[LINK] HTML email "bug", of sorts (fwd)
Tue, 21 Aug 2001 10:58:13 +1000
On Mon, Aug 20, 2001 at 07:20:57PM +1000, Irene Graham wrote:
> On Mon, 20 Aug 2001 16:55:25 +1000 Craig Sanders <firstname.lastname@example.org> wrote:
> >anyone know the real story behind these email.ni.com.au URLs?
> I don't know the actual story, but my fairly-well-educated-guess is
> there's only about an on 0.1% chance your suspicion is wrong.
yep...but since i didn't know for sure, i had to admit the possibility
that it wasn't for spying.
i've got confirmation from another subscriber, btw. the same story from
the same edition of Ping but with a different URL....so that's pretty clear
that it does encode the userid in the URL.
> Nevertheless, mis-use of personal information, spying etc, is going
> to continue even by organisations who claim to respect privacy
> preferences, at the very least until many more people start making a
> louder noise.
i suspect that many (most?) people wouldn't give a damn.
> I'd recommend you do the following:
> - unsubscribe from the news service
> - get yourself another email address, free or whatever, and resubscribe
> using that address (give them a pseudonym if they want more than an email
> address, so they can't profile *you*). Don't use that address for anything
i am subscribed under a different email address (one of the benefits of
running my own domain is that i can have as many addresses as i want :).
in other words, like many people, i deliberately "lie" in order to
protect my privacy. people have been doing that for years in the real
world with deliberate misspellings of their names, or use of a false
middle initial as a kind of tracking code (so that they know where some
paper-spammer got their details from) etc.
while i have no moral qualms about doing this, i must admit that this
normalisation of dishonesty is disturbing...what does it mean to a
society when people routinely lie in order to protect their personal
information from misuse?
> - Await spam on that address.
no spam received on that address so far.
i still don't like being profiled. i wasn't informed of, nor did i
authorise, this record of which stories i am interested in.
also, this tracking is not required to provide the service i subscribed
to...the service could be provided just as easily without the tracking
(i mention this because some services - e.g. shopping carts - don't work
at all without some form of user tracking)
> - If you get any, you'd very likely have grounds to lodge a complaint
> with ADMA,
i doubt if that would make any difference at all.
an "industry watchdog" made up of members/representatives of the
industry? yeah, sure, that's going to protect the interests of the
they don't even pretend to be anything but toothless.
> and I'd be *very* interested to know what they do/say given they
> claim their current Code is compliant with laws that come into
> effect 21/12/2001. Whether these laws are much use is another issue,
> but finding out how ADMA interprets them is interesting in terms
> of whether Net users ought to feel any safety/privacy protection
> at all in disclosing their personal info to "ADMA Code Compliant"
there may be something to that. they are using data (email address etc)
for a purpose other than that which it was provided for (subscription to
a mailing list). they are not disclosing use of that data, and they are
deliberately obscuring the fact that they are making unauthorised use of
that data (i.e. encoding the URL prevents non-geek subscribers from even
suspecting that there's something shady going on)
craig sanders <email@example.com>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch