Wednesday, July 14, 2004

invasion of privacy

Kathryn Jean Lopez passes on this report
Jack Dunphy tells me when he went to amazon to buy WFB's new book, Miles Gone By, he saw this on the same page:
Customers interested in this title may also be interested in:
Luxury Nude Vacation
Hidden Beach Resort Luxurious Nude Resort in Mexico
What if Mr. Dunphy was at Amazon looking for the book because it had just been recommended by his daughter? What if she had also told him that she bought some vacation books too, and was planning to take a vacation to Mexico this summer? Could this not lead Mr. Dunphy to wonder about his daughter's vacation plans? He would have to guess that only one person has made this particular buying decision. And he would have to guess that it has been recent. It's easy to come up with related scenarios where someone's privacy is invaded and it has serious consequences.

I read Amazon's privacy notice, and it doesn't mention anywhere that information about your buying habits might be made available to other customers. Even if they did tell us about this, they would claim that they only share information in aggregate, with no personal identifying information. Yet in this case it is possible to extract that personal identifying information.

I don't want to leave it up to some random programmer to decided what constitutes a safe and anonymous use of my information. I have no idea how conscientious or thoughtful he is. In this case, whoever wrote the program was an idiot. You should never provide sensitive "aggregate" information without using a lower bound on how many customers have been aggregated. Not only are you risking the privacy of your customers, you are providing useless information.

People who are using Google mail and other web services that gather personal information should keep this in mind. They say they aren't going to abuse their position but you don't know that they are even competent enough to keep their word, much less whether they are ethical enough.

On a related note: people should not provide a friend's personal information to a web site. Those harmless-looking links that say "email this to a friend" are a likely SPAM trap. You enter your friend's email address into a web form and they may have a lifetime of junk mail to thank you for. Of course this isn't a danger if the "email this to a friend" link just pops up your email program, only if you enter data into a web form.

No comments: