LINUX SECURITY --- April 03, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
__________________________________________________________________________
______
HIGHLIGHTS
* Who do you trust with your personal information?
* Editor's Note: In the coming weeks, the "FROM" field will be
changing to Linux_Security@itw.itworld.com. See full
explanation following the article.
__________________________________________________________________________
____
(Lack of) Privacy Statements
By Rick Johnson
Privacy tops everyone's list of concerns these days as customers and
partners increasingly worry about their information's security. Recent
lawsuits involving now defunct dotcom companies selling customer data
and DoubleClick's database cataloging browsing habits possibly being
hacked has increased the public's wariness at filling out online forms
seeking personal information. Even those companies that publicize your
personal data's safety may not be telling you the truth. Every
organization that interacts with the public must have a privacy policy,
and it's typically posted on the Internet; but have you ever looked at
these, so-called, privacy statements?
Do you use a Microsoft online product that uses the Passport service?
Then you are really in for a treat. The current Terms of Use and
Notices (http://www.passport.com/Consumer/TermsOfUse.asp) contains a
few truly frightening entries. They not only fail to guarantee
confidentially, but they actually give Microsoft and its business
partners ownership of your information to do pretty much whatever they
want with it. That includes all of your Hotmail traffic as well by the
way.
The following is an excerpt from the "LICENSE TO MICROSOFT" Section.
By posting messages, uploading files, inputting data, submitting any
feedback or suggestions, or engaging in any other form of communication
with or through the Passport Web Site, you warrant and represent that
you own or otherwise control the rights necessary to do so and you are
granting Microsoft and its affiliated companies permission to:
1. Use, modify, copy, distribute, transmit, publicly display,
publicly perform, reproduce, publish, sublicense, create
derivative works from, transfer, or sell any such communication;
2. Sublicense to third parties the unrestricted right to exercise
any of the foregoing rights granted with respect to the
communication;
3. Publish your name in connection with any such communication.
The foregoing grants shall include the right to exploit any proprietary
rights in such communication, including but not limited to rights under
copyright, trademark, service mark or patent laws under any relevant
jurisdiction. No compensation will be paid with respect to Microsoft's
use of the materials contained within such communication. Microsoft is
under no obligation to post or use any materials you may provide and
may remove such materials at any time in Microsoft's sole discretion.
After reading the above excerpt, you'd expect to be outraged right? In
this case, Microsoft is actually the good guy as they post these
statements for potential users to read before signing up for the
service. While I may not agree with their use of "personal"
communication, at least they are up front about it.
Most people, anxious for their free service, just blindly click through
those statements. Remember, you get what you pay for.
About the author(s)
-------------------
Rick Johnson is currently the Manager of Security Services for
FusionStorm, a remote managed services company. When not writing, he
heads the development team for PMFirewall, an Ipchains Firewall and
Masquerading Configuration Utility for Linux. Rick can be contacted via
email at rick@pointman.org or on the web at http://www.pointman.org.
__________________________________________________________________________
______
<<attachment: winmail.dat>>