What Criteria Do You Apply Before Adding or Deleting Someone On Facebook?

December 27, 2011

New survey data from NM Incite shows what motivates us to add – or drop – friends on Facebook.

Why add someone? The most common reason is that you already know them. The most common reason to dump someone is offensive comments.

Some recent news articles – How Facebook Can Hurt Your Credit Rating, Privacy Fades in Facebook Era, and the recent FTC ruling against Facebook, Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises – plus a new 30 minute school curriculum piece I just finished for ikeepcurrent may give you even more reasons to be selective when evaluating potential friends – because what they post may not only be rude, irritating or depressing, it may also harm your future.

Linda


It is Absolutely Critical that you Understand YOU Are the Digital World’s Currency

October 15, 2011

In order to truly be a “free” website the provider cannot charge you fees, collect your information to sell, rent, lease, or share, or put advertising in front of you. Needless to say, there are very few truly free websites; most that are truly free are government, institutional, school, or non-profit websites, though even many of these types of organizations advertise and sell consumer information.

The way most ‘free’ services make money is not by selling advertising. What they sell is access to you, and information about you to advertisers, marketers and researchers, and others.

Your information is the commodity that drives the internet economy. It is collected through your online actions and the information you share, as well as through the exposure of your information by others.

Every piece of information you post, and every action you take online has value to some company or someone. That isn’t necessarily a bad thing. This trade in information lets you use the websites without paying money for your access. Your information helps companies provide you ads that are more targeted to your interests. It helps researchers and companies know what kind of products to design, and so on.

If you read a website’s terms and conditions you should be able to see just what information is being collected and how it is shared, though many companies make it very difficult to understand the full scope of their use of your information.

In addition to the information the hosting site is collecting and monetizing, an entire new industry has been created just to collect all the information posted by you or about you on any site – including government sites – to sell, rent, share, etc. to any interested party – see my blog Civil Rights Get Trampled in Internet Background Checks to learn more on this particular aspect.

And the data collection and reuse does not end with the hosting company or data collection companies. Your information is also collected and used by recruiters to make their hiring or enrollment decisions, potential dates or friends, by journalists interested in interviewing you. It’s searched by charitable organizations that are looking for sympathetic individuals to ask for charitable donations. And your information is collected and used and by far less pleasant people who want to use the information for things like bullying, cyberstalking, identity theft, home robberies, and other crimes.

To really understand your digital value and how this may have consequences far beyond those you feel comfortable with, let’s look at an example.

“Jenny” is 65. She loves using the internet to research information and stay in touch with friends and family. She’s on Twitter with friends, on Facebook with her grandchildren, and on a social networking site for seniors with her interests.

In Jenny’s profile she provides her full name, age, and location. She’s included a short line or two about her interests – chamber orchestra music, gardening, wine and photography. She’s taken a couple of online quizzes of her likes and dislikes which makes it easier for new people to see if they have something in common with her.

In one blog post she notes that she’s fed up with the democratic agenda. In another she talks about her grandkids that come to her house twice a week after school.  She complains that her knees and back hurt twice a week – on the days after her grandkids are over. And she says she hates exercising as much as she ever did, but that it’s even harder to get motivated since her mastectomy.

She tweets from the same doughnut shop every morning where she meets up with friends. On her senior site she joins a wine aficionado group and slyly acknowledges that while she only has one glass of wine a day – she frequently refills that glass several times over!

The photos Jenny has posted are of grandkids, her dog and nature shots.  There’s nothing embarrassing in what she’s posted, she wasn’t mean to anyone, but she doesn’t really understand the far reaching ramifications of what she posts.

How do others use this information?

The web service companies she uses collect this information – as well as information about the website she was on before she came to their site (ah, she banks at Chase) and the website she navigates to when she leaves – (oh, she went to the appointment scheduling page of a doctor in the ABC medical practice). They collect they type of computer/phone being used (wow, that’s an old HP!), it’s operating system, IP address, location, etc.

The web service companies are likely to cross tab this information with other information collected by data aggregators from government websites like Jenny her birth certificate – parents’ names, place of birth, date of birth, which when combined with records where Jenny has entered the last 4 digits of her social security number, provides her whole SSN – see my blog Kids and Financial ID Theft; a Growing Issue to learn how SSN’s are deconstructed.

Data aggregators have also collected the birth certificates of her children and grandchildren, her voter record, criminal record (clean), driving record (two speeding tickets in past 18 months). They’ve also gathered information on her deceased husband, what he did for a living (and her projected retirement funds), and information about her home, and previous properties she’s owned.

Crawling the web, data aggregators also see where she’s donated to charities, what her friends are saying about her, what information is discoverable through her photos, and the vehicles she has registered (one car, one boat).

And so on.

What surprises Jenny is that when she chooses to switch auto and boat insurers, she’s denied because of her potential drinking problem, which combined with her speeding tickets could be an expensive mess for the insurance company. She is also denied when she tries to purchase some life insurance – anyone who eats doughnuts every morning, hates to exercise and has already had cancer isn’t seen as a good risk.

Donation requests from music organizations, and catalogs from gardening, and pet supplies companies start showing up on a whole slew of websites Jenny visits online – and more arrive in her mailbox.

Her granddaughter discovers she will have to pay more for medical coverage because the insurance company learned through Jenny’s posts that breast cancer runs in the family.

Jenny falls for an ID theft scam that looked like a request for information from her doctor’s office asking her to reconfirm her billing and insurance data for their records.

To make matters worse, Jenny came home last week after her daily doughnut shop meet up, to find her home had been broken into. All of her photography equipment was stolen.

Once Jenny recognized how information she posted was affecting her, and her family members, she immediately took down some of her posts. Unfortunately, the data aggregators, and web service companies still have their data sets, so the damage is permanent.

If you take this scenario, and expand it to all the communications, contacts, and digital data collected about you, you’ll begin to see the magnitude of the financial model behind web services and data aggregators.

I am frequently asked why internet service companies don’t do a better job in giving their customers what they want. The answer to this is simple; they are giving their customers what they want – and what they want is your data.

In short, while you are the consumer of a websites services, you are not the service’s customers – those are companies paying to get access to you and your information.

A great illustration of this concept was created by the people behind Geek and Poke, and though the company targeted in the cartoon is Facebook, the concept applies to every other web service or product that makes their money behind the scenes.

As you provide information consider how it is being sold, bought, or simply taken and make sure you’re okay with potential outcomes now and over time.

Learn more about the commodity model in this blog When it Comes to Online Ad Tracking, You Can Opt out Any Time You’d Like – But Can You Ever Leave?

Note: ilookbothways.com does not collect, trade, sell, or use any information about our readers, nor do we accept any advertising on our site. The occasional ad that does land on our pages is NOT associated with us in any way.

Linda


When it Comes to Online Ad Tracking, You Can Opt out Any Time You’d Like – But Can You Ever Leave?

August 16, 2011

Even when users take steps to opt out of online tracking, many ad companies still track their activity according to preliminary research findings by Stanford University’s Center for Internet and Society.

As Arvind Narayanan, Postdoctoral fellow at the Center for Internet and Society puts it “A 1993 New Yorker cartoon famously proclaimed, “On the Internet, nobody knows you’re a dog.” The Web is a very different place today; you now leave countless footprints online. You log into websites. You share stuff on social networks. You search for information about yourself and your friends, family, and colleagues. And yet, in the debate about online tracking, ad networks and tracking companies would have you believe we’re still in the early 90s — they regularly advance, and get away with, “anonymization” or “we don’t collect Personally Identifiable Information” as an answer to privacy concerns.

In the language of computer science, clickstreams — browsing histories that companies collect — are not anonymous at all; rather, they are pseudonymous. The latter term is not only more technically appropriate, it is much more reflective of the fact that at any point after the data has been collected, the tracking company might try to attach an identity to the pseudonym (unique ID) that your data is labeled with. Thus, identification of a user affects not only future tracking, but also retroactively affects the data that’s already been collected. Identification needs to happen only once, ever, per user.

Will tracking companies actually take steps to identify or deanonymize users? It’s hard to tell, but there are hints that this is already happening: for example, many companies claim to be able to link online and offline activity, which is impossible without identity.

Regardless, what I will show you is that if they’re not doing it, it’s not because there are any technical barriers. Essentially, then, the privacy assurance reduces to: “Trust us. We won’t misuse your browsing history.”  I highly recommend you read his full article.

Advertisers fund the internet – in exchange for personal information

Remember the dot.com bubble burst of 2000? It happened because internet companies built their content and services on one key concept – that we, the consumers, would subscribe to use their services. There was just one fatal flaw – consumers wanted everything to be free. But free doesn’t pay the bills, let alone turn a profit, and internet companies either went bankrupt or changed their revenue model to ad funded.

Reasonably, advertisers want a return on their investment for funding the internet and their primary requirement – as with any advertising – is to be able to segment internet user demographics so they don’t waste money marketing shaving cream to toddlers.

Internet companies quickly learned that the more targeted the ads could be, the more advertisers were willing to pay them for access to their users… from there it doesn’t take a leap to understand how we’ve come to a place where ads follow us , and behavioral advertising is the name of the game.

In theory you are able to opt-out, in reality you’ll never know

A do-not-track feature has been added to both the Mozilla Firefox and the Microsoft IE 9 browsers that supposedly allows users to check a box in their preferences indicating they do not wish to have their online purchases, browsing patterns, search strings, or personal information be tracked. Once checked, any website the user goes to receives notice of their preference.

However, there is no law requiring companies to respect consumers do-not-track preference, and according to Stanford’s research few websites comply with users requests for privacy; choosing instead to continue tracking the user without their knowledge.  They do so in at least 5 ways, as shown on Stanford’s website and paraphrased here:

1. The third party is sometimes a first party

Companies with the biggest reach in terms of third-party tracking, such as Google and Facebook, are often also companies that users have a first-party relationship with. When you visit these sites directly, you’re giving them your identity, and there is no technical barrier to them associating your identity with your clickstream collected in the third-party context.

2. Leakage of identifiers from first-party to third-party sites

In a paper published just a few months ago, Balachander Krishnamurthy, Konstantin Naryshkin and Craig Wills exposed the various ways in which users’ information can and does leak from first parties to third parties. Fully three-quarters of sites leaked sensitive information or user IDs. There are at least four mechanisms by which identity is leaked: Email address or user ID in the Referer header, potentially identifying demographic information (gender, ZIP, interests) in the Request-URI, identifiers in shared cookies resulting from “hidden third-party” servers, and username or real name in page title.

3. The third party buys your identity

Ever seen one of those “Win a free iPod!” surveys? The business model for many of these outfits, going by the euphemism “lead-generation sites,” is to collect and sell your personal information. Increasingly, these sites have ties with tracking companies.

When you reveal your identity to a survey site, there are two ways in which it could get associated with your browsing history. First, the survey site itself could have a significant third-party presence on other sites you visit. When you visit the survey site and sign up, they can simply associate that information with the clickstream they’ve already collected about you. Later on, they can also act as an identity provider to sites on which they have a third-party presence.

Alternately, they could pass on your identity to trackers that are embedded in the survey site, allowing the tracker to link your identifying information with their cookie, and in turn associate it with your browsing history. In other words, the tracker has your browsing history, the survey site has your identity, and the two can be linked via the referrer header and other types of information leakage.

4. Hacks

A variety of browser and server-side bugs can exploited to discover users’ social identities. The known bugs have all been fixed, but computer security is a never-ending process of finding and fixing bugs.

5. Deanonymization

So far I’ve talked about identifying a user when they interact with the third party directly or indirectly. However, if the mountain of deanonymization research that has accumulated in the last few years has shown us one thing, it is that the data itself can be deanonymized by correlating its external information.

The logic is straightforward: in the course of a typical day, you might comment on a news article about your hometown, tweet a recipe from your favorite cooking site, and have a conversation on a friend’s blog. By these actions, you have established a public record of having visited these three specific URLs. How many other people do you expect will have visited all three, and at roughly the same times that you did? With a very high probability, no one else. This means that an algorithm combing through a database of anonymized clickstreams can easily match your clickstream to your identity. And that’s in a single day. Tracking logs usually stretch to months and years.

Legislation pending

The unveiling of secret tracking has galvanized congress, the FTC and even the president. Bills have been proposed to create do-not-track lists with industry compliance requirements for all users, and for minors. The European Unions “right to be forgotten” model, which would give users the right to require companies to remove all of their information from websites, is coming into favor.

If your data privacy matters to you – and it should – don’t remain silent. Let your elected officials know you support legislation that gives you the ultimate control over your information.

Linda


Welcome Outcome from Forum on the Privacy Concerns of New Internet Users

August 14, 2011

Consumers need greater education, choices and protection in order to address their privacy concerns, particularly those who are more recent adopters such as African Americans and other people of color, seniors, and low-income populations was the consensus opinion at the The New Digital Profile: Managing Privacy in an Evolving, Mobile Internet forum hosted by the Joint Center for Political and Economic Studies.

“This forum comes at a moment in time when people of color are increasing their use of broadband applications and services, but also when privacy concerns appear to be of utmost concern to those who have moved online only recently,” said Ralph B. Everett, President and CEO of the Joint Center. “With broadband having such enormous potential to boost opportunity in communities of color, it becomes even more important to include new adopters of technology in the conversation on privacy and how to address these concerns.”

How we achieve this goal however is less clear. Panel members underscored the critical need for greater education to raise awareness and transparency about data collection, but consumers are facing a double threat to this education:

  1. School funding has been slashed as a result of the economic morass the country finds itself in, while at the same time districts are being measured more tightly against test scores.
    1. Unfortunately, technology isn’t a test subject so funding shortfalls have cut heavily on tech teachers and computer labs.

Learn more about the state of technology in schools in my recent posts U.S. Far behind in Integrating Technology in Schools and Educators Lack Training; Don’t Teach Online Safety.

To understand the dire straits schools are in, check out the text boxes in this article. These are requests for funds shown on the DonorsChoose website. (DonorsChoose is an online charity connecting potential donors and classrooms in need and I highly recommend their work).

Exactly how are schools that are priced out of technology supposed to step up to the panel’s recommendation of greater education?

  1. Corporate funding to nonprofits has also been slashed due to economic struggles. This means that not only are schools unable to train teachers, and maintain robust computer access, nonprofits cannot step in to fill the void.

Right to transparency and privacy

The other key outcome from the conference was addressing consumers’ concerns and right to privacy.

Citing a 2010 Federal Communications Commission (FCC) study, forum panelists agreed that online privacy policies should be more accessible to consumers, even on mobile devices, and companies should be more transparent in the data being collected.

The referenced FCC study found nearly 100 million Americans do not use broadband (1/3rd of the population), and the reason nearly half of these non-broadband adopters remain offline in part because they fear “all the bad things that can happen on the Internet”.  (To learn more about the FCC’s study, see my article Broadband Adoption Jumps to 75 Percent of US Consumers).

“Concerns about privacy can potentially prohibit broadband adoption among people living in the communities that can benefit most from what broadband can do to advance learning, opportunity, and quality of life,” said Dr. Nicol Turner-Lee, Vice President and Director of the Joint Center. “How we address these concerns needs to align technology innovation, consumer trust and education, especially to assure new Internet users and non-adopters that the web is a safe space.”

Danny Sepulveda, Senior Advisor to U.S. Senator John Kerry (D-MA) added to these comments saying, “Regardless of how and what you access, you should have the right to know what is being collected, and for what purpose. At the end of the day, we need a comprehensive code of conduct.”

Again, how to achieve these goals was less clear. While many legislators see legislation as the solution, industry leaders are less enamored with a code of conduct preferring to use ‘industry norms and ground rules”.

As a longtime online safety, security, privacy and technology advocate, I just happen to have a couple of solutions :-0.

Education

There is no getting around the need for computers, laptops, handhelds, and other technology tools in schools, and I can only encourage the federal government, states, school districts and the public to make technology adoption a priority. Once those technologies are in place, the second hurdle, as outlined in Educators Lack Training; Don’t Teach Online Safety, is getting quality teaching about technology into schools.

To drive this forward we created the LOOKBOTHWAYS Foundation whose sole mission is to deliver an expert driven, top quality, interactive curriculum called NetSkills4Life that is free of charge to every school, organization, family and individual. There are three lessons per grade, and no hoops to jump through to use the curriculum; and because it is immersive, parents, teachers, students all have the same experience.

While it is nice if teachers have the skills to expand on the lessons (and we provide additional resources and suggestions for them to do so) we built the lessons knowing that most teachers and parents lack the skills needed so the lessons are created to independently deliver the learning needed.

The caveat to this is that we are building out the lessons as quickly as funding makes possible. The first lessons are created using earmarked funds targeting the 6-8th grades, so to check out the lessons, look in the 5th and 6th and the 7th -9th  grade sections. We will have the first 6 lessons complete in October. If you wish to help fund additional lessons, by all means, contact us!

Consumer rights

For longtime followers, you know I have been championing a ‘bill of rights’ for consumers online for many years. Over time these have morphed slightly to meet new technology needs, and to be more palatable to industry members.

The latest version (below) was crafted in 2010 while I was president of the Safe Internet Alliance. We undertook at that time to bring the industry players to a common understanding of best practices for safeguarding consumers and their privacy. That initiative did not bear fruit, but I remain convinced that consumers will not have the safety and transparency they need to make informed choices until these are adopted, or mandated. Frankly I’d rather see them adopted without mandates/regulations coming into play:

Consumer Internet Safety and Privacy Rights – A Standard for Respectful Companies

ALL Internet users have the expectation of a safe Internet experience, and respectful companies strive to provide quality safety and privacy options that are easily discovered and used by consumers.  Your safety and privacy, as well as the safety and privacy of your family on the Internet should be core elements of online product and service design.

In a nutshell, online consumers should demand these rights:

  1. Establishing safety and privacy settings should be an element in the registration, or activation of a specific feature’s, process.  This includes informing you in easily understood language about the potential consequences of your choices. This allows, and requires, you to make your own choices, rather than being pushed into hidden, default settings.
  2. During the registration or activation process, articles of the terms and conditions, and privacy policy, that might affect your privacy or safety, or that of a minor in your care, should be presented to you in easy to understand language, not in a long, complicated legal document in small font.
  3. You should expect complete, easily understood information and age appropriate recommendations about every safety and privacy feature in a product or service.
  4. You should expect to easily report abuse of the products or abuse through the products of you or someone in your care.
  5. You should expect a notice or alert if a significant safety or privacy risk is discovered in an online product or service you or someone in your care is using.
  6. The provider needs to publish on a regular basis statistics demonstrating how well the company enforces its policies.  Such statistics should include; the number and types of abuse reports, number of investigations conducted, and number and type of corrective actions taken by the provider.
  7. When services or products are upgraded, you have the right to be informed of new features or changes to existing features and their impact on your – or your child’s – safety or privacy in advance of the rollout.
  8. When the terms of use or privacy policy of any provider are about to change, you have the right to be informed in advance of the changes and their impact on your – or your child’s – safety and privacy.
  9. When a provider informs you of changes to their features, privacy policy, or terms and conditions, they should provide you with a clearly discoverable, way to either opt out, or block the change, or to terminate your account.
  10. When terminating an account, your provider should enable you to remove permanently and completely all of your personal information, posts, photos, and any other personal content you may have provided or uploaded, or that has been collected by the provider about you.

Linda


Kudos to Groupon for Notifying Consumers of Privacy Changes – and Doing so in Advance of Rollout

July 17, 2011

Defying the prevailing practice of steadily eroding user’s privacy and doing so without so much as a warning, Groupon has sent users a clear advance notice of pending changes and encourages users to read them.

And (Gasp!) Groupon is actually strengthening their privacy commitment to consumers, giving users more control over their privacy settings, and making their policy easier to understand.

It is a sad reflection on the internet industry that the respect Groupon shows their consumers is noteworthy, and it highlights a very clear gap that consumers generally have failed to appreciate.

There are two types of internet companies – those that respect you, and those that don’t.

Companies that respect their consumers work hard to give you full control over the information they collect and store about you. They are respectful of how they share any information about you and selective in choosing the companies with whom they share your information.

Respectful companies make it easy to understand their privacy policies and terms of use, notify you in advance of any significant changes to their terms or services, make it easy for you to remove your information from their sites and put strong measures in place to secure your data. Learn more about how respectful companies behave in my blogs Your Internet Safety and Privacy Rights – Standards for Respectful Companies, and Privacy Policy Changes – Some Companies Get Notification Right.

Conversely, companies that change their terms of use and privacy policies without notice, add features that impact your privacy, security or safety without notice, that default (or later change) your settings to public, or are careless in their protection of your information, show their true colors[i].  These companies often find themselves in the crosshairs by privacy advocates, the FTC, and even Congress.  These companies knowingly exploit you and your information for their next buck.

Why use a company or service that doesn’t respect you?

Figuring out which companies respect your privacy, security, and safety isn’t rocket science – my bet is you’ll know within 5 seconds of apply some basic criteria to sort the companies you use into respectful vs. disrespectful buckets.

Why use a company that doesn’t put you, the customer, first when respectful companies can be found in every category of online service? Though they may not be the most popular choice today, you have the power to change that.

If enough people ask themselves why they’re staying in an abusive relationship with a company that doesn’t put them first two things will happen. The most popular companies will quickly become the ones that put users first, and disrespectful companies will quickly change their tune and show greater respect in order to avoid collapse.

Understand the power you command in the internet economy.

What value does a social network, a search engine, a dating site, a shopping site, a gaming site, etc., have if it has no users? None, zip, zero, nada.  To understand this, look at the fate of MySpace. The once “unbeatable” social network bought by News Corp. for $580 million in 2005, was dumped last week for $35 million because most users left.

In no other venue do consumers wield as much power as on the internet because in the internet’s business model you, the consumer, are the core commodity. Without consumers there are no advertisers. No shoppers. No information exchanges. No matter the current size of an internet company, if users leave the company is effectively dead.

Right now, the public remains a sleeping giant, but naptime is over.

If you want a better internet experience, if you want to be respected, protected, secure and in control online it will only come by rewarding companies that do the right thing. Make a commitment to only use companies that treat you as the valuable commodity you are, with the respect you deserve, with the controls in your hands (not theirs), and shun sites that fail to measure up.

Make companies earn your business. If even 5% of internet users demanded respect, the internet world would stand on its head to provide it.  The power is in your hands, which sites will you use?

Linda


[i] Note: Not all companies who are hacked have been careless with your information, but when a company like Sony stores information like your passwords in clear text (unencrypted) it represents a shoddy disregard for consumer safety.


The Always Up-to-Date Guide to Managing Your Facebook Privacy

July 9, 2011

The first sentence of this article on LifeHacker says it all; “Keeping your Facebook info private is getting harder and harder all the time – mostly because Facebook keeps trying to make it public.”

With 700 million users – and the parents of users – valiantly trying to keep up with Facebook’s ever shifting exposure tactics (a.k.a. their privacy policies) checking the Always up-to-Date Guide to Managing your Facebook Privacy by Whitson Gordon should become a recurring monthly calendar event.

I’m serious. Given the rate of new feature rollouts/information exposure opportunities, a once-a-month check to ensure you aren’t sharing as much as Facebook would like needs to be as automatic as paying your bills.

If you’re a Chrome user, you’d be wise to also consider downloading the free Internet Shame Insurance app created by another Lifehacker, Adam Pash. This tool “adds privacy reminders to Facebook, Twitter, and Gmail to help you avoid the most common online communication faux pas. The extension sits in the background and springs into action only when you’re about to post a status update or reply all.”

My only point of disagreement with Gordon’s Always Up-to-Date Guide is with the sentence ,“Despite plenty of user complaints, Facebook still hasn’t caught on to the “opt-in” philosophy”. This isn’t a dull-witted or slow moving company that still hasn’t caught on to respecting consumer’s privacy. Rather it’s a company who knows damn well the wishes of its users but blatantly chooses to ignore these in favor of more revenue.

To learn more, see my blogs Privacy Policy Changes – Some Companies Get Notification Right and Your Internet Safety and Privacy Rights – Standards for Respectful Companies.

Linda


Your Information IS Displayed on Spokeo – Here’s How to Remove It

June 4, 2011

Spokeo is a search engine that is specifically designed to collect YOUR information to make public. My frustration with Spokeo and other data aggregators this is that they do not ask your permission to expose your information nor notify you of their actions. They just happily make money by placing you at risk.

Spokeo has been around for several years, so why am I writing this now? The short answer is that I got a Google alert informing me of the data so it just recently pissed me off.  I tested the service when it was first getting underway and but then the data was pretty sparse.  Now you’ll be uncomfortable about what they’ve collected – and display about you.

To start go to Spokeo, and enter your (or someone else’s) name, phone number (cell or home phone), email alias,  or user name.

The ‘top level’ information is free, you pay to see more info, and/or they make money by advertising a company that will help you keep your information off sites like Spokeo. But within that top level FREE information you learn quite a bit about the person you are looking up including:

Age Full name (with middle initials) Marital status Address (including Google Earth View) Gender
Religious affiliation Educational status Who else lives in your home Ethnic background Horoscope sign
Phone number (even ‘private’ numbers and cell  numbers) Whether you own a  home, and the home’s worth Economic and wealth levels Lifestyle and Interests (like: loves reading, has children, enjoys shopping, subscribes to magazines. Neighborhood info like cost of homes, average incomes, ethnic and age profile,
Social networks participated in Publicly posted photos Email address Political affiliation Occupation

In their own words, this is what the company says they’re about (italics added):

Spokeo is a search engine specialized in aggregating and organizing vast quantities of people-related information from a large variety of public sources. The public data is amassed with lightning speed, and presented almost instantly in an integrated, coherent, and easy-to-follow format.

While an individual could on their own, for example, potentially locate a person’s phone number or address by searching phone books, then redirect their search to a county tax assessor’s office to determine a home’s value, they would have to conduct literally hundreds of searches to discover all of the information available through only a single search on Spokeo.

Spokeo’s unique and powerful algorithms can swiftly navigate, sift through, and collect multitudes of scattered data that are spread across hundreds of locations, and synthesize that information in one convenient summary, delivering the most comprehensive snapshot of people-related, public data offered online to date. The search results represent an unparalleled mosaic of the vast stockpiles of public information accessible, and can offer invaluable insight into both the individual being searched, as well as the different types of information published.

When it comes to locating people-related information, Spokeo’s powerful search and organization technology far surpasses that of conventional search engines. That is because Spokeo’s specialized web crawlers can penetrate lesser accessed, content-rich areas of the web, collectively known as the “deepnet which many general-purpose search engines cannot. The “deepnet” is home to vast and largely untapped, dynamically-generated sites. And, since the majority of people-related public records are frequently stored on these types of sites rather than on web pages, Spokeo has a distinctive advantage over traditional search engines to which these rich stockpiles of data remain out of reach.

In other words, Spokeo exposes far more information about you than even Google exposes. Without your consent. Without your knowledge.

If you want to know more about someone, you can pay a monthly fee to dig deeper.

To protect themselves in case this information is  used for malicious purposes – like the wife beater trying to find where his ex-wife has moved to get away from the abuse – the site has a clause in their Terms of Use that says you may not use Spokeo.com or any information acquired from Spokeo.com:  to engage in activities that would violate applicable local, state, national or international law, or any regulations having the force of law, including the laws, regulations, and ordinances of any jurisdiction from which You access Spokeo.com. I’ll just bet this is a huge deterrent to the stalker, and a real comfort for those at risk for harm.

So how do you remove your information from Spokeo’s search results?

You’ll notice in the first Spokeo graphic in this article, on the bottom of the page they have a section called Protecting Your Online Identity, and that it contains their justification that boils down to… everyone else has your info, all we do is collect it…as well as a product pitch to pay to be protected. “All of the information that appears on Spokeo is publicly available and therefore may appear on other sites. To protect your online identity you can use a service like Reputation to manage your publicly available information.” Think about it, they get to make money off exposing you, while you have to pay to protect it. That’s just wrong.

If you’re still determined to have your information removed (and you should be) they have the following privacy statement and instructions for removing yourself:

While our search results show only publicly-accessible information gathered from hundreds of public sources, such as phone books, marketing surveys, business sites and more, we understand that you are concerned about the information shown our search results, and allow all users to opt out. You can do so by clicking on the Privacy link located at the bottom of the page which will take you here: http://www.spokeo.com/privacy

Removing Search Results

  1. Locate the search result you want removed. For name search results, click on the listing you want removed.
  2. Copy the URL from your browser’s address bar.
  3. Go to http://www.spokeo.com/privacy
  4. Paste the URL.
  5. Provide your email address (required to complete the verification process).
  6. Type in the Captcha Code exactly as you see it.
  7. Check your Inbox for the confirmation email, and click on the link to complete removal process.
  8. Once you click on the link, be sure you see the following message:

Once you’ve removed your information: 

  • Put a reminder on your calendar for a month from now, and check again to see if your information remains off the service.
  • Tell your friends
  • Contact your elected officials and demand better privacy regulation – including better privacy over your property records.
  • Start requesting additional sites take down your information. For example, have views of your home removed from Google’s Street View (see my blog How to Remove Images of Your Home from Google’s Street View), remove information from White Pages, and so on.

Linda


HHS Strengthens Health Information Privacy & Security, is it Enough?

August 25, 2010

The National Health and Human Services department has announced new rules intended to strengthen the privacy of your health information. The goal of these new rules is to ensure that as use of health information technology expands, Americans can trust that their health information is protected and secure. The new rules include broader individual rights and stronger protections when third parties handle individually identifiable health information.

The proposed rule aims to strengthen and expand enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Enforcement Rules by:

  • expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.
  • requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;
  • setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
  • prohibiting the sale of protected health information without patient authorization.

The department also launched a new health privacy website at http://www.hhs.gov/healthprivacy/index.html to provide consumers easy access to information about HHS’s privacy policies.

“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers,” said HHS Secretary Kathleen Sebelius. “While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work.”

“HHS strongly believes that an individual’s personal information is to be kept private and confidential and used appropriately by the right people, for the right reasons,” said of HHS Chief Privacy Officer Joy Pritts.  “Without such assurances, an individual may be hesitant to share relevant health information.”

Are these steps enough to protect your medical identity?

While these steps are important measures for those legally accessing records, it does nothing to ensure that the access to these records through doctors offices across the country are appropriately secured. Where are the security requirements for every single computer and user accessing this information?

I believe that online records can improve medical treatment, the risks outweigh the benefits until  our records are secure. When we know our privacy is ensured. When we know that some malicious entity hasn’t written a virus changing our medical histories, when we know we can correct mistakes that appear in the online records.

These new rules do nothing to strengthen our protections against these risks.

To learn more about the risks of online medical records, see these blogs:

Linda


Follow

Get every new post delivered to your Inbox.

Join 1,761 other followers