I wanted to start a thread about personal privacy issues in today's society.

I've always advocated that people are free to share as much as they want about themselves, so long as they are aware of what they are sharing.

Unfortunately this is not always the case, and the amount of personal data that is taken without our explicit consent may surprise quite a few people.

When internet users visit Walgreens.com, a software company may record every keystroke, mouse movement, and scroll, potentially exposing medical conditions such as alcohol dependence, or the names of drugs a user has been prescribed, according to Princeton researchers.

Companies like Walgreens deploy these analytics software providers to see how people use their website or to identify broken or confusing web pages. The analytics companies place “scripts” on their clients’ websites that record individual browsing sessions for later viewing or a “replay session.”

In effect, the researchers say, software companies are “looking over your shoulder” as you navigate certain websites. The extent of the data collected “far exceeds user expectations,” including recording what you type into a text box before you submit it, “all without any visual indication to the user,” according to a study released Wednesday.

In response to questions from WIRED, Walgreens said Wednesday it would stop sharing data with the software company FullStory. “We take the protection of our customers’ data very seriously and are investigating the claims made in the article that was published earlier today,” Walgreens said in a statement. “As we look into the concerns that were raised, and out of an abundance of caution, we have stopped sharing data with FullStory.” A Walgreens spokesperson said FullStory’s software “essentially has an ‘on/off’ switch,” which the retailer has now turned off.

On Thursday a second retailer said that it, too, had stopped working with FullStory in light of the study's findings. Bonobos, a men's clothing retailer owned by Walmart, said in a statement, "We eliminated data sharing with FullStory in order to evaluate our protocols and operations with respect to their service. We are continually assessing and strengthening systems and processes in order to protect our customers’ data." The Princeton researchers had found that FullStory captured credit-card details, including the cardholder’s name and billing address, the card’s number, expiration, and security code on Bonobos' website.

Full article from WIRED here


Source data from Princeton researchers here and here

Interesting insight by an ex-Facebook manager, I am posting here some relevant paragraphs from the article on NY Times. Emphasis mine.

Full article available here.

Quoting 

For a few years, Facebook’s developer platform hosted a thriving ecosystem of popular social games. Remember the age of Farmville and Candy Crush? The premise was simple: Users agreed to give game developers access to their data in exchange for free use of addictive games. Unfortunately for the users of these games, there were no protections around the data they were passed through Facebook to outside developers. Once data went to the developer of a game, there was not much Facebook could do about misuse except to call the developer in question and threaten to cut off the developer’s access. As the I.P.O. approached, and the media reported on allegations of misuse of data, I, as manager of the team responsible for protecting users on the developer platform from abuse of their data, was given the task of solving the problem.

Quoting 

In one instance, a developer appeared to be using Facebook data to automatically generate profiles of children, without their consent. When I called the company responsible for the app, it claimed that Facebook’s policies on data use were not being violated, but we had no way to confirm whether that was true. Once data passed from the platform to a developer, Facebook had no view of the data or control over it. In other cases, developers asked for permission to get user data that their apps obviously didn’t need — such as a social game asking for all of your photos and messages. People rarely read permissions request forms carefully, so they often authorize access to sensitive information without realizing it.

Quoting 

At a company that was deeply concerned about protecting its users, this situation would have been met with a robust effort to cut off developers who were making questionable use of data. But when I was at Facebook, the typical reaction I recall looked like this: try to put any negative press coverage to bed as quickly as possible, with no sincere efforts to put safeguards in place or to identify and stop abusive developers. When I proposed a deeper audit of developers’ use of Facebook’s data, one executive asked me, “Do you really want to see what you’ll find?” The message was clear: The company just wanted negative stories to stop. It didn’t really care how the data was used.

pcrowley 

You may wish to be mindful of my experience with these people. After attending one of their webinars I received more follow-up marketing messages than I wished to. I attempted to unsubscribe from their mailing list but was informed that my email address wasn't on that list. I wrote to them asking that they remove me from this and any other of their mailing lists. When my request went without a response I sent a follow-up, requiring them to take action on the request. In response I received a very sarcastic message back from a Clint Kemp, in their support function. When I in turn responded to his message I received this response: "Please cease and desist. We have met your request and do not wish to be harassed any further by your nonsensical and ignorant rantings. Should you insist, we will consider any and all legal remedies." I'm not entirely sure what any and all legal remedies might amount to. No doubt I should be very concerned about them though! (The bluster puts me in mind of the North Korean Information Ministry). Something to keep in mind, should you feel inclined to hand over any of your money to these dubious individuals.

Just seen this and I thought there may be other people here on NexusFi that may have been targeted with spam when providing their own, main email address.

My recommendations:

• Before giving out your real email address to internet entities (such as trading vendors, brokers but also anything else unrelated to trading) make sure they are reputable. In today's world many shady companies will just sell your email address to marketers and you end up in limitless spam lists.
  
  
• Check what their privacy policy is. Usually the shorter the better, but they do need to have one.
  
  
• If you are not sure if the people who you are thinking of giving your email address to, are trustworthy, there are great free services such as Mailinator or 10minutemail where you give them an email address from a temporary mailbox. This way you are not endlessy spammed on your mailbox.

xplorer 

I wanted to start a thread about personal privacy issues in today's society. I've always advocated that people are free to share as much as they want about themselves, so long as they are aware of what they are sharing. Unfortunately this is not always the case, and the amount of personal data that is taken without our explicit consent may surprise quite a few people.

Excellent idea. I have very mixed thoughts on this. Use of data makes our lives better in so many ways but at the same time we all hate the ways its miss-used. Unfortunately I'm not sure there is an easy answer for non-anonymous data.

xplorer 

I wanted to start a thread about personal privacy issues in today's society. I've always advocated that people are free to share as much as they want about themselves, so long as they are aware of what they are sharing. Unfortunately this is not always the case, and the amount of personal data that is taken without our explicit consent may surprise quite a few people.

SMCJB 

Excellent idea. I have very mixed thoughts on this. Use of data makes our lives better in so many ways but at the same time we all hate the ways its miss-used. Unfortunately I'm not sure there is an easy answer for non-anonymous data.

We're at a point where we can do things with data and data accumulation that were unheard-of and unthought-of just a few years ago. It's opening up entirely new and not well-understood vistas, just as everything in the computer and data-access/data-sharing world is doing.

They may not all be great, but some may be.

There will be rules, laws, practices and understandings that will bring order into all this chaos; it's just that we don't yet know what they will be. But like everything else, eventually what makes sense is what wins out. The only problem is that "eventually" can take a long time to get here.

I think the issue is real, and that bringing it up will be a part of the solution(s), and that, right now, it is hard to see what those solutions will be.

These are part of the broader concerns regarding communication and connectivity in a digital age. For instance, who would have said that something like Twitter or other social media would be important, or even possible, 20 years ago? Back then (not really a long time ago) news and opinion were always filtered though professional journalism. Whether that was better or worse is beside the point, because it's gone now.

This is not unlike the onset of the printing press, which very suddenly allowed almost anyone to put out a printed pamphlet expressing a point of view, without needing scribes or monks in monasteries. The social upset was remarkable. And good, ultimately. But "ultimately" can take a long time, too.

This is not exactly the original issue, but they are part of the same thing, I would say. Essentially, where is the control, and where are the limits? Too much control is bad, but so is too little.

Not offering solutions, just a comment on the relevancy of the questions.

Bob.

SMCJB 

Excellent idea. I have very mixed thoughts on this. Use of data makes our lives better in so many ways but at the same time we all hate the ways its miss-used. Unfortunately I'm not sure there is an easy answer for non-anonymous data.

Hi S - no question about how data is helping us make our lives better - there's a great documentary called "The Human Face of Big Data" from PBS which talks quite extensively about it.

As for answers, first of all I second the very thoughtful post Bob wrote - the problem with legislation is, it tends to lag behind in technology areas and, worse, people who make law about it tend to do so not understanding the very technology they are meant to regulate. They get advisers who are ill-advised themselves and prefer generally a political solution to a common sense one. My 2 cents.

There's a lot of companies today that say they do anonymize data. Having seen this first hand, I know that the current system is prone to human error, which means on occasion batches of data meant to be anonymized are not, and so an honest mistake can turn your or my data over to unintended people, for unintended consumption.

I'm not proposing a solution either, but I do know that, thanks to social media, we are more interconnected than ever which means our collective voice matters. So many cases of corporate policy breakdowns that have been reported by the public and have been corrected thanks to the global outrage of social media which I bet would have not been addressed otherwise, or not as quickly.

So my point is, we can take action when we see wrongdoing. We can make our voice heard by taking our business elsewhere when we see data malpractice. And we can get others to do the same. The speed of response by which certain companies address the problem is unprecedented too, thanks to social media.

EDIT:

Great points @bobwest and @xplorer. I'm not sure that the "global outrage of social media " has actually fixed anything, but it has in some cases gotten people fired and at least in theory 'policies changed'.

SMCJB 

I'm not sure that the "global outrage of social media " has actually fixed anything, but it has in some cases gotten people fired and at least in theory 'policies changed'.

Well to me policy changes means the corporate machine, which is very sensible to shareholders' opinion, is listening more to its client base. Why wouldn't they? The public perception, which in today's world can be strengthened via YouTube/FB/Twitter etc., is a huge incentive not to leave problems unaddressed. After all showing that I care about my customers tends to pay off.

Some cases that come to mind: United Airlines incidents (chiefly the David Dao one for which UA CEO's had to apologize), Apple's batterygate situation and the Weinstein sexual assault saga are all recent examples where public opinion has steered corporate policy, hopefully in the right direction, that may have otherwise been treated as isolated incidents (and thus forrgotten by each corporation) without the amplification of social media.

I had stated a thread on Vault 7 and its invasion of privacy

Vault 7 Recently Vault 7 was released This showed the CIA 1. Turned Smart TV into listening devices 2. Backdoors built into Windows and Apple OS 3. Backdoors built into iPhones 4. Computer chips built with backdoors. This information showed that these …

and it includes a post on twitter's invasion.


Vault 7 showed a huge storehouse of spying software to be used on the general public. They not only built-in backdoors to monitor everything on your machine and control it they even make chip makers put backdoors in their chips.

These tools are now out in cybercrime's hands. So it isn't the CIA - it's all the criminals as well, including large companies with less than moral uprightness and anyone who wants to download the tools.

Recently Equifax had a breach of its extensive databases which cover not only at least 130 million Americans but many individuals in other countries. Though they are required to report a breach immediately they waited months.
Identity theft strikes millions of Americans each year (30 m?)

Equifax gathers the info without your consent. It did not encrypt the databases. It does not use file separation.

Most companies don't care about the harm they cause you - just their profits.