Privacy concern - Scan orders being reported to 3rd parties.

[danmac]

Michael's post reminds me of something that happened a few years ago now ...

I was shopping at tesco.com as I am a lazy geek and hate shopping. Anyway the stuff got delivered no problem, but a few days later I spotted an additional transaction, very similar to my real Tesco transaction (same branch, same day, different price IIRC) but definately nothing I ordered.

I queried this with Tesco (thinking it was an administrative error) and long story short, there was an employee at that particular branch putting his shopping through on card numbers used by tesco.com customers.

In their defence, Tesco were great about it, whereas the po-lice were neither use nor ornament, at least in their dealings with me.

I didn't really start this reply with the intention of making a point, but let's just say that a decent firewall, everything patched up, blah blah, none of it stopped me from getting screwed by Teh Int0r-W3b And I consider myself security concious up to the point where any receipts with full CC details get thrown in an ashtray and burnt, if that gives you any indication ... and no I don't have a clubcard ... although I still use tesco.com as I am still a lazy geek and shopping still sucks

[Steve B]

shopping sucks ass indeed, why bother wandering around in some baltic warehouse full of smelly old people when u can be sitting in ur office chair leaning back with a cold one?

[Chris P]

Dan

You'll have to start growing your spuds in your back garden. Lets just hope the Aliens don’t get em

EDIT: Make sure your wearing your Foil helmet whilst your planting away to conceal your location and deepest of secret thoughts from the enemy

http://people.csail.mit.edu/rahimi/helmet/

( Just a bit of light humour for a Friday afternoon)

[Paranoid2000]

Dan,

Let me be the first to say ... welcome to the forums.

This is incorrect, or at least misleading depending on how you look at it. Internet Explorer 6 can block these cookies very easily, as I'm sure most other browsers can. This has been a standard part of IE for quite some time now.

If you can point out an inaccuracy in my statement please do so. I stated "third party" (excluding browser controls) since most people would rely on external software (filters or firewalls) for cookie control. Yes IE can do it by Security Zone settings, but these are far less convenient to use (even without considering P3P settings). Anyone using a third party filter can easily verify whether https: traffic bypasses it by clicking here and seeing if a bizrate cookie gets set in their browser.

If you mean you want to block these cookies by inspecting the packets *after* they leave your browser, as I've just illustrated that is not necessary. Even if you wanted to, it is quite easy using a multitude of varying techniques. (IP / DNS blacklist, SSL proxy, etc)

That is how all firewalls offering "privacy" features work and also filters like JunkBuster, WebWasher, etc. Other methods can be used as you say, but they do have their downsides (SSL proxies will trigger browser certificate warnings, IP/domain blacklists affect all traffic to addresses listed).

All I can say to this is ...

let's stick to hard facts shall we?

Well, it would be quite straightforward to provide Javascript that instead scraped name and address details from Scan's confirmation page - or changed the prices so that they were all listed as £0.00 (whether that would actually affect Scan's record of the order and the subsequent credit card charge would be another matter).

If you instead consider there to be no possibility of this third party script being altered maliciously, well similar things have happened before. This doesn't directly bear on the data transfer issue, but any website that pulls in code from elsewhere has an increased risk of being compromised. When the code in question is being used by 20 or more merchants on pages that list names/addresses/credit card details, it becomes a very attractive target to a knowledgable attacker.

This is assuming a retailer sends your address details. We don't. We don't even suggest which country you are in, although this can be sometimes ascertained by your IP using the GeoIP database. If someone allows Bizrate or whoever to get hold of your personal details, that's something you need to take up with Bizrate and the retailer which sent the information in the first place.

Ah, but how is a purchaser to know if their online store is sending their name or address? How, for that matter, is Scan to know whether one of Bizrate's other clients is passing on such data? The answer is that Scan can't know, but should not be co-opting its customers (without their knowledge or consent) into another companies' privacy policy, especially when that policy includes the intent to collect personal data. A prominent mention in Scan's own privacy policy (nudge, nudge, wink, wink) or (better) an opt-in/out on the final confirmation screen so that customers can then exercise choice would be a sensible measure.

You certainly don't get spammed etc, and we certainly don't do anything underhand like selling your details to third parties which is not uncommon these days. In addition Scan doesn't get ripped off on marketing, so we can offer lower prices, so everyone's a winner.

If the reason here is not to get "ripped off", then why use this method at all? As discussed above, Scan has other ways to see if people have used a search engine result or not and Scan sets its own cookies to be able to track visitors through its system. So if Mr X picks up widgets A,B and C following a search engine result for item D, Scan already has the ability to determine this. Why then is there a need to send order details to a third party - especially one that doesn't seem to deal with the majority of shopping search engines used in the UK?

Anyway to summarise:

Just to balance that - here is my summary:

• Scan is sending order details (specifically order number, item quantities, costs and total cost) to 2 third parties.
• Those third parties tag users (via a cookie) allowing them to correlate this information with any data collected previously (or any collected in future) from Scan or other data suppliers.
• Those third parties specifically state that they collect and process personal data.
• The exact method used to send data cannot be blocked by most privacy software.
• Customers are not informed of this in advance, so by definition cannot have given their consent.

I am sure this thread will continue, but I am confident Scan have already gone above and beyond the call of duty explaining this situation in a public forum. In addition to this, we are currently reviewing the situation with regards to sales reporting on a management level, but obviously not from a user privacy perspective, as we have illustrated, we've already got that covered. (and will ensure it remains that way)

If this means that Scan will not reconsider this policy, then there is little point in further discussion. The important factor is that this practice has been disclosed and customers who have the chance to review this thread now have the options (a) of preventing this data transfer and (b) of considering other vendors with stronger privacy policies.

Out of interest, Paranoid2000, what preventative measures do you take to ensure that you are not followed home from your local Spar shop (Where other shoppers not only see what you bought, but also see your face and hear your voice!), at which point they might see an oppertunity to 'brute force' their way into your front door, steal all your ID, your belongings, and then drive off in your car?

The simple answer is - I avoid Spar!

The serious answer (to what I suspect is a not-completely-serious question) is that you aren't drawing an accurate analogy. A better one would be if your local shop was taking copies of every receipt they gave out, and posting them somewhere while your back was turned. There are people who would doubtless consider this irrelevant (just consider the number of people using in-store loyalty cards) but there are others who would object to allowing a stranger to collect details on their shopping habits.

The key here is that people should have the right to choose and should not require technical expertise to exercise that right. Here we have a US-based company collecting data that most people would expect to be private - they are not doing this out of charity or on a whim but to make money. Their best way of doing this is to collect everything they can, mine, analyse and extrapolate until they have trends down to an individual level, then sell these on to whoever is prepared to pay (be it marketers, credit agencies, Dell or your favourite TLA agencies). As end-users, we will only see a small portion of what happens of this so we need to be ultra-conservative about what data we allow to be collected, to have any hope of being able to maintain our privacy in future.