Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RapLeaf Is Back and Bad As Ever

timothy posted about a year ago | from the making-a-list-checking-it-an-infinite-number-of-times dept.

Privacy 78

itwbennett writes "Privacy blogger Dan Tynan opted out of data aggregator RapLeaf back in 2010 — and wrote about it. At the time, opting out seemed to work well enough. But fast forward a couple of years and ... they're baaaack. While testing a privacy service called Safe Shepherd, Tynan discovered that 'not only [is he] not opted out of RapLeaf's database, they've also gathered far more information about [him] than they had before.' And it's a pretty good bet some of the data came from Facebook apps, which is a practice that the company was slapped for in 2010 and claimed to no longer do."

cancel ×

78 comments

Sorry! There are no comments related to the filter you selected.

Google never went away (0, Offtopic)

drinkydoh (2658743) | about a year ago | (#43424331)

Back in the time ad companies like DoubleClick existed on a broad swath of Web sites, so they were in a unique position to get a 30,000 foot view of your Web surfing habits. All they had to do was drop a cookie file on your hard drive. Whenever you visited a site containing a DoubleClick ad, it checked your hard drive for that cookie, and added that web site and any information associated with it to its profile of you.

But Doubleclick couldn’t actually identify you personally; it identified your browser, which could be used by anyone in your household. And (after a lot of pressure from privacy wonks who were also not your mother) it and other ad companies like it offered you the opportunity to opt out of being tracked, though it never really worked all that well.

Fast forward ten years. Doubleclick is now owned by Google. So-called “behavioral marketing” is all the rage in Net advertising. People are now sharing information about themselves on social networks like it’s going out of style. And companies like Rapleaf and Google are there vacuuming it all up and spitting it out to advertisers – supposedly anonymously, though now we know better.

Re:Google never went away (0)

Anonymous Coward | about a year ago | (#43424451)

You know, you should probably mention that your post is just three copy-pasted paragraphs from an article.

Cookie based opt-out (4, Informative)

Anonymous Coward | about a year ago | (#43424443)

Opt-out policy

This company provides a cookie based opt-out. An "opt-out cookie" is set by the browser. This provides a request that ads should not be customized through your web browsing activities and preferences. You will continue to receive ads but this company will not use this information to select behavioral ads you see online. You must opt-out again if cookies are deleted and required for each browser type and new computer. Third party cookies must be accepted for opt-out to work.

So, if you wipe your cookies, you "opt back in".

Re:Cookie based opt-out (4, Informative)

Anonymous Coward | about a year ago | (#43424707)

There are Firefox add-ons (and probably Chromium equivalents) that automatically give you opt-out cookies, and make sure they won't be deleted. Beef Taco comes to mind.

Re:Cookie based opt-out (5, Informative)

ben_shepherd (2894353) | about a year ago | (#43425065)

There are two types of ways to opt out of Rapleaf that should be distinguished here. The more robust way (assuming they respect it) is to go through their "permanent opt-out" form (http://www.rapleaf.com/opt-out/), which removes you from their database. What the cookie opt-out does is disable their third party tracking of you as you browse the web. If you're interested in removing yourself from all of the major data broker and people search sites check out our manual opt out guides: http://blog.safeshepherd.com/how-to-block/ [safeshepherd.com] . Or better yet, give our service a try.. guarantee you it will save you a lot of time and worry if you care about these sites selling your personal information.

Re:Cookie based opt-out (1)

Optimal Cynic (2886377) | about a year ago | (#43425681)

I'd love to, but what kind of safeguards do you have? You ask for a lot of personal information, seems like creating a single point of potential failure to me. I think what you're doing is great, I'm just a bit paranoid about this.

Re:Cookie based opt-out (3, Funny)

gandhi_2 (1108023) | about a year ago | (#43425795)

just a bit paranoid

Is that a twitter bird next you your id?

Re:Cookie based opt-out (1)

Optimal Cynic (2886377) | about a year ago | (#43427061)

Yeah, it's how I log in to Slashdot.

Re:Cookie based opt-out (0)

Anonymous Coward | about a year ago | (#43427931)

Whoosh!

Re:Cookie based opt-out (0)

Anonymous Coward | about a year ago | (#43429987)

Yeah, it's how I log in to Slashdot.

1. We got that.

2. Whooosh.

Re:Cookie based opt-out (1)

ben_shepherd (2894353) | about a year ago | (#43426025)

Hey there, we take privacy very seriously-- that's why we started Safe Shepherd. We go out of our way to encrypt as much info as possible through row-level encryption. Also we delete every single database row related to your account when you opt to cancel your service with us. Here's our privacy policy: https://www.safeshepherd.com/privacy [safeshepherd.com] . Feel free to hit us up with any questions, we're a 7 person organization and can respond to people individually.

Re:Cookie based opt-out (1)

Optimal Cynic (2886377) | about a year ago | (#43427117)

Thanks, that's pretty much the answer I was hoping for.

Re:Cookie based opt-out (1)

HiThere (15173) | about a year ago | (#43428267)

That "assuming you trust them" is my real sticking point. I'd rather not give them any information (or any correct information) to start with.

What we need is a character generation application, sort of like you get on angband, but customized to provide random user information for web sites. And a small database that tracks which web site you give which character information to. The only hard part would be the browser interface, so that the browser would automatically give the right website the right charcter information.

Re:Cookie based opt-out (1)

fast turtle (1118037) | about a year ago | (#43428591)

and this is just one more reason I use noscript and a dedicated host file since the dial-up days (I've been on broadband for a decade) to block ads and such crap. I used to use Ghostery but after I realized they were collecting and selling the same information that Google and other advertisers were, I quit using them. Noscript works quite well in providing me the full path name of the annoyance so I can add it if needed to my host file. Another option I take full advantage of is the many free hosts files online. The good ones include plenty of comments and I tend to combine several of them for my needs and this works quite well in regards to what I'm blocking.

Re:Cookie based opt-out (1)

Optimal Cynic (2886377) | about a year ago | (#43430243)

Or you could use privoxy, which has URL matching, not just host blocking.

Re:Cookie based opt-out (0)

Anonymous Coward | about a year ago | (#43434565)

Ghostery doesn't collect any information without your own clear opt-in choice. Its called GhostRank and its off by default. The data collected when this feature is on has nothing to do with the user and everything about collecting info about where and which the trackers have been found. Get a clue and stop spreading FUD.

Re:Cookie based opt-out (0)

Anonymous Coward | about a year ago | (#43425633)

That's fucking brilliant

Re:Cookie based opt-out (-1)

Anonymous Coward | about a year ago | (#43427841)

This can all be cured by putting all Jews into ovens.

Re:Cookie based opt-out (1)

sorak (246725) | about a year ago | (#43428157)

Is this company run by the kid who would steal anything that wasn't nailed down and then say "you didn't say I COULDN'T have it"?

Where is the proof? (0)

Anonymous Coward | about a year ago | (#43424457)

The whole thing states previous facts, but when it comes time for you to actually say that rapleaf is back and doing their business again you use the phrase "pretty good bet".

So unless you have real proof of something, real facts and first hand knowledge don't make claims you cant back up.

Follow the money (4, Insightful)

Jawnn (445279) | about a year ago | (#43424463)

This behavior not going away until it becomes to expensive, in terms of bad PR as well as fines, for dishonest practices. You either honor your customers' request/expectation of privacy or you don't. If you don't it should cost you. Currently it simply doesn't, so the so-called free market being what it is, we see rampant abuse like this. Mind you, the clueless legions who so blithely bend over to have their privacy raped by Facebook et al deserve a fair share of the blame here, but it is not realistic to expect most of them to fully understand just how bad an idea it is to let some of these go on. For that reason, regulation is in order, and I mean real regulation, with teeth and a budget to enforce it. I will not hold my breath.

Re:Follow the money (2)

Joce640k (829181) | about a year ago | (#43424573)

Yep.

Earnings - fines = profit.

If earnings are bigger than fines then profit is a positive number. The fines are just operational overheads.

Re:Follow the money (0)

Anonymous Coward | about a year ago | (#43424937)

Earnings - fines = profit.

If earnings are bigger than fines then profit is a positive number. The fines are just operational overheads.

Okay we can always up the stakes.

Earnings - fines - # of C level staff and their families whose personal information get posted online to demonstrate that turnabout is fair play.

Name their mistresses, tell everyone where their kids go to school, point out their off-shore accounts to hide all of their money, put up a big sign in their yard detailing their medical conditions and credit score. They seem perfectly willing to do it to us.

Crank up the value of the fines and change the laws so the default isn't "whatever a company wants to do in the name of profit".

If that doesn't work, maybe some form of "kinetic protest" in the form of fast moving small objects.

Re:Follow the money (0)

Anonymous Coward | about a year ago | (#43424601)

From my personal experience theres no real teeth in HIPAA privacy violations, why would there ever be teeth in data aggregator laws?

Re:Follow the money (1)

HiThere (15173) | about a year ago | (#43428301)

If there were (real teeth in HIPAA privacy violations), medical agencies couldn't use web connected MSWindows machines.

So, yes, your point stands.

Re:Follow the money (1)

Anonymous Coward | about a year ago | (#43424639)

This behavior not going away until it becomes to expensive, in terms of bad PR as well as fines, for dishonest practices. You either honor your customers' request/expectation of privacy or you don't. If you don't it should cost you. Currently it simply doesn't, so the so-called free market being what it is, we see rampant abuse like this. Mind you, the clueless legions who so blithely bend over to have their privacy raped by Facebook et al deserve a fair share of the blame here, but it is not realistic to expect most of them to fully understand just how bad an idea it is to let some of these go on. For that reason, regulation is in order, and I mean real regulation, with teeth and a budget to enforce it. I will not hold my breath.

This behavior will not go away until an individual is affected by it, in a very personal way (didn't get a job, lost a job, affected marriage, etc.). Then and only then will people wake up to the problems they are creating for themselves with an IDGAF attitude about privacy.

Until then, it will always be treated in the same way as unsafe sex. Bad shit will never happen to me, it's always "someone else".

Ignorance rules the planet right now.

Re:Follow the money (1)

HiThere (15173) | about a year ago | (#43428323)

The behavior will continue until the individuals effected in the manner you specify are the people making the decisions about what business plans to pursue. And even then I expect that there would need to be about a decade of continual prosecutions and punishments to overcome the last several decades of improper conditioning.

Re:Follow the money (0)

Anonymous Coward | about a year ago | (#43424761)

It's fun to trash facebook, but I'd like to hear from anyone what they think facebook is responsible for and what they can do about it in this case. Facebook apps are web apps. Free and open internet. Cookies and all. If they ban all cookies from their apps, that's anticompetitive. If they restrict the API, they are breaking the internet. Facebook's only role in this is that they are the vehicle for delivering the web app in the first place.

Re:Follow the money (0)

Anonymous Coward | about a year ago | (#43430079)

It's not about the apps, you lug nut.

It's about the DATA... all that tasty data, yum yum, and like a fine cheese or wine, it just gets better with time, as it's aggregated and correlated and tabulated and mmmmnomnomnomnonmnom.

Data is not water, and it does not magickally disappear from the Facebook pipes after flowing through them.

Re:Follow the money (2)

tlhIngan (30335) | about a year ago | (#43425637)

This behavior not going away until it becomes to expensive, in terms of bad PR as well as fines, for dishonest practices. You either honor your customers' request/expectation of privacy or you don't. If you don't it should cost you. Currently it simply doesn't, so the so-called free market being what it is, we see rampant abuse like this. Mind you, the clueless legions who so blithely bend over to have their privacy raped by Facebook et al deserve a fair share of the blame here, but it is not realistic to expect most of them to fully understand just how bad an idea it is to let some of these go on. For that reason, regulation is in order, and I mean real regulation, with teeth and a budget to enforce it. I will not hold my breath.

Hint: You're not their customer. You're their product.

RapLeaf, Facebook, Google's customers are not who we normally consider the users. They're advertisers ,marketers, etc, the ones who pay these companies money in exchange for information collected.

Contrast this with say, buying an iPhone, in which case you're Apple's customer and Apple strives to satisfy the people who pay for it. For Microsoft, things are more blurry because you're their customer sometimes (e.g., buy Windows, Office, Xbox, etc), and sometimes you're the product (e.g., Bing, Hotmail/Outlook.com, etc).

Re:Follow the money (1)

Minupla (62455) | about a year ago | (#43426327)

Contrast this with say, buying an iPhone, in which case you're Apple's customer

Not quite true - otherwise Apple would not be in the advertising business (http://en.wikipedia.org/wiki/IAd)

In general, you can assume that any large company is treating you as the product. The only question is to what degree and if you're also a customer.

And if you bought a google nexus phone/tablet, you're also Google's customer as well as product.

Min

Re:Follow the money (0)

Anonymous Coward | about a year ago | (#43426493)

The only time you're MS's customer is if you're buying an XBox or a boxed set of Office or a boxed set of Windows. If you buy a Dell with W8, Dell is MS's customer, not you.

Re:Follow the money (1)

VortexCortex (1117377) | about a year ago | (#43427567)

Hint: You're not their customer. You're their product.

Hint: You're not my friend or follower, you're my target demographic.

Seriously, although I hate them and would rather folks join our forums or IRC, I must use social networks to connect with the community at large. I even bounce ideas off of them while letting interested folks know about what's up with the stuff (games) I'm working on. Also we get to share some other unrelated interests while we're at it.

As a "product" on the social networking sites I use them to subscribe to things I want to know about, but don't want to have to remember to check on. I'd love it if everyone just had RSS enabled and kept me up to date on their stuff that way, but not everyone does (indie game devs, specifically of Roguelikes, I'm looking at you). I don't ever use it for personal correspondence or to share "private" stuff with friends and family -- Sharing family photos and backing up grandma's hard drive is what our family's website and private cloud is for.

That said, if advertizing begins to drown out my message to those who're interested specifically in my stuff, or it begins to overly pollute the feed of data I wish to collect from others then I'm out. It's a fine line to walk. The point is that, not only are we the product, but they are a services and I'm using it for my benefit -- We call this situation "being a User". If you're not a user, you're a fool.

Re:Follow the money (1)

VortexCortex (1117377) | about a year ago | (#43427605)

Seriously, although I hate them and would rather folks join our forums or IRC, I must use social networks to connect with the community at large.

Hmm... this could be taken to mean I hate the social networks, OR the community at large. Given the vast quantity of annoying idiots far outnumbering rational likeable folks, yeah, I'd say I hate most of "the community" for large values of "community". I hate social networks more that the worst of trolls though, but they're sadly a necessity. It's where people are.

Re:Follow the money (1)

X0563511 (793323) | about a year ago | (#43427133)

You do realize that the "clueless legions" you speak of have every right to place different values/definitions on their privacy, right? They do not have to care about it.

They should, but they don't have to. That's the wonderful thing about this world - we don't all think the same way.

Re:Follow the money (1)

MagusSlurpy (592575) | about a year ago | (#43430399)

The older I get, the less I'm sure that I agree with your "Thy should care about privacy" statement. As long as these companies aren't calling me or spamming me, I don't really care. If they want to track my browsing habits, whatever. If they are really that interested in seeing that a guy who browses Slashdot also regularly visits HardOCP, RPS, Penny Arcade, Netflix, Facebook, and a few gaming community forums so they can sell that information to WalMart and Amazon, whatever.

Personally, I think the whole data aggregation field is highly overvalued and sooner or later it's all going to come crashing down when companies realize that buying this data isn't enabling them to make any more profit.

Data harvesting: illegal, low-cost, high profits. (1, Troll)

h00manist (800926) | about a year ago | (#43424481)

Wikileaks showed us the way. The only thing left to talk about is public access to data, especially data on people in privileged positions.

Nothing can really be done to control black and gray market data. And, little or no actual control can be exerted on the "legal" companies and practices as well. Even if you manage to hide your own data through various means, it complicates and restricts life, and does nothing about the data of the rest of the population, which affects and includes your data.

The only real secrets are those of people who can afford the expenses of keeping secrets - corporations, governments, and their associated criminals.

No, the path is now to acquire public access to data on these people.

Re:Data harvesting: illegal, low-cost, high profit (0)

Anonymous Coward | about a year ago | (#43425001)

How is it illegal?

Opt Out? (1)

frootcakeuk (638517) | about a year ago | (#43424555)

I find it ironic yet unsurprising that the 'opt out' link doesn't work. https://www.rapleaf.com/opt_out [rapleaf.com]

Re:Opt Out? (2)

frootcakeuk (638517) | about a year ago | (#43424579)

Sorry, typo in the OP's provided link. It does work.

Re:Opt Out? (2)

preaction (1526109) | about a year ago | (#43424603)

The opt-out link I found was https://www.rapleaf.com/opt-out [rapleaf.com] and it seems to work fine. Disclaimer: I hold no opinion on this site and what it does, I am interested only in well-reasoned arguments based on facts.

Re:Opt Out? (1)

macraig (621737) | about a year ago | (#43424705)

What makes you so bloody certain that it "works"? That the form and captcha simply appear at face value to be responsive? I actually entered an e-mail address which, if the process is actually "working" as expected, should have generated an e-mail challenge to verify that I owned said account and wasn't pranking an account I don't own. I've received no such challenge yet.

For all I know that form is simply a means to collect the e-mail addresses of people who they intend to data-mine even more intensely, precisely because of their stated intention to opt out. After all, only people who have valuable things to hide would ever feel compelled to opt out, right?

Re:Opt Out? (1)

X0563511 (793323) | about a year ago | (#43427153)

The difference is that you have explicitly told them not to track you. If they continue to do so, things are a little bit differently, legally.

Re:Opt Out? (1)

preaction (1526109) | about a year ago | (#43428623)

I don't know that it actually functions, like you I am not going to give them a real e-mail address just to test it. The link goes to a web page though, where as the person I was replying to had a bad URL. As mentioned, I'd rather light my torch and raise my pitchfork for a reasoned argument, and not a knee-jerk reaction based on a misspelling from - to _.

Re:Opt Out? (4, Interesting)

macraig (621737) | about a year ago | (#43424787)

And BTW, that page relies on no less than 10 external "trackers", according to Ghostery:

AppNexus
DoubleClick
Google +1
Google AdWords Conversion
Google Analytics
HubSpot
MixPanel
Outbrain
ScoreCard Research Beacon
SnapEngage

People are quite likely collecting data on your choice to opt out....

Re:Opt Out? (2)

Sporkinum (655143) | about a year ago | (#43425685)

Isn't ghostery owned by Evidon, who also owns Rapleaf? I wouldn't trust either of them.
However, I wouldn't trust Safe Shepherd either as they are aggregating info as well.

Seem like best bet for yourself is to stop scripts from running and cookies from storing.
Also, most of that technology is rendered useless if you are blocking ads because you never see what their magic mojo is throwing at you.

Re:...Evidon, who also owns Rapleaf? (1)

TaoPhoenix (980487) | about a year ago | (#43425957)

"Isn't ghostery owned by Evidon, who also owns Rapleaf? I wouldn't trust either of them.
However, I wouldn't trust Safe Shepherd either as they are aggregating info as well."

Nice bit of homework there. Is there a more free/open plugin that does the same kind of thing that Ghostery does by providing lists of blocked trackers? I'd be happy to use that instead.

Re:...Evidon, who also owns Rapleaf? (1)

magic maverick (2615475) | about a year ago | (#43426205)

RequestPolicy will block all third party requests by default, which will block the cookies that come with it. (They do allow, by default, links between a site and it's CDN domain though.)

Re:...Evidon, who also owns Rapleaf? (2)

X0563511 (793323) | about a year ago | (#43427221)

AdblockPlus + easylist + easyprivacy + noscript (for the extra careful). Kind of hard for doubleclick to track me if I don't load resource from them and don't run their scripts!

I'm sure there are some items that slip through, but implementing them requires more significantly more coordination between the trackers and the site itself. I'd wager this gets rid of nearly all of it.

(and advertisements in general, which I -do-not-want- anyway. I know that's how sites get paid, frankly I don't care. Friendly fire. You all ruined that party yourselves - had you not been stupid assholes about it for so long, I might not block you like I do now.)

Re:...Evidon, who also owns Rapleaf? (1)

TaoPhoenix (980487) | about a year ago | (#43428035)

I got half way there - I have been using adblock for years. However, however flawed it might be, Ghostery at least pointed out those lists of cookie-whatever tracker companies that aren't actually serving ads.

I haven't heard about easyprivacy before, so I might look into that. I think I tried and abandoned noscript a few times because it's a bit too fierce and it became a lot of work to add-in the sites I wanted to run stuff (yahoo mail, monster jobs site, but a surprising number of others now escaping me.)

Elsewhere someone mentioned requestpolicy.

However, I was particularly interested in finding one of these services that doesn't just block stuff, but produces the ordered list in realtime of what in fact it did block. For example, besides Google, that SafeShepherd site uses "Mix Panel" and "Perfect Audience". So that's why these "privacy companies" make me giggle grumpily - "hmm, so you're a company that wants to offer to remove tracking info, so why do you have those enabled and what do they track?" This is something like the third of these "privacy services" showing up this year, each with little wiggly angles they are playing.

Re:...Evidon, who also owns Rapleaf? (1)

X0563511 (793323) | about a year ago | (#43431525)

Just a note: I'm sure some of those trackers are actually from the advertisements, which are loaded from third-party systems that the site does not have immediate control over.

Did/does the site have any kind of advertisements on it that you noticed?

Re: trackers are actually from the advertisements (1)

TaoPhoenix (980487) | about a year ago | (#43433805)

Hi there.

I didn't do any extensive analysis, which in some ways is my point - the data to do the analysis with on these kinds of questions eventually buries into "company proprietary info". To clarify, the other half of my point is that I am used to and sorta don't care that the top "newsrags" have a huge collection of stuff going on. Let's say that Ghostery works, and blocks them, and then Evidon does whatever they want later. In the modern age, I expect many sites to deploy stuff.

But I hold "privacy companies" to far higher standards because of the specific nature of the services that they purport to sell. So as a consumer, it's absolutely not my job to be wondering why those elements are on a privacy site's page.

Re:...Evidon, who also owns Rapleaf? (1)

cheros (223479) | about a year ago | (#43503483)

Sadly, what you have done is not enough.

You missed Google fonts. Practically EVERY Wordpress template contains them as it's one of the few resources available to create a better design without having to license fonts for download. Google doesn't do that out of the gentleness of their non-existing hearts: every time you load a Wordpress page which uses Google fonts you create a hit on their fonts API.

Granted, if you nuke cookies they will not have a fully accurate lock on you as a person, but that's where geolocation comes in - Google does not HAVE to be accurate, all they need is a reasonable approximation. In principle we should ALL use the web via proxy, but it's ridiculous that I have to defend what is my RIGHT because setups like Google are allowed to break the law with impunity (at least in Europe)?

Re:Opt Out? (1)

macraig (621737) | about a year ago | (#43426497)

I dunno about that, but I can tell you that Ghostery blocks "Rapleaf" by default. If there was really something sinister there, I'd expect to see it quietly whitelisted.

Re:Opt Out? (1)

X0563511 (793323) | about a year ago | (#43427185)

Does it actually block it, or does it only say that it does?

Re:Opt Out? (1)

Secret Agent Man (915574) | about a year ago | (#43426881)

Some cursory googling did not reveal any link between Evidon and Rapleaf. Got some sources to share?

Hmmm ... (3, Insightful)

gstoddart (321705) | about a year ago | (#43424623)

So, you don't trust the company (which is a given), but somehow we're supposed to trust that opting-out actually does anything or causes them to delete anything?

If anything, it sounds like the fact that you opted out gave them more information about you and more reason to find more.

Opting out of this kind of shit is like "click here to unsubscribe" which comes with spam to make it look compliant -- they're not going to do it.

I mean, he's talking about logging into his account on their server to see what information they have about him -- I sure wouldn't sign up for this in the first place.

Laws need to change so the default position isn't "company can do whatever it wants without telling you". Of course, they'd scream and howl that it was cutting into their "freedom of speech" or corporate profits, but I don't see why it should be something which they decide how it gets used.

Triple take on the name (1)

Anonymous Coward | about a year ago | (#43424703)

Please tell me I'm not the only one who had to read the title three times to realize it's not called "RapeLeaf."

Re:Triple take on the name (1)

Nemesisghost (1720424) | about a year ago | (#43425325)

Nope, you are not the only one.

Re:Triple take on the name (1)

MagusSlurpy (592575) | about a year ago | (#43430427)

If it makes you feel any better, I had to read it three times to realize that it had nothing to do with mad urban beetz.

How we verify opt-outs at Safe Shepherd (5, Informative)

ben_shepherd (2894353) | about a year ago | (#43424887)

Hey guys, I'm Ben, a developer at Safe Shepherd. Data brokers and people search sites like Rapleaf have a bad habit of blocking or flat out ignoring opt out requests. Recently we implement a system of verified removals whereby we check whether the opted out record actually still appears on the data broker's website. This allows us to identify whether they're being generally honest and whether another opt-out needs to be sent on a case-by-case basis. I set up the verified removals to run as a daily cron task, so we can identify whether records re-appear even after they've been removed (yes, data brokers do this). Also fwiw we've written up some manual opt-out guides for all the major data brokers and people search sites in case you want to do the removals yourself rather than through our service: http://blog.safeshepherd.com/how-to-block/ [safeshepherd.com]

Re:How we verify opt-outs at Safe Shepherd (1)

ewhac (5844) | about a year ago | (#43425707)

It seems like, in order to get these nosy little snoops to stop snooping on you, you have to explicitly visit their site, provide them with even more info, and hope they keep their word that they won't compile data on you.

For those who are, shall we say, less sanguine about these companies being true to their word, can you suggest client-side methods users might try that either block the trackers' ability to collect data in the first place, or would give the trackers useless or conflicting data?

Download the ghostery extension (0)

Anonymous Coward | about a year ago | (#43425897)

Should be available in at least Chrome. I'm sure there are firefox variants as well.

Re:How we verify opt-outs at Safe Shepherd (2)

ben_shepherd (2894353) | about a year ago | (#43425977)

methods users might try that either block the trackers' ability to collect data in the first place

  1. 1. Avoid publicly accessible pages on social sites like LinkedIn, OkCupid, Facebook. People search sites crawl these to build up their data sets. We recently added a social monitoring feature which will show you a snapshot of your social profiles from a non-logged in user perspective which can help with that.
  2. 2. Practice safer browsing habits. Lots of plugins like Ghostery that can help with this.
  3. 3. You're never going to completely prevent them from getting data as long as you're living a normal 21st century life. Most people have real estate records, voting records, retail stores selling their info, etc. That's why removals are a must if you care about people being able to buy your info online. I wrote a blog post about your question here: http://blog.safeshepherd.com/resources/steps-to-privacy-controlling-your-personal-information/ [safeshepherd.com]

When we do opt outs we try to send the bare minimum amount of info.. But the data brokers and people search sites go out of their way to require ridiculous things such as faxes of photo IDs. We automate the process, though believe me we don't like having to ask our users for this info. We also go to extra measures to use encryption wherever possible. For example we literally can't view the photo IDs of our users even if we wanted to.

Re:How we verify opt-outs at Safe Shepherd (1)

BitZtream (692029) | about a year ago | (#43426207)

So if you can't view the photo IDs ... that means you can't use them for sending to anyone else to opt me out ... so why are you even storing them or asking for them? Do you fax out encrypted images for your users or something and expect some sort of fax-decrypter on the other end? Or is this some new quantum computing attribute where magically only the intended person can see it, because it exists in both an encrypted and decrypted superposition state?

Re:How we verify opt-outs at Safe Shepherd (0)

Anonymous Coward | about a year ago | (#43426471)

I believe he meant all their employees are blind. Literally.

Re:How we verify opt-outs at Safe Shepherd (2)

ben_shepherd (2894353) | about a year ago | (#43426817)

Hey, sorry if that wasn't clear. Our app servers lack the SSH keys required to view the IDs under any circumstance, but our fax servers are capable of sending them as unencrypted images. This is setup so that a Rails glitch or console error can't result in the viewing of IDs.

Re:How we verify opt-outs at Safe Shepherd (0)

Anonymous Coward | about a year ago | (#43428485)

Hey, sorry if that wasn't clear. Our app servers lack the SSH keys required to view the IDs under any circumstance, but our fax servers are capable of sending them as unencrypted images. This is setup so that a Rails glitch or console error can't result in the viewing of IDs.

What prevents you from faxing them to yourself?

What prevents your from saying XYZ.com's fax number is 555-mine and faxing it there?

Even if I trusted you, and everyone vulture who might buy your failed company in the future (or investor after you retire) , why the hell would I want you to send my ID to someone I didn't trust to send me cookies in the first place?

That's just begging for ID fraud. You're telling me if I setup a nasty ad network, you will send me yoru clients photo-IDs if I just say I need to them for them to opt out?

Under what circumstances is that cure ever better than the disease?

Re:How we verify opt-outs at Safe Shepherd (0)

Anonymous Coward | about a year ago | (#43426441)

For those who are, shall we say, less sanguine about these companies being true to their word, can you suggest client-side methods users might try that either block the trackers' ability to collect data in the first place, or would give the trackers useless or conflicting data?

Well, there's always a hos*BLAM*

(We're sorry, the person responsible for this post has been sacked.)

Re:How we verify opt-outs at Safe Shepherd (1)

DMUTPeregrine (612791) | about a year ago | (#43426867)

RequestPolicy and NoScript for Firefox are quite handy for blocking trackers abilities to collect data. Also disallowing 3rd party cookies.

Re:How we verify opt-outs at Safe Shepherd (0)

Anonymous Coward | about a year ago | (#43430309)

Now, I would be tempted to try their service, if only it let people outside the US sign up...

W00t 7p (-1)

Anonymous Coward | about a year ago | (#43425047)

say I'm packin6 OS dON'T FEAR THE and sling or table future at all

Re:W00t 7p (1)

yahwotqa (817672) | about a year ago | (#43430229)

Message received and decoded. Operation Pastry Badger is go.

Screw with their data (0)

Anonymous Coward | about a year ago | (#43425077)

What someone should build is a system that completely fucks up their data. Makes it wildly inaccurate.

Re (-1)

Anonymous Coward | about a year ago | (#43426211)

upto I saw the draft four $8907, I accept that my neighbour was like actualey earning money in there spare time online.. there best friend started doing this for less than twenty one months and just cleared the dept on there home and bought a new Ariel Atom. we looked here, BIC5.COM

Disclose Your IPs (2)

VortexCortex (1117377) | about a year ago | (#43427661)

I think all companies should be required to disclose all their public facing IP addresses, and business parters that they share data with. This way we can create a web spider that can completely block all of one's traffic between yourself and the company. Think about it. The problem is that we don't know where our browsers are connecting to -- The browser does, but users typically don't know except for the address bar (which is only a small percentage of the connections made on a typical page). Seriously, if your browser popped up "Would you like me to send a request to 'DoubleClick.Net'? [y/N] [x] remember this choice" Would ANYONE actually say yes?

Re:Disclose Your IPs (0)

Anonymous Coward | about a year ago | (#43429635)

more sites would move their CSS + JS to those other sites.

Re:Disclose Your IPs (1)

genkernel (1761338) | about a year ago | (#43438501)

Enter RequestPolicy [requestpolicy.com] , an add-on for firefox that does essentially this.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>