Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …DataSecurity_Illustration
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

… and all those things I thought were gone forever were searchable again.

… when I thought it was good to be anonymous online.

… and trolls were mostly harmless and couldn’t hurt you.

… but there were always exceptions.

… a mailbox with zero spam in it.
… when I could still pretend I had control over my personal data.
We give up a lot of privacy just existing in the modern world. Companies track us and keep data about us. In many cases this is good. I recently had to return something to Home Depot and they could get a copy of the receipt simply by running my credit card through their system. Easy, peasy. Got my money back for that last box of floor tiles we didn’t open.
But it also means that companies can be the weak link and expose us to risk we don’t want or ask for. If there’s anything recent breaches have taught me it’s that my data is at risk no matter what I do. There’s a limit to what I can control and full control means not being able to participate in (almost any) online space.
And even if I am careful, other people use my info and my email addresses to sign up for stuff. One company in the UK is selling my email address associated with the profile “Mrs. Christine Stelfox.” Another UK company is selling a different email address with a different profile. Laura Ashley UK thinks I’m a stay at home mother of 3 in South London. And those are the easy to say “this data is bad and wrong” because they’re the wrong country and the wrong currency.
Brewster.com started spamming me, telling me that they had multiple email addresses and multiple phone numbers associated with me. I didn’t give them that data, someone else did. But now they think they own it and their privacy policy doesn’t cover my data, it only covers the data of the people who handed it over to them.
In terms of privacy, unless you want to stay offline completely, there isn’t much you can do to protect yourself. And even then, there’s nothing to stop companies from collecting data about you and selling that data on. The Target breach tells us even if you don’t do anything online, your PII can be leaked into online spaces. The US government breach tells us that doing things like participating in someone’s security clearance process can leak your data online. Health care breaches tell us we can’t trust our doctors and hospitals to keep our data safe.
All of this tells me that online privacy is difficult, if not impossible, these days. We’ve gotten used to having companies know about us and our habits and expect a high level of personalization. That personalization requires companies keep detailed records of our behavior.
I don’t think we really can give permission for this level of tracking. But I can’t see trusting companies to maintain our data in a safe and secure manner. I hate being tracked and I know that not being tracked means I give up a level of service. These days, though, you can’t even opt out of being tracked. You’re tracked even if you opt out. You just don’t get any of the benefits of being tracked.
Privacy is complicated and we don’t really have a handle on it. The internet is too new, even if people like me do have email addresses that are old enough to drink.

Related Posts

August 2015: The month in review

It’s been a busy blogging month and we’ve all written about challenges and best practices. I found myself advocating that any company that does email marketing really must have a well-defined delivery strategy. Email is such vital part of how most companies communicate with customers and potential customers, and the delivery landscape continues to increase in complexity (see my post on pattern matching for a more abstract look at how people tend to think about filters and getting to the inbox). Successful email marketers are proactive about delivery strategy and are able to respond quickly as issues arise. Stay tuned for more from us on this topic.
I also wrote up some deliverability advice for the DNC, which I think is valuable for anyone looking at how to maintain engagement with a list over time.  It’s also worth thinking about in the context of how to re-engage a list that may have been stagnant for a while. A comment on that post inspired a followup discussion about how delivery decisions get made, and whether an individual person in the process could impact something like an election through these delivery decisions. What do you think?
As we frequently point out, “best practices” in delivery evolve over time, and all too often, companies set up mail programs and never go back to check that things continue to run properly. We talked about how to check your tech, as well as what to monitor during and after a send. Josh wrote about utilizing all of your data across multiple mail streams, which is critical for understanding how you’re engaging with your recipients, as well as the importance of continuous testing to see what content and presentation strategies work best for those recipients.
Speaking of recipients, we wrote a bit about online identity and the implications of unverified email addresses in regards to the Ashley Madison hack and cautioned about false data and what might result from the release of that data.
Steve’s in-depth technical series for August was a two-part look at TXT records — what they are and how to use them — and he explains that the ways people use these, properly and improperly, can have a real impact on your sends.
In spam news, the self-proclaimed Spam King Sanford Wallace is still spamming, despite numerous judgments against him and his most recent guilty plea this month. For anyone else still confused about spam, the FTC answered some questions on the topic. It’s a good intro or refresher to share with colleagues. We also wrote about the impact of botnets on the inbox (TL;DR version: not much. The bulk of the problem for end users continues to be people making poor marketing decisions.) In other fraud news, we wrote about a significant spearphishing case and how DMARC may or may not help companies protect themselves.

Read More

Organizational security and doxxing

The security risks of organizational doxxing. 
These are risks every email marketer needs to understand. As collectors of data they are a major target for hackers and other bad people. Even worse, many marketers don’t collect valid data and risk implicating the wrong people if their data is ever stolen. I have repeatedly talked about incidents where people get mail not intended for them. I’ve talked about this before, in a number of posts talking about misdirected email. Consumerist, as well, has documented many incidents of companies mailing the wrong person with PII. Many of these stories end with the company not allowing the recipient to remove the address on the account because the user can’t prove they own the account.
I generally focus on the benefits to the company to verify addresses. There are definite deliverability advantages to making sure email address belongs to the account owner. But there’s also the PR benefits of not revealing PII attached to the wrong email address. With Ashley Madison nearly every article mentioned that the email address was never confirmed. But how many other companies don’t verify email addresses and risk losing personally damaging data belonging to non customers.
Data verification is so important. So very, very important. We’ve gone beyond the point where any big sender should just believe that the addresses users give them are accurate. They need to do it for their own business reasons and they need to do it to prevent incorrect PII from being leaked and shared.

Read More

Misdirected email


While this does seem to be more common with gmail addresses, it’s not solely limited to gmail. I’ve written about this frequently.

Read More