- From: Adam Jack <ajack@corp.micrognosis.com>
- Date: Sun, 25 Feb 1996 16:24:04 -0500 (EST)
- To: Matthew James Marnell <marnellm@portia.portia.com>
- Cc: hallam@zorch.w3.org, Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>, Derek Harding <derek@tpdinc.com>, Murray Altheim <murray@spyglass.com>, hallam@w3.org, www-html@w3.org
On Sun, 25 Feb 1996, Matthew James Marnell wrote: > Back to our developer who is talking to Mr. Greedy Corporation Head. > > "Okay, the scheme here is that we run a promotion at your site. > [...] (Scam details deleted) Scarily this (almost identically) already exist at a public site that takes your career information and provides you with thier estimate of what salary you could command. Once they tell you a salary range they make a supposedly separate offer to e-mail you job information. That form has all your earlier information in hidden fields! Add your e-mail address to that -- and your privacy in this area is removed. The only way one would notice this information is if the user is to look at the HTML source. (Note : the action method was POST so the user couldn't even notice an uncoded URL.) Whether this is an intentional scam or development accident the end result is a loss of privacy. Hence -- this style of scam already exists. This proposal doesn't introduce it. > > Now tell me how you're going to protect against this? Tell me > how your proposal is any different than most other proposals that > make it "easier" for the user, but also, via a loophole make it > so much easier for the server? There have plenty of things that > have been implemented for consumer that actually hurt the consumer > but help the credit reporting agencies and consumer profiling > people. This will be no different. > I agree in theory. I wonder though, what about practicallity? I would use such a system to set any data that I considered universally public. I would never allow it to hold any data that I considered in any way private. Hence I would allow it to hold my e-mail address but not my salary. I agree -- that information would be a small subset of the data that is personal to me -- but it if all it ever held was my e-mail address then, for me, it would be a useful feature. Also - note that I accept that I still have the final say. I do not have to press the SUBMIT button. Given that this is a feature I could (in theory) control at the browser then it is significantly less of a privacy leak than 'HIDDEN'. Adam -- +1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html
Received on Sunday, 25 February 1996 16:22:08 UTC