posted on March 13, 2001 02:56:24 AM new
And what to do about it
http://www.siteguest.com/siteguest/ is selling your privacy!
From their page:
"How many visitors to your web site browse through your pages collecting information and then move on without leaving you any means of contacting them? What if you knew the names and e-mail addresses of your web visitors? You could offer them assistance, inform them of your latest special offers, or point out other helpful resources. You would contact them before the competition does. In short, you could close more sales from your internet leads.
Your web site was designed to help you sell your product, but you can't sell if you don't have leads. All too often, a web site just sits idle, failing to generate the contacts necessary to make sales. Not anymore. SiteGuest will provide you with high quality leads-- people who have already taken an active interest in your company by looking at your web site.
Once SiteGuest is installed, you will receive your visitors' names and e-mail addresses in your inbox. For some this process is completely transparent."
Meaning that their snooper program uses JavaScript and asks your browser to mail an invisible form to them with your email address (abnd who knows what else) ... you might never notice it until the spam hits, and even then you will have a hard time pinning it to any site.
******
The cure ... TURN OFF JavaScript in your browser, increase your security levels so that you are warned before submitting a form, and install PROXIMITRON, a nifty popup kliller that also disables "snoopy" javascript.
posted on March 13, 2001 08:52:42 AM new
I can attempt to explain. There are a lot of free services on the net. These services are free because they harvest your info and use it to target you for ads. If the privacy rules go in effect, they won't be able to do this. So they will have to start charging for these services. That is where the cost comes in. A little convoluted reasoning but not entirely untrue.
posted on March 13, 2001 03:48:46 PM new
It's just this sneaky sort of gathering of information that a good chunk of why I despise non-opt-in direct marketing so much. Companies don't bother to think that maybe there was a good reason the consumer was not interested in leaving their information on the companies webforms.
There is truly that little respect for what the consumer's wishes. I wonder how many direct marketers have unlisted phone numbers or addresses in their own personal life. How many actually seek to avoid their own product, I wonder....
One point that all of these companies who think direct marketing is such a great thing might be missing a major point. One company's ad mentions that 65% of all shoppers abandon an online purchase they were beginning to make. I wonder how many do it when they reach a form asking for information but aren't sure what the company will actually do with it? How many more simply don't start a purchase, or even shop online, because of that?
Selling a single customer/purchase record typically grosses $0.05 - $0.50 (usually more towards the 5 cents then the 50 cents). Yet a single customer abandoning a small $20.00 purchase because of privacy concerns negates the sale of 40-400 customer purchase records to direct marketers. To up the numbers, say there are 1,000,000 people who have each not bothered with $100 worth of online purchases each due to privacy concerns. That's $100M in direct losses, wiping out the sale of 200 million to two billion customer/purchase records. Have there even been two billion online customer/purchases yet?
I've seen several surveys, some from direct marketers saying 40% of all online consumers have balked on one purchase due to privacy and/or security concerns, some from more independent groups saying 50-65% have. Say there are 50M Americans online, and 50% have have balked on a mere $20 purchase each. There's $500M lost right there, wiping out the sale of 1-10 billion customer purchase records to direct marketers. Most of those balkers have surely skipped more than just one $20 purchase too, so the numbers could easily be ten times that.
I keep wondering, but personally have no way of saying, much less proving, whether privacy problems have actually cost the so-called "New Economy" very seriously -- but it couldn't have helped.
In terms of addresses being scavenged from the browser, I'd also separate your browsing from your email. I've never put my email address inside my browser's setup screens, and use a separate email program dedicated solely to email. Besides helping negate harvesting issues, I think a dedicated email program simply provides more robust/useful email features (and stability) than a do-all program anyway.
Yes, JavaScript is heavily abused, IMO. Pop-up windows, ads that follow you around the screen, part of various hacking/cracking exploits, privacy violations, and other irritations. Half the time that it is used for something honest, there are easier alternatives anyway. So usually I keep JS turned off, and I really don't miss it.
Free sites, of the style mentioned, are fine, as long as they are very upfront about what the underlying price actually is. If they say that they'll show you X # ads / whatever, or that they will give your information to other interested parties, etc., in some very clear way, and someone choses to sign up, that's fine.
Whether the price is in dollars or in having to accept a certain level of direct marketing, that price should be just as clearly stated ahead of time, either way.
I have some friends who signed up for such services, knowing full well (on their own, not from me, though I did comment, restraining myself to a few words ) what was involved, but willing to do so for free service, only to hear many of them, months or a year later, getting sick of it and looking for regular, pay services.
Others seem to still be living well enough with the cost of free services.
----
What's being done in the name of direct marketing nowadays is crazy.
The above are all just my opinions, except where I cite facts as such.
Oh, I am not dc9a320 anywhere except AW. Any others are not me.
Is eBay is changing from a world bazaar into a bizarre world?
posted on March 13, 2001 05:07:47 PM newabacaxi - how does a JavaScript harvest your email address? I have no doubt that it happens, I'm just curious about the method. Does it target a certain email application such as Outlook, or is anyone vulnerable? I use AOL and sometimes Eudora for mail.
posted on March 14, 2001 03:23:24 AM new
RainyBear -
"how does a JavaScript harvest your email address?"
Basically, it fakes out your browser into filling out and sending a mail-to form. This happens invisibly if the security settings are not set high enough.
SO ... the solution is to use a fake name in your browser settings ([email protected] is one that will be immediately discarded by a mail server, because example.com is a dummy domain used for examples in textbooks only, or (as I do) an email address aimed at a spamtrap.
Don't browse with your email reader, and don't email with your browser!
**********
AnonymousCoward -
I don't know. I use a program called the Proximitron that filters out most JavaScript from web pages.
*************
Here's the HOW-TO ...
No. There is an ONLOAD="kbL()" in the [body] header.
At the bottom of the page is a form named "form1" (pretty
much empty - nothing to fill in - it has parameters for
the referrer, OS, etc. which are set using JavaScript).
The form's action is a "mailto:" so it will send mail,
and hence, your email address when submitted.
There is code to write a cookie (JavaScript code so you
get the cookie even if you have cookies turned off) and it
checks for the cookie - if it exists, it does not send
your email address again.
**********
and because it's using JavaScript to set cookies, the only defense is to turn it off ... it's called JavaSchit for a reason.
posted on March 14, 2001 03:49:10 AM new
I signed up for a free Hotmail account, and two spam emails arrived within 24 hours. I wonder how they did that?
posted on March 14, 2001 05:52:22 AM new
Someone sent me this complaint and since I can't verify it, I thought I'd post it here and see if anyone else had a similar experience.
She joined an online payment service using her billing address, which is a PO box. She does not get mail at her home address. The service eventually forced her to give a home address in order to withdraw money. She told me that within a week of giving them her home address, she started getting junk mail at that address. She blames the service for making her address available. I wonder if anyone else had that happen.
In another thread somewhere here, someone noted an article saying that Microsoft is selling all the personal information from the Hotmail accounts as fast as it can get them.
One way to get rid of some spammers.....
I was having a problem with one spammer, that no matter how many times I sent the remove email, two or three of the same messages would arrive the next day with different addresses. So, I created my own remove message. In a very large font, I typed the word "REMOVE!", did a ctrl-C copy, and pasted and re-pasted it until my fingers were tired. It was a HUGE email. Did the same thing in the send-to block, copied the reply-to address as many times as my fingers would hold out. Then I sent it....10 times. Haven't heard from then since, though I did have a few returned as their mailbox was strangely overfilled.
They may know that they have an active email address, but it is one that will shut down their mailbox so no one can get through.
[ edited by mark090 on Mar 14, 2001 06:11 AM ]
posted on March 14, 2001 07:33:14 AM new
I would very strongly recommend to NEVER reply to a spammer's "unsubscribe" or "remove" address. At best, it will be ignored. More commonly, they use those as traps, a way of verifying that there is a "live one" on the other end that they can spam even more heavily -- as ended up happening in your case.
Other reply-to addresses are often dummy, non-existent addresses, so all the irate responses (or occasional retaliatory mail bombs) go someplace nonexistent.
The only useful "unsubscribe" addresses are the ones for lists you "subscribe"d yourself to in the first place, at honorably-run companies.
The Microsoft/Hotmail issue has been reported on major news stations even. This is an all too common activity -- even when you pay for the product or service.
Another trick spammers use to verify active addresses is known as a "web bug" or simply a "bug," which in HTML email (not plain text email) email amounts to a tiny (1x1 pixel), transparent image with a complex URL, which if you have your mail reader set to display HTML email as an HTML page (instead of just spinning off the HTML as a separate "attachment" file) will cause the image to be loaded from the spammer's server, alerting them as to who opened their email. If this bothers you, it would be best to either turn off HTML email, or just trash the email without opening (or your email client auto-opening) it.
----
What's being done in the name of direct marketing nowadays is crazy.
The above are all just my opinions, except where I cite facts as such.
Oh, I am not dc9a320 anywhere except AW. Any others are not me.
Is eBay is changing from a world bazaar into a bizarre world?
posted on March 14, 2001 07:37:54 AM new
Hmmm, now this is an interesting idea... although I would never use it because I hate the idea of getting spam mail as well.
-Trey
***********************************
"If your mind can concieve it, and you believe it, then you probably can achieve it."
http://www.CondomDeals.com
***********************************
[ edited by taz8057 on Mar 14, 2001 07:38 AM ]
posted on March 14, 2001 07:49:46 AM new
I have seen various suggestions (such as the above post) about ways to deal with spam and spyware in a number of different places, and was wondering...
Does anyone know of a website which is devoted to these particular subjects, with suggested browser/email settings to manage spam/spyware and explanations of how the various program settings work, along with an explanation of how and why one might choose between them?
posted on March 14, 2001 08:20:20 AM newCompanies don't bother to think that maybe there was a good reason the consumer was not interested in leaving their information on the companies webforms.
Spammer companies only think of what makes them feel good. Some of them imagine their victims as enjoying it, some of them don't care.
posted on March 14, 2001 08:24:32 AM new
What I don't get is that the purpose of these emails is to try and get you to buy something. Why would anyone want to deal with spammers? I throw away junk mail unread. I delete spam unread.
Does anyone remember an old science fiction story about the advertising business where a company tried obnoxious methods (only in the story they made them work)? I remember a refrigerator company that sent a truck with a loudspeaker around a neighborhood blasting the message "Feckle freezers are great!" When folks called to complain, the company sent a representative with a gift for them as an apology. Of course, the representative also managed to sell them a Feckle freezer. Whoever wrote that story was ahead of his time.
posted on March 14, 2001 08:50:08 AM newWhat I don't get is that the purpose of these emails is to try and get you to buy something. Why would anyone want to deal with spammers? - yisgood
No kidding! It's a mystery to me ... they think I'm going to apply for a mortgage from someone who sends me spam?? That I'm going to buy pharmaceuticals???? I suppose if they get even one sucker out of 10,000 to bite they figure it's cost-effective. But sheesh.
dc9a320 -- I just want to say thanks! to you for participating in these message forums. Your posts, especially on this subject, are always so thoughtful and articulate, and you always manage to keep your cool even when someone's getting "up in your face" like I've seen in a few other threads. You are a class act!
posted on March 14, 2001 09:20:00 AM new
I know this is about WEB Sites, but I am trying to learn some basic HTML and one of the tutorials I use suggested "viewing the source code" of web sites to see what/how they do things.
Well, I found an auction layout I liked and decided to check it's source because I am trying to add an "eye friendly" background color in my ads and can't for the life of me get it right! Anyway, I saw the words "start JavaScript" several times and then I saw "cookies" and some other stuff that meant nothing to me, but was wondering from reading this, can info on users be gathered from auction ads?????
posted on March 14, 2001 11:08:08 AM new
Despite eBay's new attempt to hide our e-mail addresses, I notice that anyone who has a PayPal logo on their page has their e-mail addresses available. Try holding your cursor/mouse over the logo, and you'll see the seller's e-mail address associated with PayPal (it shows up at the bottom of my browser).
posted on March 16, 2001 09:29:07 AM newtriplesnack: You're welcome, and thank you! I appreciate your words.
tmarieb: Actually, that one would not really be eBay's problem. Most, if not all, privacy policies have disclaimers about the links offsite, and though I'm not a seller and don't use PP, I'd have to guess that it is PayPal that creates the link, or requires the user to add such links to use PP.
On a non-PP aspect If I had been eBay, I'd have left the choice (an option) to the seller on whether potential buyers could retrieve the seller's email address or have to go through the form.
abacaxi: Didn't eBay forbid sellers from adding JavaScript on auctions a few years back, after someone used JS to scam eBay passwords? I have JS off when using eBay (and most other sites), so I haven't really checked if that's enforced, though I do know eBay now has some JS of its own on pages (nothing that can't be switched off). Of course, even if eBay does disallow sellers from adding additional JS, that may not be true of other auction sites.
capriole: Almost everyone, and that includes myself, is fooled into responding to "unsubscribe/remove" addresses, until someone informs them of the danger. Back in 1996, I was writing to CyberPromo, of all companies, to remove me, until a friend of mine that hates spam even more pointed out the problem.
CyberPromo was even fooling newbies, myself definitely NOT included, that spamming is an easy and good thing. There were quite a few people shocked into realizing how much spam is hated (they only had to send their first spam to start finding out, and many would quit not long afterwards, realizing they'd been drawn into making a mistake).
) what was involved, but willing to do so for free service, only to hear many of them, months or a year later, getting sick of it and looking for regular, pay services.
[ edited by mark090 on Mar 14, 2001 06:11 AM ]