garnetbobcat
join:2007-10-02
| reply to Skippy25
Re: [HSI] Charter to monitor surfing, insert its own targeted ad
For what it's worth, I just sent the following to Joe Stackhouse, Neil Smit and the Consumerist:
Dear Mr. Stackhouse,
I am a high speed internet subscriber in the Fort Worth, TX area. For the last year or so I have had Charter’s 10 Megabit service and I am a satisfied customer. I am writing, however, because I am concerned by your recent letter discussing the “enhancement” that will be coming soon to my Charter web browsing experience (targeted, in-line advertisement manipulation). I appreciate Charter’s respect for my privacy, but the method that Charter has provided to opt-out of this tracking scheme is insecure and woefully inadequate.
The method that you provide to opt-out is as follows. First, a customer must visit www.charter.com/onlineprivacy. Once at the site, the customer must enter his or her complete name and address. Upon submission of this personal information, the customer must accept a cookie from Charter that indicates his or her opt-out status. While this process sounds simple on face, further consideration reveals that this opt-out method is fraught with privacy concerns and places the burden on your paying customer, rather than Charter.
The most pressing privacy issue with this opt-out method is that the opt-out form presented at the aforementioned URL is not encrypted. As I’m sure you realize, this means that a user submitting his or her address to Charter is doing so in the clear, leaving this personal information open to eavesdropping. It is not difficult to create an SSL-encrypted web form. It is troubling that Charter has not done so in this case.
The fact that this opt-out system relies on a cookie to keep users opted out is also a privacy issue. By telling customers who visit the opt-out page that, “if you delete your cookies or cache files… you will have to opt-out again,” you are encouraging users to keep those files that good privacy practices dictate should be frequently purged. Ironically, the best reason to purge one’s cookies often is to prevent internet marketers from tracking one’s behavior online.
In addition to the critical privacy concerns, the steps required to avoid being tracked by this new advertising system place the burden on your customers, rather than on Charter where it belongs. A customer should be able to opt-out of this advertising tracking system in a manner that will rarely, if ever, require the customer to opt-out again. Instead, because the system uses cookies, a customer must insecurely opt-out of being tracked on each PC in his or her home. Further compounding the work that the customer has to do, if the he or she deletes cookies in accordance with safe browsing techniques, it will be necessary to insecurely opt-out on each and every PC again.
I suggest that rather than force your customers through unending iterations of opting out of this advertising system, you should allow customers like me to opt-out at the cable modem level via a secure, encrypted form on your website. I’m glad to hear that Charter has an appreciation for my privacy, but please change your opt-out process to demonstrate that you also have an appreciation for my time and security online.
--
Matt, CCIE Security, »www.wr-mem.com |
|
Sikmaz
join:2002-04-13
Greenville, SC | Very good email Garnet, the only change would be to stress that the opt-out should be permanent or for 12 months or more regardless of cookie status. If the system can't integrate with their provisioning system then they should use it at all. |
|
markopoleo
join:2003-04-02
Bonne Terre, MO | Not sure what the big deal, don't most people just use ad blockers anyways now? |
|
clickie
join:2005-05-22
Monroe, MI
| The point isn't the ads, the point is that Charter is peeking into every packet sent to and from your computer and allowing a third party to track what you do via (ostensibly) the MAC address of your cable modem.
People install cookie blockers because they don't want marketers and advertisers creating a profile, regardless of how "anonymous", of where they go on the internet. And I find it highly offensive that they peek into communications I have with the likes of Google to determine my interests. I have to believe that this intrusion is illegal under the ECPA of 1986.
Even if you install ad blockers, they will still create a profile of your habits. And I'm certain they'll sell it to the highest bidder. |
|
markopoleo
join:2003-04-02
Bonne Terre, MO
 ·Charter Pipeline
| said by clickie  :The point isn't the ads, the point is that Charter is peeking into every packet sent to and from your computer and allowing a third party to track what you do via (ostensibly) the MAC address of your cable modem. People install cookie blockers because they don't want marketers and advertisers creating a profile, regardless of how "anonymous", of where they go on the internet. And I find it highly offensive that they peek into communications I have with the likes of Google to determine my interests. I have to believe that this intrusion is illegal under the ECPA of 1986. Even if you install ad blockers, they will still create a profile of your habits. And I'm certain they'll sell it to the highest bidder. /shrug Not that big of a deal. No different than the millions of other things that collect data from you. You might as well stop using a visa/mastercard, shopping from stores, paying taxes, etc. Welcome to the future. |
|
Davebo_
join:2002-11-19
Canada
| reply to markopoleo
said by markopoleo :Not sure what the big deal, don't most people just use ad blockers anyways now? Wow.
Ignorance is bliss, eh? You must be a happy mofo, then. |
|
BF69
join:2004-07-28
Camden, TN
| said by Davebo_ :said by markopoleo :Not sure what the big deal, don't most people just use ad blockers anyways now? Wow. Ignorance is bliss, eh? You must be a happy mofo, then. Hey as long as he doesn't see the ad the fact that charter is keeping tabs on him and basically letting 3rd party have his surfing info who cares? |
|
clickie
join:2005-05-22
Monroe, MI
| reply to markopoleo
So you'd have no problem with your phone company listening into your telephone conversation to your spouse/friend complaining that you've been suffering a bout of constipation, and sending you marketing material for a laxative?
Right now, the Nebuads people say they exclude health issues. That is subject of course, to change at whenever they like.
The big deal for me is that it always starts small. "We're not going to correlate this information to your personal identity" is what they say now, but when? If you think they'll never do that, you're being naive. |
|
markopoleo
join:2003-04-02
Bonne Terre, MO
·Charter Pipeline
| said by clickie :So you'd have no problem with your phone company listening into your telephone conversation to your spouse/friend complaining that you've been suffering a bout of constipation, and sending you marketing material for a laxative? Right now, the Nebuads people say they exclude health issues. That is subject of course, to change at whenever they like. The big deal for me is that it always starts small. "We're not going to correlate this information to your personal identity" is what they say now, but when? If you think they'll never do that, you're being naive. No problem at all with it. They do it for Direct Mailing with snail mail already, they have for long as I can remember. Off the top of my head I can think of 4 places that do it already.
Heck even programs do it now, even MS messenger has it, it will put ads in bottom based on browsing habits. The internet is just playing catchup to what everything else in the world does. |
|
Robert Morrisson
join:2000-03-31
Silver Spring, MD
| reply to Sikmaz
Why twelve months? Why not forever?
Should it be necessary for the consumer to notify every company they deal with that they do not want to receive advertising, or credit card offers, or whatever.
Why not make it encumbent on the company to secure permission before providing the service. If they had to do this I suspect no one would opt in. That is why they want to force you to opt out.
Congress set the stage for this with the bank privacy statements. It was discovered that they were selling your information without permission. Our brilliant elected representatives said that all that was needed to correct the problem was to allow those who did NOT want this to happen to opt out of it.
Now we have opt-out for everything. The sneaky marketers can come up with new schemes faster than you or I can opt out of them.
It was the Republican Congress that gave the OK to this. It was the Democratic President Clinton that signed off on it. The public was screwed, but at least it was a bi-partisan screwing. |
|
showaswell
@charter.com | lol@ replying to three month old comments. |
|
