The agreement highlights the risks social media companies face as they navigate privacy and disclosure norms while providing consumer entertainment online. The settlement, a consent decree, reflects neither an admission or denial of the charges by the defendants.

The FTC said Playdom, now a Walt Disney Co. unit, and former executive Howard Marks disclosed information on hundreds of thousands of children between 2006 and 2010 as they operated 20 “virtual world” websites where users could access online games and other activities.

Read the rest of this post on the original site »

The agreement highlights the risks social media companies face as they navigate privacy and disclosure norms while providing consumer entertainment online. The settlement, a consent decree, reflects neither an admission or denial of the charges by the defendants.

The FTC said Playdom, now a Walt Disney Co. unit, and former executive Howard Marks disclosed information on hundreds of thousands of children between 2006 and 2010 as they operated 20 “virtual world” websites where users could access online games and other activities.

Read the rest of this post on the original site »

But Facebook is still trying to find a path to Washington, where the company has only a fledgling lobbying operation, even though it finds its privacy policies under increasing scrutiny and is trying to navigate a politically sensitive expansion into China.

In seven years, Facebook has risen from a tiny start-up to an Internet power with a potential market value estimated at more than $50 billion. Now an online forum with more than 600 million users, Facebook faces growing pressure from lawmakers and regulators concerned about the way it uses personal information shared by its users.

Read the rest of this post on the original site

Nearly 20 years later, Dr. Guidotti Russo, backed by Spain’s privacy regulator, contends that the tale of the dispute is personal information and wants to purge the article from Google, where it shows up on the first page of results when his name is searched.
His complaint accounts for one of about 80 instances in which the Spanish regulator has told U.S.-based Google Inc. to remove personal information about individuals from its search results.

Google says it plans to challenge most of those orders, arguing that the agency is overstepping its authority.

Read the rest of this post on the original site

The suit was filed on Thursday by the law firm KamberLaw on behalf of Jonathan Lalo, a Los Angeles County resident, in federal court in San Jose, California. It seeks class-action status.

The suit was filed less than a week after the Wall Street Journal published an article raising privacy concerns over the transmission of personal information based on a study of 101 mobile apps on Apple’s iPhone and phones that run Google’s Android operating system. The complaint, which sites the Journal investigation, names app developers Pandora, Dictionary.com, The Weather Channel and Backflip Studios, the maker of the Paper Toss app, as well as Apple.

Read the rest of this post on the original site »

A lawyer for two California residents said they filed suit against the owner of adult website YouPorn, alleging that it had violated cybercrime and consumer-protection laws by using the method, which is drawing increased scrutiny from regulators and academics.

The suit, among the first to target history sniffing, alleges that YouPorn used technology that can “peek in on the plaintiffs’ Internet-visitation history” by exploiting a vulnerability in Web browsers and failed to disclose to users that the site was doing so. The suit filed in U.S. District Court for the Central District of California, seeks unspecified damages and an injunction to stop YouPorn from using the technology. Plaintiffs David Pitner and Jared Reagan, both of Newport Beach, Calif., allege that their privacy was violated by YouPorn and are seeking class-action status for their suit.

Read the rest of this post on the original site

It was no accident. An online tracking company called RapLeaf Inc. had correctly identified her as a conservative who is interested in Republican politics, has an interest in the Bible and contributes to political and environmental causes. Mrs. Twombly’s profile is part of RapLeaf’s rich trove of data, garnered from a variety of sources and which both political parties have tapped.

RapLeaf knows even more about Mrs. Twombly and millions of other Americans: their real names and email addresses.

This makes RapLeaf a rare breed. Rival tracking companies also gather minute detail on individual Americans: They know a tremendous amount about what you do. But most trackers either can’t or won’t keep the ultimate piece of personal information—your name—in their databases.

Read the rest of this post on the original site

Who is gathering the information? What are they doing with it? How might this harm me? How do I stop it?

These are all good questions. But rather than indulging the natural reaction to say “stop,” people should get smart and learn how to control personal information. There are plenty of options and tools people can use to protect privacy—and a certain obligation to use them. Data about you are not “yours” if you don’t do anything to control them. Meanwhile, learning about the information economy can make clear its many benefits.

Read the rest of this post on the original site

The number of identity-theft victims in the U.S. jumped 12 percent to 11.1 million in 2009, according to research company Javelin Strategy & Research. Fraud cases reported to the Internet Crime Complaint Center, which is partly run by the Federal Bureau of Investigation, climbed 23 percent to 336,655 last year.

Information that people inadvertently make public on sites like Facebook plays a role. So too do the sort of technical exploits demonstrated by the group that recently exposed a flaw in AT&T Inc.’s (T) website.

But in many cases, finding social-security and credit-card numbers or medical records on the Internet doesn’t require computer expertise. Instead, such information is accessible to anyone who knows where to look.

Read the rest of this post on the original site

Sometimes we move too fast.

That’s an apology of sorts, I suppose. But it’s not an apology for further loosening Facebook’s privacy safeguards or for the speed with which Facebook loosened them. In other words, it’s a comment on the execution of a policy, not on the policy itself.

By saying “we move too fast,” Zuckerberg isn’t admitting that Facebook was headed in the wrong direction with respect to user privacy; he’s saying Facebook was headed in right direction all along, just a bit too quickly–for those of us with reasonable expectations or privacy, anyway.

Which makes you wonder about Facebook’s claim that its changing privacy policy and tools reflect “shifting social norms around privacy.”

Do they really?

Or is Facebook itself attempting to shift those norms in its quest for revenue? After all, there’s great money to be made in the sort of behavioral advertising that Facebook’s user data makes possible–great money to be made in monetizing our privacy and reputations.

So the unveiling this morning of what Facebook claims are “enhanced, simpler” privacy controls is interesting, to say the least. How does a company so clearly prejudiced against privacy assuage concerns that it might violate privacy?

With a new set of “granular data permissions,” Zuckerberg said this morning (here’s Facebook’s guide explaining them).

“First, we’ve built one simple control to set who can see the content you post,” he explained in a blog post published to coincide with the announcement. “Second we’ve reduced the amount of basic information that must be visible to everyone and we are removing the connections privacy model….Third, we’ve made it simple to control whether applications and Web sites can access any of your information.” (Click image below to enlarge.)

Evidently, there will be a simple control that applies to all content retroactively and to new products going forward. If, for example, you set your preference to friends-of-friends, that will be your historic default as well as your default going forward.

For applications, access to member information has been “dramatically” limited. There will be a single check box to opt out of information-sharing with third-party sites. Said Zuckerberg: “The net effect of this is that all applications are going to have restricted access to your personal information.”

And for Facebook Platform, the company is adding an “easy” opt-out for instant personalization. Finally, Facebook is differentiating between “basic directory” information and the more personal information in its members’ profiles. Directory information must be public so friends can find one another, and “allowing people to find you on Facebook is a very different use case than sharing your information.”

As a privacy tool overhaul, this is fairly substantial. And it does seem to address many complaints about the previous system. But it doesn’t do one thing that many critics have called for: Make the highest privacy settings the default.

Why not? Said Zuckerberg: “We’re trying to make the system simple to use. Facebook has never worked in a way where you sign up and only your friends can see your personal information. The point of the site is to allow you to connect with new friends and friends of friends. And that’s always been a really important part of how Facebook has worked. It’s really important to help people share simply by default.”

With their friends, perhaps. But not with anonymous companies. In that case, you’d think most people would want to limit that “sharing” by default. But that would undermine Facebook’s business model, wouldn’t it?

Evidently, outrage over the company’s privacy missteps hasn’t been sufficient to effect that particular change. “We really think about the trust issues,” Zuckerberg explained. “A lot of people right now are upset with us about these changes, and I take that really seriously…and I don’t mean to diminish privacy concerns….but all these blogs are talking about Delete-Your-Facebook-Pages campaigns and we’ve seen no meaningful change to our usage stats.”

So how does Zuckerberg answer accusations that Facebook doesn’t care about privacy, that his company preys on people who have an expectation of privacy but don’t necessarily understand the implications of putting their personal information on Facebook?

“People perceive that we don’t care about privacy and that’s just not true,” he said. “People want to share information and there’s got to be a balance. They’ve got to have control over how they share their information and that’s where the world is going….We’ve learned time and time again that privacy is a sensitive thing. Now we feel like we have a privacy model that will scale as we add more users….And hopefully, we won’t be messing with it for a long time.”

In a letter to Google CEO Eric Schmidt, privacy commissioners from France, Germany, Canada, and the U.K., among other countries, slagged the search giant for failing to take adequate account of privacy considerations when rolling out new services.

“We are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications,” the commissioners wrote. “We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws….”

Mincing no words, they added, “It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world.”

While the first few lines of the statement largely repeat criticisms we’ve heard before, the last two really get at the crux of the entire debacle. If Google (GOOG) didn’t recognize the privacy flaws in Buzz before it released it to the public, it should have. And if it did recognize them and released the service anyway figuring it would address them later–well, that’s just plain reckless.

“Sorry we didn’t get everything right” doesn’t absolve the company from its misstep, though Google clearly seems to think it does, according to the statement it issued on the letter.

“We try very hard to be upfront about the data we collect, and how we use it, as well as to build meaningful controls into our products. Google Dashboard, the Ads Preferences Manager and our data liberation initiative are all good examples of such initiatives,” the company said.

“Of course we do not get everything 100 percent right–that is why we acted so quickly on Buzz following the user feedback we received. We have discussed all these issues publicly many times before and have nothing to add to today’s letter–instead we are focused on launching our new transparency tool which we are very excited about.”

[Image credit: Asaf Hanuka, Tropical Toxic]

“EPIC urges the Commission to investigate Google, determine the extent of the harm to consumer privacy and safety,” EPIC said in its complaint. “[And it asks that the Commission] require Google to provide Gmail users with opt-in consent to the Google Buzz service, require Google to give Gmail users meaningful control over personal information, require Google to provide notice to and request consent from Gmail users before making material changes to their privacy policy in the future, and seek appropriate injunctive and compensatory relief.”

Another embarrassing blow for Google (GOOG), which has spent the better part of a week being pilloried for its unfortunate misstep. Responding to EPIC’s complaint, Google again stressed its efforts to improve Buzz and, somewhat ironically, thanked the group for airing its concerns.

“We designed Buzz to make it easy for users to connect with other people and have conversations about the things that interest them,” the company said. “Buzz was launched only a week ago. We’ve already made a few changes based on user feedback, and we have more improvements in the works. We look forward to hearing more suggestions and will continue to improve the Buzz experience with user transparency and control top of mind. We also welcome dialogue with EPIC and appreciate hearing directly from them about their concerns. Our door is always open to organizations with suggestions about our products and services.”

Evidently, Buzz is a work in progress to which all are free to contribute–even if they do so in the form of an FTC complaint.

This morning, in a blog post titled “The Adventure Continues,” Twitter co-founder Biz Stone gave more of an explanation for the outage that the microblogging service endured due to a denial-of-service attack yesterday.

Fortunately, BoomTown can read between the lines in order to decipher the secret message herein!

Biz wrote: The Adventure Continues.

Translation: By “adventure,” I mean yet-another-friggin’-Twitter-birdie-crisis.

Considering all the fail whales, the stolen documents and now this, I would have to say we have now taken Time Warner (TWX) online unit AOL’s title as Internet company most likely to experience technical difficulties. Do not adjust your screens! Please stand by!

Biz wrote: In the past 24 hours, we’ve been contending with a variety of attacks that continue to change in nature and intensity. We’re working to restore access to apps built on the Twitter platform that were affected by defensive measures–there was some overcompensation on our part as we tune our system to deal with this scale of attack.

Translation: We’d like to blame this one on TechCrunch somehow, and are hard at work on another impolitic internal memo about how to do so that also manages to insult potential acquirers, such as Google (GOOG), Microsoft (MSFT), and our investors.

The reason we doused this crisis with extra amounts of weed killer is because no one will be able to accuse us of sitting by in our usual chill manner, which is exemplified by the official Twitter company motto: “Scoble dude, relax, it’s only 140 characters.”

Biz wrote: The ongoing, massively coordinated attacks on Twitter this week appear to have been geopolitical in motivation. However, we don’t feel it’s appropriate to engage in speculative discussion about these motivations. The open exchange of information can have a positive impact globally and our job is to keep Twitter services running reliably to the best of our ability.

Translation: And if blaming TechCrunch does not work, there is always Iran to point the finger at!

However, we don’t feel it’s appropriate to engage in speculative discussion of these motivations–mostly because it will just piss off the hackers more and they will crush our little technical operation like it is papier maché.

Which, let’s be honest, it is. Anybody got any spare Elmer’s Glue?

Biz wrote: As a reminder, no data or personal information of any kind has been compromised. Denial of Service attacks are a known quantity on the web and they are not going away any time soon. Nevertheless, we can and will improve system response to these assaults such that they don’t interfere with our normal, everyday Twittering.

Translation: No data or personal information of any kind have been compromised, except–of course–for Ashton Kuchter’s.

But, to be fair, that dude overshares like Perez and Paris Hilton combined and on steroids.

Not that we mind him tweeting pictures of his wife’s posterior, but he makes John Mayer seem shy.

Denial-of-service attacks are a known quantity on the Web, much the way our fail whale is.

Nevertheless, we can and will fail again, so there will be yet another spate of articles and blog posts about the indignity of life without Twittering to show just how indispensable we are.

The flaw was first demonstrated Thursday. “This is serious. The only thing you can do to prevent it is turn off your phone,” security researcher Charlie Miller said of it earlier this week. “Someone could pretty quickly take over every iPhone in the world with this.”

Well, not anymore, as Apple (AAPL) was quick to note. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” said an Apple spokesperson. “Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.”

The flaw was first demonstrated Thursday. “This is serious. The only thing you can do to prevent it is turn off your phone,” security researcher Charlie Miller said of it earlier this week. “Someone could pretty quickly take over every iPhone in the world with this.”

Well, not anymore, as Apple (AAPL) was quick to note. “This morning, less than 24 hours after a demonstration of this exploit, we’ve issued a free software update that eliminates the vulnerability from the iPhone,” said an Apple spokesperson. “Contrary to what’s been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit.”

This week I took a look at some options for people who want to get rid of old electronics, one way or another. The good news is that there are a handful of Web sites that make it easy to do this — and some of them may even pay you for your old products. The bad news is that you’ll likely receive only a fraction of what you originally paid, especially if you waited a while to get rid of it.

Some sites, like Gazelle.com and VenJuvo.com, offer cash for your items and/or will recycle products. Another site, TechForward.com, lets people pay a fee to “lock in” a value for how much the site promises to pay for the product in the future. MyBoneYard.com accepts only laptops, desktop PCs, cellphones and flat-panel monitors, and gives Visa (V) gift cards rather than cash.

I was surprised to receive significantly different value offers from Gazelle and VenJuvo when trying to sell the exact same products on each site. In one instance, VenJuvo offered me $30 more than Gazelle for a digital camera; another time, I got $15 more from Gazelle for an old Apple (AAPL) iPod. It’s worth the extra step to shop around at more than one of these sites before getting rid of something.

Both ask a few questions about the item, including its condition and whether or not it still has the accessories that originally came with it. Gazelle determines a product’s value using retail — think Amazon (AMZN) and eBay (EBAY) — and wholesale channels; VenJuvo uses similar criteria and also looks at competitors’ prices.

If you worry about someone stealing your digital data, you’ll likely not feel comfortable dropping something in the mail that’s chock full of personal information, especially if it no longer powers on to allow the owner to wipe this information.

Both Gazelle and VenJuvo accept at least some types of digital cameras, laptops, MP3 players, GPS devices, camcorders and gaming consoles. Gazelle also accepts cellphones. But they don’t take everything. Gazelle doesn’t take LCD TVs and VenJuvo doesn’t accept satellite radios and portable hard drives or any smartphones or cellphones other than the iPhone; neither accepts desktop PCs.

I took the closest look at newly released Gazelle, owned by Second Rotation Inc., and walked through the simple start-to-finish process of selling a gadget and receiving money from the site. After pulling up the site, people can find their product and its value by choosing from a list of nine categories or by typing some part of the product’s name into a search box.

I sold Gazelle a first-generation iPod Mini with four gigabytes of memory for which my boss paid $249 in 2004. I answered a few questions about the product: Yes, it still powered on; no, I didn’t have the original AC adapter, manuals or software installation CD, and it was in “excellent” condition, according to my assessment. Gazelle placed its value at $25.

At this step, I opted to add the iPod to my box and check out, but users can also add other items to a box, including electronics for recycling. Gazelle’s policy is that it pays 100% of shipping costs for any box shipped to the company, so long as there’s at least one item in the box worth $1. Eighty percent of transactions qualify for a free box; the rest can be sent with printed-out prepaid shipping labels, but you must find packaging.

Gazelle lets users receive payments via a mailed, paper check or using PayPal; money is received either way within five business days. People can also donate their money to one of 23 causes, including the American Red Cross and World Vision. I opted for PayPal, and the $25 amount was deposited shortly after Gazelle received the iPod.

I sent the old iPod to Gazelle in a brightly colored, empty box that arrives at a customer’s door a few days after he or she sells the device to Gazelle. I secured the old iPod in the box using balled up paper, and sealed it with packing tape. A prepaid shipping label was already stuck to it, and I needed only drop it off at UPS.

If Gazelle receives a product and decides that it isn’t worth what you said it was — either more or less — and you’d rather not sell, the company will ship the product back, free of charge. But while Gazelle’s site guarantees users that they’ll receive their money, and that personal data are safe with the company, no money-back guarantee is offered.

Gazelle hopes to calm nerves by posting detailed instructions on the site about how to wipe a device of all private information. But the company hasn’t yet done this, and numerous users will remain skeptical even with such instructions.

I also poked around on VenJuvo Inc.’s Web site of the same name, www.VenJuvo.com, which is derived from two Greek words meaning “support, assist and delight sellers,” according to the company. This site, too, buys products back from people, though it pays via check, PayPal or Kmart (SHLD) gift card. Users fill out similarly simple questionnaires on each product to help assess value. Unlike Gazelle’s style of mailing boxes to users, VenJuvo gives users only prepaid shipping labels to print out and stick on a box that the customer must supply.

One notable difference between the sites is Gazelle’s broader range of products. In the case of digital cameras, for example, Gazelle accepts 80 brands while VenJuvo takes only Canon (CAJ), Sony (SNE), Olympus and Kodak (EK). Unlike with Gazelle, if you send VenJuvo a product that isn’t worth what you said it was, the company won’t return the product free-of-charge; instead, it will charge you for shipping.

If users choose to receive a gift card, they get a 10% added value. While VenJuvo doesn’t let people donate a product’s value to a cause, it will add this feature next week and will include different causes (like Ronald McDonald House and Big Brothers Big Sisters) than those found on Gazelle.

Unlike Gazelle, VenJuvo will always take items for recycling and will pay for the shipping, regardless of whether you traded something in for a value.

A useful resource for general electronics recycling is the Consumer Electronics Association Web site, www.MyGreenElectronics.org, which locates nearby electronics-recycling centers according to ZIP Code. And almost every computer manufacturer has a recycling program in place; some will even recycle computers that aren’t their own brand.

One way or another, it’s time to clean out the old junk drawer. Just be sure to do some comparison shopping if you want money for your old products.

Edited by Walter S. Mossberg

Write to Katherine Boehret at mossbergsolution@wsj.com

You’d think that in this age of social networking and Internet stardom, ego surfing would be a near-compulsion among Web surfers. But according to the latest study from the Pew Internet & American Life Project, just 47% of Internet users have searched for themselves online (53% say they’ve searched for someone else).

Not as many as you’d expect, is it? Still, it is double the 22% that ego-surfed back in 2002. “Yes [the number's] doubled, but it’s still the case that there’s a big chunk of Internet users who have never done this simple act of plugging their name with search engines,” said Pew researcher Mary Madden. “Certainly awareness has increased, but I don’t know it’s necessarily kept pace with the amount of content we post about ourselves or what others post about us.”

Apparently not. The same study found that 61% of adults say they’re not worried about the personal information available about them online.

You’d think that in this age of social networking and Internet stardom, ego surfing would be a near-compulsion among Web surfers. But according to the latest study from the Pew Internet & American Life Project, just 47% of Internet users have searched for themselves online (53% say they’ve searched for someone else).

Not as many as you’d expect, is it? Still, it is double the 22% that ego-surfed back in 2002. “Yes [the number's] doubled, but it’s still the case that there’s a big chunk of Internet users who have never done this simple act of plugging their name with search engines,” said Pew researcher Mary Madden. “Certainly awareness has increased, but I don’t know it’s necessarily kept pace with the amount of content we post about ourselves or what others post about us.”

Apparently not. The same study found that 61% of adults say they’re not worried about the personal information available about them online.

Liberal advocacy group MoveOn.org launched a campaign yesterday against Facebook’s “Beacon” advertisements, which transform member transactions on third-party partner sites into product/service endorsements and insert them into their friends’ “news feeds.” Facebook members, or should I say “fansumers,” are automatically opted-in to the program, and while they are offered the chance to opt out, they can do so only on a case-by-case basis.

MoveOn considers that to be a glaring violation of privacy and has launched an online petition protesting it. “Facebook users across the nation are outraged that the books, movies and gifts they buy privately on other sites are being displayed without permission to lots of people–and Facebook needs to reverse this massive privacy breach,” MoveOn.org spokesman Adam Green said in a statement. “They should respect privacy by switching to an opt-in process like most other Facebook applications, not opt-out–which was solely designed to benefit corporate advertisers.”

Facebook, of course, says it’s not violating anyone’s privacy. “Information is shared with a small selection of a user’s trusted network of friends, not publicly on the Web or with all Facebook users,” the company said in a statement. “Users also are given multiple ways to choose not to share information from a participating site, both on that site and on Facebook.”

Of course they are. But as Forrester’s Charlene Li notes, they’re easily missed and don’t give users nearly enough control over their behavioral data. “The biggest problem is the lack of transparency,” Li explains. “Facebook is right in that I would really like to have some things that I do on third-party sites to conveniently appear in news feed, e.g. events I’m attending from Evite or eBay/craigslist listings so that my friends know about them. That’s the promise of Beacon. But I need to be in control and not get blindsided.”

• 72% of respondents divulged one or more email address
• 84% listed their full date of birth
• 87% provided details about their education or workplace
• 78% listed their current address or location
• 23% listed their current phone number
• 26% provided their instant-messaging screen name

Yikes. You’d think institutional privacy concerns would be enough to make folks think twice about expanding their Facebook networks with reckless gusto, wouldn’t you? Guess not.

“It certainly doesn’t bode well when you’re talking about privacy concerns,” Ron O’Brien, a senior security analyst at Sophos, told InformationWeek. “The information they’re offering up could be just as valuable as credit card information for someone trying to build a profile of you. People need to be more selective about whom they provide information to. … Collecting ‘friends’ is encouraged by social-networking and business-networking sites,” he added. “It’s a status thing to see how many friends or contacts you can rack up. … This was intended to demonstrate to the average user that they need to exercise a lot of caution. The Web is a doorway and it shouldn’t be constantly open.”