×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Online Privacy Is Broken

Soulskill posted more than 3 years ago | from the too-many-people-who-don't-care dept.

Privacy 220

Trailrunner7 writes "One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

220 comments

User generated content belongs to the user... (5, Insightful)

alexandre (53) | more than 3 years ago | (#32327776)

If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...

Re:User generated content belongs to the user... (4, Funny)

BuR4N (512430) | more than 3 years ago | (#32328158)

No, we would be in IT support hell, maintaining our dads and moms P2P servers......

Re:User generated content belongs to the user... (2, Funny)

betterunixthanunix (980855) | more than 3 years ago | (#32328264)

Just like right now, we have IT support hell, maintaining our parents' web browsers and operating systems.

Seriously, you think that there is something special about P2P that makes it particularly harder to maintain?

Re:User generated content belongs to the user... (5, Insightful)

TerranFury (726743) | more than 3 years ago | (#32328448)

A big problem is simply NAT. Non-technical people are not going to set up port forwarding. This basically broke the Internet, and pushed its development in undemocratic directions.

UPnP partially fixes this, but opens up a whole bunch of other problems, which are even worse.

IPv6 is supposed to fix this for real, but I don't count on it because IPv4 is "good enough," and I bet that it'll be easier for people to keep throwing NAT and subdomains at the problem. E.g., companies don't need to bother maintaining their own webservers and having their own public IPs; the way things are going they'll just point people to "facebook.com/companyName" (I heard an ad do this on the radio yesterday, in fact).

Re:User generated content belongs to the user... (1)

betterunixthanunix (980855) | more than 3 years ago | (#32328602)

Really though, it is possible to connect to existing P2P networks through NAT without any extra configuration. Why should a P2P social network suddenly make the exist solutions to the problem infeasible or more difficult to support?

Re:User generated content belongs to the user... (1)

VTI9600 (1143169) | more than 3 years ago | (#32328618)

the way things are going they'll just point people to "facebook.com/companyName"

At least that's more professional than the ad I recently heard advertising a company's @gmail.com email address. I mean, they let you use your own domain with Google Apps and it's completely free (basic edition anyway). How do people who use Gmail in their businesses not realize this?

Re:User generated content belongs to the user... (1)

sourcerror (1718066) | more than 3 years ago | (#32328476)

Port forward? (extra NAT config)

Re:User generated content belongs to the user... (2, Informative)

betterunixthanunix (980855) | more than 3 years ago | (#32328548)

It is fairly trivial to connect to Gnutella through a NAT without any port forwarding -- so I do not see this being a significant problem.

Re:User generated content belongs to the user... (1)

xednieht (1117791) | more than 3 years ago | (#32328206)

What is Google, or Facebook, or pick-your-poison is one of the peers of the P2P?

Re:User generated content belongs to the user... (1)

betterunixthanunix (980855) | more than 3 years ago | (#32328502)

Then you do not add them to your "friends" list. I see P2P social networking being driven by cryptography, so that your data is replicated across the network but only the people you approve as friends are able to decrypt it. Thus, for Facebook or Google to undermine your privacy, you would have to explicitly allow them to do so -- it would be forced out into the open. Further, there would be few incentives for users to allow a company like Facebook to access their data, since the social networking aspect is provided to them regardless.

Of course, Facebook could try to insert itself in the network by allowing people using a P2P social network to add Facebook users to their friends list, and thus undermine privacy in that manner. That would have an interesting effect, though, as it would force Facebook to be interoperable with another system, something which they have still refused to do. This would be a baby step forward, and would not do much to solve the privacy issues associated with Facebook, but at least it would not be a backward step.

How Precisely Could P2P Solve This? (4, Insightful)

eldavojohn (898314) | more than 3 years ago | (#32328316)

If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...

Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this. Peer to peer implies that by owning my own personal data, it is on my home computer or laptop. Some people only have a laptop and some people like to power down their machines when they're away. So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline. On top of that if you're disseminating photos or videos, this could get crazy for upload speed. So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff. Can you trust their node anymore than Facebook? Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force. So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.

So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.

Re:How Precisely Could P2P Solve This? (4, Informative)

betterunixthanunix (980855) | more than 3 years ago | (#32328416)

There are a few ways P2P would solve the problem. The first that comes to mind is that it would reduce the incentive to undermine privacy, since the social network would not be funded by the sale of personal data (or data derived from personal data). It would also increase the cost of undermining privacy, since people would not just be throwing their data at a single centralized datacenter.

As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

Re:How Precisely Could P2P Solve This? (3, Insightful)

eldavojohn (898314) | more than 3 years ago | (#32328686)

As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

The difference there is that your relatively small key holds the potential for everything on your page. If someone copies and mails a few pics of me, big deal. But that key could be easily copied and sent covertly with the copier taking their sweet time to look at all my stuff -- and for how long before I catch on? And how long before key collecting viruses run rampant and phone home to a black market provider's server where all Diaspora data is cached? The killer there is that you'd never even know and two if you had to change your key then you need to refriend everyone to get the key out. I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends? Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.

And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...

I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ... there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage. My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening. People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.

I love it. (-1)

Anonymous Coward | more than 3 years ago | (#32327786)

Sounds good.

Ignorance, not indifference. (5, Insightful)

Striek (1811980) | more than 3 years ago | (#32327810)

I would think (and hope) that customers aren't asking for it because they're not aware of the risks, not because they don't care. Like when people stop using debit cards everywhere only after their card gets duplicated.

Re:Ignorance, not indifference. (1)

Kernull (580554) | more than 3 years ago | (#32327890)

Are you saying that debit cards are more of a risk than credit cards? (I actually don't know, serious question). Enlighten me.

Re:Ignorance, not indifference. (1)

Skarecrow77 (1714214) | more than 3 years ago | (#32327932)

my check card (debit card that allows you to run it as a credit card anyplace that accepts mastercard, but takes the money from your account with 0% interest owed instead of racking up money you owe to faceless megacorp with 18% interest) has the exact same protections as a credit card.

I'm not sure where all these debit card stories come from. assuming that they are not urban legends, then perhaps people need to find a better bank.

Re:Ignorance, not indifference. (1)

AvitarX (172628) | more than 3 years ago | (#32328004)

I believe if your PIN is stolen you have less protections (e.g. from a hard hacked atm).

Additionally even having your account at zero for a period is a pretty big inconvenience.

Re:Ignorance, not indifference. (1, Informative)

squallbsr (826163) | more than 3 years ago | (#32328262)

With a traditional Visa/Mastercard 'debit' card that pulls money from your checking, there are two ways to use that card and pay for your purchase:

  • Use it like a credit card (you don't type your PIN)
  • Use it like a debit/atm card (you enter your PIN)

If you use you card as a credit card, you are protected in the same manner as you would with a credit card, you aren't responsible for fraudulent charges above $X.xx and you can dispute charges, etc. If you use it as a debit card, if your PIN is exposed by some 3rd party (i.e. the store you are purchasing from, the company they contract with for their POS system, etc) you are fully on-the-hook when it comes to losses - if they steal $2000 from your account, you have lost $2000 - there is no disputing charges or limited liability like with a credit card.

tl;dr;
Use your card as a credit card, you have many protections, use your card as a debit card (you enter your PIN), you are liable for every transaction associated with your PIN.

Re:Ignorance, not indifference. (1)

Zironic (1112127) | more than 3 years ago | (#32328398)

Atleast in Sweden you'll get your money back even if your PIN was stolen as far as I know.

Re:Ignorance, not indifference. (2, Informative)

kevinmenzel (1403457) | more than 3 years ago | (#32328418)

In Canada, or at least with TD, I've had fraudulent purchases made with a copy of my Debit Card someone made. They had the PIN and everything apparently. So I contacted the fraud department, and every fraudulent charge was reversed. It took less than a month, and it wasn't even that much, because I noticed it quickly (it was less than $40 at that point). Additionally, fraudulent transactions made with my web banking are also covered. Of course debit is, I suppose, different in Canada than in most places, given the Interac network...

Re:Ignorance, not indifference. (3, Insightful)

vlm (69642) | more than 3 years ago | (#32328482)

my check card (debit card that allows you to run it as a credit card anyplace that accepts mastercard, but takes the money from your account with 0% interest owed instead of racking up money you owe to faceless megacorp with 18% interest) has the exact same protections as a credit card.

So, your check card is stolen, your account is zero'd. Now all your legit paid bills bounce. Each individual merchant wants $25 and up, directly from you, for bouncing a check. How does your check card protect you from that? My theory is, it does no such thing.

Also I owe 0% interest on my CC. Simply pay your bill each month, no big deal.

Re:Ignorance, not indifference. (4, Insightful)

Endo13 (1000782) | more than 3 years ago | (#32328080)

With a credit card, they're spending the creditor's money. With a debit card, they're spending your money. Even if all the protections are identical, which do you think will inconvenience you more?

Re:Ignorance, not indifference. (1)

MattSausage (940218) | more than 3 years ago | (#32328458)

If I'm being held responsible for the charges after disputing them in both cases? Then obviously it would be more trouble for ME if the thief is spending the bank's money. I have to pay interest on that. Therefore I'm out more of MY money than if they had just spent my money to begin with.

Now, if I'm not being held responsible, I get the money back or I get the charges cancelled in either case, and neither case stands out as better. So in this situation, the logic points to the fact it is better if they steal a debit card than a credit card.

Also, if you choose 'credit' when you use your debit card somewhere, you are covered by all the bank's anti-fraud protections and money back protections as if you had used an actual credit card. It's smart, and it is free, you should do it.

Re:Ignorance, not indifference. (1)

Striek (1811980) | more than 3 years ago | (#32328102)

Not at all, I have no idea if one is any more or less secure than the other. It was merely an example of the ignorance of risk.

Re:Ignorance, not indifference. (1)

rabiddeity (941737) | more than 3 years ago | (#32328058)

I would think (and hope) that customers aren't asking for it because they're not aware of the risks, not because they don't care. Like when people stop using debit cards everywhere only after their card gets duplicated.

This.

Two things are necessary for privacy to really become important to the number crunchers. The first is a direct, measurable impact on individual privacy, which is arguably already happening. Whereas there was an implicit agreement of trust before, you now have essentially no privacy on social networking sites. The second is transparency, the wide exposure and dissemination that sleazy advertising companies have full access to YOUR stuff, and have no compunctions about sharing it.

You can tell who is on your side in this matter not by the first, but by the second metric. Everyone is swapping personal data like mad because there are no economic disincentives to do so-- in fact, there is a LOT of money in selling who your friends are and what things they like. The companies that want privacy to be taken seriously, like Google, are exposing the breaches themselves and letting loose the shitstorm, with the expectation that users will demand a reasonable privacy standard. The companies that don't give a flying monkey's butt, like Facebook, do their best to obscure what data is being shared and with whom. If you want to know which companies are really evil, look at who is trying to keep information from you.

Re:Ignorance, not indifference. (4, Insightful)

mcgrew (92797) | more than 3 years ago | (#32328166)

Apathy is blamed for a lot of things that people really aren't apathetic about at all. One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.

As TFA notes, security is another one. People complain about their virus-infested computers so they aren't apathetic, they're simply ignorant; they don't know HOW to not get viruses, and they bitch loudly because they bought NcAffee and Norton and turned Windows firewall on and STILL get viruses because they DLed Metallica-FreeSpeechForTheDumb.MP3.exe and played it by clicking the file. They have no clue that the file is an executable, because Microsoft hides the file extension by default.

The same goes for privacy. As TFA (again) mentions, most users want both privacy AND social networking. As the article summarises: "Blame the user? Here's a better idea: Listen to the user."

Fat chance of that happening though. The user isn't the customer.

Re:Ignorance, not indifference. (3, Insightful)

betterunixthanunix (980855) | more than 3 years ago | (#32328336)

The problem is that social networking websites make their money by undermining user privacy; there is simply no incentive to actually listen to the users' complaints about privacy, and for a company that must answer to its investors, there is actually a disincentive to listen to the users. Users want privacy and social networking and social networking websites, and they do not want to pay for those websites -- it is just not possible to meet all of those demands at the same time. Privacy is the easiest thing to drop from the list of user demands you actually meet, since it is not the first thing most people will notice.

Re:Ignorance, not indifference. (0)

Mashiki (184564) | more than 3 years ago | (#32328414)

No it's apathy with politics. The reason that most people don't see a difference between candidate A and B, is because they don't do research and instead rely on 3 man sources of information: Their friends, the news media, and preconceived notions they already hold.

Re:Ignorance, not indifference. (3, Insightful)

Anonymous Coward | more than 3 years ago | (#32328466)

You overestimate how much the average person cares -- yes, some people skip voting, as a (seriously misguided, IMO) protest boycott. Most of the people who don't vote, however,do so out of apathy, not principle. There's always a third party candidate (at least in the presidential race, and surprisingly often in lesser races) so you can make your voice heard as being in opposition to those parties, and if there were _really_ anything like 50% of people so disgusted with the two parties we currently have, and (more importantly) the voting system that keeps control limited to two parties at a time, you'd think it'd be damned easy to organize a range-vote or approval-vote party whose sole purpose is electoral reform, and consistently get, if not an outright win, a vastly greater popular vote than third-parties normally get.

With computers, you're not half wrong, but it's not like they don't have a browser in front of them -- if they really aren't apathetic, you'd think they'd seek to inform themselves...

We just need legislation (4, Insightful)

MobyDisk (75490) | more than 3 years ago | (#32327814)

The actions made by these companies, right or wrong, are legal. You can't expect companies (or governments... or individuals) to stop doing this if it is convenient, profitable, and legal. We need some legislation that basically says that they can't publish, transmit, or sell personal information without prior consent. And that any such release - intentional or accidental - must be reported to the individual.

In the US, we have such legislation but it only applies to medical information. That is silly - there's just no reason for companies to be giving this stuff out.

Actually, let me go a step further -- they shouldn't even store this information. I walked into Target and returned some merchandise. It was really simple -- because they kept my credit card on file. I never told them they could do that. As I walked away, they said "Thank you [my name]" so they knew that too. Why is it okay for a store clerk to have this? Why did my credit card company give out the credit card number and name? They don't need that. They need to know "User 81234756897 authorized purchase for $57.34 to vendor 9234857 on 2010/05/23 17:24 with authorization #239485768934." That's it. It should have been illegal for my credit card company to even give the information. Then for Target to store it. As a nice side-benefit, this also prevents fraud since no one in the chain can use my credit card.

Re:We just need legislation (3, Insightful)

selven (1556643) | more than 3 years ago | (#32327892)

Has it ever occurred to you that some customers actually like that kind of customer service? That's why you can't just ban everything and make everyone happy - some infringements of privacy have good uses, and some people actually prefer convenience to privacy. Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.

Re:We just need legislation (1)

raving griff (1157645) | more than 3 years ago | (#32327968)

And then whichever is less popular will die out as the other reaches critical mass. Either that, or people's data will be fragmented between two very different camps that likely will not be able to interface with one another as one service lacks privacy and the other does not. You'll end up in a situation where half your friends are on one social network and half your friends are on another--you'd be forced to use both services to keep in touch with one group of friends.

Re:We just need legislation (1)

Skarecrow77 (1714214) | more than 3 years ago | (#32328086)

that's why i never installed a half dozen different IM clients. ICQ, AIM, Yahoo, MSN, blah blah blah. Anybody not on the one I used must not want to talk to me that much, so email can suffice for them.

Now of course I get all the networks under one communicator, so I do have multiple IM network accounts, but that just reinforces the original point.

Re:We just need legislation (3, Insightful)

clarkkent09 (1104833) | more than 3 years ago | (#32328064)

I agree, if online privacy was really as important to the majority of people as it is to some /. posters there would be companies advertising "guaranteed" privacy the same way they advertise lower prices or whatever other advantage they claim over their competitors. The reason companies don't care is that their customers don't care. Those of us who do just need to be more careful about who we do business with but IMHO it's a losing battle as long as the public awareness of the importance of privacy is nonexistent.

Re:We just need legislation (1)

LandruBek (792512) | more than 3 years ago | (#32328362)

it's a losing battle as long as the public awareness of the importance of privacy is nonexistent.

Well, I hope you are wrong. One good thing about Facebook's recent spastic blunders is that at a few, at least, have realized that privacy is something fragile that deserves some protection. If those of us who care will beat the drum from time to time, others just might wake up. In other words, I'm not yet willing to call it a hopeless battle.

Re:We just need legislation (3, Insightful)

clarkkent09 (1104833) | more than 3 years ago | (#32328626)

Well take slashdot. It is owned by a for-profit publicly traded corporation. True we don't give our names and addresses but many of do give our personal readily identifiable email address and of course IP and probably 1000s of us can be identified if somebody choose to do so and linked to quite detailed overview of our political and other opinions - valuable data for advertisers, political parties, potential employers and who knows who else. This data will still be there years from now and who knows what can happen with it, the financial incentive is certainly there to sell it. Now, I tend to trust slashdot (famous last words?) but I am just trying to illustrate how difficult it is to truly guard your online privacy unless you are a kind of person who only ever communicates through encrypted messages or something like that.

Re:We just need legislation (1)

MobyDisk (75490) | more than 3 years ago | (#32328512)

The reason companies don't care is that their customers don't care.

From my experience, they do. When credit cards first came out, people were afraid to use them because of fraud concerns. Same with the internet. It was only 10 years ago that my grandfather would not enter his credit card into a web site. But today, people take the technology for granted and no longer think it through.

But if you talk to someone, and educate them on the issues, they respond like "what can you do?" And when I explain that a simple change to the credit system, such as generating disposable credit card numbers, or smart chips - they get interested, and then angry that no one is doing it. So people definitely care, but they don't know, and don't think they have any control over it.

Re:We just need legislation (0)

Anonymous Coward | more than 3 years ago | (#32328114)

I think everyones movements should be tracked in micro detail, the government does it, it's time for the public to watch the public (which also includes all government employees)
Think Cathedral and the Bazaar, but for information (biometrics,location,crowd content) instead of software.

Re:We just need legislation (5, Interesting)

LandruBek (792512) | more than 3 years ago | (#32328266)

"Making everyone happy" was never on my to-do list. "Not get reamed by the corporatocracy" is on my list and remains there. As much as others might enjoy the familiarity of having complete strangers call them by name, and the convenience of having merchandise instantly charged to their accounts, *I* am selfish enough to sacrifice all those pleasures just so that I might exert a little bit of control over what others know about me.

This is a job for government regulation. We don't trust the free market with important things like ensuring food safety, protecting the environment, or verifying whether pharmaceuticals are effective. Why should we trust the free market with personal privacy?

Re:We just need legislation (3, Insightful)

MobyDisk (75490) | more than 3 years ago | (#32328456)

Has it ever occurred to you that some customers actually like that kind of customer service?

Nothing I've said decreases the level of customer service. The return could have been done without them saving the credit card number.

Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.

I always prefer free market solutions, but I don't see how to make one work here. The free market only works when the buyer is aware. Companies don't tell me what information they disclose about me. I only find out when I suddenly get charges on my credit card because the store clerk got all my credit information, or because some hacker broke into the stores and took it. I would be open to laws that require them to disclose it to me, but I don't want to read a 25-page legal document to buy something from a store. Since there is no benefit to me from them keeping the information (see the first paragraph for the explanation of why) the restrictive solution is the best one.

Re:We just need legislation (0)

Anonymous Coward | more than 3 years ago | (#32327902)

The actions made by these companies, right or wrong, are legal. You can't expect companies (or governments... or individuals) to stop doing this if it is convenient, profitable, and legal. We need some legislation that basically says that they can't publish, transmit, or sell personal information without prior consent. And that any such release - intentional or accidental - must be reported to the individual.

Easy fix... put it in the EULA. Done. You have now consented.

Re:We just need legislation (1)

MachDelta (704883) | more than 3 years ago | (#32328318)

No one in the history of anything and anywhere has ever read the entirety of an EULA *and* understood every word of it.

They're the digital equivalent of the guy and the end of the commercials going "side effects may include... nauseavomitinghypertensionswollenheaddeathdepression, anorexiaspontaneoushumancombustionsorethroat, tumourscancerdiabetesparkinsonslossofvisionandnumbness." The stuff said so fast no one can comprehend it... but hey, it's there because the law said so!

Re:We just need legislation (1)

JWSmythe (446288) | more than 3 years ago | (#32328468)

I always love hearing that list, when the side effects may include a
rambling list, that starts with headaches, and ends in death. It makes me not
want to take anything ever again.

Re:We just need legislation (4, Informative)

Todd Knarr (15451) | more than 3 years ago | (#32327944)

Actually they probably didn't record your credit-card number. What they probably recorded was the sale number (basically a receipt serial number), the receipt information (what was bought), and the type of credit card and the authorization number. They knew your name because it was recorded off your credit card at the time of sale. To handle the refund they just use the authorization number, which the credit-card company can match to your card (but they won't tell the store the card number, they'll just give out another authorization number for the refund).

Now, the store probably doesn't need to store your name at the time of sale. But if you're paying with a credit card, you know you're leaving a connection between you and that sale anyway so IMO it's not a major thing. If you really want no connection, pay in cash and don't give them any identifying information, not even a phone number.

Re:We just need legislation (1)

MobyDisk (75490) | more than 3 years ago | (#32328382)

I think they *could* do it from the authorization number, but I am skeptical that they actually did it that way. I find that places that use the authorization number ask me for my credit card and punch that number in when doing the return. So I think they just store it. Considering that all the online stores do this too, I don't find it unlikely that retail chains are starting that practice.

Re:We just need legislation (1)

Rene S. Hollan (1943) | more than 3 years ago | (#32328026)

Did you return the merchandise with your receipt or credit card?

If the purchase was made with a credit card, store policy is usually to issue an offsetting credit on the same card (though I suppose some might issue other store credit or a corporate cheque when the card charge clears, which is somewhat inconvenient).

If you provided your credit card so the charge could be reversed, they could issue a query to the credit card company by number and amount -- no need to store your card for this (though they probably do for reconciliation in accordance with the credit card company's privacy policy). When you provide your card a second time, they see your name.

Not arguing that they didn't keep information longer than necessary, but they could have had the same interaction with you without necessarily doing so: the credit card company might have had it, and released it when you provided your card. Hence, my question about handling the return with your credit card or receipt. If you just provided your receipt, AND they did not need your credit card to reverse the transaction, THEN they kept information longer than necessary.

Re:We just need legislation (3, Interesting)

Anon-Admin (443764) | more than 3 years ago | (#32328098)

The problem is that all the companies are data gorging. The CC Merchants are the worst. They insist that you send them not only the total but a list of what the person is buying. They also monitor your advertising and who links to you on the internet. I use to run a lab supply company. We had a affiliate link when we first went online. The merchant account found two sites that linked to us, these sites were in other countries and were drug related. Well drug related in the US but they appeared to be legal in there country. They killed our account with no warning. $3000 a day in sales through the web site gone. They would not turn it back on and added us to a black list. We were unable to continue selling online. We still have the brick and mortar but the online store it gone. We broke no laws and there was no published list of what not to do.

All in all, not only do they collect all the information on every one and there sales, they spend a lot of time monitoring and collecting information on the stores. They need to be dinged on this, some Merchant accounts go as far as to tell you what products you can and can not carry. The second one we had would not let us carry or sell any pipettes, agar-agar or 10cc syringes that had 1.5" 18 gauge needles on them. They considered them "Drug paraphernalia"

Re:We just need legislation (1, Offtopic)

Abcd1234 (188840) | more than 3 years ago | (#32328606)

I use to

Random grammar tip: It's "used to"... "use" is present tense, "used" is past tense.

Re:We just need legislation (1)

ElectricTurtle (1171201) | more than 3 years ago | (#32328150)

You contradict yourself:

[...]there's just no reason for companies to be giving this stuff out.

...right after saying:

[...]it is convenient, profitable, and legal.

It's also nothing new. Do you think that never before the interwebs was data collected about demographics and metrics? That supply and demand occurred randomly? The internet makes it easier, but fundamental economic relationships have existed as long as economies themselves. Businesses have kept ledgers of their clients and transactions for as long as there has been writing. It was generally in the interests of these businesses to keep such ledgers private, and they did so out of those interests to build trust with their clients, but that was a practical thing, neither a moral nor a legal obligation.

Oh and vis a vis Target, hate to break it to you, but your credit card # is your 'user #' and they must know your name because presumably you carry ID against which they could verify that you are who you claim you are. Otherwise anybody could make purchases in your name not merely unchallenged but unchallengable. Granted most vendors assume people are who they say they are, which negates its value, but that is just one of many flaws of the system.

Re:We just need legislation (1)

TomXP411 (860000) | more than 3 years ago | (#32328226)

Actually, your name and credit card number are both encoded on the mag stripe on your card.

As to storing your credit card number: stores have always stored your credit card number as part of the transaction. Back in the pre-mag stripe days, they used an imprinting machine and made a copy of it. Today, it's just stored on a database somewhere.

The end result is the same: the number is required as part of the transaction, and the Track-9 data from your card is the only real proof that you were there for the transaction.

I do tend to agree that personal data should be kept private unless the user explicitly authorized to do so, but the question then becomes "what, exactly, is private?" You could have a whole discussion on just what is truly private information and how an automated system can determine this.

For the record, my simplistic answer is: anything a user enters in to a data system is private unless otherwise specified, either by context (a public forum) or explicit designation (a check-box that says "public" access).

Re:We just need legislation (2, Insightful)

xednieht (1117791) | more than 3 years ago | (#32328246)

No we don't. We need the government to get involved like Andy Rooney needs another eyebrow!!!

Let innovation take it's course.

Re:We just need legislation (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32328660)

I walked into Target and returned some merchandise. It was really simple -- because they kept my credit card on file. I never told them they could do that. As I walked away, they said "Thank you [my name]" so they knew that too.

They do this because people like it and it encourages them to buy - my wife will buy stuff she's unsure of at Target, then decide if she's going to keep it or not. She knows it's easy to return, and she does return stuff regularly, but she'll also keep some of it & get more when she's back there doing the return. Home Depot also can do the return just from the receipt. Just like everything else with cards, they want you to use it more & they don't really care about a little fraud, the overall benefits are much bigger.

Online privacy never existed (2, Insightful)

h4rr4r (612664) | more than 3 years ago | (#32327818)

There is no online privacy, anything you do online is public. If you would not say it in public do not say it online.

Re:Online privacy never existed (1)

allo (1728082) | more than 3 years ago | (#32327900)

but if i say it at your home, you will not say it to other people. but if i say it in a private facebook message to you, some hacker will read it. the problem is, all "rooms" on the internet are built by others, and the security is weak sometimes. if facebook does not read the content, a hacker will read it.

Re:Online privacy never existed (1)

TomXP411 (860000) | more than 3 years ago | (#32328286)

Take it from anyone who's ever been married to a vindictive spouse: anything that ANY other person hears is no longer private; I don't care if you're in the middle of the desert. The day you move out, your ex-wife (or husband) will call your most trusted family and/or friends and air all your dirty laundry.

The real question is "what will a company do with your 'private' information?" I think that on-line privacy policies are a good place to start; what we need now is legislation that forces companies to stick to those policies - despite their disclaimers that say "we're not liable if we break our own rules."

Re:Online privacy never existed (1)

Skarecrow77 (1714214) | more than 3 years ago | (#32327978)

people want their sacred cows. reality need not interfere.

Instead of asking "is what I'm doing keeping my identity private", it's far more useful to ask "is anybody likely to pay attention to what i'm doing."

The information is out there, the question is what is going to be done with it. The answer, for the vast majority of things, is "not a whole lot"

Re:Online privacy never existed (1)

Hatta (162192) | more than 3 years ago | (#32328030)

Sure there is. Send a GPG encrypted email, and that's private. Or chat over Pidgin-Encryption, that's private too. The internet defaults to public, but it's easy enough to secure your privacy when it matters.

Re:Online privacy never existed (1)

Abcd1234 (188840) | more than 3 years ago | (#32328642)

Sure there is. Send a GPG encrypted email, and that's private.

By doing that, you are implicitly conceding the OPs point. There would be no need for email encryption if it weren't for the simple fact that sending data over the Internet is a public action.

Re:Online privacy never existed BUT... (2, Insightful)

starglider29a (719559) | more than 3 years ago | (#32328210)

...Statements of Privacy Policy do. When a site gives explicit guidelines, to which you agree, and THEN they erode or drop the wall that THEY TOLD YOU was there, THAT is evil.

I'm looking at you, Facebook.

let 'em fight in the courts (2, Funny)

jkinney3 (535278) | more than 3 years ago | (#32327824)

Use the same arguments as Intellectual Property proponents. Everything I say and write belongs to me. You have to ask permission to hear it.

laziness (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32327826)

it's all laziness. Laziness on the part of the companies, and laziness on the part of the users of said services. A lot of people leave their stuff wide-open for the world to see. I think it's because overall, people like to feel like they're important, and their written words need to be shared. From the company perspective though, it seems to me the majority of security flaws are due to two things: 1) greed over content control, and laziness.

Odd and Misleading Summary (5, Insightful)

eldavojohn (898314) | more than 3 years ago | (#32327830)

One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it.

Let me counter that with one the more trie and oft-repeated maxims from businessmen in the 80s: Don't you worry about security, let me worry about blank.

Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects.

And yet Facebook thrives and not until last week did Google offer secure searching and they're a giant. Sounds to me like companies that don't worry about privacy are doing pretty well -- maybe even the industry leaders. Maybe they're on to something about it being unimportant to the consumer?

A quick search of recent news on the privacy front reveals that just about all of it is bad.

Oh give me a break. Ninety percent of news stories are negative. Because it sells eyeballs. Really, do you expect a news article about the really great privacy that Slashdot offers Anonymous Cowards to appear? When privacy works, it's not news. Hell, when privacy is kept intact people don't even know. Your reasoning here is severely flawed.

Facebook is exposing users' live chat sessions and other data to third parties.

Yep, marketing's a bitch, ain't it? But then again, we're getting Facebook for free and I don't think there's been any case of someone suffering serious harm from Facebook dumping a chat to marketing. Certainly unsettling but has there been any sort of actual case of abuse and harm to the user? I use Facebook and I don't care much. I'm putting my data on their servers and they had me agree to some BS impossible to read ToS so I just mitigate that by keeping anything sensitive off it. If Diaspora takes off -- hey, great -- but until I can communicate with all my friends and family on it who are half a continent away no thanks.

Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well.

"Caught?" That's funny. If you don't want to "catch" people "recording" your shit, stop broadcasting it and put some encryption on it and use a hidden SSID. You know, like the hundred or so Slashdot posts have pointed out.

But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'

"Prevailing?" So prevailing that you need to reference a half a year old quote that is about all we have of that attitude. That's the predominant force out there? Care to come up with more companies using that sentiment? Care to put that quote into context for me [slashdot.org]? Put the pressure on them and the companies will change. Fact is that nobody's putting any pressure on them so why should they stop doing something which allows them to better market to you with ads and make more money?

If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that.

[citation needed] Prosecutor is leading the witness. Seriously, you're putting words into their mouths. Evil, yes they are. Saying that they claim your data is now theirs by way of their actions is ridiculous. Then from there you link them to Roman authorities ... by way of your own invention of what's going through their minds. "Surely they must be evil if they're thinking of killing me and using my body as a server rack inside their server farm, yes surely they must be evil if they're thinking that." Nice flame though, I bit ...

Re:Odd and Misleading Summary (1)

joelsanda (619660) | more than 3 years ago | (#32328580)

"Caught?" That's funny. If you don't want to "catch" people "recording" your shit, stop broadcasting it and put some encryption on it and use a hidden SSID. You know, like the hundred or so Slashdot posts have pointed out.

It is amazing how people scramble to have them fix their security so my data (which I give them, because it's spelled out in the TOS) is 'secure.' I would have agreed with Schmidt's statement if he instead had said:

'If you have something that you don't want anyone to know, maybe you shouldn't be doing it out in public where everyone can see it in the first place.'

Lock down your home's access point and read the TOS before you start posting crap about your boss or employer. Can't get much simpler than that.

anyone vs everyone (5, Insightful)

xs650 (741277) | more than 3 years ago | (#32327870)

Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.

Re:anyone vs everyone (2, Funny)

starglider29a (719559) | more than 3 years ago | (#32328084)

There are very few things that I don't want anyone to know

Gimme a 'fer instance'..

Re:anyone vs everyone (0)

Anonymous Coward | more than 3 years ago | (#32328298)

Fer instance, the list of things I don't want anybody to know.

Re:anyone vs everyone (1)

egcagrac0 (1410377) | more than 3 years ago | (#32328592)

Suppose I'm seeing another girl on the side. My friends probably know. I'd rather my main girlfriend didn't know.

It's not against my moral code nor the laws of my community to be seeing more than one woman at once.

However, out of courtesy, I'd rather be discreet about the second relationship.

(To you fiends who will surely scoff at a basement dweller like me having two women: He said "fer instance". He didn't say it had to be true. I know it's a he, because girls don't say "gimme" and "fer instance", they'd say "give me an example".)

Re:anyone vs everyone (2, Insightful)

Anonymous Coward | more than 3 years ago | (#32328168)

There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.

Takes a single trusted 'someone' to disclose your info to everyone. It's a sad, losing battle. People can say 'happy birthday' or 'sorry that your wife died', 'sorry you got fired,' etc and the damage would be done before you could delete the comment and have a chat about what is too sensitive to disclose freely to your other friends.

Re:anyone vs everyone (1)

Bigjeff5 (1143585) | more than 3 years ago | (#32328296)

I think Schmidt flubbed it, what he should have said was: "If you have something that you don't want everyone to know, maybe you shouldn't be broadcasting it in the first place."

Google wasn't hacking into anything, they were connecting to open WiFi networks and collecting information that is necessary to connect to the network . The only thing that was a potential booboo here was they didn't dump the information, instead they chose to save it.

If you don't want the whole world to know it, don't broadcast it.

Re:anyone vs everyone (1)

Deosyne (92713) | more than 3 years ago | (#32328322)

That's why I keep the 'anyone' material in an offline format, typically not even on paper. Not 100% effective, as was hammered home one Monday that I decided to take as a personal day and wander through Sears while countless busybody housewives babbled incessantly to one another about shit that they regarded as scandalous all around me. I now know more about the sex lives of random strangers than I do my own. But keeping it offline is still an improvement over posting the material to the world's first global communication network. That is strictly reserved for the 'everyone' stuff.

Stupid argument (1)

e2d2 (115622) | more than 3 years ago | (#32327878)

You know it's funny. These guys spin the word privacy so much that the idea of sharing becomes twisted. Yes I want to share; But with friends, not with faceless businesses so they can solicit me. The idea that these two things are inseparable is idiotic. I share my personal pictures with friends. That doesn't mean I want them beamed to the world.

All of these sites need to stop playing stupid. They know wtf is going on and they know what people want. The problem is their customers are not their users, so the users get treated like chattle to feed the machine.

You want longevity? Heed the wants of your users. It's not hard, and hell you may even make a dime off of it.

How is 'privacy' defined in the US constitution? (1)

UBfusion (1303959) | more than 3 years ago | (#32327896)

Could a lawyer please enlighten us about the definition of 'privacy' US Constitution and in US Legislation, specifically for the electronic media (if available)? TIA.

Re:How is 'privacy' defined in the US constitution (1)

LandruBek (792512) | more than 3 years ago | (#32328504)

IANAL but privacy is not explicit in the US constitution; however the Supremes have found that it is implicitly there; e.g., the Fourth amendment is about privacy even though it doesn't contain the word "privacy." You might appreciate the Wikipedia [wikipedia.org] article.

I call TROLL (4, Insightful)

Gorimek (61128) | more than 3 years ago | (#32327918)

Both the Facebook chat bug and the Google recordings are unintentional mistakes. If they show anything, it's that completely bug free engineering is hard to do. I think we knew that already.

The Schmidt quote is just a statement about how this flawed world is, not how it should be.

The concept of privacy in these times and the future is a very interesting topic, but this post is just a whiny mini rant, not a serious attempt to understand the real issues.

Re:I call TROLL (1)

TomXP411 (860000) | more than 3 years ago | (#32328364)

What amazes me, Gorimek, is that you and I know this (that bug free code is hard.)

But an amazingly large number of people are willing to cry foul and call this intentional. Intentions won't really matter: it will hurt the company's credibility despite the fact that it's really a non-issue.

Does anybody remember the AOL swap file controversy? Essentially, the AOL client allocated unused space on your hard drive to use as a cache, and people found all kinds of snippets of data in there. Right or wrong, people claimed AOL was spying on them.

I guess people will believe what they want, regardless of what the truth is.

They said the same about cars (3, Interesting)

mbone (558574) | more than 3 years ago | (#32327938)

I can remember very vividly GM and Ford (and Chrysler and even Packard) saying basically the same things about cars - they could put in safety features, but they didn't because there was no customer demand for it. This was, mind, when cars had metal dashboards and spear-your-heart driving wheels. This went on until the Federal Government started forcing changes, and until Volvo and other foreign manufacturers started making sales touting safety. I expect to see a similar story arc about piracy on-line.

Re:They said the same about cars (3, Insightful)

Bigjeff5 (1143585) | more than 3 years ago | (#32328370)

Federal safety standards are pitiful compared to insurance company standards.

Federal standards mandate airbags, but only for the driver, not the passenger or side airbags they've been putting in. All of that is coming from the insurance industry - and except for the fact that all drivers must have insurance, it's completely free market. Things like better crumple zones and such are all designed to boost their ratings with insurance companies, because people look at how much the insurance is going to cost them when they think about buying a car.

When ads are more important than users (4, Insightful)

dominion (3153) | more than 3 years ago | (#32327940)

The whole idea of "if you don't want it public, don't put it on the internet" always reminds me of this Onion video:

Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village
http://www.theonion.com/video/google-opt-out-feature-lets-users-protect-privacy,14358/ [theonion.com]

There's no reason that we can't have a reasonable expectation of privacy, even in our online lives. Especially from a technical standpoint. If I share some photos with 10 people, and one of those people decides to copy that photo into an email and send it off to 100 people, then that's a social failure, not a technical one. People I trusted betrayed my trust, on a social level.

But on a technical level, I should be able to share videos or photos or journal posts with a small group of trusted people, and be reasonably secure in the idea that only they will see them. That advertisers won't have access to that photo, that an api won't be able to pull the data without permission, etc. There's nothing extraordinary about that requirement, and that it's treated as absurd and unreasonable shows how far we've fallen from a basic perspective on internet privacy.

Open source can fill the gap. Our incentive, as open source software developers, is to provide the best software possible, and to not skimp on important features like privacy and security. We aren't trying to cater to advertisers, or to build empires based on fads and hype. I've been working on an open source, distributed social networking alternative to Facebook (and Myspace and other "walled gardens") that called Appleseed that focuses on strong privacy.

http://opensource.appleseedproject.org/ [appleseedproject.org]

But most of all, by distributing these services, and allowing users to cancel their profile on one site, sign up for another site, and plug right back into the network they lost, it creates a level of competition so that social networking sites *have* to listen to the concerns of their users. They can't take them for granted. Not just in social networking, if we can continue push for open standards, open protocols, open platforms, etc., it means we have some leverage when a popular service decides to privilege it's revenue stream over the privacy of it's users.

Privacy is a socio-political construct (1)

rwa2 (4391) | more than 3 years ago | (#32327962)

There's no technical way to guarantee privacy and anonymity... quite the opposite: technology should be used to increase transparency.

Privacy is to be respected. If someone doesn't respect your privacy, then by all means take socio-political-legal action. But you sort of have to implicitly trust your infrastructure provider - be it your ISP, your phone company, your email provider, etc. to not abuse your trust. And by all means don't use that infrastructure to transmit anything you don't trust them with.

The good thing about the increased transparency the technology has provided us is that now it's easier to find out if our trust has been abused.

Privacy is your own responsibility. (3, Interesting)

Hatta (162192) | more than 3 years ago | (#32327990)

There's no identifiable information in your MAC or SSID. So big deal there. If you don't want your packets sniffed, it's easy enough to enable encryption. If you don't want your emails shared with marketers, no one is forcing you to use GMail. No one is forcing you to use Facebook for that matter either. These companies provide a service that's free to you, but in exchange for your privacy. If you don't know that's the deal, you have no one to complain to but yourself.

It's really quite trivial to maintain your privacy on the internet. Use encryption whenever possible, and don't use services from companies who's business model is selling your information. Problem solved.

When? (2, Insightful)

WillyWanker (1502057) | more than 3 years ago | (#32328032)

When are we going to start taking responsibility for our own privacy? If it's a concern to you then do what's necessary to protect yourself.

I just don't get why this is suddenly such a big deal. What exactly did Google do that other's couldn't have? If you leave your wi-fi unencrypted and someone accesses it it's somehow THEIR fault???

If you don't want people to know your business start by not announcing everything you do in a public forum.

I'm Over It (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32328062)

I'm so over so-called "cloud" computing and social networking sites, webmail, etc.

I've started to roll my own IT infrastructure. All it takes is a domain name, some time and skill (or the desire to acquire said skills) and away you go.

i will no longer use anyone else for email, etc. I'll host my own domain name, my own blog, my own email. I'm going to own my data, not someone else.

The blame game (2, Interesting)

masterwit (1800118) | more than 3 years ago | (#32328070)

Finger-pointing should be reserved to politics while those not necessary to blame mitigate and/or find a solution to the problem.

Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."

I am all for the world deserves more privacy, privacy laws should exist, etc..."trust" me! But jokes aside, there will always be entities that operate outside what we consider the ideal privacy as long as they are allowed to do so. The problem is not that of each company's policy: since when did we decide that each respective business should and would always hold itself to a higher standard?
In the corporate world these days, one of the common phrases to encompass a moral code is: "if you wouldn't want your mother reading it on the front page of the newspaper, you probably should not be doing it." That is all fine and dandy as they say for a corporate environment and ethics, but this does not necessarily apply to my personal browsing. The problem therefore, as I argue, is that of a conflict of interests:
---We want transparency with privacy. Security and privacy in a corporate viewpoint need to be high. Certified public accountants are held liable for transactions, and audits happen...very often. If the security system itself does not allow tracing of fraud, or even a way to raise a "red flag" of sorts, well then the security system is flawed in the eyes of the auditor.
---We want privacy on personal matters. This fact alone can contradict not in implementation or even feasibility, but perhaps in theory - which is enough to cause problems. As a hypothetical CEO of a corporation, I do not have much understanding of personal privacy of internet actions...I have to deal with lawyers (yes those people...), auditors, and general liability. When I am told that I need to up user privacy and not record any data, etc... this may go against what I fundamentally see my company doing!
I mean to say here that there is a bridge of "thought" between privacy and liability...even though this should not apply to the end user: us.

We assume that big companies are playing fast and loose with our personal information and that there's little we can do about it.

On another front, many Americans are complacent...we know this to be a fact! I don't care about Republican this, Democrat that, Ron Paul, whatever...the world will always have ignorant individuals. Individuals will except a sacrifice of privacy and that overused term liberty in exchange for a bit of "piece-of-mind", and in many cases they just don't care.

A quick search of recent news on the privacy front reveals that just about all of it is bad.

Lastly, I'd like to say, outside of the fact that bad news means more audience, that this all is bad philosophy might not be what is needed. Sure the breaches on my personal privacy and what I like to coin as my "personal liberty" are disturbing...but in a general sense unless the actual source of the problem, a complete lack of laws protecting our privacy, is brought to light, I do not expect any real change.
I agree with this posting in the fact I want privacy and I have little patience...but I just wanted to play the devil's advocate on Slashdot for a bit...
My question to you all: How can we balance security and corporate liability today? && How could the general public be informed the "real" issues, not just the latest privacy breach?

Claiming privacy for public actions? (1, Insightful)

TopChef (1308767) | more than 3 years ago | (#32328072)

I guess I'm just not seeing what the big deal is with Google scanning and recording MAC addresses and SSID's. These are being broadcast in the open such that anyone driving by can see them. How is this an infringement of privacy? It is akin to undressing while standing in your front yard and then complaining when the neighbors watch you.

Public/Unencrypted WiFi = Town Square (0)

Anonymous Coward | more than 3 years ago | (#32328108)

Please note that anything broadcast over public / unencrypted WiFi is akin to standing in the middle of town square and shouting out loud. The latter is more obvious, but it's basically the same thing.

Article is crap (0)

Anonymous Coward | more than 3 years ago | (#32328110)

You can also NOT create a Google/Facebook account, NOT save those cookies until they expire and NOT use unencrypted or semi-encrypted wifi APs. But hey, it's not a good article if it doesn't try to scare everyone. Try to see the big picture, it's still pretty damn hard to create an accurate and detailed profile of someone you don't know who just happens to issue a bunch of HTTP requests to your webservers. Also, unless you're in China or something, no one is going to look at your web habits. Google is only interested in targeting ads at you, so you can have a nice search engine whenever you need it.

Just be careful what you do, sensationalist articles like this are just that and it pisses me off. It does nothing to actually inform people what to do but scare, it only briefly mentions a problem with Facebook that (after clicking through) appears to be a vulnerability that was discovered and fixed 19 days ago. Woopdedoo.

TL;DR: Nothing to see here, move along.

The real "private" problem here (0)

Anonymous Coward | more than 3 years ago | (#32328136)

The real "private" problem here is that every time I hear somebody whinge about Google collecting data that was being BROADCAST on an OPEN CHANNEL I want to rip off said complainer's privates to ensure that level of stoopid is kept out of the gene pool. But that might just be me.

Privacy Schmivacy... (1)

scottwilkins (1224922) | more than 3 years ago | (#32328148)

Is it time to put aluminum foil on our heads yet? It would be if we let these privacy screamers run the parade.

You ARE to blame (4, Insightful)

ADRA (37398) | more than 3 years ago | (#32328190)

Sorry, but please take some responsibility for yourself. If in fact there is something so important that you don't want anyone to know, then don't do it online, PERIOD. This is nothing new and there are very few if any technological measures that can ever be deployed that will guarantee that your privacy / security will ever be secure. The level of hassle involved with making really improbable-to-break security is really hard and requires diligence on the part of the individual. If Vista taught us anything, it is that users do NOT want real security. They want to do what they want and not worry about how the system does it. Well guess what? The system isn't perfect and neither is the security. We live with the imperfection for the sake of simplicity.

"Facebook is exposing users' live chat sessions"
This was a defect in their IM system. This could happen in EVERY SINGLE store and forward based messaging system (AKA basically all of them).
If you expect each facebook user to generate their own Public/Private key then you're diluted (plus it breaks the online chat thing unless you're sharing your private key with facebook which would defeat the purpose).
If you expect software to be perfect then you're an idiot.

"and other data to third parties"
You agree to this when you clicked through their EULA (which is your fault).

"MAC address and SSID information from public Wi-Fi hotspots ..."
Data was wide open (which is your fault) and the company erroneously captured it.

Been saying it all along--now will you believe me? (3, Insightful)

erroneus (253617) | more than 3 years ago | (#32328274)

Google is an advertising/marketing company. Their motives and actions are consistent with advertising/marketing companies. They seem to be more "generous" than many other advertising/marketing companies in that they give away better "swag" but they are still an advertising/marketing company... and a very successful one at that.

Within their motives you can determine your expectations of them... and altruism isn't one of them.

But he's right (1)

alienzed (732782) | more than 3 years ago | (#32328376)

If you don't want anyone knowing about something then you should not be doing it. Give me one example to the contrary.

Re:But he's right (2, Informative)

vlm (69642) | more than 3 years ago | (#32328608)

If you don't want anyone knowing about something then you should not be doing it. Give me one example to the contrary.

Leaving your house empty at a specific time with a specific valuable object in it ready to be stolen.

Re:But he's right (3, Insightful)

Overzeetop (214511) | more than 3 years ago | (#32328620)

No he's not, at least not when taken out of context. There are a lot of things I don't want people to know. I color my hair, for example. I'd rather people just think I'm not quite as old as I am (or conversley, I'd rather people not think I'm older than I really am). Hair coloring isn't an illegal act, or even immoral for that matter.

Put into context:

If you shouldn't do something, or don't want people to know about something, you probably shouldn't do it in public.

Now, if you were to substitute "public web site" or "public places on the internet" or even "in a business establishment" for public, you'd be talking about the same thing. See, these are public places, and there's really no expectation of privacy except a wink and a nod.

Now, lets change that and make it a place you own. Your own bedroom. Your own living room. Your cabin in the mountains. Your own server. You can do just about anything you want. Clip that ugly toenail. Watch Glee. Revel in mounted animal heads. Store all your balloon porn. But if you're going to go do those things in the local pub, you probably shouldn't be thinking that they are private.

See, most of these sites are "free" (as in beer). Even if they didn't make money on selling your eyeballs and preferences for marketing, they still wouldn't be private places. There are places on the internet which are private. You can sign up and encrypt all your stuff, and keep the key. But they're not convenient for sharing. Just as drinking a fifth of Jack in your kitchen isn't nearly as much fun as drinking it in a bar with fifty friends.

Privacy isn't dead, it just needs a bit of explaining. Just remember - if you didn't pay for it, it's probably not a private place.

They make money from violating your privacy (0)

Anonymous Coward | more than 3 years ago | (#32328664)

The reason companies don't do more to protect your privacy is that they earn their living from violating your privacy. Google uses all the data it gathers from your searches, email, chats, ad clicks and the like to target ads at you. Facebook does the same. All of the behavioral targeting ad nets pay more to publishers because they are tracking you and gathering detailed information about you from multiple sources. There is BIG money in hoping you aren't paying attention and don't know or understand all of this.

Think of this analogy. If Google asked you to give up your right of free speech and let them censor what you read and send in order to use Gmail there would be a revolt and no one would use the service. But without asking they are taking away your right to privacy when you use any of their services or browse any site where they place an ad and that is just about everywhere.

Dip-Schmidt: a game of ignoble "Maybe"s (0)

Anonymous Coward | more than 3 years ago | (#32328680)

'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'

So what does dip-shmidt not want people to know that he 'maybe' shouldn't be doing?

Should we not be exercising our democratic and shareholder rights by voting in private ballots? Maybe Mr Schmidt spent too long doing business with the Chinese government? Maybe? Pfft!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...