Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …DataSecurity_Illustration
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

… and all those things I thought were gone forever were searchable again.

… when I thought it was good to be anonymous online.

… and trolls were mostly harmless and couldn’t hurt you.

… but there were always exceptions.

… a mailbox with zero spam in it.
… when I could still pretend I had control over my personal data.
We give up a lot of privacy just existing in the modern world. Companies track us and keep data about us. In many cases this is good. I recently had to return something to Home Depot and they could get a copy of the receipt simply by running my credit card through their system. Easy, peasy. Got my money back for that last box of floor tiles we didn’t open.
But it also means that companies can be the weak link and expose us to risk we don’t want or ask for. If there’s anything recent breaches have taught me it’s that my data is at risk no matter what I do. There’s a limit to what I can control and full control means not being able to participate in (almost any) online space.
And even if I am careful, other people use my info and my email addresses to sign up for stuff. One company in the UK is selling my email address associated with the profile “Mrs. Christine Stelfox.” Another UK company is selling a different email address with a different profile. Laura Ashley UK thinks I’m a stay at home mother of 3 in South London. And those are the easy to say “this data is bad and wrong” because they’re the wrong country and the wrong currency.
Brewster.com started spamming me, telling me that they had multiple email addresses and multiple phone numbers associated with me. I didn’t give them that data, someone else did. But now they think they own it and their privacy policy doesn’t cover my data, it only covers the data of the people who handed it over to them.
In terms of privacy, unless you want to stay offline completely, there isn’t much you can do to protect yourself. And even then, there’s nothing to stop companies from collecting data about you and selling that data on. The Target breach tells us even if you don’t do anything online, your PII can be leaked into online spaces. The US government breach tells us that doing things like participating in someone’s security clearance process can leak your data online. Health care breaches tell us we can’t trust our doctors and hospitals to keep our data safe.
All of this tells me that online privacy is difficult, if not impossible, these days. We’ve gotten used to having companies know about us and our habits and expect a high level of personalization. That personalization requires companies keep detailed records of our behavior.
I don’t think we really can give permission for this level of tracking. But I can’t see trusting companies to maintain our data in a safe and secure manner. I hate being tracked and I know that not being tracked means I give up a level of service. These days, though, you can’t even opt out of being tracked. You’re tracked even if you opt out. You just don’t get any of the benefits of being tracked.
Privacy is complicated and we don’t really have a handle on it. The internet is too new, even if people like me do have email addresses that are old enough to drink.

Related Posts

Marketers, we have a problem

And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.

Read More

e360 sues a vendor

As if suing themselves out of business by going after Comcast and Spamhaus weren’t enough, e360 is now suing Choicepoint for breach of contract and CAN SPAM violations. As usual, Mickey has all the documents (complaint and answer) up at SpamSuite.
This may actually be an interesting case. On the surface it is a contractual dispute. Choicepoint sold e360 40,000,000 data records containing contact information including email addresses, snail mail addresses and phone numbers. Some of the records were marked “I” meaning they could be used for email. Some of the records were marked “O” meaning they could not be used for email.
Despite these terms being reasonably well defined in the contract, e360 sent email to addresses in records marked “O.” Some of those addresses resulted in e360 being sued by recipients. During the course of the suit, e360 contacted Choicepoint and asked for indemnification. Choicepoint refused for a number of reasons, including the fact that Choicepoint told e360 the addresses were not for mailing. In response, e360 filed suit.
The interesting and relevant part of this case is the CAN SPAM violation that e360 alleges.

Read More

It's not about the spamtraps

I’ve talked about spamtraps in the past but they keep coming up in so many different discussions I have with people about delivery that I feel the need to write another blog post about them.
Spamtraps are …
… addresses that did not or could not sign up to receive mail from a sender.
… often mistakenly entered into signup forms (typos or people who don’t know their email addresses).
… often found on older lists.
… sometimes scraped off websites and sold by list brokers.
… sometimes caused by terrible bounce management.
… only a symptom …

Read More