A little Internet private time

April 11, 2011


We all freaked out a little bit last week over what may have been the worst breach in e-mail address security ever. For me, the rolling thunder of annoyance came in the drip drip drip of e-mail alerts from a number of companies with whom I’ve done business saying that the address I had shared with them for limited, specific purposes had been acquired by a hacker.

A bigger story emerged only later: These were not individual notes, but rather a symphony of breach because e-mail addresses from lots of customers shared with lots of companies were all stored in one place, a company called Epsilon.

Most people probably didn’t realized they had agreed to share their addresses with Epsilon, whose business includes managing marketing mailing lists, by virtue of the contracts they have with thousands of retailers. Nobody really reads privacy agreements and the terms of service because — and let me make a bold assertion here — they are needlessly long and verbose precisely to deter anyone from attempting to do so.

So the circumstances made it possible, a la Oceans 11, to do the cyber equivalent of robbing three casinos by breaking into a single, not quite impenetrable vault.

There could be cause for some concern. It’s possible that your e-mail address could be an important puzzle piece for identity theft. But by far the most likely worst case scenario is just plain annoying: You’ll get more spam, and a lot of those are sent to trick you into selling yourself out.

But consider this: Freaking out over getting more spam is a sideshow when it is already the overwhelming majority of the e-mail you get. It’s nothing compared to the privacy easements you allow and invasions you invite every day. We are all in for a pound already.

If you’re one of the 600 million or so people with a Facebook account you may think of the world’s largest social network as a way to keep in touch with (or avoid) friends and family, share pictures and play Farmville, but as you waste your life away the service is engaged in an epic effort to become your de facto Internet identity. Every time you conveniently log onto some site using Facebook Connect, hit a “Like or “Share on Facebook” button or check in using “Places,” you are sharing valuable information about yourself.

Facebook isn’t valued at $65 billion for nothing. A big part of that implied worth is its ability to provide marketers with a very good idea of who they are pitching, even if the jury is still out about whether Facebook is the next Google when it comes to online retailing.

By definition, Facebook is for sharing. So if you are serious about privacy, you will drop everything and spend a little time wading through a maze of privacy settings and explanations. (You must be logged in to access the link).

Or, maybe you won’t because it’s just too much to absorb (see above).

Whether or not you’re a part of Facebook, it’s most likely that you have something to do with Google, to which the vast majority of humanity turns for their Internet search needs.

Guess what? By default Google sends along your search query to the site you are visiting. Also, third-party ad tracking networks can grab that info, as well. You can choose to set up your Google searches to conceal the content of your search queries — it’s the only major search engine to offer that option. Are you bothered yet?

It’s really hard to be an Internet hermit. On and offline there are good reasons to draw the blinds sometimes and to be wary of the motive of someone offering you a free lunch.

But there is a huge difference between sharing non-sensitive information about yourself in return for that free lunch, having your e-mail address shared like a bong at a college frat house and getting victimized by an online scam by clicking on a link in an e-mail that isn’t from your mother (and maybe her too).

Like the devil, privacy is in the details.

Photo: ‘keep out,’ by guy schmidt/flickr. Used with gratitude via a Creative Commons license.

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/