Shopping Online While Protecting Your Privacy? 239
Bart asks: "How can you shop online and protect your privacy?
I have been trying without success for a few weeks to shop at the online site of the bigest supermarket chain here in England. My problem is that either I am not using Internet Explorer or Netscape or that I have set up Junkbuster to return a spurious
user-agent. With this configuration I can visit my bank, transfer money and make payments, I can visit my two stockbrokers and make deals of up to 100,000 USD but I can't go to Tesco and buy cat food." It seems odd that certain places require a bit too much information from you before they will even do business. What information do you think is fair for Web sites to posess on an individual, and how far do current e-Commerce sites cross that line?
"Protracted e-correspondence with Tesco (apart from regular instructions on setting up Internet Explorer) revolves around bypassing the proxy and setting up a direct connection. As shopping online for mundane things like groceries gets more common and less the province of technically aware people, we can expect more and more intrusions like this into our privacy. Can anything be done about it?"
Re:What I recommend (Score:1)
It's their store! (Score:1)
Why fundamentally this may be true, as a web designer this "they should have done this" attitude really bothers me.
First, the comment above seems to indicate that the web developers should have spent more time on the project. Yet as pointed out here [slashdot.org], this particular company seems to dictate the site requirements to the designers. Not much you can do there.
But even so, and perhaps more importantly, let's not forget that this is *their* store. If they only want to cater to a particular segment of the web population that is their right since they pay the bills related to it.
Just as the NYT, for example, loses lots of potential viewers with their give-us-all-your-info login requirements, this entity is perfectly within its rights to do the same. Just as you are, just as I am.
In other words, this is a non-story, nothing to see, let's get back to something really evil now. Like ummm... Microsoft on Linux.
Information can be neccesary (Score:1)
First, the rate of fraud for small and mid-size e-commerce businesses can be astronomical. While I can't give out exact figures, I can say that our percentage of fraudulent credit card transactions was well over 50-times what would be expected in a brick & mortar convenience store. To combat this, we had to develop an internal fraud detection system that uses lots of information to make decisions about customer orders. Some information can be verified against the credit card company's database (zip code, street number), but often this is not enough. If you've ever bought something online, or mail-order, then there are potentially thousands of people who have access to this kind of personal information. In addition to the billing basics, our system also has to look for funny-sounding or celebrity names (almost always fakes), incorrect telephone numbers, hotmail/yahoo e-mail addresses, etc. Even with all of these precautions, some fraudulent orders slip through the cracks, though our fraud-rate is now the lowest in the industry.
Second, in order to successfully grow our business, and to market ourselves correctly, we must know our demographics. This includes everything from web-browser settings to ethnicity. For instance, if we know that 87% of our users use IE4 or above, and 99.5% of our users have JavaScript enabled, it allows us to design our website accordingly. For a mid-sized company, it can be impossible to invest the time and effort required to make our website compatible with every possible combination of settings. If we know that 25% of our customers buy calling cards for Pakistan, we are then able to specialize better products for that market segment, and to improve weaknesses in other areas.
Of course there are some companies that do not require their customers to give this information out online. The example of the stockbroker mentioned in the initial post is not a good one. Any trading account that someone opens requires a mountain of paperwork and personal information. They know your drivers' license number, what banks you do business with, if you have good credit, even your mother's maiden name in some cases.
Gathering personal information in retail e-commerce is not required only if your company 1) knows its demographics very well already, 2) has enough $$$ to address a mass market at once, and 3) has little or no chance of fraud, or likewise little or no consequence of fraud. For instance, a company that sells development software online with virtual delivery. It knows that its demographics are nerdy programmers, if its a company like Adobe or Macromedia, it certainly has enough money to market itself to everyone, and with a software download, there is almost no cost involved if the credit card charge is denied. Of course, these 2 companies that I mentioned gather more personal information than almost any other e-commerce sites that I can think of. They do it because they can, and they do it because that information is valuable-- Not just for their own junk mail, but for reselling to junk mail list companies.
Opensource tesco (Score:1)
Type in http://www.tesco.com/whatsinstore/default.asp and press Submit
If you know the URL of their ASP pages, you can exploit the null.htw bug in IIS to get at their sources. (I ran this tool against my own site and have since fixed the problem... they obviously haven't). My suggestion is that we opensource Tesco and fix their problems ourselves!
Re:Online grocery shopping (Score:1)
Well in the US... (Score:1)
Here in the US we would just hit them up with a class action lawsuit for discriminating against all the less used browsers, and enforcing a duopoly.
If Opera was out for linux I'd try that just because they could use some cash flow gained by suing companies preventing their takeover of the world... (Not sure if the Opera company would agree, or how UK laws work)
okay, I'm really not a sue happy american, but sometimes it is fun to play one on /.
Re:there is nothing wrong with user-agents (Score:1)
FWIW, Evelyn Glennie (one of the top classical percussionists presently, and one of the rather few such soloists) is deaf.
what does it have to do with 'net awareness? (Score:1)
Did you tell them that they would be turning away business, potential customers? Did you show them competitors' sites and demonstrate multiple browsers? If you did all of this and they still chose to deliberately exclude certain users, so be it. It is their loss. You might bring it up at the next stockholders meeting
Re:I don't see the point (Score:1)
I can't speak for all, but basically, in real life, you notice when someone's staring at you, photographing you, or pawing through your wallet/purse. You may not be concealing anything, but you can keep an eye on those who are keeping an eye on you. Online it's much harder to watch the watchers.
This is one of the points of David Brin's "transparent society" idea -- that this is a lot less menacing if you know who's watching, what they're looking at, and that you can watch them, too.
Re:Tesco Privacy Statement?!?! (Score:1)
Then tell the others why you're not using them. If enough people do this then changes will occur.
They've already got your home address (Score:1)
Solution. (Score:1)
(well for a bit longer anyhoo)
---
Solaris/FreeBSD/Openstep/NeXTSTEP/Linux/ultrix/OS
Re:Don't use 'em (Score:2)
Re:there is nothing wrong with user-agents (Score:2)
--
Mike Mangino
Sr. Software Engineer, SubmitOrder.com
Fair Game (Score:2)
This is essentially the same as when you go to the store in person.
Any more than that is information they, themselves, can't use. It's ONLY purpose, then, is to sell to someone else. And, in the UK, under the DPA, that is illegal, without your explicit consent.
Re:there is nothing wrong with user-agents (Score:2)
I run iCab Pre2.0 on my Mac. It has almost all of the features of a 4.x release. Several times, I have been prevented from entering a web site because my browser does not identify itself as a 4.x brwoser. Luckily, iCab offers the ability to change the User Agent field on the fly. So I change it to Netscape 4.x.
I get in and the site looks fine!
I got into an argument with LL Bean customer service a while back about this and, after a month or so of emailing, they finally gave in.
It is fine if you do not tailor your code so that any browser will work, but do not filter people off and prevent them from seeing your site.
Simple... just don't go there (Score:2)
Re:there is nothing wrong with user-agents (Score:2)
what part of the above requires dhtml/css/etc? barring resume building by "desgin artists."
in fact i can think of a discussion site that supports thousands of people and it doesn't do (much/any) browser detection.
Re:I don't see the point (Score:2)
Bear in mind that online purchases are inherently less private than off-line ones: you have to tell them your address for delivery, you have to pay by credit card, and both of these bits of info are already bundled up with your purchases in a single transaction. Its almost as bad as a loyalty card in itself. And they charge you a fiver for the privelege.
Re:I don't see the point (Score:2)
User Agent (Score:2)
I find that infoworld refuses to serve me pages because of this.
Should use same standards as Brick and Mortar (Score:2)
I'd say that any on-line store should require only the same information that is required at a real physical store. That is, if I'm paying for groceries with cash, then when paying with an accredited anonymous cyber-cash-like operation, I should need to provide no information at all. If I'm paying with a credit card at a store, then all the online-store needs is my number and signature. What? They can't get my signature over the wire? Okay, then, I guess they need whatever my credit card agreement says they need -- usually, an address.
In many cases, this is going to be up to the financial companies (banks, credit card companies, etc.) to find alternative ways of validating and authenticating transactions, without divulging address, telephone numbers, etc., to online merchants. Not sure this is ever going to happen. 'course, there's stuff like PayPal, but who knows how long until *they* start doing something with their information.
Of course, we have to remember that in many cases, the business model of online companies may actually include revenue from information collected during the transaction. You see this in bricks-and-mortar stores at, say, supermarkets, with the "special discount cards" that they give people. To be very literal about it, a certain loss of some amount of privacy (some shopping/clicking habits, etc.) are the true price we pay for discounted prices, vast inventories, and free overnight shipping. Don't like the loss of anonymity? Go to your local store. Sucks, yeah, but that's the way the internet works.
In this particular instance, as someone else pointed out, it's likely the problem is that they want to auto-generate their pages to match your browser. Here the problem isn't privacy, but a closed-mindedness as to what browsers are out there. This used to be such a nasty problem when I was surfing from my NeXT that I had to pretend I was Netscape (which was a built-in feature of the browser for just this issue!). They really should have some way of providing a general, simple HTML interface that anonymous browsers can read. Or maybe we need new brower identifications that don't ID the brower, but instead define the browser's capabilities.
Re: (Score:2)
Re:Perhaps sir would like to read this... (Score:2)
Re:Speaking of which (Score:2)
Why the hell does Radio Shack need my phone number when I'm buying batteries?
So they can dial the mobile that you've got your batteries installed in, and send the batteries a "shutdown" command (ie. leak acid) if they report that you are using them in a phone/brand not permitted by the Battery Shrinkwrap User Licence...
Re:Nothing (Score:2)
For example, American Express knows your buying habits. On a periodic basis they will view your transactions and look for transactions out of the ordinary. If a red flag appears, they will notify you and ask if all is OK. This happened to a friend of mine when the number (but not card) was stolen for a shopping spree. He was notified before the bill even arrived and all was taken care of.
Some mobile carriers also track your calling paterns (in the days of analog) and look patterns out of the ordinary and notify you immediately if they suspect someone has stolen your ID for analog cell phone. (Which is very easy to do).
In both of these cases, privacy is gone, but the benefits save a lot of time, money and pain for all parties.
What is needed are privacy policies and that is what we are seeing more of. We need to see privacy policies in place so those buying and calling patterns are tracked for our protection and not exploitation.
Re:But there is something wrong with self-interest (Score:2)
I don't think he's necessarily shafting anyone; just totally misrepresentating the handicapped to further his own goals.
I guess it's all about ethics (Score:2)
The problem with that approach is that you will have about a hundred else-ifs and you will be out of date within a week or two.
Ah... now I get it. You don't just sell web pages, you make a living from the full-time job of maintaining them, since every couple of weeks they need a few more "else if"s added. Yeah, I guess that's a lot more professional than those clueless people who write pages in the core HTML that all browsers support. Those amateurs will eventually work themselves out of a job, but you found something with long-term viability! Good thinking!
---
Ever See Early Edition? (Score:2)
Now that you have tomorrow's Slashdot stories today, how would you improve the world?
I think I'll go let the air out of Shawn Fanning's tires.
Never shopped with Tesco but.. (Score:2)
I've noticed the failure is mostly in cookies these days. When running Junkbuster with cookies blocked, sites create errors with no diagnosable cause, and they tend to be stupid about their errors.
Amazon and many other sites use cookies to track a session, plus a bunch of variables. However, you can run this in real time with a postfixed URL containing session information. Since these are usually long, random strings, it makes for ugly browsing. You can't "Get" this data on normal links, because there is no way to tag on arbitrary "get" data. So you have a choice: Store a Cookie (fast easy, but an apparent security risk) sent everything with form buttons and "get" like a normal form, or attach a "?variable_name=gobbletyguck" to evere <a href tag out there.
While this is a design decision, there are other safeguards that can be taken if a cookie doesn't work. You could run the session ID in a postfix, or ask for themy to turn cookies on or they can buzz off.
Some sites never cease to amaze me by the number of cookies they set. Some get up to 14 per screen! Haven't the programmers heard you can use your own datatypes in these things?
When it comes to user Agents, I let my pass through. Concentric needs to know what kind of dynamic menus to run, and a lot of sites with multimedia content won't serve a client not in their browser capability file. Hotmail hit me with this once. While I respect that they want to creat a dynamic environment for modern users, the reason they cite you can't use the site is because you are running a 2.0 browser! Oops, assumptions!
If you go to fugly.net [fugly.net] without the "www" in mozilla nightly, their site informs you that your browser is not HTTP 1.1 compliant, otherwise it would re-direct you. Strange indeed.
What is the solution to all this? Backend programmes must READ and EXPERIMENT above all else. Try situations out that you may never ever see, because some of your little tricks may not work out. Stick to W3C specs, and for the most part you are safe. Never assume anything, and stop leaning on cookies so much!
Until you can pay with cash -- NEVER (Score:2)
Not until there's some anonymous way of doing electronic payment. As anonymous as cash. So anonymous that the black market, drug trade, prostitution, and mafioso rackets use it instead of cash.
Re:Speaking of which (Score:2)
Cashier: And could I get your last name?
Me: No.
Cashier: Ok that'll be $foo.bar...
Also, telling them you don't have a last name is equally effective, but it does make them ponder more.
If they ask whether you're using those parts to build a bomb, answer yes. Every time. Tell them the 555's are for the delay circuit. Never give a location though.
Re:Necessary info (Score:2)
That is true, unless they're worried about actually staying in business. If the store don't profile you, the one down the street will. This store will be able to make better decisions according to what its customers want and will thereby have higher sales. Commodity store have very slim margins and must therefore rely on volume to turn a profit. A few percentage more volume means a lot. A few percentage less shelf time for product means a lot. A few percentage more sales per customer means a lot.
The reason groceries stores are doing more profiling that others is because of the need to move merchandise in higher volumes in order to maintain a profit. The store want to know you so that the can get stock for what you want, and NOTHING else.
I understand how you all feel though. I had a butler once, and dammit if he didn't insist that I tell him how I liked my eggs cooked in the morning. I fired the bastard. I just value my privacy TOO much to just give that information up to anyone.
Re:there is nothing wrong with user-agents (Score:2)
Obv. the handicapped need access. But if a private business does not serve them, they can just go to the next guy, who will. The first business loses money and the second makes money. What's unfair about that?
Re:Speaking of which (Score:2)
The Market Decides What is Fair (Score:2)
The marketplace will decide what is fair. Enlightened businesses are coming around, and unenlightened businesses are creating opportunities for competitors and new entrants.
My suggestion is simply not to do business with those who require what, in your view, is too much, and instead do business with their competitors -- even if the competitors are slightly more costly with which to deal.
Re:Data Protection Act (Score:2)
This data protection register [dpr.gov.uk] is online. This is what a search for Tesco turned up [dpr.gov.uk].
Re:Go to brick and mortar (Score:2)
Since I only had a few items and was in a bit of a rush, I decided it wasn't worth my time to argue with the teenager running the stand. So I told her exactly that, and walked out.
The manager explained to me they are under pressure from the regional office to get 92% of their customers onto the cards, and to employ every trick in the book to get people signed up. A percentage are audited to keep the stores from faking it. The manager was a fairly decent and sympathetic guy, and he seemed clued in about not wanting to give up privacy but assured me they hadn't started selling their lists, yet. I told him I didn't live in the US, and would seldom ever use their shop again even if I did bother to fill out the loyalty card.
So the store is having problems meeting a stupid quota, and are turning to high-pressure tactics to sign up shoppers. Certainly this is to increase the value of their database of shopper habits, so they can start selling the information.
the AC
Re:What I recommend (Score:2)
Aha! You are the bastard killing e-commerce with your shallow and deceptive advice.
One of the biggest turn-offs for many new users on the internet is the perceived lack of privacy. Although most people haven't a clue about cookie abuse and web bugs, there is a general, low-level feeling that anything they do will end up in the hands of some anonymous black-hats. Black-hats in this case not being hackers, but con artists, high pressure telephone sales scammers, and credit reporting agencies. So they stay away from e-commerce.
We, the more knowledgable users of
There's a lot of hype and FUD around at the moment about privacy, and invasions of it, and falling for it simply limits your options and decreases the enjoyment of your net experiance
Because many of us are professionals in the internet biz, we are well aware of the privacy issue, and we can see through the FUD. There is a huge problem with privacy on the internet and in real life, and people are starting to become aware of it. Because most people have been burned by a scam at some point in their life, they will limit their options and their net experience. They will stay away from sites such as Tesco, because they have been scammed from giving away too much information before, and don't want Tesco selling the fact they own a cat and work too many hours to get to the shop.
Many people, myself included, are limiting our options because the net experience doesn't give us anything better than spending a little extra time in real life just like we have always had to do.
the AC
Not just Tesco, but online airfare sites as well (Score:2)
I've found some amazing deals online which I would love to have jumped on, but the tremendous amount of personal information was too much to give up for a little savings. I have set a price on my personal information, and saving a few hundred quid on a trip is not enough for me to give up my info. If you try to buy an online ticket, the number of "required" fields are too numerous and private just for a cheap ticket.
E-commerce sites have been abusing the information they obtain since the beginning. They commit the worst kinds of direct marketing and spamming, under the guise of "its better for the consumer". And then they wonder why E-commerce hasn't really started to take off, and why consumer confidence isn't there.
When the e-commerce sites gain a reputation for not insisting on private information, and never spamming or selling your info to direct marketers, then consumers will be more willing to use their services. Until then, business to user e-commerce will never take off.
the AC
Re:Go to brick and mortar (Score:2)
Some brick and mortar stores are desperate to skim every last little bit of profit from their customers that they can. Mining personal information is just the latest twist, and there are many stores now trying to sell that information through brokers. But for the moment, there are always alternatives who would rather have your custom than try to mine your data as well.
the AC
Re:Go to brick and mortar (Score:2)
This is stupid, but there doesn't seem to be any enforcement of consumer protection laws in the US. Over here, if a shop were cited for violating the law, they would risk having their business license revoked. It happens occasionally, enough to make shop managers think twice about pulling any major scams.
the AC
Anonymity (Score:2)
Re:I tried to shop in real time with privacy (Score:2)
//rdj
Re:Grocery stores are the worst (Score:2)
//rdj
Re:Necessary info (Score:2)
//rdj
P.S.
For all you smartasses out there (and there are some on
Re:Necessary info (Score:2)
they don't need my name for that either.. they can easily see: Oh we're selling lots of banana flavoured condoms! maybe people like strawberry and chocolate too..
I still dont see why they would need any data other than the data used for sending the stuff. and from me they wont get any as long as I can still walk to the store myself.
//rdj
Re:What the site should be allowed to know (Score:2)
I would think this of a person who's main motivation is money, and I think this of companies whose entire motivation usually IS money.
//rdj
Re:Nothing (Score:2)
Ah, but you're wrong; they have gotten some very important information about you. They now know that you own a cat. (or perhaps you take care of one, or know someone that does, or
But seriously, I've always tried to save money when I can, so when the grocery stores started issuing "preferred customer cards" and I didn't have to clip coupons anymore, I was quite happy for the convenience... until I realized that by using my card, I was giving the store the ability to keep track of all of items I buy (assuming they are so inclined, have the storage space, etc.) But I've decided that I don't care if my store knows I like Diet Coke better than Diet Pepsi, or whatever.
I can top that. . . (Score:2)
"Sweet creeping zombie Jesus!"
Re:Ask? (Score:2)
How do you prevent cross-site attacks (such as someone posting to slashdot in your name, using your cookie) without checking http referrers (to make sure the last url you were at was the comments.pl page)? I guess you could include a cookie-like thing in each url, but that's ugly.
Re:tracking spam (Score:2)
I like what you do with the myhouse.com thing. Seems appropriate.
Re:I can top that. . . (Score:2)
When I went back 5 years later, Lucifer had quite a stack of mail waiting for him...
Daaaaamn! (Score:2)
Re:there is nothing wrong with user-agents (Score:2)
If sites were coded to standards [w3.org] then less time would have to be spent second-guessing the user and more time could be spent on building the real functionality desired (and that's sort of the point of the site, isn't it?) so that they could be usable by anybody [anybrowser.org]. More potential clients/customers is a good thing, right?
Why oh why is it taking the corporate world so long to realize this? Is it going to take a major law suit against a big company to make them open their eyes?
Re:there is nothing wrong with user-agents (Score:2)
I try to make everything as browser independent as can, but I certainly see why an online vendor rather adds features for the 97% using a [modern/normal/bloated/standard/evil] browser than bother about the rest. See, if those features makes the 97% buy 4% more thanks to the bells and whistles, he comes out ahead.
Also, if I had a commersial site, financed by ads, I wouldn't spend too much time making my content accessible with junkbuster...
Re:there is nothing wrong with user-agents (Score:2)
IANAL but I think the latter would be legal unless they were employed there. There is no general law requiring people to act in a non-discriminatory way.
A small step forward for Tesco (Score:2)
You Are Barking Up The Wrong Tree... (Score:2)
Lots of sites that contain javascript have different versions for MSIE and Netscape. Heck, my homepage has the similar browser sniffing code.
Unfortunately poor website developers forget that there exist more browsers than Netscape and MSIE, thus they do not create non-Javascript enabled versions of their site. A quick visit to the website [tesco.com] confirms an excessive amount of javascript being used.
This is obviously not a privacy issue but instead one of poor website design. Anyway all your user-agent contains is your browser version and OS version, hardly devastatingly private information.
The Queue Principle
Re:But there is something wrong with self-interest (Score:2)
It might be to further his interests but it could still benefit those with disabilities all the same. He wasn't asking for special privileges. He just didn't want to give out as much info. You make it sound like he is trying shaft everyone when that isn't how I took it. If his actions would help those with sight problems then good for him. This is not at all the same as getting handicapped tags as that is a privilege that is reserved for those who have a handicap. And to quote "Real Genius," there are plenty of decaffeinated brands on the market that taste just as good as regular.
Molog
So Linus, what are we doing tonight?
Losing business can be neccesary [sic] (Score:2)
[We trap for] funny-sounding or celebrity names (almost always fakes), incorrect telephone numbers, hotmail/yahoo e-mail addresses, etc.
I sincerely hope you don't reject shoppers solely for those things, as I have friends whose main e-mail is through Hotmail and who have names similar (within soundex range) to those of celebrities or cartoon characters.
You just lost their business.
<O
( \
XGNOME vs. KDE: the game! [8m.com]
Data Protection Act (Score:2)
As a Company trading in the UK, Tesco is subject to the Data Protection Act [dataprotection.gov.uk]. This means that they have certain obligations wrt any personal data they might collect from you.
As for the particular issue of collecting information about your browser, the DPA says they must discard data as soon as they have finished using it for its legitimate purpose i.e. once the page has been constructed.
As for the fact that the web page only works for two browsers - well that is just bad programming. If I find a page that doesn't work, I always submit a bug report. In software terms, web sites are often very poorly engineered (IMHO) and a little constructive criticism may just possibly improve things a bit.
Horay! Tesco is improving in leaps and bounds (Score:2)
Supermarket cards (Score:2)
I know the answer! (Score:2)
Re:Tesco are really good at this (Score:2)
It sems to me that you're just being lazy- there's ample places to buy food from in Manchester. You just have to be les lazy about it.
--
Don't use 'em (Score:2)
OT - How many times have those of us in the States been asked for our SS# during purchases?
I recently signed up for a new wireless phone and the sales guy needed my SS# for the application. I told him "um, nope, you don't need that, I am only buying a phone". Anyone else?
Re:there is nothing wrong with user-agents (Score:2)
white it's not the majority, that is certainly a fair number of people.
heh.. sorry. I'm just annoyed when a page is completely unreadable with lynx, because it's usually faster then booting up with Netscape. It's aweful how bad securityfocus [securityfocus.com] is... it even seems to crash any version of Netscape for Linux i use on it (on different systems).
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Its all about margin (Score:2)
Security is not what I do (Score:2)
Could you please enlighten us what do you recommend to your customers in terms of keeping our personal data secure. Do you insist that all data is kept encrypted? Do you suggest that the encrypted data is stored on a separate machine, with audited security?
That's not my area of expertise - I'm an ideas guy rather than an implentation guy. If they want to get these things sorted out then they'll need to hire a security consultant to go over the details and implement a working security policy.
I do recommend that they do it though, its always bad for business when one of your customers gets hacked into and their customer databases stolen.
---
Jon E. Erikson
/. readers don't like to pay anyway (Score:2)
Of course most Slashdot readers probably don't opt out, they just fill in absolute rubbish to try and skew your statistics. Or is that just me?
Well, since most /.ers would rather not pay for anything anyway, their contribution to commercial issues is negligible. The false statistics generated by them being "clever" is not something most companies would care about - it can be removed using standard statistical techniques.
---
Jon E. Erikson
SMSpam (Score:2)
I just understood why
My collegues brand-new WAP handy just left him an SMS message : some kind of advertising for a WAP service, it seemed.
If the handy penetration rate is that huge, then it seems the'll touch even more people with SMSpam than with mail-spam.
Hence their need for loads of Handy#...
I happily don't have one, but having used mtnsms.com to send SMS messages to a friend, I am now afraid I may have unvoluntarily given his handy# to potential SMSpammers.
--
Re:Tell'm whatever you want (Score:2)
although I like the idea of giving a 9 digit number and expecting people to believe it works.
Re:Go to brick and mortar (Score:2)
You want to make your password your daughter "Liz"?
Go ahead. It will be easy to remember and take little time to type. But if anyone does a little bit of research on you, they'll guess your password, and if they brute-force the login it won't take long. You want to be secure? Make that a 10 digit password with numbers and a mix of upper and lower case letters.
You want your machine to stay perpetually logged in as you? It's certainly convenient. But anyone walking up to your machine can pretend to be you.
You want Amazon and Yahoo to remember who you are and what you like? Fine, let them send you cookies.
And if you want to shop online, you've got to give them some info. Any online shopping by its very nature requires at the very least, a method of payment. This will almost always include lots of personal information. Most of them also require an address to physically ship your stuff to.
So if you want extreme security and privacy, its yours. But don't complain about how inconvenient it is, because that should have occurred to you from the beginning, when you chose not to let people know anything about you.
This isn't just a computer thing; it works like this in the real world. If you don't let anyone get to know you, then you don't have to worry about being emotionally hurt. But you won't have any friends either. So suck it up and take a little risk.
Go to brick and mortar (Score:2)
-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Re:[OT] Tomorrow's Slashdot healines (Score:3)
Usually, I hate off-topic articles even if they are supposed to be "funny", but this one is excellent. Very good summary of the various /. posters...
By the way, there should be an option to ignore the "+1 Funny" moderation points when sorting articles. That would be helpful when you want to get the facts first without spending too much time on the reading the jokes and silly comments. There could also be an option to double their weight, for those who read /. for fun more than for learning something new (alas, this seems to be the majority of the audience here since about two years ago).
Re:I don't see the point (Score:3)
I don't think the ability to do more data processing on electronic information is a very important reason to conceal more of our on-line activities than our off-line ones. After all, any large organisation (apart from those - like credit agencies - trying to avoid the DPA) enters all its information into its computer systems pretty much in real time, regardless of whether the transactions were on or off line.
Its also interesting to note that arguments about privacy are an element of the age old argument about whether societal or individual interests should take precedence in general, and of course that the best answer is "it depends". This does explain why concern about privacy is most intense amongst libertarians and other individualists, even thought the argument is so new it doesn't appear in any of the classic individualist philosophy.
I tend to agree that the most important concerns center around misuse of information (such as drawing tenous conclusions from purchasing data and then using these to make life-affecting decisions about individuals), but it is arguable whether these problems are best avoided by concealing or revealing information. For instance, is it better to avoid writing hand-written letter to avoid the use of graphology, or to publish more data that disproves graphologists claims ?
Perhaps sir would like to read this... (Score:3)
Tesco online snoop plan
Helen Gregory & Sophie Mason
Tesco is considering using artificial intelligence software to alert shoppers on rival Web sites that it can offer better deals.
The supermarket giant is already using the software package to track which products are of interest to its Tesco Direct shoppers and to suggest items they can add to their virtual shopping list. It is now debating whether to press on with plans that would allow it to compete immediately with promotions offered by other supermarket sites.
MyWeb software was introduced free on Tesco Direct CDs three weeks ago. Once loaded, the program stays on the shopper's computer and "reads" text from the screen rather than directly from the Internet, developing an understanding of what the customer is looking at online.
If extended, MyWeb could sit on the user's computer and, whenever they entered a rival grocer's site, a prompt built into the program would see MyWeb flash up a reminder of Tesco's offers.
The system can also create a profile of shoppers' tastes by keeping a record of what they have bought or looked at in the past. It can then use this information to anticipate demand and suggest similar products if the first choice is out of stock.
Simon Fletcher of software supplier Autonomy, which developed the system, said the package provided Tesco Direct with a major marketing tool in the e-commerce battle.
"E-tailing customers will not tolerate having to go and actually search for things for much longer because the whole point of an e-commerce site is to free up time that you would normally spend in the shopping aisles," he said.
MyWeb can also make associations between purchases and cross-sell items. For example, if they buy charcoal and firelighters, MyWeb will suggest a deal on burgers or garden furniture.
Dan Munford, partner with Insight Research, said tailoring e-offers was the "holy grail" for supermarket chains. "It's what the consumer wants," he said.
Re:I don't see the point (Score:3)
For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?
This is a good question because there are lots of potential answers, and the truth is probably a different mixture for different individuals.
First, the web is still "real life", but I guess you just chose that phrase as a representation of the traditional shop, cinema etc. What's different about putting computers in the transaction mechanism is that the data can be processed way beyond the limits of what could be cheaply done with paper/filing cabinet systems.
Taking this to it's next level, globalisation may mean we have "global person identifiers" (GPIs) instead of credit cards and national passports. There are several countries that already require identity cards, or some form of citizen numbering. In italy all citizens have a Fiscal Code (Codice Fiscale), which must be quoted in every transaction above a certain value -- this is supposed to allow the government to track money laundering etc. All it takes is for all these existing and growing registration systems to merge, and you'll never feel alone again.
The end debate is whether this is good or bad -- ie. ethics and politics. The two classic arguments (AFAICT), are 1) the government needs power to crack crime (Fiscal Code, NSAKEY etc), and 2) that the individual has a right to privacy. Ie. 1) Society is good and it's society that educates the individual to be a good citizen, or 2) The individual is good, and has to be protected from corrupt society --- ie. 1) society oppresses the individual or 2) the individual corrupts society
Needless to say, this is a basic duality that is so fundamental that there will typically always be two political parties, the so called Left and Right. But like all dualities, neither position is the truth... it is an integration of the two, in varying amounts, that is needed to secure the health of both good societies and individuals, and filter out the ill health of bad societies and bad individuals. :-P
But don't ask me how
So back to the "real world", I don't like people getting the wrong impression about me. So I am, for example, against so called "handwriting experts" who profess to be able to say all sorts of things about my character, attitude, personality, performance etc. from just looking at my handwriting. I am against employers who, because they are ill informed and haven't made a proper objective study of their recruitment process, make use of such so called 'experts' --- not just because they may not hire me, but because they may not choose the right person anyway.
I suspect it's really the mis-use of the massive amounts of information that are becoming available that people are objecting to.
Oh flaming heck, I've written too much... $(
Re:there is nothing wrong with user-agents (Score:3)
I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.
If they have put in so much effort that they have customised the site for IE and NN, then they should put a tiny bit more effort in and deal with other browsers nicely, even if the site does lose a little bit of functionality. In most cases the bits that change according to which browser you are using have no effect on the functionality at all - those bits are generally the icing on the cake.
Tesco have a badly written site. However, I don't see why giving out your useragent is a problem. So they then know you are using MSIE 2.0 or something - so what? Hardly identifying information is it? If anything a custom useragent is far more identifying, and therefore giving out a fake useragent string means you could be intentionally giving away more privacy.
Ask Slashdot is getting exponentially dumber (Score:3)
1) Send an email to Tesco saying "I was unable to use your online shopping site, because it asked for XYZ. I will be going to a brick and mortar store.".
2) Go to a brick and mortar store.
Ta-da! You have cat food. Tesco has information on how to fix the problem. If they don't do it you are out of luck but there's nothing else you can do--they don't want you as a customer bad enough to fix their site.
--
Re:User Agent (Score:3)
Grocery stores are the worst (Score:3)
Grocery stores are the worst at profiling. They try the hardest to do consumer profiling and not just with the internet. Up in the Chicago area, the stores almost mandate you have one of their "preferred shopper" cards by posting one price on the shelf for the "preferred shopper" (although they make it look like the normal price - only in very fine print does it say "preferred shopper" price) and in fine print put the price for non-preferred customers (which is much higher). Only when you're at the register do you realize what they did. I found out one day when I was up there visiting my family and made a purchase.
They have been doing this for about 15 years now too. My mother understood the profiling but finaly after many years broke down and got one. But she got it in our cat's name, and it is amazing the junk mail "mega catlin" gets.
The only way to combat profiling is to always give wrong information. If you mess with their statistics, they won't rely on them as much.
Let me tell ya a little story. . . (Score:3)
I had a friend with a cool wool trenchcoat. I told him I liked his coat, and he said that he got it from U.S. Cavalry [uscav.com] for $7. Wow! So I went online and bought one. Two, actually.
Of course, I started getting U.S. Cav catalogs. But then a few months later, I started getting literature and membership offers from the N.R.A.
Then, just last month, I got an offer to join a hunt club -- when I have never hunted anything in my life! Now I have someone called "Buckmasters" calling me on the phone.
All because I bought a trenchcoat.
I think corporate mailing list sharing has become the evil meme of our times.
-Omar
Speaking of which (Score:3)
Re:there is nothing wrong with user-agents (Score:3)
I consider a site that requires a useragent, and also requires you to use IE or NN to be broken.
I'm currently working on an online shopping site for a large, well-known IT manufacturing company. The site is already in use, so I had a look at the stats for August so far.
Microsoft and Netscape browsers make up 97.4% of the hits (nearly 6.5 million so far this month). The stats tell me the browser versions too.
Of the Netscape browsers, version 4.x (Communicator) takes 98.4%, 3.x has 1.3%, 5.x has 0.23% and the others much less.
For MS IE, 81.5% were version 5.x, 18.09% version 4.x, and 0.38% for version 3.x. There were negligable hits from previous versions.
This is what people are using. Management look at these figures and then tell me the features must work in NS4.x and IE4.x and 5.x. That covers the vast majority of users; I would imagine that they would probably consider developing/testing for other versions a waste of resources.
It also occurs to me, that (as is the case with Tesco), the internet side of selling is not where most units are shifted. It's an extra distribution channel. Priorities would probably be very different if it was the primary channel.
I don't know about the UK's disablilty laws, but I think Masem's point about disabled persons' usage of the site would not hold much weight. The kit available on our site can also be ordered by phone and bought from lots of different retailers (ie: in shops); with Tesco you can still go to the shop. It's a slightly different kettle of fish to the situation with AOL - their software must be usable by all, but I don't think Tesco is required to put in a ramp at every single entrance to the building.
-- Steve
Ask? (Score:3)
Is it a horrible conspiricy on their part, or is it just bad HTML?
Re:I don't see the point (Score:3)
Supermarkets love to know as much as possible about their customers so they can 'serve you better' (i.e. sell you more) by targeting you with special promotions, vouchers etc. That's why loyalty cards were invented - not for the benefit of shoppers, but so they can gather all the information about your purchases, how much you buy, how many times you visit, when you visit, how far away from the store you live, your social class (extrapolated from your postcode and what you buy), whether you like brand names or not, whether you are loyal to a brand or not, whether you are susceptible to special offers or not and so on. The amount of data a loyalty card gives a store is staggering and boundless. Tesco and their ilk set up large IT centres to mine this information.
there is nothing wrong with user-agents (Score:3)
if ver == "x" then
do this way
else if ver =="y" then
do this way
end if
Without this, you would have some screwed up pages on sites that tried to do dynamic content. Until the major browsers support the same features with the same syntax, you will need this.
What I recommend (Score:3)
As a top flight professional consultant who has worked with many companies attempting to leverage their business onto the net, I generally recommend that companies obtain as much information as they possibly can, but allow an "opt out" policy for customers for whom privacy is a concern. After all, it costs them nothing (well apart from some of my rather expensive time) and satisfies the small number of people paranoid about letting people know which browser they're using.
The information gained by online businesses in this way forms a valuable resource for them to react to what their customers want, even when the customer doesn't realise it. After all, the more information you can obtain the better the service you can provide - personalisation is the key to a happy customer and lots of business when many companies are all offering the same product at very similar prices.
Still, privacy concerns are overrated here and I think your're being overly concerned about what Tesco will do with your information. They're not going to sell it to other people - information like that is valuable to them - and they're not going to spy on the not-so-sordid details of your life with it.
My recommendation - give a little, get a little. Don't worry so much about giving out such inconsequential details online. There's a lot of hype and FUD around at the moment about privacy, and invasions of it, and falling for it simply limits your options and decreases the enjoyment of your net experiance.
---
Jon E. Erikson
Re:Ask? (Score:3)
And since you have the products shipped to you, you must give them your address. Now they know where you live.
Currently, online shopping is fundamentally un-private.
This could change, with two developments:
1) Using a secondary payment service, that you pay anonymously via cashier's check. Thus, your name is not connected at all to the payment of a product.
2) BestBuy.com allows you to order an item online and then pick it up at a local store, using a confirmation # emailed to you. Using a Yahoo-like email, and picking it up at the store, they don't have your "real" email address nor your home address.
But realistically, online shopping will always be un-private.
Re:there is nothing wrong with user-agents (Score:4)
And remember, there *are* pending lawsuits by disabled people against AOL and others for just this reason.
If the UK has similar laws, you may want to kindly write Tesco to remind them that said disabled users won't be able to access their site.
I don't see the point (Score:4)
Frankly I find this obsession with privacy somewhat bizarre and worrying. For some reason people see it as reasonable to expect to be able to conceal all the details of their online activities to a much greater extent than is possible in real life. Why ?
Re:Ask? (Score:4)
When stupidity is a sufficient explanation there is no need to resort to any other:
- The secure mode looks like operating with the same cursed Micro... like Barkleys not just standard SSL. So it is least likely to work properly with Netscape in first place.
- Cookies look like standard ASP session library and standard shopping basket implementation.
- As you are going to be leaving there you credit card information anyway there is not much you will keep private anyway. They know your name, address, date of birth and can actually even request a credit reference for you and learn about your income band from there. So you may let them cookie your arse off anyway. Just use an editor to check them after that.
- It is quite likely by the look and feel with Junkbuster on and Off that it relies on HTTP referrer in quite a few places. It is genuinely stupid, but some people see it as a "security measure". Quite popular lately. I wish they were watching more on unique session IDs and where and how they store data instead. See the recent Barkley and other cases
Conclusion: I guess you will have to use insecure browsing and junkbuster off you want to shop with netscape on this site. Or use vmware and shop with a Windoze having vmware in the mode when it does not keep the disk updated. After powering off all they have managed to stuff your machine with will go on holiday. And they will have wrong preference info on you anyway Standard disclaimer:Re:Don't use 'em (Score:4)
I finally broke my local store of that habit. I had fun doing it, I was looking for a new stereo, and decided to see what they had. I was ready to plunk down about $600, the sales guy was writing up a ticket and asked me my phone number. When I asked why he said it was store policy. I asked for the manager, when he showed up I waved my cash under his face, and told him that they just lost a big sale because they insisted on my phone number; then I walked out. Next time I went in there was a sign posted prominately that the phone numbers were optional. But the look on their faces when I walked out was priceless!
Tell'm whatever you want (Score:4)
You ask me for my SSN? Sure its 554089652 the clerk writes it down everyone is happy. My phone number 342-980567 Yeah it's a little weird I have a cell phone... They won't tell me what they want with it so I don't feel the need to be truthfull with them either. Nobody makes you PROVE these random numbers do they? They depend on stupidity and truthfulness. Give them neither.
The best piece of misinformation holds a kernel of truth. If you want to be totaly duplicidous just interchange some of the real numbers. Switch a couple of digits now and agian.
-Kensail
this won't protect you from such abuses... (Score:4)
I personally have hundreds of aliases that I give to new contacts.
I preferably use really stupid ones whenever I am not sure about my contact ; e.g. I sent one day mirko@garagiste.com to an inoffensive-looking web site while requesting information about data security.
You can't imagine how many sex spams I received under this alias.
Also, whenever requesting for documents to be sent through normal post, I usually give a fake first name (e.g. Baudoin, Ibrahim, Bill, etc.) which then allows me to track the spammers.
At the end, I just set some filters on the spammed accounts so that I can get rid of spams.
Now, if they want your personal data, you can consider they just want to know how they can reach you with public mean (email, mailbox, etc) and then give you some information that'd be just relevant enough but objectively not corresponding to you.
(let's say the website was compusa.com)
(click on submit)
(one week later, the phone rang)
-Allo ? Mr Hiroyoshi ? As a faithful client, we guess you could be interested in our offer : twenty four boxes of (put any soap brand here) for half price if you buy us ten rolls of toilet paper.
-So, compusa also sell toilet paper and soap ?
Anyway, my favourite one was with an old hotmail account that is now closed : a21z.
Before I ever use it publicly (on deja.com), this account got spammed.
The complete recipients list was readable.
To my surprise, all the email addresses (around 2 or 3 hundreds) were containing the string Aziz.
Ah ah ah ah ah ! I can't imagine they have some spams only aimed at guys called Aziz !!!
Conclusion:
--
[OT] Tomorrow's Slashdot healines (Score:4)
Posted by Hemos [hemos.net] on Tuesday, Friday 18, @06:38AM
from the damn-those-fascist-capitalist-plutocrat-bastards dept.
Signal 11 [mailto] writes: "Yahoo! News [yahoo.com] is reporting that Napster founder Shawn Fanning has been given a speeding ticket. The police claim that Fanning had exceeded the speed limit by over 15 mph, but we all know that he was acting in full compliance of traffic laws.". In a truly free world, there would be no need for speed limits. When will the establishment learn that speeding laws simply can't be enforced? Even if Fanning receives a ticket, thousands of other drivers will continue to speed.
( Read More... | 768 comments | Your Rights Online )
Miniskirt-clad girls save universe
Posted by CmdrTaco [cmdrtaco.net] on Friday August 18, @08:25AM
from the roketto-ga-sugoi dept.
AnimeNewsNetwork.com [animenewsnetwork.com] is reporting that earlier this morning in Tokyo, five girls in color-coded blouses and miniskirts transformed into scantily-clad superheroes. The five girls then screamed, hurled glowing balls of energy, and screamed some more at a thirty-tentacled monster. Still no word on whether this is connected to the large humanoid robots spotted battling last week in Osaka.
( Read More... | 168 comments )
Slashback: Frisson, Sesquipedalianity, Responsitivitiness
Posted by timothy [mailto] on Tuesday August 08, @10:45AM
from the beware-the-froomious-bandersnatch dept.
It was a dark and stormy night. In a salutiferous octastyle basement, an ultracrepidarian man was hermtically hunched over a piperaceous desk beneath a ornate mazarine, typing furiously away on an obumbrate keyboard. Meanwhile, in a meandrine corner of the world, several setose seeds were being entrenched in the muculent minds of the hoi polloi.
( Read More... | 9235 bytes in body | 214 comments )
Traffic Cops' "Justice" and Napster
Posted by JonKatz [mailto] on Friday August 18, @11:30AM
from the post-hellmouth-world dept.
Just as Shadowrun predicted, The Corporate Republic took another step in assailing geeks today by handing Shawn Fanning a $L00 speeding ticket. This narcissism is harmful because it shrinks the creative universe of media workers and disconnects them from the new global conversation taking place online. Hubcaps have sparked a cultural and economic revolution that is just beginning to be understood. Will we see an increase in the number of Chickdrivers receiving "closed" traffic tickets as well, or will the Edge power a paradigm shift to "open" community-based traffic laws?
( Read More... | 598235 bytes in body | 657 flames | Features )
Ask Slashdot: Are Corporations Trying To Make Money?b out dept.
Posted by Cliff [exit118.com] on Friday August 18, @1:25PM
from the yet-another-article-from-the-something-to-think-a
www.sorehands.com [sorehands.com] writes: "Today I visited Yahoo [yahoo.com] and was shocked to see a banner advertisement - I thought I'd managed to block every form of advertisement possible with Junkbusters [junkbuster.com]. After thinking about it some, I realized Yahoo was probably running advertisement in a crass, commercialized attempt to make money off of my web-surfing habits! Could there be any other corporations out there engaged in similarly devious practices?" An interesting question here: Are some companies attempting to turn a profit, and, if so, what can we do to prevent it?
( Read More... | 3082 bytes in body | 345 comments )
Autospy of a Furby
Posted by michael [mailto] on Friday August 18, @3:43PM
from the deja-vu dept.
Vladinator [mailto] writes "Ever wonder what it's like to take apart a Furby [phobe.com]? I don't, because I saw this on Slashdot two years ago, but I needed some karma so I submitted it anyway. Fawking trolls!" Those of who you started reading Slashdot this week may not have seen this page yet, so I'm re-running this classic for you three newbies.
( Read More... | 1 FIRST POST! )
Interstate Highway Boycott Planned
Posted by emmett [mentaltempt.org] on Friday August 18, @6:25PM
from the fight-the-power dept.
Bowie J. Poag [mailto] writes: "You guys are idiots and VA sucks, but being the nice guy that I am [Update: 08/18 11:11 AM by CT [cmdrtaco.net]: Further investigation reveals that he isn't ] I thought I'd let you know that know Wired [wired.com] is reporting that a boycott [highway-boycott.com] is being proposed against the interstate highway system for its treatment of Shawn Fanning. The interstate highway sucks almost as much as anime! PROPAGANDA [tilez.org] RULES!!!!!" It's good to see that some people are taking the battle for free (as in Willy) highways into their own hands.
( Read More... | 218 comments )
Holland Convenience Store Switches To Linux
Posted by Hemos [hemos.net] on Friday August 18, @9:33PM
from the key-victory-for-open-source dept.
Today while visiting my local 7-11 in Holland, MI, I noticed that their inventory computer was running Linux! Best of all, a representative from the store assured me, due to complaints from Bruce Perens, that the store may consider GPLing its inventory "sometime in the future." Looks like another business has finally "got it" and adopted the tenets of the free software movement.
( Read More... | 164 comments )
Napster? Napster Napster
Posted by CmdrTaco [cmdrtaco.net] on Friday August 18, @11:25PM
from the napster dept.
Napster Napster Napster. Napster, Napster Napster Napster! Napster Napster (Napster) Napster Napster Napster, Napster Napster Napster. "Napster Napster Napster," Napster Napster. Napster Napster, Napster Napster Napster.
( Read More... | 304 comments | Napster!! )
I tried to shop in real time with privacy (Score:4)
I didn't want people to see what kind of groceries I am buying, for then they could make the inference that I have a cat, a dog, a child and a wife, and try to direct mail market to me using that information, and violate my privacy.
Wouldn't you know it, they called the cops, suspecting a robbery.
Do any Slashdot readers know of a grocery chain where I can shop in the northeast US that will let me shop with a mask on, to protect my privacy?
Thanks
Re:User Agent (Score:5)
The most annoying thing a website can do is refuse to work in such circumstances. The same goes for those shitty websites that refuse to work without a referrer URL.