GOODIES TO GO! (tm)
September 13, 1999 -- Newsletter #45
Application Security Testing: An Integral Part of DevOps
GOODIES TO GO! (tm)
September 13, 1999 -- Newsletter #45
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
Did you hear...
>Republican House Whip Tom Delay has introduced a bill that would lift a lot of the restrictions on how much a political candidate can spend on the Web. Those against the measure said it would thwart election campaign finance reform efforts.
>Check your computer for a file called "W32/Kriz.3862". That's the so-called Christmas Trojan horse virus. If you have it, use a virus program to get rid of it. It will explode on Christmas day and do damage to W95 and W98 computers. If your system doesn't kill it, look to the Web site of your virus program for help. Many companies are making this a priority.
>Did you invest with stockplayer.com by any chance? If so, sorry. The site was fake. The four who started it were creating bogus information to sell stocks and bonds. They will be charged 9/8/99 in U.S. District Court with conspiracy to commit securities fraud and conspiracy to commit money laundering.
Now, onto today's topic...
Do you feel secure on the Web?
Do you have privacy?
Did you know there was a difference?
Yes. In fact, that difference is causing a rift in the Internet business community. Here's the general concept. When you perform a monetary transaction on a Web site, often you are sent to a secure area of the server so that your credit card number and personal information is transmitted in an encrypted fashion. Been there? Done that? Good. That's what's known as "security."
Once the transaction is complete, the business has your name and e-mail address and some other really juicy information about you. Will they sell that to a spam list or not? The answer to that question relates to "privacy."
Many Web privacy groups are getting bent out of shape because very few consumers realize that these two concepts are not one and the same. Most people believe that if a Web site offers secure transactions, they must in turn offer privacy. The problem is that this logical line of thinking isn't always so.
Immediately, some might yell, Government Regulation! (People would look at you funny, but you might yell that.) While some might agree with you, the general Internet business community wants as little government interaction as possible and business are taking steps to avoid it.
Just last week, Intel announced that it will pull its advertising from any site that doesn't prominently display a privacy statement. I think it's interesting that they put the statement that way. They didn't pull their ads from a site that would sell your e-mail address, just from sites that won't tell you that they're selling your e-mail address.
So, it's buyer beware. Read the privacy statement. If it's there and if it says we will sell your e-mail address if you give it to us, then tough cookies on you. You were warned. It's better than nothing, I guess.
By the way, Intel is not the leader in this thinking. IBM, Microsoft, and Disney carry similar qualifications on their advertising dollar.
Do you find it funny that Intel is trumpeting this privacy concern? Remember the flack over the last Pentium chip that carried ID numbers so that information could be transmitted to help verify the identity of consumers? I wonder if this decision is more PR than concern for the consumer.
So, is the answer to just put a privacy statement on the page and all will be well? Nope. This is another case of the bad ones have ruined it for the good ones.
Jupiter Communications did a survey and found that almost two-thirds of Web consumers simply distrust a Web site in terms of privacy, even if a privacy statement is included on the page. Pure and simple, we think you're lying to us because you've burned us in the past. Once bitten twice shy.
I'll admit it. I am in this category. I have no problem putting a credit card into a Web site because I know the process of SSL is quite safe. But I wonder how well my privacy is being protected when I open the Goodies e-mail box and see spam after spam after spam. Yes, I always hit reply and put "REMOVE" in the subject line. Ha! Fat lot of good that does.
I've been burned and it cheeses me. The Jupiter survey notes, I believe correctly, that consumers' distrust in terms of privacy issues are deep and complex and will not quickly or easily be assuaged.
I'm really not sure what a site would have to do to make me believe they won't sell my information once I put it in. I guess it's a case of I'll know it when I see it.
Jupiter asked 2,015 consumers what would help them trust a site's privacy statements. The results weren't encouraging.
- Thirty-six percent say that posting a privacy statement would help allay fears.
- Fourteen percent would trust the site if there were government regulation.
- Only nine percent would trust a friend or co-worker's word.
(Yes, I know the results added up to 123%. My assumption is that many consumers chose more than one answer.)
So, what is it? Third-party seals on the Web, a mixture of seals and government involvement (which government, by the way)?
Nope. We will not get to mass acceptance of privacy statements by adding anything. We'll get there by taking things away. The solution is akin to getting a friend to trust you again after you've done them seriously wrong. It will take time and it will take true effort on the friend's part.
Consumers need to see spam-free mailboxes. They especially need to notice that the spam at least doesn't increase dramatically after making a purchase.
May I suggest a solution? The Internet community needs to set an overriding policy. Let it come from the W3C or some other nonprofit group that has no stake in the process.
The policy statement should state, "This Web site will not distribute any of your personal information including your name, e-mail, or demographic information without your permission" then offer a checkbox that the user can click to offer information.
Just don't pull the underhanded trick of having the box already checked and expect the consumer to uncheck it. That's dirty. The consumer should only have to take action if they want something, not if they don't.
The Web site could then have two databases, one for those who say "no" and one for those who say "yes." Sell the "yes" database. You were given permission. If it's found that you sold the "no" database, then you should pay serious fines or be put out of business. I think the punishment should be that harsh because that one site that sells the "no" database will have placed a scarlet letter on those who don't.
"Wait!" some business site might cry, "We make money off of selling those lists. We would never get enough e-mail addresses to make it a viable sell."
That should tell you something, don't you think?
And that's that. Thanks for reading.
Joe Burns, Ph.D.
And Remember: The shortest grammatically correct sentence in the English language is "I am." However, some people think that "I do" might, in fact, be the longest sentence.
Thanks, folks! I'm here all week!
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...