Trilight Zone

[digital8]

Exposing friends to Trojan Marketeers
Would you sign a friend up with a telemarketing or junk mail operation? Would you give their phone number or home address to a corporation you know little about? Do you want your friends to be tracked while they browse the Internet by a stealthy network of advertisers, spammers and worse?

Of course not. Then why are millions of people giving their friend's email addresses to corporations via an ever-growing range of web forms? They know that email addresses are the source of more pain in terms of spam than junk mail or telemarketers (thanks to do-not-call lists). But more and more I'm getting email from "evite" (really TicketMaster), greeting card companies, advocacy organizations, various media corporations, so-called "social networks", etc. Why? Because a friend knows my email address and wants to invite me to a party, convince me to join their cause, share a news story, or get me to sign up for something.

My friends mean well, but what they don't know is how much information can be easily tracked over the Internet. The corporations, networking with their "partners", can find out how and when I receive the message (via "web bugs"), even if I don't respond, or look at any attachments. And my friends don't know how easy it then is for the corporate networks to find out not only what kind of computer and software I use, but also to look up many of the web pages I browse and products I've expressed interest in, both in the past and for years into the future, what sorts of queries I enter into many search engines, and other personal information about me.

Most corporations deny that they currently track things to this extent, and their "privacy policies" often sound innocuous. But there are few legal limits on this sort of tracking. Most people don't know the implications of what the privacy policys allow and don't realize that the policies can be changed whenever the web site owners like, e.g. when they are strapped for funds or get bought-out. And of course the ever-inquisitive agents of the FBI et.al. can request this sort of information without a court order these days. And the corporations are forbidden to let anyone know about that....

In each case, the normal way to communicate would be for my friend to just directly send me email. Every email client and web browser has a facility to forward a web page ("Send Page") directly to whoever you want. But instead they succumb to the convenience offered by a web page that presses them to type in the addresses of their friends so the message can be sent on their behalf. The message, best described as "trojan marketing", often gets past my spam filters because the corporation doesn't send it using a corporate address, but instead substitutes the email address of my friend ("with their consent").

It is fine for people to use their own private web sites to help them plan parties or collaborate with their friends, and many do. But the trend is for highly-promoted commercial web sites to tie themselves together with services like DoubleClick (see below), so that your activity on shopping sites, social networks, financial sites, news sites, etc. can all be correlated, with little or no legal restrictions in (especially in the US) on what they can do with the information.

Bottom line:

Never give away the email addresses of your friends to third parties. Just send them email directly and let them choose how to reveal their private information.
When deciding whether to use an on-line service yourself, consider whether they rely on these sorts of trojan marketing practices. Check to see whether they use web bugs in email, opt-out (see below), etc.
Beware of formated email (HTML). Don't forward email that contains HTML or other potentially dangerous formatting from these sorts of services to your friends, since as soon as they read the mail, they will be linked into the trojan marketeering game via web bugs. Use plain-text email messages instead. Just cut-and-paste the original message into a new one, rather than forwarding it.
Switch to email software that allows you to prevent web bugs from working, like Mozilla, Netscape (?) or Mutt. Turn off image viewing and Javascript when reading mail. (more suggestions welcomed....)
Work for laws that protect privacy like those in Europe, where they have had more compelling experiences with oppressive governments and corporations.
Now for some cases in point.
Evite
Evite shares most of these "trojan marketing" and privicy problems and more. Note that they are owned by TicketMaster, the monopolists, and read this news story about them and spam: Ticketmaster privacy policy slammed

Evite's service is obnoxious for invitees - the email message doesn't give any details of the event, so you need to click for info (and ads and yet more privacy abuse).
Refuses to let people effectively opt out: Won't let your friends know that you reject evite email, etc.
trojan marketing

Uses web bugs to track when and how you read email messages.
Uses "Co-Branded Pages" which look like evite but info goes to some other company, thus leading users to "establish relationships" with more companies without realizing it. Once you have such a relationship with a company they can call you on the phone even if you are on a "do not call" list, etc.
Uses "opt-out" practices, forcing people to pay close attention and un-check boxes that ask for permission to send marketing messages, rather than "opt-in" practices, in which people don't get email unless they explicitly ask for it.
DoubleClick
For more information on DoubleClick and the breadth of information they receive from millions of people using thousands of web sites, see Politech - iFriends replies to Brill's Content article on privacy, web bugs.

See also the Web Blooper of the Month from UI Wizards, or the much less polite and more technically informative evite complaints from Jaime Zawinski, a well-known Internet pioneer.

Abusive forms of Viral Marketing
Viral Marketing is the technique of getting your customers to help spread your message. As long as it isn't deceptive and doesn't hijack vulnerable computers, it is an ethical marketing practice.

When a web site asks people to share email addresses of their friends, warning lights should start to flash. If they have a privacy policy that allows them to retain those email addresses (as nearly all do), that should be plainly disclosed right on the form where the addresses are entered.

Finally, using intrusive techniques like web bugs, and deceptive techniques like easy-to-overlook "opt-out" check boxes is clearly unacceptible. It becomes Trojan Marketing, which should be shunned.

Since most people can't easily tell the difference, I urge a great deal of caution. I hope my friends don't ever share my address unless they've done enough research on the company to know whether they use these techniques. But that's a pain, and it would nearly always be safer and more personal to just forward the message themselves.