The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.”  Comcast even blocked his communication link with a mail server he operates outside the Comcast network.  The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws.  The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies.  When Smith tried to use the privacy policies of Comcast, Microsoft, and Cisco to correct the spammer accusations the companies balked.  Comcast even told him it didn’t matter what the privacy policy said, he wasn’t getting the information.  He filed complaints with the TRUSTe organization that verifies the privacy policies of Microsoft and Comcast but that did no good.

Previous lawsuits against these “blacklists” have been brought by commercial e-mailers against organizations such as Spamhaus. In this case the accused is not a commercial e-mail, not a spammer, and has no mailing lists of any sort.  The accused has even made presentations at the Federal Trade Commission against spammers and testified at the first “Spam Summit” more than 10 years ago.

For more information see Lawsuit.Privacy.net

 Comcast to Reduce Privacy Protection of Cable Customers

Ocean City, NJ – Millions of Comcast high-speed Internet subscribers will be losing the protection of the TRUSTe privacy policy verification program in a new Comcast privacy policy set to into effect Tuesday.  This is being done as a federal lawsuit against Comcast, TRUSTe, Microsoft and Cisco winds it way through the courts.  The new policy will remove the privacy protection of Internet subscribers from the Comcast.net website policy to the to the Comcast.com policy which is not covered by TRUSTe.

The lawsuit accuses Comcast, Microsoft, and Cisco of eavesdropping on Internet communications and developing IP address “blacklists” that resulted the blocking of e-mail communications.  The suit also alleges that the companies failed to adhere to their posted privacy policies that allow consumers to review the information collected about them so they may correct errors.  The claims include allegations that TRUSTe failed to legitimately adjudicate the complaints filed against Comcast and Microsoft. 

Cisco maintains an “IP Reputation” list at SenderBase.org and Microsoft maintains several lists called “blacklist.zap” via their FrontBridge service.  Many Internet posting indicate Microsoft has been blacklisting many small mail servers such as those operated by law firms that need security and archiving.

Cisco does not participate in the TRUSTe program and claims to have different privacy policies covering their different websites.  The suit also alleges that Cisco’s IronPort service claim of operating a “credit reporting service for email” is false advertising because they do not allow users to review and correct information collected about them.

The Plaintiff in the case is Russ Smith who operates privacy-related web sites such as Privacy.net and PrivacyPolicy.com and had testified at the first Federal Trade Commission “spam summit” in 1999.  According to Smith, both Microsoft and Cisco placed IP addresses used by Smith on “blacklists” and distributed the information to third parties causing his e-mail to be blocked.  Comcast actually blocked communications between his home and a mail server he operates outside the Comcast network to avoid using Comcast’s e-mail services.

Smith, who and has never been involved in “spamming” or commercial e-mailing, was repeatedly of accused of sending spam and using his e-mail for “improper purposes.”  Smith holds a professional security certification (CISSP) and objected to be accused as a “spammer.”  Smith tried to invoke the clauses in the online privacy policies that allowed access to the information collected and allow for corrections it but the Comcast, Cisco, and Microsoft all refused.  According to Smith, Comcast security personnel actually told him they didn’t care what the privacy policy said, he wasn’t getting it.  Comcast went on to tell him that if he paid for a higher level of service, there would not be blocking.  Smith claims this is ridiculous because security issues do not depend on the level of service purchased.  Comcast has now denied Smith access to any of his account information.

Microsoft and Cisco both said they would provide the information but they never did.  Smith filed a police report for eavesdropping after Comcast and Cisco told him they monitored his communications.  Comcast eventually changed their story and tried to blame the SpamHaus.org project. 

According to Smith, the TRUSTe system is useless as it only covers specific web sites, and not a company’s overall privacy practices.  When there is a potential problem companies just change their policies so TRUSTe no longer oversees their practices.  Smith also filed a complaint at the FTC against Microsoft for claiming in official proceedings that the entire company is covered by TRUSTe when the licensing only covers some of their web sites.  The suit also alleges Microsoft is tricking consumers into believing the TRUSTe-endorsed privacy policy covers the blacklists.

Smith has also lodged complaints at the Federal Trade Commission that accuses the agency of advising Internet companies to eavesdrop on Internet communications in the name of security while, at the same time, the FCC is advising companies not to eavesdrop.  According to Smith the FTC is not providing a consistent message.  He says the FTC never suggests the phone companies should listen to phone calls to decide when there is telemarketing fraud so they should not be doing it with Internet providers.  He also says the FTC should coordinate their advice with other agencies such as the FCC.  Smith also testified at the FTC’s do-not-call forum during the development of the National Do-Not-Call Registry. 

Smith says the companies all refuse to settle the matter and are trying to bog the matter down with legal motions.  In response Smith is currently working on an amended complaint that will provide details for all the activities that led up to the suit.  A court-ordered status conference in the lawsuit is scheduled for October 15 in Federal District court in Camden, NJ (Civil Action No. 1:09-cv-04567).  For more information contact SMITH (at) HELP.ORG.

IP addresses are allocated to Internet Service providers around the world.  Users who connect to the Internet, web sites, or any computer connected to the Internet must have an address so they can receive messages. 

Is you IP address private?  The answer can be complicated.  Normally an Internet Service Provider (ISP) like AOL or Comcast has a record of all customers and what IP address was assigned.  If the information is requested by the Police or the courts it is normally available.  It depends on where you live whether this information is private.  Court cases in New Jersey say it is private, in Toronto courts say it is not.  The identity of subscriber can normally be traced back to the subscriber much like a phone number can be traced.

A user can go through a “proxy” to hide their IP address.  A proxy sits between the user and the Internet and makes all the request for the user.  This hides the user’s IP address much like a PO box hides a street address.  A proxy can also be used to circumvent web filters.

See the Privacy.net Analyzer to investigate your IP or Network-Tools.com to run tests on any IP address.

A demonstration of cookies is found at CookieDemo.com.  At that site you can place and change cookies and display custom content.

News.Privacy.net  |  Sports.Privacy.net  |  Politics.Privacy.net  |  See Your Profile

A company could track users and, if they also owned a search engine and other services where users register, an extensive profile could be developed.  The Google/Doubleclick DART cookie is one example where some of these things take place.  The information can be used to assist consumers to link up advertisers with the needs of the consumer.  The information could also be used against a person, such as part of a civil lawsuit or in a criminal prosecution.

-Checks for pop-up windows

-Shows the browser “headers” which is the hidden information your web browser sends a web site.

-Checks to see if port 80 and 16771 are open to see if your browser shows images and if you have a firewall blocking traffic on port 16771.

-Checks your web browser version and determines the capabilities from a database.

-Checks for browser plug-ins that re installed.

-Traces your IP address. 

-Determine who owns the domain associated with the IP address of your Internet connection.

-Looks up your the servers that handle mail for the domain associated with the IP address of your Internet connection.

-Determine who manages the IP address of your Internet connection.

-Lists the installed fonts on your computer.

Experian Fraud Alert 1-888-397-3742

Equifax Fraud Alert 1-800-525-6285

Trans Union Fraud Alert 1-800-680-7289

There can be many types of errors or credit reports.  Improper deliquencies can be a serious problem.  Incorrect address or other information can also lead to problems and should be corrected.  On my reports they once had the address of a creditor as one of my previous addresses.  In another case a company that used to have my PO box was associated with me on one of my reports.  Here are some tips to correcting errors:

-Obtain credit report directly from the 3 credit bureaus.  Do not depend on a combine 3-bureau report.  These reports are compiled and you may not be able to tell which bureau has which information.  Each bureau is required to send one report per year free and if any corrections are made they must send another free report each time. 

-File a dispute with the bureau that has incorrect information.   TransUnion Disputes | Equifax Disputes | Experian Disputes.  If the dispute falls into an unuusal category, such as a basd address it may take a few tries before it is fixed.  make sure to check the updated report and keep filing a dispute.

-If the dispute is not properly fixed file a complaint with the Federal Trade Commission and copy the complaint alsong with another dispute sent to the credit bureau via mail.  This often provides the extra imptus for the bureau to take a closer look.

Equifax free credit report request:  http://www.equifax.com/answers/request-free-credit-report/en_cp

Transunion Free Credit Report Request:  http://www.transunion.com/corporate/personal/creditTools/freeCreditReport.page

Experian Free Credit Report Request:  “To confirm your eligibility and request your free or discounted copy delivered by U.S. mail, please call 866 200 6020” (or pay $15 online)  http://www.experian.com/credit-reporting/check-credit-report.html.

-Do not open attachments unless you are sure it is safe.  Claims that you have a package or need to open some attached invoice are usually false.  These attachments can load software on your computer such as Key Loggers which can track every keystroke and send your passwords to criminals.  Other software can turn your computer into a spam sender or put up a web page advertised by spam (called a network robot or “botnet”).  These malicious attachements can be complicated and can sometimes avoid detection because they change so often.

-If you are sent to a suspicious web site that asks to download a “viewer” to see pictures or claims to be “scanner” for malicious software do not agree to download anything. 

-Use an e-mail system that blocks attachments before they get to you.

-Use an e-mail system that blocks out spam.  These sometimes block legitimate e-mail but systems are getting better.

-Use an e-mail system that uses “SPF” filtering to block forged e-mail.  This works by checking the domain records to make sure the mail is originating from the correct place.

-Get a domain name to use for e-mail and get a service that allows you have multiple e-mail accounts and allows you to change them.  For instance, example.com can have addy1@example.com, addy2@example.com, etc.  These addresses can be created for specific purposes and if it gets too much spam, just change the address.