SO wrote:For years we've been saying that the privacy of our members and users is important to us, and now, we've actually gone and put our money where our mouth is, and certified abovetopsecret.com through TRUSTe, the largest independent organization certifying the privacy of users online.
After an extensive six-week audit of our website procedures, our operational strategies, research into any existing complaints, and slight additions to our already comprehensive Privacy Policy we have been certified as an organization that protects the privacy of our users on all available levels.
While this doesn't mean any change in our operation or site code (no changes were required after the audit), it does provide our users and members with an extra assurance that we are proactively aggressive in protecting your privacy while using our websites. Additionally, TRUSTe acts as an intermediary should any user believe their privacy was at risk, or, that we acted in a manner contrary to our Privacy Policy. Complaints of this nature can now be filed directly with TRUSTe Complaint Department and they will investigate submitted concerns.
Link, to SO's post.
http://www.abovetopsecret.com/forum/thread383980/pg1
Lots of pats on the back and so on, which is all fine and dandy, and i do believe that it is at least a step in the right direction. However, a few good questions raised which i probably would have asked myself if i was able.
justyc wrote:what would be the situation if a member came forward with some really, really damning or lid-blowing true information regarding some conspiracy or cover up etc? how does the privacy of the members hold up then? would you be willing to hand over their details to the asking authority or go to jail to protect your sources like some journalists?
And SO's answer.
SO wrote:Being a legally registered Limited Liability Company, we would have no choice but to comply (after exhaustive protest) with any proper court order to supply user details.
However... we retain an amazingly small amount of user details.
1) We don't record or keep server traffic logs (user IP's are never associated with the content they view)
2) We only retain your email address to confirm registration (and if you delete it from your account settings... damn, we never saw it)
3) We record your IP address when you post as the only personally-identifiable piece of data that is associated with the content you create (however, we strongly suspect anyone with something damning would be using a proxy server)
So, "they" could ask for details on a user, but the reality is that the details we keep would most likely be useless.
I’m sure that having your IP address kept, even though it is “only” associated with the content you create should be a matter of concern for serious CT’ers, I really don’t think the majority of ATS members are serious CT’ers though.
So if you post some earthshattering news the government “could” track you through the IP attached to your post, I doubt that using a proxy would save you in that case either, I’m sure they would have the technology and expertise to trace through that.
burdman30ott6 wrote:OK, so I have to ask this (no disrespect intended). If you basically retain no personally identifiable information aside from that which we willingly post about ourselves, then isn't this kind of like bragging about offering free tidal wave insurance for home owners in Arizona? Seems like you've sort of done something completely unecessary here for little reason other than to look like you've got everybody's backs.
SO wrote:It's one thing to say we adhere to a well-intended privacy policy, it's quite another to subject ourselves to a lengthy audit so that an independent group may certify we do what we say.
I think “burdman” raises a good point. As you will see later in this post TRUSTe don’t exactly go for the jugular if you are found to be contravening the agreement you have with them.
What does it really prove, I think it’s probably largely damage control, it in no way addresses any of the other complaints that have been raised regarding ATS business practices, ie stealth bans, reading PM’s and so on.
They can easily explain reading PM’s as they already do, it is in their T&C, so by doing it they are not breaking their privacy policy.
Now if it said that under no circumstances would they read private messages in their own T&C and then did so, that would be a different matter altogether and TRUSTe may be a worthwhile watchdog for ATS members.
AcesInTheHole wrote:While most will be pleased, I think the people who were so worried about their info being stolen in the first place probobly won't be as pleased. Don't you think people will start to wonder why ATS needs a third party to take care of these things? Has there been problems in the past? Is there really a need for more bureaucracy?
SO wrote:1) There have been several claims in the past, based on rumor and innuendo, that we (ATS management) have acted in a way contrary to our stated privacy policies. This third party confirmation helps to alleviate the concerns some may have because of such allegations.
2) Our core topics involve many issues where members, potential members, and non-member users may be concerned about adherence to stated privacy policies. This certification provides an increased (hopefully) level of comfort that we are serious about the privacy of our users.
3) For those who still feel we operate in a method contrary to our stated privacy policies, there is now a very public way to lodge a complaint with a third party arbitrator. Confirmed complaints would result in loss of our certification, which would be potentially troublesome given the high-profile way we've announced the certification.
I’ll answer each point quickly.
1. There is rumour and innuendo because you have stated that under some circumstances you do read private messages.
2. If you were serious about the privacy of your users then private messages would be exactly that, private. How is it that you knew that a member sent a link with amkon in the address, hmmm, and I know the member he sent it to did not make a complaint to staff about it.
3. Confirmed complaints will not necessarily result in the loss of your certification as can be seen by the continued membership of Coupons.com at TRUSTe.
bobbafett wrote:I'm curious about the storage of the IP address each post is associated with though. You make it sound like that would be of no use to anyone, but it would be of massive use, unless of course as you say they are using proxies and other methods (still not foolproof). Is this storage legally required, or essential to the running of the site?
Not sure of why they need to keep your IP attached to every post you make either, other than it is a good tool for compiling information on your users.
Here’s a link to the TRUSTe site, and some other interesting reading from assorted sites.
Mostly “feel good” stuff.
http://www.truste.org/
http://en.wikipedia.org/wiki/TRUSTe
TRUSTe is an independent, privately held[1] organization best known for its Web Privacy Seal. TRUSTe runs the world’s largest privacy seal program, with more than 2,000 Web sites certified,[2] including the major internet portals and leading brands such as IBM, Oracle Corporation, Intuit and eBay. TRUSTe states its purpose is to establish trusting relationships between individuals and online organizations based on respect for personal identity and information in the evolving networked world.
Here’s the TRUSTe member list.
http://www.truste.org/about/member_list.php
And some not so “feel good” stuff.
http://www.wired.com/techbiz/media/news/2002/04/51624
This is from 2002, so much it may have changed drastically since then, *shrugs*.
But Yahoo's recent announcement of sweeping changes in the way it will use customer data collected under previous policies has many calling Truste's seal as meaningless as an Andersen audit.
Even Esther Dyson, the high-profile technologist who played a major role in Truste's launch five years ago, says she is "disappointed in what ended up becoming of it."
By its own account, Truste was conceived at Dyson's industry-leading PC Forum conference in 1996. Dyson credits others with the concept, but she pushed both publicly and privately for the establishment of the nonprofit company and adoption of its "trustmark," which certifies that online companies comply with their own stated privacy policies.
Truste makes no attempt to set privacy policies. It merely ensures that companies clearly state their own rules for handling customer data, and then adhere to them.
Not sure how this works, I will have to look into TRUSTe’s policies in a bit more depth, but what action exactly can they take. They can remove your certification, well we’ll see how well that works a bit further on.
Dyson agreed that, despite being co-founded by outspoken privacy advocates the Electronic Frontier Foundation, Truste's image has slipped from consumer advocate to corporate apologist. "The board ended up being a little too corporate, and didn't have any moral courage," she said.
I guess the next thing to do would be to do some background research on the current board and their mission statements. But as you can see from this excerpt below, becoming more corporate still seems to be TRUSTe’s agenda.
http://bits.blogs.nytimes.com/2008/07/1 ... in-truste/
Is the best way to protect the public good to go private?
That is the view of Truste, a 10-year-old nonprofit organization that certifies that Web sites meet some minimum standards to protect the privacy of their users. The group is converting to for-profit status and selling the bulk of its newly created stock to Accel Partners, the venture capital firm that backed eBay and Facebook.
Oh oh...eBay and Facebook....
The amount of Accel’s investment was not disclosed, but people involved in the transaction said it is around $10 million.
In many ways, Truste has already been run like a business. Most of its $6 million in annual revenue comes from charging site owners for the right to display the Truste seal. This has long raised questions about whether the organization is appropriately tough on the companies it certifies.
For example, it does not always tell the public if it discovers violations of its principles, even if the violations are so egregious that it kicks a site out of its program.
http://www.benedelman.org/news/031808-1.html
To this day, Coupons.com is in breach of TRUSTe's rules, and TRUSTe knows it. Yet Coupons.com remains listed on TRUSTe's whitelist as if its practices are beyond reproach and as if the company is in good standing vis-a-vis TRUSTe's rules. That's outrageous, and users should demand better.
Check TRUSTe’s member list, Coupons.com is still there. I’m unwilling to infect my computer so I wont be downloading anything from there site, so I can’t say for sure whether that issue has been resolved or not.
I will run a bit of background research on a few of those companies in their member list and cross reference it with complaints to see if there is a significant number of other companies still certified by TRUSTe even after upheld customer complaints.
Ok Heres a bit more info on their moving from non-profit to profit enterprise. None of which should be scary ordanarily.
http://www.paidcontent.org/entry/419-pr ... rom-accel/
TRUSTe, an organization that certifies websites for having good privacy practices, is turning into a for-profit enterprise, and has taken an unspecified investment from VC firm Accel. Saul Hansell at Bits cites sources putting the funding at $10 million. You’ve probably seen their seal of approval on some of the 2,400 sites they monitor. Like the Good Housekeeping Seal of Approval, it’s supposed to convey a sense of, well, trust, to users, by showing certification from a third party. With the investment, the company plans to expand and being targeting emerging areas, like social networking and location-based services, each of which brings a whole host of privacy issues that are still just getting unpacked.
Here's TRUSTe's press release.
http://truste.org/about/press_release/07_15_08.php
In response to increasing threats to consumer privacy, TRUSTe, the recognized authority on privacy best practices on the Internet today, announced the completion of its first round of financing from Accel Partners, a leading Silicon Valley venture firm. The investment will enable TRUSTe to create state-of-the-art monitoring systems to stay ahead of technology advances with new tools, products and best practices that facilitate trust between businesses and consumers.
“The Board of Directors is extremely pleased that Accel Partners has stepped forward to fuel TRUSTe’s future growth,” said Ralph Terkowitz, Chairman of the Board of TRUSTe. “We believe that Accel Partners, one of the most respected investors in venture capital, will serve as a perfect partner to guide and energize the success of TRUSTe as it expands to address new privacy frontiers.”
The only real concern i have is that a company that relies on businesses paying them to be certified may not always have the best interest of the consumer at heart.
Particularly if "profit" is to be their guiding mandate, i don't think Accel would invest in TRUSTe for purely altruistic reasons.
http://www.thedeal.com/techconfidential ... nonpro.php
Facebook itself has been subject to periodic privacy concerns. Some were raised last fall when Facebook launched its Beacon service, which collects user data from around the Web for advertising purposes. TrustE said it approved Facebook's modified version of Beacon in December
Here's a few more links with relevant information.
http://www.clickz.com/showPage.html?page=3623601
Some information on ralph Terkowitz who is chairman of the board for TRUSTe.
http://www.apus.edu/APUS/Who-We-Are/bio ... kowitz.htm
And TRUSTe's management team.
http://www.truste.org/about/management.php
http://www.truste.org/about/sponsors.php
Sponsors of the TRUSTe® program recognize the vital importance of customer trust to their businesses. Sponsors provide critical support for the development of new programs such as wireless, email, and other privacy initiatives. Some of our valued sponsors include:
· AOL
· Intuit
· MAXAMINE
· Microsoft
Benefits of sponsorship include:
· Seat on an advisory panel or initiative
· Joint press release announcing our joint commitment to privacy advocacy
· Company logo displayed throughout TRUSTe Web site and all appropriate marketing collateral
· Rotating sponsorship of one of TRUSTe's newsletters
· Marketing exposure at key industry events
· ...and much more!
Ok, so here's some background on TRUSTe sponsors, some you will know a bit about. I think if you look at who is sponsoring TRUSTe and what there expertise is you will start to get a better picture of the motives behind Sohai choosing TRUSTe as their certification provider.
This actually throws up more questions than it answers imo.
Some of the reports below are 3 – 4 years old, the others are as recent as 2008, but it’s not difficult to find any number of negative reports regarding spying and the breaking of privacy agreements by some of these companies.
http://www.searchenginestrategies.com/a ... amine.html
MAXAMINE satisfies the diverse and dynamic requirements across the enterprise with a single, coherent and fully integrated solution. With MAXAMINE, you can ensure the quality of search engine implementations, compliance with privacy, accessibility, usability, link integrity; screen for offensive content and inappropriate links; verify traffic and advertising tags, and analyze your site using custom search criteria, and quality standards, alerting, and issue management capabilities.
MAXAMINE serves leading commercial and government clients around the world, including AOL, EDS, Intuit, KPMG, WebMD, Sun Microsystems, Oracle, Wal-Mart, Legal & General, and Cadbury, as well as the U.S. State Department, Treasury Department, Department of Homeland Security, GSA, FAA, EPA, FDIC, IRS, the Victorian Government of Australia and many more.
Accenture Completes Acquisition of Maxamine
Maxamine, a privately held company founded in 1997, provides testing and optimization services to help companies improve the marketing effectiveness and financial returns from their websites and other digital marketing investments. Maxamine’s services include evaluating websites to identify implementation problems that undermine online marketing performance, as well as providing guidance to help clients improve the optimization of their websites, enhance the customer experience and decrease privacy-related and other risks.
Stephen Kirkby, Ph.D., a founder of Maxamine, said, “We’re very pleased with the opportunities that this acquisition affords the talented people of Maxamine and the greater breadth of online marketing services that the companies with which we’ve had the pleasure to work with over the years will have available to them now via Accenture.”
The closing of the Maxamine acquisition follows Accenture’s recent acquisition of Memetrics, which helps companies improve the impact of their online marketing campaigns by identifying which content will deliver the best results for targeted customer sets.
Here's just one of the products that MAXMINE provides.
http://wareseeker.com/Web-Development/m ... .zip/64220
Maxamine Web Analyst Professional is a complete web site management solution that can scan any publicly accessible site, visualize site structure, and perform a complete site analysis and intuitive mapping of traffic log file activity. This product will enable small and medium enterprises to conduct extensive analysis of their Web sites and those of their competitors.Maxamine Web Analyst is much more than just a link checker or log analyzer – it offers comprehensive navigation structure visualization and site reports, site search and complete traffic analysis (traffic reports and visualization on web maps). At a glance, you will see most popular pages and major traffic corridors in your site, as well as problem areas such as slow site navigation, broken links, non-returning and hard-to-reach pages, and much more.This product is ideal for scanning web sites up to 500 pages in size, which makes it an invaluable tool for small and medium enterprises, consultants, Web integrators and ISPs.
Intuit.
http://www.intuit.com/
http://www.intuit.com/about_intuit/profile/
Intuit Inc. (NASDAQ: INTU) is an American software company that develops financial and tax preparation software
http://www.crn.com/software/18830883
Hoping to win back alienated customers, personal software maker Intuit (NSDQ:INTU) Inc. is formally apologizing to users of its popular TurboTax program who rebelled against an anti-piracy feature the company introduced last year.
"I've talked one-on-one with quite a few customers, so I know this caused some of you considerable hassle and inconvenience," TurboTax general manager Tom Allanson wrote in an open letter of apology.
Mountain View-based Intuit plans to publish the letter as an advertisement in Thursday's editions of USA Today and The Wall Street Journal. The letter also will be posted on several Web sites.
Intuit is seeking forgiveness as it prepares to sell the 2003 edition of TurboTax , a program that generated $423 million, or 26 percent, of the company's revenue in its last fiscal year.
The unusual step serves as another reminder of the aggravation Intuit caused with the anti-piracy measure, known as "product activation," which was designed to prevent buyers from giving the tax program to people who hadn't paid to use it.
Intuit hoped to boost TurboTax sales with an activation code that chained the program to a single computer. The company instead faced an angry backlash from customers who abhorred the restrictions and feared product activation might allow Intuit to spy on their computer hard drives.
AOL.
http://www.grc.com/downloaders.htm
As you will see on the page below, if you use the RealNetworks RealDownload, Netscape/AOL Smart Download, or NetZip Download Demon utilities in their default configuration . . .
EVERY TIME you use one of these utilities to download ANY FILE from ANYWHERE on the Internet, the complete "URL address" of the file, along with a UNIQUE ID TAG that has been assigned to YOUR machine, and — in the case of Netscape's SmartDownload only — YOUR computer's individual Internet IP address, is immediately transmitted to the program's publisher.
This allows a database of your entire, personal, file download history to be assembled and uniquely associated with your individual computer . . . for whatever purpose the program's publishers may have today, or tomorrow.
Does AOL spy on you
http://networks.silicon.com/webwatch/0, ... 881,00.htm
A game distributed with new versions of AOL Instant Messenger does not respect users' privacy, critics say.
AOL began offering games along with the latest version of its instant messenger, and now some customers are worried that the company is playing with them, too.
People who use AOL Instant Messenger (AIM) have started complaining on AOL message boards after software bundled with AIM 5.5 began showing up in "spyware" scans. The popular chat application includes games from WildTangent, which has a tool that reports back to the company every time someone uses its products.
And everyone's favorite, Microsoft. I could provide hundreds of instances of Microsoft spying on their customers, but I’ll leave it to you to google if you need more proof.
http://www.spywareinfo.com/newsletter/a ... 003/10.php
An investigation by noted privacy advocate Richard Smith found proof that once again, the rumors were true. Using a port sniffer, Smith found that each time a DVD movie is played on a computer which is online, Media Player 8, which ships with all copies of Windows XP, contacts a Microsoft web server to get title and chapter information for the DVD. In violation of Microsoft's stated privacy policy, the server was setting a cookie with a unique identification code that enabled Microsoft to track what DVDs were being played on that particular computer. Rather than acknowledge that they had violated the privacy of their users, Microsoft merely shrugged and said "oops" before updating their privacy policy to include the behavior that they had been caught engaging in.
This wasn't the first time Microsoft has been caught lying in its privacy policy. Last year, an FTC investigation concluded that Microsoft made false promises about how secure it kept the consumer information it collected. The Director of the Bureau of Consumer Protection at the FTC, Howard Beales, said that Microsoft had been collecting information about the day and time consumers logged into participating Passport Web sites without their knowledge, and storing data for longer than it claimed.
Accel Partners, the company now financing TRUSTe.
Here's there homepage.
Lol, as soon as i logged onto their homepage "flash" tried to download, i already have the latest version. What the...
http://www.accel.com/
And Accel backed companies.
http://www.accel.com/company/index.php
Theres some companies there that have had privacy concerns regarding their sites and mangement over the years, in particular Facebook and Real.
Remember Accel is the company that has effectively bought out TRUSTe.
Ok, this may be delving into the realms of fantasy, but interesting nonetheless. What do you think?
http://doyoufacebook.blogspot.com/2007/ ... n-you.html
The second round of funding into Facebook ($US12.7 million) came from venture capital firm Accel Partners. Its manager James Breyer was formerly chairman of the National Venture Capital Association, and served on the board with Gilman Louie, CEO of In-Q-Tel, a venture capital firm established by the CIA in 1999. One of the company's key areas of expertise is in "data mining technologies".
How would you feel about being able to be tracked via your cellphone no matter where you are.
Richard Wong from Accel partners doesn't think it's a big deal.
http://www.mindfully.org/Technology/200 ... 8mar08.htm
Some in the industry think wireless carriers are being too skittish. Richard Wong, a partner at venture-capital firm Accel Partners, says "operators are sometimes too careful around this issue and are stifling innovation to some degree." He says the industry isn't taking into account that younger consumers have a much more relaxed view about what constitutes an invasion of privacy than their parents.
Accenture is the company that bought out MAXIMINE, one of TRUSTe's sponsors.
http://blog.wired.com/27bstroke6/2007/0 ... ccent.html
The Justice Department has joined three whistleblower lawsuits targeting Sun Microsystems, Hewlett-Packard and consulting giant Accenture, all of which prosecutors say defrauded the government of millions of dollars through kickbacks and rebates on massive government IT projects, according to an announcement Thursday.
The suits center on Accenture, which the government hired to help it evaluate new technology and make sure the government got the right equipment at a fair price. But the government charges that instead Accenture made $4 million cash in kickbacks from companies who landed contracts with the government through Accenture's recommendations.
Pdf's of the complaints filed available at the bottom of the page linked to above.
Accel and Accenture, very similar sounding, i'll have to look into that in more detail.
Here's a good laugh. The Privacy International Awards.
Privacy International held the 7th annual U.S. Big Brother Awards to shame the invaders and celebrate the champions of privacy. The ceremony was hosted by the 2005 Computers, Freedom, and Privacy Conference, in Seattle.
The Nominees for the Worst Corporate Invader were
- Acxiom (for a tradition of data brokering)
- Accenture (for its Government projects)
- Response Unlimited (for trying to sell the list of donors to Schiavo's parents')
I wonder if Bill thought certification by TRUSTe would stop the rumour and innuendo, lol. From what i have gathered so far just with some basic research it would seem to me that they will be only increasing the amount of stories circulating about them.
Hell, maybe that is the real motive.
Either way, thats some pretty damning information regarding TRUSTe, their sponsors and partners so far.
I wouldn't be bragging about being certified by them.
So, would I feel much better about my privacy on ATS if I were a participating member after certification by TRUSTe, well, honestly, no I wouldn’t.
I have some more information regarding a couple of the companies involved in acquisition of some of the above mentioned companies, need to do a bit more research on those also.
Stay tuned.
Btw, this isn't meant as a pick on ATS thread, there may very well be nothing at all wrong with the process and appointment of a third party watchdog, in which case all is "apples".
But nor does it mean that we should, or ATS members should take it at face value, there is no harm in checking sources and researching any given policy statements by anyone (particularly a business) that you have been involved with, are currently involved with or may be involved with in the future.
mojo
(disclaimer, you should never take any information you discover on the internet at face value either, i cannot vouch for the veracity of any of the information contained within this post. Check and re-check sources and look for validation from reputable sites for confirmation of any of the information contained here, as i will be doing).
This thread is also posted in full at AmKon with only a few minor format changes, i have also included a link there back to Reality Uncovered and this post.
http://amkon.net/phpBB3/viewtopic.php?f=84&t=3692
Thanks to Zep Tepi for allowing me to cross link this thread.
*edited to fix some formatting*
