Online Privacy Is Dead - What Now?

Discussion in 'privacy general' started by Technodrome, Jan 3, 2003.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    Got Time? Here's a nice not long article to read... ;)

    Time after time, consumers have told researchers they worry about what happens to personal data provided to online merchants. But shoppers are not worried enough to close their wallets.

    The bad news is no secret, but it bears repeating: If you have bought anything online in the past several years, your personal information , including your home address and credit card number, is probably accessible via the Internet -- and available to people with less-than-noble intentions.

    Driving home that stark reality, New York officials recently announced that thousands of people may have had their identities stolen through a software company that helped major corporations conduct credit checks. Although the incident proved to be an inside job, it underscored what many have long believed: Storing information online is not a secure practice. In fact, nearly three years ago, Sun Microsystems CEO Scott McNealy pronounced online privacy dead on arrival. "If you're online, you have zero privacy," he said.

    And exposure of personal data has not yet peaked. In coming months and years, a move toward wide adoption of Web services likely will mean more sharing of information, including customer data, among companies.

    Flight or Fight

    Consumers apparently have gotten the message. Time after time, they have told researchers they worry about what happens to personal data provided to online merchants. For example, in a Gartner survey, 80 percent of online shoppers said they were concerned about how much data was stored or available online.

    Even so, shoppers are not worried enough to close their wallets. "Consumers are definitely concerned, but they're also apparently ready to take some degree of risk," Gartner research director Richard Mogull told the E-Commerce Times.

    One problem for many consumers is that they have freely provided information in the past without keeping a record of where it went. Experts say such actions could prove disastrous if a consumer suspects someone has obtained his or her information without authorization. The resulting confusion could make it difficult to trace the source of the breach, slowing down investigations.

    Choose Aggregators Carefully

    In a similar vein, although wallet systems, such as those offered by Yahoo! (Nasdaq: YHOO) and others, may be convenient ways to avoid keying in the same information repeatedly, they can become targets for hackers. For example, Microsoft's (Nasdaq: MSFT) Passport system was the subject of a privacy prosecution by federal authorities.

    "A site that handles credit card information and stores it permanently is just too inviting for a hacker to pass up," Scott Nevins, CEO of database security and privacy protection firm Protegrity, told the E-Commerce Times. "Ninety percent of the time data is just sitting there, and that's when it can be the most vulnerable from both outside and inside a company's walls."

    Drawing the Line

    Of course, there is a difference between simple invasion of privacy and the nightmare of having personal data hijacked, stolen or used to commit fraud. But even a small amount of data exposure can be problematic for certain people. For example, former Yahoo! CEO Tim Koogle found himself embarrassed by a newspaper account of how he used a screen name to bid on items up for auction on then-rival eBay.

    Fortunately, as consumers continue to pour ever-greater sums into e-commerce companies' coffers, smart shopping practices can minimize their risk of falling victim to identity theft or other data breaches. And it is never too late to start taking cautionary measures, according to online privacy experts.

    The first rule of cautious e-shopping is to become more selective about providing information.

    "I think this is already happening as people become aware that what they tell one Web site may not remain there forever," Fran Maier, executive director of TRUSTe, an organization that validates Web site privacy policies, told the E-Commerce Times.

    Highlighting Risks

    Indeed, high-profile cases like the Toysmart bankruptcy -- in which the company, after much outcry, decided to destroy its customer database rather than selling it to new owners -- have served as a warning to consumers to be more selective.

    "Consumers are more savvy, but it's a changing landscape, so it's difficult for anyone to feel completely safe," Maier noted. "The best they can do is be careful and choose wisely."

    The U.S. Federal Trade Commission (FTC) urges consumers to obtain a copy of their credit report and to realize that those same reports may be obtained by others. Other agencies note that a simple search engine check of a consumer's own name can reveal how much information is available and where.

    "We're trying to make sure people know it's their choice of what's being circulated," FTC spokesperson Claudia Farrell told the E-Commerce Times. "That starts by knowing what is already out there."


    Nothing new, still worth reading! ;)

  2. luv2bsecure

    luv2bsecure Infrequent Poster

    Feb 9, 2002
    Good post!

    Here's some of the bloody answers to fight back:

    1. Block third-party cookies

    2. Always give fake names on email sites, newsletters, everything.

    3. Use a proxy

    4. For online purchases: Create an entirely new online identity. Get your hands on a Visa/Mastercard that does not have your real name on it. This is not as hard as it sounds - and perfectly legal. Both Visa & Mastercard now offer "gift cards" that can be purchased with the card being imprinted with any name you like to give as a gift -- give it to yourself. Make up a good alias, allow for products. etc. to be delivered to a Mail Boxes etc. or even a P.O. Box - what always works: With so many running a home business - take your REAL initials - say, GMJ.....Have things mailed to:

    (Online Alias)
    c/o GMJ Enterprises
    P.O. Box 1111
    Anywhere, State, country whatever

    This doesn't allow for real-world privacy (in most cases). But it allows for ONLINE privacy. Yes, with work, most things can be traced back to you. There are ways to be completely anonymous - but it's best it not be posted here.

    If anyone reading this is concerned about their privacy - not only online, but real world -- I have to recommend a book, one of the best, most practical books ever written on the subject of how to maintain your privacy. Actually - two books:

    Bulletproof Privacy:


    An excellent book -
    It's None of Your Business: A Complete Guide to Protecting Your Privacy, Identity and Assets (4th Edition):

    And for good measure, while at Amazon - or wherever - check out J.J. Luna's How To Be Invisible.

    It's all getting out of hand and it's time to fight fire with fire. These books give you perfectly legal strategies to remain a free man or woman.

    All the best!
  3. controler

    controler Guest

    Good reading guys :D

    One other thing that you can do is get new check card at your bank and only keep enough in that for your online purchases.
    I for one usualy use a money order if i can.
    You will seldom be able to buy something cheaper in store that you can online.
  4. Mike_Healan

    Mike_Healan Registered Member

    Mar 6, 2002
    hehe. I went to look up those books at amazon and it suggested this among others...

    Don't Shoot the Bastards (Yet) by Claire Wolfe, Boston T. Party

    Interesting recommendation there. ;)
  5. sk

    sk Registered Member

    Nov 19, 2002
    Great stuff, John. Thanks. That advise alone is really priceless. (And of course the same goes to Techno and all the other posters too.)

  6. luv2bsecure

    luv2bsecure Infrequent Poster

    Feb 9, 2002

    Just wanted to tell you how glad I am that you found us here at Wilders. You have added a lot to several good discussions already. It's just really good to have you here. I just finished reading something you wrote in another thread and was really impressed. New people with a lot to say and aren't shy about posting add a lot to a forum like this. Especially when thrown in the mix with frequent posters and Mods like Techno, root, controler, Pieter, Jack, Jan, LowWaterMark, and when he unpacks his box - snowy ....... I shouldn't even have started naming names because I left some obvious ones out, so I figure I better stop here. But SK (and I've noticed quite a few new posts from JayK), I just wanted you to know that I appreciate your frequent posts and participation here.


  7. Detox

    Detox Retired Moderator

    Feb 9, 2002
    Texas, USA
    Wow John I never thought about that credit card/delivery stuff; won't use it now as I've still got a a while to graduate (getting masters after all) but I'm keeping that in mind for future use! Excellent thinking!
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.