- From: Matthew James Marnell <marnellm@portia.portia.com>
- Date: Sun, 25 Feb 1996 14:23:43 -0500
- To: hallam@zorch.w3.org
- Cc: Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>, Derek Harding <derek@tpdinc.com>, Murray Altheim <murray@spyglass.com>, hallam@w3.org, www-html@w3.org
:> :>I think people are offended that you have attacked a position that :>nobody was actually proposing. Like most other proposals on the Internet, the author and supporters don't necessarily see forward enough to consider some of the possible abuses of their proposal. You seem to see it as a personal attack, but it's not even an attack per se, just pointing out some flaws. :>Please do not assume that you are the only person who understands the :>Internet and its users. I don't think that there is a Napoleon behind :>every URL, very few of the users of the Internet are homicidal maniacs :>like Napoleon, Hitler or Saddam. Robert isn't acting as if he knows it all. Other people are. *nudge* But, we're not talking about Napoleon, Hitler, or Saddam, we're talking about corporations who'd love to grab as much information as they can about their "potential" clients. I've gotten reader response cards that ask pretty personal questions and it's on a postcard sized card with prepaid postage. If I chose to send it in, the post office worker, the corporations mailroom employee, and everyone else between me and the "qualifier" get to read that info. Have you ever sent in for a rebate? All these are are ways to capture info, and some of them get very hairy about what they want from you, with little fine print about "any field not filled in voids the rebate." :>There is a problem with the Canter and Segal, get rich quick faction of :>the net. This is a small proportion of users. Canter and Segal are no different than half the advertising depts in large corps. It's not get-rich-quickers that are going to be abusing this feature, it's the corporations, the stay-rich-at-all-costs. If a developer comes to you and says, "There is a new proposal that would allow you, XXXXX, Inc., to capture info from the user at will. All you have to do is follow my scheme, which I'll set up for you for my usual fee. :>I need no lessons in protecting personal privacy. I work in the security :>and payments areas and work on the same floor of MIT as Ron Rivest's :>cryptography group. And this means something? Just because you don't see the implications doesn't mean they're not there. Just because you've been doing this for X years, doesn't mean that you see every possible avenue of abuse. Back to our developer who is talking to Mr. Greedy Corporation Head. "Okay, the scheme here is that we run a promotion at your site. We give something away, so that we can take a "anonymous survey." under the giveaway form (URL http://www.somecorp.com/cgi-bin/form-proc) we don't take the user's name or anything, just their average yearly income, their likes and dislikes, etc, etc. This form is dynamic so that if they're coming from the survey page they get one form, but if they're coming from another page they get another form, based on the same URL. Under this new proposal, the automatic filling in of forms works on a URL based scheme. So, on another part of the site we have a user area that they have to enter their name in order to enter. This is where it gets good. The form they use to enter the user area is, you guessed it, http://www.somecorp.com/ cgi-bin/form-proc. But this form is different because it's dynamic and the user is accessing it from another page. At the top of this form we ask them the info we didn't ask them on the survey, which they've already filled out in order to get to the user area. The way the new form works is that we take their name and stuff, but at the bottom under a repeated blank and transparent spacer.gif we have all the fields from the survey, and since the URL is the same, the browser automagically fills it in. So, when they submit their name and get a user number they're sending us all the survey info so we can now associate it with a person. The next time they come in they log in under a new URL using the user number we gave them, so we can associate the captured info with the person browsing. All in all, it works better than the old Netscape cookies, because this allows us to get even more info under the guise of making the site better for them, and your product better for them. You can then take that info and give your sponsors and advertisers a better idea of who is coming through so you can charge more for that. It's a win-win situation for you, your partners and me." Now tell me how you're going to protect against this? Tell me how your proposal is any different than most other proposals that make it "easier" for the user, but also, via a loophole make it so much easier for the server? There have plenty of things that have been implemented for consumer that actually hurt the consumer but help the credit reporting agencies and consumer profiling people. This will be no different. /V\att
Received on Sunday, 25 February 1996 14:26:43 UTC