ISPs will attach your ZIP to all web requests
This Article on Wired.com is about an initiative by Juniper Networks in collaboration with Feeva to sell a new tracking technology to ISPs.
The enhanced router would be sold to ISPs and will automatically insert your ZIP+4 into HTML headers. This will allow marketers to have much more accurate information about the user’s physical location.
They claim that the “consumer is not in any way stripped of their privacy” but fail to actually explain how that is the case. The point is for ISPs to get a piece of the advertising pie. The ZIP will be encoded, not sent in the clear, but will be available to some undefined set of “trusted third parties”. That does not give me much comfort.
I have seen many examples of websites which charge different prices based on where you live, or otherwise restrict access to web pages. This kind of targeting does not help me at all. If I want to be located, I have many ways of explicitly telling the site where I am.
This is another example of why you can’t trust your ISP. Their interests are not the same as yours. They have a strong incentive to track and monetize your activity.
Fortunately it is easy to take back control. If your traffic is encrypted within a VPN, then the ISP will be unable to insert this information. It gives you the absolute ability to enforce your own “opt out” even if the ISP does not want to give you the option. Anonymizer Universal(TM) provides an easy tool to accomplish this.
- Lance Cottrell
June 24th, 2010 at 2:56 pm
By using anonymizer ain’t I just transfering trust from the ISP to the anonymizer vpn servers?
June 24th, 2010 at 5:21 pm
It is true that you need to trust Anonymizer however:
1) We have not released press releases about how we are planning to spy on users.
2) We have committed to protecting users against this kind of privacy invasion.
3) Were we to do anything like this we would be quickly caught and our business would be destroyed.
4) We have a perfect 15 year track record of protecting privacy.
5) I have been building privacy tools for about 18 years, starting with free open source tools. Our service is backed by my personal reputation in the space.
As we discussed in another thread, it always comes down to trust. With Anonymizer you have something solid on which to base the trust.
June 25th, 2010 at 10:58 am
I’m just curious how does you bootstrap trust in a service like anonymizer. After 15 years proving that it is able to protect users privacy its obvious that it can be trusted,but how is trust built in the early stages of a service like this?
In an open source project its simple, well is open and you can more or less at any given time see what is happening with your information
June 25th, 2010 at 11:29 am
This is really the $24,000 question, and it applies well beyond the arena of privacy services. It can apply to any provider of services.
I think we do well by starting from conventional physical world analogies.
In the absence of track records there are certifying entities which can endorse the newcomer and may often have some kind of enforcement / punishment capabilities. The Bar Associations play that role in the legal arena, and various medical boards do the same for physicians.
Licensing and bonding have been used in other contexts. You may not know your plumber, but the fact that he is licensed and some trusted party is holding a chunk of his money against any malfeasance gives some level of comfort.
In the on-line privacy space this might translate to the following steps to creating on-line trustworthiness:
1) The owners / operators must be very clearly identified and legally reachable. Privacy services provide privacy for OTHER people.
2) The character of the owners / operators should be vouched for by another person / entity with significant reputation capital at stake.
3) The software, methods, practices, and processes of the service should be audited by a reputable and skilled auditor for both quality and security of the plan as well as the reality of its implementation.
4) The service must have very clear and consistent privacy statements and policies.
Even with all that, I would hesitate to be among the first users of a new service.
June 25th, 2010 at 11:33 am
“Even with all that, I would hesitate to be among the first users of a new service.”
So no matter how well certified a service is, it can only achieve true trustworthiness through self built reputation.
June 25th, 2010 at 11:42 am
I think that is true. There is no substitute for a well developed reputation directly earned by the operator.
At the end of the day you can not trust anyone or anything 100% except yourself (maybe).
I have a high paranoia threshold. I am sure many people would start using such a service immediately, allowing the service to start building the reputation.
Personally I would like to also meet the operators in the flesh but that does not scale well.
June 25th, 2010 at 12:03 pm
hehe… I guess not.
But what I hope will happen is that as people become more aware of privacy issues (and I seriously hope they do), they will require more from privacy services, and the number of people that would start using such a service immediately will reduce. This will make building reputation a much more difficult task.
June 25th, 2010 at 1:59 pm
Lance,
Placing a user’s ZIP+4 is actually far worse than anyone realizes, I believe. With this 10-digit string (the dash is counted, but means nothing), the marketer would have about all the information they could dream of getting their greasy, money grubbing hands on and so would thousands of crooks in the ID theft rings. ZIP+4 was begun by the U.S. Postal Service just a few short decades ago and was intended to make mail sorting easier, increase the speed at which the mail could be processed and, only recently, allow automatic mail handling to deliver to each individual carrier, mail that is in delivery sequence, greatly cutting down on the time that was being taken by manual casing of each piece of mail by every postal carrier. (Casing is the process of taking a routes trays of mail from the previous night and placing every piece of mail in a case off slots that stand as a placeholder for each address on the route for that carrier, in delivery sequence. With DPS, (e.g., Delivery Point Sequencing – there’s hardly anything that the Feds don’t break down to anagrams) has come a modicum of enhanced delivery service and carrier help.
So what’s so much worse with ZIP+4, rather than the 5-digit ZIP of old? And why should each concerned citizen in the US that uses the Internet, send mail to 1] the FCC, 2] their State’s Attorneys General, 3] Department of the Office of Consumer Affairs, 4] Major Newspapers, 5] TV/Radio Talk-shows and 6] their Washington Congressmen/women and Senators (the list of contacts is big (and could easily be increased upon), but then the ISP’s plans are huge and have the potential of touching each and every citizen of the United States of America! Tell all of them that these mega-corporations should be Prevented, by regulation and legislation, from making one of the largest invasions of privacy in U.S. history. We already live a society where identity theft is running rampant and the Credit Card Companies, especially, would like to know just whats so bad about the giving/selling of ZIP+4′s; they are losing $Billions each year and it ruins many families when ID theft hits them.
OK. The reason for ZIP+4 concern, is due to just what information the marketing companies are going to be obtaining them. The plain 5-digit ZIP gives the a general area that the zips belong to, BUT, those extra 4 digits are where the problem will be so bad! With a list of ZIP+4′s, the marketers would have access to not only every single citizen’s general Area, but broken down it tells them everyone’s Full Address, too. From that point, you can easily look up in state/county records and there’s everything needed.
So, start a campaign of letter writing, making sure your concerns are clear, to the point, and especially how our Freedoms include better privacy than what now exist, not just about the flood gates that are about to open! Be sincere and not hot headed (write something, read it a couple of times, then let your husband/wife see how it reads to her – your other halves should tell you if they think any backing off of the tone of the letter is needed.
We should be able, if quick contacts are made, to stop this privacy concern from occurring! Election times are near for a big number of politicians…
June 25th, 2010 at 5:03 pm
My research shows that the zip+4 is not quite your exact house but does seem to correspond to your exact block. In my area, that is about 4-8 houses.
I had no idea it was that precise but given the number of digits, it should not have surprised me.
Thanks for the information. It does indicate this is much worse than I had thought.