General Musing

blaze your trail

Posts Tagged ‘privacy

Is RevTrax violating FaceBook privacy policy? #facebook @RevTrax #privacy

leave a comment »

I just read an article Web Coupons Know Lots About You, and They Tell in the New York Times about RevTrax, it stated the following:

“When someone joins a fan club, the user’s Facebook ID becomes visible to the merchandiser,” Jonathan Treiber, RevTrax’s co-founder, said. “We take that and embed it in a bar code or promotion code.”

“When the consumer redeems the offer in store, we can track it back, in this case, not to the Google search term but to the actual Facebook user ID that was signing up,” he said. Although Facebook does not signal that Amy Smith responded to a given ad, Filene’s [Basement] could look up the user ID connected to the coupon and “do some more manual-type research — you could easily see your sex, your location and what you’re interested in,” Mr. Treiber said. (Mr. O’Neil said Filene’s did not do this at the moment.)

RevTrax says that is because it handles data for the retailers and does not directly interact with consumers. RevTrax can also include retailers’ own client identification numbers (Amy Smith might be client No. 2458230), then the retailer can connect that with the actual person if it wants to, for example, to send a follow-up offer or a thank-you note.

Isn’t this in direct violation of policy if the user joins as a fan?

If you offer a service for a user that integrates user data into a physical product (such as a scrapbook or calendar), you must only create a physical product for that user’s personal and non-commercial use.[1]

You must not give data you receive from us to any third party, including ad networks.[1]

You may not give data you receive from us to any third party, including advertising networks.[2]

… with respect to the Statement of Rights and Responsibilities clause 9.2.4, if the user de-authorizes, disconnects, or otherwise disassociates from your application, the permission to “store indefinitely” is rescinded for all user data you received from Facebook except for the User ID. In that event you can retain the User ID indefinitely (so that you can recognize the returning user, identify who created Independent Data in your application, or for other purposes limited to use related to your application), but all other user data you received from Facebook must be deleted as soon as possible (and in no case longer than 24 hours after you received it).[3]

It looks like they store the data offline, in a commercial product a coupon. And they share the data with a third party.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 9:59 pm

Implementation of Security #risk

with one comment

The lack of trained and experienced computer security people working in small to medium sized businesses today means that many times this is left to the regular IT departments to solve, if there even is an IT department. In many cases this leads to vendors educating the IT department on what are best practices, this is often to the advantage of both the vendors and the company. Important to remember is that such inequality and lack of knowledge on the part of the IT department can lead to a situation that when a vendor leaves the knowledge leaves with him/her. In the end the vendor is there to sell their software.

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

March 5, 2010 at 10:57 am

Wakoopa: Time Management Statistics

with 4 comments

I play with , it’s a little tool which tracks my usage for tools and websites. Sometimes it gets it very wrong, I don’t watch that much , but I do always have an IE window open with YouTube in it for if I need to find a film to illustrate a presentation.

Wakoopa Software Summary For Webhat

Wakoopa Software Summary For Webhat

YouTube YouTube


Firefox Firefox

Gmail Gmail

Technorati technorati tags: , , , , , , , ,

Written by Daniël W. Crompton (webhat)

February 26, 2009 at 3:58 pm

Banks don’t understand Privacy #privacy

leave a comment »

I was approached by a recruiter for a role as PKI specialist for a Dutch bank. They asked me to send them a copy of my passport over the internet. They wanted to forward this to the bank. According to the recruiter this was normal practice for them and the bank.

Interestingly enough when I had privacy concerns they thought I was making a big deal about nothing. This is the recruiter for the Triple-A rated Dutch bank, who I’ve mentioned in my blog before. I refused to send a copy of my passport over the internet, and told the recruiter that I would need some assurance that they would not send it over the internet.

Technorati Tags: , , , ,

Written by Daniël W. Crompton (webhat)

September 7, 2008 at 7:39 pm

Posted in pki, privacy, risk, security

Tagged with , , , ,

Browser Privacy

with one comment

Written by Daniël W. Crompton (webhat)

August 22, 2008 at 7:54 am

Posted in privacy, risk

Tagged with , , , , ,

Deleting Doesn’t Remove Data #privacy

leave a comment »

Many people live in the believe that the data they give to a website will be removed when they cancel their account, this should usually be the case. Some of the Social Networks don’t, because they can’t because they would brake their marketing.

I received a mail from a OKCupid, a networking site with dating as it’s theme, like Xing they send out an email highlighting certain people you should contact. I’m not sure what the heuristics are behind adding somebody to the introduction mail, but it’s obvious she didn’t want to get the kind of response she did as she immediately deleted her account and created a new one.

Had OKCupid really removed her profile the mail they send out would have a dead link and picture in it, but the picture was still in there. It seems they only deleted the link to her profile as all her messages and part of her details could still be retrieved and more importantly they still have her pictures.

Do you trust a private (not indexed) Social Network to really remove your details?

Technorati technorati tags: , ,

Written by Daniël W. Crompton (webhat)

July 31, 2008 at 11:49 am

Posted in networking, privacy, social

Tagged with , ,

Third Party Cookies

leave a comment »

GRC gathers some nice statistics on the use of Third Party Cookies also known as Tracking Cookies. I was amazed by the browsers which have TPC enabled by default, there is nothing immediately dangerous about having TPC enabled. However they have serious implications on the privacy and anonymity, they also make it possible for websites other than the one you are visiting to track you over multiple websites.

I run FireFox 3, but disabled TPC as soon as I installed it.

Technorati technorati tags: , , , , ,

Written by Daniël W. Crompton (webhat)

July 28, 2008 at 8:08 am

Posted in risk, security

Tagged with , , , , ,

%d bloggers like this: