PC World has an overview of Loopt, which will begin testing location-based advertising via CBS Mobile in the near future. What’s notable about the service—aside from the fun concept of triangulating location via cell towers—is that Loopt and CBS Mobile “seem to have made most of the right choices for privacy.” That includes the service being opt-in instead of opt-out, and no personal data (such as account info or phone number) being sent back upstream. The targeted ads replace existing ads as well, so there’s not a location-based spammy increase in advertising with the service. This is the kind of advertising we “like”—localized, relevant, and anonymous on our side of things.
privacy
Wal-Mart Holds Your Credit Card and ID Hostage When You Complain
By 4.14.08
When reader Steve went to Wal-Mart to buy Rock Star for his daughter, he reluctantly presented the cashier with a state issued ID containing just his picture, name and signature. Steve’s job is to consult with law enforcement about identity theft, so he’s more careful than the average bear.
Data On Over 40,000 Patients Stolen From NYC Hospital
By 4.12.08
The New York Times is reporting this morning that an unnamed employee stole personal data on over 40,000 patients from NewYork-Presbyterian Hospital/Weill Cornell Medical Center. The theft “occurred over the past several years and included patients’ names, phone numbers and Social Security numbers.” As we’ve come to grimly expect in these cases, the hospital was made aware of the theft in January, and announced it publicly on Friday after an internal audit. “We obviously deeply regret that this has happened,” said the hospital’s spokeswoman, Ms. Manners. She also said that investigators are “looking into the possibility that the theft could be part of a larger criminal scheme.”
Conde Nast Will Never Stop Emailing You. Never. Stop Asking.
By 4.10.08
Condé Nast marketing department, are you on crack? Have you put some trinket from “The Hills” in charge of your mail server? Justin has emailed you repeatedly to tell you to stop spamming him. His marketing preferences on your site show a vast field of “No” for every single title on your list. And yet he’s received 16 emails since his last request—almost three a month. You should know better—or, as Justin puts it, “This isn’t some Nigerian guy trying to make my penis larger or send me money, this is a company here, in the United States, that I know should be held accountable.”
Sears Takes Customer Account Security 80% Seriously
By 4.10.08
On Wednesday, April 9th you received an email with the subject line “Get $25 From Citibank”. We recently discovered that the email we sent to you incorrectly contained the salutation “Dear Donna Robinson” rather than “Dear MATTHEW F”. We apologize for the confusion this may have caused and want to assure you that the email is a legitimate Sears card email.
Oh Sears. Well, according to Matthew F, at least the account number was his.
Leukemia Survivor Who Had Identity Stolen By Lab Tech Tells His Story
By 4.10.08
We wrote about Eric Drew a few weeks ago—his personal information was stolen by a shady lab technician while he was undergoing treatment in 2004.
Your Credit Card Information Is Worth About 40 Cents
By 4.9.08
You may think that your credit card and banking information is worth a lot of money to potential crooks. If you do, you’re wrong. There’s so much stolen personal information out there and banks are getting so good at cutting off compromised credit cards quickly that it’s driving the price down.
Dumpster Diver Finds Customer Financial Information In Bank Trash
By 4.9.08
For four months, James Hastings searched through trash bins outside People’s United Bank branches in Fairfield County. He pulled out bags of paperwork with private information, including customers’ Social Security numbers and account information.
Google's Street View Is All Up In Your Driveway Looking At Your Basketball Hoop
By 4.8.08
The couple, Aaron and Catherine Boring, have succeeded in getting the photos yanked from the site, but the industrious minds over at the Smoking Gun found another even more intrusive set of photos taken by the search giant.
ISPs Are Maniacal Stalkers Who Read Your Email And Watch You Surf The Web
By 4.6.08
Internet service providers are actively tracking 100,000 users, reading every email they send and every website they visit, according to the Washington Post. The report coincides with a damning Associated Press investigation of ISP contracts which finds that they reserve broad rights to read essentially anything you view on the internet without any intervening supervision or regulation.
Radio Shack Won't Accept Cash Without Your Home Address
By 4.2.08
Reader Tim went to Radio Shack to buy something or other and the manager refused to process his cash transaction without first learning his home address. Tim left the store and dashed off a quick email to us. He let us know he was going to contact Radio Shack about the incident, but felt certain that he’d be ignored.
Identifight Tells You What Sites Your Email Address Is Publicly Linked To
By 3.31.08
Matthew wrote in to complain about a new website called Spokeo, which sounds like a stalker’s dream: it sucks up all the entries in your address book, then returns a Big Brothery smorgasbord of all the publicly accessible accounts and services linked to each email address, along with updates any time something happens. It might surprise you to see just how easy it is for someone to assemble a picture of your Internet footprint with only an email address.
Don’t like the sound of that? Luckily for you, someone has already been inspired to follow Spokeo’s model and create a tool—Identifight—that lets you track your own email address to see what shows up, so you can patch up privacy leaks.
Are You Sure You Want To Add That Facebook App?
By 3.27.08
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
Best Buy Keeps Your Credit Card And SSNs In Plain View On The Sales Floor
By 3.26.08
I saw something a little weird at our local Best Buy [redacted]. While on my break from work I decided to stop by the store and pick up the latest copy of Rainbow Six Vegas 2. While walking through the audio section of the Home Theater department I passed by a computer terminal next to some stereo equipment and an open filing cabinet in the middle with a tray on-top. At first I thought it was just storage for binders, pamphlets, sales ad’s and stuff they might need on the floor, but when I looked into the tray I saw completed credit card forms, with peoples names, addresses, social security # and etc…
Facebook Takes Letting The Whole World See Your Private Photos Seriously
By 3.25.08
THE QUOTE:“We take privacy very seriously and continue to make enhancements to the site,” said a Facebook spokesperson.
The Man Who Owns DoNotReply.com Knows All The Secrets Of The World
By 3.24.08
If your company is in the habit of using a “donotreply.com” address in the “From” field of its emails, you might want to forward your IT department this entry from the Washington Post’s “Security Fix” blog—when customers don’t pay attention and reply to a “donotreply.com” email address, it goes to Chet Faliszek, a programmer in Seattle who registered the domain seven years ago.
With the exception of extreme cases… Faliszek says he long ago stopped trying to alert companies about the e-mails he was receiving. It’s just not worth it: Faliszek said he is constantly threatened with lawsuits from companies who for one reason or another have a difficult time grasping why he is in possession of their internal documents and e-mails.
Don't Want A Debit Card? Key Bank Will Charge You $1 A Month
By 3.19.08
After hearing about Hannaford’s giant customer data breach yesterday, Brian decided to cancel the debit card he’d used there. That’s when he found out that Key Bank really wants you to have a debit card. In fact, they’ll charge you a small monthly fee to not have one linked to your “free checking” account. We figure that this means Key Bank makes about $12 a year more off of customers who have linked debit cards—and that if you want greater security on your account, it’s going to cost you.
