Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Defunct Dot-Coms Sell "Private" Data

By evro in News
Fri Jun 30, 2000 at 03:02:28 PM EST
Tags: Internet (all tags)

C|NET is running an interesting story about several dead dot-coms that are selling "private" customer information as a way to satisfy creditors: When Fashionmall.com purchased some of the assets of Boo.com this month, it specifically noted that it had acquired data on Boo.com's 350,000 customers. CraftShop, since filing for Chapter 11 bankruptcy in May, is actively seeking a buyer for its customers' personal information that it had promised "to never disclose...Ever." Boo.com and Toysmart.com, two of the sites mentioned in the article, were both Truste approved. If anybody needed more evidence that the Truste seal is less than useless (by giving consumers a false sense of security), here it is.

(my apologies if this story doesn't show up correctly; every time I hit preview it escapes all the quotes and less-thans and greater-thans)


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o an interesting story
o Truste
o Also by evro

Display: Sort:
Defunct Dot-Coms Sell "Private" Data | 16 comments (14 topical, 2 editorial, 0 hidden)
Reeminds me of another little site... (3.50 / 2) (#1)
by GoRK on Fri Jun 30, 2000 at 02:43:07 PM EST

Score points on fuckedcompany.com! Too bad it wasn't one of my picks.

If you've never seen the site, fuckedcompany.com "The Dot Com Deadpool" is a site dedicated to breaking news of layoffs, hostile takeovers, etc. in the dot com marketplace. It's run like a game where you get points for picking fucked companies. The worse the news the more points you get!

Re: Reeminds me of another little site... (none / 0) (#4)
by evro on Fri Jun 30, 2000 at 02:46:47 PM EST

I was going to mention FC in the story but decided against it. Can't remember why though!
"Asking me who to follow -- don't ask me, I don't know!"
[ Parent ]
(2.67 / 3) (#2)
by PresJPolk on Fri Jun 30, 2000 at 02:43:48 PM EST

Hey, Look, I hit Topical this time!

Anyway, This is what you get when you have entities for whom nobody is accountable.

My knowledge of history tells me that one day people will realise how badly society erred by allowing profit-seeking corporations regardless of the public good. Unfortunately, I have no idea in what century people will realize it.

Re: (none / 0) (#5)
by bmetzler on Fri Jun 30, 2000 at 02:47:13 PM EST

Hey, Look, I hit Topical this time!

I didn't :(

That just made me want to go and get a patch to force you to choose the right one.

www.bmetzler.org - it's not just a personal weblog, it's so much more.
[ Parent ]
Re: (none / 0) (#16)
by javboy on Fri Jul 21, 2000 at 01:14:08 PM EST

I assume that you give all of your money to the poor/government and do not buy anything unnecessary, like TVs, Computers, etc. I have never understood the reason why "profit-seeking" is always layed out as being bad. While there are plenty of stupid or just plain evil people that run companies, there is nothing wrong with the concept of making money. That is what you want to do some day right?

[ Parent ]
Visibility (3.50 / 2) (#7)
by baka_boy on Fri Jun 30, 2000 at 03:05:53 PM EST

What seemse to be missing from this whole online privacy equation is visibility for those companies that make these kinds of major faux paus. There are a few vanguards (i.e., Peacefire), but I for one haven't come across many high-profile "watchdogs". Even if they're out there, (which is entirely likely) the fact that the average Joe Surfer doesn't know where they are is in and of itself a bad sign.

Demographic data-gathering is something that bothers me anyway. I'm not sure how many other places this is going on, but around here (Portland, OR) everyone has started using membership cards at the cash register. They give you $0.50 off your can of soup, you give them detailed profiles of the buying habits of every one of their customers, complete with age, name, phone number, and favorite brands and time of day to shop.

The problem is that the businesses hold all the cards right now. Since consumers don't have any reliable forms of digital identification, each website, grocery store, etc. comes up with their own closed system, which may or may not be secure, kept private from advertisers, etc., all at the discretion of the business's executive management.

It all relates to the inability of the average consumer to protect their privacy even a fraction of as well as most businesses. I can understand the need for law enforcement, the census bureau, etc. to have access to personal information (even if I don't like the way they might use it). Corporations, however, should have no right to know anything about me that I don't knowlingly volunteer to them.

Re: Visibility (none / 0) (#8)
by Anonymous Hero on Fri Jun 30, 2000 at 03:58:11 PM EST

Hey, I love those membership cards! I have them scan it at the register, and get all sorts of discounts! And it's on my keychain, so if I lose my keys, they're sent to my friend Allen's house!

Boy, they must think he drinks a lot of DR Pepper...

- Hamshrew

[ Parent ]

Club cards (none / 0) (#11)
by kmself on Fri Jun 30, 2000 at 11:33:28 PM EST

Thing about club cards is that the data are typically unauthenticated. For years I've had one to a local grocery chain for which I'd entered "Seymour Cray" as the name for the card. 'Course, someone in data entry fscked up typing it in so that's not what ended up on the card. However, the kicker was when I discovered that SGI had the data mining contract with the store. If you don't give a real address, you're off the hook, though you won't get the wonderful discount coupons they send you (along with other junk mail).

Just grab a handful of applications next time you're at the store and fill in a series of "Mickey Mouse", "Fred Flintstone", "Sample User", "Error Code", "Bad Data", "Student User", "Test Account" and related names. Best -- most of these are commonly used test data names used in various DP systems (I once had access to a few score millions of credit card accounts -- had to be scrubbed for data match accuracy, I know whereof I speak). Plus you get the pleasure of having the store clerk smile and say to you "thank you Mr. Data" as she hands you your receipt.

A tip though -- always pay cash, not check or debit/credit card. I've found that my ID gets linked up if I do use an authenticated payment mechanism. Makes me want to open up a few checking accounts under assumed names....

Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Visibility (none / 0) (#15)
by Buck Satan on Sat Jul 01, 2000 at 11:02:26 PM EST

I like what you say about the vanguards, however there is a problem with them as well.

Back around November, ConsumerReports.org had a "online shopping tips" story on their website that was free for anyone to read. In it they said "look for the TrustE symbol." This was at the time that TrustE was getting hammered left and right in the press.

I wrote Consumer Reports and gave them links to at least 10 different occurances of TrustE saying, "Oh, well! Live with it!" and had stories to back it up. What was the result?

After sending them the message 3 times over a 6 week period, they finally got back to me with a "we will look into it" message. Nothing happened. The story continued to spew forth the "TrustE is great!" message.

I can't find the story on their website now, and the whole site is pretty much pay-per-view, but on doing a search of the site there are 5 occurances of TrustE in stories about online shopping. I can only assume they still say the same thing.

It's sad too. I used to respect those folks.

[ Parent ]
TRUSTe reprieve... (4.00 / 1) (#9)
by evro on Fri Jun 30, 2000 at 10:01:11 PM EST

Wired has an article on this subject and it seems TRUSTe may not be as crummy as I made them out to be...
Toysmart's about-face is a particularly bitter pill for TRUSTe, because Toysmart had been awarded the TRUSTe seal, which supposedly "alleviates users' concerns about online privacy."

TRUSTe has responded by filing a complaint with the FTC, charging that Toysmart's broken pledge constitutes unfair and deceptive marketing. TRUSTe may also sue Toysmart for breaching the contractual obligations of the TRUSTe seal program.

"It's important that we send a signal to the industry that this is unacceptable," said Steer.

The Wired article is <a href="http://www.wired.com/news/business/0,1367,37354,00.html">here.
"Asking me who to follow -- don't ask me, I don't know!"

hey, rusty... (none / 0) (#10)
by evro on Fri Jun 30, 2000 at 10:03:00 PM EST

Can you fix the escaping on preview? The link in the parent comment was all screwy. It looks like some quotes were escaped but others not. Weird.
"Asking me who to follow -- don't ask me, I don't know!"
[ Parent ]
Link (none / 0) (#12)
by kmself on Fri Jun 30, 2000 at 11:35:22 PM EST

The Wired article

Rusty's got some funky string parsing that occasionally breaks over a wrapped line. This should be better.

Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

The Data Should Go With the Business... But Nowher (none / 0) (#13)
by Anonymous Hero on Sat Jul 01, 2000 at 02:25:51 AM EST

From the article:

The company that buys the CraftShop name is free to use the [customer information] list as long as it does so as CraftShop.com, according to the company's former CEO, Angus Mackey.
"CraftShop promised that it wouldn't release the names without approval," Mackey said. "So we just can't take the names and sell them to anyone interested. We couldn't deal them independently. [The company name and customer list] had to go together."
This is pretty much the way things work when any business is bought out: The customer list and past sales histories go to the new owner along with the rest of the business. This bothers me a lot less than selling the data (by itself) to some unrelated third party: It would be stupid for the place I've been renting videos from to suddenly "not know" about my membership just because the business has a new owner. But I'd be less amused if some private detective wound up with a list of all the p0rn I'd rented.

One of the privacy groups (can't recall which one) has advocated a "poison pill" privacy policy, which would require that personal data would always be handled under the restrictions originally promised (regardless of the acquiring company's policies). If the acquirer didn't agree, the data would be destroyed. While there appears to be an implied contract between the customer and the site if a privacy policy is posted, can any of the lawyers out there tell us if the customer actually has any legal remedy if the policy isn't followed or is abrogated?

And finally, does anyone know of existing standards for handling the really confidential stuff? What happens to the client records when a lawyer retires or a doctor closes his practice? Perhaps there's a precedent here that can be built on.

Performance Based Marketing (1.00 / 1) (#14)
by Anonymous Hero on Sat Jul 01, 2000 at 05:03:31 AM EST

There is a company called <a href="http://www.dynamictrade.com">DynamicTrade</a>, with a site also called <a href="http://www.connectcommerce.com">ConnectCommerce.com</a> They are a performance based marketing firm that only gets paid when a consumer purchases a product. Here's how it works:

1) customer goes to search engine and searches for Khaki pants
2) Gap Banner add appears with direct link to check out at Gap's website for Khaki pants.
3) If customer purchases item, these guys get paid. If not... well they don't.

They are apparently collecting a huge data warehouse of customer information, from clickthroughs to what you've purchased in the past, and what you might want to purchase in the future. They said that this data is only stored on their servers by "CustmerID". They are debating how to use this information... selling it, reporting it to other firms for a demographic profiling. They have partnerships with email marketing companies as well, but claim they do not use this for spam unless the users specifically say they would like to be spammed.

Does anyone have information or opinions on these sorts of companies? Are there many of them? Who are the number ones? They don't have a TRUSTe banner on their site, but we know what that's worth from previous posts.

Here is a copy of their privacy statement:

Privacy Statement

This privacy statement discloses the privacy practices for Dynamic Trade, Inc., and its Web sites http://www.dynamictrade.com/ and http://www.connectcommerce.com/. If you feel that Dynamic Trade is not abiding by its posted privacy policy, you should contact Dynamic Trade by e-mail at privacy@dynamictrade.com.

Information Collection and Use

Dynamic Trade will not sell, share, or rent information to others in ways different from what is disclosed in this statement. Dynamic Trade collects different types of information from three different types of parties: its marketers, its partners and end-customers of its marketers when those customers are referred to the marketers by way of the partners.

Partners must register on Dynamic Trade's ConnectCommerce Web site (http://www.connectcommerce.com/). Marketers are registered by Dynamic Trade upon closing of a relationship agreement with the marketer. End customers are never registered on the Dynamic Trade's Web site.

To participate in the ConnectCommerce network, a partner must first complete the registration form. During registration the partner is required to give their contact information (such as name and e-mail address). This information is used to contact the partner about relationships with marketers in which they have expressed interest. End customers do not register on any of Dynamic Trade's Web sites.

We do not collect personally identifiable information when an end-customer places an order with one of our marketers. When an order takes place as a result of a referral from our partners, we collect generic order data such as total order amount so that we can ensure that our partners are compensated for their referrals.

A cookie is a piece of data stored on the user's hard drive containing information about the user. We use cookies to keep track of which customers have been referred to our marketers by our partners. Usage of a cookie is in no way linked to any personally identifiable information when making purchases through our network.

Log Files
We use IP addresses to analyze trends, administer the site, track end-customers' movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

We will share aggregated demographic information with our marketers and partners. This is not linked to any personal information that can identify any individual person. Also, we will not share transaction data about any specific marketer with any other marketer, and we will not share transaction data about any specific partner with any other partner. We will share marketer data with partners and vice versa, but only when the specific marketer and the specific partner were both parties to the transaction. In other words, a marketer can see all of his/her transactions across all of his/her partners, and a partner can see all of his/her transactions across all of his/her marketers. No marketer has access to any other marketer's or partner's data, and no partner has access to any other partner's or marketer's data.

From time to time, partners who register on the ConnectCommerce Web site may be contacted by Dynamic Trade regarding participation in other marketer's I -Performance Marketing programs. Partners may opt out of this contact. Similarly, Dynamic Trade will share marketer information with an appropriate set of partners, as determined by Dynamic Trade and the marketer. Marketers may opt out of this information sharing.

Online Partnerships
All parties (end customers, marketers and partners) should be aware that Dynamic Trade is essentially a manager of online relationships between other Web sites. Dynamic Trade's privacy policy applies to Dynamic Trade's own Web sites and servers, and not those of its marketers and partners. Any party with concerns about privacy should investigate the privacy policies of the marketer and partner who are party to a given transaction. Dynamic Trade has no control over these policies.

Dynamic Trade takes every precaution to protect our users' information. Sensitive information gathered via our servers is protected both online and off-line.

All transaction information and sensitive data is transmitted encrypted using SSL (Secure Sockets Layer), an industry leading standard for transmitting data across networks. We use SSL to secure the transmission of sensitive data between our network and our marketers' and partners' networks.

While we use SSL encryption to protect sensitive information transmitted online, we also do everything in our power to protect user-information off-line. All transaction information, not just the sensitive information mentioned above, received from marketers and partners that is stored on our network is encrypted. Finally, the servers that we store personally identifiable information on are kept in a secure hosting environment. ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that our marketers' and partners' information is protected.


Defunct Dot-Coms Sell "Private" Data | 16 comments (14 topical, 2 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!