Privacy and Identity Theft

Hi,

Sorry for the delay in posting. I’ve been travelling in snowy Canada this week.

There are many different ways to measure it… none of which are 100% acuracte. But here is how I measure it:
– amount of spam that gets through my filters
– chatter on private anti-spam mailing lists
– news reports of various antispam vendors tougting their measurements (service providers seem more reliable, as they see more email)

But basically, the story is the same. Spam volumes have increased by 100% – 300% in the last 3 months.

Yeah, botnets are to blame. But really, this is simply the logical response of spammers to increasingly more effective and widespread spam filters, phising toolbars and phishing filters build intlo web brosers, etc.

Some guessed that they had this firepower lurking, but now we know for sure.

Perhaps there is a new variant of Metcalf’s law lurking here (Jevans’ law:-)? Every 12 months, the volume of email attacks doubles, as does their technological sophistication.

We have noted a concommitant massive increase in the number of unique phishing URLs over the last 3 months. The bad guys are making it harder for blacklists to keep up…..

We’ve seen a monthly increase in phishing URLs from about 12k, to 20k, to 37k to 150k…..

What an interesting week in global privacy law.

In Brazil, a lawmaker is attempting to make anonymous Internet access illegal. The proposal is for ISPs to be required to keep logfiles of all Internet traffic from every user for 3 years. Furthermore, the proposal calls for users to have a digital certificate, issued by the government. Accessing the Internet without presenting your certificate to the ISP would be a crime.

In an ironic twist, a federal judge in Germany this week has decided that ISP T-Online must delete the IP logfiles of any customer who requests it. Of course, the ISP is not happy with this, assss they now have to implement a much more sophisticated and granular mechanism to manage logfiles, and to delete them on a per-customer basis.

What a nice example of how attitudes and policies differ around the world.

The Center for Digital Democracy (CDD) and the U.S. Public Interest Research Group (US PIRG), filed a complaint today with the Federal Trade Commission, calling on the commission to undertake an immediate, formal investigation of online advertising practices. Specifically calling out Microsoft, the complaint alleges “Microsoft has embarked on a wide-ranging data collection and targeting scheme that is deceptive and unfair to millions of users.”

The 50-page complaint states that Web data collection technologies have far outpaced the dated Web privacy laws and policies that were initially designed for a world with large static Web content sites. The document requests the FTC take a hard look at 5 areas:

• User Tracking/Web Analytics
• Behavioral Targeting
• Audience Segmentation
• Data Gathering/Mining
• Industry Consolidation

The complaint says: “Collectively, these five areas represent the foundations of an entirely new online environment, one in which engagement gives way to entrapment, in whichpersonalization impinges on privacy. It is an online environment, in short, that threatens to turn the traditional media equation on ithead—a media that consumes us.”

“Consumers entering this new online world are neither informed of nor prepared for these technologies and techniques—including data gathering and mining, audience targeting and tracking—that render users all but defenseless before the sophisticated assault of
new-media marketing.”

It’s good to see that some light is being shed on how the online tracking and marketing industry has evolved over the last few years, and how it poses new challenges to the privacy and free-speech of Internet users. For further evidence of a sliver of how this new world of tracking works, see the article on AOL’s Disturbing Glimpse into User’s Lives.

Now image that this type of data mining is combined with analysis of all your email, your blog postings and subscriptions, your e-commerce transactions and your browsing history. Marketers and others will soon know more about your psyche and habits than you do.

Couple that with a few database breaches or unethical company practices, and you have a privacy time-bomb.