JUNKBUSTERS Links to Other Resources

  About this collection

New Scientist published the URL of this page as a source of ``more information than you could ever need'' about junk communications. Our aim is to help you find whatever you need to know about how to control them.

1. Suggestions for additions to this list are welcome. Please tell us via our feedback form.
2. Recently added links are often placed in our What's News page before being moved here.
3. Many links that mention us are given in our What They Say page instead of here.
4. Nothing here is an endorsement, and we don't guarantee the information is accurate.

The wide scope of these links reflects the variety of kinds of junk and the reasons why it is judged as such. The main reasons it is disliked are personal privacy and the environment. Some people advocate dejunking on principle, for reasons ranging from the practical to the spiritual.

  New and Noteworthy

In Life's Little Annoyances : True Tales of People Who Just Can't Take It Anymore New York Time reporter Ian Urbina examines reactions to telemarketing (including ours).

Ace Washington Post reporter Robert O'Harrow, Jr. analyses the ``security-industrial complex'' in No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society. [rave review on Wired]

From Brian McWilliams comes Spam Kings: The Real Story Behind the High-Rolling Hucksters Pushing Porn, Pills. Junkbusters President Jason Catlett wrote on the jacket blurb:

"Like a deep-sea photographer, McWilliams brings us a shocking series of portraits of the bizzare creatures feeding and fighting at the bottom of the Internet. Anyone who has wondered what kind of person would send spam can find the answer here. The truth is stranger than fiction, and more disturbing, as their tentacles reach us daily.

From Evan Hendricks comes Credit Scores & Credit Reports: How The System Really Works, What You Can Do. See more on the http://www.creditscoresandcreditreports.com/ Web site.

In The Naked Crowd: Reclaiming Security and Freedom in an Anxious Age Jeffrey Rosen ``makes an impassioned argument about how to preserve freedom, privacy, and security in a post-9/11 world.''

From consumer activist Jamie Court comes Corporateering: How Corporate Power Steals Your Personal Freedom And What You Can Do About It. Court coined the term corporateering.

An excerpt from The Skiptracer's Little Black Book by Robert Scott: ``Here's a little known secret of veteran skiptracers: many of the largest finance and retail comanies in American [sic] will share phone, address and other information on their delinquent customers or "skips" with other creditors and their representatives.'' Many other how-to books on how to invade privacy are available from BRB Publications, Inc.

The Privacy Payoff: How Successful Business Build Customer Trust by Ann Cavoukian and Tyler Hamilton is aimed at business who want to avoid scandals and gain advantages from privacy. The book's web site includes an excerpt. An earlier book by Ann Cavoukian and Don Tapscott called Who knows: safeguarding your privacy in a networked world has been republished in a U.S. edition. [A review] Other papers by Cavoukian, who is the Privacy Commissioner for Ontario, include Privacy: The Key to Electronic Commerce and Data Mining: Staking a Claim on Your Privacy. Her office has also published a Privacy Diagnostic Tool (PDT), a self-assessment program used to help businesses gauge their privacy readiness.

Several new books about online privacy have been published recently. Internet Privacy for Dummies is by John R. Levine , Ray Everett-Church and Gregg Stebben . Also Protect Your Digital Privacy: Survival Skills for the Information Age by Glee Harrah Cady and Pat McGregor, which says it is ``a practical guide for the general Internet user... who'd like to know more about keeping his information private online and off.'' [Authors' description] Also World Without Secrets: Business, Crime and Privacy in the Age of Ubiquitous Computing by Richard Hunter.

(The following book review was written by Junkbusters President Jason Catlett.)

The Hundredth Window by TRUSTe founders Charles Jennings and Lori Fena is a clumsy attempt to push the privacy debate in America back a few years. Take one of the few mentions of the role of regulation in protecting privacy: ``Unfortunately, generic government laws are of little help in moving these kinds of notions forward.'' (p.143) Three decades of history of law and information technology in the US and other countries is simply ignored. Within the space of a single paragraph of opinion, Jennings and Fena glibly dismiss the role of democracy: ``So, with our governmental leaders on the sidelines, are there new rules that online businesses themselves should adopt as core elements of a personal data exchange?'' The answer given is the Online Privacy Alliance's self-regulatory guidelines, which were proposed to forestall legislation.

If any doubt remains that this book is what Silicon Valley's marketing departments would like American consumers to believe about privacy, try reading the following advice out loud without smiling or sounding sarcastic.

Tell the truth. When you find a company or website you can trust, be as open and honest as you can, especially when such information can help provide you with better, more personalized service. ... Failing to give correct information to Excite or Yahoo!--known to us to be trustworthy information partners--would be foolish. (p.16)

Control your data. The greater your personal mastery of your own [personal information] the more valuable that data will be to you. The converse is true as well. [What does this mean?]
Never exchange data without getting something of value in return. [This isn't advice for protecting privacy, it's an excuse for giving it up.]

They argue that with so much information accessible through the Internet, we now need to think of privacy less as an inalienable right and more as a personal skill to be practiced and sharpened regularly.

They argue that because so much information published through the Internet can be blocked, we now need to think of free speech less as an inalienable right and more as a personal skill to be practiced and sharpened regularly.

The dust-jacket endorsement from industry lobbyist Christine Varney suggests that consumers should knowingly compromise their own privacy, accept this as the price of ``personalization,'' and to be deluded into thinking this is acceptable because it was a ``choice.''

Charles Jennings and Lori Fena have provided the first roadmap to navigating the digital age without unknowingly compromising your privacy. They help us to understand the trade-offs between privacy and personalization, and how to make choices that work.

The blurb then goes on to suggest that if consumers deal with large companies, their privacy will be protected through TRUSTe, an organization that the authors helped found. Recent experience suggests that large companies have not protected privacy, and that TRUSTe has failed to require sufficiently high standards or to censure companies when they violate privacy.

Rather, they explain how to become a privacy-savvy user of the Internet and present an overall strategy for finding out who is trustworthy. Many leading companies on the Web, including Microsoft, Yahoo!, America Online, and eBay have signed with TRUSTe to monitor and provide customers with assurances that they are complying with their standards for privacy protection.

The Wall Street Journal, not known as a bleeding-heart liberal apologist, said ``...this book jumbles together horror stories of corporate and government invasion with some useful ideas on self-protection. It pushes rather too intently for industry self-regulation when there is clearly a role for government as well.'' (2000/10/30)

This book is weak excuse for abandoning legal privacy rights. Try one of the year's other three excellent books instead. [Reviews in Industry Standard]

1. The Unwanted Gaze: the Destruction of Privacy in America by Jeffrey Rosen, is a page-turning account of the failure of privacy law to keep up with technology and other infringing public goods. Drawing on examples from the 18th century to Monica Lewinsky, Rosen's analysis is at once witty and scholarly: ``Most of us, thankfully, will never have an affair with the President,... [nevertheless,] many Americans have their e-mail or Internet browsing habits minored at work... (p.13)'' ``Privacy, in an age of primitive technology, was largely a function of inefficiencies in technology of monitoring and searching.'' (p.57) (For a sample see the New York Times article The Eroded Self.) [Slashdot Review]
2. For a technological view on privacy, read Database Nation: The Death of Privacy in the 21st Century (formerly titled 2048) by Simson Garfinkel, published by O'Reilly books.
3. From Privacy Journal's Robert Ellis Smith comes Ben Franklin's Web site, a superb historical panorama of American privacy. [Review]

A chapter on privacy in Code and other laws of cyberspace. by Lawrence Lessig advocates a property right in privacy. [Review by Declan McCullagh] Perhaps best known for his appointment as the ``special master'' in the antitrust case of US v. Microsoft Lessig wrote in Wired 5.07 and elsewhere that ``software code - more than law - defines the true parameters of freedom in cyberspace.'' More recently this thesis appeared as The Code Is the Law in the Industry Standard, which also published Coding Privacy and satirical piece titled Memo to the Leviathan. We see cookies and freedom from the surveillance of advertisers as an example of his thesis. In Wired 6.03 he is further quoted: ``the question of what the architecture of cyberspace should be is not a neutral question. We need to think about it in political terms.'' Code's chapter on privacy, which seems to endorse P3P as the best prospect, has been sharply criticized by EPIC's Marc Rotenberg.

The villain of High Stakes, No Prisoners: A Winner's Tale of Greed and Glory in the Internet Wars by Charles H. Ferguson is Microsoft, one of our least-loved companies.

In Coercion: Why We Listen to What They Say Douglas Rushkoff argues that "Corporations and consumers are in a coercive arms race... Every effort we make to regain authority over our actions is met by an even greater effort to usurp it." Related: The Conquest of Cool: Business Culture, Counterculture, and the Rise of Hip Consumerism by Thomas Frank.

From Adbusters: Culture Jam: the uncooling of America by Kalle Lasn . ``The United States of America was born of a revolt not just against British monarchs and the British parliament but against British corporations,'' says Lasn, citing the British East India Company's tea monopoly. Lasn concludes: ``We, the people, have lost control. Corporations, these legal fictions that we ourselves created two centuries ago, now have more rights, freedoms and powers than we do.

In When Corporations Rule the World David C. Korten argues that ``The continued quest for economic growth as the organizing principle of public policy is accelerating the breakdown of the ecosystem's regenerative capacities and the social fabric that sustains human community; at the same time it is intensifying the competition for resources between the rich and poor--a competition that the poor invariably lose.'' (p.11) He blames advertisers who ``assure us their products will make us whole'' for making us need more money, which causes social alienation, which makes us more susceptible to advertisers. (Figure 21.1)

Our purpose is to consume--we are born to shop. Entranced by the siren song of the market, we consistently undervalue the life energy that we put into obtaining money and overvalue the expected life energy gains from spending it. The more we give our life energies over to money, the more power we yield to the institutions that control our access both to it and to those things that it will buy. Yielding such power serves the corporate interest well, because corporations are creatures of money. It serves our human interest poorly, because we are creatures of nature and spirit. (p. 266.)

In an essay titled the Birth of Mental Environmentalism about freedom in the mental realm, Lasn writes:

It's hard to define exactly, but it has a lot to do with privacy - the right to walk into a bank or a mall or a sports stadium without having your picture taken, to work in an office without having your correspondence secretly recorded, to drive around without being tracked by hidden video cameras. It has to do with dignity - the feeling that you can move through the culturescape and feel like an individual, alive and unique, instead of a datapoint or content receiver or consumer drone. It has to do with reserving the right to beg out of the corporate panopticon.

From Seth Godin: Unleashing the Ideavirus. Its thesis: ``We live in a world where consumers actively resist marketing. So it's imperative to stop marketing at people. The idea is to create an environment where consumers will market to each other.'' His previous book was: Permission Marketing: Turning Strangers into Friends, and Friends into Customers. [Summary] [More from Godin]

The End of Privacy by Reg Whitaker ``shows how vast amounts of personal information are moving into private hands. Once there, they can be used to develop electronic pictures of individuals and groups that are potentially far more detailed, and far more intrusive, than the files built up in the past by state police and security agencies.''

A review of Enemy of the State in Wired News says its scariest implication ``is that technology isn't what's holding the US government back from spying on its citizens. Laws are.'' The movie is basically a car chase prolonged by surveillance technology, but it scores a few good lines on privacy.

Anti-spam books: Removing the Spam: Email Processing and Filtering by Geoff Mulligan. See also Stopping Spam: Stamping Out Unwanted Email and News Postings by Alan Schwartz and Simson Garfinkel published by ORA.

In The Unconscious Civilization John Ralston Saul argues the prevailing ideology of corporatism is undermining individual rights. [comment by John Katz]

Published on the eve of the EU's Directive on personal data privacy deadline was None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive by Peter P. Swire and Robert E. Litan. [Review] Swire appeared in a panel on this topic at Internet World, moderated by Junkbusters President Jason Catlett.

Also from Brookings Institution Press is Privacy in the Information Age by Fred H. Cate. ``It seems that Cate never met a privacy law he liked, an attitude that may resonate among those of you who don't welcome the growing interest in the subject,'' wrote Robert Gellman in a review in DM News [Cate's Reply]. See also: In Pursuit of Privacy: Law, Ethics and the Rise of Technology by Judith Wagner Decew.

The plot of the 2000 movie Charlie's Angels has the trio attempting to recover technology for location and voice recognition that ``in the wrong hands'' could mean the ``end of privacy.'' A review in Salon asks: ``Who cares about the fate of privacy, of all things, when you can watch three sexy babes stamp out crime in zip-off suits and high-heeled boots?''

The Truman Show can be viewed as the struggle of a man who was adopted from birth by a corporation that commercially exploits and controls his private life, making it made public without his knowledge or consent. ``I know more about you than you know yourself,'' says Christof, the producer who zealously guards his own privacy.

The advertising blimp in Ridley Scott's film Bladerunner is a vision of a big intrusive device. ``This announcement has been brought to you by the Shimago-Dominguez Corporation,'' blares the slow-moving audio-video zepplin. ``Helping America into the New World.''

In The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? David Brin argues that instead of trying to defend privacy against technology we should strive for even more openness. [Excerpt from Chapter 1] [Scientific American] [1] [2] [CNN]

Another contrarian book partly on privacy is The Limits of Privacy by Amatai Etzioni [Review by Mike Godwin] [Review by Bob Gellman] Evan Hendricks commented that this book might be a good way to promote communitarianism, but has little to contribute to thought on privacy.

Victim Mari J. Frank wrote a package titled The Identity Theft Survival Kit: A Complete Guide for Restoring Your Credit and Your Peace of Mind (book, cassettes, and diskette) from her ordeal. Related: http://www.idfraud.com/ [Newsweek on ID theft]

Two books about fighting back against companies: Consumer Terrorism: How to Get Satisfaction When You're Being Ripped Off by Frank Burkett, Frank Bruni, and Elinor Burkett is a serious book of practical advice. Related: Bad Software: What to Do When Software Fails by Cem Kaner and David Pels. Counterpoint: Complete Idiot Letters: One Man's Hilarious Assault on Corporate America, Paul Rosa writes to companies with preposterous suggestions (``I would like to urge TV Guide to begin listing all television commercials along with the television programs... Also I would like to see more commercials...) and prints their replies (``Most of our subscribers indicate they would prefer less advertisement.'') [Web Site]

For comprehensive technical textbook, Cookies by Simon St. Laurent. is remarkably sensitive to privacy implications. It ranges from debunking rumors through demonstration examples of typical applications to the ``danger zone'' of the Master Cookie Server used in Microsoft Personalization Sessions. He mentions our Internet Junkbuster and its ``customizable demolition of banner advertisements'' and comments on our ``hardline approach to privacy.''

From the Electronic Frontier Foundation, is Protecting Yourself Online: The Definitive Resource on Safety, Freedom, and Privacy in Cyberspace. and others. And Net Results: Web Marketing That Works by Rick Bruner. [TechWeb]

More cited than read, George Orwell's Nineteen Eighty-Four remains the popular watchword for invasion of privacy almost fifty years after its publication. The novel can be read as a warning against the malign personalization that could be possible with a systematic technological attack on privacy. `The worst thing in the world,' says the hero's torturer, `varies from individual to individual.' (p. 228) The evil state in 1984 sought to control mindspace and to dictate identity to its subjects.

The command of the old despotisms was ``thou shalt not''. The command of the totalitarianisms was ``Thou shalt''. Our command is ``Thou art''. (p.205)

Counterpoint: Orwell's Revenge: the 1984 palimpsest by Peter Huber, which imagines technology turning against the despots.

Technology commentator Esther Dyson devoted a chapter to privacy in her new book Release 2.0: A Design for Living in the Digital Age. ``We and our children will be spending increasing proportions of our social, intellectual, and commercial lives in a digital world. This is how to make it a world we want to live in.''

We believe she was referring to our Internet Junkbuster proxy in a paragraph that discusses ``bad'' hackers putting cookies to nefarious uses:

Recently, some ``good'' hackers have developed tools that allow users to erase cookies or send back a ``wafer'' -- a sort of anti-cookie with a user's complaint on it. (p. 198)

Esther is the daughter of physicist Freeman Dyson. Some samples from his Imagined Worlds:

The widening gap between technology and human needs can only be filled by ethics... engaging the power of technology positively in the pursuit of social justice. The failure of science to produce benefits for the poor in recent decades is due to two factors working in combination: the pure scientists have become more detached from the mundane needs of humanity, and the applied scientists have become more attached to immediate profitability... [In both,] rule by committee discourages unfashionable and bold ventures. To bring about a real shift of priorities, scientists and entrepreneurs must assert their freedom to promote new technologies that are more friendly than the old to poor people and poor countries... In the long run, as Haldane and Einstein said, ethical progress is the only cure for the damage done by scientific progress.

In Only the paranoid survive (p.5), Intel's Andrew S. Grove writes: ``In technology, whatever can be done will be done. We can't stop these changes. We can't hide from them. Instead, we must focus on getting ready for them.'' This doctrine is known as ``technological determinism,'' and is not subscribed to by most policy makers, who tend to harbor the notion that things should be done because they benefit people. Some even go so far as to think that things that harm people should be stopped. Lewis Mumford gave the authoritative rebuttal to the view in 1970. Grove's opinion is consistent with Intel's handling of the Processor Serial Number. When a technologist says ``whatever can be done, will be done'' people should ask if he really means ``we will do whatever we want.'' Historical background: Tim Jackson's page-turner Inside Intel.

An excellent collection of recent essays is brought together in Technology and Privacy: The New Landscape, edited by Philip E. Agre and Marc Rotenberg of EPIC.

Hi-tech marketing is one of the dangers discussed in Moths to the Flame: The Seductions of Computer Technology by Gregory J.E. Rawlins.

An article by Susan E. Gindin in the San Diego Law Review Internet issue (1997/8-9) titled Lost and Found in Cyberspace: Informational Privacy in the Age of the Internet surveys the means of invasion of privacy and legal remedies.

A new book by Janna Malamud Smith titled Private Matters: In Defense of the Personal Life explores the conflicting human desires to maintain privacy and to violate it. Related: Legislating privacy: Technology, Social Values, and Public Policy by Priscilla M. Regan, and Regulating Privacy by Colin J. Bennett.

The Summer 1997 issue of the W3's World Wide Web Journal, titled Web Security: A Matter of Trust discusses privacy and trust management.

A new book, American Scripture: Making the Declaration of Independence by Pauline Maier, argues that the document was ``an expression of the American mind'' rather than Jefferson's in particular.

A book titled Naked in Cyberspace by Carole A. Lane and Helen Burwell tells how to use the Net to research information, especially personal records. It discusses privacy and outlines what information is not usually available on the Net, suggesting measures you can use to protect protect yourself from people searching about you.

A book by Bryan Pfaffenberger titled Protect Your Privacy on the Internet includes a CD of Windows shareware. It gives several examples of companies that say collect data saying they will not use it for certain purposes, and asks: what recourse do we have if the company is taken over by someone who finds those restrictions too financially inconvenient? At the FTC's privacy workshop Evan Hendricks read into the record from page 11 of this book the following quote from an outspoken 1994 article in the trade journal Direct Marketing that argued that the industry needn't make efforts ``pretending to placate the privacy forces with PR.''

In two years technology will have moved beyond the recall of the privacy types. All privacy attacks will be upon an information industry too big to be defeated and thwarted from the historical inevitability of a new society built on this new economy. Our opponents' arguments will be so irrelevant that they will be ignored. We are winning and shall continue to do so.

Another new book is Data Smog: Surviving the Information Glut by David Shenk.

Information has also become a lot cheaper -- to produce, to manipulate, to disseminate. Consequently, virtually anyone can very easily become an information glutton. We now face the prospect of information obesity.

Also reviewed in Wired, Joseph Turow's Breaking Up America: Advertisers and the New Media World analyses the social and cultural effects of target marketing. [Excerpt] We also speculate on the effects of technology creating ``markets of one'' (i.e. a billion ghettos.)

The Privacy Rights Handbook: How to Take Control of Your Personal Information by Beth Givens of the Privacy Rights Clearinghouse ``gives you all the information you need to be aware of threats to your privacy and assertive about safeguarding it.'' An excellent practical guide. See also: It's None of Your Business : A Consumer's Handbook for Protecting Your Privacy by Larry Sontag.

A long article by Michael W. Carroll titled Garbage in: Emerging Media and Regulation of Unsolicited Commercial Solicitations is a very comprehensive consideration of law and public policy issues about spam.

Left unchecked, this flood of advertisements could produce a tragedy of the commons; advertisers, acting in their rational self-interest, will distribute as many unsolicited advertisements as they can until most users of the medium find that the effort of sifting through unwanted solicitations has become too great.

All of the benefits and the marvels offered by the emerging media, however, may be unobtainable if we allow ourselves to be buried in a blizzard of electronic clutter.

  Fundamental issues of privacy

Commercially motivated communications are a specific type of threat to privacy, which has a broader context in the ethics of freedom. ``World history is the progress of the consciousness of freedom--a progress whose necessity we have to investigate.'' said Georg Wilhelm Friedrich Hegel. (Quoted in Reason in History; Hegel by Robert S. Hartman.) This can be applied to the concept of privacy as freedom to act and think unobserved within a certain private sphere. Technology challenges our concepts of what should be private, mostly by raising the possibility of surveillance of what was formerly unobserved.

1. The non-profit Electronic Privacy Information Center (EPIC) is perhaps the foremost privacy resource on the Web. Related pages include privacy and direct marketing, a list of privacy resources, and a summary of several polls on privacy. Together with Privacy International, EPIC publishes a report titled Privacy and Human Rights. on privacy laws around the world. [Business Week on EPIC]
2. An affiliated organization, Privacy International, is an international movement that help ``counter abuses of privacy by way of information technology.'' Its web site includes a list of Country Reports with links to resources in dozens of countries. [EU litigation] [Interview]
3. The http://www.privacy.org/ site gives recent news and calls to action.
4. Another site with a fine list of privacy-related resources from around the world is Global Internet Liberty Campaign.
5. The OECD issued a seminal memorandum titled Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980. Counterpoint: Stopping surveillance: Beyond 'efficiency' and the OECD by Graham Greenleaf.
6. The OECD guidelines built on a code published by the U.S. Department. of Health, Education and Welfare in 1973.
7. The Canadian Standards Association (CSA) issued a Model Code for the protection of personal information.
8. The American Civil Liberties Union (ACLU) is calling for action against electronic threats to privacy with their Take Back Your Data campaign.
9. The independent newsletter Privacy Journal has reported on privacy issues since 1974. A conference paper by its publisher, Robert Ellis Smith, is available on CPSR's Web site. He is also the author of several books and booklets on privacy topics, including Our vanishing privacy, Compilation of State and Federal Privacy Laws (frequently updated, 1999 available), War Stories : Accounts of Persons Victimized by Invasions of Privacy (second volume now published), and The law of privacy explained. In a recent article in Wired titled Privacy: the Untold Stories he lists several recent events impacting privacy that have gone largely unreported. We applaud his publication for being often the only publication to cover important privacy developments. [USNWR profile of Smith]
10. The anti-government Cato Institute published Privacy as Censorship: A Skeptical View of Proposals to Regulate Privacy in the Private Sector by Solveig Singleton. It argues that there is ``little to fear from private collection and transfer of consumer information,'' a statement that Privacy Journal said ``will surprise anyone who has followed news reports over the past two years.''
11. The newsletter Privacy Times is designed for professionals and attorneys who need to follow privacy developments. The editor is also the first author of Your Right to Privacy: A Basic Guide to Legal Rights in an Information Society (An American Civil Liberties Union Handbook) by Evan Hendricks, Trudy Hayden and Jack D. Novik.
12. The Handbook of Personal Data Protection by Wayne Madsen doesn't come cheap at around $170, but he knows what he's talking about.
13. The bestseller The Right to Privacy by Ellen Alderman and Caroline Kennedy examines legal cases where the privacy of the individual has been threatened by the police, the press, the voyeur, and the employer.
14. The non-profit http://www.netaction.org/ is ``dedicated to educating the public, policymakers, and the media about technology-based social and political issues'' (including privacy issues). See also: Electronic Commerce Forum.
15. ``Freedom is independence of the compulsory will of another; and in so far as it can co-exist with the freedom of all according to a universal law, it is the one sole, original inborn right belonging to every man in virtue of his humanity. There is indeed, an innate equality belonging to every man which consists in his right to be independent of being bound by others to anything more than that to which he may also reciprocally bind them.'' -- Immanuel Kant in The Philosophy of Law.
16. Chris Hibbert authored a comprehensive FAQ titled What to do when they ask for your Social Security Number.

  Junk communications as invasions of privacy

Any junk communication can be both an indication of the junk data about you that led to you being a target, and an invasion of privacy through its transmission to you.

Links more specific to the Internet are given in a separate section below.

1. Roger Clarke's excellent paper Direct Marketing and Privacy surveys DM practices and warns that they often conflict with the trust necessary for an ongoing relationship with consumers.
2. An article in the Los Angeles Times by Ram Avrahami titled My life is not for sale eloquently describes why he went to court to protect himself and others from unwanted solicitations. He has initiated an on-line petition to Congress that you can fill in to object to the unauthorized sale of your personal information. The sample of opinions that people have added makes fascinating reading. Avrahami commended the Internet Junkbuster in an interview with Wired News.
3. The author of the 1957 advertising classic The Hidden Persuaders, Vance Packard, told a legislative committee in the sixties that ``The possibility of the fresh start is becoming increasingly difficult. The Christian notion of redemption is incomprehensible to the computer.'' Little progress on this research front has been made since.
4. The non-profit Consumers International has a broad focus on consumer interests.
5. Computer Professionals for Social Responsibility (CPSR) maintains several documents on privacy.
6. The dangers of the sale of information about children are driven home by Marc Klaas and a KCBS reporter who bought thousands of children's names while using the name of a convicted child molester.
7. Each year Equifax, a company known primarily for selling credit reports on consumers, commissions and publishes results of a poll of Americans' attitudes toward privacy.
8. ISP Novagate maintains a list of consumer privacy resources (including us).
9. One of the best-known books about direct marketing and consumer privacy is Erik Larson's The Naked Consumer: How Our Private Lives Become Public Commodities.
10. An article by Malcolm Howard in Wired (97/4) titled No Freedom of Information discusses issues about public access to government records, including their reuse as commercial offerings.
11. For high-quality media coverage, browse CNET's reports on privacy in the digital age. They include audio interviews with EPIC legal counsel David Sobel and PGP author Phil Zimmermann.
12. A good way to keep up with new threats to privacy is to read the direct marketing industry's ``newspaper of record,'' DM News, particularly the sections on Database Marketing and Lists and Databases. Another leading trade magazine is Direct.
13. We think every company that stores information about its customers should publish a privacy policy. (But notice is not enough: [Surfer Beware II] [USAToday.com]) Here are some sample policies: Abacus Direct, ACM, Acxiom, [BW on Acxiom] Alexa, American Express, American Computer Group, Anacom, Altavista, Amazon, Anywho, BonusMail, CallWave, CatalogLink, CASIE, CIO Online, Columbia House, CNET, CNN, Cogit, CreekWalk, Crutchfield, Database America, DoubleClick, Drugstore.com, which in a Freudian slip stated that ``Some of these companies use cookies to conduct tracking, in order to maximize our advertising spending and enhance your shopping experience at drugstore.com,'' eBay, Electricity Choice, E-LOAN, Engage Technologies, Entropy Gradient Reversals [WARNING: Satire; strong language and political message may offend], EPIC, eSweeps (which ``reserves the right to post collected data on Esweeps.com's Web site, or share, rent, sell, or otherwise disclose data it collects to third parties''), Firefly, Game Empire, GoodNoise [refers to our ``rather hysterical'' warning on cookies], Harper Childrens, Harte Hanks, Hotmail, interMute, Intuit, Junkbusters, Jump, Kelloggs, Netscape World, Lexis-Nexis, MatchLogic, Medscape, Metromail, Microsoft, MyPoints, Nabisco Kids, Network Associates, New York Times, Napster, Nvolve Kids, Net-mom, Odigo (which ``may, in its sole discretion, make the information you provide us and the information or data we collect available to our employees and third parties with whom we contract, including without limitation, unique identifiers, aggregate statistics, demographic, and other information about our users'') , Onion, OPEN, Panache(admits participation in Abacus Online), Pathfinder (Time-Warner), PriceLine, Qpass, Replay TV (requires JavaScript includes tracking mechanisms), Riddler, SideWalk [criticism], SimpleNet, sixdegrees, Third Age, VerticalOne, WSJ, Weather.com, WebTV, WholeAgain [includes discussion] , WinFiles, Wired, WiseWire, and Yoyodyne [2].

    The DMA provides direct marketing organizations with an ``add water and stir'' recipe for privacy policies: a form that generate online privacy policies (``without studying the issues at all'' added Privacy Journal 97/6). TRUSTe has a similar ``Wizard,'' which also generates a XML for P3P. Privacybot extends this to applying for a seal. The OECD has also provided one, attracting criticism from privacy advocates. Eric Goldman of Cooley Godward LLP wrote a paper titled Drafting a Privacy Policy? Beware! An article in CIO Magazine surveys policy issues about privacy policies. If you find a particularly good, bad or ugly policy on the Web, please tell us the URL. We call a privacy policy vacuous if there is nothing that it stops the company doing. A vacuous policy is like a pseudo-scientific theory that cannot be falsified by any empirical evidence. Vague statements such as ``we strive to consider our valued customers' preferences'' reassure only the gullible. Of course most privacy policies are the product of PR people and lawyers, so they are made to sound nice while exposing the company to absolutely no risk no matter how badly it behaves. As EPIC put in in the title of its follow up report: Surfer Beware II: Notice is Not Enough. A good privacy policy should be one of many elements of an organization's privacy strategy. Companies that offer consulting services on privacy statements and strategy include Alan Westin's Privacy & American Business, PricewaterhouseCoopers, IBM, Privacy Council, Siegel & Gale, Roger Clarke's Xamax, and Junkbusters.

14. Professor Westin also established the Privacy Exchange site, which has extensive links to policies. See also: Privacy Laws and Business and DiaSystems. [AdAge]
15. As Scott Adams put it in the title of one of his Dilbert collections: I'm Not Anti-Business, I'm Anti-Idiot. A more serious book: Managing Privacy: Information Technology and Corporate America by H. Jeff Smith.

  Junk Mail

How many trees are needed to send a hundred billion pieces of junk mail each year?

1. A cover story titled The junk mail deluge in U.S. News and World Report describes the relationship between databases, privacy and junk mail. (1997/12)
2. Chris Hibbert of CPSR gives several pages of advice on How to get less junk mail. He says that sending negative answers in business reply envelopes is unlikely to be effective. He advocates using variant spellings of your name and address to track who is selling your name.
3. A magazine article by Michael Worsham discusses both environmental and privacy effects of junk mail.
4. The Direct Marketing Association's 1996 Statistical Fact Book is full of figures and graphs, such as estimates that Americans get 21.31 pieces of direct mail per week, 43% wish they got less, 52.2% order something from it, and 46% of it is never read. With $30 billion spent on direct mail, that's a waste of about $15 billion annually.
5. Fred Elbel publishes an extensive page on How to Get Rid of Junk Mail, Spam, and Telemarketers.
6. Several other individuals maintain pages of advice on how to deal with junk mail, including Ron Rogers.
7. Another Do-it-yourself guide is published at obviously.com. Our favorite line: The DMA ``suggests "reusing" your unwanted junk mail, by giving it to schools and libraries. This self-serving suggestion is worth somewhat less than you paid for it.''
8. In The Next Step in Database Marketing: Consumer Guided Marketing: Privacy for Your Customers, Record Profits for You Dick Shaver argues that companies can ``computerize personal information'' while protecting ``each customer's privacy completely'' so that ``Junk Mail becomes a thing of the past.'' We haven't yet read the book. ``Reverse target marketing'' is one of the themes of Enterprise One to One: Tools for Competing in the Interactive Age by ``Direct Marketers of the Year'' Don Peppers and Martha Rogers of Marketing1to1. Peppers has been quoted as saying, ``I get eight or nine, sometimes 15 catalogs every day even though we've never bought anything by mail. To me that's a big annoyance.'' Other books of interest: Database Marketing: The Ultimate Marketing Tool by Edward L. Nash and Emarketing by Seth Godin formerly of YoYoDyne and now VP of DM at Yahoo, a pioneer of consensual marketing. Godin constantly spouts thought-provoking and incisive observations about marketing; our favorite: "No site has a right to my attention, my data or my business." For an audio interview on privacy and marketing with Junkbusters, see our media page. Other books by Godin are listed above.
9. For a fee Outpost, Call Compliance, BOXFree, http:///www.StopTheCatalogs.com/, and http://www.circularfile.com/. offer to send opt-out messages.
10. The Web site stopjunk.com offers to sell you a kit that it describes as ``the result of thousands of hours of research into the cause and prevention of junk mail proliferation.''

  Telemarketing

Our extensive tactics for ridding your home of these long-distance vermin are summarized in our Anti-telemarketing script, which has links to source material from the FCC. The FCC maintains a page for consumers on unwanted telephone marketing calls.

1. When a ``professional telemarketer'' complained to Judith Martin about people who ``verbally abuse us'' when called, she gave the following reply in Miss Manners Rescues Civilization: From Sexual Harassment, Frivolous Lawsuits, Dissing and Other Lapses in Civility.

   What you are doing is rude. Never mind arguing that you need to earn a living, that you personally do not intend to break into people's lives and that many people must be grateful for the opportunity your employer offers for you, or they would not be profitable... Miss Manners is sorry to tell you that she hopes such techniques will not be permitted and that you are able to earn a more acceptable living in another manner.

2. Geoffrey Kloess wrote a freeware package for telemarketer control called Enigma based on our Anti-telemarketing script.
3. Several products are available to deliver a recorded ``do not call'' message when a telemarketer calls. On some you push a button after you have picked up and identified the telemarketer; others delay ringing until they have asked the caller to press 1 unless it's a telemarketing call. Most cost around $30. They include the Phone Butler, Private Line, Privacy Call, callplex, CallMeNot, ScreenMachine, and ``Easy Hang Up,'' which we're told is available from http://www.SolutionsCatalog.com. A demonstration of the Prefone Filter is available by calling 1-800-NO2-JUNK (1-800-662-5865) or from http://www.prefonefilter.com/ In the other corner: autodialers that do predictive dialing. [TeleDirect] [MarkeTel] Counter-technology: TeleZapper, which sends a "dead line" signal that tells the predictive dialers your phone line isn't working. [Business Week] AOL also has a similar feature for users of AOL Call Alert or AOL Voice Mail. [DM News] A cost-free alternative is to record the SIT tones (also known as out-of-service tones) at the beginning of your answering machine message. [Z28]
4. Customers in some of Ameritech's territory can pay a monthly fee to add Privacy Manager, which pre-screens calls not identified by Caller ID. [Radio Advertising Bureau on PM] Verizon announced a similar service under the name Call Intercept. (2001/2/6) Similar functionality could be achieved with a computer, a voice modem, and software such as CallAudit.
5. The FCC's page on the Telephone Consumer Protection Act contains pointers to its actions and fact sheets. [more]
6. A company that trains telemarketers recommends that trainees be prepared to deal with our Anti-Telemarketing Script, which it warns may intimidate them and lead to fines. The page also contains a good set of links to resources on telemarketing. (Beware cookies set by JavaScript.)
7. Russ Smith's Consumer.Net site contains many pages on those topics, as well as an extensive graphically annotated page of links covering other kinds of junk. It documents several cases of telemarketers being made to pay for breaches of regulations.
8. Robert Arkow, a veteran anti-telemarketing litigant, maintains a site at http://www.stopjunkcalls.com/ titled ``Californians Against Telephone Solicitation.'' We were entertained by their .``UnOfficial Hunt for Wells Fargo Bank's "Do Not Call Policy"Web Page
9. Frank Beacham includes details on how telemarketers have been sued using the requirement that they supply a written policy on demand.
10. Robert Braver invites nominations for the ``Telemarketing Hall of Shame.''
11. The "Know Fraud" campaign against fraudulent telemarketing at http://www.consumer.gov/knowfraud/ gives tips on spotting fraudulent telemarketers.
12. Scam artists are tricking people into calling pay-per-call numbers in the 809 area code, which is in the Carribean. Details are available from Scambusters. These area codes are also used by International Dial-A-Porn services.
13. The Federal Trade Commission warns how scam artists sell ``sucker lists'' (a.k.a ``mooch lists'') and try to dupe victims again and again.
14. Karen's Koncepts lists dozens of anti-telemarketing links.
15. A privacy advocate comments unfavorably on the UK ``Telephone Preference Service.''
16. For a list of ``business to consumer telemarketing service suppliers'' (a.k.a. telemarketing service agencies, or bureaus), see for example the December 1995 Buyer's Guide in Telemarketing magazine (ISSN 0730-6156).
17. There are many books by telemarketers for telemarketers, but few mention privacy or even laws or regulations. One that does include a sample do-not-call policy is In-House Telemarketing by Thomas A. McCafferty.
18. Robin Whittle analyses the intrusiveness of telemarketing and its regulation in Australia.
19. Tony Shepps describes one way to avoid junk calls: move, get an unlisted number, keep it secret, and refuse calls that get through.
20. Max Gavaghan is a cat whose owner filled out a warranty card in Max's name. The cat received telemarketing calls and an offer for a pre-approved credit card.
21. Vince Nestico's ``Anti-Telemarketer Source'' is the most colorful set of pages on this topic we have seen on the Web. It includes many stories on tormenting Telephone Sales Representatives (TSRs), and promotes an anonymous author's book called How to get rid of a telemarketer. Some of these stories are extremely funny, but before trying it yourself at home, remember that the TSR didn't decide to call you, the company did.
22. The satirical online newspaper The Onion reported Telemarketing Industry Celebrates First Sale. [Salon review]

  Reducing junk marketing communications

Direct marketers presume unless told otherwise that they can send you whatever junk they want. See also our page on what you can do to tell them to cut it out.

1. The NAMED is a non-profit membership organization that tells companies not to disclose personal information about its members without their permission.
2. People who want absolutely no junk mail and/or telemarketing calls (and are prepared to pay an annual subscription fee) may be interested in becoming members of Private Citizen, Inc. (1-800-CUT-JUNK).
3. The Privacy Rights Clearinghouse maintains extensive practical fact sheets on what consumers can do, including: ``Junk mail: how did they get my address?'' and ``Telemarketing: Whatever happened to a quiet evening at home?''
4. The web site of PerfectlyPrivate ``provides information and tools that enable consumers and businesses to receive the maximum benefits of the Internet while minimizing privacy risks.''
5. One of the stated purposes of Aristotle Publishing (VOTE) is to give Californian registered voters the option of receiving governmental and political messages by email. The organization is also a very outspoken critic of one direct marketing company's abuses of personal data. They also started an opt-out list for junk email. ZD Net News reported on their database for targeting political banner ads. [Vortex on Aristotle] [IPO info] [Industry Standard on Aristotle] [Hunter on Profiling the Electorate]
6. ``Fax me not'' of Littleton, Colorado calls itself ``The Fax Police.'' For a fee, it offers to notify fax senders that their faxes are unwanted and to take legal action against them if they continue. This is the first clear example we have seen of private enforcement services against junk communications. They don't appear to have a Web site, but they offer a fax-back information sheet (800-747-1747, ext. 7).
7. Observing that marketers often make it easier to sign up than cancel, Cancel-it offers a free form to cancel some on-line services such as ISPs and email lists.
8. The Center for the Study of Commercialism (CSC) Director Michael F. Jacobson and Laurie Ann Mazur authored Marketing Madness : A Survival Guide for a Consumer Society, ``a primer on the social ills of commercialism gone rampant--a call to action for all concerned citizens.'' Related: Affluenza on PBS. [The Onion]

  Junk and privacy on the Internet

As the greatest machine ever built for getting information from anywhere to anywhere else, the Internet is perhaps also the greatest threat to privacy since the Chinese invented the census around 2275 B.C.E. The Internet Junkbuster is our main contribution to Internet privacy. But there are many, many more threats to be countered.

1. Though not primarily about privacy, Cyber Rights: Defending Free Speech in the Digital Age by Mike Godwin, counsel to the EFF, is a firsthand account of many struggles involving rights in cyberspace.
2. The Electronic Frontier Foundation (EFF) has various initiatives to improve privacy on the Internet, including newsletters, an archive on Junkmail/Commercial Privacy Issues, and the following project.
3. The privacy initiative of TRUSTe (formerly eTRUST) ``has two significant aims: to stave off prohibitive government regulation in electronic commerce and accelerate growth in the industry by promoting consumer trust and confidence.'' They license their ``trustmarks'' of privacy and security to on-line merchants, and campaign to get them to post privacy policies. [Industry Standard Debate] [Grohol critique]
4. Other similar organizations: the Better Business Bureau Online (BBBOnline) [CNET], PricewaterhouseCoopers BetterWeb, WebTrust, Web Assurance Bureau, PublicEye, BizRate, Gold Privacy Seal, NetCheck, Net Trust, and HonorWeb. [USAToday review] A few organizations distinguish themselves by requiring audits attesting to a set of standards, such as the Personalization Consortium and CPA WebTrust [CNET].
5. A survey sponsored by them concluded most consumers don't trust Web sites with their personal information, and many provide false personal information when asked to register.
6. The Consumer Project on Technology, affiliated with consumer advocate Ralph Nader, has criticized Microsoft for anticompetitive practices and other companies for privacy-invasive actions. [CNET]
7. Nader's Commercial Alert is ``an organization devoted to helping families, parents, children, and communities defend themselves against harmful, immoral or intrusive advertising and marketing, and the excesses of commercialism.''
8. The industry-funded lobbying group Center for Democracy and Technology (CDT) also has pages on privacy issues, including a Roundup of key findings of recent privacy surveys, a chart of the privacy policies of online service providers, and a Privacy Demonstration Page. [Biz2.0 on CDT] Together with Voters Telecommunications Watch (VTW) they created a site called http://www.Junkemail.Org with extensive information about spam.
9. Described by the Industry Standard as the ``Internet pure play of lobbies,'' Netcoalition.com aims to stop Net taxes and privacy legislation. [USA Today]
10. An extensive privacy analysis is available at http://consumer.net/analyze/ including referer, cookies, whois, and traceroute. Another is browserspy.
11. The W3C's Platform for Privacy Preferences Project (P3P) is working on ways of standardizing statements of Web sites' privacy practices and visitors' ``preferences.'' (We would prefer a word such as ``requirements''.) Junkbusters criticized P3P in an open letter.
12. Roger Clarke's excellent paper Privacy on the Internet: Threats, Countermeasures and Policy enumerates and analyses the key factors, with links to his many other papers.
13. The ACM Risks Digest moderated by Peter G. Neumann frequently includes privacy issues. He also has a book titled Computer Related Risks. See also EPIC's page on computer security.
14. The practical suggestions on ``how to add privacy to your life'' in Andre Bacard's Computer Privacy Handbook include using PGP to encrypt your communications. It quotes the Equifax poll reporting that 79 percent of Americans said they would like to ``add privacy to "life, liberty, and the pursuit of happiness" in the Declaration of Independence.'' See also his Anonymous Remailer FAQ.
15. There are many organizations that campaign for the right of people to use strong cryptography to protect their private communications from government surveillance. These include Americans for Computer Privacy (ACP).
16. Computer security is important to information privacy, because much private information is disclosed by accident and through attacks by third parties. A well-known reference on Internet security is Practical Unix and Internet Security by Simson Garfinkel and Gene Spafford. (And more recently, Web Security and Commerce.) Garfinkel has also written extensively on privacy. Related: Web Security: A Step-By-Step Reference Guide by Lincoln D. Stein (which mentions our Internet Junkbuster proxy) and the Web Security Sourcebook by Avi Rubin, Daniel Geer, and Marcus J. Ranum. Counterpoint: rootshell.com. See also the site of the National Computer Security Association.
17. A chapter on ``How much privacy you have on the Net, and how you can get more'' is a feature of Daniel Barrett's book Bandits on the Information Superhighway.
18. The Nation ran a wide-ranging review titled Privacy for Sale: Peddling Data on the Internet.
19. Out of print classics: Jeffrey Rothfeder's Privacy for Sale: How Computerization Has Made Everyone's Private Life an Open Secret and Arthur Raphael Miller's The Assault on Privacy: Computers, Data Banks, and Dossiers .
20. The ``Internet Watchdog Website'' http://www.webguardian.com is a non-profit organization aimed at helping consumers ``to report and recover from cybercompanies who engage in deceitful or fraudulent internet business practices.''
21. Francis Litterio cautions us ``If you want privacy in the electronic age, you have to give it to yourself. Your employer won't give it to you. Your government will not give it to you.'' And we would add: the companies that serve you will not give it to you, at least not unless you ask.
22. Version 2 of Freedom from Zero-Knowledge Systems, Inc. ZKS describes Freedom as ``easy-to-use software designed to give you total privacy while on the Internet [by using] high-grade public key cryptography to encrypt the contents of any Internet transmission, including e-mail, chat room, web browsing and newsgroups. It also protects the source and destination of all Internet traffic. '' For Version 3 ZKS added features such as ad filtering and cookie management, but shut down the encryption network. (2001/10/4) [AP]
23. You can surf through the Anonymizer to avoid handing over so much information with your HTTP requests. Their FAQ page explains how they achieve anonymity in almost all situations, except when using external protocol handlers such as MIME helper programs. One disadvantage with this pioneering service is that they impose advertising and delays unless you pay (they have to support their operations somehow). Another pay-for-privacy service site: Ultimate Anonymity; the company appears to be related to bulk emailing lists.
24. More anonymizers: SafeWeb, which does cookie and script filtering, and Ponoi which offers secure Web browsing, password management and file storage.
25. ``Messaging Incognito'' from Privada ``allows users to send and receive email and post newsgroup messages securely, privately and anonymously.'' [Privada release] [Washington Post/Newsbytes]
26. Separately, Privista, a company allied with Equifax offers an ``Early-warning system against identity theft and credit fraud'' and an ``opt-out manager.''
27. Lucent tried to turn LPWA into a commercial venture called ProxyMate. They appear to have closed it and sold the technology to NaviPath for its ISP. We didn't like ProxyMate's requirement that users turn on JavaScript, which is a security risk. It also adds ads, which can be eliminated with the line bin.proxymate.com/pbar? in an Internet Junkbuster blockfile. LPWA showed a way surfers could register at sites anonymously without having to do a lot of book-keeping of user IDs and passwords. One of its cryptographic features is to provide ``target-revokable e-mail addresses.'' [CNET] See also: SneakEmail's disposable email addresses.
28. There are also few public proxy operations provided by small entities, such as Janus, Interfree, and MagusNet. Also Anonymyth . We don't attempt to determine which proxies are trustworthy. The Anonymity 4 Proxy (A4Proxy) is a proxy server that includes a database of public anonymous proxies.
29. Scientists at AT&T Research have devised a privacy-enhancing proxy server called Crowds that anonymizes surfing by routing requests via a randomly chosen participant. [Wired] Related: Cloudish.
30. Tamos International has a demonstration that detects headers indicating a proxy.
31. The in.identd demon, described in RFC 931, can disclose users' identities to servers. Try our test. If you're being given away, ask your administrator or ISP if it can be disabled or replaced with an encrypted identd. If you're running UNIX ® on your machine, try disabling the auth or identd service on port 113 by commenting it out in /etc/services and restarting TCP/IP.
32. We like Java as a programming language and a way of making applications platform-independent, but we have concerns about the security of implementations in browsers and the threat to privacy that this poses. We recommend disabling Java due to various security loopholes and Hostile Applets.
33. There are also recent reports of security problems with ActiveX and even MS-IE itself. See also: RadioActiveX.
34. Even JavaScript has been used in attacks [ZD] [Wired]. It can also be used by servers to discover your plug-ins and other information, and to set cookies. It has an awful history of security bugs. [CNET] We recommend disabling it.
35. Chip's Closet Cleaner includes many links about privacy. They describe us in three words: ``stop junk everything.''
36. Databases of email and postal addresses such as Peoplefind or the many listed in Yahoo are considered very helpful by some but an invasion of privacy by others.
37. Another service that is considered both helpful and invasive is the archiving and indexing of Usenet postings by sites such as dejanews.com. The profiles easily obtained about a person can be very revealing.
38. The American Association for the Advancement of Science published a report on the importance of Anonymous communications on the internet.
39. The newsweekly Time ran an article titled No Privacy on the Web (June 2).
40. A brochure titled Protecting Your Privacy When You Go Online is published by the Interactive Services Association, an industry group that includes several major web advertisers. It explains the basics of cookies, but is light on detail about how to stop them. [CNET coverage] The DMA also publishes a booklet titled Get Cyber Savvy, mainly concerned with parental control.
41. Sites such as deepdata.com sell various information on most Americans for a few dollars or more.
42. The web site of Privacy, Inc. asks ``What do they know about you?'' They ``help you find out and empower you to take action'' if you pay $30 for an ``Internet Background Check,'' reported Wired News.
43. Or you can learn how reporters do it from Deadline Online: people finding and finding background. Find it online by Alan Schlein is a comprehensive book covering research for all kinds of information.
44. One of the most frightening privacy pages on the Web makes its point by posing as a resource for stalkers.
45. Some similarly disturbing books: How to Get Anything on Anybody by Lee Lapin, Your Personal Netspy: How You Can Access the Facts and Cover Your Tracks Using the Internet and Online Services by Wolff New Media, and Web Psychos, Stalkers, and Pranksters: How to Protect Yourself in Cyberspace by Michael A. Banks, Digital Privacy by M. L. Shannon.
46. The April Fool's Day jokes about Internet privacy are getting closer to reality: ZD PC; macfixit.com.

  Cookies

Our alert on cookies explains how Web browsing can damage your privacy. The Internet Junkbuster stops cookies and other threats to your privacy on the Web.

1. There's a Yahoo category for cookies.
2. The original specification of cookies by Netscape was marked preliminary. It focuses on the technical details on how to use it and rather than the ends to which it can be put.
3. A subsequent Internet RFC (2109) on cookies by David M. Kristol of Bell Laboratories and Lou Montulli of Netscape Communications (who patented cookies) expanded the preliminary specification to many related considerations, including ``Cookie Spoofing'' and ``Unexpected Cookie Sharing.'' There's also a sizeable section on privacy, including the following recommendation: ``...the control mechanisms provided shall at least allow the user to completely disable the sending and saving of cookies.'' Despite this the two major browser makers didn't have such a feature until their level 4 versions. See also an interview with Lou Montulli and the Privacy Foundation.
4. There's an Internet Draft on trust certification of cookies.
5. The U.S. Department of Energy's Computer Incident Advisory Capability issued an Information Bulletin stating that cookies do not pose a security threat, but may threaten privacy by facilitating tracking.
6. Roger Clarke gives a balanced and wide-ranging account of cookies, including legal and historical aspects. A broader article places cookies in the context of Cyber Culture.
7. A review of the legal and privacy aspects is given in Cookie Central.
8. In a law journal article Viktor Mayer-Schönberger examines cookies and privacy legislation, arguing that companies who set them without consent may violate the European Union Directive on the Protection of Personal Data. (Cited in Eichelberger). [Techweb]
9. A New Zealand law firm discusses dangers of cookies from the point of view of privacy legislation and employers' responsibilities (perhaps the Internet Junkbuster would address some of these concerns).
10. A highly readable article by Tom Negrino in Mac World includes sections on good reasons for cookies and their use as marketing tools.
11. Andy's Cookie Notes discusses several aspects of cookies, and provides links. webmaster at HotWired recommended that you disable cookies only when the browser isn't linked to you personally. (We take exactly the opposite view.) After getting a lot of mail he wrote a followup saying that ``on the other hand, personal privacy is a sensitive issue...'' He concluded that ``eventually, most Web browsers (particularly those in the public domain) will come with an option to refuse all cookies.'' More recently, Matt Margolin surveyed technology for protecting user data.
12. A set of test results published by DEC documents the cookie capabilities of a large number of browsers. Most don't support cookies. Three that do are Netscape, Microsoft IE, and NetManage WebSurfer.
13. In 1996 the Federal Trade Commission published a Staff Report titled Public Workshop on Consumer Privacy on the Global Information Infrastructure. Various companies and trade organizations lobbied to defend and promote their technologies and business practices, including cookies and the collection and sale of information about children. Some claimed that their technologies ``could enhance online privacy and at the same time satisfy the legitimate needs of online businesses for information about current or potential customers.'' Here's an outstanding sentence: ``According to the representative of Netscape Communications Corporation, cookies technology could be used by Web sites to facilitate communication of consumers' privacy preferences.''
14. Answering the FTC's 1997 questions about cookies, Netscape commented ``As to risks to web site operators, the risks may rest with possible liability for management of the information that they may collect...''
15. A 1996 article in Interactive Week revealed that search engine companies use sophisticated technology to build profiles of their users based on the history of their search queries. Do you want such a profile about you available for sale to advertisers? If you searched for information about a chronic disease yesterday, you might not get any banner ads from health insurers today.
16. Privacy and security expert Simson Garfinkel declared that cookies can be a force for good or for evil in an article in Wired News. See also: Good or evil?
17. The public was first warned about the surveillance capabilities of cookies by the San Jose Mercury News titled Web 'cookies' may be spying on you. In 1996 they pointed out that cookies violate two assumptions which still prevail: that surfing the Web is anonymous, and that files on the client side aren't changed by servers.
18. Dean Gaudet points out that cookies are just one of many technical means of tracking. We're very interested by his suggestions about how the HTTP Keep-Alive mechanism can be used for surveillance purposes. If anyone has further information about this, we would like to hear it.
19. An article in PC Week asks whether cookies are a treat or a trick.
20. Some sites that set cookies have a page explaining them, such as Interlog.
21. A technical article in Netscape World gives example scripts for setting and displaying cookies. Other published there include a guide analyzing user activity and How popular sites use cookie technology.
22. An article in PC Magazine concentrates on the wonderful technical aspects of cookies.
23. If you don't let Microsoft set cookies, they'll withhold their content. For more on Microsoft's use of cookies, see our News page.
24. If you don't take their cookies, Healtheon tells you to have a nice day.
25. Another dazzling example: ``In order to ensure your privacy, certain areas of the PlanetRx website require the use of cookies.''
26. Ad servers Focalink maintains a page on cookies, which we disagree with on several points.
27. Another FAQ that gives an upbeat view of cookies is from Network Associates.
28. The editor-in-chief of CNET was unconcerned about cookies. Some of his readers weren't.
29. An article in Advertising Age titled `Cookie' proposal could hinder online advertising: privacy backers push for more data controls quotes a survey indicating that some 72% of online users have never even heard of cookies.
30. A coalition of privacy groups including EPIC supported the proposal.
31. Cookies are trashed in www.webpagesthatsuck.com, a magnificent gallery of what not to do in HTML.
32. The GVU's 6th WWW User Survey shows that many people are unaware of what cookies do, and wouldn't want them if they had a choice. (The 7th and 8th Surveys have since been released and contain similar figures.)

    When asked about an identifier that would uniquely label users across sessions at a site, less than one out of every five (19.08%) thought that this should be possible. Yet, identifiers already exist and are widely supported by browsers, aka cookies. There is already evidence of controversy surrounding the use and lack of control over cookies by technically savvy portions of the user community and the advertising community that desires fine grain measurement of usage.

33. Should newspaper sites use cookies? The American Journalism Review ponders cash vs. privacy.
34. An early version of Netscape Communicator contained a bug that allowed sites to gather various data from a visitor's browser, including URLs, passwords, and other sites' cookies, InfoWorld reported. (1997/07/28)
35. Realizing that cookies now have a bad reputation, advertisers and Web companies are preparing for the day when many people will refuse them. An alternative dubbed ``cupcakes'' has been put forward by i33 Technologies. The Open Profiling Standard has been put forward to allow collection of information without tracking. A tracking technology based on ``thunking'' in the DNS developed by http://www.7val.com has been called ``location poisoning'' by Lemuria, which has developed a technical countermeasure.
36. ``Cookie pieces have no calories at all. The process of breaking causes all the calories to leak out.'' At least so claims Weekly World News columnist Ed Anger, in Let's pave the stupid rainforests and give school teachers stun guns (p. 11).

  Anti-cookie measures

The Internet Junkbuster provides extensive cookie-management capabilities.

1. PGP Inc., which was taken over and later somewhat abandoned announced they would sell software called PGPcookie.cutter that allows individuals to control cookies. However, we haven't been able to find it in their list of products lately.
2. In an interview on CBS the President of PGP commented that as people understand what cookies do, ``they really are quite offended by it.''
3. Kevin McAleavey's products on http://www.nsclean.com remove the data on your browsing behavior that Netscape and MS-IE place in your files. His ``cleaning'' software also disrupts cookies and lets you switch the email address given for you to an alias. His description lists several threats to privacy from browsers.
4. Ziff-Davis offer CookieMaster, a free Windows95 utility to monitor and edit your cookies file. A collection of shareware and freeware utilities is maintained by WinFiles.com.
5. The Cookie Crusher from The Limit Software, Inc. features per-site cookie management, as does Cookie Pal from Kookaburra Software.
6. Luckman's Anonymous Cookie is a free utility that gives Windows 95 and NT users a button to enables or disables access to cookies. See also: WebSweep.
7. A shareware program called Buzof can be configured to automatically answer dialog boxes such as warnings about cookies and internet connections.
8. There is also a program called Cookie Monster for the Mac. The name appears to be the subject of a trademark dispute.
9. Internet User published a Product Roundup of Cookie Utilities.
10. Randal L. Schwartz, coauthor of Programming Perl, wrote a program that removes cookies, and the Referer, User Agent, and From variables. It's freely available. Related: htmlf, a content-modifying proxy in Perl.

  Targeted web advertising

Targeted web advertising is a threat to privacy when it's based on information collected without consent. If you don't want banner ads, consider using the Internet Junkbuster if you're a technical expert, or Guidescope if you're not.

1. Chapter 1 of Marshall McLuhan's