Defending The Kingdom

I’ve heard of and personally encountered a number of e-commerce websites like the one described in this NYTimes article. The proprietor of DecorMyEyes.com promises the cheapest designer eyewear on the net, intentionally delivers something other than what customers order (a cheaper or counterfeit model, for example), and then stalls, threatens, cajoles, and harasses people who try to get their money back. He makes money when customers give up trying to get a refund, allowing him to pocket the difference in the amount he charged their credit cards and the value of the goods he shipped.

I believe that the majority of e-commerce websites deliver what they say they will, but you need to know how to avoid the few that won’t. Interestingly, the huckster who runs the site described in the NYTimes article provides the answer:

Selling on the Internet, Mr. Borker says, attracts a new horde of potential customers every day. For the most part, they don’t know anything about DecorMyEyes, and the ones who bother to research the company — well, he doesn’t want their money. If you’re the type of person who reads consumer reviews, Mr. Borker would rather you shop elsewhere.

Mr. Borker doesn’t want cautious, conscientious customers because those customers reduce his hourly wage. Why bother selling to these people when there are plenty of shoppers who will give up trying to get their money back without much fuss? That is why, amazingly, the owner of this scam website isn’t troubled by the bad publicity that makes it easy to protect yourself.

Before clicking “Buy”

Just as changing your password to something marginally more complex than the typical internet user’s password makes you an undesirable target, doing a bit of research on the net makes you vastly less likely to fall victim to an e-commerce scam.

When I say “a bit”, I really mean it. It takes two seconds to type “decormyeyes fraud” into Google’s search engine. Every search result I got when I did that clued me in to the fact that this website is bad news:

A Better Business Bureau search piles on the evidence:

So that’s it. The next time you are thinking of buying from an online retailer, just do a quick Google search like “companyname fraud” or “companyname scam” and then check out the Better Business Bureau rating. Most people spend a good amount of time researching their internet purchases — allocating just a couple of seconds to protecting yourself from fraud should not be too much of a burden.

After AOL published its users’ private search data last month, you may be wondering where it’s safe to do your searches. Who Which is the most trustworthy search engine? Is there something you can do so that you don’t have to trust the search engines at all? (continue reading…)

America Online fired two employees and its chief technology officer because of the release of user search data earlier this month, says the New York Times:

‘This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team,’ Miller said in a second memo. ‘We are taking appropriate action with the employees who were responsible.’

Accountability is a good thing when it comes to enforcing privacy requirements in any organization, and AOL seems to be taking it seriously. The company is taking several steps to ensure that this never happens again, such as keeping tighter controls on employee access to data, educating employees about privacy issues, and reviewing data retention and privacy policies.

I hope other companies that harbour large collections of user data are paying close attention. Then again, AOL didn’t take the hint from privacy fiascos that came before it (for example, it has been just over a year since ChoicePoint, a company that gathers and sells data about consumers, announced that it gave up sensitive information on more than 160,000 people to criminals posing as ChoicePoint customers – the media coverage on the story was extensive). (continue reading…)

Wired News has an excellent article called FAQ: AOL’s Search Gaffe and You.

In it, questions such as “Why did AOL release the records?” and “AOL says it anonymized the data by replacing the AOL user ID with a randomized number. Is it possible for someone to figure out who I am just from my searches?” are posed and answered in a straightforward way.

The following question is probably the most pertinent for those who would like to avoid search engine privacy infringements:

Has the government ever requested such records before?

Yes. One attempt was made public last fall when Google fought a subpoena from the Justice Department which asked for similar records from AOL, MSN, Yahoo and Google. The feds wanted the records to help defend an ongoing court challenge to the Child Online Protection Act. Google largely won that battle, but Yahoo, MSN and AOL all turned over records to the government. The government may have also asked for large quantities of search records as part of antiterrorism efforts, but those subpoenas and warrants typically come with gag orders that would prevent the search engines from publicly discussing them.

As far as I know, MSN, Yahoo, and AOL didn’t put up the slightest resistance. Google is not beyond reproach on all things privacy related, but the company is certainly a big step ahead of its competition in this instance.

This website is all about keeping your privacy. But I should make a qualification: it’s about keeping your information as private as possible. The miserable reality remains that you will not always have control over your data and your privacy.

That’s not to say that you should give up on keeping your information secure – you shouldn’t. But try to be prepared when the worst happens, as it did on August 4, 2006.

Last Friday, AOL posted on one of its websites a compressed text file holding 20 million search terms and phrases for about 650,000 users. The data was collected between March and May of 2006.

AOL has since removed the text file and issued an apology, but the damage is done (especially since the file is still available through other sources – once something is on the internet, it doesn’t disappear easily). This was taken from TechCrunch, which has been following the story closely:

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the abilitiy [sic] to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless. (continue reading…)