Category Archives: privacy

Why Would I Believe This?

“Trusteer Rapport?”  This is just a ridiculous thing for my bank to attempt…

Mailinator: Free, Instant, Completely Unsecure Email

What if you’re downloading a product demo, need a unique address to get the key, and never want to hear from that company again? Good luck! Actually, you don’t need good luck, just mailinator.

Send to any address at mailinator.com (or one of several other domains) and then go to the site and check your email. But make it a long, complex address, because there’s no password. In fact, anyone can check “your” email if they know the email address (including the person/company who sends email to you).

If you completely understand the limitations, this is a wonderful service.

A Halting First Step Toward Online Privacy Transparency

A googleblog post and AP story today indicate Google’s initial foray into a heretofore undiscovered country of transparency about what our actual expectations should be regarding how companies treat our personally-identifiable aggregate data online. Current “privacy policy” and “terms of use” statements tell us very little about the hows and whys of the data that companies maintain about us.

By telling us that personalized search data, IP addresses, etc. are to be kept for no more than 18-24 months “unless we’re legally required to retain log data for longer,” what Google actually revealed today is how bad the current state of online privacy protection is. Not only are companies collecting and maintaining this data almost indefinitely, but in some cases they’re legally bound to do so. This constitutes one of the dirty not-so-little secrets of online existence: we have little idea about and almost no control over the data that is collected about us.

Imagine if everywhere you drove a record was kept of your route, speed, what stores you visited, who you talked to, etc. In the real world this kind of surveillance requires a warrant and an enormous amount of effort (digging into your credit card purchases, getting your cellular company to flip the switch that turns your phone into a GPS-enabled mobile bug, etc.). But to perform the same observations on line all you need is access to Google’s databases–between the Toolbar, Gmail, Talk, Desktop Search, AdSense, Google Analytics, Google Checkout, etc., etc., a huge percentage of what you accomplish with a computer can be tracked, analyzed, and ultimately connected back to you. And this is just one company. There are literally hundreds of major companies that have access to and maintain this data. How much? For how long?

How long does your ISP keep logs of the web sites you surf to? How long does Yahoo keep a transcript of your chats? How much information does the web-integrated Windows Live search in Vista phone home about you? These are questions we’ve ignored for the sake of utility and expedience, but I have a feeling they’re about to get asked. Google has broached the subject; now it’s up to the industry at large to respond, and hopefully, when they realize how bad it is, online citizens to get involved.