Mozilla has pushed out a series of privacy icons that tell web surfers how their online data might be used depending on what site they've visited. The open source browser maker's user interface design guru, Aza Raskin, who announced just last week that he was leaving Mozilla in January, released an alpha version of the icons …
What's to stop someone using the icon, and still using your data anyway?
- Block all third party cookies
- Install Ablock Plus with Easy List and Easy Privacy
- Install Ghostery / No Script / TACO depending on how paranoid you are
Or just clear your cookies after every sesssion.
Agreed. If you're selling my data anyway, you obviously don't care about my privacy. And it's like all things online - if I don't GIVE you the information, you can't USE that information poorly (a.k.a. Facebook syndrome - don't put your mobile number on there, and people can't suck your mobile number from it!).
Funny that you have to wear the equivalent of a web-condom for every site you go to. But then asking thousands of separate, globally-distributed entities to all respect even a single set of laws is wishful thinking, let alone respect your advertising preferences.
If, like me, you have your own domain and wildcarded email (e.g. google apps mail) then it's always an idea to register with sites like firstname.lastname@example.org, email@example.com, facebook@mydomaincom, etc
Then if spam comes to firstname.lastname@example.org you know who sold your email addy.
Not just for spam
It also makes it a bit harder for data sharing outfits to link your different accounts as belonging to the same person.
That works most of the time...
...however on more than one occasion, I've opened the email client to find a hundred emails to "port1@", "port2@", etc, etc.
Still, that's what whitelists are for I suppose.
>you know who sold
I used to do that but...
- I decided it didn't help knowing the SObs had sold me email address
- in any case the email address was as likely to have leaked through malware attacks or poor security as it was to have been sold...
I always register with a spam email address if I am unsure of the site, such as bbcSPAM@primeatech.com or facebookSPAM@primeatech.com.
You will be surprised at how emails you do not get when you include the word SPAM in the email address, roughly a 15-1 difference between emails that do not have the word SPAM and the ones that do have the word SPAM as part of the email address.
<insert witty title here>
...or if you don't own your own domain but instead have an address like email@example.com then you can add a plus sign and the site name after your own name so it becomes firstname.lastname@example.org, email@example.com, etc...
Used this method myself quite a lot with my gmail account...
This is a good idea, but sometimes its not been sold, its been randomly guessed, stolen (as in hacked from the website somehow) or obtained because someone else uses a similar system and got compromised.
It also allows you to send an invoice to said company for $500. They won't pay, but they will most likely remove your email address from their sell lists.
Gmail does that too - firstname.lastname@example.org allows you to customise your email address on their free service... Very handy.
This works fine...
Until somesite starts searching the submitted addresses for its own name, and substitutes "email@example.com" in the addresses it sells.
Good thing they haven't figured that one out yet, keep it a secret everyone, OK?
Re: Registration tactic
> register with sites like firstname.lastname@example.org, email@example.com,
> facebook@mydomaincom, etc
Yes, I've been doing this for a decade or so. Most of the spam comes from:
- Addresses harvested from bugs.debian.org, where bug reporters' email addresses are not obfuscated. This is my single largest source of spam, by far.
- Companies whom I've bought things from who "forget" that I opted out of their "marketing emails", or whose "click here to unsubscribe" forms just don't work. This includes many apparently-legitimate well-known businesses.
- Friends who have, presumably, suffered some sort of malware attack that has copied their address book (maybe one message per month).
The number of cases where one company seems to have sold my email address to another is very small. I can recall two:
- Watford Electronics seems to have sold or given my address to another company (I forget the details now, it was a few years ago).
- The address that I gave to RBS WorldPay was used to send spam from one of their competitors. I suspect that might have been an ex-employee taking a customer list with them, or something.
So in summary, my experience is that the sale of email lists is not a huge problem compared to (a) harvesting from websites like bugs.debian.org and (b) companies sending spam to their own (ex-)customers, ignoring their opt-out requests.
... is having your own domain.
That way, when XYZsite wants an e-mail address you can create an e-mail address at XYZsite@mydomain.co.uk so if you subsequently get spam it makes it blatantly obvious who has been profligate with your details.
And strangely enough, I have yet to have any emails to "bofh@" that don't come from Team Reg in one shape or another.
Go El Reg!
(already-declared caveats about spammers trying brute force still apply)
RE: What's useful...
Then turn around, and forward that spam back to XYZsite.
Re: What's useful...
Or just get a standard gmail account and use the + trick i.e firstname.lastname@example.org would get to email@example.com
Domains are nice but even without, you can just use the old +appendage trick:
A lot of mail providers will deliver mail addressed as such to the username specified before the + symbol so even without a domain, you know who's messing you about. Kinda like the old 'fake middle initial' trick for snail mail. Don't ask me to be more specific about which mail providers support this, though - way too much Christmas booze consumed already but Gmail definitely do.
On topic, these icons will never gain widespread use. Well, the 'good' icon might but with one having a green outline and the other red, the latter basically screaming 'WE SELL YOUR INFO' from the page, no company that does is going to put them up voluntarily.
Don't need a domain for that.
Yahoo! mail offers up to 500 "disposable" accounts, based around a prefix. So we could have vulturecentral-facebook@yahoo, vulturecentral-google@yahoo, vulturecentral-somecrapsite@yahoo and so on. I don't think I have more than two dozen, if that.
The downside? You have to set up each address.
The upside? Delete a spammed address, it's no longer your problem.
Bad news is that it doesn't work!
Or to be more accurate, a lot of sites (I'd say especially those who wish to spam) won't allow the + in the email address. They either truly believe it's an invalid address, or they are trying to stop people using that trick.
That said, when a site returns "Invalid Email Address", it does tend to make you decided to go elsewhere
gmail (and other providers) with extensions
"Or just get a standard gmail account and use the + trick i.e firstname.lastname@example.org would get to email@example.com"
You don't think the spammers are smart enough to figure that out? Filtering the bit after the out of gmail addresses isn't exactly rocket science, so if the seller of the addresses gives a damn about being found out, they'll just filter the addresses before selling them.
The + function is a handy way to filter legitimate e-mails into different folders (or color-coded stars, or whatever metaphor google is using these days), but it's not really all that useful as a spam fighting tool.
What is needed but it wouldn't be perfect
Is for someone to sign up to as many sites as possible with some pseudos with unique ids and then measure the volume and origin of any spam they can receive. Compare the amounts of spams to the site T&C and name & shame the offenders. That info could certainly be encapsulated into some kind of add-on that browsers could reference.
Meanwhile, Mozilla And Google Conspire
...to get all the URLs you type in. It's all done for your security, af cooorze. You don't believe it ? Just plug a firewall in between or use WireShark. And I am not talking about the search box in the right - I am referring to the main URL box !
The perils of self-certification
Just like P3P this is just another touchy-feely attempt to to fill a gap in regulation. What's needed is consistent and co-ordinated data protection legislation that is also effectively enforced.
Past tense ?
I like any ideas which enhance privacy, including having your own domain.
But why the past tense ? ... we've already collected your personal information and may or may not do something smarmy with it ... I can see this icon appearing on webform "thank you" pages, by which time it will be too late.
Wouldn't it be better to flag the first offender in the History List and require the flag to be reset by the user ? And no spammers, there is no soft reset available. There should be some way to poll the flag so that a subsequent page's form can refuse submission until the flag is set (or reset).
...they'll give some portion of your information to your advertisers, but only that which you've explicitly volunteered to volunteer to whom? The case of FaceBook comes to mind.
Still seems like a nifty novelty, though, even if it's a bit overly simplistic to address that one case
I have taken on a few of these organisations
I really hate the people and companies who show absolutely NO scruples in considering people as numbers in a profit and loss spread sheet.
People and companies that do this - I am not too sure about outing them as the lists grow endlessly, but if they profit from exploiting you, instead of providing a quality product and or service at a competitive price, then they are exploiters and manipulators, and not worthy of my time or their being hired by me ever again.
You are both wrong
The last time you were right was like 10-15 years ago. Since dictionary/combination spam attacks came along nobody really needs to know your email address to spam you. They can "figure" out it by guessing and by trying random combinations. And if they do so, you will blame a company/site for having given out your email address that never actually did so, neither by purpose, nor by having been hacked or something.
The letters "AD" make them specific to English. Aren't icons supposed to be a language-neutral alternative to language-specific text?
Works in Danish
Where "AD" means the same as "YUCK" in English, so still works for us ;o)
"The letters "AD" make them specific to English. Aren't icons supposed to be a language-neutral alternative to language-specific text?"
I basically agree with you but Iconese is culture dependent and far from universal. English is still one of the most understood languages on the web.
see above regarding domains, but even if you can't buy a domain there are also free subdomains (dyndns etc?), not sure about the validation for google apps for example (i use my own domains), but i guess there's a way to get a free subdomain hosted with a free mail provider without splashing out on a £2/year domain name
didn't freeserve used to give emails in the form of firstname.lastname@example.org? (specified as a single address, but the reality was it functioned as a wildcard), perhaps if ISPs did that more often that would be useful?
you can also with many providers use user+sitename@domain to turn a single address in to site-specific addresses, however different providers implement it differently (some use - instead of +) and those email addresses might not work properly (some address validation scripts incorrectly reject addresses with a + in), and if a large number of people started doing that then it's trivial to scrub the lists back to user@domain
posted using an account which has the email address elreg@domain...
don't need a domain
for both hotmail and gmail you can create sub-addresses to see where the crap is coming from
eg if your email address is MyName@hotmail.com you can add +Sender to the bit before the @ and see where it came from ... eg if you sign up for EvilSite using MyName+EvilSite@hotmail.com the mail still gets delivered to MyName@hotmail.com but you see it includes +EvilSite (also works with Windows Live customer domains, so I guess it would work the same with gmail apps)
Bastards, one sleepy evening while trying to sort some insurance out quickly stupidly put my phone number in the webform, it would not complete until i had done so, i actually put my real number in thinking that i would be contacted by the insurance company.
Oh boy, i have been receiving 4 or 5 spam sms's a day every since, numerous cold calls.
Luckily i have an android phone and i can mark numbers as spam and reject them but i gave that number in good fath and they totally abused it and sold it to so many companies that attempting to stop it is impossible.
a clear icon for the sleepy at keyboard people will help, or the absence of one will..
It's juts another layer of needed security.
I've had that problem. Worse, I work abroad so I get charged for receiving sms spam.
If a web site insists on a phone number, I either use their own or 0207 944 1212 (whitehall 1212)
what company ?
so that the reg user base can decide not to do business with them
Bad choice of words?
Of course we don't give out your data to advertisers. The data we've collected about you isn't YOUR data. Its OUR data. And we do with it whatever the hell we want.
Moziolla wants to put the brain power for determining what's good for you with parties other than the user. I believe strongly in personal responsibility and people doing their own work. Comes from years being a teacher I guess. Just because you see the icon on a website has no relevance to it actually working or doing the job you as a user think it's doing. There are lots of ways to protect yourself if you'd just take the time to learn. And sometimes the right thing to do is keep your sorry a$$ away for bad places. No matter, as soon as they create foolproof "safety devices" they'll just create a better class of fool. In the long run you'll be better off expecting to be savaged by the internet, plan for it, and execute the recovery plan as needed. But people are lazy and have come to expect their protection to come from the outside, so this flawed idea is likely to take off. Makes a good marketing ploy too: "Use our site; we protect you 100% with the click of a button". Yeah right, and pills you can only buy before the sun comes up will increase your manhood too.
Dual lines of protection