Privacy

Have you seen ads like this on the internet and wondered if they're for real?

Well, they're for real, but I don't advise signing up for this kind of deal. Here's why...

When you see any "free" offer, you should be very careful. Very few things are really free. You should ask yourself these kinds of questions:

Question:

An ipod costs $69 to $399 dollars. How are they paying for it if they're giving it to me for free?

Answer: You have to give them something of value.

Question:

What do I have that's valuable to them?

Answer: A lot.

• Your personal information - you have to give them your name, email, home address, gender, date of birth, and phone number. They use this information to send offers to your email account, to your home via direct mail, and to your phone with telemarketers.
• Your credit card - you also are required to sign up for one of the offers they present to you. All of these offers will involve giving them your credit card number. The offers are things like a Blockbuster online rental membership, DVD and music clubs, credit card offers, ringtones & horoscopes. They are paid a bounty from these companies when you sign up. Companies will pay anywhere from $10 - $70 per sign up.
• Your friends and family - in order to qualify for the free item you have to get 5 friends or family members to sign up AND request one of their offers.

See how the money is now adding up? The company will receive possibly $40 per sign up which equals $240 (6 users x $40).

Were you worried they weren't going to make any money on this deal? Don't worry, they will still make more.

In fact, Eliot Spitzer, the fireball New York Attorney General has recently filed suit against Gratis Internet, the parent company of sites Freeipods.com, FreeCDs.com, FreeDVDs.com, and FreeVideoGames.com (just an aside - "gratis" means "free" in Spanish).

The suit alleges that Gratis:

"... sold personal information obtained from millions of consumers under a strict promise of confidentiality.

From 2000 through 2004 Gratis made numerous explicit promises to the users of its web sites about protecting personal information. Among the promises the company made were:

'We will never give out, sell or lend your name or information to anyone';

'We will never lend, sell or give out for any reason your email address or personal information';

'We at [Gratis web site] respect your privacy and do not sell, rent or loan any personally identifiable information regarding our customers to any third party'; and

'Please note that we do not provide your E-mail address to our business partners.'

Even on its sign-up pages, Gratis promised consumers that it 'does not . . . sell/rent emails.'

However, the Attorney General’s investigation confirmed that Gratis’s owners, Peter Martin and Robert Jewell, repeatedly violated these promises during 2004 and 2005 by selling access to lists of millions of Gratis’s customers to three independent email marketers. The marketers then sent hundreds of millions of email solicitations to those users, on behalf of their own customers. In each of these deals, Gratis wrongfully shared between one and seven million confidential user records.

This is believed to be the largest deliberate breach of a privacy policy ever discovered by U.S. law enforcement.

Need another reason to avoid offers like these?

Here's a good one - if you jump through all their hoops and qualify for your free ipod, you'll have to send them an IRS W-9 form, since the iPod's value will have to be counted as revenue.

What information is provided on a W9? Oh, only your name, address, and Social Security Number. Is that the kind of information you want in the hands of these people? I don't think so.
Save your pennies and buy your own stinking iPod. That's what I recommend.

To shred or to tear: that is the question. Robert Cockerham of cockeyed.com decided to put the matter to a test. His test subject? A newly received Chase Mastercard pre-approved application.

Step 1: Robert tears the application into small pieces.

Step: 2: Robert meticulously lines the torn pieces up and tapes them together, like so.

Step 3: Robert fills out the application, replacing the current billing address with a new one (his parent's house) and using his cell phone as the phone number on the new account.

With that, he mails it in.

Step 4: Robert excitedly receives his new credit card at his parent's house and activates it using his cell phone.

Analysis:

• Tearing up your sensitive documents is not sufficient.
• Some creditors will process applications, even if they've been torn up, taped together and have a new address.
• A criminal could easily apply for credit in your name, change the address, and activate the account via a pre-paid cell phone. You wouldn't even know what happened until creditors started calling you about your unpaid bills.
• You must destroy all sensitive documents using a cross-cut shredder before placing them in the trash.
• Better yet, opt-out of pre-approved offers and give your shredder and the recyclers a rest.

Read the whole story on Cockeyed.com.

I've seen a number of stories, most recently in yesterday's Times Online, that describe surprise and fear over what Google knows about its users.

This is silly, in my opinion.

Sergey Brin and Larry Page - Founders of Google

The Times Online headline is "Big Google is Watching You" and the article states:

"Google has an extraordinary amount of information about its users. It logs all the searches made on it and stores this information indefinitely. Because every computer has a unique IP (internet protocol) address, every visit to every website can be traced back to the computer making it — a fact which is well known in geek circles but remarkably under-publicised outside them."

and

"Users of Google’s Gmail service, who are already having their e-mails scanned to place targeted ads, have given the company their identity, a full record of all their searches and copies of all their e-mails, stored indefinitely. Users of Google’s Toolbar are inadvertently giving the company a list of not just all their searches but also of every single website they visit. And, as the lawsuit makes clear, all this information is potentially vulnerable to subpoena."

Maybe I'm one of those geeks that realizes that this happens on virtually EVERY web site you visit.

What's a Log File and What Does it Look Like?
When you visit a web site, most will keep a log of what information is requested along with the IP address of who requested it. What does the log file look like? Here's a real sample from the Fight Identity Theft site:

192.168.1.100 - - [29/Sep/2005:09:56:28 -0400] "GET /how-to-report-scams.html HTTP/1.1" 200 22806 " http://search.yahoo.com/search?p=how+to+report+a+scam" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

So here's what this glob of code shows...

• First is the person's IP address (I changed it to protect the visitor's privacy)
• The date and time of the request
• What was requested (in this case, our "How to Report Scams" page)
• The referring web site (in this case, the person did a Yahoo search for "how to report a scam")
• The type of browser being used (Microsoft Internet Explorer 6)
• And the operating system (Windows NT 5.0 = Windows 2000)

This is how web sites work. They collect data and log the data for later analysis (e.g. "How many people visit my homepage?" "What did a person search for to find my web site?", etc.)

What Information Are You Sharing and Can You Hide It?
So what information are you sharing as you browse the web? ShowIpAddress.com is one of many sites that will show you what a log file can capture about you. The only personally identifiable piece of information is your IP address. That number is assigned to you by your Internet Service Provider (ISP). One way or another that number can be traced back to you as an individual, even if you are surfing during work at a Fortune 500 company or other large organization.

Does that make you scared, angry, or just plain nervous? Maybe it should, maybe it shouldn't. In either case, you can browse anonymously if you choose.

There are many products and services that allow you to web surf anonymously. Most will route your requests through their servers, thus hiding your IP address. Anonymizer.com has been around for a long time and they provide a service where you can use their site to browse anonymously for free.

But, back to Google...

Are they evil because they log this information? Powerful, yes, because so many people use their services, but I wouldn't say evil.

When I choose to sign up for a service like Gmail, I know that they will be reading my email content so they can serve up related ads. That's how they make money. That's how I can have a 2.5 gigs of free storage for my messages. Yahoo has a similar policy. Same with MSN Hotmail.

When I choose to use Google search I have to know that they log what I'm searching for and analyze it to spot user patterns. The same thing happens at Yahoo and MSN.

I have to realize that sites, like Google, store this information and will use it to improve their product and to make money. I also have to realize that it could be handed over to the government.

This is all part of the trade-off we make every day between security/privacy and convenience. If you are extremely concerned with privacy you probably shouldn't be using the internet and you certainly shouldn't sign up for a service that clearly states it will read and store your email messages. If you're concerned that your search history or email messages could be revealed at a later date you should consider using a product that protects your anonymity, like Anonymizer.

Here's the bottom line...

When information is aggregated, abuses, information leaks, subpoenas, and profiteering can occur. When it does occur it should be exposed and fought. I just don't see where Google has done anything evil or different than any other web site on the internet.

Feel differently? Then please append a comment to this story.