privacy – Ken Schafer

January 24, 2006

Where Did Your Privacy Policy Come From?

Let me play David Blaine for a moment and channel your inner thoughts. Think about your privacy policy. Imagine the first line of it. Read it silently to yourself in your mind and I’ll see if I can make out what it might be. Are you thinking “Your privacy is very important to us”?

I had a client recently who provided me with the copy for their privacy policy page and it looked very sophisticated — and included privacy coverage for things we weren’t planning on doing on the site. And that got me to wonderin’…

A quick Google search on “We offer certain features that are only available through the use of a “cookie”” revealed where they had found their policy. It looks like they aren’t alone because (at this moment) “We offer certain features that are only available through the use of a cookie” reveals that 718 other sites had the same idea. So where did your privacy policy come from?

Originally published at www.onedegree.ca on January 24, 2006.

December 12, 2003

Thought

Wired News points out the key concerns about the US CAN-Spam Act in Tomorrow’s Menu: Spam, Spam, Spam. The act is now only the President’s signature away from being law.

December 9, 2003

Thought

I got an e-mail today that appeared to be from Amazon.com, saying that my account had been inappropriately accessed. Other than the vague, poorly written nature of the message, the e-mail looked legit.

After a bit of investigation I found out that Amazon is actively going after these thieves and is requesting that those receiving such messages forward the spoofs to them as attachments. You can read more about this on Amazon.com’s Stop Spoofing Page.

November 18, 2003

Cloudmark Saved My Inbox

I haven’t commented on Cloudmark’s Spamnet plug-in for Outlook (and now Outlook Express) in a while.

This product is just wonderful. If you are an Outlook user and you haven’t tried it yet, download Cloudmark’s Spamnet now.

Here are my spam stats for the last few months while using Cloudmark:

Total messages received — 59,359

Total number of spam messages — 52,113

Total spam caught by Cloudmark — 50452 (97% success rate)

Total spam missed by Cloudmark — 1,661

Total “real messages” — 5,585

Total “false positives” of messages from individuals — ZERO

Total “false positives” of messages from opt-in lists — 95 (<0.2%)

“Good Message Ratio” with Cloudmark — 77% (i.e. over 3/4 of the messages in my inbox are real messages).

Given that my “Good Message Ratio” without Cloudmark would be less than 10%, I can confidently say that Cloudmark has saved my inbox.

Note that many opt-in lists get caught by Cloudmark. That is because the software works collaboratively, taking other people’s “block” messages and blocking similar messages from everyone’s inbox. But the software allows you to “double unblock” or whitelist messages so that they always get through Spamnet regardless of what other people think of the sender.

October 30, 2003

Thought

CNET.com: Cyberpiracy north of the border:

“CNET News.com spoke to Michael Geist, the Canada research chair in Internet and e-commerce law at the University of Ottawa, about copyrights, spam and other topics. Geist is also technology counsel to Osler, Hoskin & Harcourt, and he writes a newspaper column on cyberlaw.”

October 28, 2003

Thought

Nick Usborne reports that his “White Collar Spam” post has created a meme that has officially launched itself into our collective conscience. Nick used the term in a post related to over-extension of permission by legitimate e-mailers. Seth Godin picked up the idea and linked to Nick. Now Saul Hansell of the NT Times as used the term in ‘Big Companies Add to Spam’.

September 26, 2003

Thought

New York Times: Do-Not-Call Listing Remains Up in Air After Day of Twists:

“The second ruling, issued today by Judge Edward W. Nottingham of Federal District Court in Denver, threw a more effective obstacle in the way of the list on the ground that it discriminates against for-profit businesses; the registry program still allows political and charitable solicitation calls to be made. Judge Nottingham ruled that by exempting the nonprofit solicitors from the registry, the F.T.C. ‘has imposed a content-based limitation on what the consumer may ban from his home.’

He added that ‘the mechanism purportedly created by the F.T.C. to effectuate consumer choice instead influences consumer choice, thereby entangling the government in deciding what speech consumers may hear.’ The burden on commercial speech was significant enough, the judge ruled, ‘to amount to a government restriction implicating the First Amendment.’

Because the ruling came on broad constitutional grounds the program’s future will probably not be settled in Congress, but in the courts.”

September 25, 2003

Thought

Reuters: House Votes to Reinstate ‘Do Not Call’ List:

“Congress moved quickly on Thursday to reinstate a popular ‘do-not-call’ telemarketing list that millions had signed up for before it was blocked by a U.S court two days ago.

The House of Representatives voted 412–8 to give the Federal Trade Commission authority to run the national ‘do not call’ registry of phone numbers, which telemarketers would be prohibited to call. The Senate was expected to vote on a nearly identical measure later in the afternoon.”
Thought

Seth’s Blog: The DMA steps in it again:

“More important, the Do Not Call list is the single best thing to happen to direct marketing since the invention of the catalog. Here’s a government-financed way of figuring out in advance who’s going to hang up on you.”

September 24, 2003

Thought

New York Times: Court Finds F.T.C. Exceeded Authority on Do-Not-Call List:

“In a victory for telemarketers, a federal judge in Oklahoma has ruled that the Federal Trade Commission overstepped its authority in creating a national do-not-call telephone registry, which was to have gone into effect on Oct. 1.”

September 20, 2003

Thought

CNET News.com: System alert: You’ve got worms:

“Some media reports suggest that a few of the present crop of viruses differ from those that infected computer systems in the past. One difference, they say, is that these bugs can capture e-mail addresses as well as IP addresses that can later be used to generate massive amounts of spam. How real is that concern? While it’s tempting to wonder whether the latest viruses are being unleashed with a profit motive — and the goal of using computers to send spam — most people agree that it’s unlikely.”

This is a good opinion piece on viruses, with particular attention being paid to whether spammers are behind recent attacks (unlikely) and if moving to a non-Windows OS makes sense (yes, unless everyone else does too).

September 19, 2003

Cloudmark Rating System

I’ve used Cloudmark’s SpamNet since it was in early beta. I think it is one of the best anti-spam products out there. In a typical day, I get about 150 spam messages and SpamNet removes all but 3 or 4 of these. I don’t have a spam problem anymore.

Well, as a consumer I don’t have a spam problem. But as someone who sends e-mail newsletters to people who have subscribed at my site, it is a very big problem.

Overaggressive spam filters continually block legitimate e-mail communications, primarily newsletters and other corporate communications which can look “spammy” even if they are not.

In fact, the only problem I’ve had with Cloudmark is that it traps a fair number of legitimate newsletters I’ve signed up for as spam. This happens because Cloudmark users “vote” on whether messages are spam or not and Cloudmark then uses Bayesian filters to block similar messages from other users’ inboxes. This works well until a bunch of people decide that news.com’s newsletters aren’t worth reading and they “block” them.

Cloudmark got one step closer to the perfect solution this week when it introduced the Cloudmark Rating System which is effectively a global whitelisting process to avoid the blocking of mailings from people who are willing to identify themselves.

Here’s the press release.:

“The breakthrough email reputation system solves the industry-wide problem of false positives, or good email getting caught in spam filters. In the race to stop spam, false positives are crippling email as a viable way to do business. Ferris Research estimates the cost of false positives to businesses could be as high as $3.5 billion. Consumers, legitimate e-mailers and ISPs are all becoming collateral damage in the war against spam.”

This is good news. Now if only we could get everyone to switch to Cloudmark we’d have this problem licked!

August 26, 2003

Thought

Another article on the prospect that SoBig is being created as a money-making scheme: New York Times: Spam-for-Money Plan Suspected by Expert on E-Mail Viruses”

Still, there is no evidence given as to why they think this is commercial in nature. The closest the article comes is:

“There is some evidence that he’s been tied in with spammers,” said Bruce Hughes, director of malicious code research at Trusecure. Although many companies blacklist Internet addresses that are the sources of spam, a strategy that used computers commandeered by the SoBig program would be almost impossible to defeat.”

Of course “impossible to defeat” is hogwash. Blacklisting would be useless in this case (which might be a good thing since it is largely a failed strategy towards stemming the flow of unwanted messages), but Bayesian mail filters like Cloudmark or SpamBayes would have no trouble with this.
Thought

Great article from Technology Review called “WhereWare”:

“The idea is to make cell phones, personal digital assistants, and even fashion accessories capable of tracking their owners’ every movement — whether they’re outdoors, working on the 60th floor, or shopping in a basement arcade.”

Most of what I’ve seen on this topic has focussed on location-based advertising (as in “The Gap can beam discount coupons to you as you pass their store!”). Most of this is uninspired hogwash that serves companies well, but not people. Some of the examples in this article speak more to personal use (finding out if a loved one is on their way to meet you or hopelessly lost, walking directions, etc.).

August 22, 2003

Thought

silicon.com — Sobig update: Organised criminals marry spam and viruses:

“Sobig smashed all the records in terms of pure numbers, but that’s not nearly the whole story,’ said Simpson. ‘This is the sixth in a series of controlled experiments. This isn’t about some kiddy writing viruses in his bedroom — this is really a very sophisticated example of organized crime.”

I’m not sure about this statement. Clearly, Peter Simpson, manager of ThreatLab at Clearswift, benefits from fear, uncertainty, and doubt about viruses and spam given Clearswift’s business.

Is there any proof or corroboration of this assertion?

August 7, 2003

Thought

Eight Steps to Ward Off Spam Complaints

These eight simple suggestions will not only reduce spam complaints against your company or organization but also increase the chances that others will read your messages.

1. Never (ever!) purchase, trade or borrow an email list.

2. Always send a welcome email to members when they have signed up, but be careful.

3. Keep records of those who have signed up.

4. Remind people that they have subscribed to your mailing.

5. Always be sure to include an alternate means of contact to your subscribers.

6. Try to send mailings to your subscribers on a regular basis.

7. If you have not sent a mailing for a while, initially send a message to no more than 1,000 randomly selected subscribers.

8. Adhere to your privacy policy.

August 4, 2003

Thought

I’ve forgotten the original article that pointed me to this, but here is a simple, plain English privacy policy:

SavedMemories.com Privacy Policy

July 31, 2003

Thought

Wired News: Antispam Bills: Worse Than Spam?:

“While no one has sympathy for the devils that fill inboxes with promises of lower mortgages and larger members, not everyone is supporting the new movement to banish spammers from the Internet.

Some online advocates worry that heavy-handed antispam measures, such as centralized blacklists and charging for delivery, will destroy e-mail.”
Thought

Fascinating post on GlennLog called “Hating”.

While the post is really about a war Dave Winer is having with a user, I wanted to note Glenn’s central theme regarding the imminent end of privacy (my words not his):

“This kind of permanence has set in on the Web in a way that only a small percentage of people understand. Post to Usenet — ever? It’s there, forever. Post a Web page for a few months? Google has an archive, and if it’s up long enough, so does The Internet Archive, which, with a few keystrokes, brings up the history of every page they’ve archived at a given URL.”

July 29, 2003

Thought

ClickZ: Do Not Call (But Feel Free to Click):

“Ten million users registered in four days. A few days later, it was 20 million. This past Wednesday, less than a month after registration opened for the Federal Trade Commission’s (FTC’s) National Do Not Call Registry, Americans had volunteered 28 million phone numbers, representing over a third of all U.S. households.

What’s equally stunning is 89 percent of these numbers were registered online, making the FTC’s National Do Not Call initiative most probably the most successful site launch. Ever. For two weeks after it went live on June 25, the registry was the most searched-for site on the major search engines, spiking the Nielsen//NetRatings charts.”

That’s correct. In one month 1/3 of US households voted “no” to telemarketing. How hated does an industry have to be before it gets the message that people just don’t want to be sold this way?

July 23, 2003

Thought

The rhetoric around spam and “finding a solution” to the spam problem is reaching fever pitch. One of the best discussions of the issue I’ve seen is being conducted by the Technology Review.

They started their coverage with an excellent overview of the issue called “Spam Wars”

This was followed by a Dialog between Vipul Ved Prakash (Cloudmark founder), David Crocker and Barry Shein.

I was going to quote from Vipul and David, but they make so many solid points and argue the case for restraint in dealing with spam so eloquently that I will just urge you to follow the links.

July 21, 2003

Thought

Looks like the DMA is up to it’s old (embarrassing) tricks again:

DMNews.com: “Ahhh, so that’s what spam is”:

“Spam is essentially e-mail that misrepresents an offer or misrepresents the originator, or in some way attempts to confuse or defraud people,” DMA president/CEO H. Robert Wientzen said in an appearance on a July 13 spam segment on “CBS Sunday Morning.” “The reality is that, in spite of all the trouble that e-mail is causing, Americans and people all over the world … do respond to e-mail offers, and they often respond to offers for things they didn’t even know existed, from people they didn’t know existed.”

April 22, 2003

Thought

The New York Times did a big write-up on E-mail Marketing and Spam — effectively ending the hopes that the two concepts can ever be separated in the public’s mind again. The article uses “marketing” and “junk”, “spammer” and “marketer” as synonyms and offers wonderful examples of spammers making the case against anti-spam advocates (thereby limiting the effectiveness of legitimate e-mailer’s concerns).

What a mess.

April 10, 2003

Thought

Great article called “Permission To Spam?” on ClickZ. Increasingly the challenge with e-mail marketing is going to be getting past the perception that your message is spam — even if you did clearly get permission.

In the long-run, smart marketers have to begin to temper expectations and realize that they have to make their lists cleaner and their messages more valuable to subscribers if they plan to succeed. For example, I know recommend double opt-in as standard for all lists. Even though it will decrease list size, it eliminates any chance of people not knowing what they signed up for. And you eliminate anyone with over aggressive filters because they never respond to the confirmation list, which means you’re less likely to be sending messages into spam filters.

March 20, 2003

Thought

BTW, Cloudmark’s Spamnet which I’ve been using since the first beta version seems to have really nailed its algorithms with the latest beta version (Beta 9) of their MS Outlook plug-in. I’m now finding that over 95% of spam is being filtered correctly and the number of false positives seem to have dropped quite a bit.

It’s also worth noting that the false positives are pretty permission-based lists that have at least one of these three characteristics:

1. In frequent mailers — companies that don’t send for a long time seem to get picked up (probably because people don’t recognize them). CNMA is in this camp.

2. Low value lists — things that are probably of far less value than the subscriber would have expected. People “block” the messages rather an unsubscribing.

3. Drifting permission — mailers seem to be pushing the bounds of permission and getting penalized for it. For example content-heavy newsletters get through but if they send a “special offer” from a “valued partner” they get tagged as spam.
Thought

Senderbase.com is a new service from IronPort (an anti-spam company) that offers a peak into who the big online mailers are, including estimates on how much mail is coming from each company.

Of course there is a hidden implication in a lot of Ironport’s language that just because someone sends a lot of mail they should therefore be filtered out and can’t be permission-based or welcome in users’ in-boxes.

The arms race between legitimate mailers and ISPs seems to be escalating.
Thought

The The Center For Democracy & Technology has released an interesting study of where spammers get e-mail addresses (it’s a 16 page PDF). It offers some fairly practical tips on cutting down on likelihood of your address being trapped by address harvesting apps. The best advice is to simply replace the “@” in your e-mail with word “at”, so that “[email protected]” is written as “example at schafer.com”. This seems to fool all e-mail harvesters but after a moment’s thought is intuitive to most humans.

March 10, 2003

Thought

I found “Accidental Privacy Spills: Musings on Privacy, Democracy, and the Internet” by James Grimmelmann fascinating. It’s an analysis of the events that followed the posting of a private e-mail by author Laurie Garrett on the web and the reactions from bloggers and Ms Garrett.

March 6, 2003

“Doing Something” About Spam

There is a growing urge amongst everyone using the Internet to “do something” about spam.

The growing frustration with spam has lead to more consumer and corporate anti-spam filtering technologies. “ESPs” (E-mail Service Providers) are legitimately afraid that false positives by these filters are going to decrease the overall effectiveness of e-mail as a communications tool. And ISPs are getting very tired of the costs associated with the massive amount of unwanted messages that they have to deliver.

Following behind the host of technical solutions to spam are the interest groups and task force groups being set up to represent the interests of each group.

For example, the ESPs have set up a group via the NAI. And now standards body the IETF has set up the Anti-Spam Research Group to research technical solutions, some of which this CNET article says make take years to implement — because fighting spam may mean a fundamental change to the way e-mail works.

JamSpam appears to be looking for a holistic approach, recognizing that all involved (okay with exception of the spammers) have legitimate concerns and the only solutions that will work are ones that recognize everyone’s issues.

I have two big concerns in this rush to action:

1. ISPs have taken it upon themselves to determine what is and is not wanted e-mail. That means that things that people legitimately want and senders have legitimate reason to send, are not being delivered by ISPs. While everyone can sympathize that they get more mail than they want to handle and that this is driving up their costs, they need to let the user decide what is wanted and what is not. Imagine of the Postal Service decided it had too much mail and these LL Bean catalogues seem to be in the mail far too often so they decided to dump them all in a big recycle bin.

2. The other big issue as I see it is the amorphous definition of “spam” itself. Many people now think of spam as ALL marketing messages, or ALL messages from businesses, or ANY message that they are not interested in. And because people have been given the dubious advice to “never unsubscribe from spam” because it will beget more spam, we now have a situation where legitimate mailing lists have hundreds of subscribers who are submitting them to spam filters rather than use the standard unsubscribe feature to get off the list.

November 1, 2002

Thought

“The legit e-mail marketing companies…are really going to hate this feature,” Smith continued. “They use e-mail Web beacons…to gather statistics about e-mail advertising campaigns.”

Will they ever hate it.

A recent CNET article called New Outlook to give spammers the boot details changes to Outlook (the most used e-mail application) that default to NOT loading HTML images from remote servers when a message is shown. It’s not entirely clear if this only related to “preview windows” or all windows, but for legitimate marketers this is really going to mess up the move to HTML messaging, and along with it muddy e-mail tracking stats further.

At the same time, it’s a boon for people tired of HTML-laced spam, so it will be interesting to see how this all shakes out between now and the launch of Office 11 in the summer of 2003.