Fifteen years ago, people in the technology field were very concerned about online privacy. They came up with a convoluted and complicated privacy solution called P3P. it failed to win the approval of anyone other than geeks because it was far too complex, complicated, and unwieldy for the average user to learn. P3P went down the proverbial tubes. Fifteen later, they’re promising us privacy again with the Do-Not-Track phenomenon. P3P was too complicated and Do Not Track is to simple – and what does it really protect you from anyway?<\/p>\n
“I think Do Not Track is a very much watered-down P3P,” the Carnegie Mellon professor tells RWW. “It’s much, much simpler. It’s not nearly as powerful. So the question is, was the problem with P3P that it was too complicated, and this very simple thing is what will allow [privacy] to get adopted? I don’t know; my crystal ball isn’t good enough… If we had P3P, we’d have a way for users to say, ‘Okay, if they ask me for this, this, and this then it’s okay; for any of these other purposes, it’s not okay.’ Your browser knows, your browser could deal with it.” (See<\/em>http:\/\/allanalyst.com\/post\/dr-cranor-on-do-not-track-and-the-improbability-of-complete-privacy\/<\/a>\u00a0) Maybe some of you have installed Do Not Track software. If you have then you’ve probably looked at the huge number of things that have been blocked. Those things are called “cookies”. And since we’ve covered cookies at least a dozen times in this newsletter, you know by now that cookies are text files which are “dropped” (downloaded) onto your hard drive when you visit a Web site. While some sites claim they don’t drop cookies, they do if they’re hosted by a hosting service. Almost all small and medium Web site cannot afford to maintain their own data centers and servers and employ a staff of technicians to maintain the servers. So they opt for hosting services. That’s what we do and almost all of the other sites you visit except for the top tier of sites (Amazon, Google, Apple, Facebook, Twitter, etc.) which maintain their own servers and data centers. Cookies do not contain personal information about you. Cookies do not and cannot infect your computer. Cookies are not the problem.<\/p>\n Do Not Track software really doesn’t do anything except block cookies. The real danger on the Web (as we’ve said hundreds of times) isn’t cookies – it’s you and me and everyone else. Very few us use strong passwords. And more than a few of us use the same password for everything – and that is far, far worse than any cookie that ever found its way onto your computer.<\/p>\n Another danger is the trustworthiness of the sites to which you give your personal information. When you give your personal information to Facebook, for example, you’re trusting they’ll keep it safe. You’re trusting they won’t sell your information (which is worth a lot of money). You’re also trusting that every employee of Facebook who has access to your personal information has been properly vetted. And then there is always the chance that a person who was probably vetted will not maintain his or her honesty against the opportunity to steal information and sell it. That requires a lot of trust.<\/p>\n Do Not Track may be worse than useless, it may even be dangerous if it continues to be touted as a way to ensure your online privacy. If users really believe that Do No Track is the solution to online privacy they may be inclined to relax, let their guard down and rely on software to protect them. Do Not Track is not going to lead the way into a golden era of online privacy.<\/p>\n The really sad part of Do Not Track is that it’s going to make a lot of people millionaires. A whole industry is already salivating over this new emerging market. And what’s the best way for Do Not Track marketers to sell their wares? You guessed it – by scaring you into believing that if you don’t use Do Not Track software or if you don’t turn it on in your new Do Not Track browser (all major browsers will have this feature soon), you’ll be in dire jeopardy.<\/p>\n But you’ve seen this tactic before. Firewall vendors have made billions of dollars by scaring users into buying third-party firewalls they didn’t need, and never really figured out how to use. You’ve seen it with the virtually useless Lifelock service, offered by a company that has been sued for millions of dollars by the FTC for making false claims. Lifelock’s TV commercials dumb-down Internet safety to such a ludicrous level I’m surprised they aren’t being sued again.<\/p>\n Let’s look at Lifelock which will take your money and tell you they guarantee your identity will never be stolen. Lifelock’s CEO Todd Davis has had his identity stolen 13 times. That’s a fact. And in most cases his company’s Lifelock program didn’t catch it and didn’t protect him. Maybe displaying your Social Security number on the sides of busses and on billboards wasn’t such a hot idea, Todd.<\/p>\n “LifeLock CEO Todd Davis, whose number is displayed in the company\u2019s ubiquitous advertisements, has by now learned that lesson. He\u2019s been a victim of identity theft at least 13 times, according to the Phoenix New Times.<\/p>\n That\u2019s 12 more times than has previously been known.<\/p>\n In June 2007, Threat Level reported that Davis had been the victim of identity theft after someone used his identity to obtain a $500 loan from a check-cashing company. Davis discovered the crime only after the company called his wife\u2019s cellphone to recover the unpaid debt.<\/p>\n About four months after that story published, Davis\u2019 identity was stolen again by someone in Albany, Georgia, who opened an AT&T\/Cingular wireless account using his Social Security number (.pdf), according to a police report obtained by the New Times. The perpetrator racked up $2,390 in charges on the account, which remained unpaid. Davis, whose real name according to police reports is Richard Todd Davis, only learned a year later that his identity had been stolen again after AT&T handed off the debt to a collection agency and a note appeared on his credit report.<\/p>\n Then last year, Davis discovered seven more fraudulent accounts on his credit report that were opened with his personal information and have outstanding debt, according to the police report…”<\/p>\n LifeLock is good example of how fear can be used to sell basically worthless products by playing on the na\u00efvet\u00e9 of people. Lifelock is just an example of this – firewall vendors and Do Not Track software vendors are cashing in on the fear they themselves generate. Do Not Track may well be the worst thing to ever happen to online privacy.<\/p>\n Cookies do not contain personal information. Web sites to which you give your personal information do. And you’re not only trusting the site you give your personal information to keep it safe, you’re trusting the employees of the company who have access to your personal information. There is a huge market for information — and personal information such as your name, address, cell phone number, type of car you drive, whether you own or rent a home, your income, social security number, is worth a lot of money to marketing and research companies. Only someone without any knowledge of how the Internet works could be made to believe that cookies contain the kinds of personal information that would be worth money.<\/p>\n Do Not Track is a ruse that could cause people to lower their guard and believe they’re safe when they are not. Those who do not understand how the Internet works are leading us all down a primrose path – with the blessing of the U.S. Government — which I really believe doesn’t have a clue how to implement any system that would ensure our online privacy.<\/p>\n You’ll be hearing more and more about Do Not Track – it will be the next “thing”. But it won’t keep you safe online, that’s for sure. Only you and your good common sense can do that.<\/p>\n If online privacy were really a concern then Facebook and Google + would not have over a billion users combined. People want to share everything but they want to think they can share everything and still maintain a modicum of privacy? Yet these same people who think they’re only sharing information with “friends” (some of whom they barely know or may not be who they claim to be) will among those who believe that something as simple as Do Not Track can really keep them safe.<\/p>\n That’s our opinion — what’s yours?<\/p>\n","protected":false},"excerpt":{"rendered":" Fifteen years ago, people in the technology field were very concerned about online privacy. They came up with a convoluted and complicated privacy solution called P3P. it failed to win the approval of anyone other than geeks because it was far too complex, complicated, and unwieldy for the average user to learn. P3P went down the proverbial tubes.\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1462,1656,10],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/4170"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=4170"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/4170\/revisions"}],"predecessor-version":[{"id":4171,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/4170\/revisions\/4171"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=4170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=4170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=4170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/em>
\nBecause no one could make P3P tenable to the public, and because for nearly 15 years no one really cared all that much, Do Not Track is now being touted as the savior of our online privacy. But it’s not.<\/p>\n