing your information was your end of the exchange, then you might be able to get damages equivalent to the value of that information. Somehow, I don't think thats going to pay legal fees.

    This is just general contract law though, in regards to the phrase "legally binding agreement". I don't know about special provisions relating to privacy.

    As an example, if I say I'll give you $100, but don't you can't take me to court unless you did something in return.
  • Then we would have a huge amount of personal data, culled from various sources, under the control of a handful of vendors.

    What happens when Steve Case decides Verisign would make a nice addition to AOL's portfolio?

    No thanks.

    As much as I hate to admit it, we need some sort of legislation here.

  • Even better, add the following line to your /etc/hosts :

    ads.doubleclick.net 127.0.0.1

    Even better. Now you don't need to download them at all.
  • The main problem I see with the government is the obvious conflict of interest that arises when corporations make laws through lobbying and "donations," which of course is a symptom of business having too much power in the first place.
  • Don't let them have any personal information. When they ask for an address (and * it as a "required" field) make one up or fill in somebody else's. Ditto for name. If they need a credit card number use a stolen one, or use one created also with a false identity (I know places you can do this easily). If they try to track your actions simply create a new acount every time you buy something from that company or use their service. As far as they know they will be tracking 15 different people, none of whom will have your name or address or otherwise be identifiable as you, and so your identity will be protected. (If you buy stuff ship it to an out of town P.O. box under a false name paid for w/ a false credit card. then switch boxes for each such purchase from the same company)

    Ever get the impression that your life would make a good sitcom?
    Ever follow this to its logical conclusion: that your life is a sitcom?
  • I submitted this article three days ago but it was refused for some reason, probably because the story also ran on kuro5hin [kuro5hin.org]. So far I have read all the posts in this thread and most of them are focussing on DoubleClick which is incidental to the news story instead of discussing the fact that dotcomms are not only selling dotcomm info but are taking out ads to do so.

    From the artricle: Toysmart, meanwhile, advertised the sale of its customer list and database in The Wall Street Journal last month after ceasing operations. The company overseeing the sale of Toysmart's assets, the Recovery Group, said several interested parties have bid on the customer information.

    I am very worried at this trend, because I have a lot of personal data at CDNow [cdnow.com] and considering that they are in serious trouble [zdnet.com] will my personal data also be sold? I have begun to fear for all the dotcomms I have ever bought anything from because the last thing I'd want is for my address, credit card info and shopping habits to be sold by some failed e-business like some email spam list. The fact that the companies are taking out ads to sell our info and hiring agents to do this shows completely that industry self regulation has failed. I sincerely hope the FTC jumps on this like a porkchop in a dog kennel.

  • I properly setup escrow would be protected even in the event of a buyout. Certainly things like pension funds and the like can be setup so they can't be touched even during a takeover. Similar things could be done with data. Also note that expiration terms would make the data less valuable anyway.
  • I wouldn't be too sure about that. A company that sends unsolicited email in the first place obviously doesn't care whether you want to be on their mailing list.

    By attempting to remove yourself from their list, you've simply comfirmed that you actively use the address.


  • Re:Privacy and buyouts/mergers (Score:3)

    by weave ( 48069 ) on Monday July 03, 2000 @01:54AM (#962245) Journal
    I used to buy stuff from musicboulevard.com. I carefully checked the "do not spam me" option was selected as appropriate. They never spammed me. Then they got purchased by cdnow.com, who copied their customer database, but somehow could not copy the spam preference bit (how convenient). I started to get spammed by cdnow.com.

    I ended up setting up procmail to return EXITCODE=67 to them and never shopped there again.

  • Yeah, yeah - as if they couldn't still identify you by IP - yes, many people do have static IPs and yet more have static IP ranges (like your provider's local modem pool). That's already good enough info.
  • C|Net writes:

    Companies on the Internet are not alone in collecting data about customers or turning it over to new owners following bankruptcies or mergers. For example, it is routine for banks and hospitals to transfer intimate consumer or patient data following an acquisition.

    And you thought they are screwing you just on Internet? Bah.
  • We don't have that problem [dpr.gov.uk]. Other problems, maybe, but not that one.

  • Re:Browsing with Cookies Disabled is Useless (Score:3)

    by Alik ( 81811 ) on Monday July 03, 2000 @02:02AM (#962249)
    I agree with you that a well-hacked Mozilla-like program is one option, but there's another one: proxies. As far as keeping cookies off your drive, JunkBuster seems to do a pretty good job, and offers a much more fine-grained control over what's going on than the current option of "Either block all cookies or allow them all or get nagged every five seconds for each individual cookie." (Yes, there's the "trusted sites" zone in IE, but I don't care to mark any site even temporarily trustable.)

    Your more general point of "the only way you'll get a cookie-free web experience is hacking one together yourself" is quite correct, though.

  • > I have never quite understood those opposing laws and regulations, claiming that "consumer power" and other public pressure will keep companies on the rug.

    I do... politicians are far better at exactly the same tricks. Regulation isn't an evil thing in itself but I think the best regulations are in the "full disclosure" area where companys (and government agentcys) must be upfront.

    Most consummers don't trust companys to collect data to start with. This is just one example of this. Companys change privacy policys or get bought out.

    "We won't share with other companys" "Oh by the way we are now owned by Scam-U-Up" wops your screwed...

    It is working... Note the Double Click warnning.. "We are Double Click we won't sell your information..." waiting for Scam-U-Up to do a corprate take-over of Double Click.

    But.... that is becouse we KNEW about DC...

    We take it on faith alone that CmdrTaco dosn't use his weblogs for anything more than security and admin information.

    And then there is me. Where did all this junkmail come from? Not e-spam.. not UCE... postal spam.. Let's see.. I sent in my Commodore 64 and 128 warrenty cards... as well as warrenty cards for half a dosen other products to companys that went away in the early 1990s. My ex-employeer was sued. Oh wait... my employment records.. on cort documents? Ok thats government. Hmm most of this junk for dot coms... like... oh wait... MeowPawjects... oh yeah thats public record.. du...

    My personal life is pritty well public knowladge and there isn't much I can say about it.
    You really think I'm trusting the agentcy that gave away my work records to protect my surfing habbits? I don't care if you know about my surfing habbits (I do mess with the systems used becouse it's just not right but thats about all I do).

    I think self regulation dose work to a degree.
    Privacy is an area companys usually DO "go off the rug" so we distrust them in this area at every turn.
    But I'm not expecting any agentcy to prevent such records from becomming public when they'll publish it on cort documents.
  • I know first hand that boo.com sold their information. I got some spam from the company that they sold the info to. At least there was a URL to remove my name from the mailing list, which I promptly did. Hopefully, that'll be the end of it, and none of my other info will get out.
  • > If onlyyou were listening me when I told you to never buy anything over the Internet... But now it's too late.

    You think your buying habbits in the "real"* world are safe?

    Thankfully I do most of my electronics shopping at a small electronics shop. They don't keep those sort of records.

    On the other hand Radio Shack keeps asking for my name to see if I am on the database....

    And those wonderful Luckys rewards cards. Some cashers asked for the card even when there were no "rewards" I would convenently lose the card in my wallet at those points.

    * [real in quotes becouse it seems pritty sureal to me]
  • WRT your first question, your doctor's office may well have already sold certain of your records to contract research organizations (Covance, PPD Pharmaco, PRA Intl., etc.). It is not at all unusual for private practice offices to sell access to patient records to these companies who then seek to turn private patients into gold by enrolling them in experimental research studies. And while the patient-cum-research-subject never knows it, the very same doctor could be getting very rich off of these information sales. Word to the wise - ask your doctor if he or she has any such arrangements with research companies PRIOR to disclosing medical conditions. Otherwise, you should not be surprised to wake up from sedation to find that you've been enrolled in a potentially dangerous research study without knowing it, much less consenting to it. Yet another example of capitalism unfettered, harming the innocent and enriching the shady.
  • Sooo Yummy.. tasy and non-fat...

    And try our arsnic cola... It's populare with extreamist groups, Cults , Terrorists and Racists.

    So get some for your nabors today :)

    You are right however... there needs to be some binding of law to prevent this abuse...

    Otherwise... it is both an asset AND a liability... asset to them.. liability to me
  • Slashdot should hire us a lawyer.

    You know, that's actually not a bad idea. Andover could conceivably pay an actual attorney to review legal issues as they arise, to avoid too many misunderstandings and misinformation from the vast majority of us who need "IANAL" disclaimers...

    Would it be worth the cost? I don't know, but it could certainly be a service to the community...
  • This link does not opt you out. It only opts out the browser it at using.

    I have 8 different machines with different versions of Netscape, IE, and few others to spare. Shot I even have a machine that with a machine inside (VMware). I have a 7 year old, who surfs, she is to opt out too? I believe that she can not even opt in via the COPPA.

    So doubleclick thinks that the way that I am to opt out is to opt out each browser? If you read the opt out - it still does not opt you out. You just do not get targetted ads.

    the only true opt out 127.0.0.1 Hell assuming your websever at that address port will default a 1x1 gif for a failed lookup.

  • I worked for a bank for almost 4 years, and I have news for you: Banks sell your information all the time.

    Someone please moderate up the parent post? This is significant, and most people probably don't realize it...
  • Yikes and to think that Amazon, who isn't worth much on paper, maintains a powerhouse of information on its clientle. Will this lead to customized telemarketing? Yuk. "Good day, Mr. Jones. We've monitored the spending habits of other fine consumers like you, and realized you still haven't bought the X Brand vacuum cleaner, which everyone else sharing your buying profile has...."

  • chmod 400 ~/.netscape/cookies (Score:3)

    by pq ( 42856 ) <rfc2324&yahoo,com> on Monday July 03, 2000 @06:04AM (#962259) Homepage
    and then delete cookies that you don't want.

    Me, I keep my NYT cookie from last year, my ADS and simbad cookies (astronomy work), and my slashdot cookie. The rest can assign me a new, unique, "look, another user!" cookie every time I happen by, and I flush them to the bit bucket every time I exit netscape.

  • These companies were Truste approved sites before their failure.

    Who here really believes Truste means anything?

  • I have never visted those sites --- and both seem to be down now (for obvious reasons) --- so I don't know how those sites are, but a lot of the other sites I visit make you click an `I agree' button.

    Those agreements usually reference the site's privacy policy. They expect that those agreements are binding on you, and for that to be the case, wouldn't the same agreement be binding on them to?

    Further, I've seen sites that display their privacy policy or other promiss to never give away and/or sell the data on the order page, too. Are they not by making the promiss when I order --- and send them money --- forming a contract with me not to sell the data?

    Do the consumers of these sites have any recourse? If they don't, then how should a privacy policy be constructed such that it is legally enforceable?

    It's hard for me to immagine that the silly little links at the bottom of a page saying that "by using this site you agree to..." could possibly be valid if their privacy policies aren't.

    --

  • If you extend the situation ... (Score:5)

    by dustpuppy ( 5260 ) on Sunday July 02, 2000 @10:57PM (#962262)
    does this mean that:

    if your doctor's clinic folded, he could sell your patient info?

    if a telco folded, could they sell your phone records?

    if a bank collapsed, could they sell your financial transaction history?

    if your ISP folded, could they sell your surfing habits?

  • At the end of the day data accumulated by the company is an asset. When they go into recievership they have to sell off all their assets in order to pay what they owe, this includes whatever data they have accumulated on their clinets. IANAL but I doubt there is much you can do about it, if they said they weren't going to pass on your information while they were trading, but then go bankrupt and do pass it on, you can hardly sue a company that no longer exists.

  • Overview (Score:1)

    by Anonymous Coward
    1. Many sites do not phrase their confidentiality/information use policies as contractual provisions, but as "policies", which they can essentially change at any time.

    2. Most sites that do phrase their confidentiality/information use policies in contractual terms also provide that the site can change its contractual terms upon notice.

    3. Almost no sites (except perhaps closed B2B networks) would have policies that were contractual and could not be amended w/o user consent.

    4. Monetary damages from breach of a confidentiality provision are very difficult to prove. Accordingly, in real confidentiality agreements (for instance, between a VC and a company it might fund -- though even these tend to be quite sloppily worded), the disclosing party is often given the right to "specific performance", that is the right to obtain a court order preventing the disclosure. In the absence of an agreement as to entitlement to the remedy of specific performance, courts are reluctant to grant relief other than monetary damages.

    5. Assignment of contracts can happen by execution of an assignment document or via the acquisition by merger of one company by another. Such assignments would not, in general, result in the amendment or waiver of the terms thereof.

    6. Real contracts will often contain prohibitions on assignment without the consent of the non-assigning party -- I would doubt that any site terms have non-assignment provisions.

    7. In bankruptcy, the ability of creditors and other obligees (persons to whom obligations are owed) to enforce their rights can be temporarily stayed, but I would not think that a bankruptcy court would allow a contractual provision to be avoided in an irreversible manner (for instance, allowing information to be disclosed in violation of a confidentiality provision).

    8. I suspect what happened here is that the confidentiality policies were mere policies and not traditional contracts. As such, users were relying on the honor of those running the sites at the time.

    9. I believe the eTrust system merely certifies that a site has policies that it follows and does not certify as to the content of those policies. Obviously, what is needed is a substance-based policy certification system -- for instance, requiring any certified site to have confidentiality provisions in true contractual form, specifically enforceable by users. Unfortunately, these certification programs are sold to sites, not to users, so there is little incentive for sites to adopt policies stronger than the eTrust fig leaf.

  • Ready the opt-out link, captain! (Score:4)

    by Oscarfish ( 85437 ) on Sunday July 02, 2000 @11:00PM (#962265) Homepage


    http://www.doubleclick.net/optout/def ault.asp [doubleclick.net]

    Follow the link above so that DoubleClick will issue you a cookie with the string id=OPT_OUT. This will prevent DoubleClick from doing its "DoubleClickish" tracking and serving, and rather just serve you banner ads straight out.

    And, yes, I'm aware of the irony of me making a post like this when my site is full of DoubleClick code :)
  • Why do they need our private info anyway?

    When we purchase something online, all the vendor really needs is a credit card # & expiration date. Couldn't the card issuer act as the 'information escrow', since they already have the data on file?




  • The doubleclick controversy is a little over... The last I remember of it was that you could opt out of their system and then under criticism they vowed to abandon their plans to maintain cross-website tracking data.


    Whether this is true or not, it's a little silly to include the doubleclick warning on just this reference while perhaps 80% of the links on slashdot are pointing at external sites using doubleclick.



    Seth

  • Industry self regulation (Score:3)

    by Betcour ( 50623 ) on Sunday July 02, 2000 @10:55PM (#962269)
    Another blow to the "industry self regulation" supporters. Maybe sometimes they'll understand that capitalism without limits is just crap. Some things need to be moderated : when it comes to the economic rules, only an elected organisation should set the rules, not the players of the game themselves (aka corporation).
  • That reminds me of the last time I opened an account at the local BofA. I told them I wanted the "don't sell my info form", and they gave me this BS saying they were out of the forms. I then told them that I would not open an account unless they gave me the form. Guess what, they found an extra copy of the form in the back (yeah right). Of course it did not end there, they continued to send me mail asking me to sign another form that said they could do whatever they wanted with my data. They claimed it was so that they could provide "better service".

  • privacy ineffective, need other legal protections (Score:3)

    by jetson123 ( 13128 ) on Monday July 03, 2000 @10:14AM (#962271)
    While I think this kind of data should be protected (in fact, companies should not be permitted to keep it), I also suspect that protecting privacy is ultimately not going to work. The major worry, I think, is discrimination in insurance and employment.

    If, say, medical insurance companies were required to set rates only based on their age, how long they have been insured, and (perhaps) state, and no other information, it wouldn't matter what kind of access they had to your medical records.

    That's, in fact, how private medical insurance works in many countries. Insurance companies can still compete in all those areas where companies compete well in the free market: lowering costs, improving service, etc., they simply don't have the information to cherry-pick low-risk customers and leave the high risk customers to the public system.

  • If there is a qualified accountant out there, perhaps they can inform us of how "goodwill" is treated during a company liquidation? My reading of the situation is that goodwill is trust and customer satisfaction that has accumulated over time (remember these .con companies have only existed for a few years) and can be priced into the "intangible" value of a company. Thus when a company gets taken over (ie new owner - moral stance open to question), it is written off over a period of time due to fact that they have to reestablish their credibility. Now if a company goes kaput, does this goodwill dissipate immediately and only the hard assets (like name/customer databases) exist? Or can you count on further transactions as in the Amiga fan base with its Lazarus effect? If you discount goodwill by only valuing immediate short-term gains (Flogging off the users for spam listing) then are you in fact destroying whatever residual long-term value there is?

    I would really like to know how the bean-counters value "software" or even "internet" plays as it seems a nebulous concept at times.

    LL
  • Gee whiz...

    Just go to the mall.


  • You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? f

    You flame Slashdot for posting a story about a Good Cause, rather than something obscure and self-absorbed.
    The post's initial score is 1.
    Your comment is moderated "Overrated".
    Your comment is moderated "Underrated".
    The post's final score is 1.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment questioning the sanity of anyone who doesn't open-source their code.
    The post's initial score is 1.
    Your comment is moderated "Informative".
    Your comment is moderated "Interesting".
    Your comment is moderated "Informative".
    Your comment is moderated "Interesting".
    The post's final score is 5.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? t

    You post a troll offering free advice on marketing Linux.
    The post's initial score is 1.
    Your comment is moderated "Informative".
    Your comment is moderated "Informative".
    Your comment is moderated "Funny".
    Your comment is moderated "Insightful".
    Your comment is moderated "Troll".
    The post's final score is 4.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? s

    You submit a story idea about Microsoft's latest legal battle.
    Your submission is rejected.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? t

    You post a troll which disguises a link to natalieportman.com as information about a database program.
    The post's initial score is 1.
    Your comment is moderated "Flamebait".
    Your comment is moderated "Redundant".
    Your comment is moderated "Insightful".
    Your comment is moderated "Informative".
    Your comment is moderated "Overrated".
    The post's final score is 0.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment questioning the sanity of anyone who doesn't open-source their code.
    The post's initial score is 1.
    Your comment is moderated "Insightful".
    Your comment is moderated "Underrated".
    Your comment is moderated "Insightful".
    Your comment is moderated "Informative".
    The post's final score is 5.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? e

    You metamoderate 10 random comments.
    You metamoderate randomly, without reading the comments.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? u

    Your karma is currently 10.
    You have posted 5 comments.
    Your user bio pretends to accidentally show your four-digit karma.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment that includes moderation buzzwords such as "information" and "insight".
    The post's initial score is 1.
    Your comment is moderated "Interesting".
    Your comment is moderated "Interesting".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? t

    You post a troll in which you expound upon various erroneous legal theories.
    The post's initial score is 1.
    Your comment is moderated "Underrated".
    Your comment is moderated "Funny".
    Your comment is moderated "Overrated".
    Your comment is moderated "Interesting".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? w

    You write a story that casts Slashdot moderators as conspiring villains.
    The post's initial score is 1.
    Your comment is moderated "Overrated".
    Your comment is moderated "Overrated".
    The post's final score is -1.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? e

    You metamoderate 10 random comments.
    You rate good moderations "unfair" because you don't like the choice of adjective.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? n

    You post an exquisite metaphor in which you relate the topic at hand to a date with Natalie Portman.
    The post's initial score is 1.
    Your comment is moderated "Redundant".
    Your comment is moderated "Offtopic".
    Your comment is moderated "Insightful".
    The post's final score is 0.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post an on-topic comment within the first 25 of the story.
    The post's initial score is 1.
    Your comment is moderated "Interesting".
    Your comment is moderated "Interesting".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? j

    You make a joke about $3 crack.
    The post's initial score is 1.
    Your comment is moderated "Insightful".
    Your comment is moderated "Offtopic".
    Your comment is moderated "Insightful".
    Your comment is moderated "Underrated".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? e

    You metamoderate 10 random comments.
    You rate every moderation as "fair".

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? j

    You make a joke about $3 crack.
    The post's initial score is 1.
    Your comment is moderated "Redundant".
    Your comment is moderated "Troll".
    The post's final score is -1.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? e

    You metamoderate 10 random comments.
    You overturn valid moderations for first posts and "This link is more informative" posts.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? e

    You metamoderate 10 random comments.
    You rate good moderations "unfair" because you don't like the choice of adjective.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? t

    You post a troll which credits the U.S. for "saving Europe's ass in WWII" and inventing the internet.
    The post's initial score is 1.
    Your comment is moderated "Informative".
    Your comment is moderated "Offtopic".
    The post's final score is 1.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? f

    You flame someone from another country.
    The post's initial score is 1.
    Your comment is moderated "Troll".
    The post's final score is 0.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? m

    You pack a pipe full of $3 crack and kill some hard-earned moderator points.
    You suffer the slings and arrows of outrageous metamoderation.
    You lose 7 karma.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? n

    You post your honest opinion on the MP3 debate.
    The post's initial score is 1.
    Your comment is moderated "Insightful".
    Your comment is moderated "Interesting".
    Your comment is moderated "Redundant".
    Your comment is moderated "Interesting".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? f

    You flame CmdrTaco for a grammar or spelling mistake in a story.
    The post's initial score is 1.
    Your comment is moderated "Troll".
    Your comment is moderated "Overrated".
    Your comment is moderated "Funny".
    Your comment is moderated "Offtopic".
    The post's final score is -1.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment that uses Microsoft as an example of how not to do... well, anything.
    The post's initial score is 1.
    Your comment is moderated "Funny".
    Your comment is moderated "Funny".
    Your comment is moderated "Underrated".
    Your comment is moderated "Insightful".
    The post's final score is 5.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment questioning the sanity of anyone who doesn't open-source their code.
    The post's initial score is 1.
    Your comment is moderated "Funny".
    Your comment is moderated "Funny".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? m

    You pack a pipe full of $3 crack and kill some hard-earned moderator points.
    You suffer the slings and arrows of outrageous metamoderation.
    You lose 6 karma.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment that uses Microsoft as an example of how not to do... well, anything.
    The post's initial score is 1.
    Your comment is moderated "Underrated".
    Your comment is moderated "Insightful".
    The post's final score is 3.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? e

    You metamoderate 10 random comments.
    You rate the moderations according to your personal preferences and beliefs.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? n

    You post a calm, rational, insightful analysis of why Linux is not yet ready to be a desktop OS.
    The post's initial score is 1.
    Your comment is moderated "Offtopic".
    Your comment is moderated "Offtopic".
    Your comment is moderated "Insightful".
    Your comment is moderated "Funny".
    Your comment is moderated "Offtopic".
    The post's final score is 0.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? k

    You post a comment questioning the sanity of anyone who doesn't open-source their code.
    The post's initial score is 1.
    Your comment is moderated "Informative".
    Your comment is moderated "Insightful".
    Your comment is moderated "Informative".
    The post's final score is 4.

    You can: post [n]ormally, [t]roll, whore for [k]arma, [w]rite a story, [f]lame, make a [j]oke, [m]oderate, m[e]tamoderate, [s]ubmit a story idea, check your [u]ser info, [q]uit.
    ? u

    Your karma is currently 9.
    You have posted 21 comments.
    Your user bio pretends to accidentally show your four-digit karma.

    You have been bitchslapped by sengan!
    Your days of posting in the sun are now over.
    You are forever doomed to post at -1, and your trolls fall on deaf ears.
    That is, until you create another account....
    Before your bitchslap, your karma was 9.
    You posted 21 comments.

  • This could be fixed (Score:3)

    by X ( 1235 ) <x@xman.org> on Sunday July 02, 2000 @11:05PM (#962275) Homepage Journal
    If personal information was kept in some kind of escrow system with guarunteed expiries and the like.

    Ultimately you're always vulnerable to bancrupcies, but presumably a places like Verisign are more likely to exist than Boo.com... ;-)
  • What about the MIB? You can't tell me that an insurance co. will let you sign up without waiving your rights to object to info being shared with the MIB. The fact remains, there are plenty of cases of leaked medical data (political campaign fodder, life insurance/home loans/etc), though not necessarily directly from the medical records. The MIB, or pharmacy companies cross-referencing records with credit card companies, all add up to not enough protection of medical information within the U.S. There may be a penalty on miuse of the file itself, but I'm more concerned about the sum of the data that the source of the data. And as of a year or two ago, about half of the states in the U.S. did NOT have any sort of guarantee that a patient could double check their own records.

    itachi

    • Doctor: No. Thats strictly regulated.
    • Telco: Not if it could constitute part of a credit rating. And telephone communication is protected as private communication. So there isn't much they could release there.
    • Bank: No. Thats credit/financial information and closely regulated.
    • ISP: Again, if it isn't financial info, and they aren't intercepting information that is defined as private then they may be able to there. This part I don't have a clear picture of.
    Slashdot should hire us a lawyer.
  • How about spamming them back. I have not actually tried it yet, but couldn't you create millions of bogus user ids in their database with a simple perl script. That would make their data worthless.
    I already use junkbuster, so there is no problem for me, but there are millions of people who don't have a clue what a cookie is.
  • That's a good idea how would you go about doing this?
  • Yeah, but you know, privacy laws hurt the economy and impact the right of major businesses to make money and infringe on free speech and if you have nothing to hide why do you need privacy laws in the first place and lahdidadida...

    On second thoughts I'm damn glad to live in a country where laws value the right of an individual higher, then the one of corporate greed freaks to get bigger and richer by violating my privacy.

  • Could you not argue that you are exchanging your information in return for access to the services the company provides?

    tangent - art and creation are a higher purpose

  • Re:Browsing with Cookies Disabled is Useless (Score:3)

    by Effugas ( 2378 ) on Monday July 03, 2000 @02:17AM (#962282) Homepage
    "Either block all cookies or allow them all or get nagged every five seconds for each individual cookie."

    Getting nagged every time is an intentional tactic to make you accept all cookies. What appears to be badly programmed and incompetently designed is actually intentionally annoying--they're spoofing privacy and inconvenience and trackability as ease of use. That's actually interesting.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com
  • Interesting approach, this would really be nice to have in the form of a net nanny like application that block privacy intruding sites rather then porn. I once turned cookie notification (turning off is not an option for me becaus then I loose customization on a lot of sites), but after an hour or so I got fed up clicking OK/Cancel for each site so I turned them on again.

    Another thing that would be nice is if you could choose which sites are allowed to store cookies and which not (and make the browser remember what you choose). E.g. I want slashdot to remember my settings but CNN.com has no business setting cookies in my browser (I hate their customized site so i don't use it anyway).

    Those two things combined would solve some of the privacy intrusions. Of course, as soon as you fill in forms on e-commerce sites, you have no control so be carefull what information you provide. I generally use the need to know principle: only provide the information that you really have to provide. If you need to fill in three pages of information just to buy a book, buy it somewhere else. Also i use a special email address that I provide when untrusted sites require an email address (sometimes I just provide bla@bla.org if I'm annoyed). This helps preventing spam (works quite well for me).

    In any case I think the solution for the problem mentioned in the article is that Truste sues the companies trading information (which I assume is not in line with what Truste allows). This would re-establish them as a good brand and may increase the trustworthyness of their other customers.

  • Re:If you extend the situation ... (Score:3)

    by thogard ( 43403 ) on Monday July 03, 2000 @02:19AM (#962284) Homepage
    Medical records are fair game in the data mining business. The only restrictions are that records only be given to others in the medical profession which basicly involves your doctor, the nurse, the insurance comapny, the insurance companies debt collector, the drug companies, the goverment and their dog. From what I can tell it only limits the data to about 1 in 6 people.

    The laws cover giving the data out. They don't cover how the data came in. Insurance compaines will pay top dollar for info on pre-exisiting conditions and drug histories and anything they can use to drop people into a higher risk group.

    Check out what the from says the next time you see the doctor. Its been scary stuff for almost two decades. My solution is to cross it out, pay cash and if I have to deal with the insurance company, I'll do that directly.

    By the way, insurance compaines can share info freely between themselves. This is also allowed for drug research.
  • The answer is yes. You're looking at this the wrong way. Let's say another bank buys your bank. Are they going to close all the accounts, send your $37.98 back to you, and say, "Hello. Your bank doesn't exist anymore, and we don't own the records to your account. Would you like to open an account with us?" If that were the case, there would be no reason to buy a bank in the first place!

    A company "folding" in each of these cases just means they sell to someone else at a discount to their actual value. As I see it, the problem isn't with them selling the accounts/histories/data. It's whether or not the new company is willing to abide by the same ground rules. This could very easily be negotiated into the agreement between the old {.com|doctor|ISP|telco|bank} and the new one.

    This has actually happened to me with a doctor's office. The old doc retired and sold out to a new doctor, and included all my records. A good thing, because when I went to the new doctor, there was no break in service. The new doctor was bound by the same legal restrictions on sharing information as the old one, however!

    I can see a bigger problem when a business goes under, liquidates, and as part of the liquidation sells customer information to inappropriate parties, with no strings attached. But let's make sure that's what we rail against, not just selling the information to the party who buys the business.
  • The KDE browser (and some other browsers) allow you to "reject forever" or "accept forever" cookies. So you can select on a case by case basis.

    So unless your logging into a website.. "reject forever" and you'll be happy :)

  • Re:If you extend the situation ... (Score:5)

    by Anonymous Coward on Monday July 03, 2000 @03:06AM (#962290)
    I worked for a bank for almost 4 years, and I have news for you: Banks sell your information all the time.

    Your name, address, and any spending habits that they can accumulate are sold to other companies every day. You have to go to your bank and specify in writing that you do not wish for them to sell your information to make them stop. Banks don't need to go out of business to sell your information, because to the them it's just another revenue stream.
  • I am routinely amazed that all this cookie crap is still in the press. Cookie filtering via CookiePal [kburra.com] has been around for over three years, and yet people still talk of turning off cookies in their browser before going to a particular site. Let CP do the work -- and let the cookies you WANT/trust go through (i.e. SlashDot).

    Of course, it's a Windoze-only solution; works with the following browsers according to their web site:

    • Microsoft Internet Explorer 3.x, 4.x and 5.x
    • Netscape Navigator 3.x and 4.x
    • Opera 3.x (Limited support - View and Delete cookies only)
    • America Online 3.0, 4.0 and 5.0 for Windows 95/98
    • CompuServe WinCIM 3.0.1 and 4.0 and CompuServe 2000.
    • Symantec Internet FastFind
    • Headliner
    .. and can be customized by the user to work with most other 32 bit Internet software which uses cookies, including e-mail programs such as Outlook and Eudora.

    Costs a couple bucks after a trial period. To paraphrase JWZ, other solutions are free only only if your time is worthless ...

  • Yeah thats kinda scary...

    For a silly (yet sereous) note...
    After all the weak DotComs sell off colected information....

    COM collection copration... we sell databases full of all the information colected by the dot coms...

    It is pritty scary....

    So who's gona buy your Amazon records?
    Who will buy you CD Now data?

    Hay... All you people who have my.mp3.com accounts... wouldn't you just LOVE to let some record company buy out a record of YOUR cd collection?

    "hay he has lots of punk rock.. and dosn't have any 'Smelly Boot' CDs... let's go sell him some Smelly Boot..."
    "But I don't like Smelly Boot..."

    or worse... people buying 1970s Disco [Ohh yuck.. ok bad tast to start with] get ads for 1960s Disco [It gose by a diffrent name I just don't know it becouse I was born in 1969].. I heard some of it... Trust me.. even if you LOVE 1970s Disco... you won't like the 1960s counterpart..
    (Yes they call it Disco... they didn't back then but they do now.. I guess the lable was stapped by someone who hates both...)

    I wonder if the FTC will care...
    This is an OLD busness practace...
    When my ex-employer was sold they did nothing more than sell the database, the name and the main office. Everything else got sold to other companys. Not a big issue as the information stayed with the name. But for any real sense of being the company no longer exists.

    I'm sure you'll find when any given company folds the costumer records are right there for anyone who has the money.

  • What does TRUSTe matter? (Score:3)

    by seebs ( 15766 ) on Monday July 03, 2000 @04:57AM (#962294) Homepage
    Are you trying to imply that TRUSTe certified sites don't break their policies, change them without notice, and/or have sucky policies anyway?

    eBay broke their policy, changed it without notice to allow for what they did, then broke the new policy anyway. They still have a seal. I don't think you can consider TRUSTe to mean anything.

    As I understand it, there has been some talk of forming a seal program with a funding source other than the companies reviewed. It might mean something.

    Honestly, what would surprise me would be if a company that *didn't* have a TRUSTe seal suddenly turned around and broke its policy. For some reason, I've never had privacy problems with a company that doesn't have one of those seals...

  • I actually used to [redirect ad sites to localhost in /etc/hosts], but a number of sites stopped working completely for me - instead of loading a broken image or whatever for the banner, I got a full page error message, and no web page.

    I've been using squid for a few months to filter out ads and keep cookies from being set; it's worked really well. It hasn't broken any sites that I can recall, and it's cut out most of the clutter and third-party cookies. You still need to check periodically for third-party cookies as new ad servers are put online, but I've gotten most of the current sites loaded into it. It even strips out the annoying host-navigation frames put up with sites hosted by the likes of Xoom and AOHell.

    Here's some info on configuring squid as an ad-blocker [taz.net.au]. My list of blocked sites is here [dyndns.org]. (I've tweaked the redirector script to support a NULLHTML tag that causes a file containing "<html></html>" to be returned...it's a simple hack, and I don't know squat about Perl.)

    _/_
    / v \
    (IIGS( Scott Alfter (remove Voyager's hull # to send mail)
    \_^_/

  • Mozilla does this just fine.

    In fact, I have mine configured to
    1) automatically reject off-site cookies
    2) Ask me before accepting any cookie
    3) Remember which sites are allowed to set cookies.

    I only use cookies when they offer some benefit to me, the consumer. 99.99% of all cookies only offer benefits to the server. And that should not be mandatory. Mozilla seems to develop more for the benefits of the consumer.

  • Don't read my postings in these threads until you send me $1 :)

    hawk, esq.

  • Re:Data is an asset (Score:3)

    by skion_filrod ( 201359 ) on Sunday July 02, 2000 @11:12PM (#962301)
    Hmmm., please tell me more:
    I am by now way a legal expert, but if I understand you correctly a company can promise their customers almost anything concerning the handling of their customers information and data, but as soon as they go bankrupt they don't need to follow any agreements made with their customers?

    Do you have any references to actual law or practicies in this case? Who decides that the "protected" data is an asset that may be sold - is the company or a legal institution? Is this specific for US law?

    Basically, I am not surprised that these things happen - if a company can use a loophole in the laws and make money out of it they will. The only way to make them not do it is to make laws that regulate what companies can do and can not do.

    I have never quite understood those opposing laws and regulations, claiming that "consumer power" and other public pressure will keep companies on the rug.

  • Lawyer: who owns what (Score:5)

    by hawk ( 1151 ) <hawk@eyry.org> on Monday July 03, 2000 @07:48AM (#962303) Journal
    I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.

    There are a number of factors at play here. The bottom line will be that, for the most part this data cannot be sold.

    Forming a contract is *very* easy. Put up a message that says, "give me this information, and I promise not to reveal it," and you have an offer. Anyone providing the information accepts the contract, and the recipient is contractually bound not to reveal it. Selling it would be a breach.

    Given a breach, the consumers would be entitled to "specific performance," a court order enforcing the terms of the contract.

    But then comes bankruptcy, which can do all kinds of strange things to contracts, setting aside large parts of the contract, which *might* allow a sale--but this introduces a new catch, namely that every single person who provided a name becomes a creditor with rights in the bankruptcy.

    There's a couple of ways that this could play out. It certainly isn't crystal clear that privacy wins, but my money is on privacy. Given that the expectation of continued privacy covered the gathering of the information, the potential sale of that information could not have been looked upon as an asset by the other creditors. THere's a couple of ways to reach this, the simplest being the contract.

    Sale of the *entire* company might be a different matter. If thugs.com branches out from lockpicks to handgus, would they have been allowed to use the information they gathered to promote their new product line? If so, the entire company can probably be sold, and the new parent company can likely use the information in a similar manner. If not, the new parent company would be similarly barred from the information.

    hawk, esq.
  • 127.0.0.1 is normally the loopback device. So you can configure Apache to do whatever you like with these addresses.
  • Can I buy some Visa/Master Card numbers and expiration dates?
    Oh, it's already on eBay. I see...

  • Privacy and buyouts/mergers (Score:3)

    by khym ( 117618 ) <`matt' `at' `nightrealms.com'> on Sunday July 02, 2000 @11:14PM (#962306)

    From the article:

    "CraftShop promised that it wouldn't release the names without approval," Mackey said. "So we just can't take the names and sell them to anyone interested. We couldn't deal them independently. (The company name and customer list) had to go together."

    While such a transfer may be perfectly legal, some privacy advocates find that to be little solace.

    Such a sale is taking advantage of a loophole, according to Andrew Shen, policy analyst with the Electronic Privacy and Information Center (EPIC), a privacy watchdog group based in Washington, D.C.

    "This is why the (Federal Trade Commission) act is not a sufficient manner in which to protect privacy," Shen said. "We need stronger laws to prevent the exchange of customer information when companies merge or are sold."

    An area like this can get complicated. If, say, little.com says it won't share it's customer info with anyone, and big.com buys little.com, I don't see any reason why they should just have to throw out little.com's customer info at that point; little.com has just become a part of big.com, so big.com should be able to inhert little.com's customer info (with all the original privacy argreemts on it still legal binding on big.com).

    But if, say, marketing.com buys the little.com "name" along with it's customer info, they shouldn't be able to set up a subsidiary "little-marketing.com" which markets to the customers of little.com as little.com; that's violating the spirit of the agreement, if perhaps not the letter of it.

    Looks like places like TrustE will have to get some more comprehensive (and, unfortunatly, more complicated) privacy policies for dot-coms to follow.


    Suppose you were an idiot. And suppose that you were a member of Congress. But I repeat myself.

  • Note that when a company is bankrupt, its assets are divided up and sold off according to what the court orders, and may not have much to do with what the company tried to promise.

    I'm not a lawyer, but if the company was not legally able to sell someone's private details before it went bankrupt as per a privacy agreement, I can't see how it could be considered an asset. If anything, it's a liability because the information would have to be destroyed or withheld from people who wanted it illegally.

    If this is true, how could any court treat it as such to be broken up and sold to pay creditors Isn't this whole thing more about what's in an original privacy agreement than what a court orders?

  • Been to New York? Times Square? Right around 42nd street there's a bunch of consumer electronics stores with huge banners in their windows that say "Everything must go!" "Going out of buisness".

    The amazing thing is these stores and their signs have been there for years and a handfull of owners take turns selling the store to each other thus making it legal to have a propetual going out of buisness sale for the times square tourists who think they're getting a deal.

    As users of the internet, we're like a bunch of tourists. We pull into town with our browsers, drop off a little peronal data, and zip off to the next site before we remember the name of the site.

    This is why:

    1) By law companies should have attain my informed consent before collecting information from me.

    2) The copyright and distrobution rights to my digital biography should remain mine untill I relinquish that right to a 3rd party.

    When it comes to colecting information, think of your digital biography like loading a progresively interlavced GIF or PNG file. With a little information, a vague outline the picture becomes clear. On the next pass, as more data is filled in, some smaller details become understandable. With all the data in place, a complete picture of the persona life comes on-line. It's a picture of your life. You should have at least a little distrobution control.
    ___

  • Yes the law is strict about infractions. Its just that the typical wavers let your doctor send that info to about 1/6 of the American population and still be legal. The other 5/6 could involve heavy fines.
  • By the power vested in me by the United States Constitution, I declare you a raging idiot.

    The Captain
  • Thank you for playing the game. The law is extremely strict in terms of medical info. I used to work in that field - the penalty for misuse of medical information is $250K / incident. This includes release of information for whom the patient (i.e. you) has not authorized release (that's why every insurance signup has a statement for you to sign authorizing them to get your medical info). Your sharing for drug research - this is always non-identifiable data (i.e. it cant' be traced back to a particular individual).
  • Of course it does. It means the site involved has impure motives and wishes to put up a fake appearance of trustworthiness that doesn't actually mean anything :)
  • My webpage is still on my former boss's machine at ISU. I had a one-year visiting position last year, so it made more sense to leave it all there while still on the market (that, and ISU's connection is *far* more stable/reliable than UNI'
    s).

    Sometime in the fall I'll probably move it here, but that probably won't happen unitl I have new content for my classes on my as yet unordered new machine.
  • Have a look at www.junkbusters.com - they have a nice GPLed proxy that you can put between you and your squid (or whatever) that offers regexed banner/ad blocking and privacy features like finely-grained control of cookies.


    I use it here, works like a dream.


    http://www.mp3.com/tib - be lamer than lame

  • lynx has the best behaviour of all: it gives you four choices to each
    incoming cookie: accept, reject, accept all from this site, reject all
    from this site, plus it is very easy to change your mind about these
    choices using the `cookie jar'. I wish there was a graphical browser
    out there that duplicated lynx's functionality in this respect.

  • Did you eat paint chips when you were a kid? Some businesses do need to be regulated in order to protect the interests of the people at large. Granted, we can't control all aspects of the economy, but I hardly think blaming the courts for business' mistakes is in order. Comparing a major corporation to a little kid is a little off, too. The kid can't bribe his parents to get them to shut up - most kids I know aren't financially independent.

    Take a look at these Supreme Court Cases:

    Helvering v. Watts 296 U.S. 387 [findlaw.com]

    Procter & Gamble v. U.S. 225 U.S. 387 [findlaw.com]

    U.S. v. Amer. Bldg. Maint. Industries 422 U.S. 271 [findlaw.com]

    The last case quotes Section 7 of the Clayton Act, 15 U.S.C. 18: "No corporation engaged in commerce shall acquire, directly or indirectly, the whole or any part of the stock or other share capital and no corporation subject to the jurisdiction of the Federal Trade Commission shall acquire the whole or any part of the assets of another corporation engaged also in commerce, where in any line of commerce in any section of the country, the effect of such acquisition may be substantially to lessen competition, or to tend to create a monopoly."

    The Clayton Act was created for a reason - to protect the American people from the rapacious greed of monolithic corporations. Perhaps your mental image would be better supplanted with an incubus whose parents don't allow him to do anything, and he ends up devouring their souls.

  • I already get offers for 'free DSL'/US only type things here in the UK, I'd imagine most other people here with email addresses also do.

    Does the Data Protection Act actually cover the sale of data? Equifax etc. still seem to get on ok here, all you can do is get a copy of what they have on you.

    It doesn't apply if you deal with a non EU company anyway, although the US was trying to implement something similar IIRC in order to improve US EU commerce. I think it probably does apply however if you are from the US and buy from the EU.

    One thing I used to do (before I got too lazy) was use a different email address for every site I gave my address to, e.g. for Amazon -> amazon@my-domain.com, then if I suddenly start getting spam at that address I know who did it, also that the address is dead and that it's time to put it on a server side autoresponder with a 50M attachment.

  • "I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off." While this may be a good idea it is a little false. Cnet serves its own ads and has what are know as '3rd party ads' that flow through it site. Some of those ads are from doubleclick as well as other companies like adsmart.

    On the note of personal information, just think how much info yahoo and slashdot have on you if you have an account on either. Slashdot know what sites you like as well as what authors you don't like, and what your opinions are. Hmm makes you think a bit. If you have yahoo mail, they have all your sent mail if they want to keep it as well as all your recieved mail if they want to keep that too. If you have any of their other services, like calendar or my.yahoo, they know more about you. The www is not an information trading formum. YOu want a service you must give up information on your self. If they hav laws about protecting childrenm why do we not start to implemnet laws to protect the adults as well?

    send flames > /dev/null

  • Browsing with Cookies Disabled is Useless (Score:4)

    by Effugas ( 2378 ) on Sunday July 02, 2000 @11:36PM (#962336) Homepage
    Unless you wipe out your cookie folder(yes, the one that says OH MY GOD DEAR GOD NO YOU'RE DELETING A COOKIE NO NO NO YOU REALLY DONT WANT TO DO THIS NOOOO care of Microsoft), cookies still function whether or not they've been "disabled" by the browser.

    This behavior occurs in both Netscape and Internet Explorer, and of course completely contradicts expected behavior.

    Browsers recently joined Crypto code in my eyes as things that companies have serious trouble being able to do securely once they get too big. Mozilla's hiring(they sent me a letter, not that I'm looking for new work). The thought of a functional browser that I can easily patch to not violate my privacy is more than tempting...we may really need Mozilla more for its security considerations than even for its standards compliance.

    The bottom line may just be that browser makers are just be too vulnerable to the demands of unethical marketers. The spasms that Windows goes into when you try to delete a cookie; that cookies are still served even if they're disabled in the browser...these just aren't accidental bugs, and shouldn't be treated as such.

    Thoughts?

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com
  • open c:\windows\cookies
    select a cookie to kill...such as jlvadmin@ad[1].txt
    press Shift-Del to delete it (this keeps it from going in the trash first)
    answer "yes" to the question that pops up, which is, "Are you sure you want to delete 'jlvadmin@ad[1].txt'?"


    Go check out IE4. Shift delete or not, the file manager used to scream(yes, exclamation points) "You are trying to delete a Cookie!! Are you sure?" for EVERY file you had selected. You either clicked yes or no for every single cookie; it was a modal dialogue that couldn't be cancelled en masse.

    In short, it sucked.

    I wasn't aware they had gotten rid of that.

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

  • Re:If you extend the situation ... (Score:3)

    by Shirotae ( 44882 ) on Sunday July 02, 2000 @11:41PM (#962341)

    does this mean that:

    • if your doctor's clinic folded, he could sell your patient info?

    There seems to be some protection of patient records in the USA - I found this ABI Testimony before Senate Judiciary Committee [abiworld.org] which seems to say that you can't just transfer the records to anyone.

    I vaguely remember this situation arising a while (at least a year, probably two or more) ago, but I don't remember in which jurisdiction, or what happened. All I can remember is that there was a fuss about patient records being sold to some company that was not another doctor's practice.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close