|
|
|
Harvesting Teenagers
By Larry Seltzer
2007-04-10
Article Views: 13333
Article Rating: / 14
| Rate This Article: |
|
| Add This Article To: |
|
|
Harvesting Teenagers - ' The Terms of Service ' (
Page 2 of 2 ) Here are a few highlights from the TOS which, so it says, was updated as of October 18, 2006:
- Tagged reserves the right to modify or amend this Agreement at any time, for any reason, or for no reason at all, at Taggeds sole discretion. —And theyll post the changes but wont otherwise notify you, and its your job to check the TOS page. Perhaps this is standard practice, even if it makes it impossible to follow the rules.
- During registration, users also complete survey questions that provide information that is helpful for us to understand the demographics and consumer behavior of our users, such as identifying the users eye color, style, personality type, favorite color, sport, food, activity or TV show, post-graduation plans or graduation year. —Eye color? This gets even creepier when you hear the rest of the rules.
- From time to time, Tagged may share the e-mail address and/or other personally identifiable information of any registered user with third parties for marketing purposes. You may opt-out from receiving marketing messages from our partners at any time by using the following link: http://g.trackbot.com/dne?l=705f227&e. In addition, Tagged may share a registered users e-mail address with third parties to target advertising and to improve user experience on Taggeds pages in general. —So they can share your eye color, your school, etc., with anyone they want, for marketing purposes. This is the heart of what Tagged is about of course, building a database with all this PII (personally indentifiable information). As far as I can tell, under this agreement they can sell your Gmail login credentials too. And who are the third parties to whom your PII may be sold? Spammers? Pornographers? That would be cool under this TOS.
- Users have the option, within their Internet browsers, to disable cookies and continue to access the Tagged website. —Not true. I tried. If you disable cookies it wont let you log in and says that you have to enable cookies.
- Pixel tags are tiny graphic files that are included in HTML-encoded e-mail messages. We use pixel tags to gather information about the e-mails we send to our registered users. When such a message is opened in an HTML-capable e-mail program, the recipients computer accesses our server to retrieve the pixel tag file and allows us to record and store the date and time, the recipients e-mail address and other standard logging information. The pixel tag also may read cookies. Tagged Web pages may also contain similar pixel tags that allow us to count users who have visited those pages to compile aggregated statistics about site usage and to deliver co-branded services as they become available. Tagged pixel tags collect only a limited set of information including a cookie number, time and date of a page view and a description of the page on which the pixel tag resides. Tagged Web pages may also contain pixel tags placed there by third-party ad servers, to monitor the effectiveness of their advertising. —Pretty good description of what I always called "Web bugs." But they dont just send them, as the TOS says, to their registered users. The invitation e-mail I received from my friend had this tag in it:
<img src="http://www.taggedmail.com/imgsrv.php?uid=12345678" /> Obviously a "pixel tag." The whole point of this, and the basic point of the cookies is to track you, and then to sell the information they collect.
Nothing in the TOS says that they will be harvesting addresses from your address book, nor what they are entitled to do with those addresses. Perhaps they consider these addresses as being provided for invitations to Tagged, but thats clearly not true.
 Recently identity thieves used a Quicktime vulnerability to attack users on Myspace. Click here to read more.
I also tested canceling my Tagged account and the process seemed to work, but you need time to really judge such things. For instance, even though I cancelled are they still selling my PII?
To answer this question and to give Tagged a chance to respond I decided to contact them but ran into problems. They have no contact link on their page, and the closest link they have to one, with company information, is to http://corp.tagged.com/, a dead link. Why am I not surprised?
I have seen the future of teenage exploitation, and its on social networking sites. Even the "legit" ones like MySpace creep me out some, and Im sure Tagged isnt the only one thats scams and abuses its users. When users are willing to provide their e-mail login to a Web site, you know we have a long way to go to make the Internet safe.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
More from Larry Seltzer
|
|
 |
| |
