{"id":41,"date":"2008-01-26T14:37:04","date_gmt":"2008-01-26T13:37:04","guid":{"rendered":"http:\/\/www.bluej.org\/mrt\/?p=41"},"modified":"2020-05-15T15:46:26","modified_gmt":"2020-05-15T15:46:26","slug":"five-common-privacy-violations-on-the-web","status":"publish","type":"post","link":"https:\/\/blogs.kcl.ac.uk\/proged\/2008\/01\/26\/five-common-privacy-violations-on-the-web\/","title":{"rendered":"Five Common Privacy Violations On The Web"},"content":{"rendered":"

\"\"<\/a>Collecting user data without any concern for privacy or users’ wishes has become commonplace on the web.
\nIt’s wrong, and we should start to act against it by avoiding the sites that don’t respect users’ privacy.<\/p>\n

And if you are a designer of such a system: Do the Right Thing. Let your users control their data.<\/p>\n


\nThere’s a plague going around the tubes that are the internets in recent times: Companies think they own our data.<\/p>\n

The problem has existed to some extent as long as the internet has been used for business, but recent “web 2.0”-ish developments seem to have been interpreted by many companies as a blank cheque to our information.<\/p>\n

Here is a short list of some techniques that I have come across in the past few weeks that really suck:<\/p>\n

1. Forcing you to create an account
\n<\/strong>
\nI had a buy a specialised cable recently that was hard to find in local shops. No problem: online, there is always someone who’s got what you need. I found an obscure little company in Germany that had just the right cable for a reasonable price. I wanted to buy it.<\/p>\n

To do so, they want me to create an account, permanently storing my information (including credit card details). I don’t want no freaking account! I just want one cable.<\/p>\n

I’d like to give them my information (credit card and address) then I’d like them to process the sale, and after a couple of months or so when the transaction is well and truly completed, I want that information to be deleted from their servers. I know that I will never deal with this company again. Why should I create yet another account, have my credit card details stored indefinitely in yet another database that I have no control over, and risk more identity theft?<\/p>\n

According to them, it’s all in the name of “customer service”. No, people, it is not “service” if I am forced to do this against my will just to buy something.<\/p>\n

2. No option to delete
\n<\/strong>
\nThe second half of the create-an-account scam is that you can never delete it. This is an annoyingly common problem nowadays. I have seen many sites that allow you to create an account, edit it, extend it, but include no easily accessible option to delete it. Facebook is such a site. Just go and try to delete your Facebook account. When you look for the option, the closest you will find is a function named “Deactivate account”. Choose it, and you will see this:<\/p>\n

\n

\"\"<\/a><\/p>\n

First of all, if you want to delete your Facebook account, maybe because you don’t want them to store your data anymore, the first thing they do is to collect more data from you: You have to tell them why (“required”).<\/p>\n

Next note the “You can reactivate your account at any time…” statement. If you do reactivate your account a year later, everything is still there as you left it. You wanted to delete it permanently because you don’t like Facebook’s new privacy policy? Tough luck. You need to take it up with them personally. No function for that in their interface. And it’s not even really deactivated: other people can still see your “deactivated” account. And, of course, your Facebook cookies don’t get removed either, so that you are still being identified to their advertising sites.<\/p>\n

It’s Hotel California<\/a> come to life: “You can check out anytime you like, but you can never leave…”<\/p>\n

3. Collecting too much data
\n<\/strong>
\nConsider this account creation screen from YouTube:<\/p>\n

\"\"<\/a><\/p>\n

Email address, user name and password – fair enough. I can understand that. But why the hell do they have to know (“required field”) my country, post code, gender, and date of birth just to let me comment on a video? That is really none of their business. Why do they collect this? Because they make money from it. It allows them to target advertising, and charge their customers more for placing the advertising. It is in the sole interest of the company, not of me as a user, but I get neither told why this is collected, nor offered the option to opt out. (Short of just lying to them, but that’s another story.)<\/p>\n

And then there’s the helpfully pre-selected choice to be subscribed to a spam list… Let’s leave that for another day.<\/p>\n

This also is common now. YouTube is, in fact, not the worst example by far. Just a high profile one.<\/p>\n

4. Changing agreements<\/strong><\/p>\n

One of the absolutely worst things a company can do is to promise to handle your data in one way, and then to do something different. Google, for example, state quite clearly in their terms of service, that they reserve the right to change their terms at any time, and that just by continuing to use their system, you agree to any change that they may come up with later.<\/p>\n

And they have just made such a change: Someone at Google obviously thought that it is suddenly a good idea to take all your private RSS feeds (which were part of your private profile until recently), and share them with everyone in your address book<\/a>. Friends, family, your boos, clients. No question asked.<\/p>\n

Again, you have signed way any rights to complain, the company is in full control. They did a similar thing at first when Google Mail was introduced: The first EULA stated that the personalised information collected through Google Mail would not be linked with Google search information (since otherwise all your search information would become personal data). Well, what happened than? This clause disappeared from the Google Mail EULA pretty quickly and quietly. No such separation anymore. Now, log in to Google Mail, and Google will record any following search queries under your personal name.<\/p>\n

5. Linking unrelated information
\n<\/strong>
\nThat brings us straight into the last category: linking separate systems to create extensive user profiles. Google, again, is the most prominent example here: I log in to Google Analytics, for example (which is a fantastic service), and afterwards all my Google searches or accesses to Google Groups are done under my identified account, unless I explicitly log out again. The user profile Google creates about us is vast and scary. To do this, they use a service where identifying yourself is reasonable (Mail, Analytics), and then just continue to use the knowledge of who you are for unrelated services where it’s none of their business who you are (web search, group browsing).<\/p>\n

This is, again, all sold under the name of “service”. But again, I get no option to opt out, and the one that really profits from it is Google, not you.<\/p>\n

Don’t Do It
\n<\/strong>
\nI have chosen these sites and companies as examples because they are high profile cases. However, these practices are annoyingly common on the web today – there are countless examples. I have had many cases where I searched for the option to have my account data deleted without any success.<\/p>\n

If you are designing a web site, bear this in mind: If you force me to create an account, I will go away and buy elsewhere. You immediately lose a customer.<\/p>\n

If you’re someone like Google, you can force this through. With Google Analytics, for example, I grind my teeth and use it, because it’s such a great piece of software. But as soon as they have real competition that does the same without keeping a Big Brother eye on me, I’ll switch.<\/p>\n

And Facebook, well, I won’t go near it. They are just way too creepy<\/a> and arrogant in how they treat your data.<\/p>\n

I hope that more people on the net will start to vote with their feet based on how people treat their data.<\/p>\n","protected":false},"excerpt":{"rendered":"

Collecting user data without any concern for privacy or users’ wishes has become commonplace on the web. It’s wrong, and we should start to act against it by avoiding the sites that don’t respect users’ privacy. And if you are … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":179,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-41","post","type-post","status-publish","format-standard","hentry","category-miscellaneous"],"_links":{"self":[{"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/posts\/41","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/users\/179"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/comments?post=41"}],"version-history":[{"count":1,"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/posts\/41\/revisions"}],"predecessor-version":[{"id":1048,"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/posts\/41\/revisions\/1048"}],"wp:attachment":[{"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/media?parent=41"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/categories?post=41"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.kcl.ac.uk\/proged\/wp-json\/wp\/v2\/tags?post=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}