From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Sun May 19 2002 - 13:17:05 MDT
On Sunday, May 19, 2002, at 02:22 pm, Robert J. Bradbury wrote:
> What I have discovered is that there is a *lot* of spam
> traffic out there and it seems to be increasing.
> I'm up to getting 2-3 copies a day of the same message from
> different sources in some cases. I wasn't aware of this
> last year because I was using the sendmail Black List
> code to block the receipt of most of this. But when
> they went fee-for-service I decided their "personal use"
> fee was a bit too expensive and went back to junking
> the spam by hand. I finally got fed up with that last
> week.
You remember the trick that Yahoo played by adding new options and
setting everybody checkboxes to "request" spam? Now Microsoft is doing
the same thing with their HotMail accounts. There are new settings that
have been added, and the default is that everybody "requests" that
Microsoft sell their name and personal information to spammers. What's
worse, Microsoft and Yahoo insist that these are not changes in their
policy, because they were already selling the information all along
without people knowing about it, even for people who requested they not
share their information. Both companies interpreted such requests as
restricting their sharing of the information for free with other
customers, but they still reserved the right to sell the information to
spammers.
I don't know what I think of the whole privacy/transparency issue with
this. My main concern is not so much the information selling, but the
fact that almost none of their customer know it is occurring. It seems
obvious by the way companies sneak these rights into their privacy
policies, and don't directly quote them or spell them out in the
contract, that they know people wouldn't agree with such a contract if
it were clear. It seems to violate some legal tenet somewhere if 99% of
their customers are not conscious of making these kinds of agreements.
If they get virtually all of their business from people who don't know
it, and virtually none from people who understand the contract,
something seems wrong. There must be some legal limit to contracts
being so vague and indirectly agreeing to further provisions not
included therein, that are not readily available to the customer and can
change without notice after the contract is signed. At some point, the
courts have to step in and say that a contract must clearly spell out
the agreement, and outside references or retroactive changes after the
fact are not allowed.
-- Harvey Newstrom, CISSP <www.HarveyNewstrom.com> Principal Security Consultant <www.Newstaff.com>
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:12 MST