It's time for your yearly physical. Walking into the doctor's office is like any other visit: the same corny elevator music, the same outdated magazines, and that stack of paperwork the receptionist always hands you to fill out. But there's something new in that paperwork. Your doctor is asking you to sign a new agreement. What it asks for surprises you.

Your doctor wants you to turn over the rights of what you may say about him or her online. Sound ridiculous? It's not and is the newest method medical professionals use to protect their reputations. One company is spearheading this effort, and has become the target of criticism for its practices.

Continue reading →

The World Wide Web Consortium (W3C) on Wednesday published its first two drafts for online privacy and tracking standards: the Tracking Preference Expression, which is a definition of the HTTP request header field "DNT" for expressing tracking on the Web; and Tracking Compliance and Scope, which defines the terminology of tracking preferences and scope in the DNT expression, and lays out ways that websites can comply with it.

These standards will let users set more universal preferences about whether or not their browsing data can be collected for tracking and advertising purposes. The W3C says this will help to re-establish trust between users and service providers in the marketplace.

Continue reading →

On September 27, Nik Cubrilovic posted a follow-up to his terrific analysis (which we posted two days ago) looking at how Facebook uses cookies to track users even when they have signed out of the service. That post's popularity got Facebook to respond to his questions about cookie tracking, something that it hadn't done despite more than a year of requests. We asked and he granted permission to repost this follow-up, but we're a day late because of the time difference between Australia and the United States. This version differs in two subtle ways from the original: Slight editing for house style and different headline.

I wrote a post two days ago about privacy issues with the Facebook logout procedure which could lead to your subsequent web requests to third-party sites that integrate Facebook widgets being identifiable and linked back to your real account. Over the course of the past 48 hours since that post was published we have researched the issue further and have been in constant contact with Facebook on working out solutions and clarifying behavior on the site.

Continue reading →

On September 25, Nik Cubrilovic posted a terrific analysis looking at how Facebook uses cookies to track users even when they have signed out of the service. His findings about Facebook cookie tracking raises yet more red flags about subscriber privacy. We asked and he granted permission to repost the analysis, which differs in two subtle ways from the original: Slight editing for house style and incorporation of two updates into the main text. We also changed the headline.

Dave Winer wrote a timely piece yesterday morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a user's intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.

Continue reading →