Thursday 13 November 2008

Lying through machine-readable privacy policies

It's possible that it is in websites' best interest to post privacy policies that claim to be very careful but actually violate them in the background. With machine-readable policies, the problem gets worse because users can preset their web browser to trust websites to set cookies and so on based on what that site claims to do with your personal data. Only reputable sites will tell you what they actually do. The ones you want to avoid now have a higher incentive to lie through their teeth, because the browser will happily accept their cookies based on their claimed privacy policy.

Even if they get caught, they will take the typical scammer route of shutting up shop and opening again at a new location until that one is compromised. When it's all digital, it's cheap enough that it's worthwhile copying the same scam website to a new location and netting a few more victims before moving on again. There needs to be a strong economic incentive for websites to follow their own privacy policies at the time of browsing.

Mokalus of Borg

PS - If there's only a legal disincentive that might come up later, that's not enough.
PPS - But privacy policies dictate what you do later, so this might be a tough one.

No comments: