Charter To Begin Tracking Users' Searches And Inserting Targeted Ads [Privacy]

Charter Communications is sending letters to its customers informing them of an "enhanced online experience" that involves Charter monitoring its users' searches and the websites they visit, and inserting targeted third-party ads based on their web activity. Charter, which serves nearly six million customers, is requiring users who want to keep their activity private to submit their personal information to Charter via an unencrypted form and download a privacy cookie that must be downloaded again each time a user clears his web cache or uses a different browser.

Reader Matt copied us on a letter he sent to Charter's VP of Customer Operations and CEO:

Dear Mr. Stackhouse,

I am a high speed internet subscriber in the Fort Worth, TX area. For the last year or so I have had Charter’s 10 Megabit service and I am a satisfied customer. I am writing, however, because I am concerned by your recent letter discussing the “enhancement” that will be coming soon to my Charter web browsing experience (targeted, in-line advertisement manipulation). I appreciate Charter’s respect for my privacy, but the method that Charter has provided to opt-out of this tracking scheme is insecure and woefully inadequate.

The method that you provide to opt-out is as follows. First, a customer must visit www.charter.com/onlineprivacy. Once at the site, the customer must enter his or her complete name and address. Upon submission of this personal information, the customer must accept a cookie from Charter that indicates his or her opt-out status. While this process sounds simple on face, further consideration reveals that this opt-out method is fraught with privacy concerns and places the burden on your paying customer, rather than Charter.

The most pressing privacy issue with this opt-out method is that the opt-out form presented at the aforementioned URL is not encrypted. As I’m sure you realize, this means that a user submitting his or her address to Charter is doing so in the clear, leaving this personal information open to eavesdropping. It is not difficult to create an SSL-encrypted web form. It is troubling that Charter has not done so in this case.

The fact that this opt-out system relies on a cookie to keep users opted out is also a privacy issue. By telling customers who visit the opt-out page that, “if you delete your cookies or cache files… you will have to opt-out again,” you are encouraging users to keep those files that good privacy practices dictate should be frequently purged. Ironically, the best reason to purge one’s cookies often is to prevent internet marketers from tracking one’s behavior online.

In addition to the critical privacy concerns, the steps required to avoid being tracked by this new advertising system place the burden on your customers, rather than on Charter where it belongs. A customer should be able to opt-out of this advertising tracking system in a manner that will rarely, if ever, require the customer to opt-out again. Instead, because the system uses cookies, a customer must insecurely opt-out of being tracked on each PC in his or her home. Further compounding the work that the customer has to do, if the he or she deletes cookies in accordance with safe browsing techniques, it will be necessary to insecurely opt-out on each and every PC again.

I suggest that rather than force your customers through unending iterations of opting out of this advertising system, you should allow customers like me to opt-out at the cable modem level via a secure, encrypted form on your website. I’m glad to hear that Charter has an appreciation for my privacy, but please change your opt-out process to demonstrate that you also have an appreciation for my time and security online.

Matt's letter focuses on the flawed opt-out clause, but the program itself, an implementation of " deep packet inspection ," is more worrying to us. Deep packet inspection allows an ISP to monitor not only its users searches and visited websites, but also the type of activity (e.g., email or peer-to-peer), which could be used for traffic shaping and threatens net neutrality.

WaMu Presents Random $1500 Check On Someone Else's Account, Then Calls It Fraud [Banking]

Bill's small business account was hit with a $1500 check written by an unrelated third party to another third party—both completely unconnected with his account. He was also penalized with an insufficient funds fee, although the money was debited from his account. Now WaMu's saying they have to investigate for fraud before they can return Bill's fees.

I received a returned check notice from Washington Mutual last week. Not unusual for a small business — until I opened it.

The check in question was a $1,500 private party check written to another private party. The check wasn't written by, or issued to, my business.

Simple mistake? I visited the WaMu branch across the street from my office and got the stunning response from the branch manager that they'd have to do a fraud investigation. I raised hell again today, and the money, plus a $7 returned check fee, still hasn't been returned to my account.

I'm considering going to go to small claims court — or swear out a theft complaint against WaMu — to get my money back. The only fraud is that WaMu or KeyBank (the check in question was written on a KeyBank account) screwed up and they're taking it out of my hide. I'm the innocent bystander.

Maybe WaMu is trying to cover its losses by randomly reassigning bounced checks to accounts that have money in them and hope no one notices.

Why can't WaMu assume the $1500 loss while they investigate what was probably a clerical error, instead of forcing the problem onto their customer? Maybe WaMu should amend their new ad slogan to "We've got your back... unless we're covering our own asses."

Blu-ray players just aren't selling that ... [Entertainment]

Subscribe with an RSS reader Older News Archive Add news to your web site