Loading ...
Sorry, an error occurred while loading the content.

327Re: Cookies, tagging and privacy

Expand Messages
  • jimmacintyreiv
    Sep 1, 2004

      Following up on HR2929 IH and RH. IH is pretty clearly dealing with
      spyware code that is downloaded onto a user's machine and the use of
      such to collect information or do other things to user. RH is

      It is unclear in either of the bills whether javascript
      (interpretable software code) would be considered "software", if it
      is then a number of other issues arise beyond what I mention below.

      In general they follow the FTC theme of prohibiting "deceptive
      practices" and try to list out some of such and cover others

      The most affecting prohibition for some in our industry, as is is
      currently written, would seem to be Sec.3.7. of RH. "Inducing the
      owner or authorized user to provide personally identifiable
      information to another person by misrepresenting the identify or
      authority of the person seeking the information."

      Doing what is described in this section does not require "spyware"
      in the common use of the word (e.g. not javascript). The common
      practices of some in our industry (add that these are not the common
      practices of many others including the one I work for) could meet
      this prohibition. There is the basic set of events that I believe
      could be prohibited under this rule if passed.

      - Web analytics vendor uses javascript or other method (web bug) to
      extract PII from form fields filled by site user and other sources
      (definition may come to include IP numbers and else, but that is not

      - Web analytics vendor's web bug sends the PII that the user
      intended to go only to the site operator to a third-party other than
      site operator.

      In this case the user is deceived into thinking that the PII they
      are providing to the site is going just to the site, when it is
      actually going to third-party instead or as well.

      In general, and to the primary point in my previous messages on this

      This industry should in general try to not use their technology or
      behave in ways that can be seen as being "deceptive" and site
      operators should not use technologies that appear to deceive

      It is my basic belief in regard to what will bear out at the end of
      the day, in regard to this legislation and other in the future that
      legislators will, as time passes, find ways to include
      any "deceptive" practice into this or other legislation.

      What is "deceptive?" I think that some common sense can be applied
      here . . if a user thinks when they are providing information to one
      person (company) and something is being done without their
      permission to send it to some other company, then that will be
      considered "deceptive."

      Best regards,

      --- In webanalytics@yahoogroups.com, Eric Peterson
      <eric.peterson@g...> wrote:
      > Stephen,
      > I know you're in the UK and care slightly less about HR 2929 but
      > you work for a US company have you looked at this bill and thought
      > about it's implications at all? If so, I'm sure the group would
      > to hear your thoughts.
      > Thanks,
      > Eric
      > On Tue, 31 Aug 2004 09:07:31 -0000, Stephen Turner
      > <yahoo@a...> wrote:
      > > --- In webanalytics@yahoogroups.com, "dallatana" <dalla@a...>
      > > > Hello All,
      > > >
      > > > What about third party tracking generated by advertisers? The
      > > > advertising model is pretty much built on the ability to
      track, but
      > > > their methods are not controlled by the site on which they
      > > > advertise.
      > > >
      > >
      > > This, of course, is why cookies got a bad name in the first
      > >
      > > When cookies were first invented, advertising meant banner ads,
      > > everyone used DoubleClick to serve their ads. Because cookies
      could be
      > > attached to images not just pages, DoubleClick was able to attach
      > > cookies to their ads, and track everywhere that you'd been. This
      is in
      > > a different category from being able to track you within one
      site, and
      > > seemed to cross the boundary of what many people -- at least,
      many of
      > > those few who knew what was going on -- found acceptable.
      > >
      > > > One point regarding the threat to the use of cookies et al,
      is the
      > > > importance of a site's privacy policy and what it discloses to
      > > > users.
      > >
      > > No, I disagree with this. Most people don't read privacy
      policies at
      > > all. And the sort of people who care about these issues have
      seen too
      > > many examples where the privacy policy is designed solely to
      > > users without promising them anything. Too often there's some
      > > boilerplate along the lines of "We can change any of this policy
      > > any time by posting the changes on our website".
      > >
      > > --
      > > Stephen Turner
      > > CTO, ClickTracks http://www.clicktracks.com/
      > > ClickTracks wins ClickZ Marketing Excellence Award again!
      > > WINNER: Best Web Analytics Tool 2003 & 2004
      > >
      > >
      > > ---------------------------------------
      > > Web Metrics Discussion Group
      > > Moderated by Eric T. Peterson
      > > Author, Web Analytics Demystified
      > > http://www.webanalyticsdemystified.com
      > > Yahoo! Groups Links
      > >
      > >
      > >
      > >
      > >
      > --
      > Eric T. Peterson
      > Author, Web Analytics Demystified
      > www.webanalyticsdemystified.com
      > Have you joined the Metrics Discussion Group? Email
      > webanalytics-subscribe@yahoogroups.com to join today!
    • Show all 8 messages in this topic