Re: Automatic Entry and Forms

Matthew James Marnell (marnellm@portia.portia.com)
Sun, 25 Feb 1996 14:23:43 -0500


Message-Id: <199602251924.OAA07389@portia.portia.com>
To: hallam@zorch.w3.org
Cc: Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>,
Subject: Re: Automatic Entry and Forms 
In-Reply-To: Your message of "Sun, 25 Feb 1996 02:11:20 EST."
             <9602250711.AA18153@zorch.w3.org> 
Date: Sun, 25 Feb 1996 14:23:43 -0500
From: Matthew James Marnell <marnellm@portia.portia.com>

:>
:>I think people are offended that you have attacked a position that
:>nobody was actually proposing. 

Like most other proposals on the Internet, the author and supporters
don't necessarily see forward enough to consider some of the possible
abuses of their proposal.  You seem to see it as a personal attack,
but it's not even an attack per se, just pointing out some flaws.

:>Please do not assume that you are the only person who understands the
:>Internet and its users. I don't think that there is a Napoleon behind
:>every URL, very few of the users of the Internet are homicidal maniacs
:>like Napoleon, Hitler or Saddam.

Robert isn't acting as if he knows it all.  Other people are.  *nudge*
But, we're not talking about Napoleon, Hitler, or Saddam, we're talking
about corporations who'd love to grab as much information as they can
about their "potential" clients.  I've gotten reader response cards
that ask pretty personal questions and it's on a postcard sized card
with prepaid postage.  If I chose to send it in, the post office worker,
the corporations mailroom employee, and everyone else between me and
the "qualifier" get to read that info.  Have you ever sent in for
a rebate?  All these are are ways to capture info, and some of them
get very hairy about what they want from you, with little fine print
about "any field not filled in voids the rebate."

:>There is a problem with the Canter and Segal, get rich quick faction of
:>the net. This is a small proportion of users.

Canter and Segal are no different than half the advertising depts in
large corps.  It's not get-rich-quickers that are going to be abusing
this feature, it's the corporations, the stay-rich-at-all-costs.  If
a developer comes to you and says, "There is a new proposal that would
allow you, XXXXX, Inc., to capture info from the user at will.  All you
have to do is follow my scheme, which I'll set up for you for my usual
fee.

:>I need no lessons in protecting personal privacy. I work in the security
:>and payments areas and work on the same floor of MIT as Ron Rivest's
:>cryptography group.

And this means something?  Just because you don't see the implications
doesn't mean they're not there.  Just because you've been doing this
for X years, doesn't mean that you see every possible avenue of abuse.

Back to our developer who is talking to Mr. Greedy Corporation Head.

"Okay, the scheme here is that we run a promotion at your site.  We
give something away, so that we can take a "anonymous survey."  under
the giveaway form (URL http://www.somecorp.com/cgi-bin/form-proc) we
don't take the user's name or anything, just their average yearly
income, their likes and dislikes, etc, etc.  This form is dynamic
so that if they're coming from the survey page they get one form,
but if they're coming from another page they get another form, based
on the same URL.  Under this new proposal, the automatic filling
in of forms works on a URL based scheme.  So, on another part of
the site we have a user area that they have to enter their name in
order to enter.  This is where it gets good.  The form they use to
enter the user area is, you guessed it, http://www.somecorp.com/
cgi-bin/form-proc.  But this form is different because it's dynamic
and the user is accessing it from another page.  At the top of
this form we ask them the info we didn't ask them on the survey,
which they've already filled out in order to get to the user area.
The way the new form works is that we take their name and stuff, but
at the bottom under a repeated blank and transparent spacer.gif
we have all the fields from the survey, and since the URL is the
same, the browser automagically fills it in.  So, when they submit
their name and get a user number they're sending us all the survey
info so we can now associate it with a person.  The next time they
come in they log in under a new URL using the user number we gave
them, so we can associate the captured info with the person browsing.
All in all, it works better than the old Netscape cookies, because
this allows us to get even more info under the guise of making the
site better for them, and your product better for them.  You can
then take that info and give your sponsors and advertisers a better
idea of who is coming through so you can charge more for that.
It's a win-win situation for you, your partners and me."

Now tell me how you're going to protect against this?  Tell me
how your proposal is any different than most other proposals that
make it "easier" for the user, but also, via a loophole make it
so much easier for the server?  There have plenty of things that
have been implemented for consumer that actually hurt the consumer
but help the credit reporting agencies and consumer profiling
people.  This will be no different.

/V\att