I do like how it's illegal to sell a person video rental history, but totally fine to sell information that shows everywhere they are at anytime of the day.
While I understand why these things tend to be opt-out by default, I'm surprised there was no email from Verizon updating users about these new settings with a link to opt-out if they wanted to.
I used to think that the telecom industry is a lot more regulated than social network companies like Facebook, but I guess that's not really true!
I received an email a while back from them basically saying they were going to start taking privileges with my data if I didn't go to a page and opt-out. I don't remember the text, but that was the gist.
[Edit]
Did some digging and the email subject was: Important Update Regarding Your Privacy
It has various sections on what will be used and how with a call to action at the bottom listing your options.
Opening text: Why am I getting this notice?
Your privacy is an important priority at Verizon Wireless. Our Privacy Policy (available at www.vzw.com/myprivacy) informs you about information we collect and how we use it. Today we want to tell you about some important updates relating to two new uses of information. Verizon Wireless will begin using the information described below for (1) certain business and marketing reports and (2) making mobile ads you see more relevant. If you do not want us to use this information for these purposes, you can let us know by using one of the options described in the "Your Choices" section of this notice. This supplements our Privacy Policy.
Your choices section:
If you do not want us to use your information for any of the purposes described above, please let us know at any time by:
I received the same kind of email from AT&T awhile ago. I immediately called them up, and asked to opt-out. After 30 minutes on the phone, the representative told me that the "feature" hasn't been rolled out yet, and I should call back a month later.
Guess what? I completely forgot about it. That was probably the intention all along....
Thanks for the reminder, though!
I had a similar experience with Clear (wireless) and the binding arbitration clause in their ToS. When I called to opt out (because one cannot do so online, of course :-/ ) I was transferred 6 times and in the end the drone finally gave up and just asked if putting a note in "my file" would be sufficient. At that point, I think we were equally frustrated with one another and I settled.
But I can easily imagine some lawyer-type dreamed up such a clause but failed to tell anyone else in the business about it.
I'm Canadian so obviously our privacy laws will be different but when I worked at a Telecomm we were told that in order to be compliant with the law we could only use customer data for what they has explicitly agreed to. Any changes to what we want we need to have them approve it again.
They are definitely more regulated than social network companies, fortunately though they've captured the regulator as predicted by economics so they get to seek rent instead of worrying about regulators.
The telecom industry has so effectively captured their regulator that when they are caught tapping phones without warrant they are exempted from lawsuits instead of prosecuted vigorously.
If you offered a non-compliant unlimited data/voice/voicemail plan for $20 a month you'd have people lined up around the block, no one would care your phone won't work with CALEA and no one would care that your address wasn't in the 911 database. You'd also be extremely profitable using off the shelf hardware like software radios, and non-compliant open source telephony software.
http://www.forbes.com/sites/andygreenberg/2012/04/03/these-a...
"Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target"
I'd be happy my phone wasn't compatible with CALEA, I might care about 911 (else I'd have another tool/app to serve me) and as long as I can communicate, I'm not to concerned about scary "open source" stuff.
Having multiple people report a claim is good. Also, capturing screenshots etc. of everything you find,since they have a tendency to change and disappear quickly :)
Unlikely. They know all about this already. I'd recommend contacting your member of congress. Also, it's the FCC, not the FTC, who regulates phone companies.
I'm familiar with the targeting technology that's being rolled out and the people/companies involved with the project. They've extensively briefed both FCC and FTC plus key members of congress, and have received a tacit blessing to proceed because of a double-blind hardware technology involved to limit the identification of individuals, and the measures taken so far to alert consumers.
Not to say that it's good or bad to do this. But a company like verizon isn't going to proceed without covering their ass from a regulatory perspective.
Just so everyone knows, AT&T does the same thing. You have 30 days from the date of your contract before they start passing it out, but I believe you can opt out of future transactions on the site. Try going to http://att.com/ecpnioptout (if you got a new contract with your iPhone 5, do it this week!)
Edit: I should say, AT&T does something similar. I do not know if it is the same thing, since their opt-out page makes it sound rather innocuous compared to the vague language used in the mailed letter. CPNI = Customer Proprietary Network Information
Further update, because I can no longer edit my post...
If you're trying to opt out and it isn't working for any reason, attempt it again during normal business hours (9-5, EST or PST) and see if it does work. As ridiculous as it seems, many functions cannot be performed outside of this window including registering my billing account. Try again tomorrow around midday and those mysterious "timeouts", "unknown errors", etc may magically disappear. If not, your provider should have a phone number you can call (oh, goody) to take care of the same thing.
AT&T's is much more invasive -- it is across all of their telecom platforms (DSL, TV, wireless, wifi, etc). They also will log location information for advertising: http://www.att.com/gen/privacy-policy?pid=2506
If they were to begin network sniffing, they could potentially build powerful user profiles that would be more valuable than Facebook's data (and truly "frictionless"). Your passive internet browsing would start influencing the commercials you see on TV.
Comprehending why the Twitter limit exists should let you comprehend why there's no point for App.net to follow it.
The service won't actually be used for "micro-blogging" unless users are constrained by some limit, but 144 is too damn small. Nobody would ever have picked it if they weren't forced to, and these days they aren't.
What infinitesimal fraction of modern Twitter users in App.net's target market do you imagine use the service via SMS? The limit a legacy of an irrelevant use case.
I'd probably have gone a bit higher than 256 myself (disregarding attachment to powers of two), but it's an improvement.
I've been using Tent (https://tent.io) which also adopted 256 characters, and I think it's actually quite generous for statuses. Maybe too much; the nature of microblogging changes when you don't have to be concise. I bet the sweet spot is probably somewhere in 160-200.
Sticking to 140 would be a good standard for a microblogging standard since it would allow you to syndicate out to Twitter and you could emulate the API and automatically have other apps support that character limit.
If you go beyond 140 it is then no longer a microblog post, but rather just an ordinary blog post.
> The service won't actually be used for "micro-blogging" unless users are constrained by some limit, but 144 is too damn small.
The funny thing is that in languages like Japanese and Chinese, where one "character" contains a lot more info than one Latin letter, Twitter is used in quite a different way.
I'm not sure how many Twitter users actually use SMS any more. I tried to use it to send in an update a few weeks ago and it took ~4 hours for the tweet to appear in my timeline. I'm in the UK so maybe they have better response times in other countries.
Well, yeah, but for the obvious reason - tweets are meant to be short and consumed in large numbers, but aren't generally meaty enough for a discussion, while some people are using Google+ as essentially a blogging platform. 140 (or 256) characters is rarely enough for an entire HN discussion, but that doesn't mean I don't enjoy reading dozens of tweets at a time to get a sense of what's going on.
Actually, many of those tweets have links, so in some sense Twitter competes with HN as a link aggregator, not with Google+ as a primary source.
Unrelated, but having had to log in, I'm now reminded of a VZW security issue:
Can someone explain the doubtless backward and sloppy thinking that would convince Verizon that they should forbid their users from including symbols in their passwords?
I don't think it even remotely adds to the discussion to pick some usability issue and harp on it. These kind of comments crop up for every story. Easy way to score points, not useful, buries better comments.
I think a good rule of thumb is that if you didn't need to read the article to make a comment, it's not a good comment.
You're way out of line flagging this, in my opinion. It's a security issue, and a big one at that. I also see no reason to believe that the user is attempting to "score points". Lastly, the comment is in fact quite useful.
I agree wholeheartedly with this. We're supposed to be the good guys--revealing security issues should be something that gets heavily rewarded with karma.
Be very wary of flagging. I believe (corrections welcome) it can result in an entire account being invisi-banned without notice to the user. Should be reserved for the most egregious offenses, with downvoting used for the rest.
That's exactly what the down-vote is meant for. If you think a comment is off-topic, down vote the post and perhaps add a comment as to why you think it deserves to be down-voted.
Flagging is expensive, in that it requires mod (human) attention. It should be reserved for spam and other egregious posts. Let the mods spend their valuable time on more important tasks.
I wasn't aware that flags required moderator attention. I assumed that once an article was flagged enough times, a mod would be alerted, but not that each flag would trigger an alert.
I would very much like to get moderators' attention or feedback on this. I don't think these kind of comments should be banned, but I think they would be curbed if there was a community guideline.
Good point. I don't know how the HN software is written but my guess is that when it's time to take action (X number of flags), it's something a looks at.
There could be a level of automation built into this where X number of high reputation members flag something, it could automatically be banned.
Either way, I think flagging is more fitting to abuse than off-topic. I agree with you that it would be great to get a mod to weigh in on this.
Do moderators actually go through all flagged items? If so, that would probably explain why I can't flag anymore. I assumed flagging was automated, so I basically used it as down-vote for articles.
I emailed info@yc about my lack of flagging ability a couple months back. They said nothing was wrong with my account. Now I feel bad that I wasted someone's time. :(
I should have been more clear that I was speculating that a flag ultimately required mod attention. I'm going based on personal experience with forums and software development.
Unfortunately, many of us don't have downvote rights yet. If this were the case, I definitely wouldn't flag unless community standards were flagrantly violated!
This is to prevent users from creating passwords they cannot remember. It could very well be true that having a streamlined password recovery system (weak to social engineering) is less secure than having easy-to-remember easy-to-guess passwords.
A related story: I was recently shopping around for a new ISP. One I considered was Verizon FiOS. In order to see the prices in my area, I had to enter my address.
Two weeks later, I got a letter in the mail. Written outside on the envelope was something like: "We noticed you were checking out our website! Here's a special offer just for you..."
It's not the same as what OP posted, but it certainly left me creeped out.
Heh, that's why I always fake address details when I'm checking out cable or DSL options. Of course they're going to use the personal information you enter for marketing purposes, that's why they ask for specifics like apartment number and your mobile number that they don't need to determine service availability.
It is possible to enter completely fake information, rather than someone else's address. (For example, aside from the burden on the post office, I think entering a street address for an apartment complex without an apartment number harms no one.)
Why are you so creeped out that they sent you a piece of advertising by mail after you gave them your address? It'd hardly be surprising these days if you received spam after giving away your e-mail address.
I get pounds of mail every year advertising U-Verse when AT&T doesn't offer U-Verse at my address. The mail has been coming for years now. Big thick envelopes full of brochures, little letter-sized envelopes, oversized postcards. At least Verizon is advertising a service you can actually buy.
When I was last shopping for DSL internet service in the UK, every provider would require you to enter your phone number to see what speeds they could provision you with.
Most had a small box to uncheck to avoid a marketing follow up phone call.
But at least one company didn't have a box--they just had a message saying that if you entered your phone number to check for service, they would call you at some unspecified later date. There was no way to opt out.
These are the steps to opt out of Verizon “selling your personal data”, as far as I can tell:
Visit http://www.vzw.com/myprivacy. If you are not already signed in to My Verizon, you will be prompted to sign in – after doing so, return to that myprivacy page.
You should now be at “Location Management” > “Location Privacy Settings”. I’m guessing that this is where you actually opt-out. I’m not sure because there’s nothing for me to do here – I see “There are no services available. A location service must be downloaded on the handset to be listed here.”.
No, I had several options on the page linked by OP. When I went to the locationmanagement.vzw.com page, it says, "There are no services available. A location service must be downloaded on the handset to be listed here."
"Verizon" and "Verizon Wireless" are separate companies. It looks like this refers to Verizon Wireless: e.g., if you have Verizon service for phone, FIOS, or whatever, you are unaffected.
Well, they're probably still selling your personal data, but not in this specific instance.
Will using https prevent them from doing this? I imagine it would stop data gathering and referrer gathering but the source URL request they would still be able to see?
A VPN would be the only option to keeping them completely blind? I can set up a VPN on an Amazon micro instance for free. The amount of data used should be nothing or mere pennies per month to Amazon.
The only trouble is keeping a VPN up. I find on an iPhone at least that while once working, it works reliably, but keeping it working is unreliable. It seems when you transition from one network to another, one wifi to another, one cell tower to smother, or from wifi to cell and vice versa, the connection can often drop.
I wish there was a setting like "auto connect VPN when any data request is made".
I've tried VPN's from Amazon of my own creation as well as the VPN included with my GigaNews account.
I'm sure running the VPN on your mobile is great for battery life.
I am already looking forward to the upcoming VPN witch hunt. When US provider are really going through with the six strikes "warning" system [1], VPNs will become more and more mainstream. It is going to be interesting which kind of CP/Terrorism yadayada they are going to pull this time.
As a VPN user for closed to ten years nw (yes, I am that paranoid/live in a tough-on-downloads region) I can honestly say, that its benefits outweigh the negatives by far. But it takes some time to find a stable VPN service, that fits to your expectations.
Correct me if I'm wrong, but I've always had the understanding that VPN providers would give you up to the feds in an instant if they came knocking on their door with a court order for suspected criminal activity.
I'm in the process of looking for a solid VPN provider myself, and this is the impression I'm getting after reading the terms & conditions for services like Private Internet Access and VyprVPN.
I think eventually the answer is to move away from centralized and for-profit providers and network architecture, both for the hardware side of the network and the software side.
Maybe opting out is not how to stop this abhorrent practice of selling personal information. There is much more at stake than sites just selling email address lists. There is much more detailed information involved.
Perhaps what would work better is flooding these marketers with false information. This is what hampers email lists. Most the addresses do not work.
As it stands the few (or many) people who fail to "opt-out" (or fail to use proxies) may make this sort of personal information sales market worthwhile because the information gathered is detailed and reasonably accurate. It's not just a list of disposable email addresses. It's higher quality.
Does anyone know if this applies to iPad-only customers? That's my only Verizon account, but the opt-out link requires a phone number to log in. (Ditto for the "forgot user id" form.)
I retrieved my iPad phone number as per the other comment and logged into the website. Their site says my info is being shared and when I try to switch this it says the settings can not be saved. Calling the 800 number says I am already opted out.
I tried speaking with a CS agent who had no idea what privacy settings I was talking about and then said it does not apply to pre-pay customers. I think she was just trying to get me off the line.
So I'm not sure if this applies to iPad customers or if it is possible to opt out.
I called Verizon and they said this is a phishing scam... Has anyone else independently verified the original claim with Verizon, other than through their website/privacy TOS?
Wow. They claim that a page on the verizonwireless.com/vzw.com domain with a class 3 SSL certificate is a "phishing scam". This is probably some form of scummy damage control - convincing uninformed customers that it had nothing to do with them.
130 comments
[ 2.6 ms ] story [ 41.3 ms ] thread"...we need your permission to share this information among our affiliates, agents and parent companies (including Vodafone) and their subsidiaries."
While I understand why these things tend to be opt-out by default, I'm surprised there was no email from Verizon updating users about these new settings with a link to opt-out if they wanted to.
I used to think that the telecom industry is a lot more regulated than social network companies like Facebook, but I guess that's not really true!
[Edit] Did some digging and the email subject was: Important Update Regarding Your Privacy
It has various sections on what will be used and how with a call to action at the bottom listing your options.
Opening text: Why am I getting this notice?
Your privacy is an important priority at Verizon Wireless. Our Privacy Policy (available at www.vzw.com/myprivacy) informs you about information we collect and how we use it. Today we want to tell you about some important updates relating to two new uses of information. Verizon Wireless will begin using the information described below for (1) certain business and marketing reports and (2) making mobile ads you see more relevant. If you do not want us to use this information for these purposes, you can let us know by using one of the options described in the "Your Choices" section of this notice. This supplements our Privacy Policy.
Your choices section:
If you do not want us to use your information for any of the purposes described above, please let us know at any time by:
• Visiting www.vzw.com/myprivacy
Or
• Calling 1-866-211-0874
Does this mean they'll start replacing website ads with their own ads, like some wifi programs do?
Does Verizon software on phones have advertisements? Maybe they are going to start doing that.
But I can easily imagine some lawyer-type dreamed up such a clause but failed to tell anyone else in the business about it.
The telecom industry has so effectively captured their regulator that when they are caught tapping phones without warrant they are exempted from lawsuits instead of prosecuted vigorously.
If you offered a non-compliant unlimited data/voice/voicemail plan for $20 a month you'd have people lined up around the block, no one would care your phone won't work with CALEA and no one would care that your address wasn't in the 911 database. You'd also be extremely profitable using off the shelf hardware like software radios, and non-compliant open source telephony software.
http://www.forbes.com/sites/andygreenberg/2012/04/03/these-a... "Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target"
The process might take a while, but they eventually get results. They rely on the public to report incidents:
http://www.ftc.gov/multimedia/video/scam-watch/file-a-compla...
Having multiple people report a claim is good. Also, capturing screenshots etc. of everything you find,since they have a tendency to change and disappear quickly :)
I'm familiar with the targeting technology that's being rolled out and the people/companies involved with the project. They've extensively briefed both FCC and FTC plus key members of congress, and have received a tacit blessing to proceed because of a double-blind hardware technology involved to limit the identification of individuals, and the measures taken so far to alert consumers.
Not to say that it's good or bad to do this. But a company like verizon isn't going to proceed without covering their ass from a regulatory perspective.
FTFY
Edit: I should say, AT&T does something similar. I do not know if it is the same thing, since their opt-out page makes it sound rather innocuous compared to the vague language used in the mailed letter. CPNI = Customer Proprietary Network Information
If you're trying to opt out and it isn't working for any reason, attempt it again during normal business hours (9-5, EST or PST) and see if it does work. As ridiculous as it seems, many functions cannot be performed outside of this window including registering my billing account. Try again tomorrow around midday and those mysterious "timeouts", "unknown errors", etc may magically disappear. If not, your provider should have a phone number you can call (oh, goody) to take care of the same thing.
You can find more information from their AdWorks division: http://adworks.att.com/press.html
If they were to begin network sniffing, they could potentially build powerful user profiles that would be more valuable than Facebook's data (and truly "frictionless"). Your passive internet browsing would start influencing the commercials you see on TV.
http://www.wired.com/threatlevel/2011/09/cellular-customer-d...
App.net doesn't have a limit on message length?
The service won't actually be used for "micro-blogging" unless users are constrained by some limit, but 144 is too damn small. Nobody would ever have picked it if they weren't forced to, and these days they aren't.
What infinitesimal fraction of modern Twitter users in App.net's target market do you imagine use the service via SMS? The limit a legacy of an irrelevant use case.
I'd probably have gone a bit higher than 256 myself (disregarding attachment to powers of two), but it's an improvement.
If you go beyond 140 it is then no longer a microblog post, but rather just an ordinary blog post.
The funny thing is that in languages like Japanese and Chinese, where one "character" contains a lot more info than one Latin letter, Twitter is used in quite a different way.
Actually, many of those tweets have links, so in some sense Twitter competes with HN as a link aggregator, not with Google+ as a primary source.
Can someone explain the doubtless backward and sloppy thinking that would convince Verizon that they should forbid their users from including symbols in their passwords?
I don't think it even remotely adds to the discussion to pick some usability issue and harp on it. These kind of comments crop up for every story. Easy way to score points, not useful, buries better comments.
I think a good rule of thumb is that if you didn't need to read the article to make a comment, it's not a good comment.
A: Mazal tov. I enjoy the magical thinking that makes your meta comment more valuable than my meta comment.
B: This isn't a usability issue. This is a security issue.
http://en.wikipedia.org/wiki/Password_strength
C: It's not an "article." It's a tweet. So we don't have a lot of deep meaty content to work with here. Are you a bot? Did you read it?
Flagging is expensive, in that it requires mod (human) attention. It should be reserved for spam and other egregious posts. Let the mods spend their valuable time on more important tasks.
I would very much like to get moderators' attention or feedback on this. I don't think these kind of comments should be banned, but I think they would be curbed if there was a community guideline.
There could be a level of automation built into this where X number of high reputation members flag something, it could automatically be banned.
Either way, I think flagging is more fitting to abuse than off-topic. I agree with you that it would be great to get a mod to weigh in on this.
I emailed info@yc about my lack of flagging ability a couple months back. They said nothing was wrong with my account. Now I feel bad that I wasted someone's time. :(
Two weeks later, I got a letter in the mail. Written outside on the envelope was something like: "We noticed you were checking out our website! Here's a special offer just for you..."
It's not the same as what OP posted, but it certainly left me creeped out.
Actually, it's quite difficult to fail to send someone a letter. The post office does try pretty hard to deliver mail.
How is this isolated example of snail-mail marketing at all creepy? As long as it's Verizon and not a third party, it isn't strange at all.
Something can be really common and still really creepy.
I'll generally enter another address in the neighborhood.
Don't count on it. I'm constantly pestered by Verizon to buy their FiOS service, and FiOS isn't available in my apartment complex.
Most had a small box to uncheck to avoid a marketing follow up phone call.
But at least one company didn't have a box--they just had a message saying that if you entered your phone number to check for service, they would call you at some unspecified later date. There was no way to opt out.
Needless to say, I didn't buy their DSL.
For each section, select the option you want, then in console run chgCPNI(); or chgReports(); or chgAds(); depending on which section you changed.
Visit http://www.vzw.com/myprivacy. If you are not already signed in to My Verizon, you will be prompted to sign in – after doing so, return to that myprivacy page.
Click the link “Manage Location Privacy settings” near the bottom, which points to https://locationmanagement.vzw.com/
You should now be at “Location Management” > “Location Privacy Settings”. I’m guessing that this is where you actually opt-out. I’m not sure because there’s nothing for me to do here – I see “There are no services available. A location service must be downloaded on the handset to be listed here.”.
(Dunno who would sign up for a paid Verizon mapping service, though...)
Well, they're probably still selling your personal data, but not in this specific instance.
A VPN would be the only option to keeping them completely blind? I can set up a VPN on an Amazon micro instance for free. The amount of data used should be nothing or mere pennies per month to Amazon.
The only trouble is keeping a VPN up. I find on an iPhone at least that while once working, it works reliably, but keeping it working is unreliable. It seems when you transition from one network to another, one wifi to another, one cell tower to smother, or from wifi to cell and vice versa, the connection can often drop.
I wish there was a setting like "auto connect VPN when any data request is made".
I've tried VPN's from Amazon of my own creation as well as the VPN included with my GigaNews account.
I'm sure running the VPN on your mobile is great for battery life.
As a VPN user for closed to ten years nw (yes, I am that paranoid/live in a tough-on-downloads region) I can honestly say, that its benefits outweigh the negatives by far. But it takes some time to find a stable VPN service, that fits to your expectations.
[1] http://arstechnica.com/tech-policy/2012/09/six-strikes-inter...
I'm in the process of looking for a solid VPN provider myself, and this is the impression I'm getting after reading the terms & conditions for services like Private Internet Access and VyprVPN.
http://www.reddit.com/r/darknetplan
Make the internet more like the telephone network, not the TV network. People do not like to be hounded by telemarketers day and night.
With TV, it's a lost cause.
Perhaps what would work better is flooding these marketers with false information. This is what hampers email lists. Most the addresses do not work.
As it stands the few (or many) people who fail to "opt-out" (or fail to use proxies) may make this sort of personal information sales market worthwhile because the information gathered is detailed and reasonably accurate. It's not just a list of disposable email addresses. It's higher quality.
I just switched to Verizon from another carrier and didn't know about this. I much appreciated the post.
I tried speaking with a CS agent who had no idea what privacy settings I was talking about and then said it does not apply to pre-pay customers. I think she was just trying to get me off the line.
So I'm not sure if this applies to iPad customers or if it is possible to opt out.