Back to: Shameless log-rolling | Forward to: En route

Evil social networks

(UPDATE: Greetings to our friends from Hacker News. If you want to join in the discussion and haven't posted here before, please read the moderation policy first. (This is a moderated forum.))


"If you're not paying for the product, you are the product."

In the past I've fulminated about various social networking systems. The basic gist is this: the utility of a social network to any given user is proportional to the number of users it has. So all social networks are designed to tweak that part of the primate brain that gets a dopamine reward from social activity — we are, after all, social animals. But providing a service to millions of customers is expensive, and your typical internet user is a cheapskate who has become accustomed to free services. So most social networks don't charge their users; they are funded indirectly, which means they've got to sell something, and what they've got to sell is data about your internet usage habits, which is of interest to advertisers.

So the ideal social network (from an investor's point of view) is one that presents itself as being free-to-use, is highly addictive, uses you as bait to trap your friends, tracks you everywhere you go on the internet, sells your personal information to the highest bidder, and is impossible to opt out of. Sounds like a cross between your friendly neighbourhood heroin pusher, Amway, and a really creepy stalker, doesn't it?

Meet Klout. (Yes, that's their wikipedia stub. No, I am not going to link to them.)

[ Klout ] ... provides social media analytics that measures a user's influence across their social network. The analysis is done on data taken from sites such as Twitter and Facebook and measures the size of a person's network, the content created, and how other people interact with that content. Klout recently added LinkedIn, Foursquare, and YouTube data to its algorithm.
Sounds harmless enough, at first read. Unfortunately, it isn't.

Klout operates under American privacy law, or rather, the lack of it. If you created a Klout account in the past, you were unable to delete it short of sending legal letters (until November 1st, when they kindly added an "opt out" mechanism). More to the point, Klout analyse your social graph and create accounts for all your contacts without asking them for prior consent. It also appears to use an unwitting user's Twitter or FB credentials to post updates on their Klout scores, prompting the curious-but-ignorant to click on a link to Klout, whereupon they will be offered a chance to log in with their Facebook or Twitter credentials. So it spreads like herpes and it's just as hard to get rid of. Is that all?

No, that isn't all. Let me fire up a sandboxed browser instance and cut'n'paste a little bit of Klout's terms and conditions:

By accessing the Klout website ("Site") or using the services offered by Klout ("Services") you agree and acknowledge to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, please do not access the Site or use the Services.
Got that? You don't need to open an account for Klout to assert that they own you; just looking at their T&Cs is enough. Now for the privacy policy:
... we may use your contact information to market to you, and provide you with information about, our products and services, including but not limited to our Service [ note that "not limited to" clause -- cs. ] ... When you visit the Site, our servers automatically record information that your browser sends whenever you visit a website ("Log Data" ). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting, the web-pages you visit, the search terms you use, and any advertisements on which you click ... Klout may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve the Site and our services [ services to who? Answer: the folks who pay Klout money ] ... We engage certain trusted third parties to perform functions and provide services to us, including ... direct marketing campaigns. We will share your personally identifiable information with these third parties ... [ there, they said it ] ... The Site is not directed to persons under 18 [ because that's about the only privacy-protected class in US law ].
Now let's look at something else.

Here in the civilized world we have a fundamental right to privacy. Klout, by its viral nature (and particularly by tracking people without their prior consent) is engaging in flat-out illegal practices. Don't believe me? Well, here in the UK activities relating to the processing of personal information are governed by the Data Protection Act (1998), a law enforced by the Information Commissioner's Office.

As we saw earlier, Klout assert that they have the right to collect information about you and conduct direct marketing campaigns if you visit their website. For those of us who are not lawyers, here is the ICO's conditions for processing personal data:

One of the conditions for processing is that the individual has consented to their personal data being collected and used in the manner and for the purposes in question.

...

Consent is not defined in the Data Protection Act. However, the European Data Protection Directive (to which the Act gives effect) defines an individual's consent as:

"... any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed".

The fact that an individual must "signify" their agreement means that there must be some active communication between the parties. An individual may "signify" agreement other than in writing, but organisations should not infer consent if an individual does not respond to a communication — for example, from a customer's failure to return a form or respond to a leaflet.

...

Consent obtained under duress or on the basis of misleading information does not adequately satisfy the condition for processing.

Klout are flagrantly in violation of UK data protection law. Their terms and conditions, and their privacy policy, are riddled with loopholes that permit them to resell personal data. They violate Principle 1 of the Act ("the individual who the personal data is about has consented to the processing"). Arguably, they violate Principle 2 of the Act ("be clear from the outset about why you are collecting personal data and what you intend to do with it" — no prior notification to people they hold data on is made). The amount of personal data Klout collects is excessive (see Principle 3), they show no sign of complying with Principle 4 of the Act ("take reasonable steps to ensure the accuracy of any personal data"), and they may well be in breach of Principle 5 (that personal data must be deleted after it is no longer required for the purpose for which it was collected). They violate Principle 6 of the Act ("right to prevent processing for direct marketing; right to object to decisions being taken by automated means"). They violate Principle 8 of the Act (personal data is exported from the EU without due compliance with EU privacy regulations). Shockingly, Klout might actually be in compliance with Principle 7 of the Act governing information security ("you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised") but it's hard to tell.

It kind of puts my objections to Google+ into perspective, doesn't it?

Anyway: if you sign up for Klout you are coming down with the internet equivalent of herpes. Worse, you risk infecting all your friends. Klout's business model is flat-out illegal in the UK (and, I believe, throughout the EU) and if you have an account with them I would strongly advise you to delete it and opt out; if you're in the UK you could do worse than send them a cease-and-desist plus a request to delete all your data, then follow up a month later with a Freedom of Information Act request.

210 Comments

1:

This comments page was a pain in the arse to log into. Maybe you could add a twitter or facebook link.

2:

Scary and makes me nauseous! What I'm wondering is how can one know i one of my friends have "infected" me with this internet-herpes? Short of signing myself up that is...

3:

ok that's better. Im logged in via twitter. Sorry i forgot what i wanted say and have a strange urge to go tweet

brb

4:

[mumbles]: Klout, bloody Klout, I'd like to give them Klout, alrighty!

Ahem. Yes, that's pretty comprehensively evil. Kudos for getting it up onto the radar.

This:

"If you're not paying for the product, you are the product."

is a proverb for our days, and I'm surprised to discover that it only seems to have been coined a bare year ago.

5:

IANAL but highly suspect that this is at best legally ambiguous (and at worst flat-out illegal) in the US as well.

There is a lot of boilerplate like this that isn't actually legally enforceable, for reasons such as duress (e.g. non-compete clauses for employment), but most people don't actually know (or perhaps care) about the rights they have. I know I would be hard-pressed to come up with the entire contents of our Bill of Rights, except the major hot-button issues.

I wonder what their "integration" is, and if it's actually sanctioned by these companies or relies on their own gathering of publicly shared data. To be financially viable, they must be either adding value with analysis or getting the raw data cheaper than advertisingsocial networking companies will sell it for.

6:

I agree with all of the above about Klout, but you want a Data Subject Request, not a Freedom of Information Request.

DSR is to get your personal information out of an organisation, FoI is to get information out of public (government) bodies. Its a common mix-up but the likes of Klout may well use this as an excuse to not supply any data.

7:

Or "Subject Access Request"?

8:

It gets better. There are actual bricks-and-mortar retailers here in Australia who'll ask for things like postcode information when you buy things in their stores (yes, I'm looking at you, Harvey Norman) - even if you're paying cash. Not only are we buying the product, we are the product. How nice.

I'm starting to get mightily tempted toward putting a monetary value on my demographic data. After all, if it's worth something to them, it may as well be worth something to me, too.

9:

Ah well, personal privacy is just one of those quaint things like copyright that must be done away with - I mean you wouldn't want to prevent business innovation through early over-regulation . . .

10:

Free social networks are going to be this generation's QVC. We need an HBO instead!

11:

Nor prevent the lawyers getting their entirely reasonable cut for sorting the mess out of course.

But I suspect (and IANAL either) it would count as a contract of adhesion too - you can't refuse it, simply by accessing their site they are forcing their t&c on you. Which is very naughty, even in America.

12:

Wonder how many Data Subject Access Requests might be needed to bring them to their knees? If EU citizens were to start making data subject access requests en masse, I suspect that would prove to be very expensive and time-consuming for them.

13:

While it seems Klout is unambiguously evil, not all social networks can be easily described as such, especially for a large percentage of their users. For those, I suggest you research the term "wikiwashing." If anything it reinforces our handy little modern proverb.

14:

I agree.

I have a Livejournal account. LJ is still around -- it's just that 90% of their business is in Russia. My account predates that, it's a side-effect of the big migration of SF fans into LJ around a decade ago.

The thing about LJ is that their monetization process is fairly obvious -- they limit your facilities and show you lots of annoying ads until you buy a paid account, at which point the annoyance goes away.

Unfortunately "paid" can't compete with "free", which is why LJ is an also-ran over here. But as business models go, "we will show you ads, but you can pay us money to stop annoying you that way" is fairly innocuous (compared to "we will track you all over the internet even when you aren't looking at our site and will sell everything we can find out about you and your friends to the highest bidder").

15:

There are actual bricks-and-mortar retailers here in Australia who'll ask for things like postcode information when you buy things in their stores

In the USA this practice is exemplified by "Radio Shack", which will refuse to make even a cash sale unless they get your full name, address, and phone number. I always use the address and phone number of the White House in DC.

Recently another chain store moved in to a nearby town, and the checker asked for my ZIP code. I asked why, and she said the collected information went back to HQ's marketing department, which plotted it against demographic maps to make decisions on where they might open new stores. Since the sale was anonymous (cash) I gave them the information, somewhat dazed at having received a detailed and reasonable answer to my question...

According to articles on comp.risks, some retailers are selling their surveillance camera streams to marketers, who use them to determine when and where customers stop before displays, how long they stand before a particular item, if they pick it up, etc.

Are you still anonymous if you make a cash sale? At least one retailer (Wal-Mart) tracks you from the time you enter the parking lot until you leave. Off-the-shelf license plate recognition software matches your plate number to the state's DMV database.

This data is, in most states, considered "private" and is not available for public browsing. However, my state will sell you a CD-ROM containing the entire database for $1000, last time I looked. All nicely cross-referenced, too. Apparently the privacy laws are somewhat flexible if money is involved. So they may not know precisely who you are, but chances are good you're one of a small number of people sharing that address.

The next logical step would be facial recognition software, but even just having approximate height, weight, and sex would be enough to come very close to identification. I'm reasonably sure my state sells driver's license information as well, based on the enormous amount of junk mail I received last time I renewed my driver's license. They'd made a minor typographical error, which I didn't point out since I didn't want to spend another interminable time waiting while they fixed it.

16:

Charles, I normally don't mind trading off some Internet usage information for services provided by social networks. Some time back I joined Klout (I forget how) but I've always been somewhat wary of it. After reading your post, I decided to opt out from the service mostly because I thought you made a good point about its viral nature. Even opting out is not as easy as most services. I made screen captures of the process for anyone interested to see what it looks like. The first screen capture shows the main opt out. The second screen capture shows the text displayed afterward, indicated it could be up to as much as 180 days before you are fully out of the system.

I wonder if they'll see a significant opt-out spike after your post.

17:

Back in July I realised that Klout had changed their model from allowing you to hide your profile to full on exposing your score. when I chased them on this ( through their forums ) they eventually deleted the questions and answers. I went further and Blogged my concern about trying to leave Klout ( I had previously marked my Klout profile to Do Not Display ) and went as far as Chasing Jo Fernandez Klouts CEO through every Web Interview and announced SXSW panel.After a few weeks of Harrasing them online I got some answers from Jo and despite his curiosity that people would want to not be involved he conceded that maybe I could leave.

Its taken until this month for my Account to finally reach the full puppy ( not included on klout ) scoring and in the meanwhile I notice the KRED.LY are launching a similar product ( though they have agreed to have me removed and allow people to opt out ) and other services like Connect.me and PeerIndex are out there.

Its great to see more people join in the question "Is it Okay to be Opted in , in Public" maybe the next Social Metric Gaming companies will rely on their product value and not robots to drive signups into their games.

18:

The right to privacy is often underappreciated--and undervalued. If we are the product, don't we deserve a cut of the profits? It seems like a reasonable deal.

Anyway, there's a distinct downside to this constant observation, which bothered me enough that I wrote a blog post about it a few weeks back, to wit, being observed changes/limits your behavior. Ironically, this makes you less valuable as a product, so you'd think ego-retailers would avoid it...

19:

I'm not too bothered about giving my zip code, especially as standard 5-digit US zip codes only narrow down to a fairly large population, maybe equivalent to the first half of a UK postcode. I would never give my full 5+4 zip code but I never get asked for that - and I understand many Americans don't even know what theirs is.

I do object to giving my email address, especially as it's always such a palaver giving it spoken anyway as it isn't one of the usual suspects like Gmail or Hotmail. "No, .org.uk, that's DOT-O-R-G-DOT-U-K, no, K as in 'I want to kill myself'"

20:

(Resubmitting because I missed the part in the moderation policy about short links)

[Moderator: too many links will also trip explicit moderation.]

Charles, I normally don't mind trading off some Internet usage information for services provided by social networks. Some time back I joined Klout (I forget how) but I've always been somewhat wary of it. After reading your post, I decided to opt out from the service mostly because I thought you made a good point about its viral nature. Even opting out is not as easy as most services. I made screen captures of the process for anyone interested to see what it looks like. The first screen capture shows the main opt out. The second screen capture shows the text displayed afterward, indicated it could be up to as much as 180 days before you are fully out of the system.

I wonder if they'll see a significant opt-out spike after your post.

21:

Not only does being observed change/limit your behaviour; so does being pinned down to only one identity.

In reality, we all have a bunch of different faces we legitimately wear in different contexts: trivially, the face you wear to a family wedding is not the same as the face you wear to the pub or at work or to a parent/teacher evening at your kid's high school.

22:

I was in the US when a cashier insisted upon getting my name and address for some trivial purchase. So I carefully spelled it all out including my weird zipcode, and it all became pointlessly clear to them when I added "Great Britain" at the end.

23:

It could be that Klout could be sued in the civil courts in the UK, and the decision enforced in the USA

24:

Data mining is only going to evolve, whilst the social media companies will find more and more ways of profiling us without us realising it. I found my son playing on a social voting game on the Wii the other day, where people vote for or against a range of questions like "Do you own a cat?" or "Do you like pizza?". Once, I would have thought it a trivial, harmless bit of fun, and maybe that's all it is. But (tinfoil hat on) I can see the potential for abuse, so games aren't really games any more unless they're offline.

25:

In the USA this practice is exemplified by "Radio Shack", which will refuse to make even a cash sale unless they get your full name, address, and phone number. I always use the address and phone number of the White House in DC.

My point, however, is that effectively the store is adding your demographic data to the cost of your transaction. In effect, the cost of your transaction is "postcode, name, address, contact details, plus cash price of items". Our demographic data is being demanded as a form of currency, with no clearly stated referent to an external form of valuation - the assumption being made is that this data "doesn't cost us anything" or "isn't worth anything" to us as individuals, but that it somehow gains in value when aggregated with other data by the store. I tend to see this as pure sophistry - if the data is worth something to the store, they can damn well pay me for it, rather than demanding I use it as a means of payment for them.

And no, that doesn't mean I'll be joining their "loyalty" programs, either. Not being a compulsive consumer (I don't want it all; for a start, I don't have anywhere to put it) I don't spend enough money per calendar year to accumulate the necessary "points" to be able to afford their Fabulous Prizes. So again, I'm offering them information about my transactions that they can use, and in exchange, they're offering me... well, somewhere between diddly and squat.

Whatever happened to the bad old days, when shops sold products rather than people?

26:

@14: But as business models go, "we will show you ads, but you can pay us money to stop annoying you that way" is fairly innocuous

Especially given that Adblock exists so you can easily get rid of the ads.

27:

I agree with most of what you say, but don't know why you are singling out Klout. Every social network site is offering the same trades, digging into your "private" data (which many people don't seem to care about keeping private), selling it to marketers, and trying to get all your friends on board. Is any social site not violating UK privacy laws?

28:

Having the Wikipedia stub in there made me wonder if someone with the Wiki chops (so not me unfortunately) could get some of this information onto Klout's page? I know Wikipedia has some pretty stringent sourcing guidelines but some of this has to be applicable right?

29:

Data mining is only going to evolve, IF WE LET IT.

This is a political issue. Fatalism is a very bad idea.

30:

Sorry, but Klout is based primarily on Twitter data. Which is all public anyway. Anybody can go to my Twitter page and see who I follow and who I had a conversation with. AND all this data is freely available through the Twitter API.

So what is the fuss about?

31:

PS: I would have preferred to sign into your site via Twitter which is my public face. That I had to do it via Google I find intrusive.

32:

You don't have to sign in to comment, so why did you bother?

33:

Possibly; it depends on what data they collect, what they actually sell on, and what their terms of use (You did read those, yes? No. OH DEAR!!) say, because it's legal to collect data and then sell anonymous stats like "55% of our readers make Lego models" without individual permission, and targetted data like "Paws makes Lego Technic models" with my permission (If Charlie can make enough from that to be worth his while, fair play to him).

34:

Actually I have a free LJ account and have yet to find an adblock that reliably works. But their ads are not long-term annoying (they will play a 30s video once, or put banner adds down the side of the page that don't make noises) so I'm prepared to tolerate it.

35:

Okay, so before legal remedies (or if they don't come to pass), how difficult would it be to make an autopilot program that would semi-randomly browse the internet for you when you weren't actively doing so yourself? Essentially spamming the tracking and rendering the data useless with noise.

36:

Now here's a bit of interesting info. I don't click Like on various sites. Nor +1. Nor anything like that. But I noticed lately that YouTube serves ads for brands whose sites I visited. For instance, I checked some messenger bags and promptly got an ad for those same bags on YT. Checked a brand of mattress and out they came. Yes, I searched for the mattresses on Google, but, as far as I remember, I clicked on the bags on a totally unrelated site.

It's not limited to YT either. The most surprising was a boot brand ad that appeared on a site talking about torrents after I visited the boot site.

What I can conclude from all this is that sites use cookies not only to track your usage of the site but that either the cookies broadcast their presence (so to say) or the ad servers are actively polling your cache to see what you've visited and then serve ads according to that. I don't like either possibility.

37:

Possibly Does Not Scale.

Done in an arbitrarily random fashion, it either (a) is so tiny that the volume doesn't affect their overall accuracy, or (b) enough people are doing it, but there's a low level distributed denial of service against the web as a whole.

(Random browsing of entire internet? Hmm, how long before you hit a page that is deeply embarrassing to have in your history?)

On the other hand, if you could build a distributed project that effectively does Google's work by spidering the entire internet for them, you'd be really poisoning that tracking data. "What, every single page on the internet? And all equally visited?"

38:

The term you are looking for is "behavioural advertising". What's going on is that sites that serve ads up to you also serve up the ad company's cookies, which are then picked up by other sites that work with the same advertising agency. Who can then compile a big fat dossier of your interests.

It helps to note that YouTube is owned by Google, who are just about the world's biggest internet advertising company -- having absorbed DoubleClick some years ago.

39:

But I noticed lately that YouTube serves ads for brands whose sites I visited

Search "Flash cookies" and follow the steps needed to disable them for your operating system.

Basically, Flash has its own cookie system, which operates independently of the usual browser cookie system.

40:

"Data mining is only going to evolve, IF WE LET IT."

Data mining is going to evolve, regardless. The political power we have is to control the environment it evolves in, including the availability/scarcity of feedstocks and deciding which sorts of mutations are fatal.

41:

Semi-randomly was the important part there, lest you come across as a goat-molester or somesuch.

Possibly trading networks through a central clearinghouse- you go in to download behavioral profiles that aren't yours to direct the downtime browsing- not totally random, but one day you're a liberal environmentalist, the next you're a fox-news junkie, the next you're really into indie music and beanie-babies...

42:
Not only does being observed change/limit your behaviour; so does being pinned down to only one identity.

Hmm, I've recently heard the claim that it's very very easy to merge multiple identities... and that that's why the "multiple accounts" thing is not as easy as it seems (with the implication that this is why Google+ is trying to discourage it). I don't know how accurate it is, but probably in the aggregate it really isn't all that hard to do.

This is perhaps more important if we remember that there's more than one kind of privacy, at least three but probably more...

The type most people think of first is the "Orwellian", the one big secret that you don't want revealed, the "if you have nothing to hide".

The second is the "Peeping-Tom" type, which doesn't involve secrets at all.

Social networks seem to mostly breach the "Kafkaesque" type of privacy, where separate, individually innocuous and not particularly secret pieces of information are shorn of context, aggregated and processed by some faceless bureaucracy. This is the kind of thing that would merge multiple identities with some statistically-acceptable error rates and then draw conclusions. It's also the kind of thing that would aggregate all your gift purchases, assume they're all for you and then try to paint a picture of your personality.

It's very much what the likes of Klout are presumably doing.

While opt-out and opt-in mechanisms may be okay for the Orwellian (and Peeping-Tom) types of privacy, they're not obviously any use against the Kafkaesque type. It's not based on any information you'd actually want to hide, it's based on the processing that it's subjected to afterwards...

Hmm, not sure where I was going with that. Seem to have gone off on a tangent. Ah well.

43:

Not only does being observed change/limit your behaviour; so does being pinned down to only one identity.

I will agree to that, in principle. I present an appropriate subset of my identity for work-related email, for example. But it's still the same identity.

trivially, the face you wear to a family wedding is not the same as the face you wear to the pub or at work to a parent/teacher evening.

Why should Charlie-in-a-suit be different from Charlie-with-a-beer or Charlie-in-conference?

Have I missed your point?

[introspection] I'm pretty sure that I present the same in public or private, in person, on the phone, or by mail. If I don't, I ought to.

44:

Soylent green! Am I the only person who thinks of that upon reading the "If you're not paying etc"

45:

If that would work it'd be great. Kind of like chaff for a privacy invading heat seeking missile. Don't look at that, look at this.

I see a whole industry forming of companies and contractors specializing in data mining intrusion counter measures....and then a whole other industry forming around data mining intrusion counter counter measures....

46:

It does make sense though - case study:-

I just ordered Lady Gaga Monster's Ball DVD live; from this Amazon instantly decided that I was a fan of Britney Spears, Kylie Minogue and Pixie Lott! 3 totally erronious conclusions about my actual tastes.

47:

[introspection] I'm pretty sure that I present the same in public or private, in person, on the phone, or by mail. If I don't, I ought to.

Really? The face you present for a job interview is the same as the one you present after 4-5 pints of beer with an old friend? Or the same as you might present at a family meal?

48:

The Firefox extension TrackMeNot is an attempt to poison search engines' user profiles, though there seems to be some small "doesn't work at all" issues. The Googlesharing proxy or Scroogle remix your searches with all the other users of the service, burying your searches in with everyone else.

49:

"Here in the civilized world we have a fundamental right to privacy"

This is absolutely false. There is no 'right to privacy' in the civilized or uncivilized world, wherever you think that is.

If you enter into a contract with someone, its up to you to do so voluntarily. I am all for people pointing out what is bad about the agreements people unwittingly sign up to when they use a web service, but there is absolutely no need to start making up stuff like a spurious 'right to privacy', out of thin air.

What rights are and where they come from and a proper understanding of what rights are is crucial. If you do not understand what rights are, you cannot begin to build a case against a web service on the basis that they are violating someone's rights. In the case of Klout, they are not violating anyone's rights. They might be doing things that are bad netiquette, but that is not a violation of your rights if you agree to the site's terms in advance.

Pointing out the flaws in a EULA and a web-services behavior is a necessary and beneficial act of good citizenship. It helps people make informed decisions about what websites to use and which websites to shun. Well done.

That being said, there is no reason to invoke fake rights arguments, or call for the law and the violent to shut people down who you do not like.

A viral message that spread like wildfire would be far more effective, focussed and useful in preventing Klout-like sites from harming people, rather than citing UK law (inapplicable and inappropriate) and invoking fallacious ideas about rights.

50:

(Random browsing of entire internet? Hmm, how long before you hit a page that is deeply embarrassing to have in your history?)

10-45 seconds? I don't know, actually, but I'd say that a LARGE proportion of URLs contain things that one entity or another would consider to be embarrassing.

51:

What's going on is that sites that serve ads up to you also serve up the ad company's cookies, which are then picked up by other sites that work with the same advertising agency.

It simply didn't occur to me that it might start from the other side. :)

Still, it apparently means that everybody reads whatever cookies they find. The ad company sets its cookies, the retail company reads them and puts in theirs which are in turn read again by the ad server...

It helps to note that YouTube is owned by Google

Well, yes. That's why I said that I searched for the mattress company through Google.

Anyway, all of this is such a mess, not only regarding privacy but also regarding ownership. If you have time, check terms of use for some photo-sharing sites like twitpic. As toxic as Klout, if not more.

52:

"Data mining is only going to evolve, IF WE LET IT."

Who is this "we"? The Daily Mail outsells the Guardian about 10:1 Nerds ranting about Net privacy is about the bottom rung of issues any politician cares about. Nothing is going to happen.

53:

I think you take too pessimistic a view of the situation.

Data mining is one of a whole bunch of behaviours that are amenable to legislation and international treaty regulation. Right now we're living through a period of large scale regulatory capture, whereby consumer protection laws are weakened and corporate lobbyists have a fast track to seeing their sponsors' interests protected by legislation, but there's nothing inevitable about that.

We've been able to criminalize a number of undesirable corporate behaviours in the past, through the imposition of regulatory regimes. Sometimes they're captured by incumbents -- but in many cases they still provide some vestige of the original protection. (Consider the FDA in the US. It provides barriers to entry to the pharmaceutical business, so serving the interests of the big incumbents like Glaxo-SmithKline by reducing competition -- but on the other hand, it still keeps out some of the really dangerous threats.

54:

Why should Charlie-in-a-suit be different from Charlie-with-a-beer or Charlie-in-conference?

Have I missed your point?

Yes, you've missed the point.

Imagine I'm gay but from a conservative Christian family background.

Or that I am a public person (this is true) with lots of strangers kibbitzing on my FB friends list, but that I also have relatives who want to keep their lives private (this is also true) and who are also on FB but don't want to be visible to the unwashed public.

Or imagine that I'm a corporate drone by day and a whistle-blower by night.

Or imagine I'm a high school teacher by day but have a personal life that I really don't want to share with a bunch of 15 year olds (who may nevertheless want to contact me electronically).

There are any number of good reasons for partitioning your identity.

55:

Amazon will however have consolidated information that says that a significant percentage of buyers of that Lady Gaga DVD have previously bought Britney Spears, Kylie Minogue and Pixie Lott!

Its no different from the Walmart logic that said you put a beer promotion between nappies and the checkout as many men called in on the way home to purchase nappies. In Amazon case they simply look at baskets identify items bought together and highlight the most frequent matches.

Most of the time this logic works but it falls apart as soon as you purchase a gift for someone else. I'm still trying to remove myself from all Cliff Richard mailings 3 years after I bought my mother in law a ticket as a present.

If you want to get annoyed about something read up on Remarketing. This is where a site you visited but didn't buy from decides to advertise the product you looked at on other sites you visit up to the point you either cave in and buy something or they give up. Unfortunately the cost of advertising on many sites is so low that it seems the latter is never.

56:

Maybe, but maybe not; the Lady Gaga disc is only just announced for pre-order.

In any event, my point was that consolidated lists don't work (at least not well) for tastes as varied as music choices of people over their mid-20s.

57:

Data mining is going to evolve because to be frank the industry hasn't even started yet. Until recently you had to be very careful about the data that was collected because collecting it took time and effort (relational databases are actually quite slow).

Over the past two years this has changed. Thanks to nosql you can now build a real time database of every person's mouse movements across every page of any website who wants that information and store it indefinitely before playing with it in a variety of different ways. The initial ways companies will use this is to allow them to identify website issues and improve functionality, in the longer term it will allow them to target you far more directly and discretely compared to their current approach.

58:

One possible way of poisoning things to some extent would be to choose an online retailer (preferably one you don't like, because you'll be consuming a lot of their bandwidth) and simply tell your machine to request details of every product they sell in alphabetical order. (Perhaps interspersed by periodically taking random words from the current page and putting them into search engines, but without following any of the links off the search engine page, to avoid problems.)

59:

You're making the mistake of assuming that the whole world runs on something like US law. That, and you appear to be a libertarian.

Your understanding of rights and consumer law and transnational jurisdiction is sorely lacking. I suggest you have a look at this before you assert that UK law has nothing to do with Klout ...

60:

Even in the USA, I have a hard time believing that, were it brought to court the "By reading this agreement you agree to the terms of the agreement" schtick would pass the laugh test.

61:

Klout may indeed have privacy issues, but this article intentionally misrepresents the facts, incorrectly interprets standard legal language, targets Klout for industry practices, and misrepresents what Klout does.

First, let's look at the misrepresentation of facts. The article edits Klout's privacy statement to say:

We engage certain trusted third parties to perform functions and provide services to us, including ... direct marketing campaigns. We will share your personally identifiable information with these third parties ... [ there, they said it ].

The full privacy statement says:

Service Providers. We engage certain trusted third parties to perform functions and provide services to us, including, without limitation, hosting and maintenance, customer relationship, database storage and management, and direct marketing campaigns. We will share your personally identifiable information with these third parties, but only to the extent necessary to perform these functions and provide such services, and only pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your data.

Notice the parts that were omitted in the article, specifically the part requiring third-parties to maintain privacy and security and restricting any shared data to the use the service provider is being hired for.

This categorically is not "selling" your data. This merely says that Klout does not own the entire infrastructure required to provide their service. They use outside web hosting and outside e-mail services.

This isn't nefarious. Every web site uses another company to provide a portion of their services. It would be inordinately expensive to build your own data center, buy all your own servers, create an entire department to handle all your e-mail delivery, etc.

Next, let's address the start of the Terms of Service:

By accessing the Klout website ("Site") or using the services offered by Klout ("Services") you agree and acknowledge to be bound by these Terms of Service

Sure, it's dubious whether merely accessing a web site creates this legal obligation, especially since you need to access the web site to see the Terms of Service. However, this has been industry standard for the past 15 years at least. Calling Klout out for language that every web site terms of service has in it weakens the argument and makes this article easy to dismiss.

Third, let's talk about Klout posting to your Facebook wall. While I personally don't like the practice, Facebook allows this and many sites and Facebook apps post to one's wall. Singling out Klout for this seems disingenuous.

Lobbying Facebook to provide finer-grain control over what apps can do with your information would be more effective. The "all-or-nothing" approach to permissions taken by Facebook and Android apps allows apps to request broader information and permissions than they really need. Users clearly need more control over what permissions and data apps can access. But this is a Facebook issue.

Fourth, let's address the idea that Klout is creating "accounts". As far as I can tell, this is hyperbole. Klout indexes people's friends so they can provide an influence score.

This is no different than Google indexing web sites. You do not have to consent first before Google places your web site in its search engine and calculates your PageRank. Should Klout need consent before doing this? For public Twitter handles and followers, I would argue not. For Facebook friends, possibly.

I would argue that if I as a Klout user ask Klout to look at my friends and tell me my personal influence score, Klout has the right to look at my friends and analyze the information I've granted them access to to find out how influential they are and how well I influence them. After all, that's the service I'm asking Klout to provide. In this case, Klout is acting as a proxy to execute my wishes.

What Klout doesn't have a right to do is take that information which is private to me and make it public to the world. Nor to crawl that social graph to bring in friends of friends. It's not clear they are doing either of these, though articles suggest they may be doing the former.

Which brings me to what this article should have been about: Klout's behavior. Rather than reading into legal agreements all sorts of nefarious ends, look at what Klout actually does and talk about that. Recent articles have shown Klout is clearly pushing the bounds of what is acceptable in indexing the social graph. Check out Is Klout Using Our Family to Violate Our Privacy? and the links at the bottom of that article for more info.

Ultimately though, a public discussion does need to be had on where the boundaries of information sharing lie. If I have access to my friend's information, does that give me permission to share that information with others? Is certain information, like a name, okay to share, while other information, like their Facebook posts, not okay? How are the people or companies I share information with restricted from using that information and what recourse does my friend have to remove or restrict that data?

The debate is happening and needs to continue. But let's focus on the right issues; otherwise it's too easy for the other side to paint your arguments as ill-informed.

62:

Methinks you are apologizing too hard: Klout's privacy and terms give them plenty of room to do whatever the hell they want with your personal information and that of your associates, with scant regard to whether it's legal or ethical.

Put it another way, you've already noted that they're behaving badly; I'm not sure you've noticed that they've given themselves permission to do that by way of what looks like regular legal boilerplate (American style).

The whole world does not run according to the law of California. And it's a really bad mistake for a Californian startup operating in a global medium (the internet) to make that assumption.

63:

Brick-and-mortar retailer Lowe's likes asking for phone numbers. (Lowe's is a brick-and-mortar store, which includes bricks and mortar among their items-sold. Funny, in a way.)

"helps with returns if you forget the receipt", the clerk says.

I've gotten similar requests from other stores, sometimes ZIP, sometimes phone. And the cute sales-clerk never reciprocates when I request a phone number from her...

64:

I've been toying with the idea of deleting my account, too...and this was the nail in the coffin! Thanks for doing all the research my butt was too lazy to do :)

65:

Will the Data Protection Registrar act?

Laws are meaningless, or worse, without consistent and effective enforcement.

Actually, I'm waiting for Klout to start sending out libel writs with gagging injunctions. It's the done thing, with anything toxic by the tankerload.

Also... I wonder how the mass media will play it.

66:

Yes, you've missed the point. [...] There are any number of good reasons for partitioning your identity.

What you're referring to as "identity" is what I think of as "behavior appropriate to circumstances."

I suspect we're in general agreement despite the difference in terminology.

What tripped me up is that I've known a couple of people who apparently were "different identities" depending on where they were and who they were talking to, definitely enough that there's probably an official psychiatric term for it. It worked for them, but it gave me the creeps.

67:

So far, I do not have a Twitter account nor do I have FB. Might have to do with my age (65) but so far, all I do with my mobile phone is use it as a phone! 140 characters is too small a space to actually post something of value, IMO. And I do dislike using all this shortcuts. I am not a technophobe, having operated mainframes since 1965 when they actually took up whole rooms to work problems like a Commodore 64 and one had to rewire boards to correct a programmer's error. So, I've got the basics; I just don't want all of the intrusiveness that goes along with this grand new society - and Klout is a perfect example why.

68:

it's dubious whether merely accessing a web site creates this legal obligation, especially since you need to access the web site to see the Terms of Service. However, this has been industry standard for the past 15 years at least.

Funnily enough, it isn't. The devil is in the details.

Just checked Google, Amazon UK and Twitter. Twitter speaks about accessing and using their websites and services. Not accessing or using. The other two speak just about using.

And even if it were "industry standard", it doesn't make it right. Anyway...

the part requiring third-parties to maintain privacy and security and restricting any shared data to the use the service provider is being hired for.

"We'll provide your data to others so they can spam you for us." What are the direct marketing campaigns? What are they for? (Don't want to visit Klout at all to check further.)

69:

Try laughing at this: Vernor v. Autodesk, US Ninth Circuit Court of Appeals.

The court says you really don't own that software you thought you purchased.

70:

I think the more interesting questions here are ontological:

If I make a comment and it doesn't improve my Klout score, did I really make a comment at all?
If my Klout score falls to zero, have I ceased to exist? Or merely ceased to matter? If my alter ego online accounts have higher Klout scores than my owned public personae, has my inner self become less valuable? Should I dispense of it?

:)

71:

Charlie @ 53 & other posters.

Funnily enough, the corporates are already trying to protect themseleves against Data Mining. Think big banks, for instance - it's to do with digital security, and not being sued by a customer/clent, becasue someone has data-mined their acounts. I'm told from an authoritative source that some products of this nature are already at an advanced Beta-testing stage. One assumes that this will then spread downwards towards plebs like us?

However, this whole field is mined, anyway. We point-blank refuse to use major chainstore "bonus" cards (I'm especially thinking of "Nectar" here), simply because of the data-mining opportunities. Why the bastards don't just give us a discount, and scrap the whole scam scheme and sack everyone involved in vacuuming up their profits internally is beyond me....

72:

Trevor Lohrbeer @61:

Oh boy, YANAL, I hope, always assuming you're not being intentionally misleading yourself?

Yes, the sections you referred to can be construed to be totally innocuous, but whenever you read something like this the safe bet is to assume the worst. Actually to me, the parts OGH omitted make it appear even worse, because in best tradition they save the worst for last, when you've grown tired of reading the sentence.

Let me break one section down for you, the way I read it: 1) We engage certain trusted third parties

1.1) engage ... not hire, not pay for service rendered, but engage in business with; including Klout customers? More specifically are those third parties paid by Klout or is it the other way around?

1.2) certain ... certainly not just a filler word; certain as opposed to distinct parties that Klout themselves can discern?

1.3) trusted ... by whom?

2) share personally identifiable information with these third parties, but only to the extent necessary to perform these functions and provide such services

2.1) necessary ... for whatever they want to do? See above.

2.2) such services ... not these services; so what service, specifically? Something like these services, probably; read: Anything that can be done on server farms. See above.

And so on and so forth. And this is just what I come up with on one paragraph uninspiredly. I guess any lawyer could do a lot better during a boring day at the office with the whole thing.

Ambiguous as terms can come.

73:
This: "If you're not paying for the product, you are the product." is a proverb for our days, and I'm surprised to discover that it only seems to have been coined a bare year ago.

I've been saying that for over ten years, and I think it's not one of the things on the internet that I accidentally invented. By and large, those are more embarrassing and less sagacious.

74:

Apologies, bit off topic:

During the process of father dying and all, I ended up with the petty cash and the mail; which I change-of-addressed to my own address.

The change-of-addressed askings-for-moneys all too quickly changed to addressed directly to father at my address.

Oh yeah, one mail item was a notice of increase in mother's monthly health insurance. She had died several years previous to father. My sister and brother blew fuses at that.

75:

Here's a charming data mining service I just found in my in-box. The subject line is "Is your Arrest Record Posted Online?". If you sign up to Instant Checkmate you can find out if they are in fact posting your arrest record on the internet. I haven't looked in detail at the site but I would not be surprised to learn that they'll be happy to remove your information for a small processing fee. Naturally the company address is in Las Vegas (while not all Nevada corporations are dodgy, if a you come across a dodgy American company there's a good chance it's incorporated in Nevada).

The thing is, this is all publicly available information, and in some jurisdictions it's required to be made public by open access laws. This was fine when you had to go down to the courthouse to check records, but it takes on a different character when it's just a click away. When people talk about the internet creating a global village they usually overlook how oppressive life in a village can be, especially when your neighbors know all your dirty laundry.

76:

@67: "140 characters is too small a space to actually post something of value, IMO."

Despite a warning from Benjamin Franklin ("Persons of good sense, I have since observed, seldom fall into (disputation), except lawyers, university men, and men of all sorts that have been bred at Edinborough."), two points:

  • Publilius Syrus, Martial, La Rochefoucauld, Wilde, Seneca, Taleb, Sei Shonagon, and Franklin himself all weep to be so forgotten.

  • In a discussion that has the global implications of the internet as one of its topics, this is a curious oversight of character-based writings.

77:

"helps with returns if you forget the receipt", the clerk says.

I can attest to this fact as I have done this very thing... and was grateful for the convenience! That doesn't mean that it doesn't annoy me to give the information out.

78:

In the USA this practice is exemplified by "Radio Shack", which will refuse to make even a cash sale unless they get your full name, address, and phone number. <<

Maybe it is practice to ask the customer for this, but it has been my standing procedure to respond to such requests with a pointed reply of "You don't need to know that" and I have yet to have my cash refused including, BTW, at Radio Shack.

79:

And in a bizarre sideways twist on this, those of you that read news via Zite might have noticed this thread on their front page.

Social networking, news aggregation, whatever it is, it's there.

80:

Don't get me started.....

Suffice to say:

I work with databases and process data as my main occupation. I know how it can be used and abused.

I never give out personal data to people who don't need it if I can avoid it.

If I can't avoid giving out personal data to people who don't need it, I lie.

People need to lie more............

81:

I just lie a lot.

I lie about my birthdate -- consistently, to online services that don't need it except to "verify" my age. I get a few extra Happy Birthdays that way.

I lie about my zip code when a cashier asks. Consistently -- everyone know 90210, right?

I lie about my phone number a lot. Cuts down on phone spammers. 212-222, something. No need to be consistent. Sorry, random Manhattanites.

I lie about my address, but that gets a slight modification from the real one -- I add an apartment number, or a floor.

And if a social network has a free-form entry box for interests, I tell them I like falsifying statistics.

82:

Johnny Brill isn't even getting US law right. He can assert that there is no such thing as a right to privacy all he wants, but ever since Griswold v. Connecticut, decided in 1965, the US Constitution has been deemed to include a right to privacy despite one not having been enumerated. One reason why a right to privacy is a more controversial concept in some circles in the US than it might seem that it should be is that the Griswold decision was the foundation for Roe v. Wade, which started the culture wars over abortion which rage here to this day.

83:

I would argue that the dpa only works for the uk public sector if judging by the actions of the information commissioner over a number of years.

They probably claim that they do more than just councils but seem rather meek and while they might have meetings with facebook and british telecom who seem averse to fines for pform and acs:law leakages i am sure its just posturing to the media types.

Does the data protection act work probably not in the age of globalisation.

84:

I also advocate lying to Radio Shack and similar. It's worth keeping one's lies consistent, though, just in case you actually want to use a website a second time and forgot which random password you used the first time.

I've been amused to note that some websites will no longer accept something like 900-555-1212 as my personal phone number. They will accept (234) 567-8901 though, as well as (314)159-2654, and I've lived on 101 GoAway Street, BugOff, NZ, 90210 before. Whatever works.

85:

Radio Shack have imploded here in the UK. The irritation of being asked for a name and address was rapidly countered by giving them their own premises address and telephone number (which they never appeared to rumble).

The standard "have you got a bonus card?" question at the supermarket usually gets "No, and I work with computers: the less they know about me the better for all concerned".

I don't think I have a profile at Tesco, unless it's "That bloke who only buys our loss-leaders and always pays cash".

Bah!

Chris.

86:

How enforceable are other countries' laws against a company based in California, though if all of the assets are based in the US as well? I don't think their EULA is really binding under US law either, but if a judgement was brought against them in the UK what effect would it have?

Look at online gambling, for example. Something perfectly legal outside the US, so the US had to resort to arresting company executives stopping in US territory and barring credit card companies from working with the gambling websites.

87:

I really don't get why so many people seem to be against loyalty cards and such. If tracking my spending lets them better target advertisements to me, great. Less of my time wasted with advertisements for things I don't want.

88:

Brick-and-mortar retailer Lowe's likes asking for phone numbers. ... "helps with returns if you forget the receipt", the clerk says.

Lowes and Home Depot (in the US) had a terrible amount of losses with returns about 10 years ago. One way they dealt with it is to better track things by either your phone number or credit/debit card number. With either of these they can pull up reasonably recent receipts for the large numbers of folks who want to return a dead plant two weeks later with no receipt. Or the lumber that looks like it was used to form up a side walk. I've never seen the refuse the sale if you say no when making a cash purchase. But if this is the case you'd better have that strip of paper if you want to return things later.

89:

I lie about my zip code when a cashier asks. Consistently -- everyone know 90210, right?

In the US a zip code is pretty lame. Where I live in narrows me down to one of about 50,000 to 100,000 people. And if that's all they want I give it out.

Especially since I seem to live in the middle of a no big box (for the most part) zone. If I'm going to Lowes I have a choice of 2 equal distant. 3 for Home Depot. Etc... And I've learned enough about each of these and others to visit them almost randomly depending on what I'm shopping for and what else I'm doing.

90:

The standard "have you got a bonus card?" question at the supermarket usually gets "No, ..."That bloke who only buys our loss-leaders and always pays cash".

In the US most grocery stores only offer the discounts to card holders.

Now Target has done something interesting. To avoid the bank fees (not as big a deal as of recently) and to get you to give up details on who you are, if you pay with their Red Card they give you 5% off the total purchase. Apple products included. What you have to do is allow them to use this card to debit your bank account as if you used a bank debit card.

Now sure how this would work in other countries as I'm sure there are a few dozen different laws and customs involved.

91:

Dreamwidth, forked off LJ, doesn't even bother with ads, it's pure payment by users. Of course, even smaller than LJ, though perhaps with better code now, and more fan-friendly policies. I have no idea if they're running a profit.

92:

Interestingly it seems we're coming full circle. Back before large regional chains in the US, say until the 70s or so, your life was an open book. Between the grocer, pharmacist (chemist), and doctor, they knew most anything about you anyone might want to know. From how much spare cash you had (our grocer kept a file on us at the register showing how much we charged and when paid) to what kind of aids you used in sex. I remember the local grocer asking me to let my mom know he was now stocking the brand of yogurt she liked.

Then with chains taking over you got to be more anonymous unless your knew the checkout person or they were a friend of your kids.

Now with computers and debit/credit cards our lives are again an open book but instead of being read by your neighbor or in-law, it is read by a big corporation's data analysis programs.

Back when I was growing up we personally knew our grocer, my dad borrowed the money to finance some home building from my 6th grade teacher's father, and I did field mowing for some folks who I found out after taking the job who went to school with my grand father. Plus a few thousand other connections. Many of them via church. This doesn't exist anymore in the US except in small, isolated, mostly dying, small towns.

93:

One can give fake name and address to supermarket loyalty cards; they don't check. You probably want to avoid using your credit card with the discount card if you do this. If you forget cash, at some places the cashier will swipe a discount for you if you simply say you forgot your discount card.

Though using zip to decide where to open stores does sound useful to the customer.

94:

Of course by giving my real address I get a $10 per week discount mailed to my house. Which is basically $500 per year. Now their regular prices are a little higher than the competition but I almost never buy anything not marked down for card holders. I consider the trade fair. About the only thing they can glean from me is we appear to eat too many frozen dinners compared to fresh (we buy fresh stuff somewhere else) and we must have either large or numerous dogs. (Large)

95:

IIRC that in the UK shops have a legal requirement to ask name and address if you're buying a TV. I always say Thompson, Wood Lane London W12 7RJ. As long as it fits in their database, nobody seems to mind.

In memory of an app that nobody uses these days (which used to require an email address) when registering software etc I claim to be "support@real.com", except when I'm expecting a reg code in reply.

@DavidL - I'm in the position of having a local shop where the staff know me, but the company that employs them doesn't because I don't have a fealty card.

btw, a British chain supermarket seems to be penalising the innumerate - they have lots of offers: single items for say 90p, or two for £1.90 - that sort of thing.

96:

Interesting.

Last summer, I had lots of small-and-medium purchases at Lowe's, and I sometimes didn't give my number. They let the sale go through.

I'm still not sure that they're not data-mining and selling the data. Or at least collating it. (If I order an item from Lowes' website because it's hard to find in store, and give the same number as contact-number alongside my name/address that has to match the CC billing info...I would not be surprised if they can tie those cash-plus-phone sales to me.)

On a different front, I've seen everything from Quaker State Oil to Marzetti Food Dip attempt to pull me into a supply-your-email-address-for-a-prize-drawing way onto their email list.

It's an email-address database that tries to suck in the user's full contact info, just in case "you won" comes out of the prize-drawing.

And I don't trust it.

97:

Lowe's, and I sometimes didn't give my number. They let the sale go through.

I've never seen them require it on a cash sale but returning the item and it's not in current inventory or which looks used without a receipt can be a fight.

98:

Actually, no. The right to privacy is pretty well outlined in US law at least, and a good place to look is the Griswold v. Connecticut decision.

It's also illegal to stalk people. If I followed you around all day and took notes that would not sit well in the US. It is a bit ambiguous when dealing with private entities, but ordinarily, if I followed you around in person you could get a restraining order even if I never explicitly threaten you.

Now, the interesting question is that if private entities can ignore your rights, are they rights at all? In the US, we say no, which is why a private business dos not have the right to not serve black people.

99:

Klout just seems dumb. If they try to get anywhere with that information they stand to get in a real legal mess. They're not in an offshore haven, far from the rule of law. They're located in the US, which is a country under the rule of the lawsuit. They'll get their pants sued off.

100:

Between the grocer, pharmacist (chemist), and doctor, they knew most anything about you anyone might want to know.

True as far as it goes, but I think the differences are familiarity, reciprocity, and security. Sure, Bobby down at the grocer's knows what flavor of ice cream you like (but you also know Bobby's workplace, approximate schedule, etc.); if your doctor comes around asking about you, he'll probably have to chat up Bobby and explain why he wants to know what you've been eating.

And none of this information is likely to be shipped off to a faceless corporation in another country without you hearing about it, for purposes they don't share with you.

101:

I think there will have to be some kind of catastrophic problem that effects many people before anyone starts caring enough about privacy-infringement to do something about it. (see the boiled frog metaphor). What form could this catastrophe take?

102:

"BINGO"

103:

You may want to note that the British equivalent of a zip code -- a postal code -- is much more precise. Postal codes come in two chunks; a header that identifies a city-sized zone and a district within it, and then a high precision identifier within that district which narrows it down to an actual postal delivery 'walk' (yes, our postal workers deliver our mail on foot: the distances are that short). Add a street number and you've got an address precise enough that the Royal Mail address finder can deliver mail to me using just my apartment/door number and the full post code.

(This is one reason why I really don't like shopping with vendors who ask for my zip/postal code with no obvious justification. I'm the only person with my surname in my postal code area.

104:

David L: Back before large regional chains in the US, say until the 70s or so, your life was an open book.

You missed a critical point; your life was an open book only to people you knew personally and did business with. And they weren't in the business of selling the details of your life to third parties.

The GP and pharmacist examples are spurious; even today, that's a direct client/practitioner medical confidentiality relationship -- they have "need to know", but they also have a legally imposed duty to maintain your privacy in the face of third parties.

The small-town grocer is a more interesting case. On the one hand, asking you to tell your mom that he has her favourite brand of yoghurt in stock could be seen as early behavioural advertising. On the other hand, it's based on a confirmed, public preference, not simply a rec based on her web surfing habits at home. Nor does the grocer's local client knowledge get diffused, other than the supply chain possibly learning that someone in Townsville consumes Yoghurt Brand X, sold through Grocer Y.

So your 1970s relationship with your GP or the Village Grocer is a bit like Facebook's definition of "friends", as opposed to "friends of friends": it's based on direct proximity.

105:

If you're paying for the product, you are still going to be the product if it's profitable to make it so.

That's why that popular new proverb is naive.

106:

Chris Suslowicz @ 85 See my earlier post @ 71 re avoiding "Nectar" cards etc ....

Andrew G @ 87 Do you really wan them to sell information as to how much booze you buy to the interfering state nannies? And why should they waste money on these syatems, rather than both improving their products AND cutting prices? these systems don't come cheaply. And it's NONE OF THEIR DAMNED BUSINESS. Selling stuff is their business, NOT prying into our lives.

Dan Benson @ 101 ...some kind of catastrophic problem that effects many people before ... Unfortunately, I think you're right.

Expanding on Charlie @ 103, for non-UK readers.

Something like: 23 E19 4UJ Will identify a SINGLE HOUSE. ( And, since there isn't an E19 postcode, I haven't ID'd some unfortunate before you ask! )

107:

A friend of ours has a policy of lending out his supermarket loyalty card so that data on purchases is completely useless to them. Plus he gets more points that way.

He also enjoys filling in those consumer survey forms as creatively as possible, though he still doesn't quite get why the pair of chain-smoking lesbians got a free sample of nappies. "She" sent back the feedback form saying they tasted awful.

108:

@ 95 Phil: They do that so they can pass on your details to TV Licensing (It is still a legal requirement to have a TV license in the UK. That's how we fund public broadcasting - And thank God we do)

@ Pretty much everyone else. To be honest the whole data-mining-serving-me-ads-for-products-or-services-that-might-just-interest-me thing is fine by me, and a whole lot more palatable than being cold called by a machine that tells me I've won a holiday.

The fact that Tesco and Sainsbury's know where I live is also not a problem... Actually them not knowing would be a problem, because then they would have trouble delivering my groceries every week.

But then I'm not living off the grid in a disused nuclear bunker in the desert with several crates of bottled water and a shotgun and cartridges in case 'The Man' comes a-calling. Which appears to be what many of you seem to aspire to. :)

109:

But what KIND of catastrophe? There are plenty of stories out there about individual people who suffered from lack of online privacy, but what will get a large enough group of people pissed enough to do something about the problem?

It might make for a good s/f story :)

110:

Your comment was fine until the last bit of gratuitous insult.

111:

Which works for Autodesk Inc in the USA. You;d need separate case law to show that the same applies to any other SoftCo, and even that it apples to Autodesk in non-US jurisdictions.

112:

In the days before postcodes, the postmen could often do a very good job on the basis of duff data. We once received a postcard addressed to "Tingewick Mill, Birmingham".

(It is perhaps noteworthy that the nearby town was Buckingham, which is closer to London than to Brum.)

HGV drivers were a little less careful: on more than one occasion, a feed truck turned up, having driven a mile down a single track road to us instead of going to Finmere Feed Mill, near Tingewick. None of them ever did it twice because we didn't really have the space for them to turn round.

113:

@Feòrag please note the smiley... I was being a little tongue in cheek!

But sorry if I offended anyone.

114:

One more comment on the denigration of free things:

If you use Linux, are you the product?

If you use Charlie's Diary, are you the product?

Just curious.

115: 74 - Scott, this only applies to the UK, but if you've not got this sorted, register your father at the Mailing Preference Service, and if his death was in the last year or so, talk to the Registrar's clerk, who can help with getting him off mailing lists too.
116:

You seem to be having difficulties with the concept of the pithy aphorism. An aphorism is meant to encapsulate a truth in a compact form. It's not meant to have to include all the disclaimers that a full thesis would.

117:

I have to say that, while it might be naive, I think there's a difference between a loyalty card, even if they know my address, and a social network - even if I know in advance they're trawling my data to sell advertising that they (consider, often hilariously inaccurately) will target me.

Perhaps that's a level of trust in the DPA that applies, being a UK citizen and resident. I'm pretty sure neither my local supermarket, nor my local outlet of a national coffee chain sell my personal data on. Them knowing what I buy... I can live with if it helps them stock the shop better, and the occasional free bag of shopping to help them make it easier to track my shopping habits, or the more frequent free coffee... I can live with that quid pro quo. They send me occasional emails (very occasional) telling me how many points I've got, what I can use them for, when something new is available - and my spam filter throws them all away with alacrity.

Similarly Amazon makes guesses from my previous purchases about new books I might like. It's more persistent than the grocer saying he's got my mum's favourite yoghurt in, but I file all their mails into a folder and read when I've got a few minutes. It's an useful resource for when people want to buy me presents, or send me gift vouchers. They're mostly pretty good about identifying my likes and sending me appropriate notices too. I could wish they didn't - daily, sometimes twice daily notices, is a bit much, but not impossible to handle.

But they are all companies that through some level of choice I interact with of my own volition. (I actually have loyalty cards for 3 coffee shops, but two of them are cards which are stamped and have no personal details on them.)

The problem with the social networking sites is that they take whatever they can find, even if it's just my postcode, and sell that to anyone that can afford to buy it. Although I stopped using it months, nearly years, ago, Facebook never got an advert for me right - I never clicked through, never thought it was interesting or that I might buy that, shop there.

But even beyond that, there is a distinct difference. Shops I've used, real or virtual, sending me offers and adverts is fair IMO - they obviously want me to go back and spend more money there. Selling my details to third parties so they can try to tempt me in... that's naughtier as I haven't chosen the third parties.

All of that made me consider Google Ads, the side-bar ads on LJ etc. I mostly ignore them too. But they don't offend my sensibilities in the same way. Partly they're less intrusive, partly they're somewhat targeted at the content of the blog so they're likely to be somewhat interesting, and more importantly, they're not selling my data to get the advertising.

And that, I guess, is the bottom line for me. If I choose to interact with Company X and they want to keep advertising to me, then I bought it on myself. If I'm passively targeted for advertising likely to be of interest to people that read a page I'm reading, that's a bit wider than I'd like it to go, but as long as it's not intrusive, that's OK. At the point you mine all the data about me you can and sell it to someone else, that's beyond the pale, at least for me.

118:

Years ago I was unwittingly caught up in a credit card processing scam; my business had applied to 'rent' a card scanner and use the processing service. The contract had one of those "personal responsibility" clauses (yada yada...even though the contract is with a corporation, you [named individual] agree to be held personally responsible..." This was left blank on the application. Someone at the processing company forged a signature (readily apparent when visually compared). Despite all of that, they kept on hassling me for rental payments, late fees, etc, once we dropped the contract. Like calls every hour on the hour for 7 days a week, faxes multiple times a day, emails, - real draconian stuff. I finally got a stupervisor at the collection company, informed them of the law for such things and then informed them that I was going to charge them a processing fee for every single call I received.
Once a week for a month I sent them a detailed invoice for my time. Then informed them I was hiring a collection agency. They stopped.

Perhaps a similar judo move might work to some degree or other, with sites that send you a confirmation email when you sign up: have someone figure out a way to construct an autpmatic response email that contains your terms of use: "By receiving this email you agree to be bound by the terms contained herein; if you do not agree to these terms, do not receive this email...."

I know that sometimes stupid legal maneuvers like this work: similar to the "failure to respond by thus and such a date constitutes acceptance of the terms of this agreement" usually gets a response - or a deal on your terms. (Actually lots of argument followed by a more tractable negotiating session); pencilling in and initialling terms on a form you ultimately sign (like my confidentiality agreement at AT&T and the admissions form at the local ER), etc., etc.

And if nothing else it lets you 'do' something, gives you some place to vent your frustration.

119:

And another thing: those supermarket discount cards? Read the usage portion of the application form.

Outright data mining. I screw with their 'profile' of me by letting others use my card for their purchases. The computers have no idea what I really purchase any more.

120:

a whole lot more palatable than being cold called by a machine that tells me I've won a holiday.

That's illegal in this country, and the folks who own the telephone robot are liable for a hefty fine per call if they get caught.

the whole data-mining-serving-me-ads-for-products-or-services-that-might-just-interest-me thing is fine by me

It might be, but it's technically illegal if they didn't get your prior consent. See also BT, Phorm, police investigations, and so on.

121:

If you use Charlie's Diary, are you the product?

Seeing you asked ...

Charlie's Diary is a free sample of the product.

The product that pays for the service is Charlie's writing, including the non-free, costs-money stuff.

You can find links to it at the top of the sidebar on the right hand side of this page. Folks who take an interest in online marketing tell me that they're much too discreet; but my view is that I don't want to do to other people things that I'd be unhappy about having done to me.

Does that answer your implicit question?

122:

and finally (promise, lol):

I'm waiting for the day when I come home to a pile of packages at the front door with a note attached saying "These are the items you would have purchased during the coming week according to your consumer profile. We have debited your account accordingly."

123:

You missed a critical point; your life was an open book only to people you knew personally and did business with. And they weren't in the business of selling the details of your life to third parties.

I was more musing than making a hard point. In the back of my mind I was also thinking of the people who feel they must be allowed to live their lives in total anonymity "like we used to be able to do".

The GP and pharmacist examples are spurious; even today, that's a direct client/practitioner medical confidentiality relationship -- they have "need to know", but they also have a legally imposed duty to maintain your privacy in the face of third parties.

The GP more so but the pharmacist over the in US not so much. I was thinking of all the things you don't buy from the prescription counter. Hygiene and sex products. You might not want folks to know you use brand XYZ lubricant or condoms with "ridges".

But back to the GP. In today's world confidentiality is much more strict then in small town USA back 50 or more years ago. Law or not, there was a lot of information leakage.

Anyway my point was that for a while much of our lives in the US got much more anonymous than in the past or present. The gap was between mom and pop stores and computers everywhere.

124:

though he still doesn't quite get why the pair of chain-smoking lesbians got a free sample of nappies. "She" sent back the feedback form saying they tasted awful.

They figured she got a bad batch and wanted to make sure her opinion was formed from a hand picked package. :)

125:

The GP more so but the pharmacist over the in US not so much.

Mm-humm. My Pharmacy Law & Ethics background is more than two decades out of date, and specific to the UK as well, but I can't see the GPhC's inspectorate letting that one lie. The retail side of a pharmacy that sells non-medical items would be subject to normal retail regulations, but anything medical ...? That's another matter.

126:

OK. Here's a question. Anyone know the names of their cookies so we can toss them if we find them?

127:

But note, in giving your card to someone else, you almost certainly violate the T&Cs of the loyalty card - it is for your personal use. But . . . what are they gonna do, cancel your loyalty card (oh, I'm trembling already)

128:

And the said owners of said robots just set up shop in 'Forn Parts' where it isn't illegal and CLI is not available, so actually tracking them down is all but impossible... Unless I actually go through the rigmarole of following their IVR tree pretending to want the timeshare, sorry... holiday.

If cookies could be a bit smarter, so that once I bought a bracket for my TV, GoogleAds figured that out and stopped serving me up more ads for great TV bracket deals. Now that would be nice!

Wait until they get it together with GPS and start pushing you deals specific to you and the store you're walking past

129:

"a whole lot more palatable than being cold called by a machine that tells me I've won a holiday.

That's illegal in this country, and the folks who own the telephone robot are liable for a hefty fine per call if they get caught."

Um. Technically true, IF they get caught. But a lot of these companies are based outside the UK. And a lot of them use autodialers which just call random telephone numbers.

These random calls get to be very tedious. And thy work from old old old lists. I used to get a lot of cold calls on my business phone (I work from home) for a family called Patel (my surname is not Patel). My current business line which has been mine for over 5 years still gets several calls a month (not including robots) for Alan Whitaker (my surname is not Whitaker).

130:

@Mark:

The trouble is, you don't get to decide what the information gets used for when its abused.

Its the difference between say, Google using my fondness for Mars bars to advertise other chocolate products to me, and my chocolate purchases being sold to HMOs, who use it to deny me insurance. If my chocolate consumption figures are (erroneously) high, the dangers for Google are misadvertising, no big deal. If the medical insurer denies me insurance, it might even be fatal. And I would not know where the error is, or have a chance to correct it.

131:

Um. Technically true, IF they get caught. But a lot of these companies are based outside the UK. And a lot of them use autodialers which just call random telephone numbers.

Even with an ex-directory number (for some years) registered with the TPS, I'm getting this shit.

They're not just using autodialers, they're using VoIP gateways that cut their calling fees to just about nothing (as long as they stay off the mobile networks). POTS-over-landline is in danger of becoming unusable in the not-too-distant future without, at a minimum, a decent voicemail system with spam filtering.

132:

From what I can tell, my (full) post code is composed of two buildings, a total of eight separate residences and I guess less than 30 people, total. I am pretty sure I am the only one with my first, or indeed last, name for the nearest 10-100 post codes from home.

133:

I am registered with TPS. Apart from my mother, the only calls I get on my landline are from overseas autodial scammers. I'll get home to sometimes as many as 10 missed calls, all 'Unknown' or 'International'.

134:

"POTS-over-landline is in danger of becoming unusable in the not-too-distant future without, at a minimum, a decent voicemail system with spam filtering"

Ah hah ahahahahahhhh.

Already there.

I finally cancelled my landline a couple of weeks back. 75% of the calls I received were from "debt collectors" attempting to contact random people who have never had that number, but who had a name that (sometimes) sounded similar to mine. 20% of the remaining calls were from charities. Pretty much all the rest were wrong numbers. I realised that with election season coming up, I'd start to get lots of those as well.

So, less than 1% of calls on my landline were calls I wanted. And that's with me registered with "do not call" lists.

135:

Luckily, I have a pseudonym I use for Internetery, so Klout didn't get anything that's particularly useful to marketers, and my Tracking denial plugins broke Klout a lot so I was using Chrome's Incognito mode to visit the site (Because it nukes the cookies etc. when the window closes).

Even so I deleted my account on principle - it's one thing for me to blunder into some online scam - But I really don't want it getting hold of my friends list and marketing to them.

136:

The aphorism rests on the unstated but obvious context that the not-paying-for is supported by advertising. "You are the product", i.e. being sold to advertisers.

Truly free things like Linux are another matter.

137:

You're really hung up on this, aren't you?

On Livejournal, if you become a paid member, you do not see ads. This is one of the explicit benefits of payment. You can be product or customer, not both.

Dreamwidth doesn't even use ads; there's just the free sample tier, and the paying customer tier. No product.

Contra Bierce, it is possible to let cynicism cloud one's eyes to reality.

138:

Caller ID is my solution to this problem; if I don't recognise the number, I don't answer it. If someone I know needs to ring me from an unfamiliar number, they'll know to start talking to the answerphone - if I hear a familiar voice, I'll pick up. I don't know about other companies, but if you have a BT line, you can get caller ID for free by asking about their "privacy at home program" (which consists of, um, checking you're on the TPS list and giving you caller ID for free instead of charging. But hey, useful free stuff!)

139:

CallerID doesn't do the job for me 'cos the ringing phone is, in itself, an interruption. I have to get up, check the callerID, determine if I want to answer it, listen to the message being recorded...

I need a phone answering system which can do simple things the equivalent of captcha; "what is 21 plus 14; enter your answer now", and only on successful value will my phone ring.

140:

You don't have eighty-something parents, do you? Or friends who have their own PBXs and routinely disable caller ID?

And you probably have phone handsets with working displays, and a memory that isn't so full of decades-old junk that you can memorize eleven digit numbers for everyone you meet ...

141:

In addition to what Charlie says, in my case its a business line - that means I often get calls from numbers I don't recognise, sometimes even from abroad ("a network which doesn't give out numbers" if you dial 1471 after the call). Beleive me there are few thing more irritating than to pick up a ringing phone when in the midst of a job or when waiting for a call from a business colleague and get some spambot talking agbout PPI or how I "may" have "won" a holiday competition I didn't enter - although faxes to my non-fax line do qualify as more irritating)

142:

If you use Charlie's Diary, are you the product?
And if you're the product, who's the customer?

I'm going to ignore Charlie's reasonable (and authoritative) answer and remind people of the Cthulhu hat that Charlie brings around on his speaking tours, and suggest that there may be darker forces using this site to spread their tentacles... Maybe you'd be safer over on FaceTwitterKloutJournal.

143:

People started worrying about privacy and computer data mining back in the 60s, when mainframes used punchcards for input and magtapes for storage, cost millions of dollars, and required departments of people to implement multi-month projects if they wanted to do new kinds of queries.

By the mid 90s, before Google, a random bureaucrat with a $1000 computer on their desk could make ad-hoc queries at lunchtime that were more complex than that, so data mining applications like "stalking your ex" were increasingly practical if your company handled appropriate kinds of data. You didn't have to be the government or the 1% to do it; working for them was enough.

Now that it's the 10s, I've got wristwatches faster than a PDP-11 and a phone in my pocket that would count as a supercomputer through most of the 80s (and except for disk space, well into the 90s), and the multiple-washing-machine-sized gigabyte of disk space that cost $100K in the mid-80s now costs $3 and is small enough to get lost in the washing machine by accident, and internet connectivity speeds that would have cost hundreds of dollars a month in the 90s are now an expected condiment with your coffee.

Data mining has become radically cheaper and more pervasive, and while big companies obviously can and will do more of it, individuals are doing it with pre-packaged smartphone apps that check which of their friends are in nearby coffee shops. Until Moore's Law grinds to a halt, the depth and pervasiveness of data mining is just going to keep growing.

When David Brin's The Transparent Society came out in the late 90s, a lot of the cypherpunks folks didn't like it, not only because his predictions about loss of privacy were depressing, but also because they were mostly not wrong.

144:

I know. And I have a licence, but I object to the point of sale collection of data by Capita that goes beyond that purpose.

For licencing, all you need to know is two data fields - equipment (yes/no), address. When buying TV equipment I'm asked for name and type of equipment, plus the info on where I bought the equipment and how much I paid is presumably added. This imo is in breach of the Data Protection Act -

"2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed"..

Asking name, and type of equipment is excessive and not relevant. And why ask if there's no plan to process?

If you google Capita +fraud you'll see a few other reasons why I don't want them holding my details.

When I worked at BT Repair a medium fraction of my work was fielding calls from people with horror stories of unsolicited calls, day and night. It's very hard to resolve. In theory most cold callers can be blocked and fined, but in practice, operators only have 180seconds allocated per call before Resources are breathing down their neck. In that time there's not a lot you can get done. Referring the "fault report" to a specialist group is almost always a waste of time.

145:

(2) You would need to see the vendor's DPA registration to determine whether or not the collection and/or forward transmission of data beyond (Address + New receiving kit purchased) is a breach of the DPA. If their DPA registration says that they can record and pass on your car make, model and registation number, then they're not in breach of the DPA in doing so. (3) Same argument; if they've stated the purposes for which they want the car details, they're within the DPA.

Sorry.

146:

Without our gracious hosts explicit permission I'm not going to name names but there's a hardware product out there that might fix your problem. Acts like an electronic butler, lets your friends and family known numbers ring through unhindered on a whitelist, blocks blacklisted numbers without ringing the phone at all and asks everyone else to give their name and wait while it ascertains if the master is in :)

Blacklist can be as soft as known bad numbers through no international, no number withheld, no calls between the hours of X and Y. It's no good if you live your life on your landline but if your spam calls are outnumbering your real ones (as they were to me by about 8 to 1) it can do a lot of good.

It does confuse elderly relatives (until you whitelist them) and people who refuse to actually listen to phone messages and so assume it's an answer phone though.

147:

Point of interest, any T&C, are first held to contract law, and not pin on data protection laws. Under contract law, there must be offer, acceptance and consent.

Oh.

we #FAIL ourselves with our eagerness to play.

Eddie Izzard and T&C:

http://youtu.be/lbvwZ4LWeEc

148:

I'll agree that $retailer can impose any Ts&Cs they like on the contract of sale. That doesn't stop it being illegal under the DPA for them to require info that they've not registered as holders of, registered a purpose for, and to disclose that info to a 3rd party that they've not registrered as a data recipient and/or custodian for those data.

And, of course, a contract of sale is governed by civil law, but breaches of the DPA are governed under criminal law.

149:

My neighbour worked for a charity that among other things sold second-hand TVs from their shops. He was their chief database engineer, and stunned to find out how much they have to report to the Home Office - and it did include the make of the TV - he was told, when he queried it, that it's part of tracking for if you should pay a colour or B&W license fee according to the legislation, even though I don't think you can buy a B&W TV any more.

If he's right, and no reason to assume he's not, you could try and challenge the legislation that requires recording the make under the need for data in today's world, but it doesn't fail item 2: they are legally obliged to take and record the make. Recording the rest though, sounds dodgy.

150:

The retail side of a pharmacy that sells non-medical items would be subject to normal retail regulations, but anything medical ...? That's another matter.

Now you have me wondering what falls on which side of the line in the UK vs. the US.

There's a LOT of things that could be considered medical sold by the retail side. From cold and flu remedies to heart and blood pressure monitors, to bandages and splints for sprains, to well lots of things. You could get a lot of information about someone just from these purchases.

But I don't know about the UK but in the US there was definitely a lot of leakage of medical information from in many small rural areas. And in some big cities also. Wasn't right but it was there. Much of that has gone away over the last 50 years as the laws and enforcement and awareness has gone away. Plus doctors are given much less deference now than in the past.

151:

The law has yet to be fully tested, but has changed since Charlie's time because supermarkets are now allowed to sell some non-prescription medicines.

For prescription-only medicine, it's clearly covered by the appropriate medical confidentiality and privacy laws. I believe the guidance in most pharmacies is to default to that standard on all items but for over the counter sales I suspect you'd find a good defence lawyer would make the case it doesn't apply and win.

Because, of course, for OTC medication bought in the supermarket there's no special protection beyond the DPA.

Interestingly most of the big pharmacies don't do loyalty cards. Boots do, but it very specifically doesn't reward or record transactions for POMs.

152:

Ah, now Tesco (who are, of course, extremely evil - consider that WalMart of all people complained to the Monopolies Commission about them and Morrisons), have all sorts of cunning tricks to attempt to squash the competition (and extract more profit from their customers.

1) Running a loss-leader of a few insanely-discounted quality brands (then suddenly switching the offers/prices around to confuse the customer into buying the same product that is no longer cheap). e.g: price breaks on 6-pack versus multiple purchases of single pack yoghurt. It's like a very inconsistent yo-yo.

2) Running "two for only X GBP" offers where X/2 is more than the unit price.

3) Running their loss-leader for a week (pr month), then putting their own brand of the same product into the same spot on the shelf. Buying their cheapo mayonnaise (which tasted more like a knock-off of oil-based salad cream is a mistake you only make once.

None of this works on me: I shop on foot, have a list of what I want, and Aldi is the furthest walkable supermarket from where I live, so I call in at all the supermarkets (Co-Op, Iceland, Tesco & Aldi), noting prices before I start buying things on my way back home. If a smaller store (or one the few remaining shops) is only slightly more expensive than Tesco, I'll buy from them on principle.

153:

I have just bought a surplus Racal JAMCAT[1] (contains neither fruit nor felines) specifically for use against the more persistent telepests (one double glazing company, an "energy saving survey" bunch, and some PC antivirus scammers).

This is going to be Fun - Random Tones on the "fast look through" setting ought to get the message across fairly quickly.

I suspect the real answer may be a customised version of Asterisk, with a whitelist for known callers, a blacklist for known telepests, and everything else diverted to challenge-response or an answerphone.

Chris

[1] SS 2931 Jammer Communications Attachment.

154:

No, the real solution is, as always, outlawing the whole damned mess and then properly enforcing those laws. Make the penalties hurt someone, instead of being a rap over the knuckles. They go overseas to leave the jurisdiction? Set up yet another unit in the alphabet soup to deal with just that.

It's because this crap is tolerated that it keeps happening. And anything short of real damage to the perpetrator is tolerance.

155:

I don't care what they think about my buying habits. "They" are algorithms on a computer somewhere for the most part. And obviously collecting my data helps them sell to me better. I have a better experience and get what I want, they earn more money off of me.

156:

I've known store employees to use their own cards when managers aren't around. Customers without cards are happy to get the discount, and if there is some sort of point or reward program the employee gets it. :)

157:
If my chocolate consumption figures are (erroneously) high, the dangers for Google are misadvertising, no big deal. If the medical insurer denies me insurance, it might even be fatal. And I would not know where the error is, or have a chance to correct it.

Or if the algorithms decide that you should now be subject to additional screening at airports. According to persistent rumour, that runs on the basis of "would not know where the error is or have a chance to correct it"...

158:

In Clinton time, one of the things our State Department was working hardest at was trying to get you to change your privacy laws so US companies could do businesses there as they did here.

159:

I think Klout, FB and other social networks are going to slowly drown in their own spam. People will get bored of the constant trivial updates and move onto new forms of online entertainment. I am particularly annoyed by the regular status updates from corporations on my FB home page. I click once on a Like button and I am subjected to endless commercial messages. The Unlike button is hidden in a small corner of the screen. If Klout are breaching EU privacy laws, maybe some enterprising law firm will start a class action.

Charlie, do you see some irony in your appeal for internet privacy via this blog? You seem to run your professional life like an open book for the readers of this site. Your career history, habits, likes, dislikes are all presented in great detail for the public.

160:

A loyalty card for a particular store, unless I pay cash every time, isn't telling them anything they can't pick up from the payment card used. Oh, they do get my address.

Tesco in the UK provides a couple of key-tags with the card, so if somebody found my keys dropped somewhere, there's a chance I could get them back without the finder learning which house they match to.

Multi-store loyalty cards such as Nectar, I'm more wary of. They'll give you points for using their web-search toolbar--now that's getting bad.

161:

This is an excellent analysis Charlie. I always say to people that there's the law and then there's acceptability. In other words, do you abide by the law or do you abide by what you can get away with?

If Klout's behaviour and intentions are honourable, and it recognises the difference between active participants and unwitting bystanders, then it can probably get away with this approach. However, if the general public begins a backlash against the hoovering up of data, in the way that Facebook has had to answer privacy critics in some countries, then Klout's model may be on the other side of what's acceptable.

The law is often about interpretation and measurement of risk. The over-riding factor is respect for the customer.

For me, this is the killer line in your article: "Worse, you risk infecting all your friends." That is the big problem in social media because so many people are blindly sharing, accepting and installing all kinds of things without ever questioning whether they are valid or what will happen as a result.

162:

Charlie, I wouldn't object to you making the links a little more prominent for your book sales, even a small book-cover picture (but be careful where it gets served from). There's a balance on this, and you are maybe a little too discreet.

It's a bit like the adverts you get with Gmail: they don't really intrude. Yahoo, on the other hand...

(wide-screen monitors have made a big difference.)

163:

It looks very much as though the next EU Directive on data protection will include non-EU entities dealing with customers resident in the EU as being liable under the law.

What a Directive does is require the national governments to enact laws implementing the directive. I think the DPA came out of Parliament about 3 years after the last Directive was issued.

Note that this means that if Facebook, or whoever, does something naughty, they can be potentially brought to trial in any EU Member State. An acquiescent regulator in the UK might make it harder for us Brits to get results, but it's not unlike obscenity law in the USA: it only needs one DA to get stroppy.

This isn't going to happen soon, and details may change between now and the formal issuing of a Directive.

164:

I'd agree, although I do sort of wonder how many of the regular contributors have most or all of Charlie's output to date anyway? I know I do.

165:

Mark G @ 108 NO TOTALLY WRONG It is emphatically not "A legal requirement to have a TV license in the UK" Only if you actually have a TV! 1% of the population, including me, don't (600,000 people, approx).... Mind you, it leads to all sorts of fun with the TV-licence fascist-enforcers, but that, as they say, is another story.

Bellinghman @ 112 Finmere - as on the late-lamented Great Central Railway?

Charlie @ 120 I/We are on Telephone preference, too ... But the bastards still do it, by basing themseleves in Asia or the USSA - wher Brit/EU law does not run. Um. As yes @ 131 too ... A lot are automated, and you can't do anything. Sometimes, there is a real person on the other end. The ONLY thing to do then is to be as personally, racially abusive as possible - deliberately breaking UK law in fact. THEN they're in a cleft stick. Nice.

Paul Knight @ 144 That is why "Private Eye" call them CRAPITA. Bacuse they are.

Andrew G @ 155 Ah you obviously have nothing to fear - because you have nothing to hode. Excuse me, but.... terminally stupid is my politest response.

Steve Masters @ 161 "In other words, do you abide by the law or do you abide by what you can get away with?" Absolutrly spot on. And you've reminded me of another authoritarian horror of absolute dictatorship coming down a road near you. Off-topic, perhaps, but I don't think we can afford to ignore it. It's called the ESM and replaces, or will replace the EFSF. It's really scary - a recipe for absolute dictatorship, with full leagal immunity for those in appointed power.

The full treaty can be read HERE Please pay especial attention to articles: Preamble 4 - where does that money come from? See also Article 8. Article 5 - an unelected, appointed Board of Governors.... Article 27 is the really worrying one. Read THIS, from A 27 ... 3. The ESM, its property, funding and assets, wherever located and by whomsoever held, shall enjoy immunity from every form of judicial process except to the extent that the ESM expressly waives its immunity for the purpose of any proceedings or by the terms of any contract, including the documentation of the funding instruments. 4. The property, funding and assets of the ESM shall, wherever located and by whomsoever held, be immune from search, requisition, confiscation, expropriation or any other form of seizure, taking or foreclosure by executive, judicial, administrative or legislative action. 5. The archives of the ESM and all documents belonging to the ESM or held by it, shall be inviolable. 6. The premises of the ESM shall be inviolable. 7. The official communications of the ESM shall be accorded by each ESM Member and by each state which has recognised the legal status and the privileges and immunities of the ESM, the same treatment as it accords to the official communications of an ESM Member. 8. To the extent necessary to carry out the activities provided for in this Treaty, all property, funding and assets of the ESM shall be free from restrictions, regulations, controls and moratoria of any nature. 9. The ESM shall be exempted from any requirement to be authorised or licensed as a credit institution, investment services provider or other authorised licensed or regulated entity under the laws of each ESM Member.

And Article 30 Immunities of persons 1. In the interest of the ESM, the Chairperson of the Board of Governors, Governors, alternate Governors, Directors, alternate Directors, as well as the Managing Director and other staff members shall be immune from legal proceedings with respect to acts performed by them in their official capacity and shall enjoy inviolability in respect of their official papers and documents.

They can steal all your money, do anything at all, and there's nothing you can do about it.

Admittedly this ONLY applies/will apply inside the Euro-zone, as presently proposed, but ..... I think Prince Paul Metternich would have loved it!

166:

I have never taken any training on the subject, but in the United States there is this law that was called HIPAA by Congress. (I guess if Congress really cared, the Act would have a better acronym...or something.)

I believe that the patient has to sign waivers for any medical data to be transferred from any medical provider (including pharmacist) to any other party.

Thus, when I signed up for insurance that might include coverage of medical events, the insurance agent handed me a broad waiver form that allowed the insurance company to get access to portions of my medical records if they feel the need.

Since I'm not a regular purchaser of prescription medicine, I don't know how the average US Pharmacy handles that.

But I have good reason to believe that the prescription counter of the local Pharmacy is handled as a separate business (from an inventory/staffing perspective, and likely from an accounting perspective also).

167:

Mark G @ 108 NO TOTALLY WRONG It is emphatically not "A legal requirement to have a TV license in the UK"

I think everyone else read that as "It is a legal requirement to have a TV license in the UK if you have an operational Tv receiving device on the premises"

168:

Have you met pidder yet? No investors, no advertising. It's a privacy-by-design social network (among many other things) that doesn't know the user's data because it's encrypted. Might take a look at it...

169:

TV licensing. A bit off topic here but I'm curious. What is it that is licensed? A full TV? A TV tuner? Something else?

The reason I ask is that in my house we have two flat screen TVs. Neither of them would be used much different if the tuners were left off. Both are connected to the TV "universe" via Tivos. And I know there are a lot of nerds in the US who use their flat screen computer display as TVs via Tivos and/or EyeTV adapters or similar.

Just wondering.

170:

A TV Tuner.
TV licensing getting quite complicated with online viewing as well, but if you are watching 'as live' (ie online at the same time as its broadcast, you need a licence.

Guardian article here discusses it

171:

HIPAA is...interesting. Roughly speaking, congress had a good mini moral panic about health information privacy and passed a law that was so broad and vague as to be unworkable. Technically, "Mr Jones, your prescription is ready" would be offending.
Its been softened to usability in actual regulation.

In any case, it protects healthcare information which, oddly enough, is that which is "created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse".
You going out and buying a basket of OTC meds and super goat lube doesn't seem to qualify since neither you nor the front register are one of those things.

172:

Very nearly, edit inline:- TV licensing getting quite complicated with online viewing as well, but if you are watching or recording 'as live' (ie online at the same time as its broadcast), you need a licence. So in answer to David L's implied question, yes you need a colour licence for a Personal Hard Disc Video Recorder.

173:

HIPAA is...interesting. Roughly speaking, congress had a good mini moral panic about health information privacy and passed a law that was so broad and vague as to be unworkable. Technically, "Mr Jones, your prescription is ready" would be offending. Its been softened to usability in actual regulation.

USA only rant.

The advocates wanted patients to be in charge of exactly who would have access to what medical records. But since even simple medical situations can involve multiple people working with multiple companies, practices, agencies, etc... when you visit a doctor they all basically have you sign a form that says they can talk to whoever they feel they need to talk to about your condition without asking you first or even informing you later.

HIPPA was a nice theory but a nearly impossible practical goal. But we get to pay for it with increased costs woven throughout the system filing and tracking releases that say we all agree to almost no privacy.

174:

Tip I heard from a chap who used to work at a call centre:

If you have the time (and a hands-free set) then one way to keep down the phone spam is to talk to the salespeople. Ask them to explain. Say you don't understand and ask them to repeat. Keep them going until they realize that you are just stringing them along. As they get paid for successful calls, they will take your number out of the machine themselves.

I admit I wish I could have seen the expression when, after 30+ minutes, I asked what they were selling again? All I got was a prissy 'click' as the call centre drone hung up…

175:

Weirdly enough, your for-pay product feels more interactive.

That's not a complaint about the blog, but just me marking out* about how many of your books give me a feeling of melanoia (which I've heard is the converse of paranoia -- I mean the feeling that unseen forces are contriving to work together in your favor.)

I suspect it's just that we're of similar ages and seem to have been in the same tech, fan and gaming sub-cultures (perhaps excepting pro wrestling, in your case.) So for me, reading your books gives me a lot of "I wish I'd said that!" moments.

But here on the blog, you're just another grumpy mortal with sysadmin status.

  • "marking out" = The pro wrestling term for a fan ("mark") going totally apeshit in a postive fashion. In other words, acting like a mark who's PROUD of being a mark.
176:

When asked by a check-out clerk for my zip code on a cash purchase, I usually say in a friendly, conversational manner, "No, thank you." Occasionally there is a clerk who will actually hear it and do a double-take, but for the most part it seems to be a conversational unit that satisfies them, without making an issue of it.

177:

The short version of what scares me about all this "social networking" stuff:

  • What they call the "social graph" is more accurately described as a permanent and unbreakable system for identifying an individual via their social ties, personal interests, and other contextual information.

  • Organizations tend to think about database security in terms of keeping backups and preventing unauthorized access, not about having their data copied off by employees or contractors. 2.5: They're even less mindful about the security of old databases that ran on old software.

  • Few countries have laws prohibiting the misuse of databases; and where such laws do exist, they're seldom enforced.

  • Software for hacking and crossbreeding databases is only going to become more powerful and sophisticated. Mass storage is only going to get cheaper.

  • I'm not necessarily worried about what the faceless badguys know about us this year. I'm worried about what they may know ten years from now.

    178:

    Greg @165: "I think Prince Paul Metternich would have loved it!"

    Clemens Wenzel's wettest dreams couldn't have been as steamy (ha, letter opening ;-) as what is being enacted now throughout the western world. He only had that many secret police and censorship officers after all, and journalists e.g. seem to have been a smarter bunch then they are now in avoiding hot button terms to formally comply with censorship requirements while still being completely unambiguous in their criticism.

    179:

    I'm sorry I've never seen Tesco advertise multiple products for more than the individual price of two items, it would be a PR disaster.

    Most if the deals at Tesco are two to four weeks long.

    Tesco is not necessarily the cheapest supermarket, but it has a good broad range of products and is very innovative in its distribution channel. Which is the main reason people are phobic about them is that they are willing to open anywhere and everywhere whatever size of unit.

    It's always telling that the people who bitch about a Tesco opening nearly always pine for a Waitrose instead.

    180:

    Also I can't believe no one has said it yet

    Friend face, FRIEND FACE!

    181:

    If you've not seen it, you've not been keeping your eyes open. (Which may mean you are a bit more gullible that you hoped you were.)

    Currently, in our local Tesco, there are 250 gramme blocks of Tesco Lighter Mature Cheese for £1.69 a time.

    There are also 500 gramme blocks of Tesco Lighter Mature Cheese for £4.11 a time.

    (Prices as per the linked web-pages, correct at time of going to post.)

    Now, conceded, there is a 3 for 2 offer on the large blocks, which brings their price a little below that of the small blocks, at the equivalent of £1.37/250g. Except the small blocks also have a 3 for 2 offer.

    I have also seen the "2 for a little bit more than twice the price of one" pricing.

    No, either Tesco are getting sneaky right now, and hitting those who try to save by buying in bulk, or (and actually I believe this more) they're currently pricing with the left hand not knowing what the right hand is doing. If they're running dumb algorithms, it's possible that pricing bulk quantities at more than smaller ones does bring more income, and that the consumers aren't as rational as we ought to be.

    182:

    When quitting Klout, be sure to disable their access to your twitter, facebook, any other networks you allowed them on within your twitter page (Settings > Applications) Facebook (Account Settings > apps. Remove)

    183:

    I simply don't see the correlation between "free" and "you are the product".

    If the corporation believes it will bring them bigger returns then they will make you the product.

    It has nothing to do with whether what they're selling you is free or not.

    In fact, as a customer who pays, your data is far, far more interesting to a data miner than some free account which might be fake, some robot, some broke kid.

    "If you're paying for the product, you may be more likely to be part of the product"

    184:

    There's a lot of evidence that consumers aren't that rational. Some of the most spectacular ones are when you're given three choices and one looks like a much better deal but isn't - and it's easy to get a lot of people to choose it. There's even a fancy name but I can't remember it and can't find it via Google. Grrr.

    Add to that the fact that quite a lot of people are weakly numerate if at all... and although the particular example you quote surprises me the fact people make poor choices like that doesn't really - the one you quote surprises me simply because the price differential is big enough I'd expect quite a lot of people to catch it, not that it is there.

    185:

    You are incorrect about the Target Red Card. It does not act as a debit card -- it is a store credit card and you get to pay it by check or by setting up a bank payment.

    If they know what I bought as a result of my using the card, in this case I'm happy to trade it for the discount. I mainly buy clothes for my 6 year old great grand daughter and household goods like wicker baskets and light bulbs.

    186:

    Never noticed it, but I always look at the price per KG for cheese or meat. Plus with cheese and meat price is not the only consideration.

    In most cases though I do look at the price per unit when looking at the small or large pack and all cases I've noticed the price is better on the bulk or sometimes the same.

    When I look at the deals any way and decide if a multi buy will keep long enough and the price saved is enough.Of course price is not the only the other consideration, taste is an important one and it is a matter of trial and error whether the cheaper ranges are a worthy substitute.

    187:

    Actually what you're looking at is Tesco trying to clear older stock before it goes past - Prices in Tesco's seem to largely be dependent on the back stock of their goods, so they'll jack up prices for things they on order due to low stocks, then find that they have a hard time selling the new stock because with the higher prices customers have been using alternatives to that stock, so prices drop drastically until customers start buying that stock again as the cheap alternative to the alternative, at which point the stock is run down and prices are inflated again while a new large order is waited for, restarting the cycle.

    So what you're seeing is the inflation/deflation of prices in two goods, one of which was probably sold cheaper per-kg than the other previously, but that has caused the smaller packages to go unsold, so they inflated the big cheese's prices and dropped the little cheeses and stuck a 3-for-2 offer on both of them because that will not only help clear the little cheese but also trick some people into buying far more than can possibly be used before it goes off of the big cheese at the inflated prices.

    At least, that's the theory I've cobbled together after being repeatedly caught out by sudden and inexplicable shifts in Tesco's pricing that are random enough that you could probably construct a rather elaborate RNG out of a real time feed of tesco's shelf pricings.

    188:

    You are incorrect about the Target Red Card. It does not act as a debit card -- it is a store credit card and you get to pay it by check or by setting up a bank payment.

    The cards my family has withdraw the funds from our checking accounts at the time of purchase. There is no statement or option to pay later. To be honest this is the point of the discount. You have the funds or not. No extension of credit. This is in North Carolina. Maybe they have it set up to work differently in states with different banking laws but here it acts as a debit card.

    Walks like a duck, quacks like a duck, ...

    189:

    I had never heard of Klout before this. It's reminiscent of Cory Doctorow's "whuffie", except that Klout is calculated by a company, and whuffie is apparently calculated by some nonproprietary yet universal standard whose mechanics are never revealed... A search turned up, not people complaining about the existence of Klout, but people complaining about a recent change in Klout's algorithms which had "lowered their Klout".

    190:

    The case I showed was a particularly egregious one where it was the same product, in two different sized packs, where the big (bulk) pack was much more expensive. It's really noticeable because the 2x pack costs over £4, and the 1x pack less than £2

    I'm fairly sure it didn't use to happen in Tesco, but I've started seeing it in the last year or so. Totally coincidentally, code that I wrote is now involved in the printing of the shelf edge tickets I'm seeing, but since our code only has read access to the pricing database, we're pretty sure it's not us.

    191:

    Most of the US grocery store chains that use customer-tracking cards don't really care about True Names (unlike the old days, when they started out as check-cashing identification cards, when most people used checks.) So I sighed up for mine as John Doe, address General Delivery at my local post office, 1-650-555-1212 as my phone number (which is the Directory Assistance number.) My receipts show my name as Mr. Lee, because I'm apparently not the first person to have used that phone number.

    192:

    Well every site using an affiliate networ to retarget its ads is doing that. It's not only Klout. And that's why the EU's Cookie Monster Directive exists. It's just that no one knows how to actually implent it.

    193:

    One of the things that the Facebooks and Klout's of this world forget is that the German Chancellor (Mrs Merkel) grew up under the STASI. She and other ex-wrong-side-of-the-wall leaders take a very serious view on privacy.

    Facebook (in particular) runs the real risk of spending a decade fighting the EU, just as Microsoft did.

    The distraction arguably cost Microsoft its industry dominance.

    Smart Californian companies might want to avoid that error.

    194:

    Prices in Tesco's seem to largely be dependent on the back stock of their goods

    That's very interesting if true, as it sounds like an implementation of the Lange Model of a centrally-planned economy. Prices are set and then adjusted until there are neither shortages nor surplus. Oskar Lange demonstrated mathematically that this was a valid solution of the general equilibrium model back in the 20s. Later it was realised that it could work in a decentralised mode, as long as the actors in the economy faced constraints that were mutually consistent.

    But it was thought to be practically impossible from the point of view of processing all the information.

    195:

    This is how most US airlines price their seats. Or rather how they decide how many seats at the price points are available day to day. Plus how many they are willing to sell via liquidators and consolidators.

    Flight from NYC to the Virgin Islands on winter dates will go up with 2 seats in the discount tier (to meet the requirement that that low price really exists) and stay that way until a month or so before departure. Then if the load is looking light they will start moving seats into the discount brackets. But that rarely happens on these flights. Now flights that go out 1/3 empty often will start up with 1/2 or more of the inventory available at a discount day one then have that pulled pack if the sales get ahead of historical trends.

    With at least one major airline and maybe most of them seats are put on sale 1 year before departure.

    196:

    I don't have a problem with Klout. The only data they have is my publically available twitter data. As far as the cookie stuff is concerned I notice that you have an option on this form to "Remember personal info?" We do this stuff because it's useful to us. That's the deal, they have some of our data and they provide a service that's useful. You offer to remember personal data for me here to make the next logon more useful. That's the deal we make.

    "If you're not paying for the product, you are the product." <= this sentence is getting really cliched. I wish people would stop using it.

    If you're really worried about all this stuff then stay away from computers and pay by cash in the supermarket.

    197:

    I'm a little late to the discussion here, but if you're in the UK and need a valid postcode for unnecessary forms, try SW1A 1AA. It points to a location that I have no problem receiving a little extra junk mail.

    198:

    Astonishing though it is, Tesco's are actually less evil than some other retailers. In my home town (carefully left unnamed), 98% of residents (i.e., all who can) drive to the neighbouring town to shop, because all we have is this crappy Budgens. I don't know if all Budgens stores are like this, but this one is utterly useless. My sister has pointed out that they have less choice than some Ethiopian supermarkets (e.g. they have two entire aisles devoted to pound-store junk, but a quarter of an aisle for a very limited selection of fruit and veg), and they are perhaps twice as expensive as Tesco on what they do stock.

    A Tesco is opening in the town next year. Hundreds of members of the public crammed into the planning committee meeting and cheered when it was decided. When was the last time you heard of anyone cheering the arrival of a Tesco? But it happens... when the alternative is worse. And a lot of small supermarkets are ever so much worse.

    199:

    As a general rule, I avoid sites and products with kutesy names.

    200:

    "Consent obtained under duress or on the basis of misleading information does not adequately satisfy the condition for processing."

    How is showing up to a website giving information in duress?

    "Consent is not defined in the Data Protection Act. However, the European Data Protection Directive (to which the Act gives effect) defines an individual's consent as:

    "... any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed"."

    As a typical tort, loosely defining "any freely given specific and informed indication of his wishes" so Klout defines it; if you're here, we can watch you. If you leave, we can keep watching you. If you don't like it, don't come back, don't use us, tell us explicitly to not follow you."

    Maybe unethical, but if that's the TOS and it isn't read, then shame on us. Kudos to you for sharing it, but it is what it is and doesn't seem to be illegal to me.

    Every site that gathers information typically has a TOS along with a privacy statement. I understand what you're saying, but how is Klout any different from Facebook or Twitter? Not saying "if everybody is doing it, then it's OK", but, it seems to be they're all in the same box. Twitter allows children to view porn. Facebook and Google alike don't hide the fact that they gather every single piece of data they can if you visit their sites or use their services.

    Am I just jaded about the apparent lack of privacy it seems we must welcome in order to live in, indeed even survive in an online world?

    Your own TOS is interesting, btw ;)

    201:

    As per TACO your site does not seem to store any cookies at all for a newcomer! Woah! That's a rarity on the internet! This comment is to commend that, HIGHLY!

    As to the article, yes, the single line proverb 'If you are not paying for a product you are the product' sums it up all.

    Question: Isn't twitter's stream public/open to anyone with a twitter account and accessible using APIs? If that's the case and that's allowed then there ends 'social' privacy right? Services like Klout just piggy backing on Twitter/Facebook/LinkedIn... (not trying to defend anyone here, just trying to bring to fore how deep the rot goes...)

    202:

    The devil is in the details; if you'd actually bothered to read the OP and comments, you'd realise that actually just browsing to Klout is deemed by them to be "assenting to their T&Cs"; that quite emphatically is duress in law, because you are given no opportunity to refuse to assent.

    203:

    Something else to consider.

    There was a FB note going around my friends list last week. And it's about something I missed as well. Back in February, FB rolled out a new message system. It segregates what it considers 'Spam' in a sub folder in the message menu called 'Other'. When I looked at it last week - this folder - it had some things that I wished I'd seen earlier, but the majority of the messages there were things about book launches, information about appearances, etc., from authors I know or am friended to. FB considers these notifications SPAM, for the most part.

    So much for FB as a marketing/networking tool.

    204:

    "In the USA this practice is exemplified by "Radio Shack", which will refuse to make even a cash sale unless they get your full name, address, and phone number. I always use the address and phone number of the White House in DC"

    Not true. Hasn't been true since 2002 when it was dropped. The purpose at the time was to support their monthly advert. magazine, which averaged 20 million/month. No monthly advert magazine now, so no need for address.

    They will continue to ask for it so they can track your receipt if you lose it (you would be amazed how many people come in and want to return something they bought, but they've lost the receipt--no receipt, no return), but you can ALWAYS say no.

    Now they ask for an email address to send you email ads instead. Again, you can always refuse (and don't yell at the clerk, it's not his/her fault--they are graded on percentage of compliance with the email request).

    205:

    "I'm not too bothered about giving my zip code, especially as standard 5-digit US zip codes only narrow down to a fairly large population, "

    Careful about that. Age, sex, and zip code combine to give about an 80% chance of perfect identification.

    206:

    I wonder how many of the people posting/whining/complaining about this work for or have livelihoods that depend on the collection of such information?

    If you don't like it, don't use it.

    Stop complaining about companies using pricing strategies that "confuse you" and learn to do a bit of basic math

    207:

    So what if it's illegal in the UK. It's not a UK company is it? Do they have an office in the UK? Or a bank account? An internet pork and alcohol emporium has got to be illegal in Saudi Arabia but the rest of the world doesn't have to worry about Saudi Arabia's laws.

    I think there's a big problem with the idea of countries trying to apply extra-territorial laws to the internet. (The US is guilty of this as well) There are a lot of countries, each with a lot of laws. Is every company with a website supposed to comply with all of them?

    208:

    I retweeted your story and suddenly my Klout score dropped like 80000%... makes me wonder... :/

    I posted some screenshots on my blog.

    209:

    Seeing those screenshots, I think we can say that, yes, you struck a nerve :)

    And Klout are a little bit sensitive about me :)

    (The link goes here, for those who aren't too interested in the rest of your rather commercially oriented blog)

    210:

    Careful about that. Age, sex, and zip code combine to give about an 80% chance of perfect identification.

    Not in neighborhoods of similar demographics. Which many suburbs are. I suspect there are 50,000 to 100,000 people in my US zip code. And many of the people around me are withing 10 years of my age.

    Or are you talking of the Canadian / UK codes?

    Specials

    Merchandise

    About this Entry

    This page contains a single entry by Charlie Stross published on November 7, 2011 10:42 AM.

    Shameless log-rolling was the previous entry in this blog.

    En route is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.

    Search this blog

    Propaganda