Hooked on Banking

July 6, 2005 Bob PageLeave a comment

Fish hooks - Dan Jaeger - http://sxc.hu/browse.phtml?f=view&id=327710
According to Gartner’s June 23 press release discussing their phishing report:

Approximately 77 percent of online Americans shopped online in the 12 months ended in May 2005, according to Gartner. An estimated 73 percent of respondents regularly logged on to banking accounts and 63 percent paid bills online.

Amazing stats, eh? Much higher than I’d have thought. I’ll assume that “online Americans” really means “online American adults” as I can’t imagine 73% of 10-year olds checking their banking accounts. Then again, kids are pretty up on things…

Would Dr. Atkins Delete Cookies?

July 5, 2005 Bob PageLeave a comment

I haven’t seen it discussed anywhere, but Jupiter did a follow-up survey to their report on cookie deletion. The goal was to give some context around the profile of the cookie deleter. While the summary from the report is that the longer you’ve been on-line, the more likely you are to delete cookies, there’s a table in the report that clearly shows a need for education on cookies:
Jupiter Cookie Deleter Demographic Survey
The trend that emerges indicates that older you are (in years, not in tenure on-line), the more you pay attention to stories about cookies, and the more you consider cookies an invasion of privacy. Coincidence? I doubt it. I think the doom and gloom reporting by the popular media actually feeds this. (Also note the general trend that while older Web users pay more attention to the stories, they report a lower understanding of how cookies work and what they are good for).

The education/advocacy sounds like something Safecount is up to.

Source: Jupiter Research Concept Report

The Business Case for Privacy

May 12, 2005 Bob PageLeave a comment

Forrester released the results of a survey in an report called What’s On Web Analytics Users’ Minds? The report mirrors a lot of the issues we see here at Yahoo! (instrumentation concerns, multiple sources of “truth”, no silver bullet for counting users) but there’s one sentence that jumped out at me – this was regarding privacy concerns:

One-third of online consumers say they’d purchase more over the Internet if they didn’t feel that their privacy was being compromised.

If ever there was a reason to get in front of the online industry’s privacy issues, it’s not the PR value — it’s the economic benefit! It’s one thing to say “we collect information about you” but it’s another to put policies and systems in place that ensure enforcement of data security and engender trust in the marketplace.

I have a feeling that the privacy breaches we’re reading about (and the ones we’re not reading about!) are going to hit fever pitch, and the subsequent government reaction will result in business burdens that at least mirror or even surpass that of Sarbanes-Oxley. Like SOX, it will mean rebuilding our systems. A whole new privacy compliance industry will emerge. I doubt we can do much about it, except to prepare for it. Meanwhile — if raising the level of trust in the marketplace will result in increased sales … why not start now?

Getting Over It

April 21, 2005 Bob PageLeave a comment

Last week I got a letter from a health clinic that I used maybe five years ago. The letter said some of their PCs were stolen out of their office, and on those PCs were the electronic records of their patients, including mine. They also sent a photocopy of the police report, for reasons I don’t understand.

On Monday, DSW (the discount shoe store) said that transaction information on about 1.4 million credit cards was stolen. Because the transaction logs just had name, credit card number, and amount, they didn’t have any easy way to contact the people whose credit card numbers were obtained (although they did contact the credit card vendors). But given the list of stores and the dates of the logs, I know my credit card number was among the ones obtained.

How long must we be diligent, checking our credit cards for fraud, checking our credit history? Years.

Just this past week, I discovered ZabaSearch, a free site for looking up information about people. Where they used to live, when they were born, their phone numbers — all right there. And background checks for $5. How convenient.

I wonder where this will end. Will there be a backlash against acquiring information, new regulations on handling it, more use of one-time identifiers (like virtual credit cards), more use of things like P.O. boxes, etc? Or will people just warm to the idea that we no longer have any privacy? Or, in the words of Sun CEO Scott McNealy, “You have zero privacy anyway. Get over it”?

Privacy in Death

April 21, 2005 Bob PageLeave a comment

So a court has ordered Y! to turn over all materials belonging to a marine killed in Iraq after his family sued to get access. Y! News has the AP story.

To its credit (in my opinion), in order to comply wirh the court ruling, Y! turned over a CD of information (and will produce paper copies next week), rather than providing the account’s user name and password.

I’m on the right to privacy side on this one – if the marine wanted the family to have access, he would have provided it. But I’m not a lawyer…

Breaking WEP in 3 minutes

April 11, 2005 Bob PageLeave a comment

It’s not news in the security community, but demonstrating that WEP is so insecure that even the FBI can break it: TomsNetworking discusses a demonstration where the Feds broke a 128 bit WEP key in about three minutes.

WPA is much better, but still a target.

The solution? VPN, of course. And since your wireless network should be considered untrusted, keep it outside your corporate network.

bobpage.net

data and analytics, mostly

Privacy