Lexis Nexis - The bottomless pit of user data

(Image used under: Creative Commons 3.0 [SRC][Mod])

LexisNexis and ChoicePoint are two of the largest data-brokers in the world. They’re only product is information about you which they buy and sell with little to no regulation of any kind. I have always wondered what kind of information they keep about us, and now I know. In the profile I ordered from them, I found not only several pieces of my personal information, but descriptions of other kinds of information that they collect. Here is a summary:

Information they Had

• Full first, middle, and last name
• Wife first, middle, and last name
• Address history with dates and locations
• Social Security Number
• Full date of birth
• Driver’s License Number
• Vehicle VIN
• Insurance history including companies, policy details, dates of coverage, accidents, claims filed, etc.

Information they Collect, but Didn’t Have For Me

• Auto and property insurance history
• Pre-employment background report including “personal credit information” and state driving record.
• An Esteem® report which lists admitted or convicted cases of theft while visiting or working at a retail company (used by retailers for hiring).
• A ScreenNow® report which displays a ChoicePoint national criminal records search of your name and personal information (used for hiring and volunteer work).
• A Resident Data® history that includes personal credit information and a criminal record search (used for rental applications).
• A Resident Data® eviction report used for resident screening.
• FAA Aircraft Registrations
• Uniform Commercial Code filings (when securing a loan with collateral).
• Bankruptcies, Liens, and Judgments
• Professional Licenses
• Pilot Licenses
• Marine Radio Licenses
• Controlled Substance Licenses (for physicians, dentists, pharmacies).
• Firearms and Explosives Licenses
• Business Affiliations (for officers or principals of an incorporated Company).
• Significant Shareholders Search Results – If your name and address appear at the top of a corporation record.

And the most exciting part of all of this is that you never asked to be part of their profiles, they just take it. Neat huh?

(Image used under: Creative Commons 2.0 [SRC])

It looks like a Facebook employee decided to come clean about Facebook's horrid data protection practices

Betcha never meant for that to be public

So Facebook is not exactly known for protecting people's privacy. Besides many grievous displays of poor security, they have only added decent privacy controls over time none of which matter because you can get to the pictures anyway and every installed Facebook app can get all your data too.

All that aside, assume that setting your privacy controls is still better than not setting them. Facebook pulled a real jerk move recently when it required all users when they first logged in for the day to make a decision about their privacy settings. You had to click to keep your current settings, but if you didn't, it would open your profile up using the new default settings.

Though it doesn't probably change anything in the long run, it's quite satisfying to know that Mark Zuckerberg, the founder and CEO of Facebook, fell prey to his own tactic.

In a bit of very interesting timing, Zuckerberg’s photos have been made public to the entire internet, mostly through a post from gossip blog Gawker, after Kashmir Hill at True/Slant discovered and reported that Zuckerberg was sharing photos with a wide circle — friends of friends — and his event calendar with everyone.

Serves him right.

Facebook did not immediately respond to a call seeking comment about whether Zuckerberg’s changes to his privacy settings were deliberate, leadership-by-example-style actions. But in a status update on his profile (pictured above), Zuckerberg says he sets most of his content open and “didn’t see a need to limit visibility of pics with my friends, family or my teddy bear :)”

Sure… He claims that he didn't mind that they were public and that he did it on purpose. Of course it wasn't proof positive that the settings changes are confusing and designed to nudge people out of their privacy into the public eye. Still, some would claim foul.

But why did Zuck suddenly decide to be less private than two months ago, when his settings were uber-private? You couldn’t even friend him before, and you certainly couldn’t see him shirtless..

The fact that Zuck drastically reduced his privacy settings makes me think the Facebook CEO did this accidentally, and now doesn’t want to change back for fear of the resulting PR disaster.

I wonder if Zuckerberg is regretting this move now. He can't go back towards privacy without making it seem that he's a hypocrite. Still, you have to wonder if he's going to start posting less information to his event calendar and photo albums than before since it's been forced for PR reasons to remain public.

Blocks tracking cookies from the major advertisers online

If you were aware of the many companies that track you around the web and use the profiles they build on you to send you targeted advertising, you probably didn't know that you can opt out of this tracking one at a time with many of those companies.

How convenient.

While I suppose it's very nice that these companies will stop taking your private browsing habits from you without your knowledge or permission if you go through their hoops to stop it, there's a much easier way. A privacy-minded geek helpfully compiled a list of all the opt-out cookies that the ad networks look for to flag you as someone who shouldn't be tracked.

Further, he modified a free Google app that restores certain cookies after wiping your cookie files to preserve the opt-out cookies. So install BEEF TACO and you will better avoid being tagged and tracked like an animal online.

You can install BEEF TACO here.

In TINY letters it says price is AFTER rebate. Doh!

Rebates are those deals where they promise you a super-low price, sometimes FREE!… buuuut you have to jump through a few hoops first.

Why Stores Like Rebates

You may have wondered why rebates instead of just a discount? Either should be a tax write-off for the company offering them, but there are specific advantages for companies in offering rebates:

Even if you manage to get your rebate, the company that issued it gets to have your money and keep it interest free for 4 to 6 weeks or longer. Better yet (for them), they get chance after chance after chance to keep your money forever:

• If you buy the wrong item, buy it during the wrong dates, send the wrong paperwork, fail to cut off the UPC code from the product packaging before you throw the packaging away, forget to mail it, or just mail it after the cutoff date, you lose.

• If it gets "lost in the mail" or carelessly handled by the rebate company, you lose.

• If the rebate check gets lost in the mail back to you or you forget or lose the check before you can cash it, you lose.

Best of all, the companies require a decent amount of personal information and seldom provide a privacy policy or indication of which data is optional. If they provide a form asking for information that you don't feel is relevant, you could skip it, but then run the risk of having the rebate refused. Once they have your information, without any law to the contrary, they can store it, profile you or sell it to other profilers at their convenience. It's basically the same as a forced registration.

Rebates should instant in-store discounts only. All other types should be illegal.

So let's sum up, they get your valuable personal information and in many cases get to keep your money too. So they win big and you lose big which doesn't sound like a very good deal to me.

As far as I'm concerned, unless it's an instant in-store discount, all rebates should be illegal.

Rebate Tips

Until and unless that ever happens, here's what you should know about rebates to increase your chances of getting the money the promised you:

• Read the rebate form's legal details and make sure that it doesn't have any nasty loopholes or policies that you didn't expect.
• Check the model number of your product and verify that it's specifically listed on the rebate form.
• Check the effective dates of the rebate to make sure you're buying the item during the rebate period. If it's expired, but a salesperson says the rebate has been extended, have them show you the new rebate form as proof.
• After buying the product(s), immediately fill out all forms, cut off the UPC codes, and put each rebate in an addressed, stamped envelope ready to go out the next day.
• Make sure that if you have multiple rebates, you send the original copies to the ones that ask for the originals. The others should say "copy of". If two ask for the original of something, call the number that should be listed on the rebates to get clarification.
• Make sure that you keep copies of everything. Scanning them into the computer is a great way to do this. It's also a good way to make the copies you need.
• Make sure that you wrote the correct addresses from the rebate forms to the envelopes.
• Keep a log of each rebate, the date that you expect the money back, and the phone number (or other contact information) listed on the form to call if it doesn't come back in time. Write each on your calendar and call them immediately if they're not back in time. Keep records of every person you talk to and what they say (record it if you legally can).
• For large rebates, send them certified mail so they can't claim they didn't receive the information.

In Conclusion

If that seems like a lot of work to get your money, it is. The point that you must remember is this: if you aren't the kind of person to carefully work through all your rebates and follow up if there's a problem, you're probably better off not bothering with rebates at all. Just stick to the lowest price in the store and be done with it.

Data brokers suck up anything and everything they can about you.

(Image used under: Creative Commons 4.0 [SRC])

At first you might not believe me when I say that your information is valuable. Where you eat, how much you spend for Christmas, your struggle with weight... all these things give companies an advantage in convincing you to give money to them andcompanies are only too happy to use every advantage against you so long as they make money.

Here's how that plays out:

Step 1: Get as much of your data as possible

While doing business with someone, they ask for information they don't actually need. Sometimes they do it to support planned future capabilities; sometimes for targeted marketing; and sometimes solely for the purpose of reselling the information to people who care more than they do. Regardless, your data is big business and it seems like everyone is poking and prodding you to give up as much data as possible even in grossly inappropriate ways.

I was once asked for my social security number at a video rental store before they'd rent videos to me!

The best way to do this of course is to create a site or service where you will choose to volunteer personal data about yourself for no particular reason. For example: Facebook. Facebook openly uses the information in your profile to target ads to you (sometimes in quite insulting ways):

With the knowledge that I was engaged to be married, the site splashed an ad across the left side of the screen playing into a presumed vulnerability. Do you want to be a fat bride? You'd better go to such-and-such Web site to learn how to lose weight before the big day.

Which brings us to step number 2...

Step 2: Use all the data to market to your interests (and also your weaknesses and insecurities).

It's just business.

(Image is in the Public Domain)

Ads that attack you on a personal level for profit aren't necessarily a mistake or just coincidence. Sometimes, it's the direct result of marketing designed to take advantage of you:

Facebook showed advertisers how it has the capacity to identify when teenagers feel “insecure”, “worthless” and “need a confidence boost”, according to a leaked documents based on research quietly conducted by the social network.

The internal report produced by Facebook executives, and obtained by the Australian, states that the company can monitor posts and photos in real time to determine when young people feel “stressed”, “defeated”, “overwhelmed”, “anxious”, “nervous”, “stupid”, “silly”, “useless” and a “failure”.

Facebook is notable in being very visible and public, but most brokering happens quietly and unseen... because most people would be horrified if they knew what was for sale:

Some extremely sensitive information can be sold very cheaply. World Privacy Forum Executive Director Pam Dixon’s testimony before the U.S. Senate included a screen cap showing that MEDbase 200 was selling lists of rape victims for 7.9 cents per name, as well as similarly-priced lists of those suffering from HIV/AIDs, genetic diseases, addictive behavior (conveniently broken down into sub-categories like gambling, sex, alcohol, and drugs) and dementia. The listings were taken down soon after Dixon’s testimony.

Loose controls and regulation of credit-based data brokering (in the form of credit reports) is the single biggest cause of ID Theft and now we're seeing companies profiting from victims, emotional weakness, and addicts. The scope and intensity of the consequences of rampant and uncontrolled data-brokering remain to be seen.

Data brokering (in the form of credit reports) is responsible for the vast majority of ID Theft. To learn more about how that happens and (more importantly) how to stop it, check out my Goodbye Identity Theft course.

Fixing the problem

If you don't keep my data on file, you can't lose it

We need strong regulation and stiff consequences as soon as possible, but until that happens, the only way to be safe is to fight data-brokering as much as you can by developing a mindset of privacy and Out and About Defense and keeping your information out of databases as much as you can. They can't lose, share, or abuse it if they don't have it!

Bad Sears, BAD!

The sick thing about this story is that the spyware wasn't a hack against these companies, but was planned and sanctioned by the companies.

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable. To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites. Sears called the group that participated "small" and said the data captured by the program was at all times secure and was then destroyed.

Remember that there are no laws currently to protect against the abusive data collection and sharing practices that many companies employ. Be careful with your data and don't trust even the most reputable-seeming companies to choose your privacy over the almighty dollar.

(Image used under: Creative Commons 2.0 [SRC])

This is so wrong, I barely know what to say. I sure hope this trend doesn't start to catch on, because a lot of people would give up the information when they're pressured instead of doing the right thing and refusing.

"Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc." the form reads. But Bozeman isn't simply interested in finding out where to look for potentially embarrassing personal details; the city wants full disclosure, since the form demands username and password information for each.

This is way worse than all those sickening social networking sites asking for your e-mail address password.

Update

Here is the contact information for the relevant people in the city if you want to ask them why they thought this would be a good idea. And just in case someone were to change the form, here's a copy of the original found on their website:

This is for real... they actually expect you to give up your account details!

(Image used under: Fair Use doctrine)

When this guy tried to sign up for Comcast cable without providing his Social Security Number, they harassed him saying that they were required to ask for it under the Patriot Act.

Deal with this by first finding out what they're going to do with it and how they're going to protect it. I would most likely use the '0' trick or just make sure your credit reports are frozen and they wouldn't be able to run credit on you even if they tried.

(Image used under: Creative Commons 2.0 [SRC][Mod])

TJX has settled under charges that they had insufficient computer security protecting their systems, but the only thing TJX must do under the settlement is upgrade their security. Woo.

And this:

"By now, the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure," said FTC Chairman Deborah Platt Majoras. "Information security is a priority for the FTC, as it should be for every business in America."