Raymond has had a few blogs about privacy policies lately. It has motivated me to write a little bit about a bad experience I am currently having through no fault of my own, although unlike Raymond I don't feel comfortable naming the particular company. After reading how negative this entry is, you'll understand why! Just consider this a general warning for how bad some of the web sites are out there, and always think twice (actually, even thinking once would be good enough) before typing your name and address into a web form.
A few weeks ago, I received an email from a friend saying "Go to this web site and we'll both get free stuff."
"Yeah right," I say to myself, "TNSTAAFL."
So I cruise on over to the site anyway, just to see what kind of a scam they're trying to pull, and I go to the place that is supposed to tell me how my friend and I can get "fee stuff." Simple, the site says. It's a basic 3-step process:
It also claims "No hidden costs!" which is in direct violation of the TNSTAAFL theorem. Hmmm, let's dig a little deeper, shall we...
First of all, unlike your average web site, "signing up" involves giving them your full name, postal address, and date of birth. (Remember they already know my e-mail address because my oh-so-helpful friend gave it to them). And of course you can't lie about your postal address, firstly because that would be dishonest and be grounds for them terminating your account, but perhaps more importantly (at least from their perspective) that's where they'll ship the free stuff too, so it makes no sense to lie.
OK, let's assume I'm crazy enough to give them this information (obviously I'm not, for reasons we'll get to in a moment). Step two, "tell friends," is a gross mischaracterisation of what has to happen next. What step two really involves (per their helpful FAQ) is you convincing five other friends to sign up. You don't just have to enter five email addresses into the system - oh no - you actually have to get five warm bodies to go to the site and "sign up" themselves (see comments on step one, above). And of course, to be on the safe side, you're going to put in more than five addresses, just in case some of your friends (like me!) are too smart to sign up, aren't you?
Hello! Can you spell "Pyramid Scheme"?
Now let's assume for the moment that you only convince four people to sign up. Oh, sorry about that. No free stuff for you! But they do have your PII (personally identifiable information -- name and address) and that of four of your friends. And let's say that each of those friends got three people to sign up. That now makes 1 + 4 + 3 + 3 + 3 + 3 = 17 fresh names and addresses, for zero outlay on behalf of the web site. What a great business model! Maybe you should enter in some more names to increase your chances of getting people to sign up?
OK, so let's be optimistic and assume you got five "friends" (they won't be your friends much longer!!) to sign up. Let's move to step three, "get free stuff."
You're missing the crucial (and conveniently "forgotten"-to-be-mentioned) step 2.5 - "Buy something from our advertising partners." Yes, that's right! Not only do yo have to scam five of your friends, but you have to purchase something from this web site's "advertising partners" in order to qualify for the "free stuff." Free isn't looking so good any more, now is it?
OK, OK, we'll pretend that you actually like one of these offers and are willing to shell out the cash on it to get your "free stuff" -- what next? Well, sure, they'll ship you you're free stuff. BUT, it's only a voucher for the free stuff, it will take 6 to 8 weeks to get there, and it's only valid for one month. (One can only hope that the one-month time bomb starts ticking after that two-month delivery delay, but looking at the rest of the site I wouldn't put it past them...). Obviously I never got this far into the process, so who knows what other loopholes and dastardly schemes await you when you try to take advantage of one of their "special offers" -- I can only imagine the horror.
So far, so... good? Maybe, I guess, if you really wanted that free stuff, didn't care about giving away your PII and that of your friends, and were going to purchase something from the advertising partners anyway. By the way, did I mention that the "free stuff" has a retail value of less than ten dollars? That's right, it's not even very good free stuff! (And you know that if the retail value is less than ten dollars, then the cost of buying vouchers at a wholesale discount is likely to be considerably less than ten dollars).
We will rent or sell your PII (name, postal address, e-mail address, survey results, etc.) to any third party.
At least they don't mince their words! Gotta give them credit for being honest, I guess. They also have the usual stuff about tracking your progress around the site to provide targeted ads, but I am actually in favour of this -- if you're going to bombard me with ads anyway, at least make them ones I might be interested in.
Then they have a bit about how they are opposed to spam, how it is strictly against their policy, yada yada yada, and yet by their very own admission (above) they are willing and able to give your PII (at a profit!) to other people who have no use for it other than to, uh, send you unsolicited junk mail (that would be spam, duh!). Plus I've received at least three or four "reminders" from this site to sign up, even though I don't want to, and I count that as spam. I can't just block the mail as junk, because they are sneaky enough to send it from my friend's address (gotta love the built-in spoofability of SMTP -- imagine the flack we'd get if Microsoft ever invented such a horrible protocol!). I guess technically they could claim it's not spam since my friend "volunteered" the information (and thereby acted as a proxy for me), but it's still pretty shady.
In the end, it is user stupidity that lets this site succeed (yes, I'm calling my friend stupid in this regard. She knows :-) ). My friend simply got the invitation e-mail from one of her friends, clicked on the link, thought it was cool, filled in her name and address, and added the e-mail addresses of ten (not five, but ten!) of her friends to the site. Now she wishes she hadn't.
What this site gets is a list of people's names and addresses. It's a very valuable list, because not only does it contain your postal address (most spam lists on the internet -- e.g. those from newsgroup trawlers -- are limited to your e-mail address), but it is also highly targeted. Only those people interested in this particular type of free "stuff" would have signed up, so the list is pretty "clean" when it comes time to sell it to vendors of "stuff" who wish to spam you. It gets the list without breaking the law, because all users volunteer the information (including "leads" of new people to spam). It will rarely have to "pay out" to users, because nearly all of them won't meet the requirements. (Specifically, there will always be the "leaf nodes" at the edge of the pyramid who haven't signed up enough people yet, so at best (or worst) they only have to pay out 1 in 5 people, but it's likely to be a lot less frequent than that). To be fair (ha!), you can get "free stuff" without joining the pyramid scheme if you accept more offers from their "advertising partners", but that's not what they're advertising and it hardly qualifies as "free" in my book.
Even when the site does pay out, the value of the "stuff" is quite small. And the chances are that, just like mail-in rebates and other kinds of vouchers, most people never actually use them because either (i) they aren't in a situation to use the vouchers in the month before they expire, or (ii) they always forget the vouchers at times when they would be able to use them. I would bet that unclaimed vouchers cost the site nothing (except the original price of postage). Furthermore, the site probably gets advertising revenue and kickbacks from its partners, and gets to keep and market your PII in perpetuity.
Let's count the ways this site is bad:
We use awesome security measures to protect the loss, misuse and alteration of your PII.
Surely the missing "against" is a mere typo... or is it? (Cue spooky music, with thanks to Eric!)
A quick Googling of this company reveals that it is mentioned on a well-known "urban legends" web site and their e-mail practices have come under question from other people before.
We already have enough criminals, spammers, credit card phishers, 419-scammers, fraudsters, and other all-round "bad people" ruining the internet for everyone else -- don't voluntarily get yourself (and your friends) involved in web sites like this. Please, please, just take a second to think before you sign up for "free stuff" on the 'net.
...and I'm spent.