What's In YOUR Privacy Policy?

Home | Privacy Links | Opt-Out



PRIVACYnotes #1

PRIVACYnotes #2
PRIVACYnotes #3
PRIVACYnotes #4
PRIVACYnotes #5
PRIVACYnotes #6
PRIVACYnotes #7
PRIVACYnotes #8
PRIVACYnotes #9
PRIVACYnotes #10
PRIVACYnotes #11
PRIVACYnotes #12
PRIVACYnotes #13
PRIVACYnotes #14
PRIVACYnotes #15
PRIVACYnotes #16
PRIVACYnotes #17
PRIVACYnotes #18
PRIVACYnotes #19
PRIVACYnotes #20
PRIVACYnotes #21
PRIVACYnotes #22
PRIVACYnotes #23
PRIVACYnotes #24
PRIVACYnotes #25
PRIVACYnotes #26
PRIVACYnotes #27
PRIVACYnotes #28
PRIVACYnotes #29
PRIVACYnotes #30
PRIVACYnotes #31
PRIVACYnotes #32
PRIVACYnotes #33
PRIVACYnotes #34
PRIVACYnotes #35
PRIVACYnotes #36
PRIVACYnotes #37
PRIVACYnotes #38
PRIVACYnotes #39
PRIVACYnotes #40
PRIVACYnotes #41

PRIVACYnotes Discussion List
Protecting Privacy is Good for Business

Respecting Privacy on the Web

PRIVACYnotes Digest
Protecting Privacy is Good for Business
Published by: Mike Banks Valentine website101
June 13, 2002 Issue # 014
.....IN THIS DIGEST.....


"What's in YOUR Privacy Policy?" ~ Mike Valentine

// -- NEW DISCUSSION -- //

"Explorer 6 & P3P" ~ Richard Lowe

"Operation Opt-Out" ~ Mike Valentine


"Email Appending" ~ Anonymous

// -- PRIVACY NEWS -- //

"The Latest in Privacy Issues"



What's in YOUR Privacy Policy?

As a privacy advocate, I visit and read more privacy policy pages on web sites than most. This week I'd like to point to one I find truly enlightened if, as I say in my note to them, the language in that policy can be taken at face value. I'll reproduce my note to them below and would like to ask list members the stirring question, "What's in YOUR privacy policy. ;-)

My note to 24/7 Real Media follows their privacy policy link below:

I recently visited to opt-out of a promotional list mailing I received today and reviewed the 24/7 privacy policy. While not ideal, the standards reflected in that policy appear better than most online media / marketing / advertising services if the language used in that policy can be taken at face value.

Further, that policy reads relatively easily and encourages visitors to learn more through the linked resources. The stance openly opposing data aggregation is truly enlightened for a marketing company.

I must ask one question that has gone unanswered by most online marketing resource service companies such as yours. How do you get my address in the first place? I specifically and vigilantly deny permission for further use of my email address and contact information whenever I sign up for anything and everything, online and off.

Does verify the source of those email addresses it purchases or rents from other companies? How is it that addresses I specifically give to one single source only continually end up receiving marketing emails from other sources when all deny selling that data? (Including 24/7).

I'd be happy to entertain, and publish with your permission, the answers to the above questions. Come join our weekly PRIVACYnotes discussion list and contribute some cogent thought, from your viewpoint, to the conversation. You can review the archives of the list by visiting the link in my signature line below.

I look forward to hearing from you.

~ Mike Banks Valentine What's in YOUR privacy policy?

// -- NEW DISCUSSION -- //

===> TOPIC: Explorer 6 and P3P

From: Richard Lowe, Jr. <>

If you downloaded Internet Explorer 6 recently (or it came pre-installed on your machine) you may have noticed something a little different. Look under the "Internet Options" selection of the "Tools" menu. You will see a new tab titled "Privacy". Click on the tab and you will be able to specify settings which control the way cookies are handled.

There has been a lot of press about this new feature. It's been all over the web - some positive comments, some negative (and, of course, the usual "it's just a Microsoft plot" type postings and articles.)

Personally, I like the new privacy tab as it eliminates the need for third party cookie handling products (if you are using Internet Explorer, of course). I found the controls very simple and straightforward, and within a short time cookies have ceased to be a concern.

This is part the first significant implementation of a new internet standard called P3P (Platform for Privacy Preferences). P3P is intended to give surfers more complete control of how their privacy is handled whenever they surf. In theory, at least, P3P should automate privacy, eliminating the need for surfers to read complex privacy notices every time they visit a site and want to enter some information.

The controls actually control much more than you might think. There is quite a bit of technology behind those simple radio buttons. You see, webmasters are being asked to supply a special XML document which defines how their site handles cookies and other privacy matters. Browsers which understand P3P (Internet Explorer for one) read this document and compare it to the settings you entered on the "privacy" tab. This allows the browser to automatically handle your privacy needs for sites which fulfill your privacy needs.

This became an issue because, quite frankly, many companies (both on and off the web) horribly abuse the privacy of their customers. It's very common for a company to record your name and other personal data, then resell it dozens or even hundreds of times. Information is very valuable, and the information which is gathered from the internet is even more so.

You see, companies can use cookies to track your surfing habits, then compile a profile to determine which types of products you normally purchase. This can be further analyzed to extrapolate which products you are likely to purchase in the future. And this allows advertisements to be targeted at people who are likely to purchase, which increases the value of the advertising campaign.

Other uses, of course, include more, shall we say, slimy practices. These run the gamut from selling your email addresses (to other marketers and spammers as well) to outright crimes such as fraud and identity theft.

Now don't get this wrong. There are valid uses for cookies, web bugs, and all of the other things used to track customers. These include shopping carts, personalization and the memorization of entry fields. All of these uses are to make things more convenient for the consumer, which thus makes it more likely for people to return the site.

In fact, many people have no objection to the tracking of their surfing habits and the maintenance of a profile. After all, these are used to show highly targeted advertisements, which means a customer will only, in theory, see ads in which he has an interest.

Consumers want to know how their personal information will be used, so companies started creating legal documents called privacy policies. These explain exactly how any and all information collected from a surfer or customer will be used.

Unfortunately, these privacy policies have become extremely complex and virtually unintelligible. I have seen policies which are over 100k in size (all text), which is ludicrously large. Thus, P3P was born to make this a little easier for the consumer, and thus make him more comfortable with surfing and shopping on line.

P3P is, in my opinion, a good start. I really do like the privacy feature in Internet Explorer. It does not, however, go anywhere near far enough. The XML document that must be created by webmasters is very complicated and extremely difficult to create and maintain. The XML documents must (at least until better tools are created) be maintained by webmasters with some technical competence. This means it is difficult for legal types to review and validate. In addition, since there must also be a human-readable document, it is awkward to keep the two policies saying the same things.

However, a start must be made and P3P is a decent attempt to do something to manage privacy. It needs to be greatly expanded to handle such things as web bugs, profile maintenance and so on. These things may be added in the future. In the meantime, those surfers who want to control cookies would be well advised to make the appropriate settings. And webmasters would be well advised to become knowledgeable about P3P and implement it for their sites.

Internet Tips And Secrets


From: Mike Banks Valentine

I've just stumbled across the single most useful online tool I've seen for easing junk mail and spam! By visiting the following URL and entering your name and mailing address, you can auto-generate letters including that information, along with any additional required stuff form individual companies, into printable letters directly from your browser that provide mailing addresses to dozens of marketing, credit reporting and other organizations preconfigured and merged into a personalized letter from yourself to those companies and organizations requesting to opt-out from junkmail! In ten clicks of the "next form" letter, I was able to request removal from a raft of lists and it's possible to do more if you like by returning and choosing different companies from the online form!

The site is a joint project with Center for a New American Dream, and the Center For Democracy in Technology cooperatively using technology to better facilitate Operation Opt-Out. I love it!

If I could generate automated labels to affix to my envelopes and online postage, I'd call the tool remarkable! I will stop short of that and say this is extremely useful. ;-)



From: Anonymous

Mike Valentine said,

>> Each time Java is launched while I'm reviewing my mail, I almost explode in anger as there is literally nothing I can do to stop it until it loads the email, pops up a browser window and I can finally begin to close the rapid fire group of popup windows attempting to show hardcore porn or the latest body enhancing pills. <<

Mike, try switching email clients. I use Eudora Pro, and turned off the "use Microsoft's viewer" button, and I don't see this kind of crap any more. The spam still comes (300+ per day), but my filters catch 90% of it and I don't have to deal with "code abuse" because I chose an email client that isn't as vulnerable as Microsoft Outlook.

FYI, a current list of spam filters is posted at


From: Anonymous


I have the same SPAM-rage that you do, but there's also an element of danger to it. The company I work for is privately held, and it is an absolute rule that porno and other offensive materials are not permitted on company machines. I'm the web developer, and the bounce mailbox for our 8 websites, so you can imagine the crap I get every day. I could honestly lose my job, were it not for a boss who understands why I'm getting this.

One of our office traditions is that mail is hand-delivered by a secretary (there's only 50 of us in this building, so it's not that big of a deal), some of whom would be very offended my such material. On several occasions, my delete key was not fast enough to keep me from being surprised and one of them from being shocked at the latest hard core mailings.

The only thing that's going to stop these guys is when it's unprofitable. I think there are two advances that need to be made, one technological, and one legal. In PA, all unsolicited ads must be prefaced with ADV:, and all adult ones must be prefaced with ADV:Adult, or else. Yeah, that's been working. Oddly, senders of SPAM faxes in PA can be sued in front of a district magistrate for $500/fax. Where jobs could be threatened because of what's in the inbox, we need more than just "ADV:".

Technologically, we need some sort of better message identifiers. Close our corporate networks to all messages without the proper identifiers, almost like the trusted authorities in our digital certificates. It's draconian at first, and the best hackers could always find a way around these measures. But it would be far more difficult, and subject to greater civil penalties.

As for list spam, I have half a mind to start collecting from: addresses, of the spammers, and using those in my postings.


From: Anonymous

Hi Everyone,

There sure are a ton of privacy issues, from spam (I just received a particularly nasty one about 5-10 y/o girls signed by Harry Potter), to the FBI, etc.

I just found a partial answer. This doesn't resolve all issues, but quite a few. It only works for some email. I like it so much I have become an affiliate (blatant plug - use my url if you sign up ).

This works similar to a BBS. Messages are posted, and everyone in the group can read and post. It is password protected. There is no spam, no viruses, and is private. The bots do not spider. It works great for groups of business associates, friends, or family. I can for instance have a business group for each project, and all project members become group member. I post something that may say for instance, the deadline has changed, and everyone see it. No fuss, no muss, no multiple or group mails that may or may not arrive or get lost in between spam mail.

I'm planning on using this often for many different groups as you can have multiple groups - they are each setup separately so one does not interfere with another.

// -- PRIVACY NEWS -- //

Moderator note: There are two ways to access previously listed privacy news stories. One is to visit PRIVACYnotes archives, the other (simpler) way is to visit where I also keep a privacy news archive.

Seth Godin argues that privacy and anonymity lead to bad behavior. Better to be transparent and identifiable than obscure, opaque and anonymous. He floats a raft of good points worth serious consideration. Are we ready to be fully visible?

The creator of an add-on program for AOL Time Warner's Instant Messenger plans to eradicate a component that phones home after critics called the feature "spyware." The recent decision comes after some users of Big-O Software's AIM+ program--which adds chat logging, ad removal and other features to AIM--complained that the program violated their privacy by sending information about their online identity back to a Big-O server. "The fact that AIM+ returns information to the Big-O Software servers has never been hidden from the users," Mark Swiss, beta tester and community organizer for Big-O Software, said last Friday in a response to consumers' complaints on the company's online forum.

Best Buy is changing its online privacy policy, allowing the company to combine customer information from its Web site with that collected in its stores. As part of the policy modification, the company also said it may share with third parties information collected from surveys or reviews on its site. The company has begun notifying customers of the changes via e-mail; the updated policy will go into effect June 9. The shift raised the eyebrows of some privacy advocates. The changes are only the latest in a disturbing trend of companies revamping their privacy policies to the detriment of consumers, advocates say. Companies usually make such changes themselves, taking little input from customers and leaving them with little recourse.

Five owners of a controversial digital video recorder sued the entertainment world's biggest firms Thursday, asking a federal judge to uphold consumers' rights to record TV shows and skip commercials. The owners of the ReplayTV 4000 claim an entertainment oligopoly of U.S. television networks and movie studios is trying to label them as criminals. "I'm just trying to exercise my normal rights in terms of video recording," said one of them, Craig Newmark, founder of the popular community listings site Features like commercial skipping, he added, help parents "protect their kids from excessive consumerism."

North Dakota voters on Tuesday will be the first in the country to make their own choice about how to regulate financial privacy. A statewide referendum will decide if banks and other financial institutions can continue to share or sell data without obtaining customer permission. A disparate coalition seeking tighter privacy restrictions, reaching from labor and the American Civil Liberties Union to a small conservative organization, the Constitution Party, forced the referendum on the ballot. There are unusual allies on the other side, too: the banks and credit unions, which often fight each other on financial regulation.


PRIVACYnotes Moderator: Mike Banks Valentine

Mike Banks Valentine is a champion of the true small online business. He advocates a do-it-yourself approach to e-commerce through online learning for the small office, home office (SOHO) or emerging entrepreneur who lacks major venture capital funding or corporate marketing budgets.

Mike is the founder of WebSite101, an educational resource for small businesses creating initial Web presences. His writing has appeared in international publications and his work praised by Entrepreneur Magazine. He does small business web marketing and search engine optimization.

Contact Mike Banks Valentine 5318 E. 2nd St. #789 Long Beach, CA 90803