The other day I made an eBay account, and in order to raise the maximum sale amount beyond $1000 eBay made me answer personal questions about my relatives, information that they had apparently found out from some commercial database, which I'm sure will then be fed back into that database. Not really sure how I feel about that.
It's called knowledge-based authentication, a kind of identity proofing. This could conceivably be implemented such that your personally identifiable information stayed with the third party (who already has it) and never crossed eBay's path, though I don't know if that's the case here.
Credit agencies already have this information about you, so it's perhaps no surprise Equifax is the first result for "identity proofing" on Google.
I've had to do that before when applying for a credit card, but the information wasn't very accurate. They were asking a bunch of questions about my mortgage, which I've never had. Eventually I realized they had somehow gotten my parents' mortgage attached to my name (possibly because I was on one of their credit card accounts years ago?), and once I realized that, I was able to answer the questions correctly by asking my parents what to answer. But, not too impressed.
Always happens to me too. Except I have the same name as my Dad so things are even more confusing. They tend to ask me the name of my brother and his birthdate etc... Except I don't have a brother. Usually if I enter the info of my Dad's brother it gets processed as correct.
Page 12 of this document talks about "associations" (http://www.experian.co.uk/downloads/consumer/creditRefAgency...) - credit reference agencies cannot use data about one person at an address to rate a different person at that address, even if they have the same surname, unless there is some financial link.
When entities with access to your credit history do that, they present a mixture of true and false questions. It's quite possible they were expecting you to say that, no, you didn't have that mortgage.
I've had a similar experience; despite repeated attempts to correct it, my dad's AmEx invariably shows up on my Equifax report. Apparently I've had quite a nice line with them since I turned 8.
Can you clarify: Were you selling something for more than $1000 or buying something for more than $1000?
What were the questions exactly (not stating the personal data of course)? And how were you supposed to answer, i.e., did you have to type in names and addresses, or pick the answer from a multiple choice list, or what?
I was selling something for over $1000. The questions were something like:
"Which of these cities did [Grandmother's name] own property in."
"Which of these people are related to you?"
The questions themselves are relatively innocuous, but the entire situation of where the information comes from and how my answers get used is rather disconcerting on multiple levels, especially since there really isn't enough information to make an intelligent decision.
Also kind makes you realize how little protection those standard "secret questions" for password recovery offer. Mother's maiden name, father's middle name, where did you go to high school.... it's all in a database somewhere.
I'm not sure why you were downvoted. I read your comment to mean "it seems that the loss of privacy due to divulging/verifying the information was worth less than $1,000 to you."
This is a completely rational interpretation of this specific situation and the freemium/"your information is our product" business model.
- There's no way to know what the actual ramifications are.
- There's no way to measure those against the other things that I'm already doing.
I already do Google searches and watch YouTube videos on my own computer from my own WiFi network, and I also use a debit card, have an EZ Pass, use a cell phone, etc. As I'm sure do most people reading this.
There's zero way for anyone to really know how our actions will effect us in the future. For all we know, opting out may be worse than opting in when it comes time to get insurance, get a loan, apply for a job, etc.
It's certainly creepy when you're actually confronted with all the information that's floating around about you head on, but it's not at all clear what it all means or how it actually effects you. And believe me, I've read several books on privacy, Internet privacy specifically.
I am really confused with your comment, in fact I am not really sure that you and I are talking about the same thing. Before we go any further down the rabbit hole lets make sure we are on the same page:
- There's no way to know what the actual ramifications are.
- There's no way to measure those against the other things that I'm already doing.
Huh? What role do those two statements have to do with the discussion?
I commented that the downvoted parent was a rational interpretation of the situation; you seem to be talking about the rationality of supplying the information to ebay. I did not comment on whether it was rational to supply the information to ebay because I have no concept of your utility schedule.
I am not sure what books you have read about privacy that have not exposed you to an economic analysis of privacy; especially books on Internet privacy. Seriously? What books are you reading?
There is a long history of economic analysis of privacy; Judge Posner published some seminal papers in the late 70s and early 80s [1][2]. A good place to do more research would be anyone of the ten or twelve proceedings from the Workshop on the Economics of Information Security [3] or one of the intro pages by the big professors in the field such as Acquisti[4], Anderson[5] or Ross[6]. Given that you "already do Google searches and watch YouTube videos on my own computer" Prof's Acquisti's introduction to the field seems prescient and especially apropos:
"Behind a privacy intrusion there is often an economic trade-off. The reduction of the cost of storing and manipulating information has led organizations to capture increasing amounts of data about individual behavior. The hunger for customization and usability has led individuals to reveal more about themselves to other parties. New trade-offs have emerged in which privacy, economics, and technology are inextricably linked: individuals want to avoid the misuse of the information they pass along to others, but they also want to share enough information to achieve satisfactory interactions; organizations want to know more about the parties with which they interact, but they do not want to alienate them with policies deemed as intrusive.
Is there a combination of economic incentives and technological solutions to privacy issues that is acceptable for the individual and beneficial to society? Is there a sweet spot that satisfies the interests of all parties? The papers, people, and conferences listed below try to address some of these issues."
[1] Richard Posner. An economic theory of privacy. Regulation, 19-26, 1978.
[2] Richard A. Posner. The economics of privacy. American Economic Review, 71 (2): 405- 409, 1981.
"Huh? What role do those two statements have to do with the discussion?"
Because it doesn't make any sense to say that I decided my privacy was worth less than $1000 dollars if there is no way for me to rationally quantify or put a value on whatever privacy I was giving up.
"Seriously? What books are you reading?"
Mostly Jeffrey Rosen and Daniel Solove, so I haven't read much about this kind of economic analysis. Sounds interesting though, I'll check out some of those links.
I would argue that fact makes there user data more marketable and valuable to third parties. Which would provide the opposite motivation to most companies.
I am quite surprised that anything that apple apply patent for automatically is for the greater good, instead being for its own agenda. I would not be surprised that the only application of this patent would be to spead more non-sense about its futur product.
Paranoid Linux used to do something similar. The concept was lots of seemingly real browsing traffic would be randomly generated through your computer, and this would add a significant amount of noise to the total web browser traffic to your machine.
See also "TrackMeNot" - (http://cs.nyu.edu/trackmenot/) which is a browser extension to generate realistic fake traffic.
I haven't seen any analysis of this extension, but I suspect it'd be trivially easy to split the fake traffic from the real traffic. I guess it has an annoyance factor if people have to store your traffic data.
What sort of identity thief cares about what products you buy, or what you search for? This is just a giant middle finger to Google, Facebook, and any other data-collection service.
I wonder if my proxy server that replaces cookies and referrers for Facebook Google & domains with "ads" in them - with random-but-plausible junk infringes this patent (or provides prior art against it)?
The problem is you will be up against a legal team funded by millions of dollars and they will get you stuck in red tape for years. I don't think a lawyer would take that on commission. And I don't know a lot about it, but I don't think counter-suits are very lucrative in patent law anyway.
Every browser has it's nuances that must be accounted for when developing. Safari wouldn't die for the same reason I.E. hasn't: it's bundled with a hugely popular OS
There seem to be quite a few knobs to tweak, and I'd be interested in seeing how such a service would work in iOS/OSX while minimizing user involvement. I suspect there would be certain tendency to still make oneself somewhat trackable if the user were to be given the possibility to tweak the Clone's parameters—much in the way that tweaking one's User Agent is quite likely going to severely lower privacy in terms of uniqueness.
On a tangential note, I'm always glad to see entities try and solve problems (here: user tracking, surveillance, and privacy violations) with strong technological solutions rather than conventions and policy. It's not that, say, DNT can't work, but solutions similar to the one at hand[^0] seem much stronger as guarantees.
Needless to say, I'd also be very interested in using this system, or a subset thereof. Hopefully, in a way that ensures not even Apple can track me ;)
[^0]: Acknowledging the fact that Apple themselves might not actually implement this, of course, and that Novell doesn't do much with it further.
