Archive for February, 2010

25
Feb

Miscellenia

   Posted by: Joshbw    in General Ramblings

Couple random thoughts, observations, stuff:

Last night my wife wanted to pay her Sprint bill – she didn’t want to get up and go down stairs to grab her purse and credit card so she asked me for mine and I just tossed her my wallet without thinking. Rather than grabbing my dedicated credit card out she grabbed my debit card, which wouldn’t have been my preference (easier to dispute credit credit card charges if necessary). I was prepared to start answering the various interrogation questions necessary for a card purchase, since the CVV code is intentionally missing from all of my cards (no need to make it extra easy for a would be pickpocket), and was sort of suprised that she didn’t need any information other than the card number. It turns out Sprint uses the STAR network with debit card transactions and all it needs is the credit card number – how is that a good thing? Credit cards are already great theft targets since you only need a couple pieces of information to charge them – I don’t think reducing the amount of information is wise. In Sprint’s defense, only a moron would place a charge with a stolen card on their own account, but in terms of industry trends I can say that offering debit transactions with just a card number is one that I feel should continue.

Unrelated to that, the vast majority of blog spam that gets trapped by the filters at the moment is related to amoxicillin ads – what the hell? Can someone explain the psychology behind that to me? First, amoxicillin is an antibiotic – typically something you are using because you went to the doctor, found out you have an infection, and want medicine sooner rather than later; it is also something you only take for a short period (what, 5 days or something like that) and don’t renew – how is that a good candidate for mail order? On top of that its about the cheapest antibiotic known to man – it isn’t like Walgreens is charging $50 for it after insurance. Last time I needed to pay for amoxicillin it couldn’t have been more than $5. Are people really looking to knock that price down even further? What makes it good chum for spam fodder?

Well, those are my deep thoughts for the day, cheers,
~ Joshbw

No Comments
18
Feb

On Google and Privacy Policies

   Posted by: Joshbw    in General Ramblings

Google is currently getting reamed for their poorly handled roll out of Buzz to Gmail users. It is pretty clear that they made the choice to automatically enroll as many people as possible into Buzz in order to grow its initial market share, at the expense of user choice and privacy. This Ars article does a good job summarizing the privacy complaints.

For my part I was curious if Google had violated their published privacy policy. After all, Buzz wasn’t exactly optional for GMail users, but distinctly changes the way your Gmail information is used (for example, it automatically made your Address list into a public Buzz contact list, when it had not been public before), and it would seem that the new functionality would not have been anticipated in the initial draft of the Gmail Privacy policy. Indeed, following Buzz GMail did update its privacy policy to read:

You may choose to use additional Gmail features, such as chat, which connects to the Google Talk network, or Google Buzz. The Google Talk service has its own privacy notice available here, and Google Buzz here.

Personally I find it suspect that Google chooses to obscure the Buzz privacy details behind additional links, rather than making it front and center. It is, after all, now an integral part of GMail, and something they chose to make users opt out of rather than opt into. In general it is my belief that if new functionality or services require a change to a privacy policy (at least in terms of being more permissive in information sharing – if by some miracle the change is to be less permissive with information sharing I have no issue), that functionality should follow an opt-in model after a clear explanation of the privacy changes.

Anyway, given only the alteration above I think serious questions would be appropriate concerning Google’s use of privacy policies, however they have a nice ace in the hole:

Google may send you information related to your Gmail account or other Google services.

This provision has been in the Gmail privacy policy for ages (perhaps since day one, but I haven’t confirmed that). A similar statement is found in other Google services. This is a nice little loophole that makes their privacy policy pretty much worthless in my opinion. In order to judge the privacy policy of Gmail I also have to be knowledgeable about the privacy policy of any other Google service that Gmail might share data with, and how it uses data as well (Google did, after all, disclose that it does share information with other services, so I can’t complain if other services use the data in a manner I don’t find appropriate). This, I believe, is an impossibility, since there is no way to achieve such knowledge – do services that don’t directly face customers but access the data have published policies? Does it cover both current and future services?

In general I would like to see the privacy policy modified in one of three ways:
1) The policy explicitly state which services information it contains are shared with (not just services that it directly shares information with, but also services they will in turn share the information with, etc), a whitelist of services so to speak, and directly link to their policies in the same way it does for chat and buzz. This way a customer actually can be informed how the data is used.

2) The policy state that while information is shared with other services (first and third party), additional services will conform to the privacy claims presented in the Gmail policy.

3) The policy has all other assurances erased and simply state that information is shared with other services and there can be no expectation of privacy pertaining to any information in Gmail.

Right now I think #3 is an accurate representation of what they are currently doing, but they are being dishonest in not making that obvious. I find #2 to be preferable, as it doesn’t require the user to bounce around hunting down the policies for other services (which, if they similarly share information, could put the user in the same position they are in now if the user did need to track down policies). What this really illustrates is largely how worthless privacy policies are in making appropriate decisions. (incidentally, the hotmail policy similarly has a loophole about sharing information with other services, though at least they also include “We use the information we collect to provide the services you request” which would imply an opt-in approach rather than opt-out)

~ Joshbw

No Comments
Back to top